@vellumai/assistant 0.4.2 → 0.4.3

package/src/runtime/access-request-helper.ts

@@ -105,14 +105,22 @@ export function notifyGuardianOfAccessRequest(
     }
   }
 
+  // The conversationId is assistant-scoped so the dedupe query below only
+  // matches requests for the same assistant. Without this, a pending request
+  // from assistant A could be returned for assistant B, allowing the caller
+  // to piggyback on A's guardian approval.
+  const conversationId = `access-req-${canonicalAssistantId}-${sourceChannel}-${senderExternalUserId}`;
+
   // Deduplicate: skip creation if there is already a pending canonical request
-  // for the same requester on this channel. Still return notified: true with
-  // the existing request ID so callers know the guardian was already notified.
+  // for the same requester on this channel *and* assistant. Still return
+  // notified: true with the existing request ID so callers know the guardian
+  // was already notified.
   const existingCanonical = listCanonicalGuardianRequests({
     status: 'pending',
     requesterExternalUserId: senderExternalUserId,
     sourceChannel,
     kind: 'access_request',
+    conversationId,
   });
   if (existingCanonical.length > 0) {
     log.debug(
@@ -130,7 +138,7 @@ export function notifyGuardianOfAccessRequest(
     kind: 'access_request',
     sourceType: 'channel',
     sourceChannel,
-    conversationId: `access-req-${sourceChannel}-${senderExternalUserId}`,
+    conversationId,
     requesterExternalUserId: senderExternalUserId,
     requesterChatId: externalChatId,
     guardianExternalUserId: guardianExternalUserId ?? undefined,

package/src/runtime/actor-trust-resolver.ts

@@ -17,7 +17,7 @@ import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.
 import type { IngressMember } from '../memory/ingress-member-store.js';
 import { findMember } from '../memory/ingress-member-store.js';
 import { canonicalizeInboundIdentity } from '../util/canonicalize-identity.js';
-import { normalizeAssistantId } from '../util/platform.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
 import { getGuardianBinding } from './channel-guardian-service.js';
 
 // ---------------------------------------------------------------------------
@@ -76,7 +76,7 @@ export interface ResolveActorTrustInput {
  * 5. Classify: guardian > trusted_contact (active member) > unknown.
  */
 export function resolveActorTrust(input: ResolveActorTrustInput): ActorTrustContext {
-  const assistantId = normalizeAssistantId(input.assistantId);
+  const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
 
   const rawUserId = typeof input.senderExternalUserId === 'string' && input.senderExternalUserId.trim().length > 0
     ? input.senderExternalUserId.trim()

package/src/runtime/assistant-scope.ts

@@ -0,0 +1,10 @@
+/**
+ * Canonical internal scope ID for all daemon-side assistant-scoped storage.
+ *
+ * The daemon uses a single fixed identity (`'self'`) for its own assistant
+ * scope. Public/external assistant IDs are an edge concern owned by the
+ * gateway and platform layers (hatch, invite links, etc.). Daemon code
+ * should never derive scoping decisions from externally-provided assistant
+ * IDs — use this constant instead.
+ */
+export const DAEMON_INTERNAL_ASSISTANT_ID = 'self' as const;

package/src/runtime/guardian-outbound-actions.ts

@@ -16,7 +16,8 @@ import { sendMessage as sendSms } from '../messaging/providers/sms/client.js';
 import { getCredentialMetadata } from '../tools/credentials/metadata-store.js';
 import { getLogger } from '../util/logger.js';
 import { normalizePhoneNumber } from '../util/phone.js';
-import { normalizeAssistantId, readHttpToken } from '../util/platform.js';
+import { readHttpToken } from '../util/platform.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
 import {
   countRecentSendsToDestination,
   createOutboundSession,
@@ -243,7 +244,7 @@ function initiateGuardianVoiceCall(
 // ---------------------------------------------------------------------------
 
 export function startOutbound(params: StartOutboundParams): OutboundActionResult {
-  const assistantId = normalizeAssistantId(params.assistantId ?? 'self');
+  const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
   const channel = params.channel;
   const originConversationId = params.originConversationId;
 
@@ -541,7 +542,7 @@ function startOutboundVoice(
 // ---------------------------------------------------------------------------
 
 export function resendOutbound(params: ResendOutboundParams): OutboundActionResult {
-  const assistantId = normalizeAssistantId(params.assistantId ?? 'self');
+  const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
   const channel = params.channel;
   const originConversationId = params.originConversationId;
 
@@ -707,7 +708,7 @@ export function resendOutbound(params: ResendOutboundParams): OutboundActionResu
 // ---------------------------------------------------------------------------
 
 export function cancelOutbound(params: CancelOutboundParams): OutboundActionResult {
-  const assistantId = normalizeAssistantId(params.assistantId ?? 'self');
+  const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
   const channel = params.channel;
 
   const session = findActiveSession(assistantId, channel);

package/src/runtime/http-server.ts

@@ -40,6 +40,7 @@ import { consumeCallback, consumeCallbackError } from '../security/oauth-callbac
 import { getLogger } from '../util/logger.js';
 import { buildAssistantEvent } from './assistant-event.js';
 import { assistantEventHub } from './assistant-event-hub.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
 import { sweepFailedEvents } from './channel-retry-sweep.js';
 import { httpError } from './http-errors.js';
 // Middleware
@@ -97,7 +98,6 @@ import {
   startCanonicalGuardianExpirySweep,
   stopCanonicalGuardianExpirySweep,
 } from './routes/canonical-guardian-expiry-sweep.js';
-import { canonicalChannelAssistantId } from './routes/channel-route-shared.js';
 import {
   handleChannelDeliveryAck,
   handleChannelInbound,
@@ -270,7 +270,7 @@ export class RuntimeHttpServer {
             ipcBroadcast(msg);
             // Also publish to the event hub so HTTP/SSE clients (e.g. macOS
             // app with localHttpEnabled) receive pairing approval requests.
-            void assistantEventHub.publish(buildAssistantEvent('self', msg));
+            void assistantEventHub.publish(buildAssistantEvent(DAEMON_INTERNAL_ASSISTANT_ID, msg));
           }
         : undefined,
     };
@@ -521,22 +521,13 @@ export class RuntimeHttpServer {
       }
     }
 
-    // New assistant-less runtime routes: /v1/<endpoint>
-    const newRouteMatch = path.match(/^\/v1\/(?!assistants\/)(.+)$/);
-    if (newRouteMatch) {
-      return this.dispatchEndpoint(newRouteMatch[1], req, url);
+    // Runtime routes: /v1/<endpoint>
+    const routeMatch = path.match(/^\/v1\/(.+)$/);
+    if (routeMatch) {
+      return this.dispatchEndpoint(routeMatch[1], req, url);
     }
 
-    // Legacy: /v1/assistants/:assistantId/<endpoint>
-    const match = path.match(/^\/v1\/assistants\/([^/]+)\/(.+)$/);
-    if (!match) {
-      return httpError('NOT_FOUND', 'Not found', 404);
-    }
-
-    const assistantId = canonicalChannelAssistantId(match[1]);
-    const endpoint = match[2];
-    log.warn({ endpoint, assistantId }, '[deprecated] /v1/assistants/:assistantId/... route used; migrate to /v1/...');
-    return this.dispatchEndpoint(endpoint, req, url, assistantId);
+    return httpError('NOT_FOUND', 'Not found', 404);
   }
 
   private handleBrowserRelayUpgrade(req: Request, server: ReturnType<typeof Bun.serve>): Response {
@@ -616,8 +607,8 @@ export class RuntimeHttpServer {
     endpoint: string,
     req: Request,
     url: URL,
-    assistantId: string = 'self',
   ): Promise<Response> {
+    const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
     return withErrorHandling(endpoint, async () => {
       if (endpoint === 'health' && req.method === 'GET') return handleHealth();
       if (endpoint === 'debug' && req.method === 'GET') return handleDebug();
@@ -690,7 +681,7 @@ export class RuntimeHttpServer {
         try {
           recordConversationSeenSignal({
             conversationId,
-            assistantId: 'self',
+            assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
             sourceChannel: (body.sourceChannel as string) ?? 'vellum',
             signalType: (body.signalType as string ?? 'macos_conversation_opened') as SignalType,
             confidence: (body.confidence as string ?? 'explicit') as Confidence,
@@ -813,11 +804,11 @@ export class RuntimeHttpServer {
 
       // Internal Twilio forwarding endpoints (gateway -> runtime)
       if (endpoint === 'internal/twilio/voice-webhook' && req.method === 'POST') {
-        const json = await req.json() as { params: Record<string, string>; originalUrl?: string; assistantId?: string };
+        const json = await req.json() as { params: Record<string, string>; originalUrl?: string };
         const formBody = new URLSearchParams(json.params).toString();
         const reconstructedUrl = json.originalUrl ?? req.url;
         const fakeReq = new Request(reconstructedUrl, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: formBody });
-        return await handleVoiceWebhook(fakeReq, json.assistantId);
+        return await handleVoiceWebhook(fakeReq);
       }
 
       if (endpoint === 'internal/twilio/status' && req.method === 'POST') {

package/src/runtime/ingress-service.ts

@@ -57,6 +57,8 @@ export interface InviteResponseData {
   expectedExternalUserId?: string;
   voiceCode?: string;
   voiceCodeDigits?: number;
+  friendName?: string;
+  guardianName?: string;
   createdAt: number;
 }
 
@@ -110,6 +112,8 @@ function inviteToResponse(inv: IngressInvite, opts?: { rawToken?: string; voiceC
     ...(inv.expectedExternalUserId ? { expectedExternalUserId: inv.expectedExternalUserId } : {}),
     ...(opts?.voiceCode ? { voiceCode: opts.voiceCode } : {}),
     ...(inv.voiceCodeDigits != null ? { voiceCodeDigits: inv.voiceCodeDigits } : {}),
+    ...(inv.friendName ? { friendName: inv.friendName } : {}),
+    ...(inv.guardianName ? { guardianName: inv.guardianName } : {}),
     createdAt: inv.createdAt,
   };
 }
@@ -149,6 +153,8 @@ export function createIngressInvite(params: {
   // Voice invite parameters
   expectedExternalUserId?: string;
   voiceCodeDigits?: number;
+  friendName?: string;
+  guardianName?: string;
 }): IngressResult<InviteResponseData> {
   if (!params.sourceChannel) {
     return { ok: false, error: 'sourceChannel is required for create' };
@@ -168,6 +174,12 @@ export function createIngressInvite(params: {
     if (!isValidE164(params.expectedExternalUserId)) {
       return { ok: false, error: 'expectedExternalUserId must be in E.164 format (e.g., +15551234567)' };
     }
+    if (typeof params.friendName !== 'string' || !params.friendName.trim()) {
+      return { ok: false, error: 'friendName is required for voice invites' };
+    }
+    if (typeof params.guardianName !== 'string' || !params.guardianName.trim()) {
+      return { ok: false, error: 'guardianName is required for voice invites' };
+    }
     voiceCode = generateVoiceCode(6);
     voiceCodeHash = hashVoiceCode(voiceCode);
   }
@@ -181,6 +193,8 @@ export function createIngressInvite(params: {
       expectedExternalUserId: params.expectedExternalUserId,
       voiceCodeHash,
       voiceCodeDigits: 6,
+      friendName: params.friendName,
+      guardianName: params.guardianName,
     } : {}),
   });
   // Voice invites must not expose the token — callers must redeem via the

package/src/runtime/invite-redemption-service.ts

@@ -13,6 +13,7 @@ import { findActiveVoiceInvites,findByTokenHash, hashToken, markInviteExpired, r
 import { findMember, upsertMember } from '../memory/ingress-member-store.js';
 import { canonicalizeInboundIdentity } from '../util/canonicalize-identity.js';
 import { hashVoiceCode } from '../util/voice-code.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
 
 // ---------------------------------------------------------------------------
 // Outcome type
@@ -223,7 +224,7 @@ export function redeemVoiceInviteCode(params: {
   sourceChannel: 'voice';
   code: string;
 }): VoiceRedemptionOutcome {
-  const { assistantId = 'self', callerExternalUserId, code } = params;
+  const { assistantId = DAEMON_INTERNAL_ASSISTANT_ID, callerExternalUserId, code } = params;
 
   if (!callerExternalUserId) {
     return { ok: false, reason: 'invalid_or_expired' };

package/src/runtime/middleware/twilio-validation.ts

@@ -12,12 +12,10 @@ import { httpError } from '../http-errors.js';
 const log = getLogger('runtime-http');
 
 /**
- * Regex to extract the Twilio webhook subpath from both top-level and
- * assistant-scoped route shapes:
+ * Regex to extract the Twilio webhook subpath:
  *   /v1/calls/twilio/<subpath>
- *   /v1/assistants/<id>/calls/twilio/<subpath>
  */
-export const TWILIO_WEBHOOK_RE = /^\/v1\/(?:assistants\/[^/]+\/)?calls\/twilio\/(.+)$/;
+export const TWILIO_WEBHOOK_RE = /^\/v1\/calls\/twilio\/(.+)$/;
 
 /**
  * Gateway-compatible Twilio webhook paths:

package/src/runtime/routes/call-routes.ts

@@ -11,6 +11,7 @@
 import { answerCall, cancelCall, getCallStatus, relayInstruction,startCall } from '../../calls/call-domain.js';
 import { getConfig } from '../../config/loader.js';
 import { VALID_CALLER_IDENTITY_MODES } from '../../config/schema.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { httpError, httpErrorCodeFromStatus } from '../http-errors.js';
 
 // ── Idempotency cache ─────────────────────────────────────────────────────────
@@ -41,7 +42,7 @@ function pruneIdempotencyCache(): void {
  * Optional `idempotencyKey`: if supplied, duplicate requests with the same key
  * within 5 minutes return the cached 201 response without starting a second call.
  */
-export async function handleStartCall(req: Request, assistantId: string = 'self'): Promise<Response> {
+export async function handleStartCall(req: Request, assistantId: string = DAEMON_INTERNAL_ASSISTANT_ID): Promise<Response> {
   if (!getConfig().calls.enabled) {
     return httpError('FORBIDDEN', 'Calls feature is disabled via configuration. Set calls.enabled to true to use this feature.', 403);
   }

package/src/runtime/routes/channel-route-shared.ts

@@ -4,7 +4,7 @@
 import { timingSafeEqual } from 'node:crypto';
 
 import type { ChannelId } from '../../channels/types.js';
-import { normalizeAssistantId } from '../../util/platform.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import type {
   ApprovalAction,
   ApprovalDecisionResult,
@@ -15,8 +15,8 @@ export type { ActorTrustClass, DenialReason, GuardianContext } from '../guardian
 export { toGuardianRuntimeContext } from '../guardian-context-resolver.js';
 
 /** Canonicalize assistantId for channel ingress paths. */
-export function canonicalChannelAssistantId(assistantId: string): string {
-  return normalizeAssistantId(assistantId);
+export function canonicalChannelAssistantId(_assistantId: string): string {
+  return DAEMON_INTERNAL_ASSISTANT_ID;
 }
 
 // ---------------------------------------------------------------------------

package/src/runtime/routes/conversation-attention-routes.ts

@@ -10,6 +10,7 @@ import {
 } from '../../memory/conversation-attention-store.js';
 import * as conversationStore from '../../memory/conversation-store.js';
 import { truncate } from '../../util/truncate.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { httpError } from '../http-errors.js';
 
 export function handleListConversationAttention(url: URL): Response {
@@ -27,7 +28,7 @@ export function handleListConversationAttention(url: URL): Response {
   }
 
   const attentionStates = listConversationAttention({
-    assistantId: 'self',
+    assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
     state: stateParam as AttentionFilterState,
     sourceChannel: channel,
     source: sourceParam !== 'all' ? sourceParam : undefined,

package/src/runtime/routes/conversation-routes.ts

@@ -24,6 +24,7 @@ import { getConfiguredProvider } from '../../providers/provider-send-message.js'
 import type { Provider } from '../../providers/types.js';
 import { getLogger } from '../../util/logger.js';
 import { buildAssistantEvent } from '../assistant-event.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { routeGuardianReply } from '../guardian-reply-router.js';
 import { httpError } from '../http-errors.js';
 import type {
@@ -363,7 +364,7 @@ function makeHubPublisher(
         ? (msg as { sessionId: string }).sessionId
         : undefined;
     const resolvedSessionId = msgSessionId ?? conversationId;
-    const event = buildAssistantEvent('self', msg, resolvedSessionId);
+    const event = buildAssistantEvent(DAEMON_INTERNAL_ASSISTANT_ID, msg, resolvedSessionId);
     hubChain = (async () => {
       await hubChain;
       try {

package/src/runtime/routes/events-routes.ts

@@ -11,6 +11,7 @@ import { getOrCreateConversation } from '../../memory/conversation-key-store.js'
 import { formatSseFrame, formatSseHeartbeat } from '../assistant-event.js';
 import type { AssistantEventSubscription } from '../assistant-event-hub.js';
 import { AssistantEventHub,assistantEventHub } from '../assistant-event-hub.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { httpError } from '../http-errors.js';
 
 /** Keep-alive comment sent to idle clients every 30 s by default. */
@@ -50,8 +51,6 @@ export function handleSubscribeAssistantEvents(
   // closures are in place before events can arrive.  `controllerRef` is set
   // synchronously inside ReadableStream's start(), so it is non-null by the
   // time any event or eviction fires.
-  // 'self' is the assistantId used by buildAssistantEvent('self', ...) for
-  // all HTTP and voice session events.
   let controllerRef: ReadableStreamDefaultController<Uint8Array> | null = null;
   let heartbeatTimer: ReturnType<typeof setInterval> | null = null;
   let sub!: AssistantEventSubscription;
@@ -63,7 +62,7 @@ export function handleSubscribeAssistantEvents(
 
   try {
     sub = hub.subscribe(
-      { assistantId: 'self', sessionId: mapping.conversationId },
+      { assistantId: DAEMON_INTERNAL_ASSISTANT_ID, sessionId: mapping.conversationId },
       (event) => {
         const controller = controllerRef;
         if (!controller) return;

package/src/runtime/routes/inbound-conversation.ts

@@ -3,9 +3,10 @@
  */
 import { deleteConversationKey } from '../../memory/conversation-key-store.js';
 import * as externalConversationStore from '../../memory/external-conversation-store.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import { httpError } from '../http-errors.js';
 
-export async function handleDeleteConversation(req: Request, assistantId: string = 'self'): Promise<Response> {
+export async function handleDeleteConversation(req: Request, assistantId: string = DAEMON_INTERNAL_ASSISTANT_ID): Promise<Response> {
   const body = await req.json() as {
     sourceChannel?: string;
     externalChatId?: string;
@@ -26,14 +27,14 @@ export async function handleDeleteConversation(req: Request, assistantId: string
   const legacyKey = `${sourceChannel}:${externalChatId}`;
   const scopedKey = `asst:${assistantId}:${sourceChannel}:${externalChatId}`;
   deleteConversationKey(scopedKey);
-  if (assistantId === 'self') {
+  if (assistantId === DAEMON_INTERNAL_ASSISTANT_ID) {
     deleteConversationKey(legacyKey);
   }
   // external_conversation_bindings is currently assistant-agnostic
   // (unique by sourceChannel + externalChatId). Restrict mutations to the
   // canonical self-assistant route so multi-assistant legacy routes do not
   // clobber each other's bindings.
-  if (assistantId === 'self') {
+  if (assistantId === DAEMON_INTERNAL_ASSISTANT_ID) {
     externalConversationStore.deleteBindingByChannelChat(sourceChannel, externalChatId);
   }
 

package/src/runtime/routes/inbound-message-handler.ts

@@ -28,6 +28,7 @@ import { IngressBlockedError } from '../../util/errors.js';
 import { getLogger } from '../../util/logger.js';
 import { readHttpToken } from '../../util/platform.js';
 import { notifyGuardianOfAccessRequest } from '../access-request-helper.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
 import {
   buildApprovalUIMetadata,
   getApprovalInfoByConversation,
@@ -97,7 +98,7 @@ export async function handleChannelInbound(
   req: Request,
   processMessage?: MessageProcessor,
   bearerToken?: string,
-  assistantId: string = 'self',
+  assistantId: string = DAEMON_INTERNAL_ASSISTANT_ID,
   gatewayOriginSecret?: string,
   approvalCopyGenerator?: ApprovalCopyGenerator,
   approvalConversationGenerator?: ApprovalConversationGenerator,
@@ -580,7 +581,7 @@ export async function handleChannelInbound(
   // external_conversation_bindings is assistant-agnostic. Restrict writes to
   // self so assistant-scoped legacy routes do not overwrite each other's
   // channel binding metadata for the same chat.
-  if (canonicalAssistantId === 'self') {
+  if (canonicalAssistantId === DAEMON_INTERNAL_ASSISTANT_ID) {
     externalConversationStore.upsertBinding({
       conversationId: result.conversationId,
       sourceChannel,
@@ -1447,7 +1448,7 @@ function startPendingApprovalPromptWatcher(params: {
             replyCallbackUrl,
             chatId: externalChatId,
             sourceChannel,
-            assistantId: assistantId ?? 'self',
+            assistantId: assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
             bearerToken,
             prompt,
             uiMetadata: buildApprovalUIMetadata(prompt, info),

package/src/runtime/routes/ingress-routes.ts

@@ -147,6 +147,8 @@ export async function handleCreateInvite(req: Request): Promise<Response> {
     expiresInMs: body.expiresInMs as number | undefined,
     expectedExternalUserId: body.expectedExternalUserId as string | undefined,
     voiceCodeDigits: body.voiceCodeDigits as number | undefined,
+    friendName: body.friendName as string | undefined,
+    guardianName: body.guardianName as string | undefined,
   });
 
   if (!result.ok) {

package/src/tools/calls/call-start.ts

@@ -1,5 +1,6 @@
 import { startCall } from '../../calls/call-domain.js';
 import { getConfig } from '../../config/loader.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../../runtime/assistant-scope.js';
 import { findActiveSession } from '../../runtime/channel-guardian-service.js';
 import { normalizePhoneNumber } from '../../util/phone.js';
 import type { ToolContext, ToolExecutionResult } from '../types.js';
@@ -16,7 +17,7 @@ export async function executeCallStart(
     ? normalizePhoneNumber(input.phone_number)
     : null;
   if (requestedPhone) {
-    const assistantId = context.assistantId ?? 'self';
+    const assistantId = context.assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID;
     const activeVoiceVerification = findActiveSession(assistantId, 'voice');
     const verificationDestination = activeVoiceVerification?.destinationAddress ?? activeVoiceVerification?.expectedPhoneE164;
     if (verificationDestination === requestedPhone) {

package/src/tools/terminal/parser.ts

@@ -132,6 +132,18 @@ function findWasmPath(pkg: string, file: string): string {
     return execDirPath;
   }
 
+  // Use module resolution to find the package. This handles hoisted
+  // dependencies (e.g. global bun installs where web-tree-sitter is at the
+  // top-level node_modules rather than nested under @vellumai/assistant).
+  try {
+    const resolved = require.resolve(`${pkg}/package.json`);
+    const pkgDir = dirname(resolved);
+    const resolvedPath = join(pkgDir, file);
+    if (existsSync(resolvedPath)) return resolvedPath;
+  } catch (err) {
+    log.warn({ err, pkg, file }, 'require.resolve failed for WASM package, falling back to manual resolution');
+  }
+
   const sourcePath = join(dir, '..', '..', '..', 'node_modules', pkg, file);
 
   if (existsSync(sourcePath)) return sourcePath;

package/src/tools/tool-approval-handler.ts

@@ -1,4 +1,5 @@
 import { consumeGrantForInvocation } from '../approvals/approval-primitive.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../runtime/assistant-scope.js';
 import { createOrReuseToolGrantRequest } from '../runtime/tool-grant-request-helper.js';
 import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { getTaskRunRules } from '../tasks/ephemeral-permissions.js';
@@ -128,7 +129,7 @@ export class ToolApprovalHandler {
         toolName: name,
         inputDigest,
         consumingRequestId: context.requestId ?? `preexec-${context.sessionId}-${Date.now()}`,
-        assistantId: context.assistantId ?? 'self',
+        assistantId: context.assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
         executionChannel: context.executionChannel,
         conversationId: context.conversationId,
         callSessionId: context.callSessionId,

package/src/workspace/git-service.ts

@@ -16,6 +16,11 @@ const log = getLogger('workspace-git');
  * Strips all GIT_* env vars (e.g. GIT_DIR, GIT_WORK_TREE) that CI runners
  * or parent processes may set, then adds GIT_CEILING_DIRECTORIES to prevent
  * walking up to a parent repo.
+ *
+ * On macOS, augments PATH with common binary directories so the real git
+ * binary is found even when the daemon is launched from a .app bundle with
+ * a minimal PATH. Without this, the macOS /usr/bin/git shim triggers an
+ * "Install Command Line Developer Tools" popup on every git invocation.
  */
 function cleanGitEnv(workspaceDir: string): Record<string, string> {
   const env: Record<string, string> = {};
@@ -25,6 +30,20 @@ function cleanGitEnv(workspaceDir: string): Record<string, string> {
     }
   }
   env.GIT_CEILING_DIRECTORIES = workspaceDir;
+
+  const home = process.env.HOME ?? '';
+  const extraDirs = [
+    '/opt/homebrew/bin',
+    '/usr/local/bin',
+    `${home}/.local/bin`,
+  ];
+  const currentPath = env.PATH ?? '';
+  const pathDirs = currentPath.split(':');
+  const missing = extraDirs.filter(d => !pathDirs.includes(d));
+  if (missing.length > 0) {
+    env.PATH = [...missing, currentPath].filter(Boolean).join(':');
+  }
+
   return env;
 }