npm - @vellumai/assistant - Versions diffs - 0.3.26 → 0.3.28 - Mend

@vellumai/assistant 0.3.26 → 0.3.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/ARCHITECTURE.md +48 -1
package/Dockerfile +2 -2
package/package.json +1 -1
package/scripts/ipc/generate-swift.ts +6 -2
package/src/__tests__/agent-loop.test.ts +119 -0
package/src/__tests__/bundled-asset.test.ts +107 -0
package/src/__tests__/canonical-guardian-store.test.ts +636 -0
package/src/__tests__/channel-approval-routes.test.ts +174 -1
package/src/__tests__/emit-signal-routing-intent.test.ts +43 -1
package/src/__tests__/guardian-actions-endpoint.test.ts +205 -345
package/src/__tests__/guardian-decision-primitive-canonical.test.ts +599 -0
package/src/__tests__/guardian-dispatch.test.ts +19 -19
package/src/__tests__/guardian-routing-invariants.test.ts +954 -0
package/src/__tests__/mcp-cli.test.ts +77 -0
package/src/__tests__/non-member-access-request.test.ts +31 -29
package/src/__tests__/notification-decision-fallback.test.ts +61 -3
package/src/__tests__/notification-decision-strategy.test.ts +17 -0
package/src/__tests__/notification-guardian-path.test.ts +13 -15
package/src/__tests__/onboarding-template-contract.test.ts +116 -21
package/src/__tests__/secret-scanner-executor.test.ts +59 -0
package/src/__tests__/secret-scanner.test.ts +8 -0
package/src/__tests__/sensitive-output-placeholders.test.ts +208 -0
package/src/__tests__/session-runtime-assembly.test.ts +76 -47
package/src/__tests__/tool-grant-request-escalation.test.ts +497 -0
package/src/agent/loop.ts +46 -3
package/src/approvals/guardian-decision-primitive.ts +285 -0
package/src/approvals/guardian-request-resolvers.ts +539 -0
package/src/calls/guardian-dispatch.ts +46 -40
package/src/calls/relay-server.ts +147 -2
package/src/calls/types.ts +1 -1
package/src/config/system-prompt.ts +2 -1
package/src/config/templates/BOOTSTRAP.md +47 -31
package/src/config/templates/USER.md +5 -0
package/src/config/update-bulletin-template-path.ts +4 -1
package/src/config/vellum-skills/trusted-contacts/SKILL.md +22 -17
package/src/daemon/handlers/guardian-actions.ts +45 -66
package/src/daemon/ipc-contract/guardian-actions.ts +7 -0
package/src/daemon/lifecycle.ts +3 -16
package/src/daemon/server.ts +18 -0
package/src/daemon/session-agent-loop-handlers.ts +5 -4
package/src/daemon/session-agent-loop.ts +32 -5
package/src/daemon/session-process.ts +68 -307
package/src/daemon/session-runtime-assembly.ts +112 -24
package/src/daemon/session-tool-setup.ts +1 -0
package/src/daemon/session.ts +1 -0
package/src/home-base/prebuilt/seed.ts +2 -1
package/src/hooks/templates.ts +2 -1
package/src/memory/canonical-guardian-store.ts +524 -0
package/src/memory/channel-guardian-store.ts +1 -0
package/src/memory/db-init.ts +16 -0
package/src/memory/guardian-action-store.ts +7 -60
package/src/memory/guardian-approvals.ts +9 -4
package/src/memory/migrations/036-normalize-phone-identities.ts +289 -0
package/src/memory/migrations/118-reminder-routing-intent.ts +3 -3
package/src/memory/migrations/121-canonical-guardian-requests.ts +59 -0
package/src/memory/migrations/122-canonical-guardian-requester-chat-id.ts +15 -0
package/src/memory/migrations/123-canonical-guardian-deliveries-destination-index.ts +15 -0
package/src/memory/migrations/index.ts +4 -0
package/src/memory/migrations/registry.ts +5 -0
package/src/memory/schema-migration.ts +1 -0
package/src/memory/schema.ts +52 -0
package/src/notifications/copy-composer.ts +16 -4
package/src/notifications/decision-engine.ts +57 -0
package/src/permissions/defaults.ts +2 -0
package/src/runtime/access-request-helper.ts +137 -0
package/src/runtime/actor-trust-resolver.ts +225 -0
package/src/runtime/channel-guardian-service.ts +12 -4
package/src/runtime/guardian-context-resolver.ts +32 -7
package/src/runtime/guardian-decision-types.ts +6 -0
package/src/runtime/guardian-reply-router.ts +687 -0
package/src/runtime/http-server.ts +8 -0
package/src/runtime/routes/canonical-guardian-expiry-sweep.ts +116 -0
package/src/runtime/routes/conversation-routes.ts +18 -0
package/src/runtime/routes/guardian-action-routes.ts +100 -109
package/src/runtime/routes/inbound-message-handler.ts +170 -525
package/src/runtime/tool-grant-request-helper.ts +195 -0
package/src/tools/executor.ts +13 -1
package/src/tools/sensitive-output-placeholders.ts +203 -0
package/src/tools/tool-approval-handler.ts +44 -1
package/src/tools/types.ts +11 -0
package/src/util/bundled-asset.ts +31 -0
package/src/util/canonicalize-identity.ts +52 -0

package/src/daemon/handlers/guardian-actions.ts CHANGED Viewed

@@ -1,9 +1,8 @@
-import { applyGuardianDecision } from '../../approvals/guardian-decision-primitive.js';
-import { getPendingApprovalForRequest } from '../../memory/channel-guardian-store.js';
+import {
+  applyCanonicalGuardianDecision,
+} from '../../approvals/guardian-decision-primitive.js';
+import { getCanonicalGuardianRequest } from '../../memory/canonical-guardian-store.js';
 import type { ApprovalAction } from '../../runtime/channel-approval-types.js';
-import { handleChannelDecision } from '../../runtime/channel-approvals.js';
-import * as pendingInteractions from '../../runtime/pending-interactions.js';
-import { handleAccessRequestDecision } from '../../runtime/routes/access-request-decision.js';
 import { listGuardianDecisionPrompts } from '../../runtime/routes/guardian-action-routes.js';
 import type { GuardianActionDecision, GuardianActionsPendingRequest } from '../ipc-protocol.js';
 import { defineHandlers, log } from './shared.js';
@@ -16,7 +15,8 @@ export const guardianActionsHandlers = defineHandlers({
     ctx.send(socket, { type: 'guardian_actions_pending_response', conversationId: msg.conversationId, prompts });
   },
-  guardian_action_decision: (msg: GuardianActionDecision, socket, ctx) => {
+  guardian_action_decision: async (msg: GuardianActionDecision, socket, ctx) => {
+    try {
     // Validate the action is one of the known actions
     if (!VALID_ACTIONS.has(msg.action)) {
       log.warn({ requestId: msg.requestId, action: msg.action }, 'Invalid guardian action');
@@ -29,92 +29,71 @@ export const guardianActionsHandlers = defineHandlers({
       return;
     }
-    // Try the channel guardian approval store first (tool approval prompts)
-    const approval = getPendingApprovalForRequest(msg.requestId);
-    if (approval) {
-      // Enforce conversationId scoping when provided.
-      if (msg.conversationId && msg.conversationId !== approval.conversationId) {
-        log.warn({ requestId: msg.requestId, expected: approval.conversationId, got: msg.conversationId }, 'conversationId mismatch');
+    // Verify conversationId scoping before applying the canonical decision.
+    // A caller must not be able to cross-resolve requests from a different conversation.
+    if (msg.conversationId) {
+      const canonicalRequest = getCanonicalGuardianRequest(msg.requestId);
+      if (canonicalRequest && canonicalRequest.conversationId && canonicalRequest.conversationId !== msg.conversationId) {
+        log.warn({ requestId: msg.requestId, expected: canonicalRequest.conversationId, got: msg.conversationId }, 'conversationId mismatch');
         ctx.send(socket, {
           type: 'guardian_action_decision_response',
           applied: false,
-          reason: 'conversation_mismatch',
+          reason: 'not_found',
           requestId: msg.requestId,
         });
         return;
       }
-      // Access request approvals need a separate decision path — they don't have
-      // pending interactions and use verification sessions instead.
-      if (approval.toolName === 'ingress_access_request') {
-        const mappedAction = msg.action === 'reject' ? 'deny' as const : 'approve' as const;
-        // Use 'desktop' as the actor identity because this endpoint is
-        // unauthenticated — we cannot verify the caller is the assigned
-        // guardian, so we record a generic desktop origin instead of
-        // falsely attributing the decision to guardianExternalUserId.
-        const decisionResult = handleAccessRequestDecision(
-          approval,
-          mappedAction,
-          'desktop',
-        );
-        ctx.send(socket, {
-          type: 'guardian_action_decision_response',
-          applied: decisionResult.type !== 'stale',
-          requestId: msg.requestId,
-          reason: decisionResult.type === 'stale' ? 'stale' : undefined,
-        });
-        return;
-      }
-      const result = applyGuardianDecision({
-        approval,
-        decision: { action: msg.action as 'approve_once' | 'approve_always' | 'reject', source: 'plain_text', requestId: msg.requestId },
-        actorExternalUserId: undefined,
-        actorChannel: 'vellum',
-      });
-      ctx.send(socket, {
-        type: 'guardian_action_decision_response',
-        applied: result.applied,
-        reason: result.reason,
-        requestId: result.requestId ?? msg.requestId,
-      });
-      return;
     }
-    // Fall back to the pending interactions tracker (direct confirmation requests).
-    // Route through handleChannelDecision so approve_always properly persists trust rules.
-    const interaction = pendingInteractions.get(msg.requestId);
-    if (interaction) {
-      // Enforce conversationId scoping when provided.
-      if (msg.conversationId && msg.conversationId !== interaction.conversationId) {
-        log.warn({ requestId: msg.requestId, expected: interaction.conversationId, got: msg.conversationId }, 'conversationId mismatch');
+    const canonicalResult = await applyCanonicalGuardianDecision({
+      requestId: msg.requestId,
+      action: msg.action as ApprovalAction,
+      actorContext: {
+        externalUserId: undefined,
+        channel: 'vellum',
+        isTrusted: true,
+      },
+      userText: undefined,
+    });
+    if (canonicalResult.applied) {
+      // When the CAS committed but the resolver failed, the side effect
+      // (e.g. minting a verification session) did not happen. From the
+      // caller's perspective the decision was not truly applied.
+      if (canonicalResult.resolverFailed) {
         ctx.send(socket, {
           type: 'guardian_action_decision_response',
           applied: false,
-          reason: 'conversation_mismatch',
-          requestId: msg.requestId,
+          reason: 'resolver_failed',
+          resolverFailureReason: canonicalResult.resolverFailureReason,
+          requestId: canonicalResult.requestId,
         });
         return;
       }
-      const result = handleChannelDecision(
-        interaction.conversationId,
-        { action: msg.action as ApprovalAction, source: 'plain_text', requestId: msg.requestId },
-      );
       ctx.send(socket, {
         type: 'guardian_action_decision_response',
-        applied: result.applied,
-        requestId: result.requestId ?? msg.requestId,
+        applied: true,
+        requestId: canonicalResult.requestId,
       });
       return;
     }
-    log.warn({ requestId: msg.requestId }, 'No pending guardian action found for requestId');
+    // Return the reason for failure (stale, expired, not_found, etc.)
     ctx.send(socket, {
       type: 'guardian_action_decision_response',
       applied: false,
-      reason: 'not_found',
+      reason: canonicalResult.reason,
       requestId: msg.requestId,
     });
+    } catch (err) {
+      log.error({ err, requestId: msg.requestId }, 'guardian_action_decision: unhandled error');
+      ctx.send(socket, {
+        type: 'guardian_action_decision_response',
+        applied: false,
+        reason: 'internal_error',
+        requestId: msg.requestId,
+      });
+    }
   },
 });

package/src/daemon/ipc-contract/guardian-actions.ts CHANGED Viewed

@@ -31,6 +31,12 @@ export interface GuardianActionsPendingResponse {
     expiresAt: number;
     conversationId: string;
     callSessionId: string | null;
+    /**
+     * Canonical request kind (e.g. 'tool_approval', 'pending_question').
+     * Present when the prompt originates from the canonical guardian request
+     * store. Absent for legacy-only prompts.
+     */
+    kind?: string;
   }>;
 }
@@ -38,6 +44,7 @@ export interface GuardianActionDecisionResponse {
   type: 'guardian_action_decision_response';
   applied: boolean;
   reason?: string;
+  resolverFailureReason?: string;
   requestId?: string;
   userText?: string;
 }

package/src/daemon/lifecycle.ts CHANGED Viewed

@@ -59,7 +59,6 @@ import type { ServerMessage } from './ipc-protocol.js';
 import { initializeProvidersAndTools, registerMessagingProviders,registerWatcherProviders } from './providers-setup.js';
 import { seedInterfaceFiles } from './seed-files.js';
 import { DaemonServer } from './server.js';
-import { setApprovalConversationGenerator, setGuardianActionCopyGenerator, setGuardianFollowUpConversationGenerator } from './session-process.js';
 import { initSlashPairingContext } from './session-slash.js';
 import { installShutdownHandlers } from './shutdown-handlers.js';
@@ -320,21 +319,9 @@ export async function runDaemon(): Promise<void> {
         server.persistAndProcessMessage(conversationId, content, attachmentIds, options, sourceChannel, sourceInterface),
       interfacesDir: getInterfacesDir(),
       approvalCopyGenerator: createApprovalCopyGenerator(),
-      approvalConversationGenerator: (() => {
-        const gen = createApprovalConversationGenerator();
-        setApprovalConversationGenerator(gen);
-        return gen;
-      })(),
-      guardianActionCopyGenerator: (() => {
-        const gen = createGuardianActionCopyGenerator();
-        setGuardianActionCopyGenerator(gen);
-        return gen;
-      })(),
-      guardianFollowUpConversationGenerator: (() => {
-        const gen = createGuardianFollowUpConversationGenerator();
-        setGuardianFollowUpConversationGenerator(gen);
-        return gen;
-      })(),
+      approvalConversationGenerator: createApprovalConversationGenerator(),
+      guardianActionCopyGenerator: createGuardianActionCopyGenerator(),
+      guardianFollowUpConversationGenerator: createGuardianFollowUpConversationGenerator(),
       sendMessageDeps: {
         getOrCreateSession: (conversationId) =>
           server.getSessionForMessages(conversationId),

package/src/daemon/server.ts CHANGED Viewed

@@ -10,6 +10,10 @@ import { buildSystemPrompt } from '../config/system-prompt.js';
 import type { HeartbeatService } from '../heartbeat/heartbeat-service.js';
 import { bootstrapHomeBaseAppLink } from '../home-base/bootstrap.js';
 import * as attachmentsStore from '../memory/attachments-store.js';
+import {
+  createCanonicalGuardianRequest,
+  generateCanonicalRequestCode,
+} from '../memory/canonical-guardian-store.js';
 import * as conversationStore from '../memory/conversation-store.js';
 import { provenanceFromGuardianContext } from '../memory/conversation-store.js';
 import { RateLimitProvider } from '../providers/ratelimit.js';
@@ -114,6 +118,20 @@ function makePendingInteractionRegistrar(
           persistentDecisionsAllowed: msg.persistentDecisionsAllowed,
         },
       });
+      // Create a canonical guardian request so IPC/HTTP handlers can find it
+      // via applyCanonicalGuardianDecision.
+      createCanonicalGuardianRequest({
+        id: msg.requestId,
+        kind: 'tool_approval',
+        sourceType: 'desktop',
+        sourceChannel: 'vellum',
+        conversationId,
+        toolName: msg.toolName,
+        status: 'pending',
+        requestCode: generateCanonicalRequestCode(),
+        expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+      });
     } else if (msg.type === 'secret_request') {
       pendingInteractions.register(msg.requestId, {
         session,

package/src/daemon/session-agent-loop-handlers.ts CHANGED Viewed

@@ -330,6 +330,7 @@ export async function handleMessageComplete(
   // Clean assistant content and accumulate directives
   const { cleanedContent, directives: msgDirectives, warnings: msgWarnings } =
     cleanAssistantContent(event.message.content);
+  const cleanedBlocks = cleanedContent as ContentBlock[];
   state.accumulatedDirectives.push(...msgDirectives);
   state.directiveWarnings.push(...msgWarnings);
   if (msgDirectives.length > 0) {
@@ -340,7 +341,7 @@ export async function handleMessageComplete(
   }
   // Build content with UI surfaces
-  const contentWithSurfaces: ContentBlock[] = [...cleanedContent as ContentBlock[]];
+  const contentWithSurfaces: ContentBlock[] = [...cleanedBlocks];
   for (const surface of deps.ctx.currentTurnSurfaces) {
     contentWithSurfaces.push({
       type: 'ui_surface',
@@ -371,9 +372,9 @@ export async function handleMessageComplete(
   deps.ctx.currentTurnSurfaces = [];
   // Emit trace event
-  const charCount = cleanedContent
-    .filter((b) => (b as Record<string, unknown>).type === 'text')
-    .reduce((sum: number, b) => sum + ((b as { text?: string }).text?.length ?? 0), 0);
+  const charCount = cleanedBlocks
+    .filter((b): b is Extract<ContentBlock, { type: 'text' }> => b.type === 'text')
+    .reduce((sum, b) => sum + b.text.length, 0);
   const toolUseCount = event.message.content
     .filter((b) => b.type === 'tool_use')
     .length;

package/src/daemon/session-agent-loop.ts CHANGED Viewed

@@ -25,6 +25,7 @@ import { stripMemoryRecallMessages } from '../memory/retriever.js';
 import type { PermissionPrompter } from '../permissions/prompter.js';
 import type { ContentBlock,Message } from '../providers/types.js';
 import type { Provider } from '../providers/types.js';
+import { resolveActorTrust } from '../runtime/actor-trust-resolver.js';
 import type { UsageActor } from '../usage/actors.js';
 import { getLogger } from '../util/logger.js';
 import { truncate } from '../util/truncate.js';
@@ -55,9 +56,11 @@ import { raceWithTimeout,stripMediaPayloadsForRetry } from './session-media-retr
 import { prepareMemoryContext } from './session-memory.js';
 import type { MessageQueue } from './session-queue-manager.js';
 import type { QueueDrainReason } from './session-queue-manager.js';
-import type { ActiveSurfaceContext, ChannelCapabilities, ChannelTurnContextParams, GuardianRuntimeContext,InterfaceTurnContextParams } from './session-runtime-assembly.js';
+import type { ActiveSurfaceContext, ChannelCapabilities, ChannelTurnContextParams, GuardianRuntimeContext, InboundActorContext, InterfaceTurnContextParams } from './session-runtime-assembly.js';
 import {
   applyRuntimeInjections,
+  inboundActorContextFromGuardian,
+  inboundActorContextFromTrust,
   stripInjectedContext,
 } from './session-runtime-assembly.js';
 import type { SkillProjectionCache } from './session-skill-tools.js';
@@ -102,6 +105,7 @@ export interface AgentLoopSessionContext {
   channelCapabilities?: ChannelCapabilities;
   commandIntent?: { type: string; payload?: string; languageCode?: string };
   guardianContext?: GuardianRuntimeContext;
+  assistantId?: string;
   voiceCallControlPrompt?: string;
   readonly coreToolNames: Set<string>;
@@ -349,6 +353,28 @@ export async function runAgentLoopImpl(
       conversationOriginInterface: getConversationOriginInterface(ctx.conversationId),
     };
+    // Resolve the inbound actor context for the model's <inbound_actor_context>
+    // block. When the session carries enough identity info, use the unified
+    // actor trust resolver so trusted_contact classifications propagate
+    // correctly (the legacy guardian-context path collapses non-guardian to
+    // 'unknown'). The guardian context is still used for policy gating — only
+    // the model context block uses the trust-resolved output.
+    let resolvedInboundActorContext: InboundActorContext | null = null;
+    if (ctx.guardianContext) {
+      const gc = ctx.guardianContext;
+      if (gc.requesterExternalUserId && gc.requesterChatId) {
+        const actorTrust = resolveActorTrust({
+          assistantId: ctx.assistantId ?? 'self',
+          sourceChannel: gc.sourceChannel,
+          externalChatId: gc.requesterChatId,
+          senderExternalUserId: gc.requesterExternalUserId,
+        });
+        resolvedInboundActorContext = inboundActorContextFromTrust(actorTrust);
+      } else {
+        resolvedInboundActorContext = inboundActorContextFromGuardian(gc);
+      }
+    }
     const isInteractiveResolved = options?.isInteractive ?? (!ctx.hasNoClient && !ctx.headlessLock);
     runMessages = applyRuntimeInjections(runMessages, {
       softConflictInstruction,
@@ -358,7 +384,7 @@ export async function runAgentLoopImpl(
       channelCommandContext: ctx.commandIntent ?? null,
       channelTurnContext,
       interfaceTurnContext,
-      guardianContext: ctx.guardianContext ?? null,
+      inboundActorContext: resolvedInboundActorContext,
       temporalContext,
       voiceCallControlPrompt: ctx.voiceCallControlPrompt ?? null,
       isNonInteractive: !isInteractiveResolved,
@@ -477,7 +503,7 @@ export async function runAgentLoopImpl(
           channelCommandContext: ctx.commandIntent ?? null,
           channelTurnContext,
           interfaceTurnContext,
-          guardianContext: ctx.guardianContext ?? null,
+          inboundActorContext: resolvedInboundActorContext,
           temporalContext,
           voiceCallControlPrompt: ctx.voiceCallControlPrompt ?? null,
           isNonInteractive: !isInteractiveResolved,
@@ -515,7 +541,7 @@ export async function runAgentLoopImpl(
             channelCommandContext: ctx.commandIntent ?? null,
             channelTurnContext,
             interfaceTurnContext,
-            guardianContext: ctx.guardianContext ?? null,
+            inboundActorContext: resolvedInboundActorContext,
             temporalContext,
             voiceCallControlPrompt: ctx.voiceCallControlPrompt ?? null,
             isNonInteractive: !isInteractiveResolved,
@@ -604,7 +630,8 @@ export async function runAgentLoopImpl(
     const newMessages = updatedHistory.slice(preRunHistoryLength).map((msg) => {
       if (msg.role !== 'assistant') return msg;
       const { cleanedContent } = cleanAssistantContent(msg.content);
-      return { ...msg, content: cleanedContent as ContentBlock[] };
+      const cleanedBlocks = cleanedContent as ContentBlock[];
+      return { ...msg, content: cleanedBlocks };
     });
     const hasAssistantResponse = newMessages.some((msg) => msg.role === 'assistant');