@vellumai/assistant 0.4.29 → 0.4.30

package/src/runtime/slack-block-formatting.ts

@@ -0,0 +1,176 @@
+/**
+ * Lightweight Block Kit block generation for Slack channel replies.
+ *
+ * The gateway's text-to-blocks utility handles the full conversion, but
+ * the assistant pre-generates blocks so the gateway can pass them through
+ * without re-parsing. This keeps the conversion logic self-contained and
+ * avoids the gateway needing to distinguish pre-formatted from raw text.
+ */
+
+// ---------------------------------------------------------------------------
+// Block types (mirrors gateway/src/slack/block-kit-builder.ts)
+// ---------------------------------------------------------------------------
+
+interface TextObject {
+  type: "mrkdwn" | "plain_text";
+  text: string;
+}
+
+interface SectionBlock {
+  type: "section";
+  text: TextObject;
+}
+
+interface DividerBlock {
+  type: "divider";
+}
+
+interface HeaderBlock {
+  type: "header";
+  text: TextObject;
+}
+
+type Block = SectionBlock | DividerBlock | HeaderBlock;
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Convert markdown/plain text into Slack Block Kit blocks.
+ *
+ * Returns undefined when the input is empty so callers can
+ * skip sending the `blocks` field entirely.
+ */
+export function textToSlackBlocks(text: string): Block[] | undefined {
+  if (!text || text.trim().length === 0) return undefined;
+
+  const segments = splitIntoSegments(text);
+  const blocks: Block[] = [];
+
+  for (let i = 0; i < segments.length; i++) {
+    if (i > 0) {
+      blocks.push({ type: "divider" });
+    }
+
+    const segment = segments[i];
+
+    if (segment.type === "code") {
+      const lang = segment.lang ?? "";
+      const codeText = "```" + lang + "\n" + segment.content + "\n```";
+      blocks.push({
+        type: "section",
+        text: { type: "mrkdwn", text: codeText },
+      });
+    } else if (segment.type === "header") {
+      blocks.push({
+        type: "header",
+        text: { type: "plain_text", text: segment.content },
+      });
+    } else {
+      blocks.push({
+        type: "section",
+        text: { type: "mrkdwn", text: markdownToMrkdwn(segment.content) },
+      });
+    }
+  }
+
+  return blocks.length > 0 ? blocks : undefined;
+}
+
+/**
+ * Detect whether a callback URL points to the gateway's Slack delivery endpoint.
+ */
+export function isSlackCallbackUrl(callbackUrl: string): boolean {
+  try {
+    const url = new URL(callbackUrl);
+    return (
+      url.pathname === "/deliver/slack" ||
+      url.pathname.startsWith("/deliver/slack?")
+    );
+  } catch {
+    return false;
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Internals
+// ---------------------------------------------------------------------------
+
+interface TextSegment {
+  type: "text";
+  content: string;
+}
+
+interface CodeSegment {
+  type: "code";
+  content: string;
+  lang?: string;
+}
+
+interface HeaderSegment {
+  type: "header";
+  content: string;
+}
+
+type Segment = TextSegment | CodeSegment | HeaderSegment;
+
+function splitIntoSegments(text: string): Segment[] {
+  const lines = text.split("\n");
+  const segments: Segment[] = [];
+  let currentTextLines: string[] = [];
+
+  function flushText(): void {
+    const joined = currentTextLines.join("\n").trim();
+    if (joined.length > 0) {
+      segments.push({ type: "text", content: joined });
+    }
+    currentTextLines = [];
+  }
+
+  let i = 0;
+  while (i < lines.length) {
+    const line = lines[i];
+    const fenceMatch = line.match(/^```(\w*)\s*$/);
+
+    if (fenceMatch) {
+      flushText();
+      const lang = fenceMatch[1] || undefined;
+      const codeLines: string[] = [];
+      i++;
+      while (i < lines.length && !lines[i].match(/^```\s*$/)) {
+        codeLines.push(lines[i]);
+        i++;
+      }
+      segments.push({ type: "code", content: codeLines.join("\n"), lang });
+      i++; // skip closing fence
+      continue;
+    }
+
+    const headingMatch = line.match(/^#{1,3}\s+(.+)$/);
+    if (headingMatch) {
+      flushText();
+      segments.push({ type: "header", content: headingMatch[1].trim() });
+      i++;
+      continue;
+    }
+
+    currentTextLines.push(line);
+    i++;
+  }
+
+  flushText();
+  return segments;
+}
+
+function markdownToMrkdwn(text: string): string {
+  let result = text;
+  // [text](url) → <url|text>
+  result = result.replace(
+    /\[([^\]]+)\]\(([^)]+)\)/g,
+    (_match, linkText, url) => `<${url}|${linkText}>`,
+  );
+  // **bold** → *bold*
+  result = result.replace(/\*\*(.+?)\*\*/g, "*$1*");
+  return result;
+}

package/src/schedule/scheduler.ts

@@ -23,9 +23,14 @@ import {
 
 const log = getLogger("scheduler");
 
+export interface ScheduleMessageOptions {
+  trustClass?: "guardian" | "trusted_contact" | "unknown";
+}
+
 export type ScheduleMessageProcessor = (
   conversationId: string,
   message: string,
+  options?: ScheduleMessageOptions,
 ) => Promise<unknown>;
 
 export type ReminderNotifier = (reminder: {
@@ -218,7 +223,9 @@ async function runScheduleOnce(
         },
         "Executing schedule",
       );
-      await processMessage(conversation.id, job.message);
+      await processMessage(conversation.id, job.message, {
+        trustClass: "guardian",
+      });
       completeScheduleRun(runId, { status: "ok" });
       notifySchedule({ id: job.id, name: job.name });
       processed += 1;
@@ -267,7 +274,9 @@ async function runScheduleOnce(
           },
           "Executing reminder",
         );
-        await processMessage(conversation.id, reminder.message);
+        await processMessage(conversation.id, reminder.message, {
+          trustClass: "guardian",
+        });
         completeReminder(reminder.id);
       } catch (err) {
         log.warn(

package/src/tools/apps/executors.ts

@@ -43,7 +43,6 @@ export interface AppStoreWriter {
     schemaJson: string;
     htmlDefinition: string;
     pages?: Record<string, string>;
-    appType?: "app" | "site";
   }): AppDefinition;
   updateApp(
     id: string,
@@ -84,9 +83,8 @@ export interface AppCreateInput {
   name: string;
   description?: string;
   schema_json?: string;
-  html: string;
+  html?: string;
   pages?: Record<string, string>;
-  type?: "app" | "site";
   auto_open?: boolean;
   set_as_home_base?: boolean;
   preview?: Record<string, unknown>;
@@ -100,11 +98,24 @@ export async function executeAppCreate(
   const name = input.name;
   const description = input.description;
   const schemaJson = input.schema_json ?? "{}";
-  const htmlDefinition = input.html;
+  // Default to a minimal scaffold only when html is truly omitted; reject
+  // invalid types (e.g. object/number) so malformed tool calls surface errors.
+  let htmlDefinition: string;
+  if (typeof input.html === "string") {
+    htmlDefinition = input.html;
+  } else if (input.html == null) {
+    htmlDefinition = "<!DOCTYPE html><html><head></head><body></body></html>";
+  } else {
+    return {
+      content: JSON.stringify({
+        error: `html must be a string, got ${typeof input.html}`,
+      }),
+      isError: true,
+    };
+  }
   const pages = input.pages;
   const autoOpen = input.auto_open !== false; // default true
   const preview = input.preview;
-  const appType = input.type === "site" ? ("site" as const) : ("app" as const);
 
   // Validate required fields — LLM input is not type-checked at runtime
   if (typeof name !== "string" || name.trim() === "") {
@@ -115,15 +126,6 @@ export async function executeAppCreate(
       isError: true,
     };
   }
-  if (typeof htmlDefinition !== "string") {
-    return {
-      content: JSON.stringify({
-        error:
-          "html is required and must be a string containing the HTML definition",
-      }),
-      isError: true,
-    };
-  }
   if (pages) {
     for (const [filename, content] of Object.entries(pages)) {
       if (typeof content !== "string") {
@@ -143,7 +145,6 @@ export async function executeAppCreate(
     schemaJson,
     htmlDefinition,
     pages,
-    appType,
   });
 
   if (input.set_as_home_base) {

package/src/tools/calls/call-end.ts

@@ -13,7 +13,7 @@ export async function executeCallEnd(
     };
   }
 
-  const reason = input.reason as string | undefined;
+  const reason = input.end_reason as string | undefined;
 
   const result = await cancelCall({ callSessionId, reason });
 

package/src/tools/computer-use/definitions.ts

@@ -21,6 +21,12 @@ function proxyExecute(): Promise<ToolExecutionResult> {
   );
 }
 
+const reasonProperty = {
+  type: "string" as const,
+  description:
+    "Brief non-technical explanation of why this tool is being called",
+};
+
 function makeClickTool(name: string, verb: string): Tool {
   return {
     name,
@@ -55,6 +61,7 @@ function makeClickTool(name: string, verb: string): Tool {
               type: "string",
               description: `Explanation of what you see and why you are ${verb.toLowerCase()}ing here`,
             },
+            reason: reasonProperty,
           },
           required: ["reasoning"],
         },
@@ -109,6 +116,7 @@ export const computerUseTypeTextTool: Tool = {
             type: "string",
             description: "Explanation of what you are typing and why",
           },
+          reason: reasonProperty,
         },
         required: ["text", "reasoning"],
       },
@@ -146,6 +154,7 @@ export const computerUseKeyTool: Tool = {
             type: "string",
             description: "Explanation of why you are pressing this key",
           },
+          reason: reasonProperty,
         },
         required: ["key", "reasoning"],
       },
@@ -200,6 +209,7 @@ export const computerUseScrollTool: Tool = {
             type: "string",
             description: "Explanation of why you are scrolling",
           },
+          reason: reasonProperty,
         },
         required: ["direction", "amount", "reasoning"],
       },
@@ -260,6 +270,7 @@ export const computerUseDragTool: Tool = {
             type: "string",
             description: "Explanation of what you are dragging and why",
           },
+          reason: reasonProperty,
         },
         required: ["reasoning"],
       },
@@ -295,6 +306,7 @@ export const computerUseWaitTool: Tool = {
             type: "string",
             description: "Explanation of what you are waiting for",
           },
+          reason: reasonProperty,
         },
         required: ["duration_ms", "reasoning"],
       },
@@ -333,6 +345,7 @@ export const computerUseOpenAppTool: Tool = {
             description:
               "Explanation of why you need to open or switch to this app",
           },
+          reason: reasonProperty,
         },
         required: ["app_name", "reasoning"],
       },
@@ -376,6 +389,7 @@ export const computerUseRunAppleScriptTool: Tool = {
             description:
               "Explanation of what this script does and why AppleScript is better than UI interaction for this step",
           },
+          reason: reasonProperty,
         },
         required: ["script", "reasoning"],
       },
@@ -407,6 +421,7 @@ export const computerUseDoneTool: Tool = {
             type: "string",
             description: "Human-readable summary of what was accomplished",
           },
+          reason: reasonProperty,
         },
         required: ["summary"],
       },
@@ -443,6 +458,7 @@ export const computerUseRespondTool: Tool = {
             type: "string",
             description: "Explanation of how you determined the answer",
           },
+          reason: reasonProperty,
         },
         required: ["answer", "reasoning"],
       },

package/src/tools/credentials/vault.ts

@@ -227,7 +227,7 @@ class CredentialStoreTool implements Tool {
               required: ["hostPattern", "injectionType"],
             },
             description:
-              "Templates describing how to inject this credential into proxied requests (only for store action)",
+              "Templates describing how to inject this credential into proxied requests (for store and prompt actions)",
           },
           reason: {
             type: "string",
@@ -568,6 +568,88 @@ class CredentialStoreTool implements Tool {
         }
         const promptPolicy = toPolicyFromInput(promptPolicyInput);
 
+        // Parse and validate injection templates (same logic as store action)
+        const promptRawTemplates = input.injection_templates as unknown[] | undefined;
+        let promptInjectionTemplates: CredentialInjectionTemplate[] | undefined;
+        if (promptRawTemplates !== undefined) {
+          if (!Array.isArray(promptRawTemplates)) {
+            return {
+              content: "Error: injection_templates must be an array",
+              isError: true,
+            };
+          }
+          const promptTemplateErrors: string[] = [];
+          promptInjectionTemplates = [];
+          for (let i = 0; i < promptRawTemplates.length; i++) {
+            const t = promptRawTemplates[i] as Record<string, unknown>;
+            if (typeof t !== "object" || t == null) {
+              promptTemplateErrors.push(
+                `injection_templates[${i}] must be an object`,
+              );
+              continue;
+            }
+            if (
+              typeof t.hostPattern !== "string" ||
+              t.hostPattern.trim().length === 0
+            ) {
+              promptTemplateErrors.push(
+                `injection_templates[${i}].hostPattern must be a non-empty string`,
+              );
+            }
+            if (t.injectionType !== "header" && t.injectionType !== "query") {
+              promptTemplateErrors.push(
+                `injection_templates[${i}].injectionType must be 'header' or 'query'`,
+              );
+            } else if (t.injectionType === "header") {
+              if (
+                typeof t.headerName !== "string" ||
+                t.headerName.trim().length === 0
+              ) {
+                promptTemplateErrors.push(
+                  `injection_templates[${i}].headerName is required when injectionType is 'header'`,
+                );
+              }
+            } else if (t.injectionType === "query") {
+              if (
+                typeof t.queryParamName !== "string" ||
+                t.queryParamName.trim().length === 0
+              ) {
+                promptTemplateErrors.push(
+                  `injection_templates[${i}].queryParamName is required when injectionType is 'query'`,
+                );
+              }
+            }
+            if (
+              t.valuePrefix !== undefined &&
+              typeof t.valuePrefix !== "string"
+            ) {
+              promptTemplateErrors.push(
+                `injection_templates[${i}].valuePrefix must be a string`,
+              );
+            }
+            if (promptTemplateErrors.length === 0) {
+              promptInjectionTemplates.push({
+                hostPattern: t.hostPattern as string,
+                injectionType: t.injectionType as "header" | "query",
+                headerName:
+                  typeof t.headerName === "string" ? t.headerName : undefined,
+                valuePrefix:
+                  typeof t.valuePrefix === "string" ? t.valuePrefix : undefined,
+                queryParamName:
+                  typeof t.queryParamName === "string"
+                    ? t.queryParamName
+                    : undefined,
+              });
+            }
+          }
+          if (promptTemplateErrors.length > 0) {
+            return {
+              content: `Error: ${promptTemplateErrors.join("; ")}`,
+              isError: true,
+            };
+          }
+        }
+
         try {
           assertMetadataWritable();
         } catch {
@@ -626,6 +708,7 @@ class CredentialStoreTool implements Tool {
                 allowedTools: promptPolicy.allowedTools,
                 allowedDomains: promptPolicy.allowedDomains,
                 usageDescription: promptPolicy.usageDescription,
+                injectionTemplates: promptInjectionTemplates,
               });
             } catch (err) {
               // Without metadata the broker's policy checks will reject usage,
@@ -666,6 +749,7 @@ class CredentialStoreTool implements Tool {
             allowedTools: promptPolicy.allowedTools,
             allowedDomains: promptPolicy.allowedDomains,
             usageDescription: promptPolicy.usageDescription,
+            injectionTemplates: promptInjectionTemplates,
           });
         } catch (err) {
           log.warn(
@@ -673,7 +757,7 @@ class CredentialStoreTool implements Tool {
             "metadata write failed after storing credential",
           );
         }
-        const promptMeta = getCredentialMetadata(service, field);
+      const promptMeta = getCredentialMetadata(service, field);
         const promptCredIdSuffix = promptMeta
           ? ` (credential_id: ${promptMeta.credentialId})`
           : "";

package/src/tools/network/script-proxy/session-manager.ts

@@ -2,6 +2,7 @@ import { randomUUID } from "node:crypto";
 import type { Server } from "node:http";
 import { join } from "node:path";
 
+import { getProviderProfile } from "../../../oauth/provider-profiles.js";
 import {
   buildDecisionTrace,
   createProxyServer,
@@ -29,7 +30,10 @@ import {
 } from "../../credentials/host-pattern-match.js";
 import { listCredentialMetadata } from "../../credentials/metadata-store.js";
 import type { CredentialInjectionTemplate } from "../../credentials/policy-types.js";
-import { resolveById } from "../../credentials/resolve.js";
+import {
+  resolveById,
+  type ResolvedCredential,
+} from "../../credentials/resolve.js";
 
 const log = getLogger("proxy-session");
 
@@ -62,6 +66,26 @@ const sessions = new Map<ProxySessionId, ManagedSession>();
  */
 const acquireLocks = new Map<string, Promise<ProxySession>>();
 
+/**
+ * Resolve injection templates for a credential.
+ *
+ * Preferred source is credential metadata. For legacy OAuth credentials that
+ * predate provider-level template registration, fall back to well-known
+ * profile templates when this is an access_token credential.
+ */
+function resolveInjectionTemplates(
+  resolved: ResolvedCredential | undefined,
+): CredentialInjectionTemplate[] {
+  if (!resolved) return [];
+  if (resolved.injectionTemplates.length > 0)
+    return resolved.injectionTemplates;
+  if (resolved.field !== "access_token") return [];
+
+  const profile = getProviderProfile(resolved.service);
+  if (!profile?.injectionTemplates?.length) return [];
+  return profile.injectionTemplates;
+}
+
 /** Return a defensive copy so callers cannot mutate internal state. */
 function cloneSession(s: ProxySession): ProxySession {
   return {
@@ -153,8 +177,9 @@ export async function startSession(
   const templates = new Map<string, CredentialInjectionTemplate[]>();
   for (const credId of managed.session.credentialIds) {
     const resolved = resolveById(credId);
-    if (resolved?.injectionTemplates?.length) {
-      templates.set(credId, resolved.injectionTemplates);
+    const injectionTemplates = resolveInjectionTemplates(resolved);
+    if (injectionTemplates.length > 0) {
+      templates.set(credId, injectionTemplates);
     }
   }
 

package/src/tools/permission-checker.ts

@@ -127,6 +127,24 @@ export class PermissionChecker {
       }
 
       if (result.decision === "prompt") {
+        // Guardian-trust sessions (e.g. scheduled jobs, reminders) should be
+        // able to use bundled tools without interactive approval. The guardian
+        // is the owner — prompting makes no sense when there is no client.
+        if (
+          context.isInteractive === false &&
+          context.trustClass === "guardian"
+        ) {
+          log.info(
+            { toolName: name, riskLevel },
+            "Auto-approving for non-interactive guardian session",
+          );
+          return {
+            allowed: true,
+            decision: "guardian_auto_approve",
+            riskLevel,
+          };
+        }
+
         // Non-interactive sessions have no client to respond to prompts —
         // deny immediately instead of blocking for the full permission timeout.
         if (context.isInteractive === false) {

package/src/tools/terminal/shell.ts

@@ -1,10 +1,6 @@
 import { spawn } from "node:child_process";
 
 import { getConfig } from "../../config/loader.js";
-import {
-  buildCredentialRefTrace,
-  type ProxyEnvVars,
-} from "../../outbound-proxy/index.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
 import { redactSecrets } from "../../security/secret-scanner.js";
@@ -17,10 +13,24 @@ import {
 } from "../network/script-proxy/index.js";
 import { registerTool } from "../registry.js";
 import { formatShellOutput } from "../shared/shell-output.js";
-import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
+import type {
+  ProxyEnvVars,
+  Tool,
+  ToolContext,
+  ToolExecutionResult,
+} from "../types.js";
 import { buildSanitizedEnv } from "./safe-env.js";
 import { wrapCommand } from "./sandbox.js";
 
+/** Build a credential ref resolution trace for diagnostic logging. */
+function buildCredentialRefTrace(
+  rawRefs: string[],
+  resolvedIds: string[],
+  unresolvedRefs: string[],
+) {
+  return { rawRefs, resolvedIds, unresolvedRefs };
+}
+
 const log = getLogger("shell-tool");
 
 class ShellTool implements Tool {