@vellumai/assistant 0.4.41 → 0.4.43

package/src/memory/search/types.ts

@@ -33,9 +33,23 @@ export interface MemoryRecallCandiateDebug {
   recency: number;
 }
 
+export type DegradationReason =
+  | "embedding_provider_down"
+  | "qdrant_unavailable"
+  | "embedding_generation_failed";
+
+export type FallbackSource = "lexical" | "recency" | "direct_item" | "entity";
+
+export interface DegradationStatus {
+  semanticUnavailable: boolean;
+  reason: DegradationReason;
+  fallbackSources: FallbackSource[];
+}
+
 export interface MemoryRecallResult {
   enabled: boolean;
   degraded: boolean;
+  degradation?: DegradationStatus;
   reason?: string;
   provider?: string;
   model?: string;
@@ -96,6 +110,10 @@ export interface CollectedCandidates {
   earlyTerminated: boolean;
   /** True when semantic search was attempted but threw an error. */
   semanticSearchFailed: boolean;
+  /** True when semantic search was known to be unavailable before retrieval (no vector or breaker open). */
+  semanticUnavailable: boolean;
+  /** The error that caused semantic search to fail, if any. */
+  semanticSearchError?: unknown;
   merged: Candidate[];
 }
 
@@ -122,23 +140,6 @@ export interface ItemMetadata {
   verificationState: string;
 }
 
-export interface MemorySearchResult {
-  id: string;
-  type: CandidateType;
-  kind: string;
-  text: string;
-  confidence: number;
-  importance: number;
-  createdAt: number;
-  finalScore: number;
-  /** Per-source scores for provenance/debugging */
-  scores: {
-    lexical: number;
-    semantic: number;
-    recency: number;
-  };
-}
-
 import type { EntityRelationType, EntityType } from "../entity-extractor.js";
 
 export interface TraversalOptions {

package/src/messaging/providers/telegram-bot/adapter.ts

@@ -128,7 +128,7 @@ export const telegramBotMessagingProvider: MessagingProvider = {
     // conversation key mapping and binding exist for the next inbound.
     try {
       const sourceChannel = "telegram";
-      const conversationKey = `${sourceChannel}:${conversationId}`;
+      const conversationKey = `asst:self:${sourceChannel}:${conversationId}`;
       const { conversationId: internalId } =
         getOrCreateConversation(conversationKey);
       externalConversationStore.upsertOutboundBinding({

package/src/messaging/providers/whatsapp/adapter.ts

@@ -107,10 +107,7 @@ export const whatsappMessagingProvider: MessagingProvider = {
     // exists for the next inbound WhatsApp message from this number.
     try {
       const sourceChannel = "whatsapp";
-      const conversationKey =
-        assistantId && assistantId !== "self"
-          ? `asst:${assistantId}:${sourceChannel}:${conversationId}`
-          : `${sourceChannel}:${conversationId}`;
+      const conversationKey = `asst:${assistantId ?? "self"}:${sourceChannel}:${conversationId}`;
       const { conversationId: internalId } =
         getOrCreateConversation(conversationKey);
       if (!assistantId || assistantId === "self") {

package/src/messaging/registry.ts

@@ -14,7 +14,6 @@ import type { MessagingProvider } from "./provider.js";
 const PLATFORM_FLAG_KEYS: Record<string, string> = {
   gmail: "feature_flags.messaging.gmail.enabled",
   telegram: "feature_flags.messaging.telegram.enabled",
-  sms: "feature_flags.sms.enabled",
 };
 
 const providers = new Map<string, MessagingProvider>();

package/src/notifications/README.md

@@ -86,11 +86,11 @@ Each policy defines:
 
 ### Conversation Strategy Types
 
-| Strategy                         | Behavior                                                                                                                                                                                                                                     | Used by                                         |
-| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
-| `start_new_conversation`         | Creates a fresh conversation per delivery. The thread is surfaced via IPC.                                                                                                                                                                   | `vellum`                                        |
-| `continue_existing_conversation` | Looks up a previously bound conversation by binding key (sourceChannel + externalChatId) and appends to it. When no bound conversation exists (first delivery to a destination), creates a new one and upserts the binding for future reuse. | `telegram`, `sms`, `whatsapp`, `slack`, `email` |
-| `not_deliverable`                | Channel cannot receive notifications. Pairing returns null IDs.                                                                                                                                                                              | `voice`                                         |
+| Strategy                         | Behavior                                                                                                                                                                                                                                     | Used by                                  |
+| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- |
+| `start_new_conversation`         | Creates a fresh conversation per delivery. The thread is surfaced via SSE.                                                                                                                                                                   | `vellum`                                 |
+| `continue_existing_conversation` | Looks up a previously bound conversation by binding key (sourceChannel + externalChatId) and appends to it. When no bound conversation exists (first delivery to a destination), creates a new one and upserts the binding for future reuse. | `telegram`, `whatsapp`, `slack`, `email` |
+| `not_deliverable`                | Channel cannot receive notifications. Pairing returns null IDs.                                                                                                                                                                              | `phone`                                  |
 
 ### Helper Functions
 
@@ -264,7 +264,7 @@ The `enforceRoutingIntent()` function in `decision-engine.ts` runs after the LLM
 - **`multi_channel`**: If the LLM selected fewer than 2 channels but 2+ are connected, expands `selectedChannels` to at least two connected channels.
 - **`single_channel`**: No override -- the LLM's selection stands.
 
-When enforcement changes the decision, the updated channel selection is re-persisted to the `notification_decisions` table so the stored decision matches what was actually dispatched. The `reasoningSummary` is annotated with the enforcement action (e.g. `[routing_intent=all_channels enforced: vellum, telegram, sms]`).
+When enforcement changes the decision, the updated channel selection is re-persisted to the `notification_decisions` table so the stored decision matches what was actually dispatched. The `reasoningSummary` is annotated with the enforcement action (e.g. `[routing_intent=all_channels enforced: vellum, telegram]`).
 
 ### Single-Reminder Fanout
 
@@ -300,19 +300,12 @@ The macOS/iOS client posts a native `UNUserNotificationCenter` notification from
 
 HTTP POST to the gateway's `/deliver/telegram` endpoint. The `TelegramAdapter` sends channel-native text (`deliveryText` when present) to the guardian's chat ID (resolved from the active guardian binding), with deterministic fallbacks when model copy is unavailable.
 
-### SMS (when guardian binding exists)
-
-HTTP POST to the gateway's `/deliver/sms` endpoint. The `SmsAdapter` follows the same pattern as the Telegram adapter: it resolves a phone number from the active guardian binding and sends text via the gateway, which forwards to the Twilio Messages API. The adapter resolves message text via a priority chain: `deliveryText` > `body` > `title` > humanized event name. The `assistantId` is threaded through the `ChannelDeliveryPayload` so the gateway can resolve the correct outbound phone number for multi-assistant deployments.
-
-SMS delivery is text-only (no MMS). Graceful degradation: when the gateway is unreachable or SMS is not configured, the adapter returns a failed `DeliveryResult` without throwing, so the broadcaster continues delivering to other channels.
-
 ### Channel Connectivity
 
 Connected channels are resolved at signal emission time by `getConnectedChannels()` in `emit-signal.ts`:
 
 - **Vellum** is always considered connected (IPC socket is always available when the daemon is running)
 - **Telegram** is considered connected only when an active guardian binding exists for the assistant (checked via `getActiveBinding()`)
-- **SMS** is considered connected only when an active guardian binding exists for the assistant (same check as Telegram)
 
 ## Conversation Materialization
 
@@ -383,7 +376,7 @@ Each `guardian_action_request` is assigned a unique 6-character hex code (e.g. `
 
 ### Disambiguation Flow
 
-The disambiguation logic is identical on all channels — mac/vellum (`session-process.ts`), Telegram, and SMS (`inbound-message-handler.ts`):
+The disambiguation logic is identical on all channels — mac/vellum (`session-process.ts`) and Telegram (`inbound-message-handler.ts`):
 
 1. **Single pending delivery in the thread**: The guardian's reply is matched to the sole pending request automatically. No request code prefix is needed. This is the **single-match fast path**.
 
@@ -397,7 +390,6 @@ The disambiguation invariant is enforced identically across:
 
 - **Mac/Vellum** (`session-process.ts`): Intercepts user messages in conversations with pending guardian action deliveries before the agent loop runs.
 - **Telegram** (`inbound-message-handler.ts`): Intercepts inbound messages matched to conversations with pending guardian action deliveries.
-- **SMS** (`inbound-message-handler.ts`): Same codepath as Telegram.
 
 All three paths use the same pattern: look up pending deliveries by conversation, apply single-match fast path or request-code prefix matching, and send disambiguation messages via the guardian action message composer when ambiguous.
 
@@ -424,13 +416,12 @@ All disambiguation messages are generated through `composeGuardianActionMessageG
 | `decision-engine.ts`      | LLM-based routing with forced tool_choice; deterministic fallback                              |
 | `deterministic-checks.ts` | Pre-send gate checks (dedupe, source-active, channel availability)                             |
 | `runtime-dispatch.ts`     | Dispatch gating (no-op decisions, empty channels)                                              |
-| `broadcaster.ts`          | Fan-out to channel adapters with delivery audit trail; emits `notification_thread_created` IPC |
-| `copy-composer.ts`        | Template-based fallback notification copy when LLM copy is unavailable                         |
-| `thread-seed-composer.ts` | Surface-aware thread seed generation (richer than notification copy)                           |
-| `destination-resolver.ts` | Resolves per-channel endpoints (vellum IPC, Telegram chat ID)                                  |
-| `adapters/macos.ts`       | Vellum adapter -- broadcasts `notification_intent` via IPC with deep-link metadata             |
+| `broadcaster.ts`          | Fan-out to channel adapters with delivery audit trail; emits `notification_thread_created` SSE event |
+| `copy-composer.ts`        | Template-based fallback notification copy when LLM copy is unavailable                              |
+| `thread-seed-composer.ts` | Surface-aware thread seed generation (richer than notification copy)                                |
+| `destination-resolver.ts` | Resolves per-channel endpoints (vellum SSE, Telegram chat ID)                                       |
+| `adapters/macos.ts`       | Vellum adapter -- broadcasts `notification_intent` via SSE with deep-link metadata                  |
 | `adapters/telegram.ts`    | Telegram adapter -- POSTs to gateway `/deliver/telegram`                                       |
-| `adapters/sms.ts`         | SMS adapter -- POSTs to gateway `/deliver/sms` via Twilio Messages API                         |
 | `preference-extractor.ts` | Detects notification preferences in conversation messages                                      |
 | `preference-summary.ts`   | Builds preference context string for the decision engine prompt                                |
 | `preferences-store.ts`    | CRUD for `notification_preferences` table                                                      |
@@ -461,7 +452,7 @@ await emitNotificationSignal({
   },
   // Optional: control multi-channel fanout behavior
   routingIntent: "multi_channel", // 'single_channel' | 'multi_channel' | 'all_channels'
-  routingHints: { preferredChannels: ["telegram", "sms"] },
+  routingHints: { preferredChannels: ["telegram"] },
 });
 ```
 

package/src/notifications/adapters/macos.ts

@@ -13,7 +13,7 @@
  * does not match their own identity.
  */
 
-import type { ServerMessage } from "../../daemon/ipc-contract.js";
+import type { ServerMessage } from "../../daemon/message-protocol.js";
 import { getLogger } from "../../util/logger.js";
 import type {
   ChannelAdapter,

package/src/notifications/conversation-pairing.ts

@@ -21,7 +21,7 @@ import {
   addMessage,
   createConversation,
   getConversation,
-} from "../memory/conversation-store.js";
+} from "../memory/conversation-crud.js";
 import {
   getBindingByChannelChat,
   upsertOutboundBinding,
@@ -42,7 +42,7 @@ const log = getLogger("notification-conversation-pairing");
  * Prefix applied to sourceChannel values in notification bindings so they
  * occupy a separate namespace from messaging adapter bindings in the
  * external_conversation_bindings table.  Without this, notification pairing
- * and messaging adapters (Telegram, SMS, etc.) would destructively overwrite
+ * and messaging adapters (Telegram, Slack, etc.) would destructively overwrite
  * each other's bindings since both use (sourceChannel, externalChatId) as key.
  */
 const NOTIFICATION_CHANNEL_PREFIX = "notification:";

package/src/notifications/copy-composer.ts

@@ -82,7 +82,7 @@ export function buildAccessRequestIdentityLine(
       : undefined,
   );
 
-  if (sourceChannel === "voice" && callerName) {
+  if (sourceChannel === "phone" && callerName) {
     const safeName = sanitizeIdentityField(callerName);
     const safeId = sanitizeIdentityField(
       str(payload.actorExternalId, requester),
@@ -391,7 +391,7 @@ function applyChannelDefaults(
 ): RenderedChannelCopy {
   const copy: RenderedChannelCopy = { ...baseCopy };
 
-  if (channel === "telegram" || channel === "sms") {
+  if (channel === "telegram") {
     copy.deliveryText = buildChatSurfaceFallbackDeliveryText(baseCopy, signal);
   }
 

package/src/notifications/decision-engine.ts

@@ -95,7 +95,7 @@ function buildSystemPrompt(
     `- \`title\` and \`body\` are for native notification popups (e.g. vellum desktop/mobile) — keep them short and glanceable (title ≤ 8 words, body ≤ 2 sentences).`,
     `- \`deliveryText\` is the channel-native message for chat channels (e.g. telegram). It must read naturally as a standalone message.`,
     `  - Do not prepend mechanical labels like "Thread:".`,
-    `  - Do not mention channel or transport names (e.g. Telegram, SMS, email) unless the event context explicitly requires it.`,
+    `  - Do not mention channel or transport names (e.g. Telegram, Slack, email) unless the event context explicitly requires it.`,
     `  - Do not repeat title/body verbatim unless that repetition is truly necessary.`,
     `  - Avoid meta-send phrasing (e.g. "I'd like to send a notification", "May I go ahead with that?"). Write the recipient-facing message directly.`,
     `  - For telegram: 1-2 concise sentences.`,
@@ -546,15 +546,6 @@ function enforceGuardianRequestCode(
   const modeResolution = resolveGuardianQuestionInstructionMode(
     signal.contextPayload,
   );
-  if (modeResolution.legacyFallbackUsed) {
-    log.warn(
-      {
-        signalId: signal.signalId,
-        requestKind: modeResolution.requestKind,
-      },
-      "guardian.question payload missing/invalid typed fields; using legacy instruction-mode fallback",
-    );
-  }
   const nextCopy: Partial<Record<NotificationChannel, RenderedChannelCopy>> = {
     ...decision.renderedCopy,
   };

package/src/notifications/destination-resolver.ts

@@ -7,7 +7,7 @@
  *   broadcast mechanism to connected desktop/mobile clients. The
  *   guardianPrincipalId is included in metadata so downstream adapters
  *   can scope guardian-sensitive notifications to bound guardian devices.
- * - Binding-based channels (telegram, sms): require a chat/delivery ID
+ * - Binding-based channels (telegram): require a chat/delivery ID
  *   sourced from the guardian contact's channel record.
  */
 
@@ -62,8 +62,7 @@ export function resolveDestinations(
         );
         break;
       }
-      case "telegram":
-      case "sms": {
+      case "telegram": {
         const guardianResult = findGuardianForChannel(channel);
         if (guardianResult && guardianResult.channel.externalChatId) {
           const externalChatId = guardianResult.channel.externalChatId;

package/src/notifications/emit-signal.ts

@@ -16,7 +16,6 @@ import { findGuardianForChannel } from "../contacts/contact-store.js";
 import { getLogger } from "../util/logger.js";
 import { type BroadcastFn, VellumAdapter } from "./adapters/macos.js";
 import { SlackAdapter } from "./adapters/slack.js";
-import { SmsAdapter } from "./adapters/sms.js";
 import { TelegramAdapter } from "./adapters/telegram.js";
 import {
   NotificationBroadcaster,
@@ -62,11 +61,7 @@ export function registerBroadcastFn(fn: BroadcastFn): void {
 
 function getBroadcaster(): NotificationBroadcaster {
   if (!broadcasterInstance) {
-    const adapters = [
-      new TelegramAdapter(),
-      new SmsAdapter(),
-      new SlackAdapter(),
-    ];
+    const adapters = [new TelegramAdapter(), new SlackAdapter()];
     if (registeredBroadcastFn) {
       adapters.unshift(new VellumAdapter(registeredBroadcastFn));
     }
@@ -113,8 +108,7 @@ function getConnectedChannels(): NotificationChannel[] {
         // available when the daemon is running).
         channels.push(channel);
         break;
-      case "telegram":
-      case "sms": {
+      case "telegram": {
         // A binding-based channel is connected when the guardian has an
         // active channel entry with a valid delivery endpoint. The
         // externalChatId check ensures we don't report a channel as

package/src/notifications/guardian-question-mode.ts

@@ -143,7 +143,6 @@ export type GuardianQuestionPayload =
 export interface GuardianQuestionModeResolution {
   mode: GuardianQuestionInstructionMode;
   requestKind: GuardianQuestionRequestKind | null;
-  legacyFallbackUsed: boolean;
 }
 
 function nonEmptyString(value: unknown): string | null {
@@ -427,8 +426,10 @@ export function stripConflictingGuardianRequestInstructions(
 /**
  * Resolve guardian reply instruction mode from request kind.
  *
- * Backward compatibility: if requestKind is missing/unknown, fall back to
- * toolName presence so previously persisted payloads keep working.
+ * Requires a valid requestKind in the payload. When the payload cannot be
+ * fully parsed as a typed guardian question, falls back to field-level
+ * requestKind resolution. If requestKind is missing or unknown, defaults
+ * to "approval" mode.
  */
 export function resolveGuardianQuestionInstructionMode(
   payload: Record<string, unknown>,
@@ -444,7 +445,6 @@ export function resolveGuardianQuestionInstructionMode(
         parsedToolName,
       ),
       requestKind: parsed.requestKind,
-      legacyFallbackUsed: false,
     };
   }
 
@@ -456,14 +456,11 @@ export function resolveGuardianQuestionInstructionMode(
     return {
       mode: requestKindResolution.mode,
       requestKind: requestKindResolution.requestKind,
-      legacyFallbackUsed: true,
     };
   }
 
-  const toolName = nonEmptyString(payload.toolName);
   return {
-    mode: toolName ? "approval" : "answer",
+    mode: "approval",
     requestKind: null,
-    legacyFallbackUsed: true,
   };
 }

package/src/notifications/signal.ts

@@ -11,9 +11,8 @@ import type { GuardianQuestionPayload } from "./guardian-question-mode.js";
 export const NOTIFICATION_SOURCE_CHANNELS = [
   { id: "assistant_tool", description: "Assistant skill/tool invocation" },
   { id: "vellum", description: "Vellum native client (macOS/iOS)" },
-  { id: "voice", description: "Voice call pipeline" },
+  { id: "phone", description: "Phone call pipeline" },
   { id: "telegram", description: "Telegram channel" },
-  { id: "sms", description: "SMS channel" },
   { id: "slack", description: "Slack channel" },
   { id: "scheduler", description: "Scheduled task runner (reminders, cron)" },
   { id: "watcher", description: "File/event watcher subsystem" },

package/src/notifications/types.ts

@@ -61,7 +61,7 @@ export interface ChannelDestination {
  * conversations keyed by (sourceChannel, externalChatId).
  */
 export interface DestinationBindingContext {
-  /** The channel this binding belongs to (e.g. "telegram", "sms", "slack"). */
+  /** The channel this binding belongs to (e.g. "telegram", "slack"). */
   sourceChannel: NotificationChannel;
   /** The channel-specific chat/thread identifier (e.g. Telegram chat ID, phone number). */
   externalChatId: string;

package/src/oauth/token-persistence.ts

@@ -119,7 +119,6 @@ export async function storeOAuth2Tokens(
     allowedTools: allowedTools ?? [],
     expiresAt,
     grantedScopes,
-    accountInfo: accountInfo ?? params.identityAccountInfo ?? null,
     oauth2TokenUrl: tokenUrl,
     oauth2ClientId: clientId,
     oauth2ClientSecret: clientSecret ?? null,
@@ -131,6 +130,31 @@ export async function storeOAuth2Tokens(
       : {}),
   });
 
+  // Write accountInfo to config using a namespaced key (dynamic import to
+  // avoid circular dependencies — the config loader may transitively depend
+  // on credential modules).
+  const resolvedAccountInfo = accountInfo ?? params.identityAccountInfo;
+  if (resolvedAccountInfo) {
+    try {
+      const {
+        invalidateConfigCache,
+        loadRawConfig,
+        saveRawConfig,
+        setNestedValue,
+      } = await import("../config/loader.js");
+      const raw = loadRawConfig();
+      setNestedValue(
+        raw,
+        `integrations.accountInfo.${service}`,
+        resolvedAccountInfo,
+      );
+      saveRawConfig(raw);
+      invalidateConfigCache();
+    } catch {
+      // Non-fatal — tokens stored even if config write fails
+    }
+  }
+
   if (tokens.refreshToken) {
     const refreshStored = await setSecureKeyAsync(
       `credential:${service}:refresh_token`,

package/src/permissions/checker.ts

@@ -363,13 +363,9 @@ async function buildCommandCandidates(
       targets.push("");
     } else {
       const resolved = resolveSkillIdAndHash(rawSelector);
-      if (resolved) {
+      if (resolved && resolved.versionHash) {
         // Version-specific candidate lets rules pin to an exact skill version
-        if (resolved.versionHash) {
-          targets.push(`${resolved.id}@${resolved.versionHash}`);
-        }
-        // Bare skill id candidate for backward compat / any-version rules
-        targets.push(resolved.id);
+        targets.push(`${resolved.id}@${resolved.versionHash}`);
       }
       targets.push(rawSelector);
     }
@@ -812,26 +808,6 @@ export async function check(
     }
   }
 
-  // Any unrecognized mode (including raw "legacy" that somehow bypassed loader
-  // migration) is treated as workspace mode — fail-closed relative to the old
-  // risk-only fallthrough that would auto-allow low-risk operations everywhere.
-  if (
-    permissionsMode !== "strict" &&
-    permissionsMode !== "workspace" &&
-    !matchedRule &&
-    risk !== RiskLevel.High
-  ) {
-    if (toolName === "bash" && !getConfig().sandbox.enabled) {
-      // Fall through to risk-based policy below
-    } else if (isWorkspaceScopedInvocation(toolName, input, workingDir)) {
-      return {
-        decision: "allow",
-        reason:
-          "Workspace mode (normalized): workspace-scoped operation auto-allowed",
-      };
-    }
-  }
-
   // Auto-allow low-risk bundled skill tools even without explicit trust rules.
   // These are first-party tools with a vetted risk declaration — applying the
   // same policy as the per-tool default allow rules for browser tools, but
@@ -1025,12 +1001,11 @@ function skillLoadAllowlistStrategy(
         },
       ];
     }
-    const id = resolved ? resolved.id : rawSelector;
     return [
       {
-        label: id,
+        label: rawSelector,
         description: "This skill",
-        pattern: `skill_load:${id}`,
+        pattern: `skill_load:${rawSelector}`,
       },
     ];
   }

package/src/permissions/defaults.ts

@@ -278,11 +278,11 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
     priority: 100,
   };
 
-  // memory_search is a read-only tool — always allow without prompting.
-  const memorySearchRule: DefaultRuleTemplate = {
-    id: "default:allow-memory_search-global",
-    tool: "memory_search",
-    pattern: "memory_search:*",
+  // memory_recall is a read-only tool — always allow without prompting.
+  const memoryRecallRule: DefaultRuleTemplate = {
+    id: "default:allow-memory_recall-global",
+    tool: "memory_recall",
+    pattern: "memory_recall:*",
     scope: "everywhere",
     decision: "allow",
     priority: 100,
@@ -303,6 +303,6 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
     ...browserToolRules,
     ...uiSurfaceRules,
     viewImageRule,
-    memorySearchRule,
+    memoryRecallRule,
   ];
 }

package/src/permissions/prompter.ts

@@ -1,7 +1,7 @@
 import { v4 as uuid } from "uuid";
 
 import { getConfig } from "../config/loader.js";
-import type { ServerMessage } from "../daemon/ipc-protocol.js";
+import type { ServerMessage } from "../daemon/message-protocol.js";
 import { redactSensitiveFields } from "../security/redaction.js";
 import type { ExecutionTarget } from "../tools/types.js";
 import { AssistantError, ErrorCode } from "../util/errors.js";

package/src/permissions/secret-prompter.ts

@@ -1,7 +1,7 @@
 import { v4 as uuid } from "uuid";
 
 import { getConfig } from "../config/loader.js";
-import type { ServerMessage } from "../daemon/ipc-protocol.js";
+import type { ServerMessage } from "../daemon/message-protocol.js";
 import { AssistantError, ErrorCode } from "../util/errors.js";
 import { getLogger } from "../util/logger.js";
 

package/src/permissions/shell-identity.ts

@@ -193,7 +193,7 @@ export function deriveShellActionKeys(
  * Build an ordered list of command candidates for trust-rule matching.
  *
  * Candidate ordering:
- *   1. Raw command (backward compatibility — existing rules match as before)
+ *   1. Raw command (most specific match — the full command as written)
  *   2. Canonical primary command (if simple action) — the full primary segment text
  *   3. Action keys from narrowest to broadest (if simple action)
  *

package/src/permissions/trust-store.ts

@@ -217,47 +217,6 @@ function backfillDefaults(rules: TrustRule[]): boolean {
   return changed;
 }
 
-/**
- * Update persisted starter-bundle rules whose pattern matches a known legacy
- * format (e.g. the old "tool:**" prefix was changed to standalone "**").
- * Returns true when at least one rule was updated.
- *
- * Only rules with a recognised legacy pattern are migrated. If a user has
- * intentionally customised a starter rule's pattern (e.g. narrowed it), it is
- * left untouched.
- */
-function migrateStarterRulePatterns(rules: TrustRule[]): boolean {
-  const templatesByID = new Map(getStarterBundleRules().map((t) => [t.id, t]));
-  let changed = false;
-  for (const rule of rules) {
-    const template = templatesByID.get(rule.id);
-    if (!template || rule.pattern === template.pattern) continue;
-    // Only migrate patterns that match a known legacy format.
-    // The "tool:**" prefix (e.g. "file_read:**") was the original pattern
-    // before it was changed to standalone "**".
-    if (!isLegacyStarterPattern(rule.pattern, rule.tool)) continue;
-    log.info(
-      {
-        ruleId: rule.id,
-        oldPattern: rule.pattern,
-        newPattern: template.pattern,
-      },
-      "Migrated starter rule pattern to current template",
-    );
-    rule.pattern = template.pattern;
-    changed = true;
-  }
-  return changed;
-}
-
-/** Recognises legacy starter-rule patterns that should be auto-migrated. */
-function isLegacyStarterPattern(pattern: string, tool: string): boolean {
-  // Legacy format used "tool:**" prefixes, e.g. "file_read:**", "glob:**".
-  // Only match the exact legacy pattern for this specific tool to avoid
-  // silently resetting user-customised patterns.
-  return pattern === `${tool}:**`;
-}
-
 function loadFromDisk(): TrustRule[] {
   const path = getTrustPath();
   let rules: TrustRule[] = [];
@@ -274,33 +233,19 @@ function loadFromDisk(): TrustRule[] {
       // Restore persisted starter bundle flag
       cachedStarterBundleAccepted = data.starterBundleAccepted === true;
 
-      if (data.version === 1) {
-        // Migration: v1 → v2. All existing rules are user-created → priority 100.
-        rules = rawRules.map((r) => ({
-          ...r,
-          priority: 100,
-        }));
-        needsSave = true;
-        log.info(
-          { ruleCount: rules.length },
-          "Migrated v1 trust rules to v2 (priority=100)",
-        );
-        // Fall through to v2 → v3 migration below
-      }
-
-      if (data.version === 2 || (data.version === 1 && needsSave)) {
-        // Migration: v2 → v3. Existing rules have no principal fields,
-        // which is correct — missing principal fields act as wildcards.
-        if (data.version === 2) {
-          rules = rawRules;
-        }
-        needsSave = true;
-        log.info(
-          { ruleCount: rules.length },
-          "Migrated v2 trust rules to v3 (principal fields)",
-        );
-      } else if (data.version === TRUST_FILE_VERSION) {
+      if (
+        data.version === TRUST_FILE_VERSION ||
+        data.version === 1 ||
+        data.version === 2
+      ) {
         rules = rawRules;
+        if (data.version !== TRUST_FILE_VERSION) {
+          needsSave = true;
+          log.info(
+            { version: data.version, targetVersion: TRUST_FILE_VERSION },
+            "Migrating legacy trust file version",
+          );
+        }
 
         // Strip legacy principal-scoped fields from persisted v3 rules.
         // Before the principal concept was removed, rules could carry
@@ -323,7 +268,7 @@ function loadFromDisk(): TrustRule[] {
             needsSave = true;
           }
         }
-      } else if (data.version !== 1) {
+      } else {
         log.warn(
           { version: data.version },
           "Unknown trust file version, applying defaults in-memory only",
@@ -347,12 +292,6 @@ function loadFromDisk(): TrustRule[] {
     needsSave = true;
   }
 
-  // Migrate persisted starter rules whose pattern has drifted from the
-  // current template (e.g. old "tool:**" → "**").
-  if (migrateStarterRulePatterns(rules)) {
-    needsSave = true;
-  }
-
   rules.sort(ruleOrder);
 
   if (needsSave) {
@@ -711,8 +650,6 @@ export interface AcceptStarterBundleResult {
  */
 export function acceptStarterBundle(): AcceptStarterBundleResult {
   // Re-read from disk to avoid lost updates.
-  // loadFromDisk() also runs migrateStarterRulePatterns() to fix any
-  // stale patterns (e.g. old "tool:**" → "**") before we get here.
   cachedRules = null;
   cachedStarterBundleAccepted = null;
   const rules = [...getRules()];