@vellumai/assistant 0.4.43 → 0.4.45

package/src/runtime/assistant-event.ts

@@ -13,8 +13,8 @@ import type { ServerMessage } from "../daemon/message-protocol.js";
 // ── Types ─────────────────────────────────────────────────────────────────────
 
 /**
- * A single assistant event wrapping an IPC ServerMessage payload.
- * The `message` field is intentionally unchanged from the IPC form so that
+ * A single assistant event wrapping a ServerMessage payload.
+ * The `message` field preserves the original form so that
  * delta semantics (text deltas, tool input deltas, etc.) are preserved.
  */
 export interface AssistantEvent {
@@ -26,7 +26,7 @@ export interface AssistantEvent {
   sessionId?: string;
   /** ISO-8601 timestamp of when the event was emitted. */
   emittedAt: string;
-  /** Unchanged IPC outbound message payload. */
+  /** Outbound server message payload. */
   message: ServerMessage;
 }
 
@@ -36,7 +36,7 @@ export interface AssistantEvent {
  * Construct an `AssistantEvent` envelope around a `ServerMessage`.
  *
  * @param assistantId  The logical assistant identifier (e.g. from the daemon or HTTP route).
- * @param message      The unchanged IPC outbound message payload.
+ * @param message      The outbound server message payload.
  * @param sessionId    Optional conversation/session id — pass when known.
  */
 export function buildAssistantEvent(

package/src/runtime/auth/__tests__/context.test.ts

@@ -50,19 +50,19 @@ describe("buildAuthContext", () => {
     }
   });
 
-  test("builds context from valid ipc claims", () => {
+  test("builds context from valid local claims", () => {
     const result = buildAuthContext(
       validClaims({
-        sub: "ipc:self:session-123",
-        scope_profile: "ipc_v1",
+        sub: "local:self:session-123",
+        scope_profile: "local_v1",
       }),
     );
     expect(result.ok).toBe(true);
     if (result.ok) {
-      expect(result.context.principalType).toBe("ipc");
+      expect(result.context.principalType).toBe("local");
       expect(result.context.assistantId).toBe("self");
       expect(result.context.sessionId).toBe("session-123");
-      expect(result.context.scopes.has("ipc.all")).toBe(true);
+      expect(result.context.scopes.has("local.all")).toBe(true);
     }
   });
 

package/src/runtime/auth/__tests__/credential-service.test.ts

@@ -21,7 +21,6 @@ mock.module("../../../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getLogPath: () => join(testDir, "test.log"),
   ensureDataDir: () => {},

package/src/runtime/auth/__tests__/guard-tests.test.ts

@@ -289,6 +289,7 @@ describe("scope profile contract", () => {
     ],
     gateway_ingress_v1: ["ingress.write", "internal.write"],
     gateway_service_v1: [
+      "chat.read",
       "chat.write",
       "settings.read",
       "settings.write",
@@ -296,7 +297,7 @@ describe("scope profile contract", () => {
       "attachments.write",
       "internal.write",
     ],
-    ipc_v1: ["ipc.all"],
+    local_v1: ["local.all"],
     ui_page_v1: ["settings.read"],
   };
 
@@ -319,7 +320,7 @@ describe("scope profile contract", () => {
       "actor_client_v1",
       "gateway_ingress_v1",
       "gateway_service_v1",
-      "ipc_v1",
+      "local_v1",
       "ui_page_v1",
     ];
 

package/src/runtime/auth/__tests__/{ipc-auth-context.test.ts → local-auth-context.test.ts}

@@ -1,56 +1,56 @@
 import { describe, expect, test } from "bun:test";
 
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "../../assistant-scope.js";
-import { buildIpcAuthContext } from "../../local-actor-identity.js";
+import { buildLocalAuthContext } from "../../local-actor-identity.js";
 import { CURRENT_POLICY_EPOCH } from "../policy.js";
 import { resolveScopeProfile } from "../scopes.js";
 
-describe("buildIpcAuthContext", () => {
+describe("buildLocalAuthContext", () => {
   test("produces correct subject pattern", () => {
-    const ctx = buildIpcAuthContext("session-abc");
-    expect(ctx.subject).toBe("ipc:self:session-abc");
+    const ctx = buildLocalAuthContext("session-abc");
+    expect(ctx.subject).toBe("local:self:session-abc");
   });
 
-  test("sets principalType to ipc", () => {
-    const ctx = buildIpcAuthContext("session-abc");
-    expect(ctx.principalType).toBe("ipc");
+  test("sets principalType to local", () => {
+    const ctx = buildLocalAuthContext("session-abc");
+    expect(ctx.principalType).toBe("local");
   });
 
   test("uses DAEMON_INTERNAL_ASSISTANT_ID for assistantId", () => {
-    const ctx = buildIpcAuthContext("session-abc");
+    const ctx = buildLocalAuthContext("session-abc");
     expect(ctx.assistantId).toBe(DAEMON_INTERNAL_ASSISTANT_ID);
     expect(ctx.assistantId).toBe("self");
   });
 
   test("includes sessionId from argument", () => {
-    const ctx = buildIpcAuthContext("my-session-123");
+    const ctx = buildLocalAuthContext("my-session-123");
     expect(ctx.sessionId).toBe("my-session-123");
   });
 
-  test("uses ipc_v1 scope profile", () => {
-    const ctx = buildIpcAuthContext("session-abc");
-    expect(ctx.scopeProfile).toBe("ipc_v1");
+  test("uses local_v1 scope profile", () => {
+    const ctx = buildLocalAuthContext("session-abc");
+    expect(ctx.scopeProfile).toBe("local_v1");
   });
 
-  test("resolves scopes from ipc_v1 profile", () => {
-    const ctx = buildIpcAuthContext("session-abc");
-    const expectedScopes = resolveScopeProfile("ipc_v1");
+  test("resolves scopes from local_v1 profile", () => {
+    const ctx = buildLocalAuthContext("session-abc");
+    const expectedScopes = resolveScopeProfile("local_v1");
     expect(ctx.scopes).toBe(expectedScopes);
-    expect(ctx.scopes.has("ipc.all")).toBe(true);
+    expect(ctx.scopes.has("local.all")).toBe(true);
   });
 
   test("uses current policy epoch", () => {
-    const ctx = buildIpcAuthContext("session-abc");
+    const ctx = buildLocalAuthContext("session-abc");
     expect(ctx.policyEpoch).toBe(CURRENT_POLICY_EPOCH);
   });
 
   test("does not set actorPrincipalId", () => {
-    const ctx = buildIpcAuthContext("session-abc");
+    const ctx = buildLocalAuthContext("session-abc");
     expect(ctx.actorPrincipalId).toBeUndefined();
   });
 
   test("matches AuthContext shape from HTTP JWT-derived contexts", () => {
-    const ctx = buildIpcAuthContext("session-xyz");
+    const ctx = buildLocalAuthContext("session-xyz");
 
     // Verify all required AuthContext fields are present
     expect(typeof ctx.subject).toBe("string");
@@ -63,8 +63,8 @@ describe("buildIpcAuthContext", () => {
   });
 
   test("different session IDs produce different subjects", () => {
-    const ctx1 = buildIpcAuthContext("session-1");
-    const ctx2 = buildIpcAuthContext("session-2");
+    const ctx1 = buildLocalAuthContext("session-1");
+    const ctx2 = buildLocalAuthContext("session-2");
     expect(ctx1.subject).not.toBe(ctx2.subject);
     expect(ctx1.sessionId).not.toBe(ctx2.sessionId);
   });

package/src/runtime/auth/__tests__/route-policy.test.ts

@@ -129,13 +129,13 @@ describe("enforcePolicy", () => {
     expect(result!.status).toBe(403);
   });
 
-  test("standard actor endpoints allow actor, svc_gateway, and ipc", () => {
+  test("standard actor endpoints allow actor, svc_gateway, and local", () => {
     authDisabled = false;
     const policy = getPolicy("messages:POST");
     expect(policy).toBeDefined();
     expect(policy!.allowedPrincipalTypes).toContain("actor");
     expect(policy!.allowedPrincipalTypes).toContain("svc_gateway");
-    expect(policy!.allowedPrincipalTypes).toContain("ipc");
+    expect(policy!.allowedPrincipalTypes).toContain("local");
   });
 
   test("dev bypass allows all requests through regardless of policy", () => {

package/src/runtime/auth/__tests__/scopes.test.ts

@@ -42,7 +42,7 @@ describe("resolveScopeProfile", () => {
     const scopes = resolveScopeProfile("actor_client_v1");
     expect(scopes.has("ingress.write")).toBe(false);
     expect(scopes.has("internal.write")).toBe(false);
-    expect(scopes.has("ipc.all")).toBe(false);
+    expect(scopes.has("local.all")).toBe(false);
   });
 
   test("gateway_ingress_v1 includes ingress and internal scopes", () => {
@@ -54,18 +54,19 @@ describe("resolveScopeProfile", () => {
 
   test("gateway_service_v1 includes chat, settings, attachments, and internal scopes", () => {
     const scopes = resolveScopeProfile("gateway_service_v1");
+    expect(scopes.has("chat.read")).toBe(true);
     expect(scopes.has("chat.write")).toBe(true);
     expect(scopes.has("settings.read")).toBe(true);
     expect(scopes.has("settings.write")).toBe(true);
     expect(scopes.has("attachments.read")).toBe(true);
     expect(scopes.has("attachments.write")).toBe(true);
     expect(scopes.has("internal.write")).toBe(true);
-    expect(scopes.size).toBe(6);
+    expect(scopes.size).toBe(7);
   });
 
-  test("ipc_v1 includes only ipc.all", () => {
-    const scopes = resolveScopeProfile("ipc_v1");
-    expect(scopes.has("ipc.all")).toBe(true);
+  test("local_v1 includes only local.all", () => {
+    const scopes = resolveScopeProfile("local_v1");
+    expect(scopes.has("local.all")).toBe(true);
     expect(scopes.size).toBe(1);
   });
 });
@@ -81,9 +82,9 @@ describe("hasScope", () => {
     expect(hasScope(ctx, "ingress.write")).toBe(false);
   });
 
-  test("returns true for ipc.all on ipc_v1 profile", () => {
-    const ctx = makeCtx("ipc_v1");
-    expect(hasScope(ctx, "ipc.all")).toBe(true);
+  test("returns true for local.all on local_v1 profile", () => {
+    const ctx = makeCtx("local_v1");
+    expect(hasScope(ctx, "local.all")).toBe(true);
   });
 });
 

package/src/runtime/auth/__tests__/subject.test.ts

@@ -76,14 +76,14 @@ describe("parseSub", () => {
   });
 
   // -------------------------------------------------------------------------
-  // ipc pattern
+  // local pattern
   // -------------------------------------------------------------------------
 
-  test("parses ipc:<assistantId>:<sessionId>", () => {
-    const result = parseSub("ipc:self:session-xyz");
+  test("parses local:<assistantId>:<sessionId>", () => {
+    const result = parseSub("local:self:session-xyz");
     expect(result.ok).toBe(true);
     if (result.ok) {
-      expect(result.principalType).toBe("ipc");
+      expect(result.principalType).toBe("local");
       expect(result.assistantId).toBe("self");
       expect(result.sessionId).toBe("session-xyz");
       expect(result.actorPrincipalId).toBeUndefined();
@@ -158,16 +158,16 @@ describe("parseSub", () => {
     }
   });
 
-  test("fails on ipc with empty sessionId", () => {
-    const result = parseSub("ipc:self:");
+  test("fails on local with empty sessionId", () => {
+    const result = parseSub("local:self:");
     expect(result.ok).toBe(false);
     if (!result.ok) {
       expect(result.reason).toContain("empty");
     }
   });
 
-  test("fails on ipc with empty assistantId", () => {
-    const result = parseSub("ipc::session-abc");
+  test("fails on local with empty assistantId", () => {
+    const result = parseSub("local::session-abc");
     expect(result.ok).toBe(false);
     if (!result.ok) {
       expect(result.reason).toContain("empty");

package/src/runtime/auth/__tests__/token-service.test.ts

@@ -13,7 +13,6 @@ mock.module("../../../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getLogPath: () => join(testDir, "test.log"),
   ensureDataDir: () => {},

package/src/runtime/auth/route-policy.ts

@@ -126,6 +126,7 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   // Conversation / messaging
   { endpoint: "messages:GET", scopes: ["chat.read"] },
   { endpoint: "messages:POST", scopes: ["chat.write"] },
+  { endpoint: "btw", scopes: ["chat.write"] },
   { endpoint: "conversations", scopes: ["chat.read"] },
   { endpoint: "conversations:DELETE", scopes: ["chat.write"] },
   { endpoint: "conversations/switch", scopes: ["chat.write"] },
@@ -144,6 +145,7 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "confirm", scopes: ["approval.write"] },
   { endpoint: "secret", scopes: ["approval.write"] },
   { endpoint: "trust-rules", scopes: ["approval.write"] },
+  { endpoint: "host-bash-result", scopes: ["approval.write"] },
   { endpoint: "pending-interactions", scopes: ["approval.read"] },
 
   // Guardian actions
@@ -170,7 +172,6 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "identity", scopes: ["settings.read"] },
   { endpoint: "brain-graph", scopes: ["settings.read"] },
   { endpoint: "brain-graph-ui", scopes: ["settings.read"] },
-  { endpoint: "home-base-ui", scopes: ["settings.read"] },
   { endpoint: "contacts", scopes: ["settings.read"] },
   { endpoint: "contacts:POST", scopes: ["settings.write"] },
   { endpoint: "contacts:DELETE", scopes: ["settings.write"] },
@@ -380,6 +381,9 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   // Delivery ack
   { endpoint: "channels/delivery-ack", scopes: ["internal.write"] },
 
+  // MCP
+  { endpoint: "mcp/reload", scopes: ["settings.write"] },
+
   // Migrations
   { endpoint: "migrations/validate", scopes: ["settings.write"] },
   { endpoint: "migrations/export", scopes: ["settings.write"] },
@@ -396,6 +400,7 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "schedules:DELETE", scopes: ["settings.write"] },
   { endpoint: "schedules/toggle", scopes: ["settings.write"] },
   { endpoint: "schedules/run", scopes: ["settings.write"] },
+  { endpoint: "schedules/cancel", scopes: ["settings.write"] },
 
   // Diagnostics
   { endpoint: "diagnostics/export", scopes: ["settings.read"] },
@@ -406,13 +411,8 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
 
   // OAuth / integrations
   { endpoint: "integrations/oauth/start", scopes: ["settings.write"] },
-  { endpoint: "integrations/twitter/auth/start", scopes: ["settings.write"] },
-  { endpoint: "integrations/twitter/auth/status", scopes: ["settings.read"] },
-
-  // Home base
-  { endpoint: "home-base", scopes: ["settings.read"] },
 
-  // Workspace files (IPC-migrated)
+  // Workspace files
   { endpoint: "workspace-files", scopes: ["settings.read"] },
   { endpoint: "workspace-files/read", scopes: ["settings.read"] },
 
@@ -424,7 +424,7 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
 for (const { endpoint, scopes } of ACTOR_ENDPOINTS) {
   registerPolicy(endpoint, {
     requiredScopes: scopes,
-    allowedPrincipalTypes: ["actor", "svc_gateway", "svc_daemon", "ipc"],
+    allowedPrincipalTypes: ["actor", "svc_gateway", "svc_daemon", "local"],
   });
 }
 

package/src/runtime/auth/scopes.ts

@@ -29,6 +29,7 @@ const PROFILE_SCOPES: Record<ScopeProfile, ReadonlySet<Scope>> = {
   ]),
   gateway_ingress_v1: new Set<Scope>(["ingress.write", "internal.write"]),
   gateway_service_v1: new Set<Scope>([
+    "chat.read",
     "chat.write",
     "settings.read",
     "settings.write",
@@ -36,7 +37,7 @@ const PROFILE_SCOPES: Record<ScopeProfile, ReadonlySet<Scope>> = {
     "attachments.write",
     "internal.write",
   ]),
-  ipc_v1: new Set<Scope>(["ipc.all"]),
+  local_v1: new Set<Scope>(["local.all"]),
   ui_page_v1: new Set<Scope>(["settings.read"]),
 };
 

package/src/runtime/auth/subject.ts

@@ -32,7 +32,7 @@ export type ParseSubResult =
  *   actor:<assistantId>:<actorPrincipalId>
  *   svc:gateway:<assistantId>
  *   svc:daemon:<identifier>
- *   ipc:<assistantId>:<sessionId>
+ *   local:<assistantId>:<sessionId>
  */
 export function parseSub(sub: string): ParseSubResult {
   if (!sub || typeof sub !== "string") {
@@ -68,15 +68,15 @@ export function parseSub(sub: string): ParseSubResult {
     return { ok: true, principalType: "svc_daemon", assistantId: identifier };
   }
 
-  if (parts[0] === "ipc" && parts.length === 3) {
+  if (parts[0] === "local" && parts.length === 3) {
     const [, assistantId, sessionId] = parts;
     if (!assistantId || !sessionId) {
       return {
         ok: false,
-        reason: "ipc sub has empty assistantId or sessionId",
+        reason: "local sub has empty assistantId or sessionId",
       };
     }
-    return { ok: true, principalType: "ipc", assistantId, sessionId };
+    return { ok: true, principalType: "local", assistantId, sessionId };
   }
 
   return { ok: false, reason: `unrecognized sub pattern: ${sub}` };

package/src/runtime/auth/token-service.ts

@@ -309,7 +309,7 @@ export function mintEdgeRelayToken(): string {
 
 /**
  * Mint a long-lived JWT for embedding in browser-served UI pages
- * (brain-graph, home-base).
+ * (brain-graph).
  *
  * These pages make API calls that route through the gateway, which validates
  * tokens with validateEdgeToken() expecting aud=vellum-gateway. A 1-hour TTL
@@ -329,29 +329,6 @@ export function mintUiPageToken(): string {
   });
 }
 
-// ---------------------------------------------------------------------------
-// CLI edge token
-// ---------------------------------------------------------------------------
-
-/**
- * Mint a long-lived JWT for the CLI to authenticate with the gateway.
- *
- * Written to ~/.vellum/http-token at daemon startup so the CLI can read it
- * and pass it as a Bearer token. Regenerated on each daemon restart. A 30-day
- * TTL avoids expiry between restarts while keeping the window bounded.
- *
- * Uses aud=vellum-gateway so the gateway's edge-auth middleware accepts it.
- */
-export function mintCliEdgeToken(): string {
-  return mintToken({
-    aud: "vellum-gateway",
-    sub: "svc:daemon:self",
-    scope_profile: "gateway_service_v1",
-    policy_epoch: CURRENT_POLICY_EPOCH,
-    ttlSeconds: 86400 * 30,
-  });
-}
-
 // ---------------------------------------------------------------------------
 // Pairing bearer token
 // ---------------------------------------------------------------------------

package/src/runtime/auth/types.ts

@@ -13,7 +13,7 @@ export type ScopeProfile =
   | "actor_client_v1"
   | "gateway_ingress_v1"
   | "gateway_service_v1"
-  | "ipc_v1"
+  | "local_v1"
   | "ui_page_v1";
 
 // ---------------------------------------------------------------------------
@@ -35,13 +35,13 @@ export type Scope =
   | "internal.write"
   | "feature_flags.read"
   | "feature_flags.write"
-  | "ipc.all";
+  | "local.all";
 
 // ---------------------------------------------------------------------------
 // Principal types — derived from the sub pattern
 // ---------------------------------------------------------------------------
 
-export type PrincipalType = "actor" | "svc_gateway" | "svc_daemon" | "ipc";
+export type PrincipalType = "actor" | "svc_gateway" | "svc_daemon" | "local";
 
 // ---------------------------------------------------------------------------
 // Token audience — which service the JWT is intended for

package/src/runtime/guardian-action-followup-executor.ts

@@ -13,7 +13,7 @@
  * reply text for the guardian's confirmation message.
  *
  * This module is channel-agnostic: both inbound-message-handler (Telegram
- * channels) and session-process (mac/IPC channel) use it.
+ * channels) and session-process (desktop channel) use it.
  */
 
 import { startCall } from "../calls/call-domain.js";

package/src/runtime/guardian-action-grant-minter.ts

@@ -3,7 +3,7 @@
  * request is resolved with tool metadata.
  *
  * Used by both the channel inbound path (inbound-message-handler.ts) and
- * the desktop/IPC path (session-process.ts) to ensure grants are minted
+ * the desktop path (session-process.ts) to ensure grants are minted
  * consistently regardless of which channel the guardian answers on.
  */
 

package/src/runtime/guardian-action-service.ts

@@ -3,7 +3,7 @@
  *
  * Encapsulates the core business logic — validation, conversation scoping,
  * canonical decision application, and result mapping — so both the HTTP
- * handler and the IPC handler can delegate here without duplicating code.
+ * handler and the message handler can delegate here without duplicating code.
  */
 
 import { applyCanonicalGuardianDecision } from "../approvals/guardian-decision-primitive.js";
@@ -61,7 +61,7 @@ export type ProcessGuardianDecisionResult =
  *
  * Validates the action, checks conversation scope if applicable, applies the
  * canonical decision, and maps the result to a caller-agnostic shape that
- * both HTTP and IPC handlers can interpret.
+ * both HTTP and message handlers can interpret.
  */
 export async function processGuardianDecision(
   params: ProcessGuardianDecisionParams,
@@ -97,7 +97,7 @@ export async function processGuardianDecision(
     action: action as ApprovalAction,
     actorContext: {
       actorPrincipalId: actorContext.actorPrincipalId,
-      actorExternalUserId: undefined, // Desktop/IPC path — no channel-native ID
+      actorExternalUserId: undefined, // Desktop path — no channel-native ID
       channel,
       guardianPrincipalId: actorContext.guardianPrincipalId,
     },

package/src/runtime/http-server.ts

@@ -97,6 +97,7 @@ import { appRouteDefinitions } from "./routes/app-routes.js";
 import { approvalRouteDefinitions } from "./routes/approval-routes.js";
 import { attachmentRouteDefinitions } from "./routes/attachment-routes.js";
 import { brainGraphRouteDefinitions } from "./routes/brain-graph-routes.js";
+import { btwRouteDefinitions } from "./routes/btw-routes.js";
 import { callRouteDefinitions } from "./routes/call-routes.js";
 import {
   startCanonicalGuardianExpirySweep,
@@ -124,6 +125,8 @@ import { globalSearchRouteDefinitions } from "./routes/global-search-routes.js";
 import { guardianActionRouteDefinitions } from "./routes/guardian-action-routes.js";
 import { handleGuardianBootstrap } from "./routes/guardian-bootstrap-routes.js";
 import { handleGuardianRefresh } from "./routes/guardian-refresh-routes.js";
+import { hostBashRouteDefinitions } from "./routes/host-bash-routes.js";
+import { hostFileRouteDefinitions } from "./routes/host-file-routes.js";
 import { handleHealth } from "./routes/identity-routes.js";
 import { identityRouteDefinitions } from "./routes/identity-routes.js";
 import { slackChannelRouteDefinitions } from "./routes/integrations/slack/channel.js";
@@ -131,6 +134,8 @@ import { slackShareRouteDefinitions } from "./routes/integrations/slack/share.js
 import { telegramRouteDefinitions } from "./routes/integrations/telegram.js";
 import { twilioRouteDefinitions } from "./routes/integrations/twilio.js";
 import { inviteRouteDefinitions } from "./routes/invite-routes.js";
+import { logExportRouteDefinitions } from "./routes/log-export-routes.js";
+import { mcpRouteDefinitions } from "./routes/mcp-routes.js";
 import { migrationRouteDefinitions } from "./routes/migration-routes.js";
 import type { PairingHandlerContext } from "./routes/pairing-routes.js";
 import {
@@ -242,12 +247,12 @@ export class RuntimeHttpServer {
     return this.server?.port ?? this.port;
   }
 
-  /** Expose the pairing store so the daemon server can wire IPC handlers. */
+  /** Expose the pairing store so the daemon server can wire HTTP handlers. */
   getPairingStore(): PairingStore {
     return this.pairingStore;
   }
 
-  /** Set a callback for broadcasting IPC messages (wired by daemon server). */
+  /** Set a callback for broadcasting server messages (wired by daemon server). */
   setPairingBroadcast(fn: (msg: ServerMessage) => void): void {
     this.pairingBroadcast = fn;
   }
@@ -712,6 +717,7 @@ export class RuntimeHttpServer {
       ...secretRouteDefinitions(),
       ...identityRouteDefinitions(),
       ...debugRouteDefinitions(),
+      ...mcpRouteDefinitions(),
       ...usageRouteDefinitions(),
       ...workspaceRouteDefinitions(),
       ...settingsRouteDefinitions(),
@@ -719,6 +725,7 @@ export class RuntimeHttpServer {
         sendMessageDeps: this.sendMessageDeps,
       }),
       ...diagnosticsRouteDefinitions(),
+      ...logExportRouteDefinitions(),
       ...documentRouteDefinitions(),
       ...workItemRouteDefinitions(
         this.sendMessageDeps
@@ -920,6 +927,10 @@ export class RuntimeHttpServer {
         },
       },
 
+      ...btwRouteDefinitions({
+        sendMessageDeps: this.sendMessageDeps,
+      }),
+
       ...conversationRouteDefinitions({
         interfacesDir: this.interfacesDir,
         sendMessageDeps: this.sendMessageDeps,
@@ -929,6 +940,8 @@ export class RuntimeHttpServer {
       }),
       ...globalSearchRouteDefinitions(),
       ...approvalRouteDefinitions(),
+      ...hostBashRouteDefinitions(),
+      ...hostFileRouteDefinitions(),
       ...(this.getSkillContext
         ? skillRouteDefinitions({
             getSkillContext: this.getSkillContext,

package/src/runtime/http-types.ts

@@ -247,4 +247,14 @@ export interface RuntimeMessagePayload {
     isError?: boolean;
   }>;
   interfaces?: string[];
+  surfaces?: Array<{
+    surfaceId: string;
+    surfaceType: string;
+    title?: string;
+    data: Record<string, unknown>;
+    actions?: unknown[];
+    display?: string;
+  }>;
+  textSegments?: string[];
+  contentOrder?: string[];
 }

package/src/runtime/invite-service.ts

@@ -1,8 +1,8 @@
 /**
  * Shared business logic for invite management.
  *
- * Extracted from the IPC handlers in daemon/handlers/config-inbox.ts so that
- * both the HTTP routes and the IPC handlers call the same logic.
+ * Extracted from the handlers in daemon/handlers/config-inbox.ts so that
+ * both the HTTP routes and the message handlers call the same logic.
  *
  * Member/contact operations have been migrated to the /v1/contacts and
  * /v1/contacts/channels endpoints.
@@ -38,7 +38,7 @@ import {
 } from "./invite-redemption-service.js";
 
 // ---------------------------------------------------------------------------
-// Response shapes — used by both HTTP routes and IPC handlers
+// Response shapes — used by both HTTP routes and message handlers
 // ---------------------------------------------------------------------------
 
 export interface InviteResponseData {