@vellumai/assistant 0.4.42 → 0.4.44
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +1 -6
- package/.prettierignore +3 -0
- package/ARCHITECTURE.md +140 -403
- package/Dockerfile +0 -1
- package/README.md +81 -92
- package/bun.lock +8 -2
- package/docs/architecture/integrations.md +81 -104
- package/docs/architecture/memory.md +1 -1
- package/docs/architecture/scheduling.md +63 -63
- package/docs/architecture/security.md +3 -3
- package/docs/runbook-trusted-contacts.md +11 -12
- package/docs/trusted-contact-access.md +39 -39
- package/package.json +5 -8
- package/src/__tests__/access-request-decision.test.ts +4 -4
- package/src/__tests__/active-skill-tools.test.ts +49 -34
- package/src/__tests__/actor-token-service.test.ts +55 -85
- package/src/__tests__/amazon-cdp-integration.test.ts +14 -26
- package/src/__tests__/app-bundler.test.ts +14 -368
- package/src/__tests__/app-compiler.test.ts +0 -1
- package/src/__tests__/app-executors.test.ts +10 -1
- package/src/__tests__/approval-hardcoded-copy-guard.test.ts +1 -1
- package/src/__tests__/approval-primitive.test.ts +2 -4
- package/src/__tests__/approval-routes-http.test.ts +1 -3
- package/src/__tests__/asset-materialize-tool.test.ts +1 -4
- package/src/__tests__/asset-search-tool.test.ts +1 -4
- package/src/__tests__/assistant-attachments.test.ts +23 -0
- package/src/__tests__/assistant-feature-flags-integration.test.ts +4 -8
- package/src/__tests__/assistant-id-boundary-guard.test.ts +5 -5
- package/src/__tests__/attachments-store.test.ts +1 -4
- package/src/__tests__/avatar-e2e.test.ts +43 -23
- package/src/__tests__/browser-fill-credential.test.ts +1 -1
- package/src/__tests__/bundled-asset.test.ts +1 -1
- package/src/__tests__/bundled-skill-retrieval-guard.test.ts +2 -9
- package/src/__tests__/call-controller.test.ts +4 -8
- package/src/__tests__/call-conversation-messages.test.ts +1 -1
- package/src/__tests__/call-domain.test.ts +250 -8
- package/src/__tests__/call-pointer-message-composer.test.ts +14 -14
- package/src/__tests__/call-pointer-messages.test.ts +7 -11
- package/src/__tests__/call-recovery.test.ts +47 -0
- package/src/__tests__/call-routes-http.test.ts +13 -0
- package/src/__tests__/call-start-guardian-guard.test.ts +1 -1
- package/src/__tests__/callback-handoff-copy.test.ts +5 -5
- package/src/__tests__/canonical-guardian-store.test.ts +3 -3
- package/src/__tests__/channel-approval-routes.test.ts +101 -134
- package/src/__tests__/channel-approval.test.ts +0 -201
- package/src/__tests__/channel-approvals.test.ts +2 -2
- package/src/__tests__/channel-delivery-store.test.ts +16 -24
- package/src/__tests__/channel-guardian.test.ts +641 -740
- package/src/__tests__/channel-invite-transport.test.ts +1 -2
- package/src/__tests__/channel-policy.test.ts +9 -12
- package/src/__tests__/channel-readiness-service.test.ts +156 -45
- package/src/__tests__/channel-reply-delivery.test.ts +3 -3
- package/src/__tests__/channel-retry-sweep.test.ts +7 -7
- package/src/__tests__/checker.test.ts +41 -35
- package/src/__tests__/chrome-cdp.test.ts +57 -17
- package/src/__tests__/cli-help-reference-sync.test.ts +26 -0
- package/src/__tests__/compaction.benchmark.test.ts +25 -5
- package/src/__tests__/computer-use-session-lifecycle.test.ts +1 -1
- package/src/__tests__/computer-use-session-working-dir.test.ts +2 -6
- package/src/__tests__/computer-use-skill-lifecycle-cleanup.test.ts +1 -1
- package/src/__tests__/config-loader-backfill.test.ts +310 -0
- package/src/__tests__/config-watcher.test.ts +1 -5
- package/src/__tests__/confirmation-request-guardian-bridge.test.ts +3 -5
- package/src/__tests__/connection-policy.test.ts +3 -62
- package/src/__tests__/contacts-tools.test.ts +0 -2
- package/src/__tests__/context-memory-e2e.test.ts +11 -7
- package/src/__tests__/context-overflow-policy.test.ts +2 -2
- package/src/__tests__/context-window-manager.test.ts +220 -61
- package/src/__tests__/conversation-attention-store.test.ts +178 -2
- package/src/__tests__/conversation-attention-telegram.test.ts +8 -11
- package/src/__tests__/conversation-pairing.test.ts +14 -14
- package/src/__tests__/conversation-routes-guardian-reply.test.ts +7 -7
- package/src/__tests__/conversation-store.test.ts +2 -2
- package/src/__tests__/conversation-unread-route.test.ts +155 -0
- package/src/__tests__/credential-metadata-store.test.ts +0 -2
- package/src/__tests__/credential-security-invariants.test.ts +10 -16
- package/src/__tests__/credentials-cli.test.ts +49 -5
- package/src/__tests__/daemon-assistant-events.test.ts +4 -22
- package/src/__tests__/db-migration-rollback.test.ts +2 -2
- package/src/__tests__/deterministic-verification-control-plane.test.ts +19 -19
- package/src/__tests__/dictation-mode-detection.test.ts +1 -1
- package/src/__tests__/dynamic-page-surface.test.ts +2 -2
- package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +2 -6
- package/src/__tests__/email-cli.test.ts +12 -12
- package/src/__tests__/email-service-config-fallback.test.ts +1 -1
- package/src/__tests__/emit-signal-routing-intent.test.ts +3 -18
- package/src/__tests__/error-handler-friendly-messages.test.ts +46 -0
- package/src/__tests__/event-bus.test.ts +0 -1
- package/src/__tests__/followup-tools.test.ts +0 -2
- package/src/__tests__/gateway-client-managed-outbound.test.ts +6 -6
- package/src/__tests__/gateway-only-enforcement.test.ts +13 -77
- package/src/__tests__/gateway-only-guard.test.ts +5 -0
- package/src/__tests__/guardian-action-conversation-turn.test.ts +3 -3
- package/src/__tests__/guardian-action-followup-executor.test.ts +29 -94
- package/src/__tests__/guardian-action-followup-store.test.ts +2 -12
- package/src/__tests__/guardian-action-grant-mint-consume.test.ts +48 -194
- package/src/__tests__/guardian-action-late-reply.test.ts +12 -12
- package/src/__tests__/guardian-action-store.test.ts +2 -2
- package/src/__tests__/guardian-action-sweep.test.ts +5 -5
- package/src/__tests__/guardian-decision-primitive-canonical.test.ts +1 -3
- package/src/__tests__/guardian-dispatch.test.ts +5 -46
- package/src/__tests__/guardian-grant-minting.test.ts +5 -44
- package/src/__tests__/guardian-outbound-http.test.ts +95 -114
- package/src/__tests__/guardian-question-mode.test.ts +1 -4
- package/src/__tests__/guardian-routing-invariants.test.ts +5 -13
- package/src/__tests__/guardian-routing-state.test.ts +3 -3
- package/src/__tests__/guardian-verification-voice-binding.test.ts +64 -7
- package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +2 -2
- package/src/__tests__/handle-user-message-secret-resume.test.ts +3 -5
- package/src/__tests__/handlers-user-message-approval-consumption.test.ts +16 -34
- package/src/__tests__/headless-browser-interactions.test.ts +1 -1
- package/src/__tests__/headless-browser-navigate.test.ts +1 -1
- package/src/__tests__/headless-browser-read-tools.test.ts +1 -1
- package/src/__tests__/headless-browser-snapshot.test.ts +1 -1
- package/src/__tests__/heartbeat-service.test.ts +1 -1
- package/src/__tests__/host-shell-tool.test.ts +3 -12
- package/src/__tests__/inbound-invite-redemption.test.ts +2 -2
- package/src/__tests__/ingress-url-consistency.test.ts +0 -64
- package/src/__tests__/integration-status.test.ts +8 -8
- package/src/__tests__/intent-routing.test.ts +9 -13
- package/src/__tests__/invite-redemption-service.test.ts +4 -4
- package/src/__tests__/invite-routes-http.test.ts +10 -10
- package/src/__tests__/llm-usage-store.test.ts +45 -9
- package/src/__tests__/local-gateway-health.test.ts +209 -0
- package/src/__tests__/managed-avatar-client.test.ts +23 -12
- package/src/__tests__/managed-skill-lifecycle.test.ts +1 -2
- package/src/__tests__/managed-store.test.ts +29 -12
- package/src/__tests__/managed-twitter-guardrails.test.ts +357 -0
- package/src/__tests__/mcp-cli.test.ts +1 -1
- package/src/__tests__/mcp-health-check.test.ts +1 -1
- package/src/__tests__/media-generate-image.test.ts +1 -1
- package/src/__tests__/media-reuse-story.e2e.test.ts +1 -4
- package/src/__tests__/memory-context-benchmark.benchmark.test.ts +9 -6
- package/src/__tests__/memory-regressions.test.ts +1 -166
- package/src/__tests__/messaging-send-tool.test.ts +8 -4
- package/src/__tests__/migration-export-http.test.ts +2 -2
- package/src/__tests__/migration-transport.test.ts +44 -0
- package/src/__tests__/non-member-access-request.test.ts +49 -36
- package/src/__tests__/notification-broadcaster.test.ts +15 -15
- package/src/__tests__/notification-decision-fallback.test.ts +2 -2
- package/src/__tests__/notification-decision-strategy.test.ts +4 -4
- package/src/__tests__/notification-deep-link.test.ts +3 -3
- package/src/__tests__/notification-guardian-path.test.ts +6 -44
- package/src/__tests__/notification-routing-intent.test.ts +11 -7
- package/src/__tests__/oauth-cli.test.ts +1 -1
- package/src/__tests__/onboarding-starter-tasks.test.ts +2 -6
- package/src/__tests__/onboarding-template-contract.test.ts +2 -12
- package/src/__tests__/platform.test.ts +168 -5
- package/src/__tests__/playbook-execution.test.ts +0 -2
- package/src/__tests__/playbook-tools.test.ts +0 -2
- package/src/__tests__/pricing.test.ts +125 -0
- package/src/__tests__/provider-error-scenarios.test.ts +9 -3
- package/src/__tests__/provider-fail-open-selection.test.ts +12 -2
- package/src/__tests__/recording-handler.test.ts +46 -80
- package/src/__tests__/recording-state-machine.test.ts +112 -183
- package/src/__tests__/registry.test.ts +1 -1
- package/src/__tests__/relay-server.test.ts +69 -71
- package/src/__tests__/reminder-store.test.ts +3 -3
- package/src/__tests__/request-file-tool.test.ts +2 -2
- package/src/__tests__/ride-shotgun-handler.test.ts +2 -33
- package/src/__tests__/runtime-attachment-metadata.test.ts +3 -3
- package/src/__tests__/runtime-events-sse-parity.test.ts +1 -1
- package/src/__tests__/scaffold-managed-skill-tool.test.ts +4 -4
- package/src/__tests__/schedule-store.test.ts +13 -4
- package/src/__tests__/schedule-tools.test.ts +0 -2
- package/src/__tests__/scheduler-recurrence.test.ts +3 -4
- package/src/__tests__/scoped-approval-grants.test.ts +3 -5
- package/src/__tests__/scoped-grant-security-matrix.test.ts +6 -8
- package/src/__tests__/secret-prompt-log-hygiene.test.ts +1 -1
- package/src/__tests__/secret-response-routing.test.ts +1 -1
- package/src/__tests__/send-endpoint-busy.test.ts +1 -4
- package/src/__tests__/sequence-store.test.ts +0 -2
- package/src/__tests__/server-history-render.test.ts +2 -199
- package/src/__tests__/session-abort-tool-results.test.ts +9 -3
- package/src/__tests__/session-agent-loop.test.ts +107 -3
- package/src/__tests__/session-confirmation-signals.test.ts +17 -49
- package/src/__tests__/session-conflict-gate.test.ts +9 -3
- package/src/__tests__/session-init.benchmark.test.ts +22 -13
- package/src/__tests__/session-load-history-repair.test.ts +6 -3
- package/src/__tests__/session-pre-run-repair.test.ts +9 -3
- package/src/__tests__/session-profile-injection.test.ts +9 -3
- package/src/__tests__/session-provider-retry-repair.test.ts +10 -4
- package/src/__tests__/session-queue.test.ts +10 -4
- package/src/__tests__/session-runtime-assembly.test.ts +28 -18
- package/src/__tests__/session-skill-tools.test.ts +2 -3
- package/src/__tests__/session-slash-known.test.ts +11 -4
- package/src/__tests__/session-slash-queue.test.ts +11 -4
- package/src/__tests__/session-slash-unknown.test.ts +12 -4
- package/src/__tests__/session-surfaces-deselection.test.ts +2 -2
- package/src/__tests__/session-surfaces-task-progress.test.ts +3 -3
- package/src/__tests__/session-tool-setup-app-refresh.test.ts +1 -1
- package/src/__tests__/session-tool-setup-memory-scope.test.ts +1 -1
- package/src/__tests__/session-tool-setup-side-effect-flag.test.ts +1 -1
- package/src/__tests__/session-usage.test.ts +180 -0
- package/src/__tests__/session-workspace-cache-state.test.ts +8 -2
- package/src/__tests__/session-workspace-injection.test.ts +8 -2
- package/src/__tests__/session-workspace-tool-tracking.test.ts +8 -2
- package/src/__tests__/skill-feature-flags-integration.test.ts +5 -11
- package/src/__tests__/skill-feature-flags.test.ts +1 -0
- package/src/__tests__/skill-include-graph.test.ts +1 -0
- package/src/__tests__/skill-load-feature-flag.test.ts +3 -9
- package/src/__tests__/skill-load-tool.test.ts +90 -12
- package/src/__tests__/skill-projection-feature-flag.test.ts +14 -15
- package/src/__tests__/skills-uninstall.test.ts +131 -0
- package/src/__tests__/skills.test.ts +32 -16
- package/src/__tests__/slack-block-formatting.test.ts +1 -1
- package/src/__tests__/slack-channel-config.test.ts +71 -12
- package/src/__tests__/slack-inbound-verification.test.ts +7 -7
- package/src/__tests__/slack-share-routes.test.ts +1 -1
- package/src/__tests__/slack-skill.test.ts +2 -2
- package/src/__tests__/slash-commands-catalog.test.ts +1 -0
- package/src/__tests__/slash-commands-resolver.test.ts +1 -0
- package/src/__tests__/starter-task-flow.test.ts +10 -20
- package/src/__tests__/subagent-manager-notify.test.ts +1 -1
- package/src/__tests__/subagent-tools.test.ts +2 -2
- package/src/__tests__/system-prompt.test.ts +7 -12
- package/src/__tests__/task-compiler.test.ts +0 -2
- package/src/__tests__/task-management-tools.test.ts +0 -2
- package/src/__tests__/task-runner.test.ts +0 -2
- package/src/__tests__/task-scheduler.test.ts +2 -2
- package/src/__tests__/telegram-bot-username-resolution.test.ts +46 -44
- package/src/__tests__/terminal-tools.test.ts +1 -11
- package/src/__tests__/thread-seed-composer.test.ts +3 -1
- package/src/__tests__/tool-approval-handler.test.ts +5 -7
- package/src/__tests__/tool-executor.test.ts +2 -2
- package/src/__tests__/tool-grant-request-escalation.test.ts +3 -5
- package/src/__tests__/tool-notification-listener.test.ts +1 -1
- package/src/__tests__/tool-profiling-listener.test.ts +1 -1
- package/src/__tests__/tool-trace-listener.test.ts +1 -2
- package/src/__tests__/trace-emitter.test.ts +1 -1
- package/src/__tests__/trust-context-guards.test.ts +1 -1
- package/src/__tests__/trust-store.test.ts +48 -399
- package/src/__tests__/trusted-contact-approval-notifier.test.ts +6 -8
- package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +5 -7
- package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +6 -6
- package/src/__tests__/trusted-contact-multichannel.test.ts +54 -47
- package/src/__tests__/trusted-contact-verification.test.ts +12 -12
- package/src/__tests__/twilio-config.test.ts +11 -2
- package/src/__tests__/twilio-provider.test.ts +6 -4
- package/src/__tests__/twilio-routes.test.ts +408 -86
- package/src/__tests__/twitter-platform-proxy-client.test.ts +475 -0
- package/src/__tests__/update-bulletin-format.test.ts +1 -1
- package/src/__tests__/update-bulletin-state.test.ts +1 -1
- package/src/__tests__/update-bulletin.test.ts +4 -8
- package/src/__tests__/update-template-contract.test.ts +1 -1
- package/src/__tests__/usage-cache-backfill-migration.test.ts +406 -0
- package/src/__tests__/usage-routes.test.ts +23 -5
- package/src/__tests__/user-reference.test.ts +1 -1
- package/src/__tests__/{guardian-control-plane-policy.test.ts → verification-control-plane-policy.test.ts} +142 -170
- package/src/__tests__/{guardian-verification-intent-routing.test.ts → verification-session-intent-routing.test.ts} +16 -16
- package/src/__tests__/view-image-tool.test.ts +0 -2
- package/src/__tests__/voice-ingress-preflight.test.ts +36 -0
- package/src/__tests__/voice-invite-redemption.test.ts +18 -18
- package/src/__tests__/voice-scoped-grant-consumer.test.ts +7 -7
- package/src/__tests__/voice-session-bridge.test.ts +14 -16
- package/src/__tests__/workspace-policy.test.ts +1 -1
- package/src/approvals/AGENTS.md +4 -4
- package/src/approvals/approval-primitive.ts +2 -2
- package/src/approvals/guardian-decision-primitive.ts +1 -1
- package/src/approvals/guardian-request-resolvers.ts +3 -4
- package/src/bundler/app-bundler.ts +29 -217
- package/src/calls/active-call-lease.ts +207 -0
- package/src/calls/call-constants.ts +0 -7
- package/src/calls/call-controller.ts +1 -1
- package/src/calls/call-conversation-messages.ts +6 -6
- package/src/calls/call-domain.ts +73 -38
- package/src/calls/call-pointer-message-composer.ts +6 -6
- package/src/calls/call-pointer-messages.ts +14 -13
- package/src/calls/call-recovery.ts +2 -0
- package/src/calls/call-store.ts +21 -28
- package/src/calls/guardian-action-sweep.ts +6 -8
- package/src/calls/guardian-dispatch.ts +2 -6
- package/src/calls/relay-access-wait.ts +4 -4
- package/src/calls/relay-server.ts +69 -80
- package/src/calls/relay-setup-router.ts +16 -21
- package/src/calls/relay-verification.ts +27 -28
- package/src/calls/twilio-config.ts +28 -3
- package/src/calls/twilio-provider.ts +5 -5
- package/src/calls/twilio-rest.ts +26 -27
- package/src/calls/twilio-routes.ts +67 -54
- package/src/calls/types.ts +8 -8
- package/src/calls/voice-ingress-preflight.ts +110 -0
- package/src/calls/voice-session-bridge.ts +7 -7
- package/src/channels/config.ts +1 -10
- package/src/{config/channel-permission-profiles.ts → channels/permission-profiles.ts} +1 -1
- package/src/channels/types.ts +2 -13
- package/src/cli/__tests__/notifications.test.ts +1 -1
- package/src/{amazon → cli/commands/amazon}/client.ts +99 -42
- package/src/cli/{amazon.ts → commands/amazon/index.ts} +14 -54
- package/src/{amazon → cli/commands/amazon}/request-extractor.ts +39 -3
- package/src/cli/commands/amazon/session.ts +108 -0
- package/src/cli/{audit.ts → commands/audit.ts} +2 -4
- package/src/cli/{autonomy.ts → commands/autonomy.ts} +1 -3
- package/src/cli/commands/browser-relay.ts +520 -0
- package/src/cli/commands/channel-verification-sessions.ts +442 -0
- package/src/cli/{completions.ts → commands/completions.ts} +1 -3
- package/src/cli/{config.ts → commands/config.ts} +3 -5
- package/src/cli/{contacts.ts → commands/contacts.ts} +15 -17
- package/src/cli/{credentials.ts → commands/credentials.ts} +9 -10
- package/src/cli/{default-action.ts → commands/default-action.ts} +3 -3
- package/src/cli/{dev.ts → commands/dev.ts} +4 -6
- package/src/cli/{doctor.ts → commands/doctor.ts} +36 -60
- package/src/cli/{email.ts → commands/email.ts} +2 -2
- package/src/cli/{keys.ts → commands/keys.ts} +6 -6
- package/src/cli/{map.ts → commands/map.ts} +85 -93
- package/src/cli/{mcp.ts → commands/mcp.ts} +5 -7
- package/src/cli/{memory.ts → commands/memory.ts} +6 -7
- package/src/cli/{notifications.ts → commands/notifications.ts} +8 -10
- package/src/cli/{oauth.ts → commands/oauth.ts} +2 -2
- package/src/cli/commands/platform.ts +176 -0
- package/src/cli/{sequence.ts → commands/sequence.ts} +3 -3
- package/src/cli/{sessions.ts → commands/sessions.ts} +32 -52
- package/src/cli/commands/skills.ts +498 -0
- package/src/cli/{trust.ts → commands/trust.ts} +2 -4
- package/src/cli/commands/twitter/__tests__/cli-read-routing.test.ts +345 -0
- package/src/cli/commands/twitter/__tests__/cli-routing.test.ts +252 -0
- package/src/{__tests__/twitter-oauth-client.test.ts → cli/commands/twitter/__tests__/oauth-client.test.ts} +2 -48
- package/src/cli/commands/twitter/index.ts +420 -0
- package/src/{twitter → cli/commands/twitter}/oauth-client.ts +1 -35
- package/src/cli/commands/twitter/router.ts +351 -0
- package/src/cli/commands/twitter/types.ts +30 -0
- package/src/cli/db.ts +1 -0
- package/src/cli/http-client.ts +87 -0
- package/src/cli/logger.ts +6 -0
- package/src/cli/main-screen.tsx +4 -3
- package/src/cli/output.ts +19 -0
- package/src/cli/program.ts +29 -27
- package/src/cli/reference.ts +27 -37
- package/src/cli.ts +452 -240
- package/src/config/assistant-feature-flags.ts +3 -15
- package/src/config/bundled-skills/_shared/CLI_RETRIEVAL_PATTERN.md +3 -6
- package/src/config/bundled-skills/agentmail/SKILL.md +4 -4
- package/src/config/bundled-skills/amazon/SKILL.md +15 -6
- package/src/config/bundled-skills/api-mapping/SKILL.md +4 -4
- package/src/config/bundled-skills/app-builder/SKILL.md +4 -9
- package/src/config/bundled-skills/app-builder/TOOLS.json +0 -4
- package/src/config/bundled-skills/browser/SKILL.md +4 -5
- package/src/config/bundled-skills/chatgpt-import/SKILL.md +4 -4
- package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
- package/src/config/bundled-skills/claude-code/SKILL.md +4 -4
- package/src/config/bundled-skills/cli-discover/SKILL.md +4 -4
- package/src/config/bundled-skills/computer-use/SKILL.md +4 -4
- package/src/config/bundled-skills/contacts/SKILL.md +23 -77
- package/src/config/bundled-skills/deploy-fullstack-vercel/SKILL.md +4 -4
- package/src/config/bundled-skills/document/SKILL.md +4 -3
- package/src/config/bundled-skills/document-writer/SKILL.md +4 -4
- package/src/config/bundled-skills/doordash/SKILL.md +4 -12
- package/src/config/bundled-skills/doordash/__tests__/doordash-session.test.ts +1 -90
- package/src/config/bundled-skills/doordash/doordash-cli.ts +132 -109
- package/src/config/bundled-skills/doordash/lib/session.ts +22 -19
- package/src/config/bundled-skills/doordash/lib/shared/platform.ts +26 -9
- package/src/config/bundled-skills/elevenlabs-voice/SKILL.md +140 -0
- package/src/config/bundled-skills/email-setup/SKILL.md +4 -4
- package/src/config/bundled-skills/followups/SKILL.md +4 -3
- package/src/config/bundled-skills/frontend-design/SKILL.md +2 -0
- package/src/config/bundled-skills/google-calendar/SKILL.md +4 -4
- package/src/config/bundled-skills/google-oauth-setup/SKILL.md +4 -6
- package/src/config/bundled-skills/guardian-verify-setup/SKILL.md +26 -41
- package/src/config/bundled-skills/image-studio/SKILL.md +4 -5
- package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +1 -1
- package/src/config/bundled-skills/influencer/SKILL.md +19 -19
- package/src/{influencer → config/bundled-skills/influencer/scripts}/client.ts +73 -56
- package/src/config/bundled-skills/influencer/scripts/influencer.ts +267 -0
- package/src/config/bundled-skills/knowledge-graph/SKILL.md +4 -2
- package/src/config/bundled-skills/macos-automation/SKILL.md +4 -5
- package/src/config/bundled-skills/mcp-setup/SKILL.md +4 -4
- package/src/config/bundled-skills/media-processing/SKILL.md +3 -2
- package/src/config/bundled-skills/messaging/SKILL.md +6 -33
- package/src/config/bundled-skills/messaging/tools/messaging-send.ts +0 -5
- package/src/config/bundled-skills/notifications/SKILL.md +4 -4
- package/src/config/bundled-skills/notion/SKILL.md +4 -4
- package/src/config/bundled-skills/notion-oauth-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/oauth-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/phone-calls/SKILL.md +24 -458
- package/src/config/bundled-skills/phone-calls/references/CONFIG.md +83 -0
- package/src/config/bundled-skills/phone-calls/references/TRANSCRIPTS.md +57 -0
- package/src/config/bundled-skills/phone-calls/references/TROUBLESHOOTING.md +67 -0
- package/src/config/bundled-skills/playbooks/SKILL.md +4 -3
- package/src/config/bundled-skills/public-ingress/SKILL.md +65 -14
- package/src/config/bundled-skills/reminder/SKILL.md +4 -3
- package/src/config/bundled-skills/restaurant-reservation/SKILL.md +4 -6
- package/src/config/bundled-skills/schedule/SKILL.md +4 -3
- package/src/config/bundled-skills/screen-recording/SKILL.md +4 -3
- package/src/config/bundled-skills/self-upgrade/SKILL.md +4 -4
- package/src/config/bundled-skills/skills-catalog/SKILL.md +4 -4
- package/src/config/bundled-skills/slack/SKILL.md +4 -8
- package/src/config/bundled-skills/slack/tools/slack-channel-permissions.ts +1 -1
- package/src/config/bundled-skills/slack-app-setup/SKILL.md +66 -88
- package/src/config/bundled-skills/slack-digest-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/slack-oauth-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/start-the-day/SKILL.md +4 -4
- package/src/config/bundled-skills/subagent/SKILL.md +4 -3
- package/src/config/bundled-skills/tasks/SKILL.md +4 -3
- package/src/config/bundled-skills/telegram-setup/SKILL.md +63 -112
- package/src/config/bundled-skills/time-based-actions/SKILL.md +4 -3
- package/src/config/bundled-skills/transcribe/SKILL.md +4 -3
- package/src/config/bundled-skills/twilio-setup/SKILL.md +23 -50
- package/src/config/bundled-skills/twitter/SKILL.md +73 -144
- package/src/config/bundled-skills/typescript-eval/SKILL.md +4 -4
- package/src/config/bundled-skills/vercel-token-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/voice-setup/SKILL.md +19 -45
- package/src/config/bundled-skills/watcher/SKILL.md +4 -3
- package/src/config/env-registry.ts +1 -10
- package/src/config/feature-flag-registry.json +8 -16
- package/src/config/loader.ts +78 -38
- package/src/config/schema.ts +143 -106
- package/src/config/schemas/channels.ts +80 -0
- package/src/config/schemas/heartbeat.ts +51 -0
- package/src/config/schemas/inference.ts +136 -0
- package/src/config/schemas/ingress.ts +81 -0
- package/src/config/schemas/logging.ts +21 -0
- package/src/config/schemas/memory-lifecycle.ts +67 -0
- package/src/config/schemas/memory-processing.ts +215 -0
- package/src/config/schemas/memory-retrieval.ts +222 -0
- package/src/config/schemas/memory-storage.ts +83 -0
- package/src/config/schemas/memory.ts +58 -0
- package/src/config/schemas/platform.ts +64 -0
- package/src/config/schemas/security.ts +54 -0
- package/src/config/schemas/swarm.ts +50 -0
- package/src/config/schemas/timeouts.ts +47 -0
- package/src/config/{agent-schema.ts → schemas/workspace-git.ts} +0 -97
- package/src/config/skill-state.ts +3 -13
- package/src/config/skills.ts +196 -75
- package/src/config/types.ts +1 -20
- package/src/contacts/contact-store.ts +12 -49
- package/src/contacts/contacts-write.ts +1 -5
- package/src/contacts/index.ts +0 -2
- package/src/contacts/types.ts +0 -8
- package/src/context/window-manager.ts +73 -14
- package/src/daemon/assistant-attachments.ts +9 -0
- package/src/daemon/computer-use-session.ts +3 -3
- package/src/daemon/connection-policy.ts +6 -21
- package/src/daemon/context-overflow-policy.ts +1 -1
- package/src/daemon/daemon-control.ts +46 -54
- package/src/daemon/doordash-steps.ts +1 -1
- package/src/daemon/handlers/config-channels.ts +407 -71
- package/src/daemon/handlers/config-ingress.ts +17 -85
- package/src/daemon/handlers/config-model.ts +145 -123
- package/src/daemon/handlers/config-slack-channel.ts +43 -29
- package/src/daemon/handlers/config-telegram.ts +32 -27
- package/src/daemon/handlers/config-voice.ts +1 -4
- package/src/daemon/handlers/dictation.ts +11 -16
- package/src/daemon/handlers/identity.ts +5 -6
- package/src/daemon/handlers/pairing.ts +5 -13
- package/src/daemon/handlers/recording.ts +97 -199
- package/src/daemon/handlers/session-history.ts +151 -105
- package/src/daemon/handlers/session-user-message.ts +29 -57
- package/src/daemon/handlers/sessions.ts +240 -137
- package/src/daemon/handlers/shared.ts +62 -95
- package/src/daemon/handlers/skills.ts +492 -543
- package/src/daemon/lifecycle.ts +155 -55
- package/src/daemon/{ipc-contract.ts → message-protocol.ts} +49 -49
- package/src/daemon/{ipc-contract → message-types}/apps.ts +0 -25
- package/src/daemon/{ipc-contract → message-types}/computer-use.ts +0 -3
- package/src/daemon/{ipc-contract → message-types}/diagnostics.ts +0 -16
- package/src/daemon/{ipc-contract → message-types}/integrations.ts +30 -20
- package/src/daemon/{ipc-contract → message-types}/memory.ts +8 -0
- package/src/daemon/{ipc-contract → message-types}/notifications.ts +15 -1
- package/src/daemon/{ipc-contract → message-types}/sessions.ts +7 -1
- package/src/daemon/{ipc-contract → message-types}/shared.ts +0 -8
- package/src/daemon/{ipc-contract → message-types}/surfaces.ts +2 -0
- package/src/daemon/{ipc-contract → message-types}/workspace.ts +2 -2
- package/src/daemon/providers-setup.ts +0 -5
- package/src/daemon/recording-executor.ts +0 -7
- package/src/daemon/ride-shotgun-handler.ts +42 -14
- package/src/daemon/seed-files.ts +3 -27
- package/src/daemon/server.ts +134 -524
- package/src/daemon/session-agent-loop-handlers.ts +46 -9
- package/src/daemon/session-agent-loop.ts +86 -24
- package/src/daemon/session-attachments.ts +1 -1
- package/src/daemon/session-error.ts +1 -1
- package/src/daemon/session-history.ts +20 -15
- package/src/daemon/session-lifecycle.ts +9 -7
- package/src/daemon/session-memory.ts +15 -1
- package/src/daemon/session-messaging.ts +10 -6
- package/src/daemon/session-notifiers.ts +10 -8
- package/src/daemon/session-process.ts +34 -25
- package/src/daemon/session-queue-manager.ts +1 -1
- package/src/daemon/session-runtime-assembly.ts +6 -32
- package/src/daemon/session-surfaces.ts +187 -35
- package/src/daemon/session-tool-setup.ts +1 -1
- package/src/daemon/session-usage.ts +119 -18
- package/src/daemon/session.ts +11 -33
- package/src/daemon/tool-side-effects.ts +6 -5
- package/src/daemon/trace-emitter.ts +1 -1
- package/src/daemon/{guardian-verification-intent.ts → verification-session-intent.ts} +16 -16
- package/src/daemon/watch-handler.ts +2 -5
- package/src/email/service.ts +8 -8
- package/src/events/domain-events.ts +0 -1
- package/src/events/tool-notification-listener.ts +1 -1
- package/src/followups/followup-store.ts +1 -2
- package/src/followups/types.ts +0 -6
- package/src/heartbeat/heartbeat-service.ts +1 -1
- package/src/inbound/platform-callback-registration.ts +1 -1
- package/src/inbound/public-ingress-urls.ts +0 -8
- package/src/index.ts +12 -0
- package/src/mcp/client.ts +1 -1
- package/src/mcp/manager.ts +1 -1
- package/src/memory/app-store.ts +1 -60
- package/src/memory/{guardian-verification.ts → channel-verification-sessions.ts} +110 -93
- package/src/memory/conversation-attention-store.ts +154 -0
- package/src/memory/conversation-bootstrap.ts +1 -1
- package/src/memory/conversation-crud.ts +53 -1
- package/src/memory/conversation-display-order-migration.ts +2 -3
- package/src/memory/conversation-queries.ts +1 -29
- package/src/memory/conversation-title-service.ts +26 -21
- package/src/memory/db-connection.ts +1 -8
- package/src/memory/db-init.ts +20 -0
- package/src/memory/delivery-crud.ts +4 -34
- package/src/memory/external-conversation-store.ts +1 -1
- package/src/memory/format-recall.ts +47 -0
- package/src/memory/guardian-action-store.ts +4 -5
- package/src/memory/guardian-rate-limits.ts +0 -3
- package/src/memory/invite-store.ts +1 -1
- package/src/memory/job-handlers/backfill.ts +9 -2
- package/src/memory/job-handlers/extraction.ts +2 -7
- package/src/memory/job-handlers/summarization.ts +1 -1
- package/src/memory/llm-usage-store.ts +11 -0
- package/src/memory/migrations/114-notifications.ts +12 -40
- package/src/memory/migrations/140-backfill-usage-cache-accounting.ts +357 -0
- package/src/memory/migrations/141-rename-verification-table.ts +55 -0
- package/src/memory/migrations/142-rename-verification-session-id-column.ts +32 -0
- package/src/memory/migrations/143-rename-guardian-verification-values.ts +48 -0
- package/src/memory/migrations/144-rename-voice-to-phone.ts +147 -0
- package/src/memory/migrations/index.ts +5 -0
- package/src/memory/migrations/registry.ts +30 -0
- package/src/memory/qdrant-circuit-breaker.ts +5 -0
- package/src/memory/retriever.test.ts +707 -0
- package/src/memory/retriever.ts +120 -116
- package/src/memory/schema/calls.ts +3 -7
- package/src/memory/schema/guardian.ts +2 -2
- package/src/memory/schema/infrastructure.ts +0 -8
- package/src/memory/search/lexical.ts +4 -1
- package/src/memory/search/query-expansion.test.ts +70 -0
- package/src/memory/search/query-expansion.ts +118 -0
- package/src/memory/search/types.ts +18 -17
- package/src/messaging/providers/telegram-bot/adapter.ts +1 -1
- package/src/messaging/providers/whatsapp/adapter.ts +1 -4
- package/src/messaging/registry.ts +0 -1
- package/src/notifications/README.md +13 -22
- package/src/notifications/adapters/macos.ts +1 -1
- package/src/notifications/conversation-pairing.ts +2 -2
- package/src/notifications/copy-composer.ts +2 -2
- package/src/notifications/decision-engine.ts +1 -10
- package/src/notifications/destination-resolver.ts +2 -3
- package/src/notifications/emit-signal.ts +2 -8
- package/src/notifications/guardian-question-mode.ts +5 -8
- package/src/notifications/signal.ts +1 -2
- package/src/notifications/types.ts +1 -1
- package/src/oauth/token-persistence.ts +25 -1
- package/src/permissions/checker.ts +4 -29
- package/src/permissions/defaults.ts +9 -9
- package/src/permissions/prompter.ts +1 -1
- package/src/permissions/secret-prompter.ts +1 -1
- package/src/permissions/shell-identity.ts +1 -1
- package/src/permissions/trust-store.ts +13 -76
- package/src/permissions/workspace-policy.ts +1 -1
- package/src/{config → prompts}/computer-use-prompt.ts +1 -1
- package/src/{config → prompts}/system-prompt.ts +44 -26
- package/src/{config → prompts}/templates/BOOTSTRAP.md +0 -3
- package/src/providers/registry.ts +2 -4
- package/src/runtime/AGENTS.md +6 -8
- package/src/runtime/access-request-helper.ts +36 -55
- package/src/runtime/actor-trust-resolver.ts +1 -24
- package/src/runtime/approval-message-composer.ts +6 -2
- package/src/runtime/assistant-event.ts +1 -1
- package/src/runtime/auth/__tests__/guard-tests.test.ts +1 -0
- package/src/runtime/auth/__tests__/ipc-auth-context.test.ts +1 -1
- package/src/runtime/auth/__tests__/scopes.test.ts +2 -1
- package/src/runtime/auth/__tests__/subject.test.ts +32 -0
- package/src/runtime/auth/route-policy.ts +137 -25
- package/src/runtime/auth/scopes.ts +1 -0
- package/src/runtime/auth/subject.ts +9 -0
- package/src/runtime/auth/token-service.ts +12 -1
- package/src/runtime/auth/types.ts +1 -1
- package/src/runtime/channel-approval-types.ts +1 -1
- package/src/runtime/channel-approvals.ts +1 -1
- package/src/runtime/channel-invite-transport.ts +0 -2
- package/src/runtime/channel-invite-transports/slack.ts +5 -19
- package/src/runtime/channel-invite-transports/telegram.ts +17 -34
- package/src/runtime/channel-invite-transports/voice.ts +1 -1
- package/src/runtime/channel-readiness-service.ts +24 -159
- package/src/runtime/channel-readiness-types.ts +5 -1
- package/src/runtime/channel-reply-delivery.ts +43 -3
- package/src/runtime/channel-retry-sweep.ts +14 -22
- package/src/runtime/{channel-guardian-service.ts → channel-verification-service.ts} +50 -53
- package/src/runtime/confirmation-request-guardian-bridge.ts +2 -3
- package/src/runtime/gateway-client.ts +12 -15
- package/src/runtime/guardian-action-followup-executor.ts +8 -73
- package/src/runtime/guardian-action-grant-minter.ts +45 -61
- package/src/runtime/guardian-action-message-composer.ts +4 -4
- package/src/runtime/guardian-reply-router.ts +3 -3
- package/src/runtime/http-server.ts +133 -24
- package/src/runtime/http-types.ts +44 -1
- package/src/runtime/invite-instruction-generator.ts +1 -3
- package/src/runtime/invite-redemption-service.ts +5 -5
- package/src/runtime/invite-service.ts +7 -7
- package/src/runtime/local-actor-identity.ts +28 -2
- package/src/runtime/local-gateway-health.ts +275 -0
- package/src/runtime/middleware/error-handler.ts +14 -1
- package/src/runtime/middleware/twilio-validation.ts +3 -3
- package/src/runtime/migrations/migration-transport.ts +18 -3
- package/src/runtime/migrations/rebind-secrets-screen.ts +2 -2
- package/src/runtime/nl-approval-parser.ts +2 -3
- package/src/runtime/routes/access-request-decision.ts +2 -2
- package/src/runtime/routes/app-management-routes.ts +918 -0
- package/src/runtime/routes/approval-routes.ts +76 -7
- package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +38 -203
- package/src/runtime/routes/brain-graph/brain-graph.html +1845 -0
- package/src/runtime/routes/brain-graph-routes.ts +4 -42
- package/src/runtime/routes/channel-delivery-routes.ts +5 -4
- package/src/runtime/routes/channel-route-shared.ts +1 -3
- package/src/runtime/routes/channel-routes.ts +1 -4
- package/src/runtime/routes/channel-verification-routes.ts +257 -0
- package/src/runtime/routes/computer-use-routes.ts +595 -0
- package/src/runtime/routes/contact-routes.ts +1 -317
- package/src/runtime/routes/conversation-attention-routes.ts +6 -5
- package/src/runtime/routes/conversation-routes.ts +20 -24
- package/src/runtime/routes/debug-routes.ts +1 -1
- package/src/runtime/routes/diagnostics-routes.ts +890 -0
- package/src/runtime/routes/documents-routes.ts +227 -0
- package/src/runtime/routes/guardian-approval-interception.ts +25 -48
- package/src/runtime/routes/guardian-bootstrap-routes.ts +3 -3
- package/src/runtime/routes/guardian-expiry-sweep.ts +2 -2
- package/src/runtime/routes/guardian-refresh-routes.ts +11 -6
- package/src/runtime/routes/inbound-conversation.ts +3 -10
- package/src/runtime/routes/inbound-message-handler.ts +7 -6
- package/src/runtime/routes/inbound-stages/acl-enforcement.ts +22 -22
- package/src/runtime/routes/inbound-stages/background-dispatch.test.ts +44 -0
- package/src/runtime/routes/inbound-stages/background-dispatch.ts +140 -22
- package/src/runtime/routes/inbound-stages/bootstrap-intercept.ts +4 -4
- package/src/runtime/routes/inbound-stages/edit-intercept.ts +5 -5
- package/src/runtime/routes/inbound-stages/escalation-intercept.ts +3 -3
- package/src/runtime/routes/inbound-stages/secret-ingress-check.ts +4 -4
- package/src/runtime/routes/inbound-stages/verification-intercept.ts +13 -14
- package/src/runtime/routes/integrations/slack/channel.ts +72 -0
- package/src/runtime/routes/{slack-share-routes.ts → integrations/slack/share.ts} +9 -9
- package/src/runtime/routes/integrations/telegram.ts +111 -0
- package/src/runtime/routes/integrations/twilio.ts +451 -0
- package/src/runtime/routes/invite-routes.ts +2 -2
- package/src/runtime/routes/pairing-routes.ts +1 -1
- package/src/runtime/routes/recording-routes.ts +332 -0
- package/src/{daemon/handlers/config-scheduling.ts → runtime/routes/schedule-routes.ts} +91 -106
- package/src/runtime/routes/session-management-routes.ts +167 -0
- package/src/runtime/routes/session-query-routes.ts +204 -0
- package/src/runtime/routes/settings-routes.ts +887 -0
- package/src/runtime/routes/skills-routes.ts +266 -0
- package/src/runtime/routes/subagents-routes.ts +246 -0
- package/src/runtime/routes/surface-action-routes.ts +100 -10
- package/src/runtime/routes/surface-content-routes.ts +1 -1
- package/src/runtime/routes/work-items-routes.ts +809 -0
- package/src/runtime/routes/workspace-routes.test.ts +778 -0
- package/src/runtime/routes/workspace-routes.ts +410 -0
- package/src/runtime/routes/workspace-utils.ts +88 -0
- package/src/runtime/telegram-streaming-delivery.test.ts +597 -0
- package/src/runtime/telegram-streaming-delivery.ts +380 -0
- package/src/runtime/tool-grant-request-helper.ts +1 -2
- package/src/runtime/trust-context-resolver.ts +0 -1
- package/src/runtime/{guardian-outbound-actions.ts → verification-outbound-actions.ts} +23 -188
- package/src/runtime/verification-rate-limiter.ts +2 -2
- package/src/runtime/{guardian-verification-templates.ts → verification-templates.ts} +2 -28
- package/src/schedule/integration-status.ts +2 -2
- package/src/schedule/schedule-store.ts +7 -9
- package/src/sequence/engine.ts +1 -1
- package/src/skills/active-skill-tools.ts +0 -8
- package/src/skills/clawhub.ts +1 -10
- package/src/skills/managed-store.ts +14 -4
- package/src/skills/slash-commands.ts +1 -1
- package/src/subagent/manager.ts +1 -1
- package/src/subagent/types.ts +1 -1
- package/src/tasks/SPEC.md +10 -10
- package/src/tasks/task-scheduler.ts +1 -1
- package/src/telegram/bot-username.ts +13 -0
- package/src/tools/AGENTS.md +38 -0
- package/src/tools/apps/executors.ts +0 -6
- package/src/tools/assets/materialize.ts +1 -1
- package/src/tools/assets/search.ts +1 -1
- package/src/tools/browser/browser-execution.ts +2 -2
- package/src/tools/browser/browser-manager.ts +88 -11
- package/src/tools/browser/browser-screencast.ts +1 -1
- package/src/tools/browser/headless-browser.ts +0 -17
- package/src/tools/browser/jit-auth.ts +1 -1
- package/src/tools/browser/recording-store.ts +19 -1
- package/src/tools/browser/runtime-check.ts +4 -2
- package/src/tools/calls/call-start.ts +3 -3
- package/src/tools/credentials/metadata-store.ts +0 -13
- package/src/tools/credentials/vault.ts +7 -31
- package/src/tools/document/editor-template.ts +10 -8
- package/src/tools/followups/followup_create.ts +0 -8
- package/src/tools/mcp/mcp-tool-factory.ts +1 -1
- package/src/tools/memory/definitions.ts +32 -10
- package/src/tools/memory/handlers.test.ts +573 -0
- package/src/tools/memory/handlers.ts +222 -65
- package/src/tools/memory/register.ts +53 -24
- package/src/tools/network/script-proxy/session-manager.ts +1 -12
- package/src/tools/schedule/update.ts +0 -8
- package/src/tools/skills/load.ts +3 -3
- package/src/tools/subagent/read.ts +1 -1
- package/src/tools/system/voice-config.ts +2 -14
- package/src/tools/terminal/safe-env.ts +5 -18
- package/src/tools/tool-approval-handler.ts +4 -4
- package/src/tools/tool-manifest.ts +4 -2
- package/src/tools/types.ts +1 -1
- package/src/tools/{guardian-control-plane-policy.ts → verification-control-plane-policy.ts} +37 -39
- package/src/twitter/platform-proxy-client.ts +408 -0
- package/src/usage/types.ts +21 -0
- package/src/util/canonicalize-identity.ts +2 -6
- package/src/util/errors.ts +12 -0
- package/src/util/platform.ts +93 -86
- package/src/util/pricing.ts +180 -43
- package/src/work-items/work-item-runner.ts +1 -1
- package/scripts/ipc/check-contract-inventory.ts +0 -107
- package/scripts/ipc/check-swift-decoder-drift.ts +0 -184
- package/scripts/ipc/generate-swift.ts +0 -528
- package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +0 -3043
- package/src/__tests__/app-migration.test.ts +0 -148
- package/src/__tests__/config-loader-migration.test.ts +0 -85
- package/src/__tests__/daemon-lifecycle.test.ts +0 -715
- package/src/__tests__/daemon-server-session-init.test.ts +0 -864
- package/src/__tests__/guardian-actions-endpoint.test.ts +0 -1452
- package/src/__tests__/handlers-add-trust-rule-metadata.test.ts +0 -228
- package/src/__tests__/handlers-cu-observation-blob.test.ts +0 -397
- package/src/__tests__/handlers-ipc-blob-probe.test.ts +0 -218
- package/src/__tests__/handlers-slack-config.test.ts +0 -140
- package/src/__tests__/handlers-telegram-config.test.ts +0 -1317
- package/src/__tests__/handlers-twitter-config.test.ts +0 -1145
- package/src/__tests__/home-base-bootstrap.test.ts +0 -86
- package/src/__tests__/ingress-reconcile.test.ts +0 -606
- package/src/__tests__/integrations-cli.test.ts +0 -232
- package/src/__tests__/ipc-blob-store.test.ts +0 -329
- package/src/__tests__/ipc-contract-inventory.test.ts +0 -69
- package/src/__tests__/ipc-contract.test.ts +0 -76
- package/src/__tests__/ipc-protocol.test.ts +0 -120
- package/src/__tests__/ipc-roundtrip.benchmark.test.ts +0 -250
- package/src/__tests__/ipc-snapshot.test.ts +0 -2197
- package/src/__tests__/ipc-validate.test.ts +0 -471
- package/src/__tests__/migration-cli-flows.test.ts +0 -186
- package/src/__tests__/migration-ordering.test.ts +0 -267
- package/src/__tests__/oauth-connect-handler.test.ts +0 -361
- package/src/__tests__/platform-move-helper.test.ts +0 -108
- package/src/__tests__/platform-socket-path.test.ts +0 -52
- package/src/__tests__/platform-workspace-migration.test.ts +0 -1051
- package/src/__tests__/prebuilt-home-base-seed.test.ts +0 -79
- package/src/__tests__/recording-intent-handler.test.ts +0 -1155
- package/src/__tests__/script-proxy-profile-template-fallback.test.ts +0 -127
- package/src/__tests__/sms-messaging-provider.test.ts +0 -156
- package/src/__tests__/tool-permission-simulate-handler.test.ts +0 -367
- package/src/__tests__/twitter-auth-handler.test.ts +0 -561
- package/src/__tests__/twitter-cli-error-shaping.test.ts +0 -224
- package/src/__tests__/twitter-cli-routing.test.ts +0 -286
- package/src/__tests__/work-item-output.test.ts +0 -150
- package/src/amazon/session.ts +0 -58
- package/src/cli/channels.ts +0 -51
- package/src/cli/influencer.ts +0 -319
- package/src/cli/integrations.ts +0 -372
- package/src/cli/ipc-client.ts +0 -88
- package/src/cli/twitter.ts +0 -1111
- package/src/config/bundled-skills/configure-settings/SKILL.md +0 -86
- package/src/config/bundled-skills/doordash/lib/shared/ipc.ts +0 -32
- package/src/config/bundled-skills/sms-setup/SKILL.md +0 -210
- package/src/config/core-schema.ts +0 -434
- package/src/config/memory-schema.ts +0 -617
- package/src/daemon/auth-manager.ts +0 -106
- package/src/daemon/handlers/apps.ts +0 -783
- package/src/daemon/handlers/avatar.ts +0 -73
- package/src/daemon/handlers/browser.ts +0 -3
- package/src/daemon/handlers/computer-use.ts +0 -231
- package/src/daemon/handlers/config-dispatch.ts +0 -29
- package/src/daemon/handlers/config-heartbeat.ts +0 -299
- package/src/daemon/handlers/config-inbox.ts +0 -457
- package/src/daemon/handlers/config-integrations.ts +0 -409
- package/src/daemon/handlers/config-platform.ts +0 -77
- package/src/daemon/handlers/config-slack.ts +0 -41
- package/src/daemon/handlers/config-tools.ts +0 -226
- package/src/daemon/handlers/config-trust.ts +0 -135
- package/src/daemon/handlers/config.ts +0 -64
- package/src/daemon/handlers/contacts.ts +0 -193
- package/src/daemon/handlers/diagnostics.ts +0 -382
- package/src/daemon/handlers/documents.ts +0 -188
- package/src/daemon/handlers/guardian-actions.ts +0 -82
- package/src/daemon/handlers/home-base.ts +0 -82
- package/src/daemon/handlers/index.ts +0 -222
- package/src/daemon/handlers/misc.ts +0 -1139
- package/src/daemon/handlers/navigate-settings.ts +0 -29
- package/src/daemon/handlers/oauth-connect.ts +0 -202
- package/src/daemon/handlers/open-bundle-handler.ts +0 -88
- package/src/daemon/handlers/publish.ts +0 -176
- package/src/daemon/handlers/signing.ts +0 -56
- package/src/daemon/handlers/subagents.ts +0 -286
- package/src/daemon/handlers/twitter-auth.ts +0 -220
- package/src/daemon/handlers/work-items.ts +0 -796
- package/src/daemon/handlers/workspace-files.ts +0 -84
- package/src/daemon/handlers.ts +0 -16
- package/src/daemon/ipc-blob-store.ts +0 -246
- package/src/daemon/ipc-contract-inventory.json +0 -348
- package/src/daemon/ipc-contract-inventory.ts +0 -202
- package/src/daemon/ipc-handler.ts +0 -120
- package/src/daemon/ipc-protocol.ts +0 -85
- package/src/daemon/ipc-validate.ts +0 -254
- package/src/home-base/app-link-store.ts +0 -78
- package/src/home-base/bootstrap.ts +0 -74
- package/src/home-base/prebuilt/brain-graph.html +0 -1483
- package/src/home-base/prebuilt/index.html +0 -702
- package/src/home-base/prebuilt/seed-metadata.json +0 -21
- package/src/home-base/prebuilt/seed.ts +0 -122
- package/src/home-base/prebuilt-home-base-updater.ts +0 -36
- package/src/memory/app-migration.ts +0 -114
- package/src/memory/channel-delivery-store.ts +0 -40
- package/src/memory/channel-guardian-store.ts +0 -83
- package/src/memory/conversation-store.ts +0 -102
- package/src/memory/schema-migration.ts +0 -38
- package/src/messaging/providers/sms/adapter.ts +0 -232
- package/src/messaging/providers/sms/client.ts +0 -93
- package/src/messaging/providers/sms/types.ts +0 -7
- package/src/migrations/config-merge.ts +0 -62
- package/src/migrations/data-layout.ts +0 -89
- package/src/migrations/data-merge.ts +0 -44
- package/src/migrations/hooks-merge.ts +0 -118
- package/src/migrations/index.ts +0 -6
- package/src/migrations/log.ts +0 -28
- package/src/migrations/skills-merge.ts +0 -44
- package/src/migrations/workspace-layout.ts +0 -94
- package/src/notifications/adapters/sms.ts +0 -94
- package/src/runtime/channel-approval-parser.ts +0 -123
- package/src/runtime/channel-invite-transports/sms.ts +0 -53
- package/src/runtime/routes/approval-strategies/guardian-legacy-fallback-strategy.ts +0 -82
- package/src/runtime/routes/integration-routes.ts +0 -381
- package/src/runtime/routes/twilio-routes.ts +0 -1251
- package/src/twitter/client.ts +0 -979
- package/src/twitter/router.ts +0 -131
- package/src/twitter/session.ts +0 -54
- package/src/util/cookie-session.ts +0 -114
- package/src/watcher/providers/slack.ts +0 -282
- /package/src/{amazon → cli/commands/amazon}/cart.ts +0 -0
- /package/src/{amazon → cli/commands/amazon}/checkout.ts +0 -0
- /package/src/{amazon → cli/commands/amazon}/product-details.ts +0 -0
- /package/src/{amazon → cli/commands/amazon}/search.ts +0 -0
- /package/src/config/{calls-schema.ts → schemas/calls.ts} +0 -0
- /package/src/config/{elevenlabs-schema.ts → schemas/elevenlabs.ts} +0 -0
- /package/src/config/{mcp-schema.ts → schemas/mcp.ts} +0 -0
- /package/src/config/{notifications-schema.ts → schemas/notifications.ts} +0 -0
- /package/src/config/{sandbox-schema.ts → schemas/sandbox.ts} +0 -0
- /package/src/config/{skills-schema.ts → schemas/skills.ts} +0 -0
- /package/src/daemon/{ipc-contract → message-types}/browser.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/contacts.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/documents.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/guardian-actions.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/inbox.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/messages.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/pairing.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/schedules.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/settings.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/skills.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/subagents.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/trust.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/work-items.ts +0 -0
- /package/src/{cli/email-guardrails.ts → email/guardrails.ts} +0 -0
- /package/src/{config → prompts}/__tests__/build-cli-reference-section.test.ts +0 -0
- /package/src/{config → prompts}/templates/IDENTITY.md +0 -0
- /package/src/{config → prompts}/templates/SOUL.md +0 -0
- /package/src/{config → prompts}/templates/UPDATES.md +0 -0
- /package/src/{config → prompts}/templates/USER.md +0 -0
- /package/src/{config → prompts}/update-bulletin-format.ts +0 -0
- /package/src/{config → prompts}/update-bulletin-state.ts +0 -0
- /package/src/{config → prompts}/update-bulletin-template-path.ts +0 -0
- /package/src/{config → prompts}/update-bulletin.ts +0 -0
- /package/src/{config → prompts}/user-reference.ts +0 -0
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
|
|
9
9
|
import { randomUUID } from "node:crypto";
|
|
10
10
|
|
|
11
|
-
import type { ServerMessage } from "../daemon/
|
|
11
|
+
import type { ServerMessage } from "../daemon/message-protocol.js";
|
|
12
12
|
|
|
13
13
|
// ── Types ─────────────────────────────────────────────────────────────────────
|
|
14
14
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { describe, expect, test } from "bun:test";
|
|
2
2
|
|
|
3
|
-
import { buildIpcAuthContext } from "../../../daemon/ipc-handler.js";
|
|
4
3
|
import { DAEMON_INTERNAL_ASSISTANT_ID } from "../../assistant-scope.js";
|
|
4
|
+
import { buildIpcAuthContext } from "../../local-actor-identity.js";
|
|
5
5
|
import { CURRENT_POLICY_EPOCH } from "../policy.js";
|
|
6
6
|
import { resolveScopeProfile } from "../scopes.js";
|
|
7
7
|
|
|
@@ -54,13 +54,14 @@ describe("resolveScopeProfile", () => {
|
|
|
54
54
|
|
|
55
55
|
test("gateway_service_v1 includes chat, settings, attachments, and internal scopes", () => {
|
|
56
56
|
const scopes = resolveScopeProfile("gateway_service_v1");
|
|
57
|
+
expect(scopes.has("chat.read")).toBe(true);
|
|
57
58
|
expect(scopes.has("chat.write")).toBe(true);
|
|
58
59
|
expect(scopes.has("settings.read")).toBe(true);
|
|
59
60
|
expect(scopes.has("settings.write")).toBe(true);
|
|
60
61
|
expect(scopes.has("attachments.read")).toBe(true);
|
|
61
62
|
expect(scopes.has("attachments.write")).toBe(true);
|
|
62
63
|
expect(scopes.has("internal.write")).toBe(true);
|
|
63
|
-
expect(scopes.size).toBe(
|
|
64
|
+
expect(scopes.size).toBe(7);
|
|
64
65
|
});
|
|
65
66
|
|
|
66
67
|
test("ipc_v1 includes only ipc.all", () => {
|
|
@@ -43,6 +43,38 @@ describe("parseSub", () => {
|
|
|
43
43
|
}
|
|
44
44
|
});
|
|
45
45
|
|
|
46
|
+
// -------------------------------------------------------------------------
|
|
47
|
+
// svc:daemon pattern
|
|
48
|
+
// -------------------------------------------------------------------------
|
|
49
|
+
|
|
50
|
+
test("parses svc:daemon:<identifier>", () => {
|
|
51
|
+
const result = parseSub("svc:daemon:self");
|
|
52
|
+
expect(result.ok).toBe(true);
|
|
53
|
+
if (result.ok) {
|
|
54
|
+
expect(result.principalType).toBe("svc_daemon");
|
|
55
|
+
expect(result.assistantId).toBe("self");
|
|
56
|
+
expect(result.actorPrincipalId).toBeUndefined();
|
|
57
|
+
expect(result.sessionId).toBeUndefined();
|
|
58
|
+
}
|
|
59
|
+
});
|
|
60
|
+
|
|
61
|
+
test("parses svc:daemon with non-self identifier", () => {
|
|
62
|
+
const result = parseSub("svc:daemon:pairing");
|
|
63
|
+
expect(result.ok).toBe(true);
|
|
64
|
+
if (result.ok) {
|
|
65
|
+
expect(result.principalType).toBe("svc_daemon");
|
|
66
|
+
expect(result.assistantId).toBe("pairing");
|
|
67
|
+
}
|
|
68
|
+
});
|
|
69
|
+
|
|
70
|
+
test("fails on svc:daemon with empty identifier", () => {
|
|
71
|
+
const result = parseSub("svc:daemon:");
|
|
72
|
+
expect(result.ok).toBe(false);
|
|
73
|
+
if (!result.ok) {
|
|
74
|
+
expect(result.reason).toContain("empty");
|
|
75
|
+
}
|
|
76
|
+
});
|
|
77
|
+
|
|
46
78
|
// -------------------------------------------------------------------------
|
|
47
79
|
// ipc pattern
|
|
48
80
|
// -------------------------------------------------------------------------
|
|
@@ -127,8 +127,15 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
|
|
|
127
127
|
{ endpoint: "messages:GET", scopes: ["chat.read"] },
|
|
128
128
|
{ endpoint: "messages:POST", scopes: ["chat.write"] },
|
|
129
129
|
{ endpoint: "conversations", scopes: ["chat.read"] },
|
|
130
|
+
{ endpoint: "conversations:DELETE", scopes: ["chat.write"] },
|
|
131
|
+
{ endpoint: "conversations/switch", scopes: ["chat.write"] },
|
|
132
|
+
{ endpoint: "conversations/name", scopes: ["chat.write"] },
|
|
133
|
+
{ endpoint: "conversations/cancel", scopes: ["chat.write"] },
|
|
134
|
+
{ endpoint: "conversations/undo", scopes: ["chat.write"] },
|
|
135
|
+
{ endpoint: "conversations/regenerate", scopes: ["chat.write"] },
|
|
130
136
|
{ endpoint: "conversations/attention", scopes: ["chat.read"] },
|
|
131
137
|
{ endpoint: "conversations/seen", scopes: ["chat.write"] },
|
|
138
|
+
{ endpoint: "conversations/unread", scopes: ["chat.write"] },
|
|
132
139
|
{ endpoint: "search", scopes: ["chat.read"] },
|
|
133
140
|
{ endpoint: "search/global", scopes: ["chat.read"] },
|
|
134
141
|
{ endpoint: "suggestion", scopes: ["chat.read"] },
|
|
@@ -163,7 +170,6 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
|
|
|
163
170
|
{ endpoint: "identity", scopes: ["settings.read"] },
|
|
164
171
|
{ endpoint: "brain-graph", scopes: ["settings.read"] },
|
|
165
172
|
{ endpoint: "brain-graph-ui", scopes: ["settings.read"] },
|
|
166
|
-
{ endpoint: "home-base-ui", scopes: ["settings.read"] },
|
|
167
173
|
{ endpoint: "contacts", scopes: ["settings.read"] },
|
|
168
174
|
{ endpoint: "contacts:POST", scopes: ["settings.write"] },
|
|
169
175
|
{ endpoint: "contacts:DELETE", scopes: ["settings.write"] },
|
|
@@ -191,19 +197,21 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
|
|
|
191
197
|
endpoint: "integrations/slack/channel/config:DELETE",
|
|
192
198
|
scopes: ["settings.write"],
|
|
193
199
|
},
|
|
194
|
-
{ endpoint: "
|
|
195
|
-
{ endpoint: "integrations/guardian/status", scopes: ["settings.read"] },
|
|
196
|
-
{ endpoint: "integrations/guardian/revoke", scopes: ["settings.write"] },
|
|
200
|
+
{ endpoint: "channel-verification-sessions", scopes: ["settings.write"] },
|
|
197
201
|
{
|
|
198
|
-
endpoint: "
|
|
202
|
+
endpoint: "channel-verification-sessions:DELETE",
|
|
199
203
|
scopes: ["settings.write"],
|
|
200
204
|
},
|
|
201
205
|
{
|
|
202
|
-
endpoint: "
|
|
206
|
+
endpoint: "channel-verification-sessions/resend",
|
|
203
207
|
scopes: ["settings.write"],
|
|
204
208
|
},
|
|
205
209
|
{
|
|
206
|
-
endpoint: "
|
|
210
|
+
endpoint: "channel-verification-sessions/status",
|
|
211
|
+
scopes: ["settings.read"],
|
|
212
|
+
},
|
|
213
|
+
{
|
|
214
|
+
endpoint: "channel-verification-sessions/revoke",
|
|
207
215
|
scopes: ["settings.write"],
|
|
208
216
|
},
|
|
209
217
|
{ endpoint: "integrations/twilio/config", scopes: ["settings.read"] },
|
|
@@ -228,22 +236,6 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
|
|
|
228
236
|
endpoint: "integrations/twilio/numbers/release",
|
|
229
237
|
scopes: ["settings.write"],
|
|
230
238
|
},
|
|
231
|
-
{ endpoint: "integrations/twilio/sms/compliance", scopes: ["settings.read"] },
|
|
232
|
-
{
|
|
233
|
-
endpoint: "integrations/twilio/sms/compliance/tollfree",
|
|
234
|
-
scopes: ["settings.write"],
|
|
235
|
-
},
|
|
236
|
-
{
|
|
237
|
-
endpoint: "integrations/twilio/sms/compliance/tollfree:PATCH",
|
|
238
|
-
scopes: ["settings.write"],
|
|
239
|
-
},
|
|
240
|
-
{
|
|
241
|
-
endpoint: "integrations/twilio/sms/compliance/tollfree:DELETE",
|
|
242
|
-
scopes: ["settings.write"],
|
|
243
|
-
},
|
|
244
|
-
{ endpoint: "integrations/twilio/sms/test", scopes: ["settings.write"] },
|
|
245
|
-
{ endpoint: "integrations/twilio/sms/doctor", scopes: ["settings.write"] },
|
|
246
|
-
|
|
247
239
|
// Slack share
|
|
248
240
|
{ endpoint: "slack/channels", scopes: ["settings.read"] },
|
|
249
241
|
{ endpoint: "slack/share", scopes: ["settings.write"] },
|
|
@@ -262,12 +254,33 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
|
|
|
262
254
|
// Pairing (authenticated)
|
|
263
255
|
{ endpoint: "pairing/register", scopes: ["settings.write"] },
|
|
264
256
|
|
|
265
|
-
// Apps
|
|
257
|
+
// Apps (existing share/shared routes)
|
|
266
258
|
{ endpoint: "apps/share", scopes: ["settings.write"] },
|
|
267
259
|
{ endpoint: "apps/shared:GET", scopes: ["settings.read"] },
|
|
268
260
|
{ endpoint: "apps/shared:DELETE", scopes: ["settings.write"] },
|
|
269
261
|
{ endpoint: "apps/shared/metadata", scopes: ["settings.read"] },
|
|
270
262
|
|
|
263
|
+
// Apps management (CRUD, bundling, sharing, versioning)
|
|
264
|
+
{ endpoint: "apps", scopes: ["settings.read"] },
|
|
265
|
+
{ endpoint: "apps/data:GET", scopes: ["settings.read"] },
|
|
266
|
+
{ endpoint: "apps/data:POST", scopes: ["settings.write"] },
|
|
267
|
+
{ endpoint: "apps/open", scopes: ["settings.write"] },
|
|
268
|
+
{ endpoint: "apps/delete", scopes: ["settings.write"] },
|
|
269
|
+
{ endpoint: "apps/preview:GET", scopes: ["settings.read"] },
|
|
270
|
+
{ endpoint: "apps/preview:PUT", scopes: ["settings.write"] },
|
|
271
|
+
{ endpoint: "apps/history", scopes: ["settings.read"] },
|
|
272
|
+
{ endpoint: "apps/diff", scopes: ["settings.read"] },
|
|
273
|
+
{ endpoint: "apps/restore", scopes: ["settings.write"] },
|
|
274
|
+
{ endpoint: "apps/bundle", scopes: ["settings.write"] },
|
|
275
|
+
{ endpoint: "apps/open-bundle", scopes: ["settings.write"] },
|
|
276
|
+
{ endpoint: "apps/shared-list", scopes: ["settings.read"] },
|
|
277
|
+
{ endpoint: "apps/fork", scopes: ["settings.write"] },
|
|
278
|
+
{ endpoint: "apps/share-cloud", scopes: ["settings.write"] },
|
|
279
|
+
{ endpoint: "apps/gallery", scopes: ["settings.read"] },
|
|
280
|
+
{ endpoint: "apps/gallery/install", scopes: ["settings.write"] },
|
|
281
|
+
{ endpoint: "apps/sign-bundle", scopes: ["settings.write"] },
|
|
282
|
+
{ endpoint: "apps/signing-identity", scopes: ["settings.read"] },
|
|
283
|
+
|
|
271
284
|
// Usage / cost telemetry
|
|
272
285
|
{ endpoint: "usage/totals", scopes: ["settings.read"] },
|
|
273
286
|
{ endpoint: "usage/daily", scopes: ["settings.read"] },
|
|
@@ -276,6 +289,49 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
|
|
|
276
289
|
// Debug
|
|
277
290
|
{ endpoint: "debug", scopes: ["settings.read"] },
|
|
278
291
|
|
|
292
|
+
// Workspace file browsing
|
|
293
|
+
{ endpoint: "workspace/tree", scopes: ["settings.read"] },
|
|
294
|
+
{ endpoint: "workspace/file", scopes: ["settings.read"] },
|
|
295
|
+
{ endpoint: "workspace/file/content", scopes: ["settings.read"] },
|
|
296
|
+
{ endpoint: "workspace/write", scopes: ["settings.write"] },
|
|
297
|
+
{ endpoint: "workspace/mkdir", scopes: ["settings.write"] },
|
|
298
|
+
{ endpoint: "workspace/rename", scopes: ["settings.write"] },
|
|
299
|
+
{ endpoint: "workspace/delete", scopes: ["settings.write"] },
|
|
300
|
+
|
|
301
|
+
// Documents
|
|
302
|
+
{ endpoint: "documents:GET", scopes: ["settings.read"] },
|
|
303
|
+
{ endpoint: "documents:POST", scopes: ["settings.write"] },
|
|
304
|
+
|
|
305
|
+
// Work items
|
|
306
|
+
{ endpoint: "work-items:GET", scopes: ["settings.read"] },
|
|
307
|
+
{ endpoint: "work-items:PATCH", scopes: ["settings.write"] },
|
|
308
|
+
{ endpoint: "work-items:DELETE", scopes: ["settings.write"] },
|
|
309
|
+
{ endpoint: "work-items/complete", scopes: ["settings.write"] },
|
|
310
|
+
{ endpoint: "work-items/cancel", scopes: ["settings.write"] },
|
|
311
|
+
{ endpoint: "work-items/approve-permissions", scopes: ["approval.write"] },
|
|
312
|
+
{ endpoint: "work-items/preflight", scopes: ["settings.read"] },
|
|
313
|
+
{ endpoint: "work-items/run", scopes: ["settings.write"] },
|
|
314
|
+
{ endpoint: "work-items/output", scopes: ["settings.read"] },
|
|
315
|
+
|
|
316
|
+
// Subagents
|
|
317
|
+
{ endpoint: "subagents:GET", scopes: ["chat.read"] },
|
|
318
|
+
{ endpoint: "subagents/abort", scopes: ["chat.write"] },
|
|
319
|
+
{ endpoint: "subagents/message", scopes: ["chat.write"] },
|
|
320
|
+
|
|
321
|
+
// Model config
|
|
322
|
+
{ endpoint: "model:GET", scopes: ["settings.read"] },
|
|
323
|
+
{ endpoint: "model:PUT", scopes: ["settings.write"] },
|
|
324
|
+
{ endpoint: "model/image-gen", scopes: ["settings.write"] },
|
|
325
|
+
|
|
326
|
+
// Conversation search
|
|
327
|
+
{ endpoint: "conversations/search", scopes: ["chat.read"] },
|
|
328
|
+
|
|
329
|
+
// Message content
|
|
330
|
+
{ endpoint: "messages/content", scopes: ["chat.read"] },
|
|
331
|
+
|
|
332
|
+
// Queued message deletion
|
|
333
|
+
{ endpoint: "messages/queued", scopes: ["chat.write"] },
|
|
334
|
+
|
|
279
335
|
// Browser relay
|
|
280
336
|
{ endpoint: "browser-relay/status", scopes: ["settings.read"] },
|
|
281
337
|
{ endpoint: "browser-relay/command", scopes: ["settings.write"] },
|
|
@@ -283,14 +339,39 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
|
|
|
283
339
|
// Interfaces
|
|
284
340
|
{ endpoint: "interfaces", scopes: ["settings.read"] },
|
|
285
341
|
|
|
342
|
+
// Skills
|
|
343
|
+
{ endpoint: "skills:GET", scopes: ["settings.read"] },
|
|
344
|
+
{ endpoint: "skills:POST", scopes: ["settings.write"] },
|
|
345
|
+
{ endpoint: "skills:DELETE", scopes: ["settings.write"] },
|
|
346
|
+
{ endpoint: "skills:PATCH", scopes: ["settings.write"] },
|
|
347
|
+
|
|
286
348
|
// Trust rule CRUD management
|
|
287
349
|
{ endpoint: "trust-rules/manage:GET", scopes: ["settings.read"] },
|
|
288
350
|
{ endpoint: "trust-rules/manage:POST", scopes: ["settings.write"] },
|
|
289
351
|
{ endpoint: "trust-rules/manage:DELETE", scopes: ["settings.write"] },
|
|
290
352
|
{ endpoint: "trust-rules/manage:PATCH", scopes: ["settings.write"] },
|
|
291
353
|
|
|
354
|
+
// Computer use
|
|
355
|
+
{ endpoint: "computer-use/sessions", scopes: ["chat.write"] },
|
|
356
|
+
{ endpoint: "computer-use/sessions/abort", scopes: ["chat.write"] },
|
|
357
|
+
{ endpoint: "computer-use/observations", scopes: ["chat.write"] },
|
|
358
|
+
{ endpoint: "computer-use/tasks", scopes: ["chat.write"] },
|
|
359
|
+
{ endpoint: "computer-use/ride-shotgun/start", scopes: ["chat.write"] },
|
|
360
|
+
{ endpoint: "computer-use/ride-shotgun/stop", scopes: ["chat.write"] },
|
|
361
|
+
{ endpoint: "computer-use/ride-shotgun/status", scopes: ["chat.write"] },
|
|
362
|
+
{ endpoint: "computer-use/watch", scopes: ["chat.write"] },
|
|
363
|
+
|
|
364
|
+
// Recordings
|
|
365
|
+
{ endpoint: "recordings/start", scopes: ["settings.write"] },
|
|
366
|
+
{ endpoint: "recordings/stop", scopes: ["settings.write"] },
|
|
367
|
+
{ endpoint: "recordings/pause", scopes: ["settings.write"] },
|
|
368
|
+
{ endpoint: "recordings/resume", scopes: ["settings.write"] },
|
|
369
|
+
{ endpoint: "recordings/status", scopes: ["settings.read"] },
|
|
370
|
+
{ endpoint: "recordings/status:POST", scopes: ["settings.write"] },
|
|
371
|
+
|
|
292
372
|
// Surface actions
|
|
293
373
|
{ endpoint: "surface-actions", scopes: ["chat.write"] },
|
|
374
|
+
{ endpoint: "surfaces/undo", scopes: ["chat.write"] },
|
|
294
375
|
|
|
295
376
|
// Conversation deletion (channel-facing)
|
|
296
377
|
{ endpoint: "channels/conversation:DELETE", scopes: ["chat.write"] },
|
|
@@ -303,12 +384,43 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
|
|
|
303
384
|
{ endpoint: "migrations/export", scopes: ["settings.write"] },
|
|
304
385
|
{ endpoint: "migrations/import-preflight", scopes: ["settings.write"] },
|
|
305
386
|
{ endpoint: "migrations/import", scopes: ["settings.write"] },
|
|
387
|
+
|
|
388
|
+
// Settings (voice, avatar, client settings)
|
|
389
|
+
{ endpoint: "settings/voice", scopes: ["settings.write"] },
|
|
390
|
+
{ endpoint: "settings/avatar/generate", scopes: ["settings.write"] },
|
|
391
|
+
{ endpoint: "settings/client", scopes: ["settings.write"] },
|
|
392
|
+
|
|
393
|
+
// Schedules
|
|
394
|
+
{ endpoint: "schedules", scopes: ["settings.read"] },
|
|
395
|
+
{ endpoint: "schedules:DELETE", scopes: ["settings.write"] },
|
|
396
|
+
{ endpoint: "schedules/toggle", scopes: ["settings.write"] },
|
|
397
|
+
{ endpoint: "schedules/run", scopes: ["settings.write"] },
|
|
398
|
+
|
|
399
|
+
// Diagnostics
|
|
400
|
+
{ endpoint: "diagnostics/export", scopes: ["settings.read"] },
|
|
401
|
+
{ endpoint: "diagnostics/env-vars", scopes: ["settings.read"] },
|
|
402
|
+
|
|
403
|
+
// Dictation
|
|
404
|
+
{ endpoint: "dictation", scopes: ["chat.write"] },
|
|
405
|
+
|
|
406
|
+
// OAuth / integrations
|
|
407
|
+
{ endpoint: "integrations/oauth/start", scopes: ["settings.write"] },
|
|
408
|
+
{ endpoint: "integrations/twitter/auth/start", scopes: ["settings.write"] },
|
|
409
|
+
{ endpoint: "integrations/twitter/auth/status", scopes: ["settings.read"] },
|
|
410
|
+
|
|
411
|
+
// Workspace files (IPC-migrated)
|
|
412
|
+
{ endpoint: "workspace-files", scopes: ["settings.read"] },
|
|
413
|
+
{ endpoint: "workspace-files/read", scopes: ["settings.read"] },
|
|
414
|
+
|
|
415
|
+
// Tools
|
|
416
|
+
{ endpoint: "tools", scopes: ["settings.read"] },
|
|
417
|
+
{ endpoint: "tools/simulate-permission", scopes: ["settings.read"] },
|
|
306
418
|
];
|
|
307
419
|
|
|
308
420
|
for (const { endpoint, scopes } of ACTOR_ENDPOINTS) {
|
|
309
421
|
registerPolicy(endpoint, {
|
|
310
422
|
requiredScopes: scopes,
|
|
311
|
-
allowedPrincipalTypes: ["actor", "svc_gateway", "ipc"],
|
|
423
|
+
allowedPrincipalTypes: ["actor", "svc_gateway", "svc_daemon", "ipc"],
|
|
312
424
|
});
|
|
313
425
|
}
|
|
314
426
|
|
|
@@ -29,6 +29,7 @@ const PROFILE_SCOPES: Record<ScopeProfile, ReadonlySet<Scope>> = {
|
|
|
29
29
|
]),
|
|
30
30
|
gateway_ingress_v1: new Set<Scope>(["ingress.write", "internal.write"]),
|
|
31
31
|
gateway_service_v1: new Set<Scope>([
|
|
32
|
+
"chat.read",
|
|
32
33
|
"chat.write",
|
|
33
34
|
"settings.read",
|
|
34
35
|
"settings.write",
|
|
@@ -31,6 +31,7 @@ export type ParseSubResult =
|
|
|
31
31
|
* Supported patterns:
|
|
32
32
|
* actor:<assistantId>:<actorPrincipalId>
|
|
33
33
|
* svc:gateway:<assistantId>
|
|
34
|
+
* svc:daemon:<identifier>
|
|
34
35
|
* ipc:<assistantId>:<sessionId>
|
|
35
36
|
*/
|
|
36
37
|
export function parseSub(sub: string): ParseSubResult {
|
|
@@ -59,6 +60,14 @@ export function parseSub(sub: string): ParseSubResult {
|
|
|
59
60
|
return { ok: true, principalType: "svc_gateway", assistantId };
|
|
60
61
|
}
|
|
61
62
|
|
|
63
|
+
if (parts[0] === "svc" && parts[1] === "daemon" && parts.length === 3) {
|
|
64
|
+
const identifier = parts[2];
|
|
65
|
+
if (!identifier) {
|
|
66
|
+
return { ok: false, reason: "svc:daemon sub has empty identifier" };
|
|
67
|
+
}
|
|
68
|
+
return { ok: true, principalType: "svc_daemon", assistantId: identifier };
|
|
69
|
+
}
|
|
70
|
+
|
|
62
71
|
if (parts[0] === "ipc" && parts.length === 3) {
|
|
63
72
|
const [, assistantId, sessionId] = parts;
|
|
64
73
|
if (!assistantId || !sessionId) {
|
|
@@ -111,6 +111,17 @@ export function isSigningKeyInitialized(): boolean {
|
|
|
111
111
|
return _authSigningKey !== undefined;
|
|
112
112
|
}
|
|
113
113
|
|
|
114
|
+
/**
|
|
115
|
+
* Returns a short hex fingerprint of the current signing key.
|
|
116
|
+
* Used by daemon_status to let clients detect instance switches.
|
|
117
|
+
*/
|
|
118
|
+
export function getSigningKeyFingerprint(): string {
|
|
119
|
+
return createHash("sha256")
|
|
120
|
+
.update(getSigningKey())
|
|
121
|
+
.digest("hex")
|
|
122
|
+
.slice(0, 16);
|
|
123
|
+
}
|
|
124
|
+
|
|
114
125
|
// ---------------------------------------------------------------------------
|
|
115
126
|
// Base64url helpers
|
|
116
127
|
// ---------------------------------------------------------------------------
|
|
@@ -298,7 +309,7 @@ export function mintEdgeRelayToken(): string {
|
|
|
298
309
|
|
|
299
310
|
/**
|
|
300
311
|
* Mint a long-lived JWT for embedding in browser-served UI pages
|
|
301
|
-
* (brain-graph
|
|
312
|
+
* (brain-graph).
|
|
302
313
|
*
|
|
303
314
|
* These pages make API calls that route through the gateway, which validates
|
|
304
315
|
* tokens with validateEdgeToken() expecting aud=vellum-gateway. A 1-hour TTL
|
|
@@ -41,7 +41,7 @@ export type Scope =
|
|
|
41
41
|
// Principal types — derived from the sub pattern
|
|
42
42
|
// ---------------------------------------------------------------------------
|
|
43
43
|
|
|
44
|
-
export type PrincipalType = "actor" | "svc_gateway" | "ipc";
|
|
44
|
+
export type PrincipalType = "actor" | "svc_gateway" | "svc_daemon" | "ipc";
|
|
45
45
|
|
|
46
46
|
// ---------------------------------------------------------------------------
|
|
47
47
|
// Token audience — which service the JWT is intended for
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Channel-agnostic approval flow types.
|
|
3
3
|
*
|
|
4
4
|
* These types model the approval prompt/decision lifecycle for tool-use
|
|
5
|
-
* confirmations surfaced through external channels (Telegram,
|
|
5
|
+
* confirmations surfaced through external channels (Telegram, Slack, etc.).
|
|
6
6
|
* They are intentionally decoupled from any specific channel so that the
|
|
7
7
|
* same approval flow can be reused across transports.
|
|
8
8
|
*/
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Channel-agnostic approval orchestration module.
|
|
3
3
|
*
|
|
4
|
-
* Bridges the gap between external channel adapters (Telegram,
|
|
4
|
+
* Bridges the gap between external channel adapters (Telegram, Slack, etc.)
|
|
5
5
|
* and the pending-interactions tracker / permission system:
|
|
6
6
|
*
|
|
7
7
|
* 1. Detect pending confirmations for a conversation
|
|
@@ -133,7 +133,6 @@ export async function resolveAdapterHandle(
|
|
|
133
133
|
|
|
134
134
|
import { emailInviteAdapter } from "./channel-invite-transports/email.js";
|
|
135
135
|
import { slackInviteAdapter } from "./channel-invite-transports/slack.js";
|
|
136
|
-
import { smsInviteAdapter } from "./channel-invite-transports/sms.js";
|
|
137
136
|
import { telegramInviteAdapter } from "./channel-invite-transports/telegram.js";
|
|
138
137
|
import { voiceInviteAdapter } from "./channel-invite-transports/voice.js";
|
|
139
138
|
import { whatsappInviteAdapter } from "./channel-invite-transports/whatsapp.js";
|
|
@@ -143,7 +142,6 @@ export function createInviteAdapterRegistry(): InviteAdapterRegistry {
|
|
|
143
142
|
const registry = new InviteAdapterRegistry();
|
|
144
143
|
registry.register(emailInviteAdapter);
|
|
145
144
|
registry.register(slackInviteAdapter);
|
|
146
|
-
registry.register(smsInviteAdapter);
|
|
147
145
|
registry.register(telegramInviteAdapter);
|
|
148
146
|
registry.register(voiceInviteAdapter);
|
|
149
147
|
registry.register(whatsappInviteAdapter);
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
*/
|
|
9
9
|
|
|
10
10
|
import type { ChannelId } from "../../channels/types.js";
|
|
11
|
-
import {
|
|
11
|
+
import { getConfig } from "../../config/loader.js";
|
|
12
12
|
import type { ChannelInviteAdapter } from "../channel-invite-transport.js";
|
|
13
13
|
|
|
14
14
|
// ---------------------------------------------------------------------------
|
|
@@ -21,26 +21,12 @@ interface SlackBotInfo {
|
|
|
21
21
|
}
|
|
22
22
|
|
|
23
23
|
/**
|
|
24
|
-
* Resolve the Slack bot username and team name from
|
|
25
|
-
* Mirrors the metadata parsing pattern in `config-slack-channel.ts`.
|
|
24
|
+
* Resolve the Slack bot username and team name from config.
|
|
26
25
|
*/
|
|
27
26
|
function resolveSlackBotInfo(): SlackBotInfo | undefined {
|
|
28
|
-
const
|
|
29
|
-
if (!
|
|
30
|
-
|
|
31
|
-
try {
|
|
32
|
-
const parsed = JSON.parse(meta.accountInfo) as {
|
|
33
|
-
botUsername?: string;
|
|
34
|
-
teamName?: string;
|
|
35
|
-
};
|
|
36
|
-
if (!parsed.botUsername) return undefined;
|
|
37
|
-
return {
|
|
38
|
-
botUsername: parsed.botUsername,
|
|
39
|
-
teamName: parsed.teamName,
|
|
40
|
-
};
|
|
41
|
-
} catch {
|
|
42
|
-
return undefined;
|
|
43
|
-
}
|
|
27
|
+
const { botUsername, teamName } = getConfig().slack;
|
|
28
|
+
if (!botUsername) return undefined;
|
|
29
|
+
return { botUsername, teamName: teamName || undefined };
|
|
44
30
|
}
|
|
45
31
|
|
|
46
32
|
// ---------------------------------------------------------------------------
|
|
@@ -10,11 +10,14 @@
|
|
|
10
10
|
*/
|
|
11
11
|
|
|
12
12
|
import type { ChannelId } from "../../channels/types.js";
|
|
13
|
-
import { getSecureKey } from "../../security/secure-keys.js";
|
|
14
13
|
import {
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
14
|
+
invalidateConfigCache,
|
|
15
|
+
loadRawConfig,
|
|
16
|
+
saveRawConfig,
|
|
17
|
+
setNestedValue,
|
|
18
|
+
} from "../../config/loader.js";
|
|
19
|
+
import { getSecureKey } from "../../security/secure-keys.js";
|
|
20
|
+
import { getTelegramBotUsername } from "../../telegram/bot-username.js";
|
|
18
21
|
import { getLogger } from "../../util/logger.js";
|
|
19
22
|
import type {
|
|
20
23
|
ChannelInviteAdapter,
|
|
@@ -26,37 +29,15 @@ import type {
|
|
|
26
29
|
// ---------------------------------------------------------------------------
|
|
27
30
|
|
|
28
31
|
/**
|
|
29
|
-
*
|
|
30
|
-
*
|
|
31
|
-
* strategy used in `guardian-outbound-actions.ts`.
|
|
32
|
-
*/
|
|
33
|
-
function getTelegramBotUsername(): string | undefined {
|
|
34
|
-
const meta = getCredentialMetadata("telegram", "bot_token");
|
|
35
|
-
if (
|
|
36
|
-
meta?.accountInfo &&
|
|
37
|
-
typeof meta.accountInfo === "string" &&
|
|
38
|
-
meta.accountInfo.trim().length > 0
|
|
39
|
-
) {
|
|
40
|
-
return meta.accountInfo.trim();
|
|
41
|
-
}
|
|
42
|
-
return process.env.TELEGRAM_BOT_USERNAME || undefined;
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
/**
|
|
46
|
-
* Ensure the Telegram bot username is resolved and cached in credential
|
|
47
|
-
* metadata. When the bot token was configured via CLI `credential set`,
|
|
32
|
+
* Ensure the Telegram bot username is resolved and cached in config.
|
|
33
|
+
* When the bot token was configured via CLI `credential set`,
|
|
48
34
|
* `credential_store` tool, or ingress secret redirect, the `getMe` API
|
|
49
|
-
* call that populates
|
|
35
|
+
* call that populates the config is skipped — this function fills that
|
|
50
36
|
* gap so that invite share links can be generated.
|
|
51
37
|
*/
|
|
52
38
|
export async function ensureTelegramBotUsernameResolved(): Promise<void> {
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
meta?.accountInfo &&
|
|
56
|
-
typeof meta.accountInfo === "string" &&
|
|
57
|
-
meta.accountInfo.trim().length > 0
|
|
58
|
-
) {
|
|
59
|
-
return; // Username already cached
|
|
39
|
+
if (getTelegramBotUsername()) {
|
|
40
|
+
return; // Username already cached in config
|
|
60
41
|
}
|
|
61
42
|
|
|
62
43
|
const token = getSecureKey("credential:telegram:bot_token");
|
|
@@ -91,9 +72,11 @@ export async function ensureTelegramBotUsernameResolved(): Promise<void> {
|
|
|
91
72
|
);
|
|
92
73
|
return;
|
|
93
74
|
}
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
75
|
+
// Write to config
|
|
76
|
+
const raw = loadRawConfig();
|
|
77
|
+
setNestedValue(raw, "telegram.botUsername", username);
|
|
78
|
+
saveRawConfig(raw);
|
|
79
|
+
invalidateConfigCache();
|
|
97
80
|
} catch (err) {
|
|
98
81
|
getLogger("telegram-invite").warn(
|
|
99
82
|
{ err },
|
|
@@ -22,7 +22,7 @@ import type {
|
|
|
22
22
|
// ---------------------------------------------------------------------------
|
|
23
23
|
|
|
24
24
|
export const voiceInviteAdapter: ChannelInviteAdapter = {
|
|
25
|
-
channel: "
|
|
25
|
+
channel: "phone" as ChannelId,
|
|
26
26
|
|
|
27
27
|
buildShareLink(_params: {
|
|
28
28
|
rawToken: string;
|