@vellumai/assistant 0.4.13 → 0.4.15

package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts

@@ -1,133 +1,24 @@
-import { existsSync, mkdirSync, readFileSync } from "node:fs";
-import { homedir } from "node:os";
-import { join } from "node:path";
+import { existsSync, readFileSync } from "node:fs";
 import { inflateRawSync } from "node:zlib";
 
-import { Database } from "bun:sqlite";
 import { eq } from "drizzle-orm";
-import { drizzle } from "drizzle-orm/bun-sqlite";
-import { integer, real, sqliteTable, text } from "drizzle-orm/sqlite-core";
 import { v4 as uuid } from "uuid";
 
+import {
+  addMessage,
+  createConversation,
+} from "../../../../memory/conversation-store.js";
+import { getDb } from "../../../../memory/db.js";
+import {
+  conversationKeys,
+  conversations,
+  messages as messagesTable,
+} from "../../../../memory/schema.js";
 import type {
   ToolContext,
   ToolExecutionResult,
 } from "../../../../tools/types.js";
 
-// -- Inline schema (only the tables this tool touches) --
-
-const conversations = sqliteTable("conversations", {
-  id: text("id").primaryKey(),
-  title: text("title"),
-  createdAt: integer("created_at").notNull(),
-  updatedAt: integer("updated_at").notNull(),
-  totalInputTokens: integer("total_input_tokens").notNull().default(0),
-  totalOutputTokens: integer("total_output_tokens").notNull().default(0),
-  totalEstimatedCost: real("total_estimated_cost").notNull().default(0),
-  contextSummary: text("context_summary"),
-  contextCompactedMessageCount: integer("context_compacted_message_count")
-    .notNull()
-    .default(0),
-  contextCompactedAt: integer("context_compacted_at"),
-  threadType: text("thread_type").notNull().default("standard"),
-  memoryScopeId: text("memory_scope_id").notNull().default("default"),
-});
-
-const messagesTable = sqliteTable("messages", {
-  id: text("id").primaryKey(),
-  conversationId: text("conversation_id")
-    .notNull()
-    .references(() => conversations.id),
-  role: text("role").notNull(),
-  content: text("content").notNull(),
-  createdAt: integer("created_at").notNull(),
-  metadata: text("metadata"),
-});
-
-const conversationKeys = sqliteTable("conversation_keys", {
-  id: text("id").primaryKey(),
-  conversationKey: text("conversation_key").notNull(),
-  conversationId: text("conversation_id")
-    .notNull()
-    .references(() => conversations.id, { onDelete: "cascade" }),
-  createdAt: integer("created_at").notNull(),
-});
-
-// -- Inline DB access --
-
-const schema = { conversations, messages: messagesTable, conversationKeys };
-
-function getDbPath(): string {
-  const baseDir = process.env.BASE_DATA_DIR?.trim() || homedir();
-  return join(baseDir, ".vellum", "workspace", "data", "db", "assistant.db");
-}
-
-let db: ReturnType<typeof drizzle<typeof schema>> | null = null;
-
-function getDb() {
-  if (!db) {
-    const dbPath = getDbPath();
-    const dbDir = join(dbPath, "..");
-    mkdirSync(dbDir, { recursive: true });
-    const sqlite = new Database(dbPath);
-    sqlite.exec("PRAGMA journal_mode=WAL");
-    sqlite.exec("PRAGMA foreign_keys = ON");
-    db = drizzle(sqlite, { schema });
-  }
-  return db;
-}
-
-// -- Inline conversation helpers --
-
-let lastTimestamp = 0;
-function monotonicNow(): number {
-  const now = Date.now();
-  lastTimestamp = Math.max(now, lastTimestamp + 1);
-  return lastTimestamp;
-}
-
-function createConversation(title: string) {
-  const database = getDb();
-  const now = Date.now();
-  const id = uuid();
-  const conversation = {
-    id,
-    title,
-    createdAt: now,
-    updatedAt: now,
-    totalInputTokens: 0,
-    totalOutputTokens: 0,
-    totalEstimatedCost: 0,
-    contextSummary: null as string | null,
-    contextCompactedMessageCount: 0,
-    contextCompactedAt: null as number | null,
-    threadType: "standard" as const,
-    memoryScopeId: "default",
-  };
-  database.insert(conversations).values(conversation).run();
-  return conversation;
-}
-
-function addMessage(conversationId: string, role: string, content: string) {
-  const database = getDb();
-  const now = monotonicNow();
-  const message = {
-    id: uuid(),
-    conversationId,
-    role,
-    content,
-    createdAt: now,
-  };
-  database.transaction((tx) => {
-    tx.insert(messagesTable).values(message).run();
-    tx.update(conversations)
-      .set({ updatedAt: now })
-      .where(eq(conversations.id, conversationId))
-      .run();
-  });
-  return message;
-}
-
 // -- ChatGPT export format types --
 
 interface ChatGPTContent {
@@ -209,7 +100,7 @@ export async function run(
     };
   }
 
-  const database = getDb();
+  const db = getDb();
   let importedCount = 0;
   let skippedCount = 0;
   let messageCount = 0;
@@ -217,7 +108,7 @@ export async function run(
   for (const conv of imported) {
     const convKey = `chatgpt:${conv.sourceId}`;
 
-    const existing = database
+    const existing = db
       .select()
       .from(conversationKeys)
       .where(eq(conversationKeys.conversationKey, convKey))
@@ -231,18 +122,18 @@ export async function run(
     const conversation = createConversation(conv.title);
 
     for (const msg of conv.messages) {
-      addMessage(conversation.id, msg.role, JSON.stringify(msg.content));
+      // Uses the daemon's addMessage which triggers memory indexing
+      await addMessage(conversation.id, msg.role, JSON.stringify(msg.content));
     }
 
     // Override timestamps to match ChatGPT originals
-    database
-      .update(conversations)
+    db.update(conversations)
       .set({ createdAt: conv.createdAt, updatedAt: conv.updatedAt })
       .where(eq(conversations.id, conversation.id))
       .run();
 
     // Update message timestamps to match ChatGPT originals
-    const dbMessages = database
+    const dbMessages = db
       .select({ id: messagesTable.id })
       .from(messagesTable)
       .where(eq(messagesTable.conversationId, conversation.id))
@@ -250,15 +141,13 @@ export async function run(
       .all();
 
     for (let i = 0; i < dbMessages.length && i < conv.messages.length; i++) {
-      database
-        .update(messagesTable)
+      db.update(messagesTable)
         .set({ createdAt: conv.messages[i].createdAt })
         .where(eq(messagesTable.id, dbMessages[i].id))
         .run();
     }
 
-    database
-      .insert(conversationKeys)
+    db.insert(conversationKeys)
       .values({
         id: uuid(),
         conversationKey: convKey,

package/src/config/bundled-skills/doordash/__tests__/doordash-client.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, it } from "bun:test";
 
-import { SessionExpiredError } from "../lib/client.js";
+import { RateLimitError, SessionExpiredError } from "../lib/client.js";
 
 describe("SessionExpiredError", () => {
   it("is an instance of Error", () => {
@@ -38,10 +38,12 @@ describe("expired session classification", () => {
   // the parsed response structure that cdpFetch evaluates.
 
   function classifyResponse(parsed: Record<string, unknown>): Error {
-    // Mirrors the classification logic from cdpFetch (client.ts lines 154-159)
+    // Mirrors the classification logic from cdpFetch (client.ts lines 188-200)
     if (parsed.__error) {
-      if (parsed.__status === 403 || parsed.__status === 401) {
+      if (parsed.__status === 401) {
         return new SessionExpiredError("DoorDash session has expired.");
+      } else if (parsed.__status === 403) {
+        return new RateLimitError("DoorDash rate limit hit (HTTP 403).");
       }
       return new Error(
         (parsed.__message as string) ??
@@ -61,14 +63,14 @@ describe("expired session classification", () => {
     expect(err.message).toBe("DoorDash session has expired.");
   });
 
-  it("classifies HTTP 403 as SessionExpiredError", () => {
+  it("classifies HTTP 403 as RateLimitError", () => {
     const err = classifyResponse({
       __error: true,
       __status: 403,
       __body: "Forbidden",
     });
-    expect(err).toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toBe("DoorDash session has expired.");
+    expect(err).toBeInstanceOf(RateLimitError);
+    expect(err.message).toBe("DoorDash rate limit hit (HTTP 403).");
   });
 
   it("classifies HTTP 500 as a generic Error, not session expired", () => {

package/src/config/bundled-skills/google-calendar/SKILL.md

@@ -13,7 +13,7 @@ Before using any Calendar tool, verify that Google Calendar is connected by atte
 
 1. **Do NOT call `credential_store oauth2_connect` yourself.** You do not have valid OAuth client credentials, and fabricating a client_id will cause a "401: invalid_client" error from Google.
 2. Instead, load the **google-oauth-setup** skill, which walks the user through creating real credentials in Google Cloud Console:
-   - Call `skill_load` with `skill_id: "google-oauth-setup"` to load the dependency skill.
+   - Call `skill_load` with `skill: "google-oauth-setup"` to load the dependency skill.
 3. Tell the user: _"Google Calendar isn't connected yet. I've loaded a setup guide that will walk you through connecting your Google account — it only takes a couple of minutes."_
 
 ## Capabilities

package/src/config/bundled-skills/messaging/SKILL.md

@@ -42,7 +42,7 @@ When the user asks to "connect my email", "set up email", "manage my email", or
 
 1. **Try connecting directly first.** Call `credential_store` with `action: "oauth2_connect"` and `service: "gmail"`. The tool auto-fills Google's OAuth endpoints and looks up any previously stored client credentials — so this single call may be all that's needed.
 2. **If it fails because no client_id is found:** The user needs to create Google Cloud OAuth credentials first. Load the **google-oauth-setup** skill (which depends on **public-ingress** for the redirect URI):
-   - Call `skill_load` with `skill_id: "google-oauth-setup"` to load the dependency skill.
+   - Call `skill_load` with `skill: "google-oauth-setup"` to load the dependency skill.
    - Tell the user Gmail isn't connected yet and briefly explain what the setup involves, then use `ui_show` with `surface_type: "confirmation"` to ask for permission to start:
      - **message:** "Ready to set up Gmail?"
      - **detail:** "I'll open a browser where you sign in to Google, then automate everything else — creating a project, enabling APIs, and connecting your account. Takes 2-3 minutes and you can watch in the browser preview panel."
@@ -55,7 +55,7 @@ When the user asks to "connect my email", "set up email", "manage my email", or
 
 1. **Try connecting directly first.** Call `credential_store` with `action: "oauth2_connect"` and `service: "slack"`. The tool auto-fills Slack's OAuth endpoints and looks up any previously stored client credentials.
 2. **If it fails because no client_id is found:** The user needs to create a Slack App first. Load the **slack-oauth-setup** skill:
-   - Call `skill_load` with `skill_id: "slack-oauth-setup"` to load the dependency skill.
+   - Call `skill_load` with `skill: "slack-oauth-setup"` to load the dependency skill.
    - Tell the user Slack isn't connected yet and briefly explain what the setup involves, then use `ui_show` with `surface_type: "confirmation"` to ask for permission to start:
      - **message:** "Ready to set up Slack?"
      - **detail:** "I'll walk you through creating a Slack App and connecting your workspace. The process takes a few minutes, and I'll ask for your approval before each step."
@@ -68,7 +68,7 @@ When the user asks to "connect my email", "set up email", "manage my email", or
 
 Telegram uses a bot token (not OAuth). Load the **telegram-setup** skill (which depends on **public-ingress** for the webhook URL) which automates the full setup:
 
-- Call `skill_load` with `skill_id: "telegram-setup"` to load the dependency skill.
+- Call `skill_load` with `skill: "telegram-setup"` to load the dependency skill.
 - Tell the user: _"I've loaded a setup guide for Telegram. It will walk you through connecting a Telegram bot to your assistant."_
 
 The telegram-setup skill handles: verifying the bot token from @BotFather, generating a webhook secret, registering bot commands, and storing credentials securely via the secure credential prompt flow. **Never accept a Telegram bot token pasted in plaintext chat — always use the secure prompt.** Webhook registration with Telegram is handled automatically by the gateway on startup and whenever credentials change.
@@ -79,7 +79,7 @@ The telegram-setup skill also includes **guardian verification**, which links yo
 
 SMS messaging uses Twilio as the telephony provider. Twilio credentials and phone number configuration are shared with the **phone-calls** skill. Load the **sms-setup** skill for complete SMS configuration including compliance and testing:
 
-- Call `skill_load` with `skill_id: "sms-setup"` to load the dependency skill.
+- Call `skill_load` with `skill: "sms-setup"` to load the dependency skill.
 - Tell the user: _"I've loaded the SMS setup guide. It will walk you through configuring Twilio, handling compliance requirements, and testing SMS delivery."_
 
 The sms-setup skill handles: Twilio credential storage (Account SID + Auth Token), phone number provisioning or assignment, public ingress setup, SMS compliance verification, and end-to-end test sending. Once SMS is set up, messaging is available automatically — no additional feature flag is needed.
@@ -90,7 +90,7 @@ The sms-setup skill also includes optional **guardian verification** for SMS, wh
 
 If the user asks to verify their guardian identity for any channel (SMS, voice, or Telegram), load the **guardian-verify-setup** skill:
 
-- Call `skill_load` with `skill_id: "guardian-verify-setup"` to load the dependency skill.
+- Call `skill_load` with `skill: "guardian-verify-setup"` to load the dependency skill.
 
 The guardian-verify-setup skill handles the full outbound verification flow for all supported channels. It collects the user's destination (phone number or Telegram chat ID/handle), initiates an outbound verification session, and guides the user through entering or replying with the verification code. This is the single source of truth for guardian verification setup -- do not duplicate the verification flow inline.
 
@@ -231,11 +231,36 @@ When searching Gmail, the query uses Gmail's search operators:
 | `has:attachment` | `has:attachment`         | Messages with attachments           |
 | `label:`         | `label:work`             | Messages with a specific label      |
 
-## Drafting vs Sending
+## Drafting vs Sending (Gmail)
 
-- Default to drafting (local draft or Gmail native draft) when the user wants to compose.
-- Only send when the user explicitly requests it.
-- When uncertain, always default to drafting.
+Gmail uses a **draft-first workflow**. All compose and reply tools create Gmail drafts automatically:
+
+- `messaging_send` (Gmail) → creates a draft in Gmail Drafts
+- `messaging_reply` (Gmail) → creates a threaded draft with reply-all recipients
+- `gmail_draft` → creates a draft
+- `gmail_send_with_attachments` → creates a draft with attachments
+- `gmail_forward` → creates a forward draft
+
+**To actually send**: Use `gmail_send_draft` with the draft ID after the user has reviewed it. Only call `gmail_send_draft` when the user explicitly says "send it" or equivalent.
+
+**Reply-all**: `messaging_reply` for Gmail automatically builds the reply-all recipient list from the thread. You do not need to manually look up recipients.
+
+Non-Gmail platforms (Slack, Telegram, SMS) send directly via `messaging_send` / `messaging_reply`.
+
+## Email Threading (Gmail)
+
+When replying to or continuing an email thread:
+
+- Use `messaging_reply` with the thread's `thread_id` — it automatically handles threading, reply-all recipients, and subject lines.
+- The `in_reply_to` field on `gmail_draft` requires the **RFC 822 Message-ID header** (looks like `<CABx...@mail.gmail.com>`), NOT the Gmail message ID (which looks like `18e4a5b2c3d4e5f6`). Get it by reading the thread messages and extracting the `Message-ID` header.
+
+## Date Verification
+
+Before composing any email that references a date or time:
+
+1. Check the `<temporal_context>` block in the current turn for today's date and upcoming dates
+2. Verify that "tomorrow" means the day after today's date, "next week" means the upcoming Monday–Friday, etc.
+3. If the email references a date from another message, cross-check it against the temporal context to ensure it's in the future
 
 ## Notifications vs Messages
 
@@ -291,9 +316,9 @@ When a user asks to declutter, clean up, or organize their email — start scann
    - **Show a `task_progress` card** with one step per selected sender (e.g., "Archiving TechCrunch (247 emails)"). Update each step from `in_progress` → `completed` as each sender finishes.
    - When all senders are processed, set the progress card's `status: "completed"`.
 4. **Act on selection**: For each selected sender:
-   - Use `gmail_batch_archive` (or `messaging_archive_by_sender` for non-Gmail) with the sender's `message_ids` array — this archives exactly the messages that were scanned and counted
+   - Use `gmail_batch_archive` (or `messaging_archive_by_sender` for non-Gmail) with `scan_id` + the selected senders' `id` values as `sender_ids` — this resolves message IDs server-side without putting them in context
    - If Gmail and the action is "Archive & Unsubscribe" and `has_unsubscribe` is true, call `gmail_unsubscribe` with the sender's `newest_message_id`
-5. **Accurate summary**: The scan counts are exact — the `message_count` shown in the table matches the number of `message_ids` that were archived. Format: "Cleaned up [total_archived] emails from [sender_count] senders." For Gmail, append: "Unsubscribed from [unsub_count]."
+5. **Accurate summary**: The scan counts are exact — the `message_count` shown in the table matches the number of messages archived. Format: "Cleaned up [total_archived] emails from [sender_count] senders." For Gmail, append: "Unsubscribed from [unsub_count]."
 6. **Ongoing protection offer (Gmail only)**: After reporting results, offer auto-archive filters:
    - "Want me to set up auto-archive filters so future emails from these senders skip your inbox?"
    - If yes, call `gmail_filters` with `action: "create"` for each sender with `from` set to the sender's email and `remove_label_ids: ["INBOX"]`.
@@ -303,10 +328,20 @@ When a user asks to declutter, clean up, or organize their email — start scann
 
 - **Zero results**: Tell the user "No newsletter emails found" and suggest broadening the query (e.g. removing the category filter or extending the date range)
 - **Unsubscribe failures**: Report per-sender success/failure; the existing `gmail_unsubscribe` tool handles edge cases
-- **Large sender counts**: The scan covers up to 2000 messages. If `truncated` is true in the top-level response, the scan was capped and there are more matching emails beyond what was scanned — tell the user the cleanup was partial and offer to run another pass. If `has_more` is true for a sender, it means they had more messages than could be tracked — mention this to the user in the summary
+- **Truncation handling**: The scan covers up to 5000 messages (default 2000). If `truncated` is true:
+  - **Default**: The top senders are captured — this is usually fine. Mention "partial scan" in the summary.
+  - **Comprehensive** (user said "full inbox", "everything", "all of it"): Silently continue scanning with `page_token`, merge results across passes, and present once when complete. Don't ask — just keep going until done.
+
+### Scan ID
+
+Scan tools (`gmail_sender_digest`, `gmail_outreach_scan`, `messaging_sender_digest`) return a `scan_id` that references message IDs stored server-side. This keeps thousands of message IDs out of the conversation context.
+
+- Pass `scan_id` + `sender_ids` to `gmail_batch_archive` instead of `message_ids`
+- Scan results expire after **30 minutes** — if archiving fails with an expiration error, re-run the scan
+- Raw `message_ids` still work as a fallback for non-scan workflows
 
 ## Batch Operations
 
-- Gmail batch tools (`gmail_batch_archive`, `gmail_batch_label`) accept arrays of message IDs.
-- First search or list messages to collect IDs, then apply batch actions.
+- Gmail batch tools (`gmail_batch_archive`, `gmail_batch_label`) support `scan_id` + `sender_ids` (preferred) or raw `message_ids`.
+- First scan to get a `scan_id`, then apply batch actions using it.
 - Always confirm with the user before batch operations on large numbers of messages.

package/src/config/bundled-skills/messaging/TOOLS.json

@@ -114,7 +114,7 @@
     },
     {
       "name": "messaging_send",
-      "description": "Send a message on a platform. This is a high-risk action that always requires user approval. Include a confidence score (0-1).",
+      "description": "Compose a message. For Gmail, creates a draft for review; for other platforms, sends directly. High-risk action. Include a confidence score (0-1).",
       "category": "messaging",
       "risk": "high",
       "input_schema": {
@@ -156,7 +156,7 @@
     },
     {
       "name": "messaging_reply",
-      "description": "Reply in a thread. Medium-risk action. Include a confidence score (0-1).",
+      "description": "Reply in a thread. For Gmail, creates a threaded draft with reply-all recipients; for other platforms, sends directly. Include a confidence score (0-1).",
       "category": "messaging",
       "risk": "medium",
       "input_schema": {
@@ -339,18 +339,29 @@
     },
     {
       "name": "gmail_batch_archive",
-      "description": "Archive multiple Gmail messages at once. Include a confidence score (0-1).",
+      "description": "Archive multiple Gmail messages at once. Prefer scan_id + sender_ids (from a prior scan) over raw message_ids. Include a confidence score (0-1).",
       "category": "messaging",
       "risk": "medium",
       "input_schema": {
         "type": "object",
         "properties": {
+          "scan_id": {
+            "type": "string",
+            "description": "Scan result ID from a prior gmail_sender_digest or gmail_outreach_scan call"
+          },
+          "sender_ids": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            },
+            "description": "Sender IDs to archive (used with scan_id to resolve message IDs server-side)"
+          },
           "message_ids": {
             "type": "array",
             "items": {
               "type": "string"
             },
-            "description": "Gmail message IDs to archive"
+            "description": "Gmail message IDs to archive (fallback — prefer scan_id + sender_ids)"
           },
           "confidence": {
             "type": "number",
@@ -358,7 +369,6 @@
           }
         },
         "required": [
-          "message_ids",
           "confidence"
         ]
       },
@@ -543,7 +553,15 @@
           },
           "in_reply_to": {
             "type": "string",
-            "description": "Message-ID header of the email being replied to"
+            "description": "RFC 822 Message-ID header value (e.g. `<CABx...@mail.gmail.com>`), NOT the Gmail message ID. Look up the original message's Message-ID header."
+          },
+          "cc": {
+            "type": "string",
+            "description": "CC recipients (comma-separated email addresses)"
+          },
+          "bcc": {
+            "type": "string",
+            "description": "BCC recipients (comma-separated email addresses)"
           }
         },
         "required": [
@@ -555,6 +573,31 @@
       "executor": "tools/gmail-draft.ts",
       "execution_target": "host"
     },
+    {
+      "name": "gmail_send_draft",
+      "description": "Send an existing Gmail draft. Only use when the user has reviewed and explicitly approved sending.",
+      "category": "messaging",
+      "risk": "high",
+      "input_schema": {
+        "type": "object",
+        "properties": {
+          "draft_id": {
+            "type": "string",
+            "description": "Gmail draft ID to send"
+          },
+          "confidence": {
+            "type": "number",
+            "description": "Confidence score (0-1) for this action"
+          }
+        },
+        "required": [
+          "draft_id",
+          "confidence"
+        ]
+      },
+      "executor": "tools/gmail-send-draft.ts",
+      "execution_target": "host"
+    },
     {
       "name": "gmail_list_attachments",
       "description": "List attachments on a Gmail message with filename, MIME type, size, and attachment ID.",
@@ -607,7 +650,7 @@
     },
     {
       "name": "gmail_send_with_attachments",
-      "description": "Send an email with file attachments. High-risk action requiring user approval. Include a confidence score (0-1).",
+      "description": "Create a Gmail draft with file attachments for review. Include a confidence score (0-1).",
       "category": "messaging",
       "risk": "high",
       "input_schema": {
@@ -658,7 +701,7 @@
     },
     {
       "name": "gmail_forward",
-      "description": "Forward a Gmail message to another recipient, preserving attachments. Include a confidence score (0-1).",
+      "description": "Create a draft forwarding a Gmail message to another recipient, preserving attachments. Include a confidence score (0-1).",
       "category": "messaging",
       "risk": "high",
       "input_schema": {
@@ -916,7 +959,7 @@
           },
           "max_messages": {
             "type": "number",
-            "description": "Maximum messages to scan (default 2000, cap 2000)"
+            "description": "Maximum messages to scan (default 2000, cap 5000)"
           },
           "max_senders": {
             "type": "number",

package/src/config/bundled-skills/messaging/tools/gmail-batch-archive.ts

@@ -1,28 +1,52 @@
-import { batchModifyMessages } from '../../../../messaging/providers/gmail/client.js';
-import { getMessagingProvider } from '../../../../messaging/registry.js';
-import { withValidToken } from '../../../../security/token-manager.js';
-import type { ToolContext, ToolExecutionResult } from '../../../../tools/types.js';
-import { err,ok } from './shared.js';
+import { batchModifyMessages } from "../../../../messaging/providers/gmail/client.js";
+import { getMessagingProvider } from "../../../../messaging/registry.js";
+import { withValidToken } from "../../../../security/token-manager.js";
+import type {
+  ToolContext,
+  ToolExecutionResult,
+} from "../../../../tools/types.js";
+import { getSenderMessageIds } from "./scan-result-store.js";
+import { err, ok } from "./shared.js";
 
 const BATCH_MODIFY_LIMIT = 1000;
 
-export async function run(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
+export async function run(
+  input: Record<string, unknown>,
+  context: ToolContext,
+): Promise<ToolExecutionResult> {
   if (!context.triggeredBySurfaceAction) {
-    return err('This tool requires user confirmation via a surface action. Present results in a selection table with action buttons and wait for the user to click before proceeding.');
+    return err(
+      "This tool requires user confirmation via a surface action. Present results in a selection table with action buttons and wait for the user to click before proceeding.",
+    );
   }
 
-  const messageIds = input.message_ids as string[];
+  const scanId = input.scan_id as string | undefined;
+  const senderIds = input.sender_ids as string[] | undefined;
+  let messageIds = input.message_ids as string[] | undefined;
+
+  // Resolve message IDs from scan store if scan_id is provided
+  if (scanId && senderIds?.length) {
+    const resolved = getSenderMessageIds(scanId, senderIds);
+    if (!resolved) {
+      return err(
+        "Scan results have expired (30-minute window). Please re-run the scan to get fresh results.",
+      );
+    }
+    messageIds = resolved;
+  }
 
   if (!messageIds?.length) {
-    return err('message_ids is required and must not be empty.');
+    return err(
+      "Either message_ids or scan_id + sender_ids is required, and must resolve to at least one message.",
+    );
   }
 
   try {
-    const provider = getMessagingProvider('gmail');
+    const provider = getMessagingProvider("gmail");
     return withValidToken(provider.credentialService, async (token) => {
       for (let i = 0; i < messageIds.length; i += BATCH_MODIFY_LIMIT) {
         const chunk = messageIds.slice(i, i + BATCH_MODIFY_LIMIT);
-        await batchModifyMessages(token, chunk, { removeLabelIds: ['INBOX'] });
+        await batchModifyMessages(token, chunk, { removeLabelIds: ["INBOX"] });
       }
       return ok(`Archived ${messageIds.length} message(s).`);
     });

package/src/config/bundled-skills/messaging/tools/gmail-draft.ts

@@ -9,6 +9,8 @@ export async function run(input: Record<string, unknown>, _context: ToolContext)
   const subject = input.subject as string;
   const body = input.body as string;
   const inReplyTo = input.in_reply_to as string | undefined;
+  const cc = input.cc as string | undefined;
+  const bcc = input.bcc as string | undefined;
 
   if (!to) return err('to is required.');
   if (!subject) return err('subject is required.');
@@ -17,7 +19,7 @@ export async function run(input: Record<string, unknown>, _context: ToolContext)
   try {
     const provider = getMessagingProvider('gmail');
     return withValidToken(provider.credentialService, async (token) => {
-      const draft = await createDraft(token, to, subject, body, inReplyTo);
+      const draft = await createDraft(token, to, subject, body, inReplyTo, cc, bcc);
       return ok(`Draft created (ID: ${draft.id}). It will appear in your Gmail Drafts.`);
     });
   } catch (e) {

package/src/config/bundled-skills/messaging/tools/gmail-forward.ts

@@ -1,4 +1,4 @@
-import { getAttachment, getMessage, sendMessageRaw } from '../../../../messaging/providers/gmail/client.js';
+import { createDraftRaw, getAttachment, getMessage } from '../../../../messaging/providers/gmail/client.js';
 import { buildMultipartMime } from '../../../../messaging/providers/gmail/mime-builder.js';
 import type { GmailMessagePart } from '../../../../messaging/providers/gmail/types.js';
 import { getMessagingProvider } from '../../../../messaging/registry.js';
@@ -88,14 +88,13 @@ export async function run(input: Record<string, unknown>, _context: ToolContext)
 
       if (attachments.length > 0) {
         const raw = buildMultipartMime({ to: forwardTo, subject, body: forwardHeader, attachments });
-        const result = await sendMessageRaw(token, raw);
-        return ok(`Message forwarded to ${forwardTo} with ${attachments.length} attachment(s) (ID: ${result.id}).`);
+        const draft = await createDraftRaw(token, raw);
+        return ok(`Forward draft created to ${forwardTo} with ${attachments.length} attachment(s) (Draft ID: ${draft.id}). Review in Gmail Drafts, then tell me to send it or send it yourself.`);
       }
 
-      // No attachments — use sendMessageRaw with a simple text MIME
       const raw = buildMultipartMime({ to: forwardTo, subject, body: forwardHeader, attachments: [] });
-      const result = await sendMessageRaw(token, raw);
-      return ok(`Message forwarded to ${forwardTo} (ID: ${result.id}).`);
+      const draft = await createDraftRaw(token, raw);
+      return ok(`Forward draft created to ${forwardTo} (Draft ID: ${draft.id}). Review in Gmail Drafts, then tell me to send it or send it yourself.`);
     });
   } catch (e) {
     return err(e instanceof Error ? e.message : String(e));

package/src/config/bundled-skills/messaging/tools/gmail-outreach-scan.ts

@@ -4,6 +4,7 @@ import { batchGetMessages,listMessages } from '../../../../messaging/providers/g
 import { getMessagingProvider } from '../../../../messaging/registry.js';
 import { withValidToken } from '../../../../security/token-manager.js';
 import type { ToolContext, ToolExecutionResult } from '../../../../tools/types.js';
+import { storeScanResult } from './scan-result-store.js';
 import { err,ok } from './shared.js';
 
 const MAX_MESSAGES_CAP = 2000;
@@ -210,14 +211,21 @@ export async function run(input: Record<string, unknown>, _context: ToolContext)
         newest_message_id: s.newestMessageId,
         oldest_date: s.oldestDate,
         newest_date: s.newestDate,
-        message_ids: s.messageIds,
-        has_more: s.hasMore,
         search_query: `from:${s.email}`,
         sample_subjects: s.sampleSubjects,
         suggested_actions: buildSuggestedActions(s.email, s.messageCount),
       }));
 
+      // Store message IDs server-side to keep them out of LLM context
+      const scanId = storeScanResult(sorted.map((s) => ({
+        id: Buffer.from(s.email).toString('base64url'),
+        messageIds: s.messageIds,
+        newestMessageId: s.newestMessageId,
+        newestUnsubscribableMessageId: null,
+      })));
+
       return ok(JSON.stringify({
+        scan_id: scanId,
         senders,
         total_scanned: allMessageIds.length,
         outreach_detected: totalOutreachDetected,