npm - @vellumai/assistant - Versions diffs - 0.4.19 → 0.4.21 - Mend

@vellumai/assistant 0.4.19 → 0.4.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/package.json +1 -1
package/src/__tests__/system-prompt.test.ts +2 -7
package/src/__tests__/tool-execution-abort-cleanup.test.ts +0 -1
package/src/agent/loop.ts +324 -163
package/src/config/bundled-skills/app-builder/SKILL.md +7 -5
package/src/config/bundled-skills/app-builder/TOOLS.json +2 -2
package/src/config/system-prompt.ts +563 -539
package/src/daemon/session-surfaces.ts +28 -0
package/src/daemon/session.ts +255 -191
package/src/daemon/tool-side-effects.ts +3 -13
package/src/security/secure-keys.ts +27 -3
package/src/tools/apps/definitions.ts +5 -0
package/src/tools/apps/executors.ts +18 -22
package/src/__tests__/response-tier.test.ts +0 -195
package/src/daemon/response-tier.ts +0 -250

package/src/daemon/tool-side-effects.ts CHANGED Viewed

@@ -10,15 +10,11 @@
 import { join } from 'node:path';
 import { updatePublishedAppDeployment } from '../services/published-app-updater.js';
-import { openAppViaSurface } from '../tools/apps/open-proxy.js';
 import type { ToolExecutionResult } from '../tools/types.js';
 import { getWorkspaceDir } from '../util/platform.js';
 import { isDoordashCommand, updateDoordashProgress } from './doordash-steps.js';
 import type { ServerMessage } from './ipc-protocol.js';
-import {
-  refreshSurfacesForApp,
-  surfaceProxyResolver,
-} from './session-surfaces.js';
+import { refreshSurfacesForApp } from './session-surfaces.js';
 import type { ToolSetupContext } from './session-tool-setup.js';
 // ── Types ────────────────────────────────────────────────────────────
@@ -37,20 +33,16 @@ export type PostExecutionHook = (
 // ── Helpers ──────────────────────────────────────────────────────────
-/** Shared logic for refreshing app surfaces, broadcasting changes, and auto-opening. */
+/** Shared logic for refreshing app surfaces, broadcasting changes, and triggering auto-deploy. */
 function handleAppChange(
   ctx: ToolSetupContext,
   appId: string,
   broadcastToAllClients: ((msg: ServerMessage) => void) | undefined,
   opts?: { fileChange?: boolean; status?: string },
 ): void {
-  const refreshed = refreshSurfacesForApp(ctx, appId, opts);
+  refreshSurfacesForApp(ctx, appId, opts);
   broadcastToAllClients?.({ type: 'app_files_changed', appId });
   void updatePublishedAppDeployment(appId);
-  if (!refreshed && !ctx.hasNoClient && !ctx.headlessLock) {
-    const resolver = (tn: string, pi: Record<string, unknown>) => surfaceProxyResolver(ctx, tn, pi);
-    void openAppViaSurface(appId, resolver);
-  }
 }
 // ── Registry ─────────────────────────────────────────────────────────
@@ -82,7 +74,6 @@ registerHook('app_create', (_name, _input, result, { ctx, broadcastToAllClients
 });
 // Auto-refresh workspace surfaces when a persisted app is updated.
-// If no surface is currently showing the app, auto-open it.
 registerHook('app_update', (_name, input, _result, { ctx, broadcastToAllClients }) => {
   const appId = input.app_id as string | undefined;
   if (appId) {
@@ -109,7 +100,6 @@ registerHook(
 );
 // Auto-refresh workspace surfaces when app files are edited.
-// If no surface is currently showing the app, auto-open it.
 registerHook(
   ['app_file_edit', 'app_file_write'],
   (_name, input, _result, { ctx, broadcastToAllClients }) => {

package/src/security/secure-keys.ts CHANGED Viewed

@@ -158,7 +158,13 @@ export function setSecureKey(account: string, value: string): boolean {
   // keychain first) does not read an outdated value.
   if (result && downgradedFromKeychain && getBackend() === "encrypted") {
     keychainMissCache.delete(account);
-    try { keychain.deleteKey(account); } catch { /* best-effort */ }
+    try {
+      // Only attempt deletion if the key actually exists in keychain to
+      // avoid spawning a subprocess on every write.
+      if (keychain.getKey(account) !== undefined) {
+        keychain.deleteKey(account);
+      }
+    } catch { /* best-effort */ }
   }
   return result;
 }
@@ -291,7 +297,14 @@ export async function setSecureKeyAsync(
     // Clean up stale keychain entry (mirrors setSecureKey logic).
     if (result && downgradedFromKeychain) {
       keychainMissCache.delete(account);
-      try { await keychain.deleteKeyAsync(account); } catch { /* best-effort */ }
+      try {
+        // Only attempt deletion if the key actually exists in keychain to
+        // avoid spawning a subprocess on every write.
+        const exists = await keychain.getKeyAsync(account);
+        if (exists !== undefined) {
+          await keychain.deleteKeyAsync(account);
+        }
+      } catch { /* best-effort */ }
     }
     return result;
   }
@@ -304,7 +317,18 @@ export async function setSecureKeyAsync(
     );
     resolvedBackend = "encrypted";
     downgradedFromKeychain = true;
-    return encryptedStore.setKey(account, value);
+    const fallbackResult = encryptedStore.setKey(account, value);
+    // Clean up stale keychain entry after runtime downgrade
+    if (fallbackResult) {
+      keychainMissCache.delete(account);
+      try {
+        const exists = await keychain.getKeyAsync(account);
+        if (exists !== undefined) {
+          await keychain.deleteKeyAsync(account);
+        }
+      } catch { /* best-effort */ }
+    }
+    return fallbackResult;
   }
   return result;
 }

package/src/tools/apps/definitions.ts CHANGED Viewed

@@ -43,6 +43,11 @@ const appOpenTool: Tool = {
             type: 'string',
             description: 'The ID of the app to open',
           },
+          open_mode: {
+            type: 'string',
+            enum: ['preview', 'workspace'],
+            description: "Display mode. 'preview' shows an inline preview card in chat. 'workspace' opens the full app in a workspace panel. Defaults to 'workspace'.",
+          },
         },
         required: ['app_id'],
       },

package/src/tools/apps/executors.ts CHANGED Viewed

@@ -11,7 +11,6 @@
 import { setHomeBaseAppLink } from '../../home-base/app-link-store.js';
 import type { AppDefinition } from '../../memory/app-store.js';
 import type { EditEngineResult } from '../../memory/app-store.js';
-import { openAppViaSurface } from './open-proxy.js';
 // ---------------------------------------------------------------------------
 // Shared result type
@@ -123,33 +122,30 @@ export async function executeAppCreate(
     setHomeBaseAppLink(app.id, 'personalized');
   }
-  // Auto-open the app via the shared open-proxy helper
+  // Emit the inline preview card via the proxy without opening a workspace panel.
+  // open_mode: "preview" signals to the client that this should be shown inline only.
   if (autoOpen && proxyToolResolver) {
     const createPreview = { ...(preview ?? {}), context: 'app_create' as const };
-    const extraInput = { preview: createPreview };
-    const openResultText = await openAppViaSurface(app.id, proxyToolResolver, extraInput);
-    // Determine whether the open succeeded by checking for the fallback text
-    const opened = openResultText !== 'Failed to auto-open app. Use app_open to open it manually.';
-    if (opened) {
+    const extraInput = { preview: createPreview, open_mode: 'preview' };
+    try {
+      const openResult = await proxyToolResolver('app_open', { app_id: app.id, ...extraInput });
+      if (openResult.isError) {
+        return {
+          content: JSON.stringify({ ...app, auto_opened: false, auto_open_error: openResult.content }),
+          isError: false,
+        };
+      }
+      return {
+        content: JSON.stringify({ ...app, auto_opened: true, open_result: openResult.content }),
+        isError: false,
+      };
+    } catch {
+      // Preview emission failure is non-fatal — the app was created successfully.
       return {
-        content: JSON.stringify({
-          ...app,
-          auto_opened: true,
-          open_result: openResultText,
-        }),
+        content: JSON.stringify({ ...app, auto_opened: false, auto_open_error: 'Failed to auto-open app. Use app_open to open it manually.' }),
         isError: false,
       };
     }
-    return {
-      content: JSON.stringify({
-        ...app,
-        auto_opened: false,
-        auto_open_error: openResultText,
-      }),
-      isError: false,
-    };
   }
   return { content: JSON.stringify(app), isError: false };

package/src/__tests__/response-tier.test.ts DELETED Viewed

@@ -1,195 +0,0 @@
-import { describe, expect, test } from "bun:test";
-import {
-  classifyResponseTierAsync,
-  classifyResponseTierDetailed,
-  resolveWithHint,
-  type SessionTierHint,
-  type TierClassification,
-} from "../daemon/response-tier.js";
-// ── classifyResponseTierDetailed ──────────────────────────────────────
-describe("classifyResponseTierDetailed", () => {
-  describe("high confidence → high tier", () => {
-    test("long messages (>500 chars)", () => {
-      const result = classifyResponseTierDetailed("x".repeat(501), 0);
-      expect(result.tier).toBe("high");
-      expect(result.confidence).toBe("high");
-    });
-    test("code fences", () => {
-      const result = classifyResponseTierDetailed(
-        "Here is some code:\n```\nconst x = 1;\n```",
-        0,
-      );
-      expect(result.tier).toBe("high");
-      expect(result.confidence).toBe("high");
-    });
-    test("file paths", () => {
-      const result = classifyResponseTierDetailed("Look at ./src/index.ts", 0);
-      expect(result.tier).toBe("high");
-      expect(result.confidence).toBe("high");
-    });
-    test("multi-paragraph", () => {
-      const result = classifyResponseTierDetailed(
-        "First paragraph.\n\nSecond paragraph.",
-        0,
-      );
-      expect(result.tier).toBe("high");
-      expect(result.confidence).toBe("high");
-    });
-    test("build keyword imperatives", () => {
-      const result = classifyResponseTierDetailed(
-        "Build a REST API for user management",
-        0,
-      );
-      expect(result.tier).toBe("high");
-      expect(result.confidence).toBe("high");
-    });
-  });
-  describe("high confidence → low tier", () => {
-    test("pure greetings under 40 chars", () => {
-      const result = classifyResponseTierDetailed("hey", 0);
-      expect(result.tier).toBe("low");
-      expect(result.confidence).toBe("high");
-    });
-    test("short messages without build keywords", () => {
-      const result = classifyResponseTierDetailed("sounds good", 0);
-      expect(result.tier).toBe("low");
-      expect(result.confidence).toBe("high");
-    });
-  });
-  describe("low confidence → medium tier", () => {
-    test("questions with build keywords fall to medium/low-confidence", () => {
-      const result = classifyResponseTierDetailed(
-        "how do I build authentication?",
-        0,
-      );
-      expect(result.tier).toBe("medium");
-      expect(result.confidence).toBe("low");
-    });
-    test("ambiguous medium-length message", () => {
-      const result = classifyResponseTierDetailed(
-        "what do you think about the current approach to handling errors in the codebase?",
-        0,
-      );
-      expect(result.tier).toBe("medium");
-      expect(result.confidence).toBe("low");
-    });
-  });
-});
-// ── resolveWithHint ───────────────────────────────────────────────────
-describe("resolveWithHint", () => {
-  const lowConfMedium: TierClassification = {
-    tier: "medium",
-    reason: "default",
-    confidence: "low",
-  };
-  const highConfLow: TierClassification = {
-    tier: "low",
-    reason: "short_no_keywords",
-    confidence: "high",
-  };
-  const highConfHigh: TierClassification = {
-    tier: "high",
-    reason: "build_keyword",
-    confidence: "high",
-  };
-  test("high confidence: ignores hint that would downgrade", () => {
-    const hint: SessionTierHint = {
-      tier: "low",
-      turn: 5,
-      timestamp: Date.now(),
-    };
-    expect(resolveWithHint(highConfHigh, hint, 6)).toBe("high");
-  });
-  test("high confidence: upgrades when hint is higher", () => {
-    const hint: SessionTierHint = {
-      tier: "medium",
-      turn: 5,
-      timestamp: Date.now(),
-    };
-    expect(resolveWithHint(highConfLow, hint, 6)).toBe("medium");
-  });
-  test("high confidence: upgrades to high when hint is high", () => {
-    const hint: SessionTierHint = {
-      tier: "high",
-      turn: 5,
-      timestamp: Date.now(),
-    };
-    expect(resolveWithHint(highConfLow, hint, 6)).toBe("high");
-  });
-  test("returns regex tier when no hint available", () => {
-    expect(resolveWithHint(lowConfMedium, null, 0)).toBe("medium");
-  });
-  test("defers to hint when confidence is low and hint is fresh", () => {
-    const hint: SessionTierHint = {
-      tier: "high",
-      turn: 5,
-      timestamp: Date.now(),
-    };
-    expect(resolveWithHint(lowConfMedium, hint, 6)).toBe("high");
-  });
-  test("ignores stale hint (too many turns old)", () => {
-    const hint: SessionTierHint = {
-      tier: "high",
-      turn: 0,
-      timestamp: Date.now(),
-    };
-    // 5 turns later exceeds HINT_MAX_TURN_AGE of 4
-    expect(resolveWithHint(lowConfMedium, hint, 5)).toBe("medium");
-  });
-  test("ignores stale hint (too old by time)", () => {
-    const fiveMinutesAgo = Date.now() - 5 * 60 * 1000 - 1;
-    const hint: SessionTierHint = {
-      tier: "high",
-      turn: 3,
-      timestamp: fiveMinutesAgo,
-    };
-    expect(resolveWithHint(lowConfMedium, hint, 4)).toBe("medium");
-  });
-  test("uses hint at exact boundary (4 turns, within time)", () => {
-    const hint: SessionTierHint = {
-      tier: "high",
-      turn: 1,
-      timestamp: Date.now(),
-    };
-    // 5 - 1 = 4, which is not > 4, so hint is still valid
-    expect(resolveWithHint(lowConfMedium, hint, 5)).toBe("high");
-  });
-});
-// ── classifyResponseTierAsync ─────────────────────────────────────────
-describe("classifyResponseTierAsync", () => {
-  test("returns null when no provider is available", async () => {
-    // getConfiguredProvider returns null when no API key is set
-    // We can't easily mock it here, but we can verify the function handles it
-    const result = await classifyResponseTierAsync(["hello"]);
-    // In test environment without a configured provider, should return null
-    expect(
-      result === undefined ||
-        result === "low" ||
-        result === "medium" ||
-        result === "high",
-    ).toBe(true);
-  });
-});

package/src/daemon/response-tier.ts DELETED Viewed

@@ -1,250 +0,0 @@
-/**
- * Per-turn response tier classification.
- *
- * Classifies each user message into a tier that controls:
- * - maxTokens budget for the LLM response
- * - Which system prompt sections are included
- *
- * Two layers:
- * 1. Deterministic regex/heuristic (zero latency, runs every turn)
- * 2. Background Haiku classification (fire-and-forget, advises future turns)
- */
-import { createTimeout, extractText, getConfiguredProvider, userMessage } from '../providers/provider-send-message.js';
-import { getLogger } from '../util/logger.js';
-const log = getLogger('response-tier');
-export type ResponseTier = 'low' | 'medium' | 'high';
-export type TierConfidence = 'high' | 'low';
-export interface TierClassification {
-  tier: ResponseTier;
-  reason: string;
-  confidence: TierConfidence;
-}
-export interface SessionTierHint {
-  tier: ResponseTier;
-  turn: number;
-  timestamp: number;
-}
-// ── Patterns ──────────────────────────────────────────────────────────
-const GREETING_PATTERNS = /^(hey|hi|hello|yo|sup|hiya|howdy|what'?s up|thanks|thank you|thx|ty|cheers|what can you|who are you|how are you)\b/i;
-const BUILD_KEYWORDS = /\b(build|implement|create|refactor|debug|deploy|migrate|scaffold|architect|redesign|generate|write|develop|fix|convert|add|remove|update|modify|change|delete|replace|integrate|setup|install|configure|optimize|rewrite)\b/i;
-const SURFACE_ACTION = /^\[User action on \w+ surface:/;
-const CODE_FENCE = /```/;
-const FILE_PATH = /(?:^|[\s"'(])(?:\/|~\/|\.\/)\S/;
-const MULTI_PARAGRAPH = /\n\s*\n/;
-// ── Confidence thresholds ─────────────────────────────────────────────
-const HINT_MAX_TURN_AGE = 4;
-const HINT_MAX_AGE_MS = 5 * 60 * 1000; // 5 minutes
-/**
- * Classify the complexity tier of a user message (backward-compat wrapper).
- */
-export function classifyResponseTier(message: string, _turnCount: number): ResponseTier {
-  return classifyResponseTierDetailed(message, _turnCount).tier;
-}
-/**
- * Classify with confidence scoring. High confidence means the regex
- * matched an unambiguous signal; low confidence means the message
- * fell through to the default medium bucket.
- */
-export function classifyResponseTierDetailed(message: string, _turnCount: number): TierClassification {
-  const trimmed = message.trim();
-  const len = trimmed.length;
-  const isPoliteImperative = /^(can|could|would|will)\s+you\s+/i.test(trimmed) && BUILD_KEYWORDS.test(trimmed);
-  const isQuestion = !isPoliteImperative && (
-    /\?$/.test(trimmed) || /^(what|who|where|when|why|how|which|can|could|should|would|is|are|do|does|did|will|has|have)\b/i.test(trimmed)
-  );
-  // ── High signals (any match → high tier, high confidence) ──
-  if (SURFACE_ACTION.test(trimmed)) return tagged('high', 'surface_action', 'high');
-  if (len > 500) return tagged('high', 'length>500', 'high');
-  if (CODE_FENCE.test(trimmed)) return tagged('high', 'code_fence', 'high');
-  if (FILE_PATH.test(trimmed)) return tagged('high', 'file_path', 'high');
-  if (MULTI_PARAGRAPH.test(trimmed)) return tagged('high', 'multi_paragraph', 'high');
-  if (!isQuestion && BUILD_KEYWORDS.test(trimmed)) return tagged('high', 'build_keyword', 'high');
-  // ── Low signals (any match → low tier, high confidence) ──
-  if (GREETING_PATTERNS.test(trimmed) && len < 40 && !BUILD_KEYWORDS.test(trimmed)) return tagged('low', 'greeting', 'high');
-  if (len < 80 && !BUILD_KEYWORDS.test(trimmed)) return tagged('low', 'short_no_keywords', 'high');
-  // ── Default (low confidence — ambiguous) ──
-  return tagged('medium', 'default', 'low');
-}
-const TIER_RANK: Record<ResponseTier, number> = { low: 0, medium: 1, high: 2 };
-/**
- * Resolve the final tier using the regex classification and an optional
- * session hint from a previous background Haiku call.
- *
- * - When confidence is low, defer to a fresh hint (upgrade or downgrade).
- * - When confidence is high, still upgrade if the hint is higher (the
- *   conversation trajectory outranks a short-message heuristic), but
- *   never downgrade.
- */
-export function resolveWithHint(
-  classification: TierClassification,
-  hint: SessionTierHint | null,
-  currentTurn: number,
-): ResponseTier {
-  if (!hint) {
-    return classification.tier;
-  }
-  const turnAge = currentTurn - hint.turn;
-  const timeAge = Date.now() - hint.timestamp;
-  if (turnAge > HINT_MAX_TURN_AGE || timeAge > HINT_MAX_AGE_MS) {
-    log.debug({ turnAge, timeAge }, 'Session tier hint is stale, ignoring');
-    return classification.tier;
-  }
-  if (classification.confidence === 'low') {
-    // Low confidence: fully defer to hint
-    log.info(
-      { regexTier: classification.tier, hintTier: hint.tier, turnAge },
-      'Deferring to session tier hint (low confidence)',
-    );
-    return hint.tier;
-  }
-  // High confidence: only upgrade, never downgrade
-  if (TIER_RANK[hint.tier] > TIER_RANK[classification.tier]) {
-    log.info(
-      { regexTier: classification.tier, hintTier: hint.tier, turnAge },
-      'Upgrading tier via session hint',
-    );
-    return hint.tier;
-  }
-  return classification.tier;
-}
-// ── Async Haiku classification ────────────────────────────────────────
-const ASYNC_CLASSIFICATION_TIMEOUT_MS = 8_000;
-const TIER_SYSTEM_PROMPT =
-  'Classify the overall complexity of this conversation. ' +
-  'Output ONLY one word, nothing else.\n' +
-  'low — greetings, thanks, short acknowledgements\n' +
-  'medium — simple questions, short requests, clarifications\n' +
-  'high — build/implement/refactor requests, multi-step tasks, code-heavy work';
-/**
- * Fire-and-forget Haiku call to classify the conversation trajectory.
- * Returns the classified tier, or undefined when no provider is configured
- * or on any failure.
- */
-export async function classifyResponseTierAsync(
-  recentUserTexts: string[],
-): Promise<ResponseTier | undefined> {
-  const provider = getConfiguredProvider();
-  if (!provider) {
-    log.debug('No provider available for async tier classification');
-    return undefined;
-  }
-  const combined = recentUserTexts
-    .map((t, i) => `[Message ${i + 1}]: ${t}`)
-    .join('\n');
-  try {
-    const { signal, cleanup } = createTimeout(ASYNC_CLASSIFICATION_TIMEOUT_MS);
-    try {
-      const response = await provider.sendMessage(
-        [userMessage(combined)],
-        undefined,
-        TIER_SYSTEM_PROMPT,
-        {
-          config: {
-            modelIntent: 'latency-optimized',
-            max_tokens: 8,
-          },
-          signal,
-        },
-      );
-      cleanup();
-      const raw = extractText(response).toLowerCase();
-      const match = raw.match(/\b(low|medium|high)\b/);
-      if (match) {
-        const tier = match[1] as ResponseTier;
-        log.debug({ tier, raw }, 'Async tier classification result');
-        return tier;
-      }
-      log.debug({ raw }, 'Async tier classification returned unexpected value');
-      return undefined;
-    } finally {
-      cleanup();
-    }
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    log.debug({ err: message }, 'Async tier classification failed');
-    return undefined;
-  }
-}
-function tagged(tier: ResponseTier, reason: string, confidence: TierConfidence): TierClassification {
-  log.debug({ tier, reason, confidence }, 'Classified response tier');
-  return { tier, reason, confidence };
-}
-// ── Token scaling ─────────────────────────────────────────────────────
-const TIER_SCALE: Record<ResponseTier, number> = {
-  low: 0.125,
-  medium: 0.375,
-  high: 1,
-};
-/**
- * Scale the configured max tokens ceiling by the tier multiplier.
- *
- * Examples with configuredMax = 16000:
- *   low    → 2000
- *   medium → 6000
- *   high   → 16000
- */
-export function tierMaxTokens(tier: ResponseTier, configuredMax: number): number {
-  return Math.round(configuredMax * TIER_SCALE[tier]);
-}
-// ── Model routing ─────────────────────────────────────────────────────
-/**
- * Map for Anthropic provider: tier → model.
- *   low    → sonnet (balanced)
- *   medium → sonnet (balanced)
- *   high   → undefined (use configured default, typically opus)
- */
-const ANTHROPIC_TIER_MODELS: Record<ResponseTier, string | undefined> = {
-  low: 'claude-sonnet-4-6',
-  medium: 'claude-sonnet-4-6',
-  high: undefined, // use configured default
-};
-/**
- * Returns a model override for the given tier, or undefined to use the
- * provider's configured default. Only applies model downgrading for
- * the Anthropic provider.
- */
-export function tierModel(tier: ResponseTier, providerName: string): string | undefined {
-  if (providerName !== 'anthropic') return undefined;
-  return ANTHROPIC_TIER_MODELS[tier];
-}