@vellumai/assistant 0.3.23 → 0.3.24

package/src/daemon/handlers/config.ts

@@ -14,7 +14,6 @@
  *   config-twilio.ts      — Twilio SMS/voice configuration
  *   config-channels.ts    — Channel guardian & readiness
  *   config-tools.ts       — Env vars, tool permission simulation, tool names
- *   config-parental.ts    — Parental control PIN + content/tool restrictions
  */
 
 // Re-export individual handlers for direct import by tests and other modules
@@ -23,7 +22,6 @@ export { handleHeartbeatChecklistRead, handleHeartbeatChecklistWrite,handleHeart
 export { computeGatewayTarget, handleIngressConfig, syncTwilioWebhooks,triggerGatewayReconcile } from './config-ingress.js';
 export { handleTwitterIntegrationConfig,handleVercelApiConfig } from './config-integrations.js';
 export { handleImageGenModelSet,handleModelGet, handleModelSet } from './config-model.js';
-export { handleParentalControlGet, handleParentalControlSetPin, handleParentalControlUpdate,handleParentalControlVerifyPin } from './config-parental.js';
 export { handlePlatformConfig } from './config-platform.js';
 export { handleReminderCancel,handleRemindersList, handleScheduleRemove, handleScheduleRunNow, handleSchedulesList, handleScheduleToggle } from './config-scheduling.js';
 export { handleShareToSlack, handleSlackWebhookConfig } from './config-slack.js';
@@ -39,7 +37,6 @@ import { heartbeatHandlers } from './config-heartbeat.js';
 import { ingressHandlers } from './config-ingress.js';
 import { integrationHandlers } from './config-integrations.js';
 import { modelHandlers } from './config-model.js';
-import { parentalControlHandlers } from './config-parental.js';
 import { platformHandlers } from './config-platform.js';
 import { schedulingHandlers } from './config-scheduling.js';
 import { slackHandlers } from './config-slack.js';
@@ -61,7 +58,6 @@ export const configHandlers = {
   ...twilioHandlers,
   ...channelHandlers,
   ...toolHandlers,
-  ...parentalControlHandlers,
   ...heartbeatHandlers,
   ...voiceHandlers,
 };

package/src/daemon/handlers/navigate-settings.ts

@@ -13,7 +13,6 @@ export const SETTINGS_TABS = [
   'Wake Word',
   'Appearance',
   'Advanced',
-  'Parental',
 ] as const;
 
 export type SettingsTabId = (typeof SETTINGS_TABS)[number];

package/src/daemon/ipc-contract-inventory.json

@@ -11,7 +11,6 @@
     "_MessagesClientMessages",
     "_NotificationsClientMessages",
     "_PairingClientMessages",
-    "_ParentalControlClientMessages",
     "_SchedulesClientMessages",
     "_SessionsClientMessages",
     "_SettingsClientMessages",
@@ -36,7 +35,6 @@
     "_MessagesServerMessages",
     "_NotificationsServerMessages",
     "_PairingServerMessages",
-    "_ParentalControlServerMessages",
     "_SchedulesServerMessages",
     "_SessionsServerMessages",
     "_SettingsServerMessages",
@@ -117,10 +115,6 @@
     "oauth_connect_start",
     "open_bundle",
     "pairing_approval_response",
-    "parental_control_get",
-    "parental_control_set_pin",
-    "parental_control_update",
-    "parental_control_verify_pin",
     "ping",
     "platform_config",
     "publish_page",
@@ -281,10 +275,6 @@
     "open_bundle_response",
     "open_url",
     "pairing_approval_request",
-    "parental_control_get_response",
-    "parental_control_set_pin_response",
-    "parental_control_update_response",
-    "parental_control_verify_pin_response",
     "platform_config_response",
     "pong",
     "publish_page_response",

package/src/daemon/ipc-contract.ts

@@ -25,7 +25,6 @@ export * from './ipc-contract/memory.js';
 export * from './ipc-contract/messages.js';
 export * from './ipc-contract/notifications.js';
 export * from './ipc-contract/pairing.js';
-export * from './ipc-contract/parental-control.js';
 export * from './ipc-contract/schedules.js';
 export * from './ipc-contract/sessions.js';
 export * from './ipc-contract/settings.js';
@@ -50,7 +49,6 @@ import type { _MemoryServerMessages } from './ipc-contract/memory.js';
 import type { _MessagesClientMessages, _MessagesServerMessages } from './ipc-contract/messages.js';
 import type { _NotificationsClientMessages, _NotificationsServerMessages } from './ipc-contract/notifications.js';
 import type { _PairingClientMessages, _PairingServerMessages } from './ipc-contract/pairing.js';
-import type { _ParentalControlClientMessages, _ParentalControlServerMessages } from './ipc-contract/parental-control.js';
 import type { _SchedulesClientMessages, _SchedulesServerMessages } from './ipc-contract/schedules.js';
 import type { _SessionsClientMessages, _SessionsServerMessages } from './ipc-contract/sessions.js';
 import type { _SettingsClientMessages, _SettingsServerMessages } from './ipc-contract/settings.js';
@@ -89,7 +87,6 @@ export type ClientMessage =
   | _WorkspaceClientMessages
   | _SchedulesClientMessages
   | _DiagnosticsClientMessages
-  | _ParentalControlClientMessages
   | _InboxClientMessages
   | _PairingClientMessages
   | _NotificationsClientMessages
@@ -116,7 +113,6 @@ export type ServerMessage =
   | _SchedulesServerMessages
   | _SettingsServerMessages
   | _DiagnosticsServerMessages
-  | _ParentalControlServerMessages
   | _InboxServerMessages
   | _PairingServerMessages
   | _NotificationsServerMessages

package/src/daemon/session-process.ts

@@ -576,9 +576,9 @@ export async function processMessage(
 
           let stateApplied = true;
           if (turnResult.disposition === 'call_back' || turnResult.disposition === 'message_back') {
-            stateApplied = progressFollowupState(request.id, 'dispatching', turnResult.disposition) !== undefined;
+            stateApplied = progressFollowupState(request.id, 'dispatching', turnResult.disposition) !== null;
           } else if (turnResult.disposition === 'decline') {
-            stateApplied = finalizeFollowup(request.id, 'declined') !== undefined;
+            stateApplied = finalizeFollowup(request.id, 'declined') !== null;
           }
 
           if (!stateApplied) {

package/src/permissions/checker.ts

@@ -398,10 +398,10 @@ async function classifyRiskUncached(toolName: string, input: Record<string, unkn
       if (HIGH_RISK_PROGRAMS.has(prog)) return RiskLevel.High;
 
       if (prog === 'rm') {
-        // `rm` of known safe workspace files (no flags, bare filename) is
-        // Medium rather than High so scope-limited allow rules can approve
-        // it without needing allowHighRisk, which would bypass path checks.
-        if (isRmOfKnownSafeFile(seg.args)) {
+        // Only downgrade rm of known safe workspace files for sandboxed bash.
+        // host_bash has a global allow rule that would auto-approve Medium-risk
+        // commands, so rm on the host must always require explicit approval.
+        if (toolName === 'bash' && isRmOfKnownSafeFile(seg.args)) {
           maxRisk = RiskLevel.Medium;
           continue;
         }

package/src/runtime/routes/inbound-message-handler.ts

@@ -1087,9 +1087,9 @@ export async function handleChannelInbound(
 
           let stateApplied = true;
           if (turnResult.disposition === 'call_back' || turnResult.disposition === 'message_back') {
-            stateApplied = progressFollowupState(request.id, 'dispatching', turnResult.disposition) !== undefined;
+            stateApplied = progressFollowupState(request.id, 'dispatching', turnResult.disposition) !== null;
           } else if (turnResult.disposition === 'decline') {
-            stateApplied = finalizeFollowup(request.id, 'declined') !== undefined;
+            stateApplied = finalizeFollowup(request.id, 'declined') !== null;
           }
 
           if (!stateApplied) {

package/src/runtime/routes/ingress-routes.ts

@@ -93,8 +93,13 @@ export async function handleRevokeMember(req: Request, memberId: string): Promis
  * POST /v1/ingress/members/:id/block
  */
 export async function handleBlockMember(req: Request, memberId: string): Promise<Response> {
-  const body = (await req.json()) as Record<string, unknown>;
-  const reason = body.reason as string | undefined;
+  let reason: string | undefined;
+  try {
+    const body = (await req.json()) as Record<string, unknown>;
+    reason = body.reason as string | undefined;
+  } catch {
+    // Body is optional — callers may omit it entirely
+  }
 
   const result = blockIngressMember(memberId, reason);
 

package/src/tools/executor.ts

@@ -56,8 +56,8 @@ export class ToolExecutor {
       startedAtMs: startTime,
     });
 
-    // Run pre-execution approval gates (abort, parental controls, guardian
-    // policy, allowed-tool-set, task-run preflight, tool registry lookup).
+    // Run pre-execution approval gates (abort, guardian policy,
+    // allowed-tool-set, task-run preflight, tool registry lookup).
     const gateResult = await this.approvalHandler.checkPreExecutionGates(
       name, input, context, executionTarget, riskLevel, startTime,
       (event) => emitLifecycleEvent(context, event),

package/src/tools/system/navigate-settings.ts

@@ -8,7 +8,6 @@ const SETTINGS_TABS = [
   'Trust',
   'Model',
   'Scheduling',
-  'Parental',
 ] as const;
 
 type SettingsTab = (typeof SETTINGS_TABS)[number];

package/src/tools/tool-approval-handler.ts

@@ -1,5 +1,4 @@
 import { consumeGrantForInvocation } from '../approvals/approval-primitive.js';
-import { isToolBlocked } from '../security/parental-control-store.js';
 import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { getTaskRunRules } from '../tasks/ephemeral-permissions.js';
 import { getLogger } from '../util/logger.js';
@@ -40,8 +39,8 @@ export type PreExecutionGateResult =
   | { allowed: false; result: ToolExecutionResult };
 
 /**
- * Handles pre-execution approval gates: abort checks, parental controls,
- * guardian policy, allowed-tool-set gating, and task-run preflight checks.
+ * Handles pre-execution approval gates: abort checks, guardian policy,
+ * allowed-tool-set gating, and task-run preflight checks.
  * These run before the interactive permission prompt flow.
  */
 export class ToolApprovalHandler {
@@ -81,36 +80,6 @@ export class ToolApprovalHandler {
       return { allowed: false, result: { content: 'Cancelled', isError: true } };
     }
 
-    // Reject tools blocked by parental control settings before any permission check.
-    if (isToolBlocked(name)) {
-      log.warn(
-        {
-          toolName: name,
-          sessionId: context.sessionId,
-          conversationId: context.conversationId,
-          principal: context.principal,
-          reason: 'blocked_by_parental_controls',
-        },
-        'Parental control blocked tool invocation',
-      );
-      const durationMs = Date.now() - startTime;
-      emitLifecycleEvent({
-        type: 'permission_denied',
-        toolName: name,
-        executionTarget,
-        input,
-        workingDir: context.workingDir,
-        sessionId: context.sessionId,
-        conversationId: context.conversationId,
-        requestId: context.requestId,
-        riskLevel,
-        decision: 'deny',
-        reason: 'Blocked by parental control settings',
-        durationMs,
-      });
-      return { allowed: false, result: { content: 'This tool is blocked by parental control settings.', isError: true } };
-    }
-
     // Reject tool invocations targeting guardian control-plane endpoints from non-guardian actors.
     const guardianCheck = enforceGuardianOnlyPolicy(name, input, context.guardianActorRole);
     if (guardianCheck.denied) {

package/src/daemon/handlers/config-parental.ts

@@ -1,164 +0,0 @@
-import * as net from 'node:net';
-
-import {
-  clearPIN,
-  getParentalControlSettings,
-  hasPIN,
-  setPIN,
-  updateParentalControlSettings,
-  verifyPIN,
-} from '../../security/parental-control-store.js';
-import { getLogger } from '../../util/logger.js';
-import type {
-  ParentalControlGetRequest,
-  ParentalControlSetPinRequest,
-  ParentalControlUpdateRequest,
-  ParentalControlVerifyPinRequest,
-} from '../ipc-protocol.js';
-import { defineHandlers, type HandlerContext } from './shared.js';
-
-const log = getLogger('parental-control');
-
-function sendGetResponse(socket: net.Socket, ctx: HandlerContext): void {
-  const settings = getParentalControlSettings();
-  ctx.send(socket, {
-    type: 'parental_control_get_response',
-    enabled: settings.enabled,
-    has_pin: hasPIN(),
-    content_restrictions: settings.contentRestrictions,
-    blocked_tool_categories: settings.blockedToolCategories,
-  });
-}
-
-export function handleParentalControlGet(
-  _msg: ParentalControlGetRequest,
-  socket: net.Socket,
-  ctx: HandlerContext,
-): void {
-  sendGetResponse(socket, ctx);
-}
-
-export function handleParentalControlVerifyPin(
-  msg: ParentalControlVerifyPinRequest,
-  socket: net.Socket,
-  ctx: HandlerContext,
-): void {
-  const verified = verifyPIN(msg.pin);
-  ctx.send(socket, {
-    type: 'parental_control_verify_pin_response',
-    verified,
-  });
-}
-
-export function handleParentalControlSetPin(
-  msg: ParentalControlSetPinRequest,
-  socket: net.Socket,
-  ctx: HandlerContext,
-): void {
-  try {
-    const pinExists = hasPIN();
-
-    if (msg.clear) {
-      // Clearing the PIN — must verify current PIN first
-      if (pinExists) {
-        if (!msg.current_pin || !verifyPIN(msg.current_pin)) {
-          ctx.send(socket, {
-            type: 'parental_control_set_pin_response',
-            success: false,
-            error: 'Current PIN is incorrect',
-          });
-          return;
-        }
-      }
-      clearPIN();
-      ctx.send(socket, {
-        type: 'parental_control_set_pin_response',
-        success: true,
-      });
-      return;
-    }
-
-    if (!msg.new_pin) {
-      ctx.send(socket, {
-        type: 'parental_control_set_pin_response',
-        success: false,
-        error: 'new_pin is required',
-      });
-      return;
-    }
-
-    if (pinExists) {
-      // Changing existing PIN — must verify current PIN first
-      if (!msg.current_pin || !verifyPIN(msg.current_pin)) {
-        ctx.send(socket, {
-          type: 'parental_control_set_pin_response',
-          success: false,
-          error: 'Current PIN is incorrect',
-        });
-        return;
-      }
-    }
-
-    setPIN(msg.new_pin);
-    ctx.send(socket, {
-      type: 'parental_control_set_pin_response',
-      success: true,
-    });
-  } catch (err) {
-    log.error({ err }, 'Failed to set parental control PIN');
-    ctx.send(socket, {
-      type: 'parental_control_set_pin_response',
-      success: false,
-      error: err instanceof Error ? err.message : 'Internal error',
-    });
-  }
-}
-
-export function handleParentalControlUpdate(
-  msg: ParentalControlUpdateRequest,
-  socket: net.Socket,
-  ctx: HandlerContext,
-): void {
-  const settings = getParentalControlSettings();
-  const pinExists = hasPIN();
-
-  // Require PIN verification when parental mode is already enabled
-  if (settings.enabled && pinExists) {
-    if (!msg.pin || !verifyPIN(msg.pin)) {
-      ctx.send(socket, {
-        type: 'parental_control_update_response',
-        success: false,
-        error: 'PIN required to change parental control settings',
-        enabled: settings.enabled,
-        has_pin: pinExists,
-        content_restrictions: settings.contentRestrictions,
-        blocked_tool_categories: settings.blockedToolCategories,
-      });
-      return;
-    }
-  }
-
-  const updated = updateParentalControlSettings({
-    enabled: msg.enabled,
-    contentRestrictions: msg.content_restrictions,
-    blockedToolCategories: msg.blocked_tool_categories,
-  });
-
-  log.info({ enabled: updated.enabled }, 'Parental control settings updated');
-
-  ctx.send(socket, {
-    type: 'parental_control_update_response',
-    success: true,
-    enabled: updated.enabled,
-    has_pin: hasPIN(),
-    content_restrictions: updated.contentRestrictions,
-    blocked_tool_categories: updated.blockedToolCategories,
-  });
-}
-
-export const parentalControlHandlers = defineHandlers({
-  parental_control_get: handleParentalControlGet,
-  parental_control_verify_pin: handleParentalControlVerifyPin,
-  parental_control_set_pin: handleParentalControlSetPin,
-  parental_control_update: handleParentalControlUpdate,
-});

package/src/daemon/ipc-contract/parental-control.ts

@@ -1,109 +0,0 @@
-// Parental control IPC types.
-//
-// The parental control system lets a parent or guardian lock the assistant
-// behind a 6-digit PIN and configure per-topic content restrictions and
-// per-category tool blocks. All mutating operations require the PIN when
-// one has been set.
-
-// === Shared data types ===
-
-/**
- * Topics that can be individually blocked.
- * All unlisted topics are allowed.
- */
-export type ParentalContentTopic =
-  | 'violence'
-  | 'adult_content'
-  | 'political'
-  | 'gambling'
-  | 'drugs';
-
-/**
- * Broad tool categories that can be disabled for age-appropriate use.
- * When a category is blocked, individual tool invocations within that
- * category are rejected before the permission pipeline runs.
- */
-export type ParentalToolCategory =
-  | 'computer_use'
-  | 'network'
-  | 'shell'
-  | 'file_write';
-
-// === Client → Server ===
-
-/** Retrieve the current parental control settings and PIN status. */
-export interface ParentalControlGetRequest {
-  type: 'parental_control_get';
-}
-
-/** Verify a PIN attempt without changing any state. Useful to gate an unlock-settings flow before showing the full panel. */
-export interface ParentalControlVerifyPinRequest {
-  type: 'parental_control_verify_pin';
-  pin: string;
-}
-
-/** Set, change, or clear the parental control PIN. To set for the first time provide only new_pin. To change provide current_pin and new_pin. To clear provide current_pin and set clear:true. */
-export interface ParentalControlSetPinRequest {
-  type: 'parental_control_set_pin';
-  current_pin?: string;
-  new_pin?: string;
-  clear?: boolean;
-}
-
-/** Update parental control settings. Requires the PIN when parental mode is already enabled. */
-export interface ParentalControlUpdateRequest {
-  type: 'parental_control_update';
-  /** Current PIN — required when parental mode is already enabled. */
-  pin?: string;
-  /** Enable or disable parental control mode. */
-  enabled?: boolean;
-  /** Full replacement list of blocked content topics. */
-  content_restrictions?: ParentalContentTopic[];
-  /** Full replacement list of blocked tool categories. */
-  blocked_tool_categories?: ParentalToolCategory[];
-}
-
-// === Server → Client ===
-
-export interface ParentalControlGetResponse {
-  type: 'parental_control_get_response';
-  enabled: boolean;
-  has_pin: boolean;
-  content_restrictions: ParentalContentTopic[];
-  blocked_tool_categories: ParentalToolCategory[];
-}
-
-export interface ParentalControlVerifyPinResponse {
-  type: 'parental_control_verify_pin_response';
-  verified: boolean;
-}
-
-export interface ParentalControlSetPinResponse {
-  type: 'parental_control_set_pin_response';
-  success: boolean;
-  error?: string;
-}
-
-export interface ParentalControlUpdateResponse {
-  type: 'parental_control_update_response';
-  success: boolean;
-  error?: string;
-  enabled: boolean;
-  has_pin: boolean;
-  content_restrictions: ParentalContentTopic[];
-  blocked_tool_categories: ParentalToolCategory[];
-}
-
-// --- Domain-level union aliases (consumed by the barrel file) ---
-
-export type _ParentalControlClientMessages =
-  | ParentalControlGetRequest
-  | ParentalControlVerifyPinRequest
-  | ParentalControlSetPinRequest
-  | ParentalControlUpdateRequest;
-
-export type _ParentalControlServerMessages =
-  | ParentalControlGetResponse
-  | ParentalControlVerifyPinResponse
-  | ParentalControlSetPinResponse
-  | ParentalControlUpdateResponse;