@vellumai/assistant 0.4.13 → 0.4.15

package/src/__tests__/session-agent-loop.test.ts

@@ -1107,6 +1107,126 @@ describe("session-agent-loop", () => {
     });
   });
 
+  describe("stale pending surface cleanup", () => {
+    test("auto-completes non-dynamic_page pending surfaces on regular user message", async () => {
+      const events: ServerMessage[] = [];
+
+      const ctx = makeCtx();
+      // Pre-populate a stale pending table surface
+      ctx.pendingSurfaceActions.set("stale-table-1", { surfaceType: "table" });
+      ctx.pendingSurfaceActions.set("stale-form-1", { surfaceType: "form" });
+      // dynamic_page should be preserved
+      ctx.pendingSurfaceActions.set("page-1", { surfaceType: "dynamic_page" });
+
+      await runAgentLoopImpl(ctx, "hello", "msg-1", (msg) => events.push(msg), {
+        isUserMessage: true,
+      });
+
+      // The stale table and form surfaces should have been auto-completed
+      const completeEvents = events.filter(
+        (e) => e.type === "ui_surface_complete",
+      );
+      expect(completeEvents).toHaveLength(2);
+      for (const evt of completeEvents) {
+        const typed = evt as { surfaceId: string; summary: string };
+        expect(typed.summary).toBe("Dismissed");
+        expect(["stale-table-1", "stale-form-1"]).toContain(typed.surfaceId);
+      }
+
+      // dynamic_page should still be pending
+      expect(ctx.pendingSurfaceActions.has("page-1")).toBe(true);
+      expect(ctx.pendingSurfaceActions.has("stale-table-1")).toBe(false);
+      expect(ctx.pendingSurfaceActions.has("stale-form-1")).toBe(false);
+    });
+
+    test("does not auto-complete surfaces when request is a surface action", async () => {
+      const events: ServerMessage[] = [];
+
+      const ctx = makeCtx();
+      ctx.pendingSurfaceActions.set("active-table-1", { surfaceType: "table" });
+      // Mark the request ID as a surface action response
+      ctx.currentRequestId = "surface-action-req";
+      ctx.surfaceActionRequestIds.add("surface-action-req");
+
+      await runAgentLoopImpl(
+        ctx,
+        "[User action on table surface]",
+        "msg-1",
+        (msg) => events.push(msg),
+        { isUserMessage: true },
+      );
+
+      // No ui_surface_complete should have been emitted
+      const completeEvents = events.filter(
+        (e) => e.type === "ui_surface_complete",
+      );
+      expect(completeEvents).toHaveLength(0);
+      // The pending surface should still be there
+      expect(ctx.pendingSurfaceActions.has("active-table-1")).toBe(true);
+    });
+
+    test("no-op when no pending surfaces exist", async () => {
+      const events: ServerMessage[] = [];
+
+      const ctx = makeCtx();
+      // No pending surfaces
+
+      await runAgentLoopImpl(ctx, "hello", "msg-1", (msg) => events.push(msg), {
+        isUserMessage: true,
+      });
+
+      const completeEvents = events.filter(
+        (e) => e.type === "ui_surface_complete",
+      );
+      expect(completeEvents).toHaveLength(0);
+    });
+
+    test("does not auto-complete surfaces for internal/subagent turns (no isUserMessage)", async () => {
+      const events: ServerMessage[] = [];
+
+      const ctx = makeCtx();
+      ctx.pendingSurfaceActions.set("active-table-1", { surfaceType: "table" });
+      ctx.pendingSurfaceActions.set("active-form-1", { surfaceType: "form" });
+
+      // Internal turn: no isUserMessage option
+      await runAgentLoopImpl(ctx, "subagent notification", "msg-1", (msg) =>
+        events.push(msg),
+      );
+
+      // No ui_surface_complete should have been emitted
+      const completeEvents = events.filter(
+        (e) => e.type === "ui_surface_complete",
+      );
+      expect(completeEvents).toHaveLength(0);
+      // Pending surfaces should still be there
+      expect(ctx.pendingSurfaceActions.has("active-table-1")).toBe(true);
+      expect(ctx.pendingSurfaceActions.has("active-form-1")).toBe(true);
+    });
+
+    test("finally block still runs if onEvent throws during stale surface dismissal", async () => {
+      let _eventCount = 0;
+      const ctx = makeCtx();
+      ctx.pendingSurfaceActions.set("stale-table-1", { surfaceType: "table" });
+
+      const throwingOnEvent = (msg: ServerMessage) => {
+        _eventCount++;
+        if (msg.type === "ui_surface_complete") {
+          throw new Error("onEvent sink failed");
+        }
+      };
+
+      // The error from onEvent should be caught by the try/catch,
+      // and the finally block should still clean up session state
+      await runAgentLoopImpl(ctx, "hello", "msg-1", throwingOnEvent, {
+        isUserMessage: true,
+      });
+
+      expect(ctx.processing).toBe(false);
+      expect(ctx.abortController).toBeNull();
+      expect(ctx.currentRequestId).toBeUndefined();
+    });
+  });
+
   describe("error-only response with no assistant text", () => {
     test("synthesizes error assistant message when provider returns no response", async () => {
       const events: ServerMessage[] = [];

package/src/__tests__/session-approval-overrides.test.ts

@@ -0,0 +1,205 @@
+import { afterEach, describe, expect, test } from 'bun:test';
+
+import {
+  clearAll,
+  clearMode,
+  getEffectiveMode,
+  hasActiveOverride,
+  setThreadMode,
+  setTimedMode,
+} from '../runtime/session-approval-overrides.js';
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe('session-approval-overrides', () => {
+  afterEach(() => {
+    clearAll();
+  });
+
+  // -----------------------------------------------------------------------
+  // setThreadMode / getEffectiveMode
+  // -----------------------------------------------------------------------
+  describe('thread mode', () => {
+    test('setThreadMode stores a thread override', () => {
+      setThreadMode('conv-1');
+      const mode = getEffectiveMode('conv-1');
+      expect(mode).not.toBeNull();
+      expect(mode!.kind).toBe('thread');
+    });
+
+    test('thread mode persists across multiple reads', () => {
+      setThreadMode('conv-1');
+      expect(getEffectiveMode('conv-1')).not.toBeNull();
+      expect(getEffectiveMode('conv-1')).not.toBeNull();
+    });
+
+    test('thread mode is scoped to a specific conversationId', () => {
+      setThreadMode('conv-1');
+      expect(getEffectiveMode('conv-1')).not.toBeNull();
+      expect(getEffectiveMode('conv-2')).toBeNull();
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // setTimedMode / getEffectiveMode
+  // -----------------------------------------------------------------------
+  describe('timed mode', () => {
+    test('setTimedMode stores a timed override with default 10-minute TTL', () => {
+      const before = Date.now();
+      setTimedMode('conv-1');
+      const after = Date.now();
+
+      const mode = getEffectiveMode('conv-1');
+      expect(mode).not.toBeNull();
+      expect(mode!.kind).toBe('timed');
+
+      const timed = mode!;
+      if (timed.kind === 'timed') {
+        const expectedMin = before + 10 * 60 * 1000;
+        const expectedMax = after + 10 * 60 * 1000;
+        expect(timed.expiresAt).toBeGreaterThanOrEqual(expectedMin);
+        expect(timed.expiresAt).toBeLessThanOrEqual(expectedMax);
+      }
+    });
+
+    test('setTimedMode accepts a custom duration', () => {
+      const before = Date.now();
+      setTimedMode('conv-1', 5000);
+      const after = Date.now();
+
+      const mode = getEffectiveMode('conv-1');
+      expect(mode).not.toBeNull();
+      const timed = mode!;
+      if (timed.kind === 'timed') {
+        expect(timed.expiresAt).toBeGreaterThanOrEqual(before + 5000);
+        expect(timed.expiresAt).toBeLessThanOrEqual(after + 5000);
+      }
+    });
+
+    test('timed mode expires after TTL elapses', async () => {
+      setTimedMode('conv-1', 1); // 1ms TTL
+      // Small delay to ensure expiry
+      await new Promise((resolve) => setTimeout(resolve, 5));
+      expect(getEffectiveMode('conv-1')).toBeNull();
+    });
+
+    test('expired timed mode is lazily cleaned up on read', async () => {
+      setTimedMode('conv-1', 1);
+      await new Promise((resolve) => setTimeout(resolve, 5));
+
+      // First read triggers cleanup and returns null
+      expect(getEffectiveMode('conv-1')).toBeNull();
+      // Subsequent read also returns null (entry was removed)
+      expect(getEffectiveMode('conv-1')).toBeNull();
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // Mode replacement
+  // -----------------------------------------------------------------------
+  describe('mode replacement', () => {
+    test('setTimedMode replaces an existing thread mode', () => {
+      setThreadMode('conv-1');
+      setTimedMode('conv-1', 60_000);
+
+      const mode = getEffectiveMode('conv-1');
+      expect(mode).not.toBeNull();
+      expect(mode!.kind).toBe('timed');
+    });
+
+    test('setThreadMode replaces an existing timed mode', () => {
+      setTimedMode('conv-1', 60_000);
+      setThreadMode('conv-1');
+
+      const mode = getEffectiveMode('conv-1');
+      expect(mode).not.toBeNull();
+      expect(mode!.kind).toBe('thread');
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // clearMode
+  // -----------------------------------------------------------------------
+  describe('clearMode', () => {
+    test('clearMode removes a thread override', () => {
+      setThreadMode('conv-1');
+      clearMode('conv-1');
+      expect(getEffectiveMode('conv-1')).toBeNull();
+    });
+
+    test('clearMode removes a timed override', () => {
+      setTimedMode('conv-1', 60_000);
+      clearMode('conv-1');
+      expect(getEffectiveMode('conv-1')).toBeNull();
+    });
+
+    test('clearMode is a no-op for unknown conversationId', () => {
+      // Should not throw
+      clearMode('nonexistent');
+      expect(getEffectiveMode('nonexistent')).toBeNull();
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // hasActiveOverride
+  // -----------------------------------------------------------------------
+  describe('hasActiveOverride', () => {
+    test('returns false when no override is set', () => {
+      expect(hasActiveOverride('conv-1')).toBe(false);
+    });
+
+    test('returns true for active thread override', () => {
+      setThreadMode('conv-1');
+      expect(hasActiveOverride('conv-1')).toBe(true);
+    });
+
+    test('returns true for active timed override', () => {
+      setTimedMode('conv-1', 60_000);
+      expect(hasActiveOverride('conv-1')).toBe(true);
+    });
+
+    test('returns false after timed override expires', async () => {
+      setTimedMode('conv-1', 1);
+      await new Promise((resolve) => setTimeout(resolve, 5));
+      expect(hasActiveOverride('conv-1')).toBe(false);
+    });
+
+    test('returns false after clearMode', () => {
+      setThreadMode('conv-1');
+      clearMode('conv-1');
+      expect(hasActiveOverride('conv-1')).toBe(false);
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // clearAll
+  // -----------------------------------------------------------------------
+  describe('clearAll', () => {
+    test('clearAll removes all overrides', () => {
+      setThreadMode('conv-1');
+      setTimedMode('conv-2', 60_000);
+      setThreadMode('conv-3');
+
+      clearAll();
+
+      expect(getEffectiveMode('conv-1')).toBeNull();
+      expect(getEffectiveMode('conv-2')).toBeNull();
+      expect(getEffectiveMode('conv-3')).toBeNull();
+    });
+
+    test('clearAll is safe to call on empty store', () => {
+      // Should not throw
+      clearAll();
+      expect(hasActiveOverride('anything')).toBe(false);
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // getEffectiveMode with no override
+  // -----------------------------------------------------------------------
+  test('getEffectiveMode returns null for unknown conversationId', () => {
+    expect(getEffectiveMode('nonexistent')).toBeNull();
+  });
+});

package/src/__tests__/session-surfaces-task-progress.test.ts

@@ -180,4 +180,42 @@ describe('task_progress surface compatibility', () => {
     expect(templateData.status).toBe('completed');
     expect(Array.isArray(templateData.steps)).toBe(true);
   });
+
+  test('ui_show rejects new interactive surface when a non-dynamic_page pending surface exists', async () => {
+    const sent: ServerMessage[] = [];
+    const ctx = makeContext(sent);
+
+    // Pre-populate a pending table surface (simulates a previously shown interactive surface)
+    ctx.pendingSurfaceActions.set('stale-surface-1', { surfaceType: 'table' });
+
+    const result = await surfaceProxyResolver(ctx, 'ui_show', {
+      surface_type: 'table',
+      title: 'New Table',
+      data: { columns: [], rows: [] },
+      actions: [{ id: 'archive', label: 'Archive' }],
+    });
+
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain('Another interactive surface is already awaiting user input');
+    // The stale entry should still be present (guard only rejects, doesn't clean up)
+    expect(ctx.pendingSurfaceActions.has('stale-surface-1')).toBe(true);
+  });
+
+  test('ui_show allows new interactive surface when only dynamic_page surfaces are pending', async () => {
+    const sent: ServerMessage[] = [];
+    const ctx = makeContext(sent);
+
+    // dynamic_page pending entries should not block new interactive surfaces
+    ctx.pendingSurfaceActions.set('page-1', { surfaceType: 'dynamic_page' });
+
+    const result = await surfaceProxyResolver(ctx, 'ui_show', {
+      surface_type: 'table',
+      title: 'Email Table',
+      data: { columns: [], rows: [] },
+      actions: [{ id: 'archive', label: 'Archive' }],
+    });
+
+    expect(result.isError).toBe(false);
+    expect(sent.some(m => m.type === 'ui_surface_show')).toBe(true);
+  });
 });

package/src/amazon/client.ts

@@ -51,8 +51,8 @@
 import type { ExtensionCommand, ExtensionResponse } from '../browser-extension-relay/protocol.js';
 import { extensionRelayServer } from '../browser-extension-relay/server.js';
 import { getGatewayInternalBaseUrl } from '../config/env.js';
+import { isSigningKeyInitialized, mintEdgeRelayToken } from '../runtime/auth/token-service.js';
 import type { ExtractedCredential } from '../tools/browser/network-recording-types.js';
-import { readHttpToken } from '../util/platform.js';
 import {
   type AmazonSession,
   loadSession,
@@ -75,11 +75,14 @@ export async function sendRelayCommand(command: Record<string, unknown>): Promis
     return extensionRelayServer.sendCommand(command as Omit<ExtensionCommand, 'id'>);
   }
 
-  // Fall back to HTTP relay endpoint on the daemon
-  const token = readHttpToken();
-  if (!token) {
-    throw new Error('Browser extension relay is not connected and no HTTP token found. Is the daemon running?');
+  // Fall back to HTTP relay endpoint via the gateway.
+  // The gateway validates edge JWTs (aud=vellum-gateway) and mints an
+  // exchange token for the runtime. Without the signing key (CLI
+  // out-of-process), we cannot mint JWTs at all.
+  if (!isSigningKeyInitialized()) {
+    throw new Error('Auth signing key not initialized — browser-relay commands require the daemon to be running');
   }
+  const token = mintEdgeRelayToken();
 
   const resp = await fetch(`${getGatewayInternalBaseUrl()}/v1/browser-relay/command`, {
     method: 'POST',

package/src/approvals/guardian-decision-primitive.ts

@@ -162,10 +162,11 @@ export interface ApplyGuardianDecisionParams {
 export function applyGuardianDecision(params: ApplyGuardianDecisionParams): ApplyGuardianDecisionResult {
   const { approval, decision, actorExternalUserId, actorChannel, decisionContext } = params;
 
-  // Guardians cannot approve_always on behalf of requesters -- downgrade.
-  const effectiveDecision: ApprovalDecisionResult = decision.action === 'approve_always'
-    ? { ...decision, action: 'approve_once' }
-    : decision;
+  // Guardians cannot grant broad allow modes on behalf of requesters -- downgrade.
+  const effectiveDecision: ApprovalDecisionResult =
+    decision.action === 'approve_always' || decision.action === 'approve_10m' || decision.action === 'approve_thread'
+      ? { ...decision, action: 'approve_once' }
+      : decision;
 
   // Capture pending approval info before handleChannelDecision resolves
   // (and removes) the pending interaction. Needed for grant minting.
@@ -282,6 +283,8 @@ export function mintCanonicalRequestGrant(params: {
 /** Valid actions for canonical guardian decisions. */
 const VALID_CANONICAL_ACTIONS: ReadonlySet<ApprovalAction> = new Set([
   'approve_once',
+  'approve_10m',
+  'approve_thread',
   'approve_always',
   'reject',
 ]);
@@ -404,11 +407,13 @@ export async function applyCanonicalGuardianDecision(
     return { applied: false, reason: 'expired' };
   }
 
-  // 3. Downgrade approve_always to approve_once for guardian-on-behalf requests.
-  // Guardians cannot permanently allowlist tools on behalf of requesters.
-  const effectiveAction: ApprovalAction = action === 'approve_always'
-    ? 'approve_once'
-    : action;
+  // 3. Downgrade approve_always and temporary modes to approve_once for
+  // guardian-on-behalf requests. Guardians cannot grant broad allow modes
+  // (permanent, timed, or thread-scoped) on behalf of requesters.
+  const effectiveAction: ApprovalAction =
+    action === 'approve_always' || action === 'approve_10m' || action === 'approve_thread'
+      ? 'approve_once'
+      : action;
 
   // 4. CAS resolve: atomically transition from 'pending' to terminal status
   const targetStatus: CanonicalRequestStatus = effectiveAction === 'reject'

package/src/approvals/guardian-request-resolvers.ts

@@ -18,6 +18,7 @@ import { upsertMember } from '../memory/ingress-member-store.js';
 import { emitNotificationSignal } from '../notifications/emit-signal.js';
 import { addRule } from '../permissions/trust-store.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from '../runtime/assistant-scope.js';
+import { mintDaemonDeliveryToken } from '../runtime/auth/token-service.js';
 import type { ApprovalAction } from '../runtime/channel-approval-types.js';
 import { createOutboundSession } from '../runtime/channel-guardian-service.js';
 import { deliverChannelReply } from '../runtime/gateway-client.js';
@@ -25,7 +26,6 @@ import * as pendingInteractions from '../runtime/pending-interactions.js';
 import { getTool } from '../tools/registry.js';
 import { TC_GRANT_WAIT_MAX_MS } from '../tools/tool-approval-handler.js';
 import { getLogger } from '../util/logger.js';
-import { readHttpToken } from '../util/platform.js';
 
 const log = getLogger('guardian-request-resolvers');
 
@@ -313,7 +313,7 @@ const accessRequestResolver: GuardianRequestResolver = {
     const decidedByExternalUserId = ctx.actor.externalUserId ?? '';
     const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
     const desktopDeliverUrl = resolveDeliverCallbackUrlForChannel(channel);
-    const desktopBearerToken = readHttpToken() ?? undefined;
+    const desktopBearerToken = mintDaemonDeliveryToken();
 
     if (decision.action === 'reject') {
       log.info(

package/src/calls/call-controller.ts

@@ -19,9 +19,9 @@ import {
 } from '../memory/canonical-guardian-store.js';
 import { revokeScopedApprovalGrantsForContext } from '../memory/scoped-approval-grants.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from '../runtime/assistant-scope.js';
+import { mintDaemonDeliveryToken } from '../runtime/auth/token-service.js';
 import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { getLogger } from '../util/logger.js';
-import { readHttpToken } from '../util/platform.js';
 import { getMaxCallDurationMs, getSilenceTimeoutMs, getUserConsultationTimeoutMs } from './call-constants.js';
 import { persistCallCompletionMessage } from './call-conversation-messages.js';
 import { addPointerMessage, formatDuration } from './call-pointer-messages.js';
@@ -949,7 +949,7 @@ export class CallController {
           canonicalDeliveries,
           this.assistantId,
           getGatewayInternalBaseUrl(),
-          readHttpToken() ?? undefined,
+          mintDaemonDeliveryToken(),
         ).catch((err) => {
           log.error(
             { err, callSessionId: this.callSessionId, requestId: pendingActionRequest.id },

package/src/calls/twilio-routes.ts

@@ -9,8 +9,8 @@
 import { getCallWelcomeGreeting, getRuntimeProxyBearerToken } from '../config/env.js';
 import { loadConfig } from '../config/loader.js';
 import { getTwilioRelayUrl } from '../inbound/public-ingress-urls.js';
+import { mintEdgeRelayToken } from '../runtime/auth/token-service.js';
 import { getLogger } from '../util/logger.js';
-import { readHttpToken } from '../util/platform.js';
 import { persistCallCompletionMessage } from './call-conversation-messages.js';
 import { createInboundVoiceSession } from './call-domain.js';
 import { logDeadLetterEvent } from './call-recovery.js';
@@ -264,7 +264,7 @@ function buildVoiceWebhookTwiml(
 
   // Use the same token resolution the gateway uses for runtimeProxyBearerToken:
   // env var override first, then the on-disk http-token file.
-  const relayToken = getRuntimeProxyBearerToken() ?? readHttpToken() ?? undefined;
+  const relayToken = getRuntimeProxyBearerToken() ?? mintEdgeRelayToken();
 
   // Propagate guardianVerificationSessionId as a TwiML <Parameter> for
   // observability. This is not the sole source of truth; the relay

package/src/cli/mcp.ts

@@ -12,15 +12,15 @@ import { getCliLogger } from '../util/logger.js';
 
 const log = getCliLogger('cli');
 
-const HEALTH_CHECK_TIMEOUT_MS = 10_000;
+export const HEALTH_CHECK_TIMEOUT_MS = 10_000;
 
-async function checkServerHealth(serverId: string, config: McpServerConfig): Promise<string> {
+export async function checkServerHealth(serverId: string, config: McpServerConfig, timeoutMs = HEALTH_CHECK_TIMEOUT_MS): Promise<string> {
   const client = new McpClient(serverId, { quiet: true });
   try {
     await Promise.race([
       client.connect(config.transport),
       new Promise<never>((_, reject) => {
-        const t = setTimeout(() => reject(new Error('timeout')), HEALTH_CHECK_TIMEOUT_MS);
+        const t = setTimeout(() => reject(new Error('timeout')), timeoutMs);
         if (typeof t === 'object' && 'unref' in t) t.unref();
       }),
     ]);

package/src/cli.ts

@@ -232,6 +232,12 @@ export async function startCli(): Promise<void> {
     }
     process.stdout.write(`\u2502\n`);
     process.stdout.write(`\u2502 [a] Allow once\n`);
+    if (req.temporaryOptionsAvailable?.includes('allow_10m')) {
+      process.stdout.write(`\u2502 [t] Allow 10m\n`);
+    }
+    if (req.temporaryOptionsAvailable?.includes('allow_thread')) {
+      process.stdout.write(`\u2502 [T] Allow Thread\n`);
+    }
     process.stdout.write(`\u2502 [d] Deny once\n`);
     if (req.allowlistOptions.length > 0 && req.scopeOptions.length > 0) {
       process.stdout.write(`\u2502 [A] Allowlist...\n`);
@@ -277,6 +283,24 @@ export async function startCli(): Promise<void> {
         return;
       }
 
+      if (choice === 't' && trimmed === 't' && req.temporaryOptionsAvailable?.includes('allow_10m')) {
+        send({
+          type: 'confirmation_response',
+          requestId: req.requestId,
+          decision: 'allow_10m',
+        });
+        return;
+      }
+
+      if (trimmed === 'T' && req.temporaryOptionsAvailable?.includes('allow_thread')) {
+        send({
+          type: 'confirmation_response',
+          requestId: req.requestId,
+          decision: 'allow_thread',
+        });
+        return;
+      }
+
       if (choice === 'd') {
         send({
           type: 'confirmation_response',