@vellumai/assistant 0.4.33 → 0.4.35

package/src/runtime/routes/inbound-stages/verification-intercept.ts

@@ -95,8 +95,8 @@ export async function handleVerificationIntercept(
   // Only intercept when there is a pending challenge or active outbound session
   const shouldIntercept =
     guardianVerifyCode !== undefined &&
-    (!!getPendingChallenge(canonicalAssistantId, sourceChannel) ||
-      !!findActiveSession(canonicalAssistantId, sourceChannel));
+    (!!getPendingChallenge(sourceChannel) ||
+      !!findActiveSession(sourceChannel));
 
   if (
     isDuplicate ||
@@ -108,7 +108,6 @@ export async function handleVerificationIntercept(
   }
 
   const verifyResult = validateAndConsumeChallenge(
-    canonicalAssistantId,
     sourceChannel,
     guardianVerifyCode,
     canonicalSenderId ?? rawSenderId,
@@ -144,7 +143,6 @@ export async function handleVerificationIntercept(
         : actorDisplayName;
 
     upsertMember({
-      assistantId: canonicalAssistantId,
       sourceChannel,
       externalUserId: canonicalSenderId ?? rawSenderId,
       externalChatId: conversationExternalId,
@@ -181,7 +179,7 @@ export async function handleVerificationIntercept(
         );
       } else {
         // Revoke any existing active binding before creating a new one (same-user re-verification)
-        revokeGuardianBinding(canonicalAssistantId, sourceChannel);
+        revokeGuardianBinding(sourceChannel);
 
         const metadata: Record<string, string> = {};
         if (actorUsername && actorUsername.trim().length > 0) {
@@ -202,7 +200,6 @@ export async function handleVerificationIntercept(
           rawSenderId;
 
         createGuardianBinding({
-          assistantId: canonicalAssistantId,
           channel: sourceChannel,
           guardianExternalUserId: canonicalSenderId ?? rawSenderId,
           guardianDeliveryChatId: conversationExternalId,
@@ -235,7 +232,6 @@ export async function handleVerificationIntercept(
         sourceEventName: "ingress.trusted_contact.activated",
         sourceChannel,
         sourceSessionId: conversationId,
-        assistantId: canonicalAssistantId,
         attentionHints: {
           requiresAction: false,
           urgency: "low",

package/src/runtime/routes/pairing-routes.ts

@@ -37,22 +37,22 @@ function mintPairingCredentials(
   platform: string,
 ): PairingCredentials | null {
   try {
-    const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
     // Pairing can run before a local client has touched the actor-token
     // bootstrap path. Ensure the vellum guardian principal exists so iOS
     // pairings always have a mint target.
-    const guardianPrincipalId = ensureVellumGuardianBinding(assistantId);
+    const guardianPrincipalId = ensureVellumGuardianBinding(
+      DAEMON_INTERNAL_ASSISTANT_ID,
+    );
     const hashedDeviceId = hashDeviceId(deviceId);
 
     const credentials = mintCredentialPair({
-      assistantId,
       platform,
       deviceId,
       guardianPrincipalId,
       hashedDeviceId,
     });
 
-    log.info({ assistantId, platform }, "Minted credentials during pairing");
+    log.info({ platform }, "Minted credentials during pairing");
     return {
       accessToken: credentials.accessToken,
       accessTokenExpiresAt: credentials.accessTokenExpiresAt,

package/src/runtime/routes/surface-content-routes.ts

@@ -0,0 +1,104 @@
+/**
+ * Route handler for fetching surface content by ID.
+ *
+ * GET /v1/surfaces/:surfaceId — return the full surface payload from the
+ * session's in-memory surface state. Used by clients to re-hydrate surfaces
+ * whose data was stripped during memory compaction.
+ */
+import type { SurfaceData, SurfaceType } from "../../daemon/ipc-contract/surfaces.js";
+import { getLogger } from "../../util/logger.js";
+import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
+
+const log = getLogger("surface-content-routes");
+
+/** Narrow interface for looking up surface state from a session. */
+interface SurfaceContentTarget {
+  surfaceState: Map<
+    string,
+    { surfaceType: SurfaceType; data: SurfaceData; title?: string }
+  >;
+  currentTurnSurfaces?: Array<{
+    surfaceId: string;
+    surfaceType: SurfaceType;
+    title?: string;
+    data: SurfaceData;
+    actions?: Array<{ id: string; label: string; style?: string }>;
+  }>;
+}
+
+export type SurfaceContentSessionLookup = (
+  sessionId: string,
+) => SurfaceContentTarget | undefined;
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function surfaceContentRouteDefinitions(deps: {
+  findSession?: SurfaceContentSessionLookup;
+}): RouteDefinition[] {
+  return [
+    {
+      endpoint: "surfaces/:surfaceId",
+      method: "GET",
+      handler: ({ url, params }) => {
+        if (!deps.findSession) {
+          return httpError(
+            "NOT_IMPLEMENTED",
+            "Surface content lookup not available",
+            501,
+          );
+        }
+
+        const sessionId = url.searchParams.get("sessionId");
+        if (!sessionId) {
+          return httpError("BAD_REQUEST", "sessionId query parameter is required", 400);
+        }
+
+        const surfaceId = params.surfaceId;
+        if (!surfaceId) {
+          return httpError("BAD_REQUEST", "surfaceId path parameter is required", 400);
+        }
+
+        const session = deps.findSession(sessionId);
+        if (!session) {
+          return httpError(
+            "NOT_FOUND",
+            "No active session found for this sessionId",
+            404,
+          );
+        }
+
+        // Look up the surface in the session's in-memory state.
+        const stored = session.surfaceState.get(surfaceId);
+        if (stored) {
+          log.info({ sessionId, surfaceId }, "Surface content served from surfaceState");
+          return Response.json({
+            surfaceId,
+            surfaceType: stored.surfaceType,
+            title: stored.title ?? null,
+            data: stored.data,
+          });
+        }
+
+        // Fall back to currentTurnSurfaces in case the surface hasn't been
+        // committed to surfaceState yet (e.g. mid-turn).
+        const turnSurface = session.currentTurnSurfaces?.find(
+          (s) => s.surfaceId === surfaceId,
+        );
+        if (turnSurface) {
+          log.info({ sessionId, surfaceId }, "Surface content served from currentTurnSurfaces");
+          return Response.json({
+            surfaceId,
+            surfaceType: turnSurface.surfaceType,
+            title: turnSurface.title ?? null,
+            data: turnSurface.data,
+          });
+        }
+
+        return httpError("NOT_FOUND", "Surface not found in session", 404);
+      },
+    },
+  ];
+}

package/src/runtime/tool-grant-request-helper.ts

@@ -146,7 +146,6 @@ export function createOrReuseToolGrantRequest(
     sourceEventName: "guardian.question",
     sourceChannel,
     sourceSessionId: conversationId,
-    assistantId,
     attentionHints: {
       requiresAction: true,
       urgency: "high",

package/src/tools/browser/browser-manager.ts

@@ -1,11 +1,11 @@
-import { mkdirSync } from "node:fs";
+import { existsSync, mkdirSync } from "node:fs";
 import { join } from "node:path";
 
 import { getLogger } from "../../util/logger.js";
 import { getDataDir } from "../../util/platform.js";
 import { authSessionCache } from "./auth-cache.js";
 import type { ExtractedCredential } from "./network-recording-types.js";
-import { checkBrowserRuntime } from "./runtime-check.js";
+import { importPlaywright } from "./runtime-check.js";
 
 const log = getLogger("browser-manager");
 
@@ -129,20 +129,6 @@ export function setLaunchFn(fn: LaunchFn | null): void {
   launchPersistentContext = fn;
 }
 
-async function getDefaultLaunchFn(): Promise<LaunchFn> {
-  const pw = await import("playwright");
-  // In compiled Bun binaries, CJS→ESM interop may place named exports
-  // under .default instead of at the top level of the module namespace.
-  const chromium =
-    pw.chromium ?? (pw.default as typeof pw | undefined)?.chromium;
-  if (!chromium) {
-    throw new Error(
-      "Failed to resolve Playwright chromium — the module loaded but 'chromium' is missing",
-    );
-  }
-  return chromium.launchPersistentContext.bind(chromium);
-}
-
 function getProfileDir(): string {
   return join(getDataDir(), "browser-profile");
 }
@@ -177,10 +163,24 @@ class BrowserManager {
     this.contextCreating = (async () => {
       await authSessionCache.load();
 
-      // Auto-install Chromium if needed (skip when test launcher is injected)
-      if (!launchPersistentContext) {
-        const status = await checkBrowserRuntime();
-        if (status.playwrightAvailable && !status.chromiumInstalled) {
+      // Resolve launch function: use injected test launcher or resolve
+      // playwright (may install at runtime in compiled binaries).
+      let launch: LaunchFn;
+      if (launchPersistentContext) {
+        launch = launchPersistentContext;
+      } else {
+        const pw = await importPlaywright();
+
+        // Auto-install Chromium if the browser binary is missing
+        let chromiumInstalled = false;
+        try {
+          const execPath = pw.chromium.executablePath();
+          chromiumInstalled = existsSync(execPath);
+        } catch {
+          // executablePath() may throw if registry is missing
+        }
+
+        if (!chromiumInstalled) {
           log.info("Chromium not installed, installing via playwright...");
           const proc = Bun.spawn(
             ["bunx", "playwright", "install", "chromium"],
@@ -213,11 +213,12 @@ class BrowserManager {
             throw new Error(`Failed to install Chromium: ${msg}`);
           }
         }
+
+        launch = pw.chromium.launchPersistentContext.bind(pw.chromium);
       }
 
       const profileDir = getProfileDir();
       mkdirSync(profileDir, { recursive: true });
-      const launch = launchPersistentContext ?? (await getDefaultLaunchFn());
       const headless = !canDisplayGui();
       const ctx = await launch(profileDir, { headless });
       log.info(

package/src/tools/browser/runtime-check.ts

@@ -1,4 +1,7 @@
-import { existsSync } from "node:fs";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import { getWorkspaceDir } from "../../util/platform.js";
 
 export interface BrowserRuntimeStatus {
   playwrightAvailable: boolean;
@@ -7,14 +10,116 @@ export interface BrowserRuntimeStatus {
   error: string | null;
 }
 
+/**
+ * Resolve playwright's chromium export from a module namespace object,
+ * handling CJS→ESM interop where named exports may land under .default.
+ */
+function resolveChromium(
+  pw: Record<string, unknown>,
+): Record<string, unknown> | undefined {
+  if (pw.chromium) return pw;
+  const def = pw.default as Record<string, unknown> | undefined;
+  if (def?.chromium) return def;
+  return undefined;
+}
+
+/**
+ * Try importing playwright from the bundled binary. Returns the module
+ * if chromium is resolvable, otherwise undefined. This never installs
+ * anything — safe for diagnostic/read-only use.
+ */
+async function tryBundledPlaywright(): Promise<
+  typeof import("playwright") | undefined
+> {
+  try {
+    const pw = await import("playwright");
+    const mod = resolveChromium(pw as unknown as Record<string, unknown>);
+    if (mod?.chromium) return mod as unknown as typeof import("playwright");
+  } catch {
+    // Bundled import failed entirely
+  }
+  return undefined;
+}
+
+/**
+ * Resolve the package entry point from its package.json exports/main fields.
+ */
+function resolvePackageEntry(pkgDir: string): string {
+  try {
+    const pkg = JSON.parse(readFileSync(join(pkgDir, "package.json"), "utf-8"));
+    // Prefer ESM entry from exports map
+    const exportsRoot = pkg.exports?.["."];
+    if (typeof exportsRoot === "object" && exportsRoot?.import) {
+      return join(pkgDir, exportsRoot.import);
+    }
+    if (pkg.module) return join(pkgDir, pkg.module);
+    if (pkg.main) return join(pkgDir, pkg.main);
+  } catch {
+    // Fall through to default
+  }
+  return join(pkgDir, "index.mjs");
+}
+
+/**
+ * Import playwright, falling back to a runtime-installed copy if the
+ * bundled import fails (compiled Bun binaries can't initialize
+ * playwright's in-process client/server bridge correctly).
+ */
+export async function importPlaywright(): Promise<typeof import("playwright")> {
+  // Try bundled import (works in dev/source mode)
+  const bundled = await tryBundledPlaywright();
+  if (bundled) return bundled;
+
+  // Compiled binary fallback: install playwright to disk and import
+  // from an absolute path so the JS runtime resolves it from the
+  // filesystem instead of the compiled module cache.
+  const externalDir = join(getWorkspaceDir(), "external");
+  const pwPkg = join(externalDir, "node_modules", "playwright");
+
+  if (!existsSync(join(pwPkg, "package.json"))) {
+    mkdirSync(externalDir, { recursive: true });
+    if (!existsSync(join(externalDir, "package.json"))) {
+      writeFileSync(join(externalDir, "package.json"), '{"private":true}\n');
+    }
+    const proc = Bun.spawn(["bun", "add", "playwright"], {
+      cwd: externalDir,
+      stdout: "pipe",
+      stderr: "pipe",
+    });
+    const exitCode = await proc.exited;
+    if (exitCode !== 0) {
+      const stderr = await new Response(proc.stderr).text();
+      throw new Error(`Failed to install playwright: ${stderr}`);
+    }
+  }
+
+  // Dynamic import with a runtime-computed path — bun can't statically
+  // analyze this, so it resolves from the filesystem at runtime.
+  const entryPath = resolvePackageEntry(pwPkg);
+  const pw: Record<string, unknown> = await import(entryPath);
+  const mod = resolveChromium(pw);
+  if (!mod?.chromium) {
+    throw new Error(
+      "Failed to resolve Playwright chromium from runtime-installed copy",
+    );
+  }
+  return mod as unknown as typeof import("playwright");
+}
+
 export async function checkBrowserRuntime(): Promise<BrowserRuntimeStatus> {
-  // Check if playwright can be imported
+  // Diagnostic only — no side effects (no playwright installation)
   let chromium: { executablePath: () => string };
   try {
-    const pw = await import("playwright");
-    // In compiled Bun binaries, CJS→ESM interop may place named exports
-    // under .default instead of at the top level of the module namespace.
-    chromium = pw.chromium ?? (pw.default as typeof pw | undefined)?.chromium;
+    const pw = await tryBundledPlaywright();
+    if (!pw) {
+      return {
+        playwrightAvailable: false,
+        chromiumInstalled: false,
+        chromiumPath: null,
+        error: "playwright package not available",
+      };
+    }
+    chromium = pw.chromium;
   } catch {
     return {
       playwrightAvailable: false,

package/src/tools/calls/call-start.ts

@@ -1,6 +1,5 @@
 import { startCall } from "../../calls/call-domain.js";
 import { getConfig } from "../../config/loader.js";
-import { DAEMON_INTERNAL_ASSISTANT_ID } from "../../runtime/assistant-scope.js";
 import { findActiveSession } from "../../runtime/channel-guardian-service.js";
 import { normalizePhoneNumber } from "../../util/phone.js";
 import type { ToolContext, ToolExecutionResult } from "../types.js";
@@ -22,8 +21,7 @@ export async function executeCallStart(
       ? normalizePhoneNumber(input.phone_number)
       : null;
   if (requestedPhone) {
-    const assistantId = context.assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID;
-    const activeVoiceVerification = findActiveSession(assistantId, "voice");
+    const activeVoiceVerification = findActiveSession("voice");
     const verificationDestination =
       activeVoiceVerification?.destinationAddress ??
       activeVoiceVerification?.expectedPhoneE164;

package/src/tools/followups/followup_create.ts

@@ -1,7 +1,6 @@
 import { getContact } from "../../contacts/contact-store.js";
 import { createFollowUp } from "../../followups/followup-store.js";
 import type { FollowUp } from "../../followups/types.js";
-import { DAEMON_INTERNAL_ASSISTANT_ID } from "../../runtime/assistant-scope.js";
 import type { ToolContext, ToolExecutionResult } from "../types.js";
 
 function formatFollowUp(f: FollowUp): string {
@@ -63,7 +62,7 @@ export async function executeFollowupCreate(
 
   // Validate contact exists if provided
   if (contactId) {
-    const contact = getContact(contactId, DAEMON_INTERNAL_ASSISTANT_ID);
+    const contact = getContact(contactId);
     if (!contact) {
       return {
         content: `Error: Contact "${contactId}" not found`,

package/src/tools/tool-approval-handler.ts

@@ -5,7 +5,6 @@ import {
   updateCanonicalGuardianRequest,
 } from "../memory/canonical-guardian-store.js";
 import { isUntrustedTrustClass } from "../runtime/actor-trust-resolver.js";
-import { DAEMON_INTERNAL_ASSISTANT_ID } from "../runtime/assistant-scope.js";
 import { createOrReuseToolGrantRequest } from "../runtime/tool-grant-request-helper.js";
 import { computeToolApprovalDigest } from "../security/tool-approval-digest.js";
 import { getTaskRunRules } from "../tasks/ephemeral-permissions.js";
@@ -275,7 +274,6 @@ export class ToolApprovalHandler {
         inputDigest,
         consumingRequestId:
           context.requestId ?? `preexec-${context.sessionId}-${Date.now()}`,
-        assistantId: context.assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
         executionChannel: context.executionChannel,
         conversationId: context.conversationId,
         callSessionId: context.callSessionId,