@vellumai/assistant 0.4.1 → 0.4.3

package/src/runtime/http-server.ts

@@ -40,6 +40,7 @@ import { consumeCallback, consumeCallbackError } from '../security/oauth-callbac
 import { getLogger } from '../util/logger.js';
 import { buildAssistantEvent } from './assistant-event.js';
 import { assistantEventHub } from './assistant-event-hub.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
 import { sweepFailedEvents } from './channel-retry-sweep.js';
 import { httpError } from './http-errors.js';
 // Middleware
@@ -97,7 +98,6 @@ import {
   startCanonicalGuardianExpirySweep,
   stopCanonicalGuardianExpirySweep,
 } from './routes/canonical-guardian-expiry-sweep.js';
-import { canonicalChannelAssistantId } from './routes/channel-route-shared.js';
 import {
   handleChannelDeliveryAck,
   handleChannelInbound,
@@ -270,7 +270,7 @@ export class RuntimeHttpServer {
             ipcBroadcast(msg);
             // Also publish to the event hub so HTTP/SSE clients (e.g. macOS
             // app with localHttpEnabled) receive pairing approval requests.
-            void assistantEventHub.publish(buildAssistantEvent('self', msg));
+            void assistantEventHub.publish(buildAssistantEvent(DAEMON_INTERNAL_ASSISTANT_ID, msg));
           }
         : undefined,
     };
@@ -521,22 +521,13 @@ export class RuntimeHttpServer {
       }
     }
 
-    // New assistant-less runtime routes: /v1/<endpoint>
-    const newRouteMatch = path.match(/^\/v1\/(?!assistants\/)(.+)$/);
-    if (newRouteMatch) {
-      return this.dispatchEndpoint(newRouteMatch[1], req, url);
+    // Runtime routes: /v1/<endpoint>
+    const routeMatch = path.match(/^\/v1\/(.+)$/);
+    if (routeMatch) {
+      return this.dispatchEndpoint(routeMatch[1], req, url);
     }
 
-    // Legacy: /v1/assistants/:assistantId/<endpoint>
-    const match = path.match(/^\/v1\/assistants\/([^/]+)\/(.+)$/);
-    if (!match) {
-      return httpError('NOT_FOUND', 'Not found', 404);
-    }
-
-    const assistantId = canonicalChannelAssistantId(match[1]);
-    const endpoint = match[2];
-    log.warn({ endpoint, assistantId }, '[deprecated] /v1/assistants/:assistantId/... route used; migrate to /v1/...');
-    return this.dispatchEndpoint(endpoint, req, url, assistantId);
+    return httpError('NOT_FOUND', 'Not found', 404);
   }
 
   private handleBrowserRelayUpgrade(req: Request, server: ReturnType<typeof Bun.serve>): Response {
@@ -616,8 +607,8 @@ export class RuntimeHttpServer {
     endpoint: string,
     req: Request,
     url: URL,
-    assistantId: string = 'self',
   ): Promise<Response> {
+    const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
     return withErrorHandling(endpoint, async () => {
       if (endpoint === 'health' && req.method === 'GET') return handleHealth();
       if (endpoint === 'debug' && req.method === 'GET') return handleDebug();
@@ -690,7 +681,7 @@ export class RuntimeHttpServer {
         try {
           recordConversationSeenSignal({
             conversationId,
-            assistantId: 'self',
+            assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
             sourceChannel: (body.sourceChannel as string) ?? 'vellum',
             signalType: (body.signalType as string ?? 'macos_conversation_opened') as SignalType,
             confidence: (body.confidence as string ?? 'explicit') as Confidence,
@@ -714,6 +705,7 @@ export class RuntimeHttpServer {
           processMessage: this.processMessage,
           persistAndProcessMessage: this.persistAndProcessMessage,
           sendMessageDeps: this.sendMessageDeps,
+          approvalConversationGenerator: this.approvalConversationGenerator,
         });
       }
 
@@ -812,11 +804,11 @@ export class RuntimeHttpServer {
 
       // Internal Twilio forwarding endpoints (gateway -> runtime)
       if (endpoint === 'internal/twilio/voice-webhook' && req.method === 'POST') {
-        const json = await req.json() as { params: Record<string, string>; originalUrl?: string; assistantId?: string };
+        const json = await req.json() as { params: Record<string, string>; originalUrl?: string };
         const formBody = new URLSearchParams(json.params).toString();
         const reconstructedUrl = json.originalUrl ?? req.url;
         const fakeReq = new Request(reconstructedUrl, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: formBody });
-        return await handleVoiceWebhook(fakeReq, json.assistantId);
+        return await handleVoiceWebhook(fakeReq);
       }
 
       if (endpoint === 'internal/twilio/status' && req.method === 'POST') {

package/src/runtime/ingress-service.ts

@@ -57,6 +57,8 @@ export interface InviteResponseData {
   expectedExternalUserId?: string;
   voiceCode?: string;
   voiceCodeDigits?: number;
+  friendName?: string;
+  guardianName?: string;
   createdAt: number;
 }
 
@@ -110,6 +112,8 @@ function inviteToResponse(inv: IngressInvite, opts?: { rawToken?: string; voiceC
     ...(inv.expectedExternalUserId ? { expectedExternalUserId: inv.expectedExternalUserId } : {}),
     ...(opts?.voiceCode ? { voiceCode: opts.voiceCode } : {}),
     ...(inv.voiceCodeDigits != null ? { voiceCodeDigits: inv.voiceCodeDigits } : {}),
+    ...(inv.friendName ? { friendName: inv.friendName } : {}),
+    ...(inv.guardianName ? { guardianName: inv.guardianName } : {}),
     createdAt: inv.createdAt,
   };
 }
@@ -149,6 +153,8 @@ export function createIngressInvite(params: {
   // Voice invite parameters
   expectedExternalUserId?: string;
   voiceCodeDigits?: number;
+  friendName?: string;
+  guardianName?: string;
 }): IngressResult<InviteResponseData> {
   if (!params.sourceChannel) {
     return { ok: false, error: 'sourceChannel is required for create' };
@@ -168,6 +174,12 @@ export function createIngressInvite(params: {
     if (!isValidE164(params.expectedExternalUserId)) {
       return { ok: false, error: 'expectedExternalUserId must be in E.164 format (e.g., +15551234567)' };
     }
+    if (typeof params.friendName !== 'string' || !params.friendName.trim()) {
+      return { ok: false, error: 'friendName is required for voice invites' };
+    }
+    if (typeof params.guardianName !== 'string' || !params.guardianName.trim()) {
+      return { ok: false, error: 'guardianName is required for voice invites' };
+    }
     voiceCode = generateVoiceCode(6);
     voiceCodeHash = hashVoiceCode(voiceCode);
   }
@@ -181,6 +193,8 @@ export function createIngressInvite(params: {
       expectedExternalUserId: params.expectedExternalUserId,
       voiceCodeHash,
       voiceCodeDigits: 6,
+      friendName: params.friendName,
+      guardianName: params.guardianName,
     } : {}),
   });
   // Voice invites must not expose the token — callers must redeem via the

package/src/runtime/invite-redemption-service.ts

@@ -13,6 +13,7 @@ import { findActiveVoiceInvites,findByTokenHash, hashToken, markInviteExpired, r
 import { findMember, upsertMember } from '../memory/ingress-member-store.js';
 import { canonicalizeInboundIdentity } from '../util/canonicalize-identity.js';
 import { hashVoiceCode } from '../util/voice-code.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
 
 // ---------------------------------------------------------------------------
 // Outcome type
@@ -223,7 +224,7 @@ export function redeemVoiceInviteCode(params: {
   sourceChannel: 'voice';
   code: string;
 }): VoiceRedemptionOutcome {
-  const { assistantId = 'self', callerExternalUserId, code } = params;
+  const { assistantId = DAEMON_INTERNAL_ASSISTANT_ID, callerExternalUserId, code } = params;
 
   if (!callerExternalUserId) {
     return { ok: false, reason: 'invalid_or_expired' };

package/src/runtime/middleware/twilio-validation.ts

@@ -12,12 +12,10 @@ import { httpError } from '../http-errors.js';
 const log = getLogger('runtime-http');
 
 /**
- * Regex to extract the Twilio webhook subpath from both top-level and
- * assistant-scoped route shapes:
+ * Regex to extract the Twilio webhook subpath:
  *   /v1/calls/twilio/<subpath>
- *   /v1/assistants/<id>/calls/twilio/<subpath>
  */
-export const TWILIO_WEBHOOK_RE = /^\/v1\/(?:assistants\/[^/]+\/)?calls\/twilio\/(.+)$/;
+export const TWILIO_WEBHOOK_RE = /^\/v1\/calls\/twilio\/(.+)$/;
 
 /**
  * Gateway-compatible Twilio webhook paths:

package/src/runtime/routes/call-routes.ts

@@ -11,6 +11,7 @@
 import { answerCall, cancelCall, getCallStatus, relayInstruction,startCall } from '../../calls/call-domain.js';
 import { getConfig } from '../../config/loader.js';
 import { VALID_CALLER_IDENTITY_MODES } from '../../config/schema.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { httpError, httpErrorCodeFromStatus } from '../http-errors.js';
 
 // ── Idempotency cache ─────────────────────────────────────────────────────────
@@ -41,7 +42,7 @@ function pruneIdempotencyCache(): void {
  * Optional `idempotencyKey`: if supplied, duplicate requests with the same key
  * within 5 minutes return the cached 201 response without starting a second call.
  */
-export async function handleStartCall(req: Request, assistantId: string = 'self'): Promise<Response> {
+export async function handleStartCall(req: Request, assistantId: string = DAEMON_INTERNAL_ASSISTANT_ID): Promise<Response> {
   if (!getConfig().calls.enabled) {
     return httpError('FORBIDDEN', 'Calls feature is disabled via configuration. Set calls.enabled to true to use this feature.', 403);
   }

package/src/runtime/routes/channel-route-shared.ts

@@ -4,7 +4,7 @@
 import { timingSafeEqual } from 'node:crypto';
 
 import type { ChannelId } from '../../channels/types.js';
-import { normalizeAssistantId } from '../../util/platform.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import type {
   ApprovalAction,
   ApprovalDecisionResult,
@@ -15,8 +15,8 @@ export type { ActorTrustClass, DenialReason, GuardianContext } from '../guardian
 export { toGuardianRuntimeContext } from '../guardian-context-resolver.js';
 
 /** Canonicalize assistantId for channel ingress paths. */
-export function canonicalChannelAssistantId(assistantId: string): string {
-  return normalizeAssistantId(assistantId);
+export function canonicalChannelAssistantId(_assistantId: string): string {
+  return DAEMON_INTERNAL_ASSISTANT_ID;
 }
 
 // ---------------------------------------------------------------------------

package/src/runtime/routes/conversation-attention-routes.ts

@@ -10,6 +10,7 @@ import {
 } from '../../memory/conversation-attention-store.js';
 import * as conversationStore from '../../memory/conversation-store.js';
 import { truncate } from '../../util/truncate.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { httpError } from '../http-errors.js';
 
 export function handleListConversationAttention(url: URL): Response {
@@ -27,7 +28,7 @@ export function handleListConversationAttention(url: URL): Response {
   }
 
   const attentionStates = listConversationAttention({
-    assistantId: 'self',
+    assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
     state: stateParam as AttentionFilterState,
     sourceChannel: channel,
     source: sourceParam !== 'all' ? sourceParam : undefined,

package/src/runtime/routes/conversation-routes.ts

@@ -24,9 +24,11 @@ import { getConfiguredProvider } from '../../providers/provider-send-message.js'
 import type { Provider } from '../../providers/types.js';
 import { getLogger } from '../../util/logger.js';
 import { buildAssistantEvent } from '../assistant-event.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { routeGuardianReply } from '../guardian-reply-router.js';
 import { httpError } from '../http-errors.js';
 import type {
+  ApprovalConversationGenerator,
   MessageProcessor,
   NonBlockingMessageProcessor,
   RuntimeAttachmentMetadata,
@@ -87,6 +89,7 @@ async function tryConsumeInlineApprovalReply(params: {
   }>;
   session: import('../../daemon/session.js').Session;
   onEvent: (msg: ServerMessage) => void;
+  approvalConversationGenerator?: ApprovalConversationGenerator;
 }): Promise<{ consumed: boolean; messageId?: string }> {
   const {
     conversationId,
@@ -96,15 +99,16 @@ async function tryConsumeInlineApprovalReply(params: {
     attachments,
     session,
     onEvent,
+    approvalConversationGenerator,
   } = params;
   const trimmedContent = content.trim();
 
-  // Only consume inline replies when there are no queued turns, matching
-  // the IPC path guard. With queued messages, "approve"/"no" should be
-  // processed in queue order rather than treated as a confirmation reply.
+  // Try inline approval interception whenever a pending confirmation exists.
+  // We intentionally do not block on queue depth: after an auto-deny, users
+  // often retry with "approve"/"yes" while the queue is still draining, and
+  // requiring an empty queue can create a deny/retry cascade.
   if (
     !session.hasAnyPendingConfirmation()
-    || session.getQueueDepth() > 0
     || trimmedContent.length === 0
   ) {
     return { consumed: false };
@@ -125,6 +129,7 @@ async function tryConsumeInlineApprovalReply(params: {
     },
     conversationId,
     pendingRequestIds,
+    approvalConversationGenerator,
   });
 
   if (!routerResult.consumed || routerResult.type === 'nl_keep_pending') {
@@ -176,6 +181,16 @@ async function tryConsumeInlineApprovalReply(params: {
   return { consumed: true, messageId };
 }
 
+function resolveCanonicalRequestSourceType(sourceChannel: string | undefined): 'desktop' | 'channel' | 'voice' {
+  if (sourceChannel === 'voice') {
+    return 'voice';
+  }
+  if (sourceChannel === 'vellum') {
+    return 'desktop';
+  }
+  return 'channel';
+}
+
 function getInterfaceFilesWithMtimes(interfacesDir: string | null): Array<{ path: string; mtimeMs: number }> {
   if (!interfacesDir || !existsSync(interfacesDir)) return [];
   const results: Array<{ path: string; mtimeMs: number }> = [];
@@ -319,12 +334,17 @@ function makeHubPublisher(
 
       // Create a canonical guardian request so IPC/HTTP handlers can find it
       // via applyCanonicalGuardianDecision.
+      const guardianContext = session.guardianContext;
+      const sourceChannel = guardianContext?.sourceChannel ?? 'vellum';
       createCanonicalGuardianRequest({
         id: msg.requestId,
         kind: 'tool_approval',
-        sourceType: 'desktop',
-        sourceChannel: 'vellum',
+        sourceType: resolveCanonicalRequestSourceType(sourceChannel),
+        sourceChannel,
         conversationId,
+        requesterExternalUserId: guardianContext?.requesterExternalUserId,
+        requesterChatId: guardianContext?.requesterChatId,
+        guardianExternalUserId: guardianContext?.guardianExternalUserId,
         toolName: msg.toolName,
         status: 'pending',
         requestCode: generateCanonicalRequestCode(),
@@ -344,7 +364,7 @@ function makeHubPublisher(
         ? (msg as { sessionId: string }).sessionId
         : undefined;
     const resolvedSessionId = msgSessionId ?? conversationId;
-    const event = buildAssistantEvent('self', msg, resolvedSessionId);
+    const event = buildAssistantEvent(DAEMON_INTERNAL_ASSISTANT_ID, msg, resolvedSessionId);
     hubChain = (async () => {
       await hubChain;
       try {
@@ -362,6 +382,7 @@ export async function handleSendMessage(
     processMessage?: MessageProcessor;
     persistAndProcessMessage?: NonBlockingMessageProcessor;
     sendMessageDeps?: SendMessageDeps;
+    approvalConversationGenerator?: ApprovalConversationGenerator;
   },
 ): Promise<Response> {
   const body = await req.json() as {
@@ -440,10 +461,11 @@ export async function handleSendMessage(
         sourceChannel,
         sourceInterface,
         content: content ?? '',
-        attachments,
-        session,
-        onEvent,
-      });
+      attachments,
+      session,
+      onEvent,
+      approvalConversationGenerator: deps.approvalConversationGenerator,
+    });
       if (inlineReplyResult.consumed) {
         return Response.json(
           { accepted: true, ...(inlineReplyResult.messageId ? { messageId: inlineReplyResult.messageId } : {}) },

package/src/runtime/routes/events-routes.ts

@@ -11,6 +11,7 @@ import { getOrCreateConversation } from '../../memory/conversation-key-store.js'
 import { formatSseFrame, formatSseHeartbeat } from '../assistant-event.js';
 import type { AssistantEventSubscription } from '../assistant-event-hub.js';
 import { AssistantEventHub,assistantEventHub } from '../assistant-event-hub.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { httpError } from '../http-errors.js';
 
 /** Keep-alive comment sent to idle clients every 30 s by default. */
@@ -50,8 +51,6 @@ export function handleSubscribeAssistantEvents(
   // closures are in place before events can arrive.  `controllerRef` is set
   // synchronously inside ReadableStream's start(), so it is non-null by the
   // time any event or eviction fires.
-  // 'self' is the assistantId used by buildAssistantEvent('self', ...) for
-  // all HTTP and voice session events.
   let controllerRef: ReadableStreamDefaultController<Uint8Array> | null = null;
   let heartbeatTimer: ReturnType<typeof setInterval> | null = null;
   let sub!: AssistantEventSubscription;
@@ -63,7 +62,7 @@ export function handleSubscribeAssistantEvents(
 
   try {
     sub = hub.subscribe(
-      { assistantId: 'self', sessionId: mapping.conversationId },
+      { assistantId: DAEMON_INTERNAL_ASSISTANT_ID, sessionId: mapping.conversationId },
       (event) => {
         const controller = controllerRef;
         if (!controller) return;

package/src/runtime/routes/inbound-conversation.ts

@@ -3,9 +3,10 @@
  */
 import { deleteConversationKey } from '../../memory/conversation-key-store.js';
 import * as externalConversationStore from '../../memory/external-conversation-store.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { httpError } from '../http-errors.js';
 
-export async function handleDeleteConversation(req: Request, assistantId: string = 'self'): Promise<Response> {
+export async function handleDeleteConversation(req: Request, assistantId: string = DAEMON_INTERNAL_ASSISTANT_ID): Promise<Response> {
   const body = await req.json() as {
     sourceChannel?: string;
     externalChatId?: string;
@@ -26,14 +27,14 @@ export async function handleDeleteConversation(req: Request, assistantId: string
   const legacyKey = `${sourceChannel}:${externalChatId}`;
   const scopedKey = `asst:${assistantId}:${sourceChannel}:${externalChatId}`;
   deleteConversationKey(scopedKey);
-  if (assistantId === 'self') {
+  if (assistantId === DAEMON_INTERNAL_ASSISTANT_ID) {
     deleteConversationKey(legacyKey);
   }
   // external_conversation_bindings is currently assistant-agnostic
   // (unique by sourceChannel + externalChatId). Restrict mutations to the
   // canonical self-assistant route so multi-assistant legacy routes do not
   // clobber each other's bindings.
-  if (assistantId === 'self') {
+  if (assistantId === DAEMON_INTERNAL_ASSISTANT_ID) {
     externalConversationStore.deleteBindingByChannelChat(sourceChannel, externalChatId);
   }
 

package/src/runtime/routes/inbound-message-handler.ts

@@ -28,6 +28,7 @@ import { IngressBlockedError } from '../../util/errors.js';
 import { getLogger } from '../../util/logger.js';
 import { readHttpToken } from '../../util/platform.js';
 import { notifyGuardianOfAccessRequest } from '../access-request-helper.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import {
   buildApprovalUIMetadata,
   getApprovalInfoByConversation,
@@ -97,7 +98,7 @@ export async function handleChannelInbound(
   req: Request,
   processMessage?: MessageProcessor,
   bearerToken?: string,
-  assistantId: string = 'self',
+  assistantId: string = DAEMON_INTERNAL_ASSISTANT_ID,
   gatewayOriginSecret?: string,
   approvalCopyGenerator?: ApprovalCopyGenerator,
   approvalConversationGenerator?: ApprovalConversationGenerator,
@@ -580,7 +581,7 @@ export async function handleChannelInbound(
   // external_conversation_bindings is assistant-agnostic. Restrict writes to
   // self so assistant-scoped legacy routes do not overwrite each other's
   // channel binding metadata for the same chat.
-  if (canonicalAssistantId === 'self') {
+  if (canonicalAssistantId === DAEMON_INTERNAL_ASSISTANT_ID) {
     externalConversationStore.upsertBinding({
       conversationId: result.conversationId,
       sourceChannel,
@@ -1401,6 +1402,8 @@ function startPendingApprovalPromptWatcher(params: {
   sourceChannel: ChannelId;
   externalChatId: string;
   guardianTrustClass: GuardianContext['trustClass'];
+  guardianExternalUserId?: string;
+  requesterExternalUserId?: string;
   replyCallbackUrl: string;
   bearerToken?: string;
   assistantId?: string;
@@ -1411,6 +1414,8 @@ function startPendingApprovalPromptWatcher(params: {
     sourceChannel,
     externalChatId,
     guardianTrustClass,
+    guardianExternalUserId,
+    requesterExternalUserId,
     replyCallbackUrl,
     bearerToken,
     assistantId,
@@ -1419,7 +1424,12 @@ function startPendingApprovalPromptWatcher(params: {
 
   // Approval prompt delivery is guardian-only. Non-guardian and unverified
   // actors must never receive approval prompt broadcasts for the conversation.
-  if (guardianTrustClass !== 'guardian') {
+  // We also require an explicit identity match against the bound guardian to
+  // avoid broadcasting prompts when trustClass is stale/mis-scoped.
+  const isBoundGuardianActor = guardianTrustClass === 'guardian'
+    && !!guardianExternalUserId
+    && requesterExternalUserId === guardianExternalUserId;
+  if (!isBoundGuardianActor) {
     return () => {};
   }
 
@@ -1438,7 +1448,7 @@ function startPendingApprovalPromptWatcher(params: {
             replyCallbackUrl,
             chatId: externalChatId,
             sourceChannel,
-            assistantId: assistantId ?? 'self',
+            assistantId: assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
             bearerToken,
             prompt,
             uiMetadata: buildApprovalUIMetadata(prompt, info),
@@ -1502,6 +1512,8 @@ function processChannelMessageInBackground(params: BackgroundProcessingParams):
         sourceChannel,
         externalChatId,
         guardianTrustClass: guardianCtx.trustClass,
+        guardianExternalUserId: guardianCtx.guardianExternalUserId,
+        requesterExternalUserId: guardianCtx.requesterExternalUserId,
         replyCallbackUrl,
         bearerToken,
         assistantId,

package/src/runtime/routes/ingress-routes.ts

@@ -147,6 +147,8 @@ export async function handleCreateInvite(req: Request): Promise<Response> {
     expiresInMs: body.expiresInMs as number | undefined,
     expectedExternalUserId: body.expectedExternalUserId as string | undefined,
     voiceCodeDigits: body.voiceCodeDigits as number | undefined,
+    friendName: body.friendName as string | undefined,
+    guardianName: body.guardianName as string | undefined,
   });
 
   if (!result.ok) {

package/src/tools/apps/executors.ts

@@ -102,6 +102,21 @@ export async function executeAppCreate(
   const preview = input.preview;
   const appType = input.type === 'site' ? 'site' as const : 'app' as const;
 
+  // Validate required fields — LLM input is not type-checked at runtime
+  if (typeof name !== 'string' || name.trim() === '') {
+    return { content: JSON.stringify({ error: 'name is required and must be a non-empty string' }), isError: true };
+  }
+  if (typeof htmlDefinition !== 'string') {
+    return { content: JSON.stringify({ error: 'html is required and must be a string containing the HTML definition' }), isError: true };
+  }
+  if (pages) {
+    for (const [filename, content] of Object.entries(pages)) {
+      if (typeof content !== 'string') {
+        return { content: JSON.stringify({ error: `pages["${filename}"] must be a string, got ${typeof content}` }), isError: true };
+      }
+    }
+  }
+
   const app = store.createApp({ name, description, schemaJson, htmlDefinition, pages, appType });
 
   if (input.set_as_home_base) {

package/src/tools/calls/call-start.ts

@@ -1,5 +1,6 @@
 import { startCall } from '../../calls/call-domain.js';
 import { getConfig } from '../../config/loader.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../../runtime/assistant-scope.js';
 import { findActiveSession } from '../../runtime/channel-guardian-service.js';
 import { normalizePhoneNumber } from '../../util/phone.js';
 import type { ToolContext, ToolExecutionResult } from '../types.js';
@@ -16,7 +17,7 @@ export async function executeCallStart(
     ? normalizePhoneNumber(input.phone_number)
     : null;
   if (requestedPhone) {
-    const assistantId = context.assistantId ?? 'self';
+    const assistantId = context.assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID;
     const activeVoiceVerification = findActiveSession(assistantId, 'voice');
     const verificationDestination = activeVoiceVerification?.destinationAddress ?? activeVoiceVerification?.expectedPhoneE164;
     if (verificationDestination === requestedPhone) {

package/src/tools/terminal/parser.ts

@@ -132,6 +132,18 @@ function findWasmPath(pkg: string, file: string): string {
     return execDirPath;
   }
 
+  // Use module resolution to find the package. This handles hoisted
+  // dependencies (e.g. global bun installs where web-tree-sitter is at the
+  // top-level node_modules rather than nested under @vellumai/assistant).
+  try {
+    const resolved = require.resolve(`${pkg}/package.json`);
+    const pkgDir = dirname(resolved);
+    const resolvedPath = join(pkgDir, file);
+    if (existsSync(resolvedPath)) return resolvedPath;
+  } catch (err) {
+    log.warn({ err, pkg, file }, 'require.resolve failed for WASM package, falling back to manual resolution');
+  }
+
   const sourcePath = join(dir, '..', '..', '..', 'node_modules', pkg, file);
 
   if (existsSync(sourcePath)) return sourcePath;

package/src/tools/tool-approval-handler.ts

@@ -1,4 +1,5 @@
 import { consumeGrantForInvocation } from '../approvals/approval-primitive.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../runtime/assistant-scope.js';
 import { createOrReuseToolGrantRequest } from '../runtime/tool-grant-request-helper.js';
 import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { getTaskRunRules } from '../tasks/ephemeral-permissions.js';
@@ -128,7 +129,7 @@ export class ToolApprovalHandler {
         toolName: name,
         inputDigest,
         consumingRequestId: context.requestId ?? `preexec-${context.sessionId}-${Date.now()}`,
-        assistantId: context.assistantId ?? 'self',
+        assistantId: context.assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
         executionChannel: context.executionChannel,
         conversationId: context.conversationId,
         callSessionId: context.callSessionId,

package/src/workspace/git-service.ts

@@ -16,6 +16,11 @@ const log = getLogger('workspace-git');
  * Strips all GIT_* env vars (e.g. GIT_DIR, GIT_WORK_TREE) that CI runners
  * or parent processes may set, then adds GIT_CEILING_DIRECTORIES to prevent
  * walking up to a parent repo.
+ *
+ * On macOS, augments PATH with common binary directories so the real git
+ * binary is found even when the daemon is launched from a .app bundle with
+ * a minimal PATH. Without this, the macOS /usr/bin/git shim triggers an
+ * "Install Command Line Developer Tools" popup on every git invocation.
  */
 function cleanGitEnv(workspaceDir: string): Record<string, string> {
   const env: Record<string, string> = {};
@@ -25,6 +30,20 @@ function cleanGitEnv(workspaceDir: string): Record<string, string> {
     }
   }
   env.GIT_CEILING_DIRECTORIES = workspaceDir;
+
+  const home = process.env.HOME ?? '';
+  const extraDirs = [
+    '/opt/homebrew/bin',
+    '/usr/local/bin',
+    `${home}/.local/bin`,
+  ];
+  const currentPath = env.PATH ?? '';
+  const pathDirs = currentPath.split(':');
+  const missing = extraDirs.filter(d => !pathDirs.includes(d));
+  if (missing.length > 0) {
+    env.PATH = [...missing, currentPath].filter(Boolean).join(':');
+  }
+
   return env;
 }