@vellumai/assistant 0.4.29 → 0.4.30

package/src/daemon/handlers/guardian-actions.ts

@@ -1,9 +1,4 @@
-import { applyCanonicalGuardianDecision } from "../../approvals/guardian-decision-primitive.js";
-import {
-  getCanonicalGuardianRequest,
-  isRequestInConversationScope,
-} from "../../memory/canonical-guardian-store.js";
-import type { ApprovalAction } from "../../runtime/channel-approval-types.js";
+import { processGuardianDecision } from "../../runtime/guardian-action-service.js";
 import { resolveLocalIpcTrustContext } from "../../runtime/local-actor-identity.js";
 import { listGuardianDecisionPrompts } from "../../runtime/routes/guardian-action-routes.js";
 import type {
@@ -12,14 +7,6 @@ import type {
 } from "../ipc-protocol.js";
 import { defineHandlers, log } from "./shared.js";
 
-const VALID_ACTIONS = new Set<string>([
-  "approve_once",
-  "approve_10m",
-  "approve_thread",
-  "approve_always",
-  "reject",
-]);
-
 export const guardianActionsHandlers = defineHandlers({
   guardian_actions_pending_request: (
     msg: GuardianActionsPendingRequest,
@@ -43,95 +30,41 @@ export const guardianActionsHandlers = defineHandlers({
     ctx,
   ) => {
     try {
-      // Validate the action is one of the known actions
-      if (!VALID_ACTIONS.has(msg.action)) {
-        log.warn(
-          { requestId: msg.requestId, action: msg.action },
-          "Invalid guardian action",
-        );
-        ctx.send(socket, {
-          type: "guardian_action_decision_response",
-          applied: false,
-          reason: "invalid_action",
-          requestId: msg.requestId,
-        });
-        return;
-      }
-
-      // Verify conversationId scoping before applying the canonical decision.
-      // The decision is allowed when the conversationId matches the request's
-      // source conversation OR a recorded delivery destination conversation.
-      if (msg.conversationId) {
-        const canonicalRequest = getCanonicalGuardianRequest(msg.requestId);
-        if (
-          canonicalRequest &&
-          canonicalRequest.conversationId &&
-          !isRequestInConversationScope(
-            msg.requestId,
-            msg.conversationId,
-            "vellum",
-          )
-        ) {
-          log.warn(
-            {
-              requestId: msg.requestId,
-              expected: canonicalRequest.conversationId,
-              got: msg.conversationId,
-            },
-            "conversationId not in scope",
-          );
-          ctx.send(socket, {
-            type: "guardian_action_decision_response",
-            applied: false,
-            reason: "not_found",
-            requestId: msg.requestId,
-          });
-          return;
-        }
-      }
-
-      // Resolve the local IPC actor's principal via the vellum guardian binding.
       const localTrustCtx = resolveLocalIpcTrustContext("vellum");
-      const canonicalResult = await applyCanonicalGuardianDecision({
+
+      const result = await processGuardianDecision({
         requestId: msg.requestId,
-        action: msg.action as ApprovalAction,
+        action: msg.action,
+        conversationId: msg.conversationId,
+        channel: "vellum",
         actorContext: {
           externalUserId: localTrustCtx.guardianExternalUserId,
-          channel: "vellum",
           guardianPrincipalId: localTrustCtx.guardianPrincipalId ?? undefined,
         },
-        userText: undefined,
       });
 
-      if (canonicalResult.applied) {
-        // When the CAS committed but the resolver failed, the side effect
-        // (e.g. minting a verification session) did not happen. From the
-        // caller's perspective the decision was not truly applied.
-        if (canonicalResult.resolverFailed) {
-          ctx.send(socket, {
-            type: "guardian_action_decision_response",
-            applied: false,
-            reason: "resolver_failed",
-            resolverFailureReason: canonicalResult.resolverFailureReason,
-            requestId: canonicalResult.requestId,
-          });
-          return;
-        }
-
+      if (!result.ok) {
         ctx.send(socket, {
           type: "guardian_action_decision_response",
-          applied: true,
-          requestId: canonicalResult.requestId,
+          applied: false,
+          reason: result.error,
+          requestId: msg.requestId,
         });
         return;
       }
 
-      // Return the reason for failure (stale, expired, not_found, etc.)
       ctx.send(socket, {
         type: "guardian_action_decision_response",
-        applied: false,
-        reason: canonicalResult.reason,
-        requestId: msg.requestId,
+        applied: result.applied,
+        ...(result.applied
+          ? { requestId: result.requestId }
+          : {
+              reason: result.reason,
+              ...(result.resolverFailureReason
+                ? { resolverFailureReason: result.resolverFailureReason }
+                : {}),
+              requestId: result.requestId ?? msg.requestId,
+            }),
       });
     } catch (err) {
       log.error(

package/src/daemon/handlers/sessions.ts

@@ -1648,7 +1648,6 @@ export function handleHistoryRequest(
                   ? {
                       ...(s.data.preview ? { preview: s.data.preview } : {}),
                       ...(s.data.appId ? { appId: s.data.appId } : {}),
-                      ...(s.data.appType ? { appType: s.data.appType } : {}),
                     }
                   : {}),
               } as Record<string, unknown>,

package/src/daemon/ipc-contract/apps.ts

@@ -178,7 +178,6 @@ export interface AppsListResponse {
     createdAt: number;
     version?: string;
     contentId?: string;
-    appType?: string;
   }>;
 }
 

package/src/daemon/ipc-contract/inbox.ts

@@ -1,9 +1,9 @@
-// Ingress access control: invite management, member management, and escalation decisions.
+// Contacts access control: invite management, member management, and escalation decisions.
 
 // === Client → Server ===
 
-export interface IngressInviteRequest {
-  type: "ingress_invite";
+export interface ContactsInviteRequest {
+  type: "contacts_invite";
   action: "create" | "list" | "revoke" | "redeem";
   /** Source channel for the invite (required for create and redeem). */
   sourceChannel?: string;
@@ -29,31 +29,6 @@ export interface IngressInviteRequest {
   guardianName?: string;
 }
 
-export interface IngressContactRequest {
-  type: "ingress_member"; // Legacy discriminator — kept for client compatibility
-  action: "list" | "upsert" | "revoke" | "block";
-  /** Assistant ID for scoping member operations (defaults to 'self'). */
-  assistantId?: string;
-  /** Source channel (required for upsert, optional filter for list). */
-  sourceChannel?: string;
-  /** External user ID (upsert only). */
-  externalUserId?: string;
-  /** External chat ID (upsert only). */
-  externalChatId?: string;
-  /** Display name (upsert only). */
-  displayName?: string;
-  /** Username (upsert only). */
-  username?: string;
-  /** Access policy (upsert only). */
-  policy?: "allow" | "deny" | "escalate";
-  /** Member status (upsert only for setting, list only for filtering). */
-  status?: "pending" | "active";
-  /** Member ID (revoke and block only). */
-  memberId?: string;
-  /** Reason for revoke or block (revoke and block only). */
-  reason?: string;
-}
-
 export interface AssistantInboxEscalationRequest {
   type: "assistant_inbox_escalation";
   action: "list" | "decide";
@@ -71,8 +46,8 @@ export interface AssistantInboxEscalationRequest {
 
 // === Server → Client ===
 
-export interface IngressInviteResponse {
-  type: "ingress_invite_response";
+export interface ContactsInviteResponse {
+  type: "contacts_invite_response";
   success: boolean;
   error?: string;
   /** Single invite (returned on create/revoke). Token field is only present on create. */
@@ -102,38 +77,6 @@ export interface IngressInviteResponse {
   }>;
 }
 
-export interface IngressContactResponse {
-  type: "ingress_member_response"; // Legacy discriminator — kept for client compatibility
-  success: boolean;
-  error?: string;
-  /** Single member (returned on upsert/revoke/block). */
-  member?: {
-    id: string;
-    sourceChannel: string;
-    externalUserId?: string;
-    externalChatId?: string;
-    displayName?: string;
-    username?: string;
-    status: string;
-    policy: string;
-    lastSeenAt?: number;
-    createdAt: number;
-  };
-  /** List of members (returned on list). */
-  members?: Array<{
-    id: string;
-    sourceChannel: string;
-    externalUserId?: string;
-    externalChatId?: string;
-    displayName?: string;
-    username?: string;
-    status: string;
-    policy: string;
-    lastSeenAt?: number;
-    createdAt: number;
-  }>;
-}
-
 export interface AssistantInboxEscalationResponse {
   type: "assistant_inbox_escalation_response";
   success: boolean;
@@ -161,11 +104,9 @@ export interface AssistantInboxEscalationResponse {
 // --- Domain-level union aliases (consumed by the barrel file) ---
 
 export type _InboxClientMessages =
-  | IngressInviteRequest
-  | IngressContactRequest
+  | ContactsInviteRequest
   | AssistantInboxEscalationRequest;
 
 export type _InboxServerMessages =
-  | IngressInviteResponse
-  | IngressContactResponse
+  | ContactsInviteResponse
   | AssistantInboxEscalationResponse;

package/src/daemon/ipc-contract/sessions.ts

@@ -382,6 +382,7 @@ export type SessionErrorCode =
   | "PROVIDER_NETWORK"
   | "PROVIDER_RATE_LIMIT"
   | "PROVIDER_API"
+  | "PROVIDER_BILLING"
   | "CONTEXT_TOO_LARGE"
   | "QUEUE_FULL"
   | "SESSION_ABORTED"

package/src/daemon/ipc-contract/surfaces.ts

@@ -98,7 +98,6 @@ export interface DynamicPageSurfaceData {
   width?: number;
   height?: number;
   appId?: string;
-  appType?: string;
   reloadGeneration?: number;
   status?: string;
   preview?: DynamicPagePreview;

package/src/daemon/ipc-contract-inventory.json

@@ -69,6 +69,7 @@
     "cancel",
     "confirmation_response",
     "contacts",
+    "contacts_invite",
     "conversation_search",
     "conversation_seen_signal",
     "cu_observation",
@@ -99,8 +100,6 @@
     "identity_get",
     "image_gen_model_set",
     "ingress_config",
-    "ingress_invite",
-    "ingress_member",
     "integration_connect",
     "integration_disconnect",
     "integration_list",
@@ -215,6 +214,7 @@
     "confirmation_request",
     "confirmation_state_changed",
     "contacts_changed",
+    "contacts_invite_response",
     "contacts_response",
     "context_compacted",
     "conversation_search_response",
@@ -252,8 +252,6 @@
     "identity_changed",
     "identity_get_response",
     "ingress_config_response",
-    "ingress_invite_response",
-    "ingress_member_response",
     "integration_connect_result",
     "integration_list_response",
     "ipc_blob_probe_result",

package/src/daemon/lifecycle.ts

@@ -312,8 +312,20 @@ export async function runDaemon(): Promise<void> {
     registerBroadcastFn((msg) => server.broadcast(msg));
 
     const scheduler = startScheduler(
-      async (conversationId, message) => {
-        await server.processMessage(conversationId, message);
+      async (conversationId, message, options) => {
+        await server.processMessage(
+          conversationId,
+          message,
+          undefined,
+          options?.trustClass
+            ? {
+                trustContext: {
+                  sourceChannel: "vellum",
+                  trustClass: options.trustClass,
+                },
+              }
+            : undefined,
+        );
       },
       (reminder) => {
         void emitNotificationSignal({

package/src/daemon/session-agent-loop-handlers.ts

@@ -56,6 +56,8 @@ export interface EventHandlerState {
   readonly persistedToolUseIds: Set<string>;
   readonly accumulatedDirectives: DirectiveRequest[];
   readonly accumulatedToolContentBlocks: ContentBlock[];
+  /** Maps index in accumulatedToolContentBlocks → tool name that produced it. */
+  readonly toolContentBlockToolNames: Map<number, string>;
   readonly directiveWarnings: string[];
   readonly toolUseIdToName: Map<string, string>;
   currentTurnToolNames: string[];
@@ -99,6 +101,7 @@ export function createEventHandlerState(): EventHandlerState {
     persistedToolUseIds: new Set(),
     accumulatedDirectives: [],
     accumulatedToolContentBlocks: [],
+    toolContentBlockToolNames: new Map(),
     directiveWarnings: [],
     toolUseIdToName: new Map(),
     currentTurnToolNames: [],
@@ -400,6 +403,12 @@ export function handleToolResult(
     for (const cb of event.contentBlocks) {
       if (cb.type === "image" || cb.type === "file") {
         state.accumulatedToolContentBlocks.push(cb);
+        if (toolName) {
+          state.toolContentBlockToolNames.set(
+            state.accumulatedToolContentBlocks.length - 1,
+            toolName,
+          );
+        }
       }
     }
   }

package/src/daemon/session-agent-loop.ts

@@ -1238,6 +1238,7 @@ export async function runAgentLoopImpl(
           ctx.hasNoClient,
         ),
       state.lastAssistantMessageId,
+      state.toolContentBlockToolNames,
     );
     const { assistantAttachments, emittedAttachments } = attachmentResult;
 

package/src/daemon/session-attachments.ts

@@ -124,6 +124,7 @@ export async function resolveAssistantAttachments(
   workingDir: string,
   approveHostRead: ApproveHostRead,
   lastAssistantMessageId: string | undefined,
+  toolContentBlockToolNames?: ReadonlyMap<number, string>,
 ): Promise<AttachmentResolutionResult> {
   let assistantAttachments: AssistantAttachmentDraft[] = [];
   const emittedAttachments: UserMessageAttachment[] = [];
@@ -170,7 +171,10 @@ export async function resolveAssistantAttachments(
       "Directive resolution complete",
     );
 
-    const toolDrafts = contentBlocksToDrafts(accumulatedToolContentBlocks);
+    const toolDrafts = contentBlocksToDrafts(
+      accumulatedToolContentBlocks,
+      toolContentBlockToolNames,
+    );
     // Most recent tool outputs (e.g., final browser screenshot) should win
     // the MAX_ASSISTANT_ATTACHMENTS cap over older intermediate screenshots.
     toolDrafts.reverse();

package/src/daemon/session-error.ts

@@ -188,6 +188,24 @@ function classifyCore(
           retryable: false,
         };
       }
+      if (/credit balance is too low|insufficient.*credits?/i.test(message)) {
+        return {
+          code: "PROVIDER_BILLING",
+          userMessage: "Your API key has insufficient credits.",
+          retryable: false,
+        };
+      }
+      if (
+        /invalid.*api.?key|invalid.*x-api-key|authentication.?error|invalid.authentication/i.test(
+          message,
+        )
+      ) {
+        return {
+          code: "PROVIDER_BILLING",
+          userMessage: "Your API key is invalid.",
+          retryable: false,
+        };
+      }
       return {
         code: "PROVIDER_API",
         userMessage: "The AI provider rejected the request.",

package/src/daemon/session-lifecycle.ts

@@ -13,7 +13,10 @@ import * as conversationStore from "../memory/conversation-store.js";
 import type { PermissionPrompter } from "../permissions/prompter.js";
 import type { SecretPrompter } from "../permissions/secret-prompter.js";
 import type { ContentBlock, Message } from "../providers/types.js";
-import type { TrustClass } from "../runtime/actor-trust-resolver.js";
+import {
+  isUntrustedTrustClass,
+  type TrustClass,
+} from "../runtime/actor-trust-resolver.js";
 import { unregisterSessionSender } from "../tools/browser/browser-screencast.js";
 import { getLogger } from "../util/logger.js";
 import { repairHistory } from "./history-repair.js";
@@ -47,10 +50,6 @@ function parseProvenanceTrustClass(
   return undefined;
 }
 
-function isUntrustedTrustClass(trustClass: TrustClass | undefined): boolean {
-  return trustClass === "trusted_contact" || trustClass === "unknown";
-}
-
 function filterMessagesForUntrustedActor(
   messages: conversationStore.MessageRow[],
 ): conversationStore.MessageRow[] {

package/src/daemon/session-media-retry.ts

@@ -19,15 +19,29 @@ export function stripMediaPayloadsForRetry(messages: Message[]): {
   latestUserIndex: number | null;
 } {
   let latestUserIndex: number | null = null;
+  let lastSummaryUserIndex: number | null = null;
   for (let i = messages.length - 1; i >= 0; i--) {
     const msg = messages[i];
     if (msg.role !== "user") continue;
-    if (getSummaryFromContextMessage(msg) != null) continue;
     if (isToolResultOnlyMessage(msg)) continue;
+    if (getSummaryFromContextMessage(msg) != null) {
+      // Track the last summary message as a fallback — after aggressive
+      // compaction (minKeepRecentUserTurns: 0), the summary may be the only
+      // user message left and it can contain preserved image blocks that
+      // should not be stripped.
+      if (lastSummaryUserIndex == null) lastSummaryUserIndex = i;
+      continue;
+    }
     latestUserIndex = i;
     break;
   }
 
+  // Fall back to the summary message when compaction consumed all user turns,
+  // so images preserved by compaction are not unconditionally stripped.
+  if (latestUserIndex == null && lastSummaryUserIndex != null) {
+    latestUserIndex = lastSummaryUserIndex;
+  }
+
   let modified = false;
   let replacedBlocks = 0;
   let keptLatestMediaBlocks = 0;

package/src/daemon/session-surfaces.ts

@@ -1119,7 +1119,6 @@ export async function surfaceProxyResolver(
     const surfaceData: DynamicPageSurfaceData = {
       html: app.htmlDefinition,
       appId: app.id,
-      appType: app.appType,
       preview: {
         ...defaultPreview,
         ...preview,

package/src/daemon/session-tool-setup.ts

@@ -7,10 +7,7 @@
  */
 
 import { isHttpAuthDisabled } from "../config/env.js";
-import type {
-  ProxyApprovalCallback,
-  ProxyApprovalRequest,
-} from "../outbound-proxy/index.js";
+import { getBindingByConversation } from "../memory/external-conversation-store.js";
 import {
   generateAllowlistOptions,
   generateScopeOptions,
@@ -32,6 +29,8 @@ import { requestComputerControlTool } from "../tools/computer-use/request-comput
 import type { ToolExecutor } from "../tools/executor.js";
 import { getAllToolDefinitions } from "../tools/registry.js";
 import type {
+  ProxyApprovalCallback,
+  ProxyApprovalRequest,
   ToolExecutionResult,
   ToolLifecycleEventHandler,
 } from "../tools/types.js";
@@ -163,6 +162,10 @@ export function createToolExecutor(
         ctx.surfaceActionRequestIds?.has(ctx.currentRequestId ?? "") ?? false,
       requesterExternalUserId: ctx.trustContext?.requesterExternalUserId,
       requesterChatId: ctx.trustContext?.requesterChatId,
+      channelPermissionChannelId:
+        ctx.trustContext?.sourceChannel === "slack"
+          ? getBindingByConversation(ctx.conversationId)?.externalChatId
+          : undefined,
       onOutput,
       signal: ctx.abortController?.signal,
       sandboxOverride: ctx.sandboxOverride,

package/src/events/domain-events.ts

@@ -26,7 +26,8 @@ export interface ToolDomainEvents {
       | "allow_thread"
       | "always_allow"
       | "deny"
-      | "always_deny";
+      | "always_deny"
+      | "temporary_override";
     riskLevel: string;
     decidedAtMs: number;
   };

package/src/home-base/prebuilt/seed.ts

@@ -115,7 +115,6 @@ export function ensurePrebuiltHomeBaseSeeded(): {
     description: buildDescription(metadata),
     schemaJson: "{}",
     htmlDefinition: html,
-    appType: "app",
   });
 
   log.info({ appId: created.id }, "Seeded prebuilt Home Base app");

package/src/influencer/client.ts

@@ -50,11 +50,8 @@ import type {
   ExtensionResponse,
 } from "../browser-extension-relay/protocol.js";
 import { extensionRelayServer } from "../browser-extension-relay/server.js";
-import { getGatewayInternalBaseUrl } from "../config/env.js";
-import {
-  isSigningKeyInitialized,
-  mintEdgeRelayToken,
-} from "../runtime/auth/token-service.js";
+import { isSigningKeyInitialized } from "../runtime/auth/token-service.js";
+import { gatewayPost } from "../runtime/gateway-internal-client.js";
 
 // ---------------------------------------------------------------------------
 // Types
@@ -145,26 +142,12 @@ async function sendRelayCommand(
       "Auth signing key not initialized — browser-relay commands require the daemon to be running",
     );
   }
-  const token = mintEdgeRelayToken();
-
-  const resp = await fetch(
-    `${getGatewayInternalBaseUrl()}/v1/browser-relay/command`,
-    {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`,
-      },
-      body: JSON.stringify(command),
-    },
-  );
-
-  if (!resp.ok) {
-    const body = await resp.text();
-    throw new Error(`Relay HTTP command failed (${resp.status}): ${body}`);
-  }
 
-  return (await resp.json()) as ExtensionResponse;
+  const { data } = await gatewayPost<ExtensionResponse>(
+    "/v1/browser-relay/command",
+    command,
+  );
+  return data;
 }
 
 // ---------------------------------------------------------------------------

package/src/media/gemini-image-service.ts

@@ -16,6 +16,8 @@ export interface ImageGenerationRequest {
 export interface GeneratedImage {
   mimeType: string;
   dataBase64: string;
+  /** Short title derived from the model's text response, if available. */
+  title?: string;
 }
 
 export interface ImageGenerationResult {
@@ -74,10 +76,12 @@ export async function generateImage(
 
   const client = new GoogleGenAI({ apiKey });
 
-  // Build contents array
+  // Build contents array — append a title request so the model's text
+  // response contains a short filename-safe title for the generated image.
+  const promptWithTitle = `${request.prompt}\n\nAlso respond with a short title (max 6 words) for the image on its own line, prefixed with "Title: ".`;
   const parts: Array<
     { text: string } | { inlineData: { mimeType: string; data: string } }
-  > = [{ text: request.prompt }];
+  > = [{ text: promptWithTitle }];
 
   if (request.mode === "edit" && request.sourceImages) {
     for (const img of request.sourceImages) {
@@ -114,7 +118,15 @@ export async function generateImage(
       }
     }
 
-    return { images, text };
+    // Extract title from the text response and apply to images
+    const title = extractTitle(text);
+    if (title) {
+      for (const img of images) {
+        img.title = title;
+      }
+    }
+
+    return { images, text: stripTitleLine(text), title };
   };
 
   if (variants === 1) {
@@ -141,3 +153,36 @@ export async function generateImage(
 
   return { images: allImages, text: combinedText, resolvedModel: model };
 }
+
+// --- Title extraction helpers ---
+
+const TITLE_RE = /^Title:\s*(.+)/im;
+
+/**
+ * Extract a title from the model's text response.
+ * Looks for a line starting with "Title: " and sanitizes it for use as a filename.
+ */
+function extractTitle(text?: string): string | undefined {
+  if (!text) return undefined;
+  const match = TITLE_RE.exec(text);
+  if (!match?.[1]) return undefined;
+  return match[1]
+    .trim()
+    .replace(/[^\w\s-]/g, "")
+    .replace(/\s+/g, "-")
+    .toLowerCase()
+    .slice(0, 60);
+}
+
+/**
+ * Remove the "Title: ..." line from text so it doesn't appear in
+ * the tool result content shown to the user.
+ */
+function stripTitleLine(text?: string): string | undefined {
+  if (!text) return undefined;
+  const stripped = text
+    .replace(TITLE_RE, "")
+    .replace(/\n{3,}/g, "\n\n")
+    .trim();
+  return stripped.length > 0 ? stripped : undefined;
+}