@vellumai/assistant 0.3.3 → 0.3.4

package/src/memory/schema.ts

@@ -129,6 +129,7 @@ export const memoryEmbeddings = sqliteTable('memory_embeddings', {
   model: text('model').notNull(),
   dimensions: integer('dimensions').notNull(),
   vectorJson: text('vector_json').notNull(),
+  contentHash: text('content_hash'),
   createdAt: integer('created_at').notNull(),
   updatedAt: integer('updated_at').notNull(),
 });

package/src/memory/search/types.ts

@@ -94,6 +94,8 @@ export interface CollectedCandidates {
   relationNeighborEntityCount: number;
   relationExpandedItemCount: number;
   earlyTerminated: boolean;
+  /** True when semantic search was attempted but threw an error. */
+  semanticSearchFailed: boolean;
   merged: Candidate[];
 }
 

package/src/permissions/prompter.ts

@@ -10,7 +10,12 @@ import { redactSensitiveFields } from '../security/redaction.js';
 const log = getLogger('permission-prompter');
 
 interface PendingPrompt {
-  resolve: (value: { decision: UserDecision; selectedPattern?: string; selectedScope?: string }) => void;
+  resolve: (value: {
+    decision: UserDecision;
+    selectedPattern?: string;
+    selectedScope?: string;
+    decisionContext?: string;
+  }) => void;
   reject: (reason: Error) => void;
   timer: ReturnType<typeof setTimeout>;
 }
@@ -38,7 +43,12 @@ export class PermissionPrompter {
     sessionId?: string,
     executionTarget?: ExecutionTarget,
     persistentDecisionsAllowed?: boolean,
-  ): Promise<{ decision: UserDecision; selectedPattern?: string; selectedScope?: string }> {
+  ): Promise<{
+    decision: UserDecision;
+    selectedPattern?: string;
+    selectedScope?: string;
+    decisionContext?: string;
+  }> {
     const requestId = uuid();
 
     return new Promise((resolve, reject) => {
@@ -77,6 +87,7 @@ export class PermissionPrompter {
     decision: UserDecision,
     selectedPattern?: string,
     selectedScope?: string,
+    decisionContext?: string,
   ): void {
     const pending = this.pending.get(requestId);
     if (!pending) {
@@ -85,7 +96,7 @@ export class PermissionPrompter {
     }
     clearTimeout(pending.timer);
     this.pending.delete(requestId);
-    pending.resolve({ decision, selectedPattern, selectedScope });
+    pending.resolve({ decision, selectedPattern, selectedScope, decisionContext });
   }
 
   dispose(): void {

package/src/permissions/trust-store.ts

@@ -27,13 +27,17 @@ let cachedStarterBundleAccepted: boolean | null = null;
  * on every tool-call permission check.
  */
 const compiledPatterns = new Map<string, Minimatch>();
+/** Patterns that failed compilation — cached to avoid repeated attempts and log spam. */
+const invalidPatterns = new Set<string>();
 
 /** Get or compile a Minimatch object for the given pattern. Returns null if the pattern is invalid. */
 function getCompiledPattern(pattern: string): Minimatch | null {
+  if (invalidPatterns.has(pattern)) return null;
   let compiled = compiledPatterns.get(pattern);
   if (!compiled) {
     if (typeof pattern !== 'string') {
       log.warn({ pattern }, 'Cannot compile non-string pattern');
+      invalidPatterns.add(pattern as string);
       return null;
     }
     try {
@@ -41,6 +45,7 @@ function getCompiledPattern(pattern: string): Minimatch | null {
       compiledPatterns.set(pattern, compiled);
     } catch (err) {
       log.warn({ pattern, err }, 'Failed to compile pattern');
+      invalidPatterns.add(pattern);
       return null;
     }
   }
@@ -50,6 +55,7 @@ function getCompiledPattern(pattern: string): Minimatch | null {
 /** Rebuild the compiled pattern cache from the current rule set. */
 function rebuildPatternCache(rules: TrustRule[]): void {
   compiledPatterns.clear();
+  invalidPatterns.clear();
   for (const rule of rules) {
     if (typeof rule.pattern !== 'string') {
       log.warn({ ruleId: rule.id, pattern: rule.pattern }, 'Skipping rule with non-string pattern during cache rebuild');
@@ -509,6 +515,7 @@ export function clearCache(): void {
   cachedRules = null;
   cachedStarterBundleAccepted = null;
   compiledPatterns.clear();
+  invalidPatterns.clear();
 }
 
 // ─── Starter approval bundle ────────────────────────────────────────────────

package/src/runtime/channel-approvals.ts

@@ -13,6 +13,7 @@
 import { getPendingConfirmationsByConversation, getRun } from '../memory/runs-store.js';
 import type { PendingRunInfo } from '../memory/runs-store.js';
 import { addRule } from '../permissions/trust-store.js';
+import { getTool } from '../tools/registry.js';
 import type { RunOrchestrator } from './run-orchestrator.js';
 import { DEFAULT_APPROVAL_ACTIONS } from './channel-approval-types.js';
 import type {
@@ -101,11 +102,17 @@ export function handleChannelDecision(
   conversationId: string,
   decision: ApprovalDecisionResult,
   orchestrator: RunOrchestrator,
+  decisionContext?: string,
 ): HandleDecisionResult {
   const pending = getPendingConfirmationsByConversation(conversationId);
   if (pending.length === 0) return { applied: false };
 
-  const info = pending[0];
+  // Callback-based decisions include a run ID and must resolve to that exact
+  // pending confirmation. Plain-text decisions still apply to the first prompt.
+  const info = decision.runId
+    ? pending.find((candidate) => candidate.runId === decision.runId)
+    : pending[0];
+  if (!info) return { applied: false };
 
   if (decision.action === 'approve_always') {
     // Only persist a trust rule when the confirmation explicitly allows persistence
@@ -121,8 +128,13 @@ export function handleChannelDecision(
     ) {
       const pattern = confirmation.allowlistOptions[0].pattern;
       const scope = confirmation.scopeOptions[0].scope;
+      // Only persist executionTarget for skill-origin tools — core tools don't
+      // set it in their PolicyContext, so a persisted value would prevent the
+      // rule from ever matching on subsequent permission checks.
+      const tool = getTool(confirmation.toolName);
+      const executionTarget = tool?.origin === 'skill' ? confirmation.executionTarget : undefined;
       addRule(confirmation.toolName, pattern, scope, 'allow', 100, {
-        executionTarget: confirmation.executionTarget,
+        executionTarget,
       });
     }
     // When persistence is not allowed or options are missing, the decision
@@ -131,7 +143,9 @@ export function handleChannelDecision(
 
   // Map channel-level action to the permission system's UserDecision type.
   const userDecision = decision.action === 'reject' ? 'deny' as const : 'allow' as const;
-  const result = orchestrator.submitDecision(info.runId, userDecision);
+  const result = decisionContext === undefined
+    ? orchestrator.submitDecision(info.runId, userDecision)
+    : orchestrator.submitDecision(info.runId, userDecision, decisionContext);
 
   return {
     applied: result === 'applied',

package/src/runtime/gateway-client.ts

@@ -52,7 +52,8 @@ export async function deliverApprovalPrompt(
   chatId: string,
   text: string,
   approval: ApprovalUIMetadata,
+  assistantId?: string,
   bearerToken?: string,
 ): Promise<void> {
-  await deliverChannelReply(callbackUrl, { chatId, text, approval }, bearerToken);
+  await deliverChannelReply(callbackUrl, { chatId, text, approval, assistantId }, bearerToken);
 }

package/src/runtime/http-server.ts

@@ -41,7 +41,6 @@ import {
   handleChannelDeliveryAck,
   handleListDeadLetters,
   handleReplayDeadLetters,
-  isChannelApprovalsEnabled,
   startGuardianExpirySweep,
   stopGuardianExpirySweep,
 } from './routes/channel-routes.js';
@@ -414,8 +413,10 @@ export class RuntimeHttpServer {
       }, 30_000);
     }
 
-    // Start proactive guardian approval expiry sweep when approvals are enabled
-    if (isChannelApprovalsEnabled() && this.runOrchestrator) {
+    // Start proactive guardian approval expiry sweep whenever orchestrator
+    // support is available. Guardian approvals can be created even when the
+    // generic channel-approval UX flag is disabled.
+    if (this.runOrchestrator) {
       startGuardianExpirySweep(this.runOrchestrator, getGatewayBaseUrl(), this.bearerToken);
       log.info('Guardian approval expiry sweep started');
     }
@@ -939,8 +940,16 @@ export class RuntimeHttpServer {
           const externalChatId = typeof payload.externalChatId === 'string'
             ? payload.externalChatId
             : undefined;
+          const assistantId = typeof payload.assistantId === 'string'
+            ? payload.assistantId
+            : undefined;
           if (externalChatId) {
-            await this.deliverReplyViaCallback(event.conversationId, externalChatId, replyCallbackUrl);
+            await this.deliverReplyViaCallback(
+              event.conversationId,
+              externalChatId,
+              replyCallbackUrl,
+              assistantId,
+            );
           }
         }
       } catch (err) {
@@ -954,6 +963,7 @@ export class RuntimeHttpServer {
     conversationId: string,
     externalChatId: string,
     callbackUrl: string,
+    assistantId?: string,
   ): Promise<void> {
     const msgs = conversationStore.getMessages(conversationId);
     for (let i = msgs.length - 1; i >= 0; i--) {
@@ -976,6 +986,7 @@ export class RuntimeHttpServer {
             chatId: externalChatId,
             text: rendered.text || undefined,
             attachments: replyAttachments.length > 0 ? replyAttachments : undefined,
+            assistantId,
           }, this.bearerToken);
         }
         break;