npm - @vellumai/assistant - Versions diffs - 0.4.34 → 0.4.36 - Mend

@vellumai/assistant 0.4.34 → 0.4.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (251) hide show

package/AGENTS.md +1 -1
package/ARCHITECTURE.md +44 -49
package/README.md +32 -20
package/docs/architecture/keychain-broker.md +186 -0
package/docs/architecture/security.md +110 -116
package/docs/runbook-trusted-contacts.md +2 -2
package/docs/skills.md +25 -25
package/package.json +4 -1
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +11 -2
package/src/__tests__/actor-token-service.test.ts +1 -0
package/src/__tests__/amazon-cdp-integration.test.ts +74 -0
package/src/__tests__/assistant-feature-flags-integration.test.ts +38 -9
package/src/__tests__/assistant-id-boundary-guard.test.ts +91 -43
package/src/__tests__/browser-fill-credential.test.ts +1 -1
package/src/__tests__/bundle-scanner.test.ts +1 -1
package/src/__tests__/channel-guardian.test.ts +102 -102
package/src/__tests__/channel-invite-transport.test.ts +155 -256
package/src/__tests__/channel-readiness-routes.test.ts +336 -0
package/src/__tests__/checker.test.ts +6 -6
package/src/__tests__/chrome-cdp.test.ts +350 -0
package/src/__tests__/computer-use-session-lifecycle.test.ts +3 -3
package/src/__tests__/computer-use-session-working-dir.test.ts +86 -52
package/src/__tests__/computer-use-skill-lifecycle-cleanup.test.ts +1 -1
package/src/__tests__/config-loader-migration.test.ts +85 -0
package/src/__tests__/conversation-pairing.test.ts +370 -5
package/src/__tests__/credential-broker-browser-fill.test.ts +1 -10
package/src/__tests__/credential-broker-server-use.test.ts +1 -10
package/src/__tests__/credential-security-e2e.test.ts +7 -1
package/src/__tests__/credential-security-invariants.test.ts +14 -20
package/src/__tests__/credential-vault-unit.test.ts +1 -11
package/src/__tests__/credential-vault.test.ts +5 -19
package/src/__tests__/credentials-cli.test.ts +806 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +23 -4
package/src/__tests__/email-invite-adapter.test.ts +78 -0
package/src/__tests__/email-service-config-fallback.test.ts +102 -0
package/src/__tests__/encrypted-store.test.ts +6 -6
package/src/__tests__/ephemeral-permissions.test.ts +3 -3
package/src/__tests__/gateway-only-enforcement.test.ts +5 -1
package/src/__tests__/guardian-actions-endpoint.test.ts +70 -12
package/src/__tests__/guardian-outbound-http.test.ts +53 -47
package/src/__tests__/handle-user-message-secret-resume.test.ts +23 -0
package/src/__tests__/handlers-add-trust-rule-metadata.test.ts +32 -23
package/src/__tests__/handlers-telegram-config.test.ts +8 -2
package/src/__tests__/handlers-twitter-config.test.ts +2 -2
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +108 -7
package/src/__tests__/ingress-reconcile.test.ts +6 -0
package/src/__tests__/intent-routing.test.ts +23 -4
package/src/__tests__/invite-routes-http.test.ts +12 -0
package/src/__tests__/ipc-snapshot.test.ts +8 -2
package/src/__tests__/keychain-broker-client.test.ts +543 -0
package/src/__tests__/llm-usage-store.test.ts +344 -0
package/src/__tests__/mcp-client-auth.test.ts +2 -2
package/src/__tests__/media-reuse-story.e2e.test.ts +1 -1
package/src/__tests__/migration-transport.test.ts +49 -0
package/src/__tests__/notification-broadcaster.test.ts +205 -5
package/src/__tests__/notification-deep-link.test.ts +365 -1
package/src/__tests__/oauth-connect-handler.test.ts +2 -2
package/src/__tests__/onboarding-starter-tasks.test.ts +17 -4
package/src/__tests__/proxy-approval-callback.test.ts +1 -1
package/src/__tests__/recording-handler.test.ts +1 -1
package/src/__tests__/recording-intent-handler.test.ts +6 -1
package/src/__tests__/recording-state-machine.test.ts +1 -1
package/src/__tests__/relay-server.test.ts +9 -1
package/src/__tests__/ride-shotgun-handler.test.ts +499 -0
package/src/__tests__/runtime-attachment-metadata.test.ts +160 -1
package/src/__tests__/script-proxy-injection-runtime.test.ts +299 -2
package/src/__tests__/script-proxy-profile-template-fallback.test.ts +1 -1
package/src/__tests__/secret-onetime-send.test.ts +8 -2
package/src/__tests__/secure-keys.test.ts +175 -216
package/src/__tests__/session-confirmation-signals.test.ts +1 -1
package/src/__tests__/session-messaging-secret-redirect.test.ts +1 -1
package/src/__tests__/session-queue.test.ts +2 -1
package/src/__tests__/session-tool-setup-app-refresh.test.ts +2 -2
package/src/__tests__/skill-feature-flags-integration.test.ts +29 -4
package/src/__tests__/skill-feature-flags.test.ts +12 -9
package/src/__tests__/skill-load-feature-flag.test.ts +26 -5
package/src/__tests__/skill-projection.benchmark.test.ts +0 -1
package/src/__tests__/skills.test.ts +34 -4
package/src/__tests__/slack-channel-config.test.ts +2 -2
package/src/__tests__/system-prompt.test.ts +26 -4
package/src/__tests__/telegram-bot-username-resolution.test.ts +212 -0
package/src/__tests__/telegram-invite-adapter.test.ts +164 -0
package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +1 -1
package/src/__tests__/tool-permission-simulate-handler.test.ts +8 -2
package/src/__tests__/trusted-contact-approval-notifier.test.ts +9 -1
package/src/__tests__/twitter-auth-handler.test.ts +2 -2
package/src/__tests__/twitter-oauth-client.test.ts +1 -1
package/src/__tests__/usage-routes.test.ts +339 -0
package/src/__tests__/whatsapp-invite-adapter.test.ts +94 -0
package/src/agent/loop.ts +3 -0
package/src/amazon/checkout.ts +0 -1
package/src/approvals/guardian-request-resolvers.ts +9 -1
package/src/bundler/app-bundler.ts +28 -12
package/src/bundler/bundle-scanner.ts +1 -1
package/src/bundler/bundle-signer.ts +3 -3
package/src/bundler/manifest.ts +1 -1
package/src/bundler/signature-verifier.ts +3 -3
package/src/channels/config.ts +1 -1
package/src/cli/AGENTS.md +63 -0
package/src/cli/__tests__/notifications.test.ts +470 -0
package/src/cli/amazon.ts +344 -167
package/src/cli/audit.ts +85 -0
package/src/cli/autonomy.ts +369 -0
package/src/cli/channels.ts +51 -0
package/src/cli/completions.ts +208 -0
package/src/cli/config.ts +220 -0
package/src/cli/contacts.ts +471 -0
package/src/cli/credentials.ts +564 -0
package/src/cli/default-action.ts +14 -0
package/src/cli/dev.ts +131 -0
package/src/cli/doctor.ts +398 -0
package/src/cli/email.ts +491 -0
package/src/cli/influencer.ts +72 -0
package/src/cli/integrations.ts +248 -57
package/src/cli/keys.ts +114 -0
package/src/cli/map.ts +46 -54
package/src/cli/mcp.ts +111 -3
package/src/cli/{config-commands.ts → memory.ts} +133 -242
package/src/cli/notifications.ts +407 -0
package/src/cli/program.ts +65 -0
package/src/cli/reference.ts +48 -0
package/src/cli/sequence.ts +154 -0
package/src/cli/sessions.ts +262 -0
package/src/cli/trust.ts +177 -0
package/src/cli/twitter.ts +323 -106
package/src/config/__tests__/build-cli-reference-section.test.ts +49 -0
package/src/config/bundled-skills/amazon/SKILL.md +2 -2
package/src/config/bundled-skills/app-builder/TOOLS.json +26 -0
package/src/config/bundled-skills/app-builder/tools/app-generate-icon.ts +13 -0
package/src/config/bundled-skills/contacts/SKILL.md +178 -10
package/src/config/bundled-skills/doordash/doordash-cli.ts +23 -168
package/src/config/bundled-skills/google-oauth-setup/SKILL.md +175 -145
package/src/config/bundled-skills/messaging/tools/shared.ts +4 -1
package/src/config/bundled-skills/twilio-setup/SKILL.md +70 -17
package/src/config/bundled-tool-registry.ts +2 -0
package/src/config/core-schema.ts +7 -0
package/src/config/feature-flag-registry.json +16 -0
package/src/config/loader.ts +26 -0
package/src/config/schema.ts +4 -0
package/src/config/skill-state.ts +0 -13
package/src/config/system-prompt.ts +27 -0
package/src/contacts/contact-store.ts +25 -0
package/src/daemon/computer-use-session.ts +1 -1
package/src/daemon/handlers/apps.ts +1 -0
package/src/daemon/handlers/config-channels.ts +3 -3
package/src/daemon/handlers/config-dispatch.ts +29 -0
package/src/daemon/handlers/config-inbox.ts +4 -3
package/src/daemon/handlers/config.ts +3 -43
package/src/daemon/handlers/contacts.ts +34 -0
package/src/daemon/handlers/index.ts +17 -3
package/src/daemon/handlers/session-user-message.ts +7 -0
package/src/daemon/handlers/sessions.ts +21 -2
package/src/daemon/handlers/shared.ts +17 -0
package/src/daemon/ipc-contract/apps.ts +2 -0
package/src/daemon/ipc-contract/computer-use.ts +9 -0
package/src/daemon/ipc-contract/contacts.ts +3 -3
package/src/daemon/ipc-contract/inbox.ts +2 -0
package/src/daemon/ipc-contract/messages.ts +4 -0
package/src/daemon/ipc-contract/sessions.ts +8 -0
package/src/daemon/ipc-contract-inventory.json +1 -0
package/src/daemon/lifecycle.ts +0 -5
package/src/daemon/ride-shotgun-handler.ts +139 -25
package/src/daemon/session-agent-loop-handlers.ts +100 -0
package/src/daemon/session-agent-loop.ts +72 -0
package/src/daemon/session-tool-setup.ts +7 -0
package/src/daemon/session.ts +23 -1
package/src/daemon/tool-side-effects.ts +39 -1
package/src/email/service.ts +59 -2
package/src/index.ts +2 -60
package/src/mcp/mcp-oauth-provider.ts +90 -8
package/src/media/app-icon-generator.ts +86 -0
package/src/memory/db-init.ts +12 -1
package/src/memory/llm-usage-store.ts +186 -0
package/src/memory/migrations/026-guardian-verification-sessions.ts +28 -9
package/src/memory/migrations/027a-guardian-bootstrap-token.ts +16 -3
package/src/memory/migrations/038-actor-token-records.ts +8 -1
package/src/memory/migrations/039-actor-refresh-token-records.ts +11 -2
package/src/memory/migrations/110-channel-guardian.ts +27 -6
package/src/memory/migrations/112-assistant-inbox.ts +39 -15
package/src/memory/migrations/114-notifications.ts +37 -15
package/src/memory/migrations/117-conversation-attention.ts +33 -9
package/src/memory/migrations/137-usage-dashboard-indexes.ts +26 -0
package/src/memory/migrations/139-drop-usage-composite-indexes.ts +30 -0
package/src/memory/migrations/index.ts +2 -0
package/src/memory/migrations/schema-introspection.ts +18 -0
package/src/memory/schema-migration.ts +1 -0
package/src/memory/shared-app-links-store.ts +1 -1
package/src/messaging/registry.ts +27 -0
package/src/notifications/README.md +79 -70
package/src/notifications/broadcaster.ts +2 -1
package/src/notifications/conversation-pairing.ts +147 -13
package/src/notifications/copy-composer.ts +7 -3
package/src/notifications/destination-resolver.ts +14 -1
package/src/notifications/emit-signal.ts +3 -2
package/src/notifications/signal.ts +105 -1
package/src/notifications/types.ts +16 -0
package/src/permissions/checker.ts +29 -3
package/src/permissions/prompter.ts +11 -3
package/src/runtime/access-request-helper.ts +2 -1
package/src/runtime/auth/route-policy.ts +7 -1
package/src/runtime/channel-invite-transport.ts +40 -63
package/src/runtime/channel-invite-transports/email.ts +13 -39
package/src/runtime/channel-invite-transports/slack.ts +5 -34
package/src/runtime/channel-invite-transports/sms.ts +8 -29
package/src/runtime/channel-invite-transports/telegram.ts +69 -28
package/src/runtime/channel-invite-transports/voice.ts +0 -7
package/src/runtime/channel-invite-transports/whatsapp.ts +43 -0
package/src/runtime/channel-readiness-service.ts +202 -45
package/src/runtime/confirmation-request-guardian-bridge.ts +2 -1
package/src/runtime/guardian-outbound-actions.ts +8 -5
package/src/runtime/http-server.ts +5 -9
package/src/runtime/http-types.ts +13 -1
package/src/runtime/invite-instruction-generator.ts +178 -0
package/src/runtime/invite-service.ts +22 -25
package/src/runtime/migrations/migration-transport.ts +13 -0
package/src/runtime/routes/app-routes.ts +1 -1
package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +8 -7
package/src/runtime/routes/channel-readiness-routes.ts +30 -11
package/src/runtime/routes/contact-routes.ts +54 -26
package/src/runtime/routes/guardian-bootstrap-routes.ts +1 -1
package/src/runtime/routes/inbound-stages/bootstrap-intercept.ts +1 -1
package/src/runtime/routes/inbound-stages/escalation-intercept.ts +2 -1
package/src/runtime/routes/inbound-stages/verification-intercept.ts +2 -1
package/src/runtime/routes/integration-routes.ts +1 -1
package/src/runtime/routes/invite-routes.ts +1 -1
package/src/runtime/routes/secret-routes.ts +31 -7
package/src/runtime/routes/surface-content-routes.ts +104 -0
package/src/runtime/routes/twilio-routes.ts +32 -1
package/src/runtime/routes/usage-routes.ts +114 -0
package/src/runtime/tool-grant-request-helper.ts +2 -1
package/src/security/encrypted-store.ts +9 -5
package/src/security/keychain-broker-client.ts +393 -0
package/src/security/secure-keys.ts +106 -321
package/src/tools/apps/executors.ts +73 -0
package/src/tools/browser/auto-navigate.ts +15 -6
package/src/tools/browser/chrome-cdp.ts +211 -0
package/src/tools/browser/network-recorder.test.ts +83 -0
package/src/tools/browser/network-recorder.ts +8 -7
package/src/tools/browser/x-auto-navigate.ts +12 -6
package/src/tools/credentials/policy-types.ts +24 -0
package/src/tools/credentials/vault.ts +22 -27
package/src/tools/network/script-proxy/session-manager.ts +47 -3
package/src/tools/permission-checker.ts +1 -0
package/src/tools/types.ts +2 -0
package/src/tools/ui-surface/definitions.ts +1 -2
package/src/tools/watch/watch-state.ts +2 -0
package/src/__tests__/key-migration.test.ts +0 -240
package/src/__tests__/keychain.test.ts +0 -286
package/src/cli/core-commands.ts +0 -899
package/src/security/keychain-to-encrypted-migration.ts +0 -66
package/src/security/keychain.ts +0 -490

package/src/daemon/handlers/sessions.ts CHANGED Viewed

@@ -61,6 +61,23 @@ import {
 export { handleUserMessage } from "./session-user-message.js";
 import { handleUserMessage } from "./session-user-message.js";
+/**
+ * Extract a valid ChannelId from a binding's sourceChannel, which may carry a
+ * `notification:` namespace prefix (e.g. `"notification:telegram"` -> `"telegram"`).
+ * Returns the ChannelId if valid, or null otherwise.
+ */
+function parseBindingSourceChannel(
+  sourceChannel: string,
+): import("../../channels/types.js").ChannelId | null {
+  if (isChannelId(sourceChannel)) return sourceChannel;
+  const NOTIFICATION_PREFIX = "notification:";
+  if (sourceChannel.startsWith(NOTIFICATION_PREFIX)) {
+    const inner = sourceChannel.slice(NOTIFICATION_PREFIX.length);
+    if (isChannelId(inner)) return inner;
+  }
+  return null;
+}
 export function syncCanonicalStatusFromIpcConfirmationDecision(
   requestId: string,
   decision: ConfirmationResponse["decision"],
@@ -283,10 +300,12 @@ export function handleSessionList(
         updatedAt: c.updatedAt,
         threadType: normalizeThreadType(c.threadType),
         source: c.source ?? "user",
-        ...(binding && isChannelId(binding.sourceChannel)
+        ...(binding && parseBindingSourceChannel(binding.sourceChannel)
           ? {
               channelBinding: {
-                sourceChannel: binding.sourceChannel,
+                sourceChannel: parseBindingSourceChannel(
+                  binding.sourceChannel,
+                )!,
                 externalChatId: binding.externalChatId,
                 externalUserId: binding.externalUserId,
                 displayName: binding.displayName,

package/src/daemon/handlers/shared.ts CHANGED Viewed

@@ -70,6 +70,14 @@ export interface HistoryToolCall {
   isError?: boolean;
   /** Base64-encoded image data from tool contentBlocks (e.g. browser_screenshot). */
   imageData?: string;
+  /** Unix ms when the tool started executing. */
+  startedAt?: number;
+  /** Unix ms when the tool completed. */
+  completedAt?: number;
+  /** Confirmation decision for this tool call: "approved" | "denied" | "timed_out". */
+  confirmationDecision?: string;
+  /** Friendly label for the confirmation (e.g. "Edit File", "Run Command"). */
+  confirmationLabel?: string;
 }
 export interface HistorySurface {
@@ -468,6 +476,15 @@ export function renderHistoryContent(content: unknown): RenderedHistoryContent {
         : {};
       const id = typeof block.id === "string" ? block.id : "";
       const entry: HistoryToolCall = { name, input };
+      // Extract persisted timing/confirmation metadata
+      if (typeof block._startedAt === "number")
+        entry.startedAt = block._startedAt;
+      if (typeof block._completedAt === "number")
+        entry.completedAt = block._completedAt;
+      if (typeof block._confirmationDecision === "string")
+        entry.confirmationDecision = block._confirmationDecision;
+      if (typeof block._confirmationLabel === "string")
+        entry.confirmationLabel = block._confirmationLabel;
       toolCalls.push(entry);
       if (id) pendingToolUses.set(id, entry);
       contentOrder.push(`tool:${toolCalls.length - 1}`);

package/src/daemon/ipc-contract/apps.ts CHANGED Viewed

@@ -238,6 +238,8 @@ export interface ForkSharedAppResponse {
 export interface BundleAppResponse {
   type: "bundle_app_response";
   bundlePath: string;
+  /** Base64-encoded PNG of the generated app icon, if available. */
+  iconImageBase64?: string;
   manifest: {
     format_version: number;
     name: string;

package/src/daemon/ipc-contract/computer-use.ts CHANGED Viewed

@@ -217,6 +217,14 @@ export interface WatchCompleteRequest {
   watchId: string;
 }
+/** Server → Client: bootstrap failure during learn-mode recording setup. */
+export interface RideShotgunError {
+  type: "ride_shotgun_error";
+  watchId: string;
+  sessionId: string;
+  message: string;
+}
 // --- Domain-level union aliases (consumed by the barrel file) ---
 export type _ComputerUseClientMessages =
@@ -236,6 +244,7 @@ export type _ComputerUseServerMessages =
   | TaskRouted
   | RideShotgunProgress
   | RideShotgunResult
+  | RideShotgunError
   | WatchStarted
   | WatchCompleteRequest
   | RecordingStart

package/src/daemon/ipc-contract/contacts.ts CHANGED Viewed

@@ -1,11 +1,11 @@
-// Contact management: list, get, and update channel status.
+// Contact management: list, get, update channel status, and delete.
 // === Client → Server ===
 export interface ContactsRequest {
   type: "contacts";
-  action: "list" | "get" | "update_channel";
-  /** Contact ID (get only). */
+  action: "list" | "get" | "update_channel" | "delete";
+  /** Contact ID (get and delete). */
   contactId?: string;
   /** Channel ID (update_channel only). */
   channelId?: string;

package/src/daemon/ipc-contract/inbox.ts CHANGED Viewed

@@ -25,6 +25,8 @@ export interface ContactsInviteRequest {
   status?: string;
   /** Invitee's first name (voice invite create only). */
   friendName?: string;
+  /** Contact display name for personalizing invite instructions (create only). */
+  contactName?: string;
   /** Guardian's first name (voice invite create only). */
   guardianName?: string;
 }

package/src/daemon/ipc-contract/messages.ts CHANGED Viewed

@@ -80,6 +80,8 @@ export interface ToolUseStart {
   toolName: string;
   input: Record<string, unknown>;
   sessionId?: string;
+  /** The tool_use block ID for client-side correlation. */
+  toolUseId?: string;
 }
 export interface ToolOutputChunk {
@@ -240,6 +242,8 @@ export interface ConfirmationStateChanged {
   causedByRequestId?: string;
   /** Normalized user text for analytics/debug (e.g. "approve", "deny"). */
   decisionText?: string;
+  /** The tool_use block ID this confirmation applies to, for disambiguating parallel tool calls. */
+  toolUseId?: string;
 }
 /**

package/src/daemon/ipc-contract/sessions.ts CHANGED Viewed

@@ -288,6 +288,14 @@ export interface HistoryResponseToolCall {
   isError?: boolean;
   /** Base64-encoded image data from tool contentBlocks (e.g. browser_screenshot). */
   imageData?: string;
+  /** Unix ms when the tool started executing. */
+  startedAt?: number;
+  /** Unix ms when the tool completed. */
+  completedAt?: number;
+  /** Confirmation decision for this tool call: "approved" | "denied" | "timed_out". */
+  confirmationDecision?: string;
+  /** Friendly label for the confirmation (e.g. "Edit File", "Run Command"). */
+  confirmationLabel?: string;
 }
 export interface HistoryResponseSurface {

package/src/daemon/ipc-contract-inventory.json CHANGED Viewed

@@ -278,6 +278,7 @@
     "recording_start",
     "recording_stop",
     "reminders_list_response",
+    "ride_shotgun_error",
     "ride_shotgun_progress",
     "ride_shotgun_result",
     "schedule_thread_created",

package/src/daemon/lifecycle.ts CHANGED Viewed

@@ -47,7 +47,6 @@ import {
 import { ensureVellumGuardianBinding } from "../runtime/guardian-vellum-migration.js";
 import { RuntimeHttpServer } from "../runtime/http-server.js";
 import { startScheduler } from "../schedule/scheduler.js";
-import { migrateKeychainToEncrypted } from "../security/keychain-to-encrypted-migration.js";
 import { getLogger, initLogger } from "../util/logger.js";
 import {
   ensureDataDir,
@@ -143,10 +142,6 @@ export async function runDaemon(): Promise<void> {
     migrateToWorkspaceLayout();
     ensureDataDir();
-    // Copy any existing macOS keychain secrets into the encrypted file store
-    // before config loads, so the new encrypted-store-first read path sees them.
-    migrateKeychainToEncrypted();
     // Load (or generate + persist) the auth signing key so tokens survive
     // daemon restarts. Must happen after ensureDataDir() creates the
     // protected directory.

package/src/daemon/ride-shotgun-handler.ts CHANGED Viewed

@@ -2,6 +2,11 @@ import { randomUUID } from "node:crypto";
 import type * as net from "node:net";
 import { autoNavigate } from "../tools/browser/auto-navigate.js";
+import {
+  type CdpSession,
+  ensureChromeWithCdp,
+  minimizeChromeWindow,
+} from "../tools/browser/chrome-cdp.js";
 import { NetworkRecorder } from "../tools/browser/network-recorder.js";
 import type { SessionRecording } from "../tools/browser/network-recording-types.js";
 import { saveRecording } from "../tools/browser/recording-store.js";
@@ -24,6 +29,9 @@ const log = getLogger("ride-shotgun-handler");
 /** Active network recorders keyed by watchId. */
 const activeRecorders = new Map<string, NetworkRecorder>();
+/** Active CDP sessions keyed by watchId — tracks browser ownership for cleanup. */
+const activeCdpSessions = new Map<string, CdpSession>();
 /** Active progress interval timers keyed by watchId, cleared on session completion. */
 const activeProgressIntervals = new Map<string, NodeJS.Timeout>();
@@ -71,20 +79,48 @@ async function completeSession(session: WatchSession): Promise<void> {
   // In learn mode, stop recording and save — skip the LLM summary (not needed)
   if (session.isLearnMode && session.recordingId) {
-    session.savedRecordingPath = await finalizeLearnRecording(
-      watchId,
-      session,
-      session.recordingId,
-    );
-    lastSummaryBySession.set(
-      sessionId,
-      session.savedRecordingPath
+    const hasRecorder = activeRecorders.has(watchId);
+    if (hasRecorder) {
+      session.savedRecordingPath = await finalizeLearnRecording(
+        watchId,
+        session,
+        session.recordingId,
+      );
+    }
+    // Clean up the CDP session — minimize if we launched Chrome, leave it alone otherwise
+    const cdpSession = activeCdpSessions.get(watchId);
+    if (cdpSession) {
+      activeCdpSessions.delete(watchId);
+      if (cdpSession.launchedByUs) {
+        try {
+          await minimizeChromeWindow(cdpSession.baseUrl);
+          log.info({ watchId }, "Minimized assistant-launched Chrome window");
+        } catch (err) {
+          log.debug({ err, watchId }, "Failed to minimize Chrome window");
+        }
+      }
+    }
+    // Use bootstrapFailureReason as the primary discriminator — hasRecorder
+    // alone can't distinguish "browser never launched" from "recorder failed
+    // after retries" since both leave activeRecorders empty.
+    const summary = session.bootstrapFailureReason
+      ? `Learn session failed — ${session.bootstrapFailureReason}`
+      : session.savedRecordingPath
         ? "Learn session completed — recording saved."
-        : "Learn session completed — recording failed to save.",
-    );
+        : "Learn session completed — recording failed to save.";
+    lastSummaryBySession.set(sessionId, summary);
     session.status = "completed";
     log.info(
-      { watchId, sessionId },
+      {
+        watchId,
+        sessionId,
+        hasRecorder,
+        bootstrapFailureReason: session.bootstrapFailureReason,
+      },
       "Learn session complete — firing completion notifier",
     );
     fireWatchCompletionNotifier(sessionId, session);
@@ -142,10 +178,67 @@ export async function handleRideShotgunStart(
     "Session created and stored in watchSessions map",
   );
-  // In learn mode, connect directly to Chrome's CDP endpoint for network recording.
-  // Retry a few times since Chrome may still be starting up after the Swift client restarts it.
+  // In learn mode, ensure Chrome is available with CDP, then connect for network recording.
   if (isLearnMode) {
     const startRecording = async () => {
+      // Ensure Chrome is running with CDP — launches it if needed
+      let cdpSession: CdpSession;
+      try {
+        cdpSession = await ensureChromeWithCdp({
+          startUrl: targetDomain ? `https://${targetDomain}` : undefined,
+        });
+        // If session completed while we were awaiting Chrome, skip storing to avoid a stale map entry
+        if (session.status !== "active") {
+          log.info(
+            { watchId, status: session.status },
+            "Session no longer active after CDP launch — skipping recording",
+          );
+          // If we launched Chrome, minimize it since completeSession already ran and won't find it
+          if (cdpSession.launchedByUs) {
+            try {
+              await minimizeChromeWindow(cdpSession.baseUrl);
+              log.info(
+                { watchId },
+                "Minimized assistant-launched Chrome window (post-session)",
+              );
+            } catch (err) {
+              log.debug(
+                { err, watchId },
+                "Failed to minimize Chrome window (post-session)",
+              );
+            }
+          }
+          return;
+        }
+        activeCdpSessions.set(watchId, cdpSession);
+        log.info(
+          {
+            watchId,
+            launchedByUs: cdpSession.launchedByUs,
+            baseUrl: cdpSession.baseUrl,
+          },
+          "CDP session established",
+        );
+      } catch (err) {
+        log.warn(
+          { err, watchId },
+          "Failed to ensure Chrome with CDP — cannot start recording",
+        );
+        ctx.send(socket, {
+          type: "ride_shotgun_error",
+          watchId,
+          sessionId,
+          message:
+            "Failed to start browser — Chrome CDP could not be launched.",
+        });
+        // Fail-fast: complete the session immediately instead of waiting for timeout
+        session.bootstrapFailureReason = "browser could not be started.";
+        await completeSession(session);
+        return;
+      }
+      const cdpBaseUrl = cdpSession.baseUrl;
       for (let attempt = 0; attempt < 10; attempt++) {
         // Check if session is still active before each attempt
         if (session.status !== "active") {
@@ -156,7 +249,7 @@ export async function handleRideShotgunStart(
           return;
         }
         try {
-          const recorder = new NetworkRecorder(targetDomain);
+          const recorder = new NetworkRecorder(targetDomain, cdpBaseUrl);
           recorder.loginSignals = getLoginSignals(targetDomain);
           await recorder.startDirect();
           // If session completed while we were connecting, stop immediately to avoid leak
@@ -248,7 +341,7 @@ export async function handleRideShotgunStart(
                 clearInterval(checkInterval);
               }
             }, 1000);
-            navigateXPages(abortSignal)
+            navigateXPages({ abortSignal, cdpBaseUrl })
               .then((completed) => {
                 clearInterval(checkInterval);
                 log.info(
@@ -275,16 +368,20 @@ export async function handleRideShotgunStart(
                 clearInterval(checkInterval);
               }
             }, 1000);
-            autoNavigate(navDomain, abortSignal, (progress) => {
-              // Send progress to connected client
-              if (progress.type === "visiting" && progress.url) {
-                const shortUrl = progress.url.replace(/^https?:\/\//, "");
-                ctx.send(socket, {
-                  type: "ride_shotgun_progress",
-                  watchId,
-                  message: `[${progress.pageNumber || "?"}] ${shortUrl}`,
-                });
-              }
+            autoNavigate(navDomain, {
+              abortSignal,
+              onProgress: (progress) => {
+                // Send progress to connected client
+                if (progress.type === "visiting" && progress.url) {
+                  const shortUrl = progress.url.replace(/^https?:\/\//, "");
+                  ctx.send(socket, {
+                    type: "ride_shotgun_progress",
+                    watchId,
+                    message: `[${progress.pageNumber || "?"}] ${shortUrl}`,
+                  });
+                }
+              },
+              cdpBaseUrl,
             })
               .then((visited) => {
                 clearInterval(checkInterval);
@@ -326,6 +423,15 @@ export async function handleRideShotgunStart(
               { err, watchId },
               "Failed to start network recording after 10 attempts",
             );
+            ctx.send(socket, {
+              type: "ride_shotgun_error",
+              watchId,
+              sessionId,
+              message: "Failed to start network recording after 10 attempts.",
+            });
+            session.bootstrapFailureReason =
+              "network recording could not be started after 10 attempts.";
+            await completeSession(session);
           }
         }
       }
@@ -336,6 +442,14 @@ export async function handleRideShotgunStart(
   // Set timeout for duration expiry
   session.timeoutHandle = setTimeout(() => {
+    if (
+      session.isLearnMode &&
+      !activeRecorders.has(watchId) &&
+      !session.bootstrapFailureReason
+    ) {
+      session.bootstrapFailureReason =
+        "session timed out before recording could start.";
+    }
     completeSession(session);
   }, durationSeconds * 1000);

package/src/daemon/session-agent-loop-handlers.ts CHANGED Viewed

@@ -67,6 +67,22 @@ export interface EventHandlerState {
   firstThinkingDeltaEmitted: boolean;
   /** Name of the last completed tool, used to generate contextual statusText. */
   lastCompletedToolName: string | undefined;
+  /** Tracks tool_use_id → timing data for persisting on content blocks. */
+  readonly toolCallTimestamps: Map<
+    string,
+    { startedAt: number; completedAt?: number }
+  >;
+  /** The tool_use_id of the currently executing tool (set in handleToolUse, cleared in handleToolResult). */
+  currentToolUseId: string | undefined;
+  /** Maps confirmation requestId → tool_use_id for linking decisions to tools. */
+  readonly requestIdToToolUseId: Map<string, string>;
+  /** Stores confirmation outcomes keyed by tool_use_id. */
+  readonly toolConfirmationOutcomes: Map<
+    string,
+    { decision: string; label: string }
+  >;
+  /** tool_use_ids emitted in the current turn (populated in handleToolUse, cleared after annotation). */
+  currentTurnToolUseIds: string[];
 }
 /** Immutable context shared across event handlers within a single agent loop run. */
@@ -108,6 +124,11 @@ export function createEventHandlerState(): EventHandlerState {
     firstTextDeltaEmitted: false,
     firstThinkingDeltaEmitted: false,
     lastCompletedToolName: undefined,
+    toolCallTimestamps: new Map(),
+    currentToolUseId: undefined,
+    requestIdToToolUseId: new Map(),
+    toolConfirmationOutcomes: new Map(),
+    currentTurnToolUseIds: [],
   };
 }
@@ -253,6 +274,9 @@ export function handleToolUse(
 ): void {
   state.toolUseIdToName.set(event.id, event.name);
   state.currentTurnToolNames.push(event.name);
+  state.toolCallTimestamps.set(event.id, { startedAt: Date.now() });
+  state.currentToolUseId = event.id;
+  state.currentTurnToolUseIds.push(event.id);
   const statusText = `Running ${friendlyToolName(event.name)}`;
   deps.ctx.emitActivityState(
     "tool_running",
@@ -266,6 +290,7 @@ export function handleToolUse(
     toolName: event.name,
     input: event.input,
     sessionId: deps.ctx.conversationId,
+    toolUseId: event.id,
   });
 }
@@ -392,6 +417,11 @@ export function handleToolResult(
     contentBlocks: event.contentBlocks,
   });
+  // Record tool completion timestamp
+  const ts = state.toolCallTimestamps.get(event.toolUseId);
+  if (ts) ts.completedAt = Date.now();
+  state.currentToolUseId = undefined;
   const toolName = state.toolUseIdToName.get(event.toolUseId);
   if (toolName === "file_write" || toolName === "bash") {
     deps.ctx.markWorkspaceTopLevelDirty();
@@ -433,6 +463,68 @@ export function handleToolResult(
     deps.reqId,
     statusText,
   );
+  // Once all tools for this turn have completed, annotate the persisted
+  // assistant message with timing and confirmation metadata.
+  const allToolsDone = state.currentTurnToolUseIds.every((id) => {
+    const ts = state.toolCallTimestamps.get(id);
+    return ts && ts.completedAt != null;
+  });
+  if (allToolsDone && state.currentTurnToolUseIds.length > 0) {
+    annotatePersistedAssistantMessage(state);
+  }
+}
+/**
+ * After all tools for the current turn complete, fetch the persisted assistant
+ * message, annotate its tool_use blocks with timing and confirmation metadata,
+ * and update the DB. This runs post-tool-execution so the metadata maps are
+ * fully populated (unlike message_complete which fires before tools run).
+ */
+function annotatePersistedAssistantMessage(state: EventHandlerState): void {
+  const messageId = state.lastAssistantMessageId;
+  if (!messageId) return;
+  const row = conversationStore.getMessageById(messageId);
+  if (!row) return;
+  let content: ContentBlock[];
+  try {
+    content = JSON.parse(row.content) as ContentBlock[];
+  } catch {
+    return;
+  }
+  let modified = false;
+  for (const block of content) {
+    if (block.type === "tool_use") {
+      const rec = block as unknown as Record<string, unknown>;
+      const id = rec.id as string | undefined;
+      if (!id) continue;
+      const ts = state.toolCallTimestamps.get(id);
+      if (ts) {
+        rec._startedAt = ts.startedAt;
+        if (ts.completedAt != null) {
+          rec._completedAt = ts.completedAt;
+        }
+        modified = true;
+      }
+      const confirmation = state.toolConfirmationOutcomes.get(id);
+      if (confirmation) {
+        rec._confirmationDecision = confirmation.decision;
+        rec._confirmationLabel = confirmation.label;
+        modified = true;
+      }
+    }
+  }
+  if (modified) {
+    conversationStore.updateMessageContent(messageId, JSON.stringify(content));
+  }
+  // Clear for the next turn
+  state.currentTurnToolUseIds = [];
 }
 export function handleError(
@@ -465,6 +557,9 @@ export async function handleMessageComplete(
   deps: EventHandlerDeps,
   event: Extract<AgentEvent, { type: "message_complete" }>,
 ): Promise<void> {
+  // Reset per-turn tool tracking for the new turn.
+  state.currentTurnToolUseIds = [];
   // Flush any remaining directive display buffer
   if (state.pendingDirectiveDisplayBuffer.length > 0) {
     deps.onEvent({
@@ -533,6 +628,11 @@ export async function handleMessageComplete(
     );
   }
+  // NOTE: Tool timing/confirmation annotations are NOT applied here because
+  // message_complete fires BEFORE tool_use/tool_result events. The annotations
+  // are applied in handleToolResult after all tools for the turn complete,
+  // then the persisted message is updated via updateMessageContent.
   // Build content with UI surfaces
   const contentWithSurfaces: ContentBlock[] = [...cleanedBlocks];
   for (const surface of deps.ctx.currentTurnSurfaces) {

package/src/daemon/session-agent-loop.ts CHANGED Viewed

@@ -118,6 +118,27 @@ import type { TraceEmitter } from "./trace-emitter.js";
 const log = getLogger("session-agent-loop");
+/** Title-cased friendly labels for tool names, used in confirmation chips. */
+const TOOL_FRIENDLY_LABEL: Record<string, string> = {
+  bash: "Run Command",
+  web_search: "Web Search",
+  web_fetch: "Web Fetch",
+  file_read: "Read File",
+  file_write: "Write File",
+  file_edit: "Edit File",
+  browser_navigate: "Browser",
+  browser_click: "Browser",
+  browser_type: "Browser",
+  browser_screenshot: "Browser",
+  browser_scroll: "Browser",
+  browser_wait: "Browser",
+  app_create: "Create App",
+  app_update: "Update App",
+  skill_load: "Load Skill",
+  app_file_edit: "Edit App File",
+  app_file_write: "Write App File",
+};
 type GitServiceInitializer = {
   ensureInitialized(): Promise<void>;
 };
@@ -222,6 +243,18 @@ export interface AgentLoopSessionContext {
       : never,
   ): void;
+  /**
+   * Optional callback invoked by the Session when a confirmation state changes.
+   * The agent loop registers this to track requestId → toolUseId mappings
+   * and record confirmation outcomes for persistence.
+   */
+  onConfirmationOutcome?: (
+    requestId: string,
+    state: string,
+    toolName?: string,
+    toolUseId?: string,
+  ) => void;
   getWorkspaceGitService?: (workspaceDir: string) => GitServiceInitializer;
   commitTurnChanges?: typeof commitTurnChanges;
@@ -432,6 +465,44 @@ export async function runAgentLoopImpl(
     }
     const state = createEventHandlerState();
+    // Register confirmation outcome tracker so the agent loop can link
+    // confirmation decisions to tool_use_ids for persistence.
+    ctx.onConfirmationOutcome = (
+      requestId,
+      confirmationState,
+      toolName,
+      toolUseId,
+    ) => {
+      if (confirmationState === "pending") {
+        // Use the toolUseId passed from the prompter (which knows which tool
+        // requested confirmation) instead of the ambient state.currentToolUseId,
+        // which is unreliable when multiple tools execute in parallel.
+        const resolvedToolUseId = toolUseId ?? state.currentToolUseId;
+        if (resolvedToolUseId) {
+          state.requestIdToToolUseId.set(requestId, resolvedToolUseId);
+        }
+      } else if (
+        confirmationState === "approved" ||
+        confirmationState === "denied" ||
+        confirmationState === "timed_out"
+      ) {
+        const resolvedId =
+          state.requestIdToToolUseId.get(requestId) ?? toolUseId;
+        if (resolvedId) {
+          const name = state.toolUseIdToName.get(resolvedId) ?? toolName ?? "";
+          // Build a friendly label from the tool name
+          const label =
+            TOOL_FRIENDLY_LABEL[name] ??
+            name.replace(/_/g, " ").replace(/\b\w/g, (c) => c.toUpperCase());
+          state.toolConfirmationOutcomes.set(resolvedId, {
+            decision: confirmationState,
+            label,
+          });
+        }
+      }
+    };
     let runMessages = ctx.messages;
     const memoryResult = await prepareMemoryContext(
@@ -1347,6 +1418,7 @@ export async function runAgentLoopImpl(
     ctx.abortController = null;
     ctx.processing = false;
+    ctx.onConfirmationOutcome = undefined;
     ctx.surfaceActionRequestIds.delete(ctx.currentRequestId ?? "");
     ctx.currentRequestId = undefined;
     ctx.currentActiveSurfaceId = undefined;