@vellumai/assistant 0.4.0 → 0.4.2

package/src/runtime/routes/conversation-routes.ts

@@ -4,6 +4,7 @@
 import { existsSync, readdirSync, statSync } from 'node:fs';
 import { join, relative } from 'node:path';
 
+import { createAssistantMessage, createUserMessage } from '../../agent/message-types.js';
 import { CHANNEL_IDS, INTERFACE_IDS, parseChannelId, parseInterfaceId } from '../../channels/types.js';
 import { mergeToolResults,renderHistoryContent } from '../../daemon/handlers.js';
 import type { ServerMessage } from '../../daemon/ipc-protocol.js';
@@ -11,6 +12,8 @@ import * as attachmentsStore from '../../memory/attachments-store.js';
 import {
   createCanonicalGuardianRequest,
   generateCanonicalRequestCode,
+  listCanonicalGuardianRequests,
+  listPendingCanonicalGuardianRequestsByDestinationConversation,
 } from '../../memory/canonical-guardian-store.js';
 import {
   getConversationByKey,
@@ -21,8 +24,10 @@ import { getConfiguredProvider } from '../../providers/provider-send-message.js'
 import type { Provider } from '../../providers/types.js';
 import { getLogger } from '../../util/logger.js';
 import { buildAssistantEvent } from '../assistant-event.js';
+import { routeGuardianReply } from '../guardian-reply-router.js';
 import { httpError } from '../http-errors.js';
 import type {
+  ApprovalConversationGenerator,
   MessageProcessor,
   NonBlockingMessageProcessor,
   RuntimeAttachmentMetadata,
@@ -35,6 +40,156 @@ const log = getLogger('conversation-routes');
 
 const SUGGESTION_CACHE_MAX = 100;
 
+function collectLivePendingConfirmationRequestIds(
+  conversationId: string,
+  sourceChannel: string,
+  session: import('../../daemon/session.js').Session,
+): string[] {
+  const pendingInteractionRequestIds = pendingInteractions
+    .getByConversation(conversationId)
+    .filter(
+      (interaction) =>
+        interaction.kind === 'confirmation'
+        && interaction.session === session
+        && session.hasPendingConfirmation(interaction.requestId),
+    )
+    .map((interaction) => interaction.requestId);
+
+  // Query both by destination conversation (via deliveries table) and by
+  // source conversation (direct field). For desktop/HTTP sessions these
+  // often overlap, but the Set dedup below handles that.
+  const pendingCanonicalRequestIds = [
+    ...listPendingCanonicalGuardianRequestsByDestinationConversation(conversationId, sourceChannel)
+      .filter((request) => request.kind === 'tool_approval')
+      .map((request) => request.id),
+    ...listCanonicalGuardianRequests({
+      status: 'pending',
+      conversationId,
+      kind: 'tool_approval',
+    }).map((request) => request.id),
+  ].filter((requestId) => session.hasPendingConfirmation(requestId));
+
+  return Array.from(new Set([
+    ...pendingInteractionRequestIds,
+    ...pendingCanonicalRequestIds,
+  ]));
+}
+
+async function tryConsumeInlineApprovalReply(params: {
+  conversationId: string;
+  sourceChannel: string;
+  sourceInterface: string;
+  content: string;
+  attachments: Array<{
+    id: string;
+    filename: string;
+    mimeType: string;
+    data: string;
+  }>;
+  session: import('../../daemon/session.js').Session;
+  onEvent: (msg: ServerMessage) => void;
+  approvalConversationGenerator?: ApprovalConversationGenerator;
+}): Promise<{ consumed: boolean; messageId?: string }> {
+  const {
+    conversationId,
+    sourceChannel,
+    sourceInterface,
+    content,
+    attachments,
+    session,
+    onEvent,
+    approvalConversationGenerator,
+  } = params;
+  const trimmedContent = content.trim();
+
+  // Try inline approval interception whenever a pending confirmation exists.
+  // We intentionally do not block on queue depth: after an auto-deny, users
+  // often retry with "approve"/"yes" while the queue is still draining, and
+  // requiring an empty queue can create a deny/retry cascade.
+  if (
+    !session.hasAnyPendingConfirmation()
+    || trimmedContent.length === 0
+  ) {
+    return { consumed: false };
+  }
+
+  const pendingRequestIds = collectLivePendingConfirmationRequestIds(conversationId, sourceChannel, session);
+  if (pendingRequestIds.length === 0) {
+    return { consumed: false };
+  }
+
+  const routerResult = await routeGuardianReply({
+    messageText: trimmedContent,
+    channel: sourceChannel,
+    actor: {
+      externalUserId: undefined,
+      channel: sourceChannel,
+      isTrusted: true,
+    },
+    conversationId,
+    pendingRequestIds,
+    approvalConversationGenerator,
+  });
+
+  if (!routerResult.consumed || routerResult.type === 'nl_keep_pending') {
+    return { consumed: false };
+  }
+
+  // Decision has been applied — transcript persistence is best-effort.
+  // If DB writes fail, we still return consumed: true so the approval text
+  // is not re-processed as a new user turn.
+  let messageId: string | undefined;
+  try {
+    const channelMeta = {
+      userMessageChannel: sourceChannel,
+      assistantMessageChannel: sourceChannel,
+      userMessageInterface: sourceInterface,
+      assistantMessageInterface: sourceInterface,
+      provenanceActorRole: 'guardian' as const,
+    };
+
+    const userMessage = createUserMessage(content, attachments);
+    const persistedUser = await conversationStore.addMessage(
+      conversationId,
+      'user',
+      JSON.stringify(userMessage.content),
+      channelMeta,
+    );
+    messageId = persistedUser.id;
+
+    const replyText = (routerResult.replyText?.trim())
+      || (routerResult.decisionApplied ? 'Decision applied.' : 'Request already resolved.');
+    const assistantMessage = createAssistantMessage(replyText);
+    await conversationStore.addMessage(
+      conversationId,
+      'assistant',
+      JSON.stringify(assistantMessage.content),
+      channelMeta,
+    );
+
+    // Avoid mutating in-memory history / emitting stream deltas while a run is active.
+    if (!session.isProcessing()) {
+      session.getMessages().push(userMessage, assistantMessage);
+      onEvent({ type: 'assistant_text_delta', text: replyText, sessionId: conversationId });
+      onEvent({ type: 'message_complete', sessionId: conversationId });
+    }
+  } catch (err) {
+    log.warn({ err, conversationId }, 'Failed to persist inline approval transcript entries');
+  }
+
+  return { consumed: true, messageId };
+}
+
+function resolveCanonicalRequestSourceType(sourceChannel: string | undefined): 'desktop' | 'channel' | 'voice' {
+  if (sourceChannel === 'voice') {
+    return 'voice';
+  }
+  if (sourceChannel === 'vellum') {
+    return 'desktop';
+  }
+  return 'channel';
+}
+
 function getInterfaceFilesWithMtimes(interfacesDir: string | null): Array<{ path: string; mtimeMs: number }> {
   if (!interfacesDir || !existsSync(interfacesDir)) return [];
   const results: Array<{ path: string; mtimeMs: number }> = [];
@@ -178,12 +333,17 @@ function makeHubPublisher(
 
       // Create a canonical guardian request so IPC/HTTP handlers can find it
       // via applyCanonicalGuardianDecision.
+      const guardianContext = session.guardianContext;
+      const sourceChannel = guardianContext?.sourceChannel ?? 'vellum';
       createCanonicalGuardianRequest({
         id: msg.requestId,
         kind: 'tool_approval',
-        sourceType: 'desktop',
-        sourceChannel: 'vellum',
+        sourceType: resolveCanonicalRequestSourceType(sourceChannel),
+        sourceChannel,
         conversationId,
+        requesterExternalUserId: guardianContext?.requesterExternalUserId,
+        requesterChatId: guardianContext?.requesterChatId,
+        guardianExternalUserId: guardianContext?.guardianExternalUserId,
         toolName: msg.toolName,
         status: 'pending',
         requestCode: generateCanonicalRequestCode(),
@@ -221,6 +381,7 @@ export async function handleSendMessage(
     processMessage?: MessageProcessor;
     persistAndProcessMessage?: NonBlockingMessageProcessor;
     sendMessageDeps?: SendMessageDeps;
+    approvalConversationGenerator?: ApprovalConversationGenerator;
   },
 ): Promise<Response> {
   const body = await req.json() as {
@@ -290,6 +451,30 @@ export async function handleSendMessage(
       ? smDeps.resolveAttachments(attachmentIds)
       : [];
 
+    // Try to consume the message as an inline approval/rejection reply.
+    // On failure, degrade to the existing queue/auto-deny path rather than
+    // surfacing a 500 — mirrors the IPC handler's catch-and-fallback.
+    try {
+      const inlineReplyResult = await tryConsumeInlineApprovalReply({
+        conversationId: mapping.conversationId,
+        sourceChannel,
+        sourceInterface,
+        content: content ?? '',
+      attachments,
+      session,
+      onEvent,
+      approvalConversationGenerator: deps.approvalConversationGenerator,
+    });
+      if (inlineReplyResult.consumed) {
+        return Response.json(
+          { accepted: true, ...(inlineReplyResult.messageId ? { messageId: inlineReplyResult.messageId } : {}) },
+          { status: 202 },
+        );
+      }
+    } catch (err) {
+      log.warn({ err, conversationId: mapping.conversationId }, 'Inline approval consumption failed, falling through to normal send path');
+    }
+
     if (session.isProcessing()) {
       // If a tool confirmation is pending, auto-deny it so the agent
       // can finish the current turn and process this queued message.

package/src/runtime/routes/inbound-message-handler.ts

@@ -1401,6 +1401,8 @@ function startPendingApprovalPromptWatcher(params: {
   sourceChannel: ChannelId;
   externalChatId: string;
   guardianTrustClass: GuardianContext['trustClass'];
+  guardianExternalUserId?: string;
+  requesterExternalUserId?: string;
   replyCallbackUrl: string;
   bearerToken?: string;
   assistantId?: string;
@@ -1411,6 +1413,8 @@ function startPendingApprovalPromptWatcher(params: {
     sourceChannel,
     externalChatId,
     guardianTrustClass,
+    guardianExternalUserId,
+    requesterExternalUserId,
     replyCallbackUrl,
     bearerToken,
     assistantId,
@@ -1419,7 +1423,12 @@ function startPendingApprovalPromptWatcher(params: {
 
   // Approval prompt delivery is guardian-only. Non-guardian and unverified
   // actors must never receive approval prompt broadcasts for the conversation.
-  if (guardianTrustClass !== 'guardian') {
+  // We also require an explicit identity match against the bound guardian to
+  // avoid broadcasting prompts when trustClass is stale/mis-scoped.
+  const isBoundGuardianActor = guardianTrustClass === 'guardian'
+    && !!guardianExternalUserId
+    && requesterExternalUserId === guardianExternalUserId;
+  if (!isBoundGuardianActor) {
     return () => {};
   }
 
@@ -1502,6 +1511,8 @@ function processChannelMessageInBackground(params: BackgroundProcessingParams):
         sourceChannel,
         externalChatId,
         guardianTrustClass: guardianCtx.trustClass,
+        guardianExternalUserId: guardianCtx.guardianExternalUserId,
+        requesterExternalUserId: guardianCtx.requesterExternalUserId,
         replyCallbackUrl,
         bearerToken,
         assistantId,

package/src/tools/apps/executors.ts

@@ -102,6 +102,21 @@ export async function executeAppCreate(
   const preview = input.preview;
   const appType = input.type === 'site' ? 'site' as const : 'app' as const;
 
+  // Validate required fields — LLM input is not type-checked at runtime
+  if (typeof name !== 'string' || name.trim() === '') {
+    return { content: JSON.stringify({ error: 'name is required and must be a non-empty string' }), isError: true };
+  }
+  if (typeof htmlDefinition !== 'string') {
+    return { content: JSON.stringify({ error: 'html is required and must be a string containing the HTML definition' }), isError: true };
+  }
+  if (pages) {
+    for (const [filename, content] of Object.entries(pages)) {
+      if (typeof content !== 'string') {
+        return { content: JSON.stringify({ error: `pages["${filename}"] must be a string, got ${typeof content}` }), isError: true };
+      }
+    }
+  }
+
   const app = store.createApp({ name, description, schemaJson, htmlDefinition, pages, appType });
 
   if (input.set_as_home_base) {

package/src/tools/reminder/reminder-store.ts

@@ -1,7 +1,7 @@
 import { and, asc, eq, lte } from 'drizzle-orm';
 import { v4 as uuid } from 'uuid';
 
-import { getDb, rawChanges } from '../../memory/db.js';
+import { getDb, rawRun } from '../../memory/db.js';
 import { reminders } from '../../memory/schema.js';
 import { cast,createRowMapper, parseJson } from '../../util/row-mapper.js';
 
@@ -105,14 +105,11 @@ export function listReminders(options?: { pendingOnly?: boolean }): ReminderRow[
 }
 
 export function cancelReminder(id: string): boolean {
-  const db = getDb();
   const now = Date.now();
-  db
-    .update(reminders)
-    .set({ status: 'cancelled', updatedAt: now })
-    .where(and(eq(reminders.id, id), eq(reminders.status, 'pending')))
-    .run();
-  return rawChanges() > 0;
+  return rawRun(
+    'UPDATE reminders SET status = ?, updated_at = ? WHERE id = ? AND status = ?',
+    'cancelled', now, id, 'pending',
+  ) > 0;
 }
 
 /**
@@ -132,13 +129,12 @@ export function claimDueReminders(now: number): ReminderRow[] {
 
   const claimed: ReminderRow[] = [];
   for (const row of candidates) {
-    db
-      .update(reminders)
-      .set({ status: 'firing', firedAt: now, updatedAt: now })
-      .where(and(eq(reminders.id, row.id), eq(reminders.status, 'pending')))
-      .run();
+    const changed = rawRun(
+      'UPDATE reminders SET status = ?, fired_at = ?, updated_at = ? WHERE id = ? AND status = ?',
+      'firing', now, now, row.id, 'pending',
+    );
 
-    if (rawChanges() === 0) continue;
+    if (changed === 0) continue;
 
     claimed.push(parseRow({
       ...row,