npm - @vellumai/assistant - Versions diffs - 0.4.26 → 0.4.30 - Mend

@vellumai/assistant 0.4.26 → 0.4.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1360) hide show

package/.env.example +2 -2
package/AGENTS.md +5 -0
package/ARCHITECTURE.md +207 -105
package/Dockerfile +1 -1
package/README.md +111 -113
package/bun.lock +0 -3
package/docs/architecture/integrations.md +0 -1
package/docs/architecture/memory.md +100 -63
package/docs/error-handling.md +71 -0
package/docs/runbook-trusted-contacts.md +89 -52
package/docs/trusted-contact-access.md +48 -46
package/package.json +3 -3
package/scripts/compare-benchmarks.sh +12 -5
package/scripts/ipc/check-swift-decoder-drift.ts +5 -3
package/scripts/test.sh +89 -5
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +50 -37
package/src/__tests__/access-request-decision.test.ts +0 -1
package/src/__tests__/account-registry.test.ts +1 -1
package/src/__tests__/actor-token-service.test.ts +40 -26
package/src/__tests__/agent-loop-thinking.test.ts +29 -13
package/src/__tests__/agent-loop.test.ts +2 -1
package/src/__tests__/app-builder-tool-scripts.test.ts +1 -1
package/src/__tests__/app-executors.test.ts +7 -17
package/src/__tests__/approval-routes-http.test.ts +2 -2
package/src/__tests__/asset-materialize-tool.test.ts +7 -7
package/src/__tests__/asset-search-tool.test.ts +7 -7
package/src/__tests__/assistant-feature-flags-integration.test.ts +18 -10
package/src/__tests__/browser-fill-credential.test.ts +1 -1
package/src/__tests__/browser-skill-endstate.test.ts +10 -1
package/src/__tests__/bundled-skill-retrieval-guard.test.ts +218 -0
package/src/__tests__/call-controller.test.ts +99 -69
package/src/__tests__/call-start-guardian-guard.test.ts +1 -1
package/src/__tests__/channel-approval-routes.test.ts +157 -114
package/src/__tests__/channel-approval.test.ts +8 -0
package/src/__tests__/channel-approvals.test.ts +39 -1
package/src/__tests__/channel-guardian.test.ts +176 -275
package/src/__tests__/channel-readiness-service.test.ts +6 -2
package/src/__tests__/channel-reply-delivery.test.ts +33 -2
package/src/__tests__/channel-retry-sweep.test.ts +14 -14
package/src/__tests__/checker.test.ts +12 -31
package/src/__tests__/claude-code-tool-profiles.test.ts +1 -1
package/src/__tests__/commit-message-enrichment-service.test.ts +71 -59
package/src/__tests__/compaction.benchmark.test.ts +6 -2
package/src/__tests__/computer-use-tools.test.ts +1 -1
package/src/__tests__/config-schema.test.ts +66 -7
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +29 -29
package/src/__tests__/contacts-tools.test.ts +63 -2
package/src/__tests__/context-overflow-approval.test.ts +141 -0
package/src/__tests__/context-overflow-policy.test.ts +171 -0
package/src/__tests__/context-overflow-reducer.test.ts +533 -0
package/src/__tests__/context-window-manager.test.ts +97 -0
package/src/__tests__/conversation-attention-telegram.test.ts +38 -46
package/src/__tests__/conversation-pairing.test.ts +2 -2
package/src/__tests__/conversation-routes-guardian-reply.test.ts +214 -10
package/src/__tests__/conversation-routes.test.ts +4 -7
package/src/__tests__/credential-broker-browser-fill.test.ts +13 -2
package/src/__tests__/credential-security-e2e.test.ts +1 -1
package/src/__tests__/credential-security-invariants.test.ts +1 -1
package/src/__tests__/credential-vault-unit.test.ts +1 -1
package/src/__tests__/credential-vault.test.ts +11 -8
package/src/__tests__/daemon-lifecycle.test.ts +2 -2
package/src/__tests__/daemon-server-session-init.test.ts +6 -6
package/src/__tests__/delete-managed-skill-tool.test.ts +1 -1
package/src/__tests__/deterministic-verification-control-plane.test.ts +2 -2
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +9 -0
package/src/__tests__/emit-signal-routing-intent.test.ts +4 -0
package/src/__tests__/encrypted-store.test.ts +10 -7
package/src/__tests__/ephemeral-permissions.test.ts +3 -3
package/src/__tests__/file-edit-tool.test.ts +1 -1
package/src/__tests__/file-read-tool.test.ts +1 -1
package/src/__tests__/file-write-tool.test.ts +1 -1
package/src/__tests__/fixtures/credential-security-fixtures.ts +87 -64
package/src/__tests__/fixtures/media-reuse-fixtures.ts +37 -31
package/src/__tests__/fixtures/mock-signup-server.ts +171 -115
package/src/__tests__/fixtures/proxy-fixtures.ts +39 -39
package/src/__tests__/followup-tools.test.ts +1 -1
package/src/__tests__/gateway-only-guard.test.ts +4 -0
package/src/__tests__/gemini-image-service.test.ts +2 -2
package/src/__tests__/guardian-actions-endpoint.test.ts +543 -1
package/src/__tests__/guardian-control-plane-policy.test.ts +15 -15
package/src/__tests__/guardian-dispatch.test.ts +79 -1
package/src/__tests__/guardian-grant-minting.test.ts +20 -20
package/src/__tests__/guardian-outbound-http.test.ts +1 -2
package/src/__tests__/guardian-principal-id-roundtrip.test.ts +0 -41
package/src/__tests__/guardian-routing-invariants.test.ts +36 -16
package/src/__tests__/guardian-routing-state.test.ts +36 -52
package/src/__tests__/guardian-verification-intent-routing.test.ts +4 -6
package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +6 -8
package/src/__tests__/handle-user-message-secret-resume.test.ts +39 -1
package/src/__tests__/handlers-cu-observation-blob.test.ts +21 -10
package/src/__tests__/handlers-telegram-config.test.ts +14 -14
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +23 -2
package/src/__tests__/headless-browser-interactions.test.ts +1 -1
package/src/__tests__/headless-browser-navigate.test.ts +1 -1
package/src/__tests__/headless-browser-read-tools.test.ts +1 -1
package/src/__tests__/headless-browser-snapshot.test.ts +1 -1
package/src/__tests__/heartbeat-service.test.ts +45 -2
package/src/__tests__/host-file-edit-tool.test.ts +1 -1
package/src/__tests__/host-file-read-tool.test.ts +1 -1
package/src/__tests__/host-file-write-tool.test.ts +1 -1
package/src/__tests__/host-shell-tool.test.ts +1 -1
package/src/__tests__/inbound-invite-redemption.test.ts +17 -19
package/src/__tests__/ingress-reconcile.test.ts +2 -2
package/src/__tests__/integrations-cli.test.ts +232 -0
package/src/__tests__/intent-routing.test.ts +7 -5
package/src/__tests__/invite-redemption-service.test.ts +5 -4
package/src/__tests__/{ingress-routes-http.test.ts → invite-routes-http.test.ts} +42 -321
package/src/__tests__/ipc-snapshot.test.ts +32 -31
package/src/__tests__/managed-skill-lifecycle.test.ts +1 -1
package/src/__tests__/mcp-cli.test.ts +136 -57
package/src/__tests__/mcp-client-auth.test.ts +95 -0
package/src/__tests__/media-generate-image.test.ts +2 -2
package/src/__tests__/media-reuse-story.e2e.test.ts +8 -8
package/src/__tests__/memory-regressions.test.ts +6 -6
package/src/__tests__/messaging-send-tool.test.ts +1 -1
package/src/__tests__/migration-cross-version-compatibility.test.ts +1855 -0
package/src/__tests__/migration-export-http.test.ts +540 -0
package/src/__tests__/migration-import-commit-http.test.ts +823 -0
package/src/__tests__/migration-import-preflight-http.test.ts +755 -0
package/src/__tests__/migration-parity-persistence.test.ts +1854 -0
package/src/__tests__/migration-transport.test.ts +904 -0
package/src/__tests__/migration-validate-http.test.ts +698 -0
package/src/__tests__/migration-wizard.test.ts +1289 -0
package/src/__tests__/nl-approval-parser.test.ts +305 -0
package/src/__tests__/non-member-access-request.test.ts +17 -17
package/src/__tests__/notification-decision-strategy.test.ts +110 -2
package/src/__tests__/notification-deep-link.test.ts +18 -0
package/src/__tests__/notification-guardian-path.test.ts +0 -1
package/src/__tests__/oauth-provider-profiles.test.ts +34 -0
package/src/__tests__/oauth2-gateway-transport.test.ts +1 -1
package/src/__tests__/playbook-execution.test.ts +1 -1
package/src/__tests__/playbook-tools.test.ts +1 -1
package/src/__tests__/provider-error-scenarios.test.ts +68 -0
package/src/__tests__/provider-streaming.benchmark.test.ts +3 -1
package/src/__tests__/proxy-approval-callback.test.ts +1 -1
package/src/__tests__/qdrant-manager.test.ts +40 -11
package/src/__tests__/rebind-secrets-screen.test.ts +839 -0
package/src/__tests__/recording-handler.test.ts +2 -2
package/src/__tests__/recording-intent-handler.test.ts +3 -3
package/src/__tests__/recording-state-machine.test.ts +2 -2
package/src/__tests__/relay-server.test.ts +507 -228
package/src/__tests__/reminder-store.test.ts +8 -0
package/src/__tests__/reminder.test.ts +8 -0
package/src/__tests__/{resolve-guardian-trust-class.test.ts → resolve-trust-class.test.ts} +11 -17
package/src/__tests__/retry-after-extraction.test.ts +111 -0
package/src/__tests__/scaffold-managed-skill-tool.test.ts +1 -1
package/src/__tests__/schedule-tools.test.ts +1 -1
package/src/__tests__/script-proxy-certs.test.ts +1 -1
package/src/__tests__/script-proxy-connect-tunnel.test.ts +2 -3
package/src/__tests__/script-proxy-decision-trace.test.ts +2 -2
package/src/__tests__/script-proxy-http-forwarder.test.ts +1 -1
package/src/__tests__/script-proxy-injection-runtime.test.ts +5 -5
package/src/__tests__/script-proxy-mitm-handler.test.ts +4 -4
package/src/__tests__/script-proxy-policy-runtime.test.ts +2 -2
package/src/__tests__/script-proxy-policy.test.ts +2 -2
package/src/__tests__/script-proxy-profile-template-fallback.test.ts +127 -0
package/src/__tests__/script-proxy-session-manager.test.ts +4 -7
package/src/__tests__/script-proxy-session-runtime.test.ts +1 -6
package/src/__tests__/secret-onetime-send.test.ts +4 -4
package/src/__tests__/secret-scanner-executor.test.ts +2 -2
package/src/__tests__/send-endpoint-busy.test.ts +11 -9
package/src/__tests__/send-notification-tool.test.ts +2 -2
package/src/__tests__/session-abort-tool-results.test.ts +17 -2
package/src/__tests__/session-agent-loop.test.ts +456 -35
package/src/__tests__/session-confirmation-signals.test.ts +3 -2
package/src/__tests__/session-conflict-gate.test.ts +20 -3
package/src/__tests__/session-init.benchmark.test.ts +2 -2
package/src/__tests__/session-load-history-repair.test.ts +7 -7
package/src/__tests__/session-media-retry.test.ts +147 -0
package/src/__tests__/session-pre-run-repair.test.ts +17 -2
package/src/__tests__/session-profile-injection.test.ts +20 -3
package/src/__tests__/session-provider-retry-repair.test.ts +86 -6
package/src/__tests__/session-queue.test.ts +33 -18
package/src/__tests__/session-runtime-assembly.test.ts +147 -1
package/src/__tests__/session-runtime-workspace.test.ts +40 -0
package/src/__tests__/session-slash-known.test.ts +21 -3
package/src/__tests__/session-slash-queue.test.ts +17 -2
package/src/__tests__/session-slash-unknown.test.ts +17 -2
package/src/__tests__/session-surfaces-deselection.test.ts +208 -0
package/src/__tests__/session-workspace-cache-state.test.ts +2 -2
package/src/__tests__/session-workspace-injection.test.ts +17 -2
package/src/__tests__/session-workspace-tool-tracking.test.ts +17 -2
package/src/__tests__/shell-credential-ref.test.ts +1 -1
package/src/__tests__/shell-tool-proxy-mode.test.ts +1 -1
package/src/__tests__/skill-feature-flags-integration.test.ts +9 -5
package/src/__tests__/skill-feature-flags.test.ts +18 -12
package/src/__tests__/skill-load-feature-flag.test.ts +5 -4
package/src/__tests__/skill-load-tool.test.ts +1 -1
package/src/__tests__/skill-script-runner-host.test.ts +1 -1
package/src/__tests__/skill-script-runner-sandbox.test.ts +1 -1
package/src/__tests__/skill-script-runner.test.ts +1 -1
package/src/__tests__/skill-tool-factory.test.ts +1 -1
package/src/__tests__/slack-block-formatting.test.ts +100 -0
package/src/__tests__/slack-inbound-verification.test.ts +346 -0
package/src/__tests__/slack-reaction-approvals.test.ts +77 -0
package/src/__tests__/slack-skill.test.ts +4 -2
package/src/__tests__/starter-task-flow.test.ts +0 -1
package/src/__tests__/subagent-tools.test.ts +3 -3
package/src/__tests__/swarm-recursion.test.ts +1 -1
package/src/__tests__/swarm-session-integration.test.ts +1 -1
package/src/__tests__/swarm-tool.test.ts +1 -1
package/src/__tests__/task-management-tools.test.ts +1 -1
package/src/__tests__/task-tools.test.ts +1 -1
package/src/__tests__/terminal-tools.test.ts +1 -1
package/src/__tests__/test-support/browser-skill-harness.ts +39 -27
package/src/__tests__/test-support/computer-use-skill-harness.ts +14 -14
package/src/__tests__/tool-approval-handler.test.ts +15 -15
package/src/__tests__/tool-execution-abort-cleanup.test.ts +1 -1
package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +1 -1
package/src/__tests__/tool-executor-lifecycle-events.test.ts +2 -2
package/src/__tests__/tool-executor-shell-integration.test.ts +1 -1
package/src/__tests__/tool-executor.test.ts +23 -182
package/src/__tests__/tool-grant-request-escalation.test.ts +11 -11
package/src/__tests__/tool-permission-simulate-handler.test.ts +4 -4
package/src/__tests__/transfer-progress-screen.test.ts +1180 -0
package/src/__tests__/trust-context-guards.test.ts +25 -29
package/src/__tests__/trusted-contact-approval-notifier.test.ts +23 -21
package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +37 -40
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +29 -25
package/src/__tests__/trusted-contact-multichannel.test.ts +25 -24
package/src/__tests__/trusted-contact-verification.test.ts +64 -76
package/src/__tests__/turn-commit.test.ts +18 -18
package/src/__tests__/twilio-provider.test.ts +7 -7
package/src/__tests__/validation-results-screen.test.ts +1107 -0
package/src/__tests__/view-image-tool.test.ts +1 -1
package/src/__tests__/voice-invite-redemption.test.ts +4 -3
package/src/__tests__/voice-scoped-grant-consumer.test.ts +12 -12
package/src/__tests__/voice-session-bridge.test.ts +24 -24
package/src/agent/attachments.ts +3 -1
package/src/agent/loop.ts +13 -13
package/src/agent/message-types.ts +13 -7
package/src/amazon/cart.ts +59 -32
package/src/amazon/checkout.ts +25 -14
package/src/amazon/client.ts +61 -58
package/src/amazon/product-details.ts +3 -3
package/src/amazon/request-extractor.ts +46 -31
package/src/amazon/search.ts +6 -4
package/src/amazon/session.ts +33 -24
package/src/approvals/AGENTS.md +26 -0
package/src/approvals/approval-primitive.ts +87 -64
package/src/approvals/guardian-decision-primitive.ts +172 -81
package/src/approvals/guardian-request-resolvers.ts +262 -155
package/src/autonomy/autonomy-resolver.ts +7 -5
package/src/autonomy/autonomy-store.ts +34 -19
package/src/autonomy/disposition-mapper.ts +5 -5
package/src/autonomy/index.ts +6 -6
package/src/autonomy/types.ts +7 -3
package/src/browser-extension-relay/client.ts +50 -19
package/src/browser-extension-relay/protocol.ts +11 -11
package/src/browser-extension-relay/server.ts +45 -20
package/src/bundler/app-bundler.ts +75 -50
package/src/bundler/bundle-scanner.ts +145 -41
package/src/bundler/bundle-signer.ts +16 -14
package/src/bundler/signature-verifier.ts +36 -33
package/src/calls/call-constants.ts +10 -3
package/src/calls/call-controller.ts +473 -214
package/src/calls/call-conversation-messages.ts +25 -15
package/src/calls/call-domain.ts +401 -148
package/src/calls/call-pointer-message-composer.ts +26 -21
package/src/calls/call-pointer-messages.ts +52 -28
package/src/calls/call-recovery.ts +53 -37
package/src/calls/call-state-machine.ts +37 -7
package/src/calls/call-state.ts +35 -13
package/src/calls/call-store.ts +165 -77
package/src/calls/elevenlabs-client.ts +39 -20
package/src/calls/guardian-action-sweep.ts +42 -24
package/src/calls/guardian-dispatch.ts +79 -56
package/src/calls/guardian-question-copy.ts +28 -23
package/src/calls/relay-server.ts +1149 -532
package/src/calls/speaker-identification.ts +21 -15
package/src/calls/twilio-config.ts +34 -17
package/src/calls/twilio-provider.ts +108 -55
package/src/calls/twilio-rest.ts +212 -100
package/src/calls/twilio-routes.ts +165 -92
package/src/calls/types.ts +55 -7
package/src/calls/voice-quality.ts +6 -4
package/src/calls/voice-session-bridge.ts +181 -133
package/src/channels/config.ts +18 -14
package/src/channels/types.ts +38 -10
package/src/cli/amazon.ts +333 -227
package/src/cli/config-commands.ts +236 -146
package/src/cli/core-commands.ts +403 -329
package/src/cli/email-guardrails.ts +38 -19
package/src/cli/email.ts +207 -153
package/src/cli/influencer.ts +58 -56
package/src/cli/integrations.ts +306 -0
package/src/cli/ipc-client.ts +24 -19
package/src/cli/map.ts +176 -129
package/src/cli/mcp.ts +260 -152
package/src/cli/sequence.ts +165 -107
package/src/cli/twitter.ts +302 -218
package/src/cli.ts +418 -279
package/src/commands/cc-command-registry.ts +52 -27
package/src/config/agent-schema.ts +217 -134
package/src/config/assistant-feature-flags.ts +23 -18
package/src/config/bundled-skills/_shared/CLI_RETRIEVAL_PATTERN.md +19 -0
package/src/config/bundled-skills/app-builder/SKILL.md +193 -1500
package/src/config/bundled-skills/app-builder/TOOLS.json +70 -18
package/src/config/bundled-skills/app-builder/tools/app-create.ts +7 -4
package/src/config/bundled-skills/app-builder/tools/app-delete.ts +6 -3
package/src/config/bundled-skills/app-builder/tools/app-file-edit.ts +7 -4
package/src/config/bundled-skills/app-builder/tools/app-file-list.ts +6 -3
package/src/config/bundled-skills/app-builder/tools/app-file-read.ts +6 -3
package/src/config/bundled-skills/app-builder/tools/app-file-write.ts +7 -4
package/src/config/bundled-skills/app-builder/tools/app-list.ts +6 -3
package/src/config/bundled-skills/app-builder/tools/app-query.ts +6 -3
package/src/config/bundled-skills/app-builder/tools/app-update.ts +6 -3
package/src/config/bundled-skills/browser/TOOLS.json +59 -2
package/src/config/bundled-skills/browser/tools/browser-click.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-close.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-extract.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-fill-credential.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-hover.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-navigate.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-press-key.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-screenshot.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-scroll.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-select-option.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-snapshot.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-type.ts +5 -2
package/src/config/bundled-skills/browser/tools/browser-wait-for-download.ts +13 -6
package/src/config/bundled-skills/browser/tools/browser-wait-for.ts +5 -2
package/src/config/bundled-skills/chatgpt-import/TOOLS.json +4 -0
package/src/config/bundled-skills/claude-code/TOOLS.json +4 -0
package/src/config/bundled-skills/claude-code/tools/claude-code.ts +5 -2
package/src/config/bundled-skills/computer-use/SKILL.md +2 -2
package/src/config/bundled-skills/computer-use/TOOLS.json +50 -2
package/src/config/bundled-skills/computer-use/tools/computer-use-click.ts +6 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-done.ts +6 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-double-click.ts +10 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-drag.ts +6 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-key.ts +6 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-open-app.ts +6 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-request-control.ts +10 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-respond.ts +6 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-right-click.ts +10 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-run-applescript.ts +10 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-scroll.ts +6 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-type-text.ts +6 -3
package/src/config/bundled-skills/computer-use/tools/computer-use-wait.ts +6 -3
package/src/config/bundled-skills/configure-settings/SKILL.md +28 -14
package/src/config/bundled-skills/contacts/SKILL.md +453 -15
package/src/config/bundled-skills/contacts/TOOLS.json +22 -2
package/src/config/bundled-skills/contacts/tools/contact-merge.ts +79 -20
package/src/config/bundled-skills/contacts/tools/contact-search.ts +55 -18
package/src/config/bundled-skills/contacts/tools/contact-upsert.ts +64 -19
package/src/config/bundled-skills/document/TOOLS.json +8 -0
package/src/config/bundled-skills/document/tools/document-create.ts +5 -2
package/src/config/bundled-skills/document/tools/document-update.ts +5 -2
package/src/config/bundled-skills/doordash/doordash-cli.ts +17 -7
package/src/config/bundled-skills/email-setup/SKILL.md +12 -9
package/src/config/bundled-skills/followups/TOOLS.json +12 -0
package/src/config/bundled-skills/followups/tools/followup-create.ts +5 -2
package/src/config/bundled-skills/followups/tools/followup-list.ts +5 -2
package/src/config/bundled-skills/followups/tools/followup-resolve.ts +5 -2
package/src/config/bundled-skills/google-calendar/TOOLS.json +124 -26
package/src/config/bundled-skills/google-calendar/calendar-client.ts +44 -32
package/src/config/bundled-skills/google-calendar/tools/calendar-check-availability.ts +11 -5
package/src/config/bundled-skills/google-calendar/tools/calendar-create-event.ts +13 -7
package/src/config/bundled-skills/google-calendar/tools/calendar-get-event.ts +11 -5
package/src/config/bundled-skills/google-calendar/tools/calendar-list-events.ts +13 -7
package/src/config/bundled-skills/google-calendar/tools/calendar-rsvp.ts +28 -12
package/src/config/bundled-skills/google-calendar/tools/shared.ts +6 -4
package/src/config/bundled-skills/google-calendar/types.ts +3 -3
package/src/config/bundled-skills/guardian-verify-setup/SKILL.md +88 -33
package/src/config/bundled-skills/image-studio/TOOLS.json +12 -2
package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +48 -25
package/src/config/bundled-skills/knowledge-graph/TOOLS.json +13 -3
package/src/config/bundled-skills/knowledge-graph/tools/graph-query.ts +60 -35
package/src/config/bundled-skills/mcp-setup/SKILL.md +75 -0
package/src/config/bundled-skills/media-processing/SKILL.md +55 -15
package/src/config/bundled-skills/media-processing/TOOLS.json +48 -2
package/src/config/bundled-skills/media-processing/__tests__/concurrency-pool.test.ts +12 -10
package/src/config/bundled-skills/media-processing/__tests__/cost-tracker.test.ts +34 -19
package/src/config/bundled-skills/media-processing/__tests__/preprocess.test.ts +82 -66
package/src/config/bundled-skills/media-processing/services/audio-transcribe.ts +148 -0
package/src/config/bundled-skills/media-processing/services/concurrency-pool.ts +1 -1
package/src/config/bundled-skills/media-processing/services/cost-tracker.ts +8 -3
package/src/config/bundled-skills/media-processing/services/gemini-map.ts +117 -53
package/src/config/bundled-skills/media-processing/services/gemini-video.ts +273 -0
package/src/config/bundled-skills/media-processing/services/preprocess.ts +185 -97
package/src/config/bundled-skills/media-processing/services/processing-pipeline.ts +32 -27
package/src/config/bundled-skills/media-processing/services/reduce.ts +101 -24
package/src/config/bundled-skills/media-processing/tools/analyze-keyframes.ts +121 -55
package/src/config/bundled-skills/media-processing/tools/extract-keyframes.ts +58 -24
package/src/config/bundled-skills/media-processing/tools/generate-clip.ts +198 -92
package/src/config/bundled-skills/media-processing/tools/ingest-media.ts +98 -70
package/src/config/bundled-skills/media-processing/tools/media-diagnostics.ts +59 -19
package/src/config/bundled-skills/media-processing/tools/media-status.ts +26 -10
package/src/config/bundled-skills/media-processing/tools/query-media-events.ts +29 -14
package/src/config/bundled-skills/messaging/SKILL.md +7 -5
package/src/config/bundled-skills/messaging/TOOLS.json +232 -186
package/src/config/bundled-skills/messaging/tools/gmail-archive-by-query.ts +31 -13
package/src/config/bundled-skills/messaging/tools/gmail-archive.ts +16 -10
package/src/config/bundled-skills/messaging/tools/gmail-batch-label.ts +18 -9
package/src/config/bundled-skills/messaging/tools/gmail-download-attachment.ts +23 -16
package/src/config/bundled-skills/messaging/tools/gmail-draft.ts +28 -12
package/src/config/bundled-skills/messaging/tools/gmail-filters.ts +41 -21
package/src/config/bundled-skills/messaging/tools/gmail-follow-up.ts +44 -23
package/src/config/bundled-skills/messaging/tools/gmail-forward.ts +73 -33
package/src/config/bundled-skills/messaging/tools/gmail-label.ts +15 -9
package/src/config/bundled-skills/messaging/tools/gmail-list-attachments.ts +22 -14
package/src/config/bundled-skills/messaging/tools/gmail-outreach-scan.ts +99 -50
package/src/config/bundled-skills/messaging/tools/gmail-send-draft.ts +14 -8
package/src/config/bundled-skills/messaging/tools/gmail-send-with-attachments.ts +63 -44
package/src/config/bundled-skills/messaging/tools/gmail-sender-digest.ts +90 -46
package/src/config/bundled-skills/messaging/tools/gmail-summarize-thread.ts +43 -22
package/src/config/bundled-skills/messaging/tools/gmail-trash.ts +15 -9
package/src/config/bundled-skills/messaging/tools/gmail-triage.ts +51 -22
package/src/config/bundled-skills/messaging/tools/gmail-unsubscribe.ts +62 -26
package/src/config/bundled-skills/messaging/tools/gmail-vacation.ts +34 -19
package/src/config/bundled-skills/messaging/tools/google-contacts.ts +32 -16
package/src/config/bundled-skills/messaging/tools/messaging-analyze-activity.ts +10 -4
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +91 -47
package/src/config/bundled-skills/messaging/tools/messaging-archive-by-sender.ts +21 -9
package/src/config/bundled-skills/messaging/tools/messaging-auth-test.ts +9 -3
package/src/config/bundled-skills/messaging/tools/messaging-draft.ts +30 -17
package/src/config/bundled-skills/messaging/tools/messaging-list-conversations.ts +10 -4
package/src/config/bundled-skills/messaging/tools/messaging-mark-read.ts +14 -6
package/src/config/bundled-skills/messaging/tools/messaging-read.ts +16 -5
package/src/config/bundled-skills/messaging/tools/messaging-reply.ts +63 -36
package/src/config/bundled-skills/messaging/tools/messaging-search.ts +10 -4
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +30 -12
package/src/config/bundled-skills/messaging/tools/messaging-sender-digest.ts +48 -29
package/src/config/bundled-skills/messaging/tools/scan-result-store.ts +20 -6
package/src/config/bundled-skills/messaging/tools/send-notification.ts +1 -1
package/src/config/bundled-skills/messaging/tools/sequence-analytics.ts +59 -22
package/src/config/bundled-skills/messaging/tools/sequence-cancel.ts +13 -7
package/src/config/bundled-skills/messaging/tools/sequence-create.ts +27 -12
package/src/config/bundled-skills/messaging/tools/sequence-delete.ts +14 -6
package/src/config/bundled-skills/messaging/tools/sequence-enroll.ts +30 -11
package/src/config/bundled-skills/messaging/tools/sequence-enrollment-list.ts +16 -8
package/src/config/bundled-skills/messaging/tools/sequence-get.ts +31 -13
package/src/config/bundled-skills/messaging/tools/sequence-import.ts +38 -22
package/src/config/bundled-skills/messaging/tools/sequence-list.ts +16 -7
package/src/config/bundled-skills/messaging/tools/sequence-pause.ts +29 -10
package/src/config/bundled-skills/messaging/tools/sequence-resume.ts +16 -8
package/src/config/bundled-skills/messaging/tools/sequence-update.ts +35 -16
package/src/config/bundled-skills/messaging/tools/shared.ts +26 -12
package/src/config/bundled-skills/notifications/SKILL.md +3 -2
package/src/config/bundled-skills/notifications/TOOLS.json +7 -13
package/src/config/bundled-skills/notifications/tools/send-notification.ts +69 -34
package/src/config/bundled-skills/notifications/tools/shared.ts +1 -1
package/src/config/bundled-skills/phone-calls/SKILL.md +46 -48
package/src/config/bundled-skills/phone-calls/TOOLS.json +13 -1
package/src/config/bundled-skills/phone-calls/tools/call-end.ts +1 -1
package/src/config/bundled-skills/phone-calls/tools/call-start.ts +1 -1
package/src/config/bundled-skills/phone-calls/tools/call-status.ts +1 -1
package/src/config/bundled-skills/playbooks/TOOLS.json +16 -0
package/src/config/bundled-skills/playbooks/tools/playbook-create.ts +91 -51
package/src/config/bundled-skills/playbooks/tools/playbook-delete.ts +30 -16
package/src/config/bundled-skills/playbooks/tools/playbook-list.ts +66 -27
package/src/config/bundled-skills/playbooks/tools/playbook-update.ts +89 -42
package/src/config/bundled-skills/public-ingress/SKILL.md +26 -19
package/src/config/bundled-skills/reminder/TOOLS.json +15 -2
package/src/config/bundled-skills/reminder/tools/reminder-cancel.ts +5 -2
package/src/config/bundled-skills/reminder/tools/reminder-create.ts +5 -2
package/src/config/bundled-skills/reminder/tools/reminder-list.ts +5 -2
package/src/config/bundled-skills/schedule/SKILL.md +33 -15
package/src/config/bundled-skills/schedule/TOOLS.json +17 -1
package/src/config/bundled-skills/schedule/tools/schedule-create.ts +5 -2
package/src/config/bundled-skills/schedule/tools/schedule-delete.ts +5 -2
package/src/config/bundled-skills/schedule/tools/schedule-list.ts +5 -2
package/src/config/bundled-skills/schedule/tools/schedule-update.ts +5 -2
package/src/config/bundled-skills/screen-recording/SKILL.md +11 -3
package/src/config/bundled-skills/self-upgrade/SKILL.md +9 -8
package/src/config/bundled-skills/slack/SKILL.md +30 -1
package/src/config/bundled-skills/slack/TOOLS.json +122 -17
package/src/config/bundled-skills/slack/tools/shared.ts +7 -5
package/src/config/bundled-skills/slack/tools/slack-add-reaction.ts +11 -5
package/src/config/bundled-skills/slack/tools/slack-channel-details.ts +11 -5
package/src/config/bundled-skills/slack/tools/slack-channel-permissions.ts +146 -0
package/src/config/bundled-skills/slack/tools/slack-configure-channels.ts +46 -16
package/src/config/bundled-skills/slack/tools/slack-delete-message.ts +11 -5
package/src/config/bundled-skills/slack/tools/slack-edit-message.ts +28 -0
package/src/config/bundled-skills/slack/tools/slack-leave-channel.ts +12 -6
package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts +120 -0
package/src/config/bundled-skills/slack-app-setup/SKILL.md +200 -0
package/src/config/bundled-skills/sms-setup/SKILL.md +5 -8
package/src/config/bundled-skills/subagent/TOOLS.json +22 -2
package/src/config/bundled-skills/subagent/tools/subagent-abort.ts +5 -2
package/src/config/bundled-skills/subagent/tools/subagent-message.ts +5 -2
package/src/config/bundled-skills/subagent/tools/subagent-read.ts +5 -2
package/src/config/bundled-skills/subagent/tools/subagent-spawn.ts +5 -2
package/src/config/bundled-skills/subagent/tools/subagent-status.ts +5 -2
package/src/config/bundled-skills/tasks/TOOLS.json +86 -14
package/src/config/bundled-skills/tasks/tools/task-delete.ts +5 -2
package/src/config/bundled-skills/tasks/tools/task-list-add.ts +5 -2
package/src/config/bundled-skills/tasks/tools/task-list-remove.ts +5 -2
package/src/config/bundled-skills/tasks/tools/task-list-show.ts +5 -2
package/src/config/bundled-skills/tasks/tools/task-list-update.ts +5 -2
package/src/config/bundled-skills/tasks/tools/task-list.ts +5 -2
package/src/config/bundled-skills/tasks/tools/task-queue-run.ts +5 -2
package/src/config/bundled-skills/tasks/tools/task-run.ts +5 -2
package/src/config/bundled-skills/tasks/tools/task-save.ts +5 -2
package/src/config/bundled-skills/telegram-setup/SKILL.md +7 -8
package/src/config/bundled-skills/transcribe/TOOLS.json +4 -0
package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts +232 -127
package/src/config/bundled-skills/twilio-setup/SKILL.md +7 -12
package/src/config/bundled-skills/twitter/SKILL.md +19 -2
package/src/config/bundled-skills/voice-setup/SKILL.md +5 -5
package/src/config/bundled-skills/watcher/TOOLS.json +20 -0
package/src/config/bundled-skills/watcher/tools/watcher-create.ts +5 -2
package/src/config/bundled-skills/watcher/tools/watcher-delete.ts +5 -2
package/src/config/bundled-skills/watcher/tools/watcher-digest.ts +5 -2
package/src/config/bundled-skills/watcher/tools/watcher-list.ts +5 -2
package/src/config/bundled-skills/watcher/tools/watcher-update.ts +5 -2
package/src/config/bundled-skills/weather/TOOLS.json +4 -0
package/src/config/bundled-skills/weather/tools/get-weather.ts +5 -2
package/src/config/bundled-tool-registry.ts +2 -0
package/src/config/calls-schema.ts +108 -63
package/src/config/channel-permission-profiles.ts +155 -0
package/src/config/computer-use-prompt.ts +7 -7
package/src/config/core-schema.ts +239 -155
package/src/config/defaults.ts +2 -2
package/src/config/elevenlabs-schema.ts +15 -15
package/src/config/env-registry.ts +33 -33
package/src/config/env.ts +4 -1
package/src/config/feature-flag-registry.json +31 -7
package/src/config/loader.ts +118 -58
package/src/config/mcp-schema.ts +29 -15
package/src/config/memory-schema.ts +434 -229
package/src/config/notifications-schema.ts +4 -4
package/src/config/sandbox-schema.ts +2 -2
package/src/config/schema.ts +12 -2
package/src/config/skill-state.ts +27 -15
package/src/config/skills-schema.ts +72 -23
package/src/config/skills.ts +303 -143
package/src/config/system-prompt.ts +25 -6
package/src/config/types.ts +1 -1
package/src/config/update-bulletin-format.ts +3 -3
package/src/config/update-bulletin-state.ts +15 -6
package/src/config/update-bulletin-template-path.ts +8 -4
package/src/config/update-bulletin.ts +33 -14
package/src/config/user-reference.ts +8 -8
package/src/contacts/contact-events.ts +21 -0
package/src/contacts/contact-store.ts +813 -100
package/src/contacts/contacts-write.ts +287 -0
package/src/contacts/index.ts +13 -4
package/src/contacts/startup-migration.ts +21 -0
package/src/contacts/types.ts +73 -2
package/src/context/token-estimator.ts +54 -31
package/src/context/tool-result-truncation.ts +41 -7
package/src/context/window-manager.ts +225 -120
package/src/daemon/approval-generators.ts +83 -55
package/src/daemon/approved-devices-store.ts +33 -20
package/src/daemon/assistant-attachments.ts +157 -101
package/src/daemon/auth-manager.ts +17 -15
package/src/daemon/classifier.ts +117 -46
package/src/daemon/computer-use-session.ts +316 -187
package/src/daemon/config-watcher.ts +91 -44
package/src/daemon/connection-policy.ts +18 -10
package/src/daemon/context-overflow-approval.ts +48 -0
package/src/daemon/context-overflow-policy.ts +50 -0
package/src/daemon/context-overflow-reducer.ts +300 -0
package/src/daemon/daemon-control.ts +79 -51
package/src/daemon/date-context.ts +119 -69
package/src/daemon/dictation-profile-store.ts +94 -48
package/src/daemon/dictation-text-processing.ts +33 -12
package/src/daemon/doordash-steps.ts +92 -49
package/src/daemon/guardian-action-generators.ts +62 -46
package/src/daemon/guardian-verification-intent.ts +35 -19
package/src/daemon/handlers/apps.ts +258 -113
package/src/daemon/handlers/avatar.ts +20 -15
package/src/daemon/handlers/computer-use.ts +82 -39
package/src/daemon/handlers/config-channels.ts +146 -69
package/src/daemon/handlers/config-heartbeat.ts +114 -59
package/src/daemon/handlers/config-inbox.ts +213 -160
package/src/daemon/handlers/config-ingress.ts +127 -55
package/src/daemon/handlers/config-integrations.ts +145 -88
package/src/daemon/handlers/config-model.ts +58 -22
package/src/daemon/handlers/config-platform.ts +40 -16
package/src/daemon/handlers/config-scheduling.ts +109 -48
package/src/daemon/handlers/config-slack-channel.ts +67 -35
package/src/daemon/handlers/config-slack.ts +21 -20
package/src/daemon/handlers/config-telegram.ts +100 -70
package/src/daemon/handlers/config-tools.ts +103 -55
package/src/daemon/handlers/config-trust.ts +50 -20
package/src/daemon/handlers/config.ts +72 -24
package/src/daemon/handlers/contacts.ts +163 -0
package/src/daemon/handlers/diagnostics.ts +90 -48
package/src/daemon/handlers/documents.ts +74 -46
package/src/daemon/handlers/guardian-actions.ts +57 -77
package/src/daemon/handlers/home-base.ts +19 -16
package/src/daemon/handlers/identity.ts +65 -45
package/src/daemon/handlers/index.ts +78 -54
package/src/daemon/handlers/misc.ts +664 -234
package/src/daemon/handlers/navigate-settings.ts +14 -11
package/src/daemon/handlers/oauth-connect.ts +48 -35
package/src/daemon/handlers/open-bundle-handler.ts +31 -24
package/src/daemon/handlers/pairing.ts +51 -25
package/src/daemon/handlers/publish.ts +55 -33
package/src/daemon/handlers/recording.ts +378 -162
package/src/daemon/handlers/sessions.ts +922 -423
package/src/daemon/handlers/shared.ts +202 -117
package/src/daemon/handlers/signing.ts +25 -6
package/src/daemon/handlers/subagents.ts +117 -56
package/src/daemon/handlers/twitter-auth.ts +70 -49
package/src/daemon/handlers/work-items.ts +264 -112
package/src/daemon/handlers/workspace-files.ts +27 -20
package/src/daemon/handlers.ts +2 -2
package/src/daemon/history-repair.ts +16 -15
package/src/daemon/identity-helpers.ts +4 -4
package/src/daemon/install-cli-launchers.ts +33 -22
package/src/daemon/ipc-blob-store.ts +38 -24
package/src/daemon/ipc-contract/apps.ts +61 -50
package/src/daemon/ipc-contract/computer-use.ts +47 -37
package/src/daemon/ipc-contract/contacts.ts +69 -0
package/src/daemon/ipc-contract/diagnostics.ts +14 -14
package/src/daemon/ipc-contract/documents.ts +8 -8
package/src/daemon/ipc-contract/guardian-actions.ts +4 -4
package/src/daemon/ipc-contract/inbox.ts +12 -71
package/src/daemon/ipc-contract/integrations.ts +57 -44
package/src/daemon/ipc-contract/memory.ts +3 -5
package/src/daemon/ipc-contract/messages.ts +95 -69
package/src/daemon/ipc-contract/notifications.ts +10 -6
package/src/daemon/ipc-contract/pairing.ts +8 -8
package/src/daemon/ipc-contract/schedules.ts +20 -20
package/src/daemon/ipc-contract/sessions.ts +89 -57
package/src/daemon/ipc-contract/settings.ts +12 -7
package/src/daemon/ipc-contract/shared.ts +9 -7
package/src/daemon/ipc-contract/skills.ts +46 -26
package/src/daemon/ipc-contract/subagents.ts +9 -9
package/src/daemon/ipc-contract/surfaces.ts +0 -1
package/src/daemon/ipc-contract/trust.ts +11 -11
package/src/daemon/ipc-contract/work-items.ts +33 -28
package/src/daemon/ipc-contract/workspace.ts +28 -21
package/src/daemon/ipc-contract-inventory.json +10 -4
package/src/daemon/ipc-contract-inventory.ts +29 -26
package/src/daemon/ipc-contract.ts +111 -44
package/src/daemon/ipc-handler.ts +27 -19
package/src/daemon/ipc-protocol.ts +22 -12
package/src/daemon/ipc-validate.ts +91 -46
package/src/daemon/lifecycle.ts +39 -3
package/src/daemon/main.ts +10 -8
package/src/daemon/media-visibility-policy.ts +3 -1
package/src/daemon/pairing-store.ts +72 -40
package/src/daemon/providers-setup.ts +35 -25
package/src/daemon/recording-executor.ts +37 -30
package/src/daemon/recording-intent-fallback.ts +58 -28
package/src/daemon/recording-intent.ts +71 -61
package/src/daemon/ride-shotgun-handler.ts +201 -121
package/src/daemon/seed-files.ts +28 -17
package/src/daemon/server.ts +23 -14
package/src/daemon/session-agent-loop-handlers.ts +270 -135
package/src/daemon/session-agent-loop.ts +796 -253
package/src/daemon/session-attachments.ts +109 -40
package/src/daemon/session-conflict-gate.ts +72 -28
package/src/daemon/session-dynamic-profile.ts +36 -22
package/src/daemon/session-error.ts +68 -45
package/src/daemon/session-evictor.ts +17 -10
package/src/daemon/session-history.ts +201 -89
package/src/daemon/session-lifecycle.ts +80 -44
package/src/daemon/session-media-retry.ts +104 -42
package/src/daemon/session-memory.ts +77 -55
package/src/daemon/session-messaging.ts +261 -111
package/src/daemon/session-notifiers.ts +57 -45
package/src/daemon/session-process.ts +370 -154
package/src/daemon/session-queue-manager.ts +30 -13
package/src/daemon/session-runtime-assembly.ts +61 -15
package/src/daemon/session-skill-tools.ts +84 -36
package/src/daemon/session-slash.ts +178 -113
package/src/daemon/session-surfaces.ts +498 -212
package/src/daemon/session-tool-setup.ts +24 -16
package/src/daemon/session-usage.ts +26 -13
package/src/daemon/session-workspace.ts +7 -4
package/src/daemon/session.ts +18 -19
package/src/daemon/shutdown-handlers.ts +36 -33
package/src/daemon/tls-certs.ts +90 -57
package/src/daemon/tool-side-effects.ts +97 -65
package/src/daemon/trace-emitter.ts +8 -7
package/src/daemon/video-thumbnail.ts +55 -25
package/src/daemon/watch-handler.ts +164 -86
package/src/email/provider.ts +1 -1
package/src/email/providers/agentmail.ts +87 -45
package/src/email/providers/index.ts +19 -14
package/src/email/service.ts +52 -24
package/src/email/types.ts +2 -2
package/src/errors.ts +1 -1
package/src/events/bus.ts +30 -10
package/src/events/domain-events.ts +20 -13
package/src/events/index.ts +6 -6
package/src/events/tool-audit-listener.ts +34 -20
package/src/events/tool-domain-event-publisher.ts +22 -20
package/src/events/tool-metrics-listener.ts +26 -21
package/src/events/tool-notification-listener.ts +5 -5
package/src/events/tool-profiling-listener.ts +33 -23
package/src/events/tool-trace-listener.ts +70 -46
package/src/export/formatter.ts +38 -32
package/src/followups/followup-store.ts +43 -36
package/src/followups/index.ts +2 -2
package/src/followups/types.ts +1 -1
package/src/gallery/default-gallery.ts +37 -34
package/src/gallery/gallery-manifest.ts +9 -9
package/src/heartbeat/heartbeat-service.ts +59 -37
package/src/home-base/app-link-store.ts +14 -12
package/src/home-base/bootstrap.ts +14 -8
package/src/home-base/prebuilt/seed.ts +34 -26
package/src/home-base/prebuilt-home-base-updater.ts +14 -8
package/src/hooks/cli.ts +56 -43
package/src/hooks/config.ts +27 -14
package/src/hooks/discovery.ts +53 -33
package/src/hooks/manager.ts +50 -26
package/src/hooks/runner.ts +35 -29
package/src/hooks/templates.ts +38 -15
package/src/hooks/types.ts +13 -13
package/src/inbound/platform-callback-registration.ts +21 -15
package/src/inbound/public-ingress-urls.ts +9 -6
package/src/index.ts +20 -19
package/src/influencer/client.ts +261 -117
package/src/instrument.ts +3 -1
package/src/logfire.ts +64 -39
package/src/mcp/client.ts +107 -55
package/src/mcp/manager.ts +45 -18
package/src/mcp/mcp-oauth-provider.ts +114 -62
package/src/media/gemini-image-service.ts +75 -23
package/src/memory/account-store.ts +16 -9
package/src/memory/admin.ts +87 -57
package/src/memory/app-git-service.ts +77 -47
package/src/memory/app-store.ts +148 -78
package/src/memory/attachments-store.ts +123 -53
package/src/memory/canonical-guardian-store.ts +190 -48
package/src/memory/channel-delivery-store.ts +5 -5
package/src/memory/channel-guardian-store.ts +31 -16
package/src/memory/checkpoints.ts +14 -7
package/src/memory/clarification-resolver.ts +219 -104
package/src/memory/conflict-intent.ts +74 -23
package/src/memory/conflict-policy.ts +20 -7
package/src/memory/conflict-store.ts +144 -94
package/src/memory/contradiction-checker.ts +257 -132
package/src/memory/conversation-attention-store.ts +74 -32
package/src/memory/conversation-bootstrap.ts +28 -0
package/src/memory/conversation-crud.ts +12 -5
package/src/memory/conversation-display-order-migration.ts +7 -7
package/src/memory/conversation-key-store.ts +18 -13
package/src/memory/conversation-queries.ts +130 -52
package/src/memory/conversation-store.ts +43 -26
package/src/memory/conversation-title-service.ts +89 -66
package/src/memory/db-init.ts +94 -2
package/src/memory/db.ts +10 -3
package/src/memory/delivery-channels.ts +12 -6
package/src/memory/delivery-crud.ts +26 -12
package/src/memory/delivery-status.ts +19 -16
package/src/memory/embedding-backend.ts +205 -77
package/src/memory/embedding-gemini.ts +23 -10
package/src/memory/embedding-local.ts +89 -44
package/src/memory/embedding-ollama.ts +25 -13
package/src/memory/embedding-openai.ts +20 -11
package/src/memory/embedding-runtime-manager.ts +163 -90
package/src/memory/entity-extractor.ts +185 -123
package/src/memory/external-conversation-store.ts +30 -12
package/src/memory/fingerprint.ts +2 -2
package/src/memory/fts-reconciler.ts +57 -28
package/src/memory/guardian-action-store.ts +162 -100
package/src/memory/guardian-approvals.ts +63 -129
package/src/memory/guardian-rate-limits.ts +20 -9
package/src/memory/guardian-verification.ts +82 -35
package/src/memory/indexer.ts +96 -55
package/src/memory/{ingress-invite-store.ts → invite-store.ts} +28 -169
package/src/memory/items-extractor.ts +313 -157
package/src/memory/job-handlers/backfill.ts +116 -63
package/src/memory/job-handlers/cleanup.ts +64 -41
package/src/memory/job-handlers/conflict.ts +90 -49
package/src/memory/job-handlers/embedding.ts +32 -17
package/src/memory/job-handlers/extraction.ts +58 -33
package/src/memory/job-handlers/index-maintenance.ts +31 -17
package/src/memory/job-handlers/media-processing.ts +65 -24
package/src/memory/job-handlers/summarization.ts +186 -128
package/src/memory/job-utils.ts +100 -57
package/src/memory/jobs-store.ts +235 -142
package/src/memory/jobs-worker.ts +167 -83
package/src/memory/llm-request-log-store.ts +13 -11
package/src/memory/llm-usage-store.ts +35 -26
package/src/memory/media-store.ts +151 -44
package/src/memory/message-content.ts +28 -18
package/src/memory/migrations/001-job-deferrals.ts +11 -5
package/src/memory/migrations/002-tool-invocations-fk.ts +14 -6
package/src/memory/migrations/003-memory-fts-backfill.ts +11 -5
package/src/memory/migrations/004-entity-relation-dedup.ts +17 -11
package/src/memory/migrations/005-fingerprint-scope-unique.ts +36 -21
package/src/memory/migrations/006-scope-salted-fingerprints.ts +35 -20
package/src/memory/migrations/007-assistant-id-to-self.ts +40 -27
package/src/memory/migrations/008-remove-assistant-id-columns.ts +58 -36
package/src/memory/migrations/009-llm-usage-events-drop-assistant-id.ts +36 -22
package/src/memory/migrations/010-ext-conv-bindings-channel-chat-unique.ts +21 -11
package/src/memory/migrations/011-call-sessions-provider-sid-dedup.ts +30 -15
package/src/memory/migrations/012-call-sessions-add-initiated-from.ts +4 -2
package/src/memory/migrations/013-guardian-action-tables.ts +29 -11
package/src/memory/migrations/014-backfill-inbox-thread-state.ts +35 -21
package/src/memory/migrations/015-drop-active-search-index.ts +17 -11
package/src/memory/migrations/016-memory-segments-indexes.ts +7 -3
package/src/memory/migrations/017-memory-items-indexes.ts +4 -2
package/src/memory/migrations/018-remaining-table-indexes.ts +13 -5
package/src/memory/migrations/019-notification-tables-schema-migration.ts +34 -20
package/src/memory/migrations/020-rename-macos-ios-channel-to-vellum.ts +87 -53
package/src/memory/migrations/021-conversation-status-indexes.ts +7 -3
package/src/memory/migrations/022-add-origin-interface.ts +4 -2
package/src/memory/migrations/023-memory-item-sources-indexes.ts +4 -2
package/src/memory/migrations/024-embedding-vector-blob.ts +34 -18
package/src/memory/migrations/025-messages-fts-backfill.ts +11 -5
package/src/memory/migrations/026-guardian-verification-sessions.ts +80 -14
package/src/memory/migrations/026a-embeddings-nullable-vector-json.ts +42 -26
package/src/memory/migrations/027-notification-delivery-pairing-columns.ts +22 -8
package/src/memory/migrations/027a-guardian-bootstrap-token.ts +11 -3
package/src/memory/migrations/028-call-session-mode.ts +13 -3
package/src/memory/migrations/028-notification-delivery-client-ack.ts +22 -8
package/src/memory/migrations/029-channel-inbound-delivered-segments.ts +7 -3
package/src/memory/migrations/030-guardian-action-followup.ts +46 -8
package/src/memory/migrations/030-guardian-verification-purpose.ts +4 -2
package/src/memory/migrations/031-conversations-thread-type-index.ts +4 -2
package/src/memory/migrations/032-guardian-delivery-conversation-index.ts +4 -2
package/src/memory/migrations/032-notification-delivery-thread-decision.ts +22 -8
package/src/memory/migrations/033-scoped-approval-grants.ts +1 -1
package/src/memory/migrations/034-guardian-action-tool-metadata.ts +15 -3
package/src/memory/migrations/035-guardian-action-supersession.ts +15 -3
package/src/memory/migrations/036-normalize-phone-identities.ts +101 -87
package/src/memory/migrations/037-voice-invite-columns.ts +22 -4
package/src/memory/migrations/038-actor-token-records.ts +5 -9
package/src/memory/migrations/039-actor-refresh-token-records.ts +7 -13
package/src/memory/migrations/100-core-tables.ts +1 -1
package/src/memory/migrations/101-watchers-and-logs.ts +1 -1
package/src/memory/migrations/103-complex-migrations.ts +9 -9
package/src/memory/migrations/104-core-indexes.ts +188 -64
package/src/memory/migrations/105-contacts-and-triage.ts +28 -10
package/src/memory/migrations/106-call-sessions.ts +58 -16
package/src/memory/migrations/107-followups.ts +16 -6
package/src/memory/migrations/108-tasks-and-work-items.ts +43 -11
package/src/memory/migrations/109-external-conversation-bindings.ts +11 -5
package/src/memory/migrations/110-channel-guardian.ts +48 -10
package/src/memory/migrations/111-media-assets.ts +52 -18
package/src/memory/migrations/112-assistant-inbox.ts +32 -12
package/src/memory/migrations/113-late-migrations.ts +12 -12
package/src/memory/migrations/114-notifications.ts +28 -12
package/src/memory/migrations/115-sequences.ts +10 -4
package/src/memory/migrations/116-messages-fts.ts +1 -1
package/src/memory/migrations/117-conversation-attention.ts +16 -6
package/src/memory/migrations/118-reminder-routing-intent.ts +7 -3
package/src/memory/migrations/119-schema-indexes-and-columns.ts +35 -15
package/src/memory/migrations/120-fk-cascade-rebuilds.ts +36 -17
package/src/memory/migrations/121-canonical-guardian-requests.ts +25 -9
package/src/memory/migrations/122-canonical-guardian-requester-chat-id.ts +11 -3
package/src/memory/migrations/123-canonical-guardian-deliveries-destination-index.ts +4 -2
package/src/memory/migrations/124-voice-invite-display-metadata.ts +15 -3
package/src/memory/migrations/125-guardian-principal-id-columns.ts +22 -4
package/src/memory/migrations/126-backfill-guardian-principal-id.ts +174 -126
package/src/memory/migrations/127-guardian-principal-id-not-null.ts +58 -42
package/src/memory/migrations/128-contacts-role-principal.ts +26 -0
package/src/memory/migrations/129-contact-channels-access-fields.ts +105 -0
package/src/memory/migrations/130-contact-channels-type-ext-chat-id-index.ts +15 -0
package/src/memory/migrations/131-drop-legacy-member-guardian-tables.ts +134 -0
package/src/memory/migrations/132-contacts-assistant-id.ts +21 -0
package/src/memory/migrations/133-assistant-contact-metadata.ts +21 -0
package/src/memory/migrations/index.ts +83 -73
package/src/memory/migrations/registry.ts +53 -37
package/src/memory/migrations/validate-migration-state.ts +73 -46
package/src/memory/profile-compiler.ts +58 -24
package/src/memory/published-pages-store.ts +12 -16
package/src/memory/qdrant-circuit-breaker.ts +28 -20
package/src/memory/qdrant-client.ts +99 -63
package/src/memory/qdrant-manager.ts +89 -57
package/src/memory/query-builder.ts +9 -7
package/src/memory/raw-query.ts +63 -14
package/src/memory/recall-cache.ts +15 -8
package/src/memory/retrieval-budget.ts +0 -1
package/src/memory/retriever.ts +385 -192
package/src/memory/schema-migration.ts +1 -1
package/src/memory/schema.ts +56 -56
package/src/memory/scoped-approval-grants.ts +99 -45
package/src/memory/search/entity.ts +102 -40
package/src/memory/search/formatting.ts +70 -52
package/src/memory/search/lexical.ts +82 -43
package/src/memory/search/ranking.ts +103 -39
package/src/memory/search/semantic.ts +59 -35
package/src/memory/search/types.ts +8 -8
package/src/memory/segmenter.ts +20 -12
package/src/memory/shared-app-links-store.ts +21 -16
package/src/memory/slack-thread-store.ts +187 -0
package/src/memory/task-memory-cleanup.ts +18 -8
package/src/memory/tool-usage-store.ts +27 -19
package/src/memory/validation.ts +4 -2
package/src/messaging/activity-analyzer.ts +7 -7
package/src/messaging/draft-store.ts +13 -10
package/src/messaging/email-classifier.ts +73 -37
package/src/messaging/index.ts +3 -3
package/src/messaging/outreach-classifier.ts +76 -38
package/src/messaging/provider-types.ts +2 -4
package/src/messaging/provider.ts +37 -8
package/src/messaging/providers/gmail/adapter.ts +183 -66
package/src/messaging/providers/gmail/client.ts +3 -1
package/src/messaging/providers/gmail/mime-builder.ts +21 -19
package/src/messaging/providers/gmail/people-client.ts +22 -9
package/src/messaging/providers/gmail/types.ts +6 -6
package/src/messaging/providers/slack/adapter.ts +93 -43
package/src/messaging/providers/slack/client.ts +165 -48
package/src/messaging/providers/slack/types.ts +10 -0
package/src/messaging/providers/sms/adapter.ts +76 -40
package/src/messaging/providers/sms/client.ts +4 -4
package/src/messaging/providers/telegram-bot/adapter.ts +52 -30
package/src/messaging/providers/telegram-bot/client.ts +7 -7
package/src/messaging/providers/whatsapp/adapter.ts +58 -31
package/src/messaging/providers/whatsapp/client.ts +4 -4
package/src/messaging/registry.ts +9 -5
package/src/messaging/style-analyzer.ts +69 -39
package/src/messaging/thread-summarizer.ts +101 -53
package/src/messaging/triage-engine.ts +111 -82
package/src/messaging/types.ts +10 -10
package/src/migrations/config-merge.ts +18 -10
package/src/migrations/data-layout.ts +35 -22
package/src/migrations/data-merge.ts +17 -7
package/src/migrations/hooks-merge.ts +43 -16
package/src/migrations/index.ts +6 -6
package/src/migrations/log.ts +9 -5
package/src/migrations/skills-merge.ts +17 -7
package/src/migrations/workspace-layout.ts +39 -25
package/src/notifications/AGENTS.md +5 -0
package/src/notifications/adapters/macos.ts +21 -14
package/src/notifications/adapters/slack.ts +90 -0
package/src/notifications/adapters/sms.ts +28 -15
package/src/notifications/adapters/telegram.ts +24 -15
package/src/notifications/broadcaster.ts +108 -52
package/src/notifications/conversation-pairing.ts +64 -29
package/src/notifications/copy-composer.ts +165 -95
package/src/notifications/decision-engine.ts +353 -147
package/src/notifications/decisions-store.ts +26 -10
package/src/notifications/deliveries-store.ts +23 -13
package/src/notifications/destination-resolver.ts +83 -24
package/src/notifications/deterministic-checks.ts +78 -27
package/src/notifications/emit-signal.ts +95 -41
package/src/notifications/events-store.ts +13 -7
package/src/notifications/guardian-question-mode.ts +125 -75
package/src/notifications/preference-extractor.ts +85 -53
package/src/notifications/preference-summary.ts +31 -18
package/src/notifications/preferences-store.ts +29 -18
package/src/notifications/runtime-dispatch.ts +22 -12
package/src/notifications/signal.ts +4 -4
package/src/notifications/thread-candidates.ts +59 -23
package/src/notifications/thread-seed-composer.ts +45 -27
package/src/notifications/types.ts +19 -10
package/src/oauth/connect-orchestrator.ts +105 -54
package/src/oauth/connect-types.ts +3 -3
package/src/oauth/provider-profiles.ts +102 -59
package/src/oauth/scope-policy.ts +5 -2
package/src/oauth/token-persistence.ts +58 -24
package/src/outbound-proxy/certs.ts +284 -0
package/src/outbound-proxy/config.ts +94 -0
package/src/outbound-proxy/connect-tunnel.ts +84 -0
package/src/outbound-proxy/health.ts +62 -0
package/src/outbound-proxy/host-pattern-match.ts +67 -0
package/src/outbound-proxy/http-forwarder.ts +162 -0
package/src/outbound-proxy/index.ts +80 -0
package/src/outbound-proxy/logging.ts +193 -0
package/src/outbound-proxy/mitm-handler.ts +292 -0
package/src/outbound-proxy/policy.ts +172 -0
package/src/outbound-proxy/router.ts +64 -0
package/src/outbound-proxy/server.ts +145 -0
package/src/outbound-proxy/types.ts +150 -0
package/src/permissions/checker.ts +481 -189
package/src/permissions/defaults.ts +135 -108
package/src/permissions/prompter.ts +53 -27
package/src/permissions/secret-prompter.ts +21 -15
package/src/permissions/shell-identity.ts +47 -16
package/src/permissions/trust-store.ts +185 -73
package/src/permissions/types.ts +22 -12
package/src/permissions/workspace-policy.ts +47 -38
package/src/playbooks/index.ts +10 -2
package/src/playbooks/playbook-compiler.ts +30 -24
package/src/playbooks/types.ts +11 -8
package/src/providers/anthropic/client.ts +328 -168
package/src/providers/failover.ts +57 -22
package/src/providers/fireworks/client.ts +9 -5
package/src/providers/gemini/client.ts +61 -39
package/src/providers/model-intents.ts +40 -33
package/src/providers/ollama/client.ts +7 -7
package/src/providers/openai/client.ts +109 -68
package/src/providers/openrouter/client.ts +9 -5
package/src/providers/provider-send-message.ts +59 -27
package/src/providers/ratelimit.ts +25 -8
package/src/providers/registry.ts +86 -38
package/src/providers/retry.ts +93 -37
package/src/providers/stream-timeout.ts +5 -3
package/src/providers/types.ts +7 -6
package/src/runtime/AGENTS.md +42 -0
package/src/runtime/access-request-helper.ts +118 -68
package/src/runtime/actor-refresh-token-store.ts +21 -16
package/src/runtime/actor-token-store.ts +25 -18
package/src/runtime/actor-trust-resolver.ts +191 -80
package/src/runtime/approval-conversation-turn.ts +39 -26
package/src/runtime/approval-message-composer.ts +116 -84
package/src/runtime/assistant-event-hub.ts +25 -6
package/src/runtime/assistant-event.ts +4 -4
package/src/runtime/assistant-scope.ts +1 -1
package/src/runtime/auth/__tests__/guard-tests.test.ts +36 -14
package/src/runtime/auth/context.ts +8 -7
package/src/runtime/auth/credential-service.ts +60 -38
package/src/runtime/auth/external-assistant-id.ts +16 -8
package/src/runtime/auth/index.ts +23 -16
package/src/runtime/auth/require-bound-guardian.ts +44 -0
package/src/runtime/auth/route-policy.ts +166 -104
package/src/runtime/auth/scopes.ts +22 -29
package/src/runtime/auth/subject.ts +19 -13
package/src/runtime/auth/token-service.ts +3 -3
package/src/runtime/auth/types.ts +23 -23
package/src/runtime/channel-approval-parser.ts +37 -14
package/src/runtime/channel-approval-types.ts +30 -4
package/src/runtime/channel-approvals.ts +49 -23
package/src/runtime/channel-guardian-service.ts +144 -103
package/src/runtime/channel-invite-transport.ts +5 -3
package/src/runtime/channel-invite-transports/telegram.ts +16 -10
package/src/runtime/channel-invite-transports/voice.ts +7 -7
package/src/runtime/channel-readiness-service.ts +139 -90
package/src/runtime/channel-readiness-types.ts +4 -2
package/src/runtime/channel-reply-delivery.ts +83 -14
package/src/runtime/channel-retry-sweep.ts +111 -62
package/src/runtime/confirmation-request-guardian-bridge.ts +73 -54
package/src/runtime/gateway-client.ts +122 -55
package/src/runtime/gateway-internal-client.ts +86 -0
package/src/runtime/guardian-action-conversation-turn.ts +34 -18
package/src/runtime/guardian-action-followup-executor.ts +115 -45
package/src/runtime/guardian-action-grant-minter.ts +40 -24
package/src/runtime/guardian-action-message-composer.ts +105 -84
package/src/runtime/guardian-action-service.ts +127 -0
package/src/runtime/guardian-decision-types.ts +28 -13
package/src/runtime/guardian-outbound-actions.ts +9 -0
package/src/runtime/guardian-reply-router.ts +274 -145
package/src/runtime/guardian-vellum-migration.ts +38 -24
package/src/runtime/guardian-verification-templates.ts +24 -12
package/src/runtime/http-router.ts +175 -0
package/src/runtime/http-server.ts +913 -680
package/src/runtime/http-types.ts +2 -2
package/src/runtime/invite-redemption-service.ts +211 -134
package/src/runtime/invite-redemption-templates.ts +18 -11
package/src/runtime/{ingress-service.ts → invite-service.ts} +92 -151
package/src/runtime/local-actor-identity.ts +73 -55
package/src/runtime/middleware/auth.ts +25 -14
package/src/runtime/middleware/error-handler.ts +15 -11
package/src/runtime/middleware/rate-limiter.ts +23 -17
package/src/runtime/middleware/request-logger.ts +4 -4
package/src/runtime/middleware/twilio-validation.ts +29 -20
package/src/runtime/migrations/migration-transport.ts +575 -0
package/src/runtime/migrations/migration-wizard.ts +715 -0
package/src/runtime/migrations/rebind-secrets-screen.ts +351 -0
package/src/runtime/migrations/transfer-progress-screen.ts +321 -0
package/src/runtime/migrations/validation-results-screen.ts +467 -0
package/src/runtime/migrations/vbundle-builder.ts +295 -0
package/src/runtime/migrations/vbundle-import-analyzer.ts +212 -0
package/src/runtime/migrations/vbundle-importer.ts +339 -0
package/src/runtime/migrations/vbundle-validator.ts +356 -0
package/src/runtime/nl-approval-parser.ts +138 -0
package/src/runtime/pending-interactions.ts +16 -7
package/src/runtime/routes/access-request-decision.ts +73 -52
package/src/runtime/routes/app-routes.ts +56 -38
package/src/runtime/routes/approval-routes.ts +144 -92
package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +930 -0
package/src/runtime/routes/approval-strategies/guardian-legacy-fallback-strategy.ts +82 -0
package/src/runtime/routes/approval-strategies/guardian-text-engine-strategy.ts +151 -0
package/src/runtime/routes/attachment-routes.ts +59 -48
package/src/runtime/routes/brain-graph-routes.ts +85 -69
package/src/runtime/routes/call-routes.ts +79 -38
package/src/runtime/routes/canonical-guardian-expiry-sweep.ts +10 -10
package/src/runtime/routes/channel-delivery-routes.ts +19 -14
package/src/runtime/routes/channel-guardian-routes.ts +3 -3
package/src/runtime/routes/channel-inbound-routes.ts +2 -2
package/src/runtime/routes/channel-readiness-routes.ts +12 -6
package/src/runtime/routes/channel-route-shared.ts +67 -25
package/src/runtime/routes/channel-routes.ts +4 -6
package/src/runtime/routes/contact-routes.ts +374 -17
package/src/runtime/routes/conversation-attention-routes.ts +57 -28
package/src/runtime/routes/conversation-routes.ts +321 -174
package/src/runtime/routes/debug-routes.ts +14 -10
package/src/runtime/routes/events-routes.ts +90 -57
package/src/runtime/routes/global-search-routes.ts +266 -0
package/src/runtime/routes/guardian-action-routes.ts +112 -113
package/src/runtime/routes/guardian-approval-interception.ts +325 -874
package/src/runtime/routes/guardian-approval-prompt.ts +40 -24
package/src/runtime/routes/guardian-approval-reply-helpers.ts +135 -0
package/src/runtime/routes/guardian-bootstrap-routes.ts +55 -36
package/src/runtime/routes/guardian-expiry-sweep.ts +63 -37
package/src/runtime/routes/guardian-refresh-routes.ts +40 -19
package/src/runtime/routes/identity-routes.ts +71 -42
package/src/runtime/routes/inbound-conversation.ts +17 -11
package/src/runtime/routes/inbound-message-handler.ts +305 -1459
package/src/runtime/routes/inbound-stages/acl-enforcement.ts +880 -0
package/src/runtime/routes/inbound-stages/background-dispatch.ts +600 -0
package/src/runtime/routes/inbound-stages/bootstrap-intercept.ts +214 -0
package/src/runtime/routes/inbound-stages/edit-intercept.ts +116 -0
package/src/runtime/routes/inbound-stages/escalation-intercept.ts +167 -0
package/src/runtime/routes/inbound-stages/guardian-reply-intercept.ts +185 -0
package/src/runtime/routes/inbound-stages/secret-ingress-check.ts +132 -0
package/src/runtime/routes/inbound-stages/verification-intercept.ts +340 -0
package/src/runtime/routes/integration-routes.ts +60 -21
package/src/runtime/routes/invite-routes.ts +140 -0
package/src/runtime/routes/migration-routes.ts +434 -0
package/src/runtime/routes/pairing-routes.ts +157 -79
package/src/runtime/routes/secret-routes.ts +6 -2
package/src/runtime/routes/twilio-routes.ts +443 -249
package/src/runtime/slack-block-formatting.ts +176 -0
package/src/runtime/tool-grant-request-helper.ts +36 -27
package/src/runtime/{guardian-context-resolver.ts → trust-context-resolver.ts} +29 -41
package/src/schedule/integration-status.ts +44 -9
package/src/schedule/recurrence-engine.ts +47 -24
package/src/schedule/recurrence-types.ts +12 -7
package/src/schedule/schedule-store.ts +166 -83
package/src/schedule/scheduler.ts +37 -24
package/src/security/encrypted-store.ts +68 -38
package/src/security/keychain.ts +183 -120
package/src/security/oauth-callback-registry.ts +3 -3
package/src/security/oauth2.ts +226 -138
package/src/security/redaction.ts +24 -24
package/src/security/secret-allowlist.ts +46 -21
package/src/security/secret-ingress.ts +15 -7
package/src/security/secret-scanner.ts +193 -104
package/src/security/secure-keys.ts +9 -3
package/src/security/token-manager.ts +99 -40
package/src/security/tool-approval-digest.ts +3 -3
package/src/sequence/analytics.ts +52 -27
package/src/sequence/engine.ts +135 -72
package/src/sequence/guardrails.ts +32 -20
package/src/sequence/importer.ts +75 -37
package/src/sequence/reply-matcher.ts +36 -18
package/src/sequence/store.ts +137 -75
package/src/sequence/types.ts +30 -16
package/src/services/published-app-updater.ts +26 -16
package/src/services/vercel-deploy.ts +19 -15
package/src/skills/active-skill-tools.ts +3 -3
package/src/skills/clawhub.ts +178 -90
package/src/skills/include-graph.ts +24 -17
package/src/skills/managed-store.ts +89 -42
package/src/skills/path-classifier.ts +10 -10
package/src/skills/remote-skill-policy.ts +31 -22
package/src/skills/slash-commands.ts +36 -30
package/src/skills/tool-manifest.ts +60 -31
package/src/skills/version-hash.ts +25 -15
package/src/slack/slack-webhook.ts +19 -15
package/src/subagent/index.ts +4 -8
package/src/subagent/manager.ts +119 -69
package/src/subagent/types.ts +9 -12
package/src/swarm/backend-claude-code.ts +124 -45
package/src/swarm/checkpoint.ts +36 -16
package/src/swarm/graph-utils.ts +1 -3
package/src/swarm/index.ts +38 -19
package/src/swarm/limits.ts +13 -4
package/src/swarm/orchestrator.ts +108 -57
package/src/swarm/plan-validator.ts +23 -17
package/src/swarm/router-planner.ts +51 -22
package/src/swarm/router-prompts.ts +4 -1
package/src/swarm/synthesizer.ts +26 -18
package/src/swarm/types.ts +14 -4
package/src/swarm/worker-backend.ts +36 -26
package/src/swarm/worker-prompts.ts +13 -9
package/src/swarm/worker-runner.ts +40 -34
package/src/tasks/candidate-store.ts +14 -6
package/src/tasks/ephemeral-permissions.ts +9 -5
package/src/tasks/task-compiler.ts +41 -38
package/src/tasks/task-runner.ts +54 -26
package/src/tasks/task-scheduler.ts +1 -1
package/src/tasks/task-store.ts +20 -7
package/src/tasks/tool-sanitizer.ts +3 -3
package/src/tools/apps/definitions.ts +23 -15
package/src/tools/apps/executors.ts +122 -40
package/src/tools/apps/open-proxy.ts +5 -5
package/src/tools/apps/registry.ts +2 -2
package/src/tools/assets/materialize.ts +59 -41
package/src/tools/assets/search.ts +86 -48
package/src/tools/browser/api-map.ts +52 -36
package/src/tools/browser/auth-cache.ts +21 -18
package/src/tools/browser/auth-detector.ts +43 -28
package/src/tools/browser/auto-navigate.ts +149 -68
package/src/tools/browser/browser-execution.ts +9 -3
package/src/tools/browser/headless-browser.ts +287 -150
package/src/tools/browser/jit-auth.ts +37 -21
package/src/tools/browser/network-recorder.ts +138 -56
package/src/tools/browser/recording-store.ts +22 -15
package/src/tools/browser/runtime-check.ts +8 -5
package/src/tools/browser/x-auto-navigate.ts +88 -47
package/src/tools/calls/call-end.ts +10 -7
package/src/tools/calls/call-start.ts +30 -20
package/src/tools/calls/call-status.ts +8 -5
package/src/tools/claude-code/claude-code.ts +301 -165
package/src/tools/computer-use/definitions.ts +175 -130
package/src/tools/computer-use/registry.ts +2 -2
package/src/tools/computer-use/request-computer-control.ts +21 -13
package/src/tools/computer-use/skill-proxy-bridge.ts +1 -1
package/src/tools/credentials/account-registry.ts +52 -35
package/src/tools/credentials/broker-types.ts +1 -1
package/src/tools/credentials/broker.ts +97 -55
package/src/tools/credentials/domain-policy.ts +5 -2
package/src/tools/credentials/host-pattern-match.ts +15 -8
package/src/tools/credentials/metadata-store.ts +93 -43
package/src/tools/credentials/policy-types.ts +5 -2
package/src/tools/credentials/policy-validate.ts +21 -14
package/src/tools/credentials/post-connect-hooks.ts +18 -7
package/src/tools/credentials/resolve.ts +11 -10
package/src/tools/credentials/selection.ts +30 -25
package/src/tools/credentials/tool-policy.ts +5 -2
package/src/tools/credentials/vault.ts +538 -185
package/src/tools/document/document-tool.ts +23 -17
package/src/tools/document/editor-template.ts +12 -7
package/src/tools/execution-target.ts +13 -10
package/src/tools/execution-timeout.ts +6 -5
package/src/tools/executor.ts +141 -74
package/src/tools/filesystem/edit.ts +82 -45
package/src/tools/filesystem/fuzzy-match.ts +70 -32
package/src/tools/filesystem/read.ts +46 -28
package/src/tools/filesystem/view-image.ts +86 -42
package/src/tools/filesystem/write.ts +53 -32
package/src/tools/followups/followup_create.ts +43 -17
package/src/tools/followups/followup_list.ts +28 -13
package/src/tools/followups/followup_resolve.ts +9 -6
package/src/tools/guardian-control-plane-policy.ts +15 -14
package/src/tools/host-filesystem/edit.ts +77 -42
package/src/tools/host-filesystem/read.ts +52 -33
package/src/tools/host-filesystem/write.ts +50 -29
package/src/tools/host-terminal/host-shell.ts +97 -61
package/src/tools/mcp/mcp-tool-factory.ts +21 -14
package/src/tools/memory/definitions.ts +60 -28
package/src/tools/memory/handlers.ts +149 -77
package/src/tools/memory/register.ts +39 -16
package/src/tools/network/__tests__/web-search.test.ts +236 -177
package/src/tools/network/domain-normalize.ts +13 -9
package/src/tools/network/script-proxy/__tests__/logging.test.ts +193 -123
package/src/tools/network/script-proxy/__tests__/policy.test.ts +225 -127
package/src/tools/network/script-proxy/index.ts +1 -17
package/src/tools/network/script-proxy/session-manager.ts +178 -86
package/src/tools/network/url-safety.ts +56 -34
package/src/tools/network/web-fetch.ts +273 -155
package/src/tools/network/web-search.ts +166 -81
package/src/tools/permission-checker.ts +24 -25
package/src/tools/policy-context.ts +8 -5
package/src/tools/registry.ts +73 -46
package/src/tools/reminder/reminder-store.ts +65 -44
package/src/tools/reminder/reminder.ts +76 -35
package/src/tools/schedule/create.ts +44 -21
package/src/tools/schedule/delete.ts +8 -5
package/src/tools/schedule/list.ts +39 -19
package/src/tools/schedule/update.ts +49 -26
package/src/tools/secret-detection-handler.ts +130 -49
package/src/tools/sensitive-output-placeholders.ts +15 -8
package/src/tools/shared/filesystem/edit-engine.ts +45 -14
package/src/tools/shared/filesystem/errors.ts +18 -18
package/src/tools/shared/filesystem/file-ops-service.ts +59 -32
package/src/tools/shared/filesystem/format-diff.ts +21 -11
package/src/tools/shared/filesystem/path-policy.ts +17 -13
package/src/tools/shared/filesystem/size-guard.ts +8 -4
package/src/tools/shared/filesystem/types.ts +2 -2
package/src/tools/shared/shell-output.ts +4 -3
package/src/tools/side-effects.ts +36 -28
package/src/tools/skills/delete-managed.ts +30 -17
package/src/tools/skills/load.ts +88 -46
package/src/tools/skills/sandbox-runner.ts +62 -46
package/src/tools/skills/scaffold-managed.ts +98 -48
package/src/tools/skills/script-contract.ts +5 -2
package/src/tools/skills/skill-script-runner.ts +29 -13
package/src/tools/skills/skill-tool-factory.ts +20 -10
package/src/tools/subagent/abort.ts +10 -4
package/src/tools/subagent/message.ts +14 -8
package/src/tools/subagent/read.ts +20 -11
package/src/tools/subagent/spawn.ts +14 -6
package/src/tools/subagent/status.ts +7 -4
package/src/tools/swarm/delegate.ts +75 -49
package/src/tools/system/avatar-generator.ts +46 -33
package/src/tools/system/navigate-settings.ts +29 -19
package/src/tools/system/open-system-settings.ts +30 -20
package/src/tools/system/request-permission.ts +59 -44
package/src/tools/system/version.ts +27 -16
package/src/tools/system/voice-config.ts +116 -53
package/src/tools/tasks/index.ts +8 -8
package/src/tools/tasks/task-delete.ts +61 -22
package/src/tools/tasks/task-list.ts +23 -11
package/src/tools/tasks/task-run.ts +41 -16
package/src/tools/tasks/task-save.ts +27 -10
package/src/tools/tasks/work-item-enqueue.ts +114 -48
package/src/tools/tasks/work-item-list.ts +20 -10
package/src/tools/tasks/work-item-remove.ts +49 -15
package/src/tools/tasks/work-item-run.ts +34 -13
package/src/tools/tasks/work-item-update.ts +84 -31
package/src/tools/terminal/backends/native.ts +64 -35
package/src/tools/terminal/backends/types.ts +6 -2
package/src/tools/terminal/parser.ts +200 -125
package/src/tools/terminal/safe-env.ts +27 -21
package/src/tools/terminal/sandbox-diagnostics.ts +31 -13
package/src/tools/terminal/sandbox.ts +10 -6
package/src/tools/terminal/shell.ts +134 -68
package/src/tools/tool-approval-handler.ts +239 -140
package/src/tools/types.ts +79 -22
package/src/tools/ui-surface/definitions.ts +124 -89
package/src/tools/ui-surface/registry.ts +2 -2
package/src/tools/watch/screen-watch.ts +50 -32
package/src/tools/watch/watch-state.ts +41 -15
package/src/tools/watcher/create.ts +37 -15
package/src/tools/watcher/delete.ts +9 -6
package/src/tools/watcher/digest.ts +10 -6
package/src/tools/watcher/list.ts +37 -14
package/src/tools/watcher/update.ts +33 -18
package/src/tools/weather/service.ts +331 -174
package/src/twitter/client.ts +261 -138
package/src/twitter/oauth-client.ts +17 -13
package/src/twitter/router.ts +51 -23
package/src/twitter/session.ts +27 -18
package/src/types/qrcode.d.ts +6 -3
package/src/usage/actors.ts +16 -16
package/src/usage/types.ts +3 -3
package/src/util/bundled-asset.ts +10 -6
package/src/util/canonicalize-identity.ts +11 -4
package/src/util/clipboard.ts +7 -7
package/src/util/content-id.ts +3 -3
package/src/util/debounce.ts +3 -2
package/src/util/diff.ts +55 -33
package/src/util/errors.ts +31 -27
package/src/util/fs.ts +8 -2
package/src/util/log-redact.ts +12 -12
package/src/util/logger.ts +112 -51
package/src/util/network-info.ts +13 -5
package/src/util/object.ts +4 -2
package/src/util/phone.ts +4 -4
package/src/util/platform.ts +80 -58
package/src/util/pricing.ts +49 -31
package/src/util/retry.ts +39 -7
package/src/util/row-mapper.ts +7 -4
package/src/util/silently.ts +7 -4
package/src/util/spawn.ts +48 -0
package/src/util/spinner.ts +9 -7
package/src/util/time.ts +16 -3
package/src/util/truncate.ts +1 -1
package/src/util/voice-code.ts +6 -4
package/src/util/xml.ts +5 -1
package/src/version.ts +12 -8
package/src/watcher/engine.ts +71 -44
package/src/watcher/provider-registry.ts +1 -1
package/src/watcher/providers/github.ts +40 -23
package/src/watcher/providers/gmail.ts +59 -38
package/src/watcher/providers/google-calendar.ts +62 -48
package/src/watcher/providers/linear.ts +219 -150
package/src/watcher/providers/slack.ts +125 -29
package/src/watcher/watcher-store.ts +75 -55
package/src/work-items/work-item-runner.ts +62 -29
package/src/work-items/work-item-store.ts +137 -47
package/src/workspace/commit-message-enrichment-service.ts +65 -25
package/src/workspace/commit-message-provider.ts +14 -12
package/src/workspace/git-service.ts +355 -239
package/src/workspace/heartbeat-service.ts +74 -37
package/src/workspace/provider-commit-message-generator.ts +95 -70
package/src/workspace/top-level-renderer.ts +10 -8
package/src/workspace/top-level-scanner.ts +9 -3
package/src/workspace/turn-commit.ts +63 -36
package/src/__tests__/ingress-member-store.test.ts +0 -294
package/src/__tests__/script-proxy-router.test.ts +0 -215
package/src/config/bundled-skills/trusted-contacts/SKILL.md +0 -372
package/src/memory/guardian-bindings.ts +0 -158
package/src/memory/ingress-member-store.ts +0 -352
package/src/runtime/routes/ingress-routes.ts +0 -229
package/src/tools/network/script-proxy/__tests__/router.test.ts +0 -77
package/src/tools/network/script-proxy/certs.ts +0 -7
package/src/tools/network/script-proxy/connect-tunnel.ts +0 -1
package/src/tools/network/script-proxy/http-forwarder.ts +0 -2
package/src/tools/network/script-proxy/logging.ts +0 -12
package/src/tools/network/script-proxy/mitm-handler.ts +0 -2
package/src/tools/network/script-proxy/policy.ts +0 -4
package/src/tools/network/script-proxy/router.ts +0 -2
package/src/tools/network/script-proxy/server.ts +0 -5
package/src/tools/network/script-proxy/types.ts +0 -19

package/src/daemon/session-messaging.ts CHANGED Viewed

@@ -5,22 +5,30 @@
  * Extracted from Session to keep the class focused on coordination.
  */
-import { v4 as uuid } from 'uuid';
-import { createUserMessage } from '../agent/message-types.js';
-import type { TurnChannelContext, TurnInterfaceContext } from '../channels/types.js';
-import { parseChannelId, parseInterfaceId } from '../channels/types.js';
-import { AttachmentUploadError, linkAttachmentToMessage, uploadAttachment, validateAttachmentUpload } from '../memory/attachments-store.js';
-import * as conversationStore from '../memory/conversation-store.js';
-import { provenanceFromGuardianContext } from '../memory/conversation-store.js';
-import type { SecretPrompter } from '../permissions/secret-prompter.js';
-import type { Message } from '../providers/types.js';
-import { getLogger } from '../util/logger.js';
-import type { ServerMessage, UserMessageAttachment } from './ipc-protocol.js';
-import type { MessageQueue } from './session-queue-manager.js';
-import type { GuardianRuntimeContext } from './session-runtime-assembly.js';
-const log = getLogger('session-messaging');
+import { v4 as uuid } from "uuid";
+import { createUserMessage } from "../agent/message-types.js";
+import type {
+  TurnChannelContext,
+  TurnInterfaceContext,
+} from "../channels/types.js";
+import { parseChannelId, parseInterfaceId } from "../channels/types.js";
+import {
+  AttachmentUploadError,
+  linkAttachmentToMessage,
+  uploadAttachment,
+  validateAttachmentUpload,
+} from "../memory/attachments-store.js";
+import * as conversationStore from "../memory/conversation-store.js";
+import { provenanceFromTrustContext } from "../memory/conversation-store.js";
+import type { SecretPrompter } from "../permissions/secret-prompter.js";
+import type { Message } from "../providers/types.js";
+import { getLogger } from "../util/logger.js";
+import type { ServerMessage, UserMessageAttachment } from "./ipc-protocol.js";
+import type { MessageQueue } from "./session-queue-manager.js";
+import type { TrustContext } from "./session-runtime-assembly.js";
+const log = getLogger("session-messaging");
 interface IngressSecretTarget {
   service: string;
@@ -29,32 +37,96 @@ interface IngressSecretTarget {
 }
 const INGRESS_SECRET_TARGETS: Record<string, IngressSecretTarget> = {
-  'Anthropic API Key': { service: 'anthropic', field: 'api_key', label: 'Anthropic API Key' },
-  'GitHub Fine-Grained PAT': { service: 'github', field: 'token', label: 'GitHub Token' },
-  'GitHub Token': { service: 'github', field: 'token', label: 'GitHub Token' },
-  'GitLab Token': { service: 'gitlab', field: 'token', label: 'GitLab Token' },
-  'Google API Key': { service: 'google', field: 'api_key', label: 'Google API Key' },
-  'Google OAuth Client Secret': { service: 'google', field: 'client_secret', label: 'Google OAuth Client Secret' },
-  'Mailgun API Key': { service: 'mailgun', field: 'api_key', label: 'Mailgun API Key' },
-  'OpenAI API Key': { service: 'openai', field: 'api_key', label: 'OpenAI API Key' },
-  'OpenAI Project Key': { service: 'openai', field: 'api_key', label: 'OpenAI API Key' },
-  'PyPI API Token': { service: 'pypi', field: 'api_token', label: 'PyPI API Token' },
-  'SendGrid API Key': { service: 'sendgrid', field: 'api_key', label: 'SendGrid API Key' },
-  'Slack Bot Token': { service: 'slack', field: 'bot_token', label: 'Slack Bot Token' },
-  'Slack User Token': { service: 'slack', field: 'user_token', label: 'Slack User Token' },
-  'Slack Webhook': { service: 'slack', field: 'webhook_url', label: 'Slack Webhook URL' },
-  'Stripe Restricted Key': { service: 'stripe', field: 'restricted_key', label: 'Stripe Restricted Key' },
-  'Stripe Secret Key': { service: 'stripe', field: 'secret_key', label: 'Stripe Secret Key' },
-  'Telegram Bot Token': { service: 'telegram', field: 'bot_token', label: 'Telegram Bot Token' },
-  'Twilio API Key': { service: 'twilio', field: 'api_key', label: 'Twilio API Key' },
-  'npm Token': { service: 'npm', field: 'token', label: 'npm Token' },
+  "Anthropic API Key": {
+    service: "anthropic",
+    field: "api_key",
+    label: "Anthropic API Key",
+  },
+  "GitHub Fine-Grained PAT": {
+    service: "github",
+    field: "token",
+    label: "GitHub Token",
+  },
+  "GitHub Token": { service: "github", field: "token", label: "GitHub Token" },
+  "GitLab Token": { service: "gitlab", field: "token", label: "GitLab Token" },
+  "Google API Key": {
+    service: "google",
+    field: "api_key",
+    label: "Google API Key",
+  },
+  "Google OAuth Client Secret": {
+    service: "google",
+    field: "client_secret",
+    label: "Google OAuth Client Secret",
+  },
+  "Mailgun API Key": {
+    service: "mailgun",
+    field: "api_key",
+    label: "Mailgun API Key",
+  },
+  "OpenAI API Key": {
+    service: "openai",
+    field: "api_key",
+    label: "OpenAI API Key",
+  },
+  "OpenAI Project Key": {
+    service: "openai",
+    field: "api_key",
+    label: "OpenAI API Key",
+  },
+  "PyPI API Token": {
+    service: "pypi",
+    field: "api_token",
+    label: "PyPI API Token",
+  },
+  "SendGrid API Key": {
+    service: "sendgrid",
+    field: "api_key",
+    label: "SendGrid API Key",
+  },
+  "Slack Bot Token": {
+    service: "slack",
+    field: "bot_token",
+    label: "Slack Bot Token",
+  },
+  "Slack User Token": {
+    service: "slack",
+    field: "user_token",
+    label: "Slack User Token",
+  },
+  "Slack Webhook": {
+    service: "slack",
+    field: "webhook_url",
+    label: "Slack Webhook URL",
+  },
+  "Stripe Restricted Key": {
+    service: "stripe",
+    field: "restricted_key",
+    label: "Stripe Restricted Key",
+  },
+  "Stripe Secret Key": {
+    service: "stripe",
+    field: "secret_key",
+    label: "Stripe Secret Key",
+  },
+  "Telegram Bot Token": {
+    service: "telegram",
+    field: "bot_token",
+    label: "Telegram Bot Token",
+  },
+  "Twilio API Key": {
+    service: "twilio",
+    field: "api_key",
+    label: "Twilio API Key",
+  },
+  "npm Token": { service: "npm", field: "token", label: "npm Token" },
 };
 export interface RedirectedSecretRecord {
   service: string;
   field: string;
   label: string;
-  delivery: 'store' | 'transient_send';
+  delivery: "store" | "transient_send";
 }
 export interface RedirectToSecurePromptOptions {
@@ -63,10 +135,12 @@ export interface RedirectToSecurePromptOptions {
 }
 function normalizeIngressSecretTypeLabel(detectedType: string): string {
-  return detectedType.replace(/\s+\([^)]+\)$/u, '');
+  return detectedType.replace(/\s+\([^)]+\)$/u, "");
 }
-function resolveIngressSecretTarget(detectedTypes: string[]): IngressSecretTarget {
+function resolveIngressSecretTarget(
+  detectedTypes: string[],
+): IngressSecretTarget {
   const mappedTargets = new Map<string, IngressSecretTarget>();
   for (const detectedType of detectedTypes) {
     const normalizedType = normalizeIngressSecretTypeLabel(detectedType);
@@ -77,9 +151,9 @@ function resolveIngressSecretTarget(detectedTypes: string[]): IngressSecretTarge
   if (mappedTargets.size === 1) return mappedTargets.values().next().value!;
   return {
-    service: 'detected',
-    field: detectedTypes.join(','),
-    label: 'Secure Credential Entry',
+    service: "detected",
+    field: detectedTypes.join(","),
+    label: "Secure Credential Entry",
   };
 }
@@ -92,23 +166,31 @@ export interface MessagingSessionContext {
   abortController: AbortController | null;
   currentRequestId?: string;
   readonly queue: MessageQueue;
-  guardianContext?: GuardianRuntimeContext;
+  trustContext?: TrustContext;
   getTurnChannelContext(): TurnChannelContext | null;
   getTurnInterfaceContext(): TurnInterfaceContext | null;
 }
-function extractTurnChannelContext(metadata?: Record<string, unknown>): TurnChannelContext | null {
+function extractTurnChannelContext(
+  metadata?: Record<string, unknown>,
+): TurnChannelContext | null {
   if (!metadata) return null;
   const userMessageChannel = parseChannelId(metadata.userMessageChannel);
-  const assistantMessageChannel = parseChannelId(metadata.assistantMessageChannel);
+  const assistantMessageChannel = parseChannelId(
+    metadata.assistantMessageChannel,
+  );
   if (!userMessageChannel || !assistantMessageChannel) return null;
   return { userMessageChannel, assistantMessageChannel };
 }
-function extractTurnInterfaceContext(metadata?: Record<string, unknown>): TurnInterfaceContext | null {
+function extractTurnInterfaceContext(
+  metadata?: Record<string, unknown>,
+): TurnInterfaceContext | null {
   if (!metadata) return null;
   const userMessageInterface = parseInterfaceId(metadata.userMessageInterface);
-  const assistantMessageInterface = parseInterfaceId(metadata.assistantMessageInterface);
+  const assistantMessageInterface = parseInterfaceId(
+    metadata.assistantMessageInterface,
+  );
   if (!userMessageInterface || !assistantMessageInterface) return null;
   return { userMessageInterface, assistantMessageInterface };
 }
@@ -131,8 +213,14 @@ export function enqueueMessage(
     return { queued: false, requestId };
   }
-  const turnChannelContext = extractTurnChannelContext(metadata) ?? ctx.getTurnChannelContext() ?? undefined;
-  const turnInterfaceContext = extractTurnInterfaceContext(metadata) ?? ctx.getTurnInterfaceContext() ?? undefined;
+  const turnChannelContext =
+    extractTurnChannelContext(metadata) ??
+    ctx.getTurnChannelContext() ??
+    undefined;
+  const turnInterfaceContext =
+    extractTurnInterfaceContext(metadata) ??
+    ctx.getTurnInterfaceContext() ??
+    undefined;
   const pushed = ctx.queue.push({
     content,
     attachments,
@@ -164,11 +252,11 @@ export async function persistUserMessage(
   displayContent?: string,
 ): Promise<string> {
   if (ctx.processing) {
-    throw new Error('Session is already processing a message');
+    throw new Error("Session is already processing a message");
   }
   if (!content.trim() && attachments.length === 0) {
-    throw new Error('Message content or attachments are required');
+    throw new Error("Message content or attachments are required");
   }
   const reqId = requestId ?? uuid();
@@ -176,19 +264,24 @@ export async function persistUserMessage(
   ctx.processing = true;
   ctx.abortController = new AbortController();
-  const userMessage = createUserMessage(content, attachments.map((attachment) => ({
-    id: attachment.id,
-    filename: attachment.filename,
-    mimeType: attachment.mimeType,
-    data: attachment.data,
-    extractedText: attachment.extractedText,
-  })));
+  const userMessage = createUserMessage(
+    content,
+    attachments.map((attachment) => ({
+      id: attachment.id,
+      filename: attachment.filename,
+      mimeType: attachment.mimeType,
+      data: attachment.data,
+      extractedText: attachment.extractedText,
+    })),
+  );
   ctx.messages.push(userMessage);
   try {
-    const turnCtx = extractTurnChannelContext(metadata) ?? ctx.getTurnChannelContext();
-    const turnIfCtx = extractTurnInterfaceContext(metadata) ?? ctx.getTurnInterfaceContext();
-    const provenance = provenanceFromGuardianContext(ctx.guardianContext);
+    const turnCtx =
+      extractTurnChannelContext(metadata) ?? ctx.getTurnChannelContext();
+    const turnIfCtx =
+      extractTurnInterfaceContext(metadata) ?? ctx.getTurnInterfaceContext();
+    const provenance = provenanceFromTrustContext(ctx.trustContext);
     const mergedMetadata = {
       ...(metadata ?? {}),
       ...provenance,
@@ -211,26 +304,41 @@ export async function persistUserMessage(
     // after restart. The in-memory userMessage (sent to the LLM) still uses
     // the stripped content.
     const contentToPersist = displayContent
-      ? JSON.stringify(createUserMessage(displayContent, attachments.map((a) => ({
-          id: a.id, filename: a.filename, mimeType: a.mimeType, data: a.data, extractedText: a.extractedText,
-        }))).content)
+      ? JSON.stringify(
+          createUserMessage(
+            displayContent,
+            attachments.map((a) => ({
+              id: a.id,
+              filename: a.filename,
+              mimeType: a.mimeType,
+              data: a.data,
+              extractedText: a.extractedText,
+            })),
+          ).content,
+        )
       : JSON.stringify(userMessage.content);
     const persistedUserMessage = await conversationStore.addMessage(
       ctx.conversationId,
-      'user',
+      "user",
       contentToPersist,
       mergedMetadata,
     );
     if (turnCtx) {
-      conversationStore.setConversationOriginChannelIfUnset(ctx.conversationId, turnCtx.userMessageChannel);
+      conversationStore.setConversationOriginChannelIfUnset(
+        ctx.conversationId,
+        turnCtx.userMessageChannel,
+      );
     }
     if (turnIfCtx) {
-      conversationStore.setConversationOriginInterfaceIfUnset(ctx.conversationId, turnIfCtx.userMessageInterface);
+      conversationStore.setConversationOriginInterfaceIfUnset(
+        ctx.conversationId,
+        turnIfCtx.userMessageInterface,
+      );
     }
     if (!persistedUserMessage.id) {
-      throw new Error('Failed to persist user message');
+      throw new Error("Failed to persist user message");
     }
     // Index user attachments in the attachments table so asset_search can find them.
@@ -240,16 +348,25 @@ export async function persistUserMessage(
       try {
         const validation = validateAttachmentUpload(a.filename, a.mimeType);
         if (!validation.ok) {
-          log.warn({ filename: a.filename, error: validation.error }, 'Skipping user attachment indexing: validation failed');
+          log.warn(
+            { filename: a.filename, error: validation.error },
+            "Skipping user attachment indexing: validation failed",
+          );
           continue;
         }
         const stored = uploadAttachment(a.filename, a.mimeType, a.data);
         linkAttachmentToMessage(persistedUserMessage.id, stored.id, i);
       } catch (err) {
         if (err instanceof AttachmentUploadError) {
-          log.warn({ filename: a.filename, error: err.message }, 'Skipping user attachment indexing');
+          log.warn(
+            { filename: a.filename, error: err.message },
+            "Skipping user attachment indexing",
+          );
         } else {
-          log.error({ filename: a.filename, err }, 'Failed to index user attachment');
+          log.error(
+            { filename: a.filename, err },
+            "Failed to index user attachment",
+          );
         }
       }
     }
@@ -274,53 +391,86 @@ export function redirectToSecurePrompt(
 ): void {
   const target = resolveIngressSecretTarget(detectedTypes);
-  secretPrompter.prompt(
-    target.service, target.field,
-    target.label,
-    'Your message contained a secret. Please enter it here instead — it will be stored securely and never sent to the AI.',
-    undefined, conversationId,
-  ).then(async (result): Promise<void> => {
-    if (!result.value) return;
-    const { setSecureKey } = await import('../security/secure-keys.js');
-    const { upsertCredentialMetadata } = await import('../tools/credentials/metadata-store.js');
-    let wasStored = false;
-    if (result.delivery === 'transient_send') {
-      const { credentialBroker } = await import('../tools/credentials/broker.js');
-      credentialBroker.injectTransient(target.service, target.field, result.value);
-      try {
-        upsertCredentialMetadata(target.service, target.field, {});
-      } catch (e) {
-        log.debug({ err: e, service: target.service, field: target.field }, 'Non-critical credential metadata upsert failed');
-      }
-      wasStored = true;
-      log.info({ service: target.service, field: target.field, delivery: 'transient_send' }, 'Ingress redirect: transient credential injected');
-    } else {
-      const key = `credential:${target.service}:${target.field}`;
-      const stored = setSecureKey(key, result.value);
-      if (stored) {
+  secretPrompter
+    .prompt(
+      target.service,
+      target.field,
+      target.label,
+      "Your message contained a secret. Please enter it here instead — it will be stored securely and never sent to the AI.",
+      undefined,
+      conversationId,
+    )
+    .then(async (result): Promise<void> => {
+      if (!result.value) return;
+      const { setSecureKey } = await import("../security/secure-keys.js");
+      const { upsertCredentialMetadata } =
+        await import("../tools/credentials/metadata-store.js");
+      let wasStored = false;
+      if (result.delivery === "transient_send") {
+        const { credentialBroker } =
+          await import("../tools/credentials/broker.js");
+        credentialBroker.injectTransient(
+          target.service,
+          target.field,
+          result.value,
+        );
         try {
           upsertCredentialMetadata(target.service, target.field, {});
         } catch (e) {
-          log.debug({ err: e, service: target.service, field: target.field }, 'Non-critical credential metadata upsert failed');
+          log.debug(
+            { err: e, service: target.service, field: target.field },
+            "Non-critical credential metadata upsert failed",
+          );
         }
         wasStored = true;
-        log.info({ service: target.service, field: target.field }, 'Ingress redirect: credential stored');
+        log.info(
+          {
+            service: target.service,
+            field: target.field,
+            delivery: "transient_send",
+          },
+          "Ingress redirect: transient credential injected",
+        );
       } else {
-        log.warn({ service: target.service, field: target.field }, 'Ingress redirect: secure storage write failed');
+        const key = `credential:${target.service}:${target.field}`;
+        const stored = setSecureKey(key, result.value);
+        if (stored) {
+          try {
+            upsertCredentialMetadata(target.service, target.field, {});
+          } catch (e) {
+            log.debug(
+              { err: e, service: target.service, field: target.field },
+              "Non-critical credential metadata upsert failed",
+            );
+          }
+          wasStored = true;
+          log.info(
+            { service: target.service, field: target.field },
+            "Ingress redirect: credential stored",
+          );
+        } else {
+          log.warn(
+            { service: target.service, field: target.field },
+            "Ingress redirect: secure storage write failed",
+          );
+        }
       }
-    }
-    if (wasStored) {
-      await options?.onStored?.({
-        service: target.service,
-        field: target.field,
-        label: target.label,
-        delivery: result.delivery,
-      });
-    }
-  }).catch(() => { /* prompt timeout or cancel is fine */ }).finally(() => {
-    options?.onComplete?.();
-  });
+      if (wasStored) {
+        await options?.onStored?.({
+          service: target.service,
+          field: target.field,
+          label: target.label,
+          delivery: result.delivery,
+        });
+      }
+    })
+    .catch(() => {
+      /* prompt timeout or cancel is fine */
+    })
+    .finally(() => {
+      options?.onComplete?.();
+    });
 }