npm - @vellumai/assistant - Versions diffs - 0.4.43 → 0.4.45 - Mend

@vellumai/assistant 0.4.43 → 0.4.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (713) hide show

package/.prettierignore +4 -0
package/ARCHITECTURE.md +46 -44
package/README.md +15 -16
package/bun.lock +10 -35
package/docs/architecture/integrations.md +102 -215
package/docs/architecture/keychain-broker.md +1 -1
package/docs/architecture/memory.md +2 -2
package/docs/architecture/scheduling.md +1 -1
package/docs/architecture/security.md +11 -11
package/docs/error-handling.md +1 -1
package/docs/trusted-contact-access.md +3 -3
package/drizzle/meta/0000_snapshot.json +34 -100
package/drizzle/meta/_journal.json +1 -1
package/drizzle.config.ts +4 -4
package/package.json +3 -2
package/scripts/capture-x-graphql.ts +237 -141
package/scripts/generate-bundled-tool-registry.ts +223 -0
package/src/__tests__/access-request-decision.test.ts +0 -1
package/src/__tests__/actor-token-service.test.ts +23 -24
package/src/__tests__/agent-loop.test.ts +0 -131
package/src/__tests__/always-loaded-tools-guard.test.ts +71 -0
package/src/__tests__/amazon-cdp-integration.test.ts +11 -9
package/src/__tests__/approval-primitive.test.ts +0 -1
package/src/__tests__/approval-routes-http.test.ts +11 -3
package/src/__tests__/asset-materialize-tool.test.ts +0 -1
package/src/__tests__/asset-search-tool.test.ts +0 -1
package/src/__tests__/assistant-attachment-directive.test.ts +1 -1
package/src/__tests__/assistant-events-sse-hardening.test.ts +0 -1
package/src/__tests__/assistant-feature-flag-guardrails.test.ts +0 -2
package/src/__tests__/assistant-feature-flags-integration.test.ts +70 -18
package/src/__tests__/assistant-id-boundary-guard.test.ts +6 -6
package/src/__tests__/attachments-store.test.ts +0 -1
package/src/__tests__/avatar-e2e.test.ts +74 -115
package/src/__tests__/avatar-router.test.ts +25 -62
package/src/__tests__/browser-manager.test.ts +24 -0
package/src/__tests__/browser-skill-baseline-tool-payload.test.ts +4 -3
package/src/__tests__/browser-skill-endstate.test.ts +8 -11
package/src/__tests__/btw-routes.test.ts +326 -0
package/src/__tests__/bundled-asset.test.ts +1 -1
package/src/__tests__/bundled-skill-retrieval-guard.test.ts +23 -9
package/src/__tests__/call-controller.test.ts +0 -1
package/src/__tests__/call-conversation-messages.test.ts +0 -1
package/src/__tests__/call-domain.test.ts +0 -1
package/src/__tests__/call-pointer-messages.test.ts +0 -1
package/src/__tests__/call-recovery.test.ts +0 -1
package/src/__tests__/call-routes-http.test.ts +0 -1
package/src/__tests__/call-store.test.ts +0 -1
package/src/__tests__/canonical-guardian-store.test.ts +0 -1
package/src/__tests__/channel-approval-routes.test.ts +1 -1
package/src/__tests__/channel-approvals.test.ts +1 -1
package/src/__tests__/channel-delivery-store.test.ts +0 -1
package/src/__tests__/channel-guardian.test.ts +5 -7
package/src/__tests__/channel-retry-sweep.test.ts +0 -1
package/src/__tests__/checker.test.ts +32 -36
package/src/__tests__/compaction.benchmark.test.ts +16 -14
package/src/__tests__/computer-use-session-lifecycle.test.ts +10 -11
package/src/__tests__/computer-use-session-working-dir.test.ts +2 -6
package/src/__tests__/computer-use-skill-lifecycle-cleanup.test.ts +2 -5
package/src/__tests__/computer-use-tools.test.ts +35 -31
package/src/__tests__/config-schema.test.ts +11 -15
package/src/__tests__/config-watcher.test.ts +0 -1
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +0 -1
package/src/__tests__/conflict-store.test.ts +0 -1
package/src/__tests__/connection-policy.test.ts +4 -7
package/src/__tests__/contacts-tools.test.ts +0 -1
package/src/__tests__/context-memory-e2e.test.ts +2 -4
package/src/__tests__/context-overflow-reducer.test.ts +2 -4
package/src/__tests__/context-window-manager.test.ts +147 -60
package/src/__tests__/contradiction-checker.test.ts +0 -1
package/src/__tests__/conversation-attention-store.test.ts +0 -1
package/src/__tests__/conversation-attention-telegram.test.ts +1 -1
package/src/__tests__/conversation-pairing.test.ts +2 -2
package/src/__tests__/conversation-routes-guardian-reply.test.ts +31 -7
package/src/__tests__/conversation-routes-slash-commands.test.ts +381 -0
package/src/__tests__/conversation-store.test.ts +0 -1
package/src/__tests__/conversation-unread-route.test.ts +1 -2
package/src/__tests__/credential-security-invariants.test.ts +8 -8
package/src/__tests__/cross-provider-web-search.test.ts +353 -0
package/src/__tests__/daemon-assistant-events.test.ts +6 -7
package/src/__tests__/db-schedule-syntax-migration.test.ts +15 -3
package/src/__tests__/delete-managed-skill-tool.test.ts +5 -9
package/src/__tests__/deterministic-verification-control-plane.test.ts +0 -1
package/src/__tests__/diagnostics-export.test.ts +189 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +0 -1
package/src/__tests__/emit-signal-routing-intent.test.ts +3 -3
package/src/__tests__/entity-extractor.test.ts +0 -1
package/src/__tests__/entity-search.test.ts +0 -1
package/src/__tests__/ephemeral-permissions.test.ts +2 -4
package/src/__tests__/error-handler-friendly-messages.test.ts +46 -0
package/src/__tests__/file-read-tool.test.ts +86 -0
package/src/__tests__/followup-tools.test.ts +0 -1
package/src/__tests__/frontmatter.test.ts +77 -34
package/src/__tests__/gateway-only-enforcement.test.ts +0 -1
package/src/__tests__/gateway-only-guard.test.ts +1 -1
package/src/__tests__/guardian-action-conversation-turn.test.ts +0 -1
package/src/__tests__/guardian-action-followup-executor.test.ts +0 -1
package/src/__tests__/guardian-action-followup-store.test.ts +0 -1
package/src/__tests__/guardian-action-grant-mint-consume.test.ts +0 -1
package/src/__tests__/guardian-action-late-reply.test.ts +0 -1
package/src/__tests__/guardian-action-store.test.ts +0 -1
package/src/__tests__/guardian-action-sweep.test.ts +0 -1
package/src/__tests__/guardian-decision-primitive-canonical.test.ts +0 -1
package/src/__tests__/guardian-dispatch.test.ts +1 -2
package/src/__tests__/guardian-grant-minting.test.ts +1 -1
package/src/__tests__/guardian-outbound-http.test.ts +0 -1
package/src/__tests__/guardian-principal-id-roundtrip.test.ts +0 -1
package/src/__tests__/guardian-routing-invariants.test.ts +1 -1
package/src/__tests__/guardian-routing-state.test.ts +0 -1
package/src/__tests__/guardian-verification-voice-binding.test.ts +0 -1
package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +3 -5
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +28 -426
package/src/__tests__/host-bash-proxy.test.ts +335 -0
package/src/__tests__/host-file-proxy.test.ts +374 -0
package/src/__tests__/host-shell-tool.test.ts +147 -1
package/src/__tests__/http-user-message-parity.test.ts +361 -0
package/src/__tests__/inbound-invite-redemption.test.ts +0 -1
package/src/__tests__/integration-status.test.ts +3 -8
package/src/__tests__/intent-routing.test.ts +7 -46
package/src/__tests__/invite-redemption-service.test.ts +0 -1
package/src/__tests__/invite-routes-http.test.ts +0 -1
package/src/__tests__/llm-usage-store.test.ts +0 -1
package/src/__tests__/managed-avatar-client.test.ts +101 -55
package/src/__tests__/managed-skill-lifecycle.test.ts +9 -18
package/src/__tests__/managed-store.test.ts +94 -21
package/src/__tests__/media-reuse-story.e2e.test.ts +0 -1
package/src/__tests__/memory-context-benchmark.benchmark.test.ts +2 -4
package/src/__tests__/memory-lifecycle-e2e.test.ts +0 -1
package/src/__tests__/memory-recall-quality.test.ts +0 -1
package/src/__tests__/memory-regressions.experimental.test.ts +0 -1
package/src/__tests__/memory-regressions.test.ts +0 -1
package/src/__tests__/memory-retrieval.benchmark.test.ts +0 -1
package/src/__tests__/memory-upsert-concurrency.test.ts +0 -1
package/src/__tests__/messaging-send-tool.test.ts +35 -0
package/src/__tests__/messaging-skill-split.test.ts +138 -0
package/src/__tests__/migration-cross-version-compatibility.test.ts +0 -1
package/src/__tests__/migration-export-http.test.ts +2 -3
package/src/__tests__/migration-import-commit-http.test.ts +1 -2
package/src/__tests__/migration-import-preflight-http.test.ts +1 -2
package/src/__tests__/migration-validate-http.test.ts +1 -2
package/src/__tests__/native-web-search.test.ts +475 -0
package/src/__tests__/navigate-settings-tab.test.ts +84 -0
package/src/__tests__/non-member-access-request.test.ts +0 -1
package/src/__tests__/notification-broadcaster.test.ts +15 -15
package/src/__tests__/notification-decision-strategy.test.ts +6 -6
package/src/__tests__/notification-deep-link.test.ts +7 -7
package/src/__tests__/notification-guardian-path.test.ts +2 -3
package/src/__tests__/notification-telegram-adapter.test.ts +1 -1
package/src/__tests__/notification-thread-candidates.test.ts +4 -4
package/src/__tests__/onboarding-starter-tasks.test.ts +0 -1
package/src/__tests__/onboarding-template-contract.test.ts +0 -10
package/src/__tests__/playbook-execution.test.ts +0 -1
package/src/__tests__/playbook-tools.test.ts +0 -1
package/src/__tests__/profile-compiler.test.ts +0 -1
package/src/__tests__/provider-fail-open-selection.test.ts +12 -2
package/src/__tests__/provider-managed-proxy-integration.test.ts +25 -0
package/src/__tests__/qdrant-collection-migration.test.ts +223 -0
package/src/__tests__/recording-handler.test.ts +30 -94
package/src/__tests__/registry.test.ts +28 -35
package/src/__tests__/relay-server.test.ts +0 -1
package/src/__tests__/ride-shotgun-handler.test.ts +4 -20
package/src/__tests__/runtime-attachment-metadata.test.ts +0 -1
package/src/__tests__/runtime-events-sse-parity.test.ts +3 -4
package/src/__tests__/runtime-events-sse.test.ts +0 -1
package/src/__tests__/sandbox-diagnostics.test.ts +0 -1
package/src/__tests__/scaffold-managed-skill-tool.test.ts +30 -28
package/src/__tests__/schedule-store.test.ts +441 -1
package/src/__tests__/schedule-tools.test.ts +468 -7
package/src/__tests__/scheduler-recurrence.test.ts +196 -23
package/src/__tests__/scoped-approval-grants.test.ts +0 -1
package/src/__tests__/scoped-grant-security-matrix.test.ts +0 -1
package/src/__tests__/secret-prompt-log-hygiene.test.ts +6 -3
package/src/__tests__/secret-response-routing.test.ts +4 -1
package/src/__tests__/send-endpoint-busy.test.ts +14 -5
package/src/__tests__/send-notification-tool.test.ts +0 -7
package/src/__tests__/sequence-store.test.ts +0 -1
package/src/__tests__/server-history-render.test.ts +1 -2
package/src/__tests__/session-abort-tool-results.test.ts +0 -1
package/src/__tests__/session-agent-loop.test.ts +46 -6
package/src/__tests__/session-confirmation-signals.test.ts +7 -46
package/src/__tests__/session-conflict-gate.test.ts +2 -6
package/src/__tests__/session-error.test.ts +5 -14
package/src/__tests__/session-init.benchmark.test.ts +3 -5
package/src/__tests__/session-load-history-repair.test.ts +0 -1
package/src/__tests__/session-media-retry.test.ts +12 -74
package/src/__tests__/session-pre-run-repair.test.ts +0 -1
package/src/__tests__/session-profile-injection.test.ts +2 -6
package/src/__tests__/session-provider-retry-repair.test.ts +2 -6
package/src/__tests__/session-queue.test.ts +94 -139
package/src/__tests__/session-skill-tools.test.ts +115 -115
package/src/__tests__/session-slash-known.test.ts +0 -1
package/src/__tests__/session-slash-queue.test.ts +0 -1
package/src/__tests__/session-slash-unknown.test.ts +0 -1
package/src/__tests__/session-surfaces-task-progress.test.ts +34 -0
package/src/__tests__/session-usage.test.ts +0 -1
package/src/__tests__/session-workspace-cache-state.test.ts +2 -6
package/src/__tests__/session-workspace-injection.test.ts +2 -6
package/src/__tests__/session-workspace-tool-tracking.test.ts +2 -6
package/src/__tests__/skill-feature-flags-integration.test.ts +180 -184
package/src/__tests__/skill-feature-flags.test.ts +125 -18
package/src/__tests__/skill-load-feature-flag.test.ts +1 -2
package/src/__tests__/skill-load-tool.test.ts +194 -2
package/src/__tests__/skill-projection-feature-flag.test.ts +27 -16
package/src/__tests__/skill-projection.benchmark.test.ts +15 -14
package/src/__tests__/skills.test.ts +14 -53
package/src/__tests__/slack-channel-config.test.ts +0 -1
package/src/__tests__/slack-inbound-verification.test.ts +0 -1
package/src/__tests__/slack-skill.test.ts +1 -1
package/src/__tests__/starter-task-flow.test.ts +9 -19
package/src/__tests__/subagent-tools.test.ts +2 -2
package/src/__tests__/system-prompt.test.ts +7 -7
package/src/__tests__/task-compiler.test.ts +0 -1
package/src/__tests__/task-management-tools.test.ts +0 -1
package/src/__tests__/task-memory-cleanup.test.ts +0 -1
package/src/__tests__/task-runner.test.ts +0 -1
package/src/__tests__/task-scheduler.test.ts +0 -1
package/src/__tests__/terminal-tools.test.ts +0 -1
package/src/__tests__/test-support/computer-use-skill-harness.ts +2 -4
package/src/__tests__/thread-seed-composer.test.ts +5 -5
package/src/__tests__/tool-approval-handler.test.ts +0 -1
package/src/__tests__/tool-execution-abort-cleanup.test.ts +0 -1
package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +0 -1
package/src/__tests__/tool-executor.test.ts +8 -86
package/src/__tests__/tool-grant-request-escalation.test.ts +0 -1
package/src/__tests__/tool-notification-listener.test.ts +1 -1
package/src/__tests__/tool-preview-lifecycle.test.ts +416 -0
package/src/__tests__/trust-store.test.ts +84 -8
package/src/__tests__/trusted-contact-approval-notifier.test.ts +0 -1
package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +0 -1
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +0 -1
package/src/__tests__/trusted-contact-multichannel.test.ts +0 -1
package/src/__tests__/trusted-contact-verification.test.ts +0 -1
package/src/__tests__/twilio-provider.test.ts +0 -1
package/src/__tests__/twilio-routes.test.ts +0 -1
package/src/__tests__/{request-file-tool.test.ts → ui-file-upload-surface.test.ts} +11 -72
package/src/__tests__/update-bulletin.test.ts +0 -1
package/src/__tests__/usage-cache-backfill-migration.test.ts +0 -1
package/src/__tests__/usage-routes.test.ts +0 -1
package/src/__tests__/verification-control-plane-policy.test.ts +4 -4
package/src/__tests__/voice-invite-redemption.test.ts +0 -1
package/src/__tests__/voice-scoped-grant-consumer.test.ts +0 -1
package/src/__tests__/voice-session-bridge.test.ts +9 -1
package/src/__tests__/web-fetch.test.ts +57 -0
package/src/__tests__/workspace-git-service.test.ts +5 -14
package/src/__tests__/workspace-policy.test.ts +0 -1
package/src/agent/loop.ts +22 -34
package/src/bundler/bundle-signer.ts +4 -4
package/src/calls/call-controller.ts +1 -1
package/src/calls/relay-server.ts +1 -1
package/src/calls/twilio-rest.ts +1 -1
package/src/calls/voice-session-bridge.ts +3 -1
package/src/cli/__tests__/notifications.test.ts +3 -4
package/src/cli/commands/map.ts +2 -6
package/src/cli/commands/mcp.ts +73 -15
package/src/cli/commands/notifications.ts +4 -4
package/src/cli/commands/sessions.ts +9 -1
package/src/cli/commands/skills.ts +6 -10
package/src/cli/http-client.ts +2 -3
package/src/cli/main-screen.tsx +10 -10
package/src/cli/program.ts +0 -4
package/src/cli/reference.ts +0 -2
package/src/cli.ts +15 -9
package/src/config/__tests__/bundled-tool-registry-guard.test.ts +120 -0
package/src/config/bundled-skills/_shared/CLI_RETRIEVAL_PATTERN.md +11 -0
package/src/config/bundled-skills/app-builder/SKILL.md +6 -7
package/src/config/bundled-skills/app-builder/TOOLS.json +0 -4
package/src/config/bundled-skills/browser/SKILL.md +6 -1
package/src/config/bundled-skills/chatgpt-import/SKILL.md +5 -1
package/src/config/bundled-skills/claude-code/SKILL.md +5 -1
package/src/config/bundled-skills/computer-use/SKILL.md +6 -1
package/src/config/bundled-skills/computer-use/TOOLS.json +6 -69
package/src/config/bundled-skills/computer-use/tools/computer-use-click.ts +10 -1
package/src/config/bundled-skills/contacts/SKILL.md +10 -1
package/src/config/bundled-skills/contacts/TOOLS.json +35 -0
package/src/config/bundled-skills/{messaging → contacts}/tools/google-contacts.ts +9 -2
package/src/config/bundled-skills/document/SKILL.md +4 -1
package/src/config/bundled-skills/doordash/SKILL.md +8 -2
package/src/config/bundled-skills/doordash/__tests__/doordash-session.test.ts +1 -82
package/src/config/bundled-skills/doordash/doordash-cli.ts +17 -28
package/src/config/bundled-skills/doordash/lib/session.ts +21 -17
package/src/config/bundled-skills/doordash/lib/shared/platform.ts +4 -1
package/src/config/bundled-skills/followups/SKILL.md +4 -1
package/src/config/bundled-skills/gmail/SKILL.md +180 -0
package/src/config/bundled-skills/gmail/TOOLS.json +506 -0
package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +149 -0
package/src/config/bundled-skills/gmail/tools/gmail-attachments.ts +110 -0
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-draft.ts +1 -1
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-filters.ts +1 -1
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-follow-up.ts +1 -1
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-forward.ts +1 -1
package/src/config/bundled-skills/gmail/tools/gmail-label.ts +50 -0
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-outreach-scan.ts +8 -90
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-send-draft.ts +1 -1
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-sender-digest.ts +2 -2
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-trash.ts +1 -1
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-unsubscribe.ts +1 -1
package/src/config/bundled-skills/{messaging → gmail}/tools/gmail-vacation.ts +1 -1
package/src/config/bundled-skills/gmail/tools/shared.ts +47 -0
package/src/config/bundled-skills/google-calendar/SKILL.md +5 -1
package/src/config/bundled-skills/image-studio/SKILL.md +5 -1
package/src/config/bundled-skills/knowledge-graph/SKILL.md +4 -1
package/src/config/bundled-skills/media-processing/SKILL.md +7 -13
package/src/config/bundled-skills/media-processing/TOOLS.json +0 -22
package/src/config/bundled-skills/media-processing/tools/generate-clip.ts +12 -1
package/src/config/bundled-skills/messaging/SKILL.md +23 -139
package/src/config/bundled-skills/messaging/TOOLS.json +33 -1215
package/src/config/bundled-skills/messaging/tools/gmail-mime-helpers.ts +42 -0
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +165 -2
package/src/config/bundled-skills/messaging/tools/messaging-sender-digest.ts +1 -13
package/src/config/bundled-skills/messaging/tools/shared.ts +81 -34
package/src/config/bundled-skills/notifications/SKILL.md +5 -1
package/src/config/bundled-skills/orchestration/SKILL.md +30 -0
package/src/config/bundled-skills/orchestration/TOOLS.json +35 -0
package/src/config/bundled-skills/{reminder/tools/reminder-cancel.ts → orchestration/tools/swarm-delegate.ts} +3 -3
package/src/config/bundled-skills/phone-calls/SKILL.md +9 -1
package/src/config/bundled-skills/playbooks/SKILL.md +4 -1
package/src/config/bundled-skills/schedule/SKILL.md +70 -9
package/src/config/bundled-skills/schedule/TOOLS.json +38 -6
package/src/config/bundled-skills/screen-watch/SKILL.md +28 -0
package/src/config/bundled-skills/screen-watch/TOOLS.json +35 -0
package/src/config/bundled-skills/{reminder/tools/reminder-create.ts → screen-watch/tools/start-screen-watch.ts} +3 -3
package/src/config/bundled-skills/sequences/SKILL.md +47 -0
package/src/config/bundled-skills/sequences/TOOLS.json +340 -0
package/src/config/bundled-skills/sequences/tools/sequence-update.ts +128 -0
package/src/config/bundled-skills/sequences/tools/shared.ts +9 -0
package/src/config/bundled-skills/settings/SKILL.md +12 -0
package/src/config/bundled-skills/settings/TOOLS.json +112 -0
package/src/config/bundled-skills/settings/tools/navigate-settings-tab.ts +43 -0
package/src/config/bundled-skills/settings/tools/open-system-settings.ts +52 -0
package/src/config/bundled-skills/{computer-use/tools/computer-use-right-click.ts → settings/tools/set-avatar.ts} +2 -6
package/src/{tools/system/voice-config.ts → config/bundled-skills/settings/tools/voice-config-update.ts} +59 -96
package/src/config/bundled-skills/skill-management/SKILL.md +18 -0
package/src/config/bundled-skills/skill-management/TOOLS.json +90 -0
package/src/config/bundled-skills/{computer-use/tools/computer-use-double-click.ts → skill-management/tools/delete-managed.ts} +2 -6
package/src/config/bundled-skills/skill-management/tools/scaffold-managed.ts +12 -0
package/src/config/bundled-skills/slack/SKILL.md +5 -1
package/src/config/bundled-skills/subagent/SKILL.md +4 -1
package/src/config/bundled-skills/tasks/SKILL.md +5 -2
package/src/config/bundled-skills/transcribe/SKILL.md +4 -1
package/src/config/bundled-skills/watcher/SKILL.md +4 -1
package/src/config/bundled-tool-registry.ts +118 -107
package/src/config/env.ts +5 -2
package/src/config/feature-flag-registry.json +33 -9
package/src/config/loader.ts +10 -2
package/src/config/schema.ts +19 -16
package/src/config/schemas/inference.ts +12 -22
package/src/config/schemas/memory-storage.ts +19 -1
package/src/config/schemas/platform.ts +0 -16
package/src/config/skill-state.ts +11 -8
package/src/config/skills.ts +83 -32
package/src/context/token-estimator.ts +11 -0
package/src/context/window-manager.ts +180 -151
package/src/daemon/computer-use-session.ts +11 -43
package/src/daemon/daemon-control.ts +4 -1
package/src/daemon/handlers/config-channels.ts +5 -9
package/src/daemon/handlers/config-ingress.ts +0 -4
package/src/daemon/handlers/config-model.ts +7 -13
package/src/daemon/handlers/config-telegram.ts +4 -8
package/src/daemon/handlers/config-voice.ts +2 -5
package/src/daemon/handlers/dictation.ts +2 -12
package/src/daemon/handlers/identity.ts +0 -105
package/src/daemon/handlers/recording.ts +3 -23
package/src/daemon/handlers/session-history.ts +42 -10
package/src/daemon/handlers/sessions.ts +53 -72
package/src/daemon/handlers/shared.ts +7 -28
package/src/daemon/handlers/skills.ts +31 -27
package/src/daemon/host-bash-proxy.ts +148 -0
package/src/daemon/host-file-proxy.ts +135 -0
package/src/daemon/lifecycle.ts +53 -41
package/src/daemon/mcp-reload-service.ts +123 -0
package/src/daemon/message-protocol.ts +6 -0
package/src/daemon/message-types/apps.ts +0 -25
package/src/daemon/message-types/browser.ts +1 -1
package/src/daemon/message-types/computer-use.ts +1 -4
package/src/daemon/message-types/guardian-actions.ts +1 -1
package/src/daemon/message-types/host-bash.ts +18 -0
package/src/daemon/message-types/host-file.ts +44 -0
package/src/daemon/message-types/integrations.ts +1 -73
package/src/daemon/message-types/messages.ts +15 -0
package/src/daemon/message-types/schedules.ts +11 -27
package/src/daemon/message-types/sessions.ts +8 -2
package/src/daemon/message-types/settings.ts +1 -1
package/src/daemon/message-types/shared.ts +1 -1
package/src/daemon/message-types/surfaces.ts +2 -0
package/src/daemon/ride-shotgun-handler.ts +35 -43
package/src/daemon/seed-files.ts +3 -27
package/src/daemon/server.ts +45 -28
package/src/daemon/session-agent-loop-handlers.ts +72 -9
package/src/daemon/session-agent-loop.ts +97 -66
package/src/daemon/session-attachments.ts +1 -1
package/src/daemon/session-error.ts +17 -16
package/src/daemon/session-lifecycle.ts +20 -1
package/src/daemon/session-media-retry.ts +1 -15
package/src/daemon/session-messaging.ts +14 -6
package/src/daemon/session-process.ts +36 -7
package/src/daemon/session-queue-manager.ts +62 -103
package/src/daemon/session-runtime-assembly.ts +27 -7
package/src/daemon/session-skill-tools.ts +12 -11
package/src/daemon/session-slash.ts +7 -0
package/src/daemon/session-surfaces.ts +192 -118
package/src/daemon/session-tool-setup.ts +146 -6
package/src/daemon/session.ts +75 -37
package/src/errors.ts +0 -2
package/src/export/formatter.ts +6 -0
package/src/mcp/mcp-oauth-provider.ts +1 -3
package/src/media/avatar-router.ts +20 -28
package/src/media/avatar-types.ts +7 -14
package/src/media/managed-avatar-client.ts +70 -34
package/src/memory/app-store.ts +0 -18
package/src/memory/conversation-title-service.ts +1 -2
package/src/memory/db-init.ts +16 -0
package/src/memory/embedding-backend.ts +129 -27
package/src/memory/embedding-gemini.test.ts +256 -0
package/src/memory/embedding-gemini.ts +47 -13
package/src/memory/embedding-local.ts +14 -2
package/src/memory/embedding-ollama.ts +15 -2
package/src/memory/embedding-openai.ts +15 -2
package/src/memory/embedding-types.test.ts +116 -0
package/src/memory/embedding-types.ts +61 -0
package/src/memory/fingerprint.ts +1 -1
package/src/memory/indexer.ts +25 -1
package/src/memory/job-handlers/embedding.test.ts +258 -0
package/src/memory/job-handlers/embedding.ts +81 -1
package/src/memory/job-handlers/index-maintenance.ts +35 -1
package/src/memory/job-handlers/media-processing.ts +11 -1
package/src/memory/job-utils.ts +21 -6
package/src/memory/jobs-store.ts +5 -1
package/src/memory/jobs-worker.ts +8 -0
package/src/memory/message-content.ts +66 -0
package/src/memory/migrations/100-core-tables.ts +1 -31
package/src/memory/migrations/104-core-indexes.ts +0 -11
package/src/memory/migrations/145-drop-accounts-table.ts +19 -0
package/src/memory/migrations/146-schedule-oneshot-routing.ts +94 -0
package/src/memory/migrations/147-migrate-reminders-to-schedules.ts +129 -0
package/src/memory/migrations/148-drop-reminders-table.ts +18 -0
package/src/memory/migrations/index.ts +4 -0
package/src/memory/migrations/registry.ts +19 -0
package/src/memory/qdrant-client.ts +158 -43
package/src/memory/retriever.test.ts +0 -1
package/src/memory/retriever.ts +12 -2
package/src/memory/schema/infrastructure.ts +5 -37
package/src/memory/search/formatting.ts +34 -9
package/src/memory/search/semantic.ts +57 -2
package/src/memory/search/types.ts +2 -1
package/src/notifications/AGENTS.md +2 -2
package/src/notifications/README.md +59 -58
package/src/notifications/adapters/macos.ts +1 -1
package/src/notifications/broadcaster.ts +5 -5
package/src/notifications/copy-composer.ts +1 -1
package/src/notifications/decision-engine.ts +2 -2
package/src/notifications/destination-resolver.ts +2 -2
package/src/notifications/emit-signal.ts +8 -8
package/src/notifications/signal.ts +1 -1
package/src/notifications/thread-seed-composer.ts +1 -1
package/src/oauth/connect-orchestrator.ts +1 -1
package/src/oauth/token-persistence.ts +1 -1
package/src/permissions/checker.ts +12 -1
package/src/permissions/defaults.ts +13 -17
package/src/permissions/trust-store.ts +37 -0
package/src/permissions/workspace-policy.ts +0 -1
package/src/prompts/__tests__/build-cli-reference-section.test.ts +11 -0
package/src/prompts/computer-use-prompt.ts +1 -1
package/src/prompts/system-prompt.ts +33 -35
package/src/prompts/templates/BOOTSTRAP.md +0 -3
package/src/prompts/templates/SOUL.md +1 -2
package/src/prompts/templates/UPDATES.md +16 -7
package/src/providers/anthropic/client.ts +87 -33
package/src/providers/gemini/client.ts +6 -0
package/src/providers/managed-proxy/constants.ts +5 -0
package/src/providers/openai/client.ts +15 -0
package/src/providers/registry.ts +4 -6
package/src/providers/types.ts +24 -2
package/src/runtime/AGENTS.md +18 -0
package/src/runtime/assistant-event-hub.ts +2 -3
package/src/runtime/assistant-event.ts +4 -4
package/src/runtime/auth/__tests__/context.test.ts +5 -5
package/src/runtime/auth/__tests__/credential-service.test.ts +0 -1
package/src/runtime/auth/__tests__/guard-tests.test.ts +3 -2
package/src/runtime/auth/__tests__/{ipc-auth-context.test.ts → local-auth-context.test.ts} +21 -21
package/src/runtime/auth/__tests__/route-policy.test.ts +2 -2
package/src/runtime/auth/__tests__/scopes.test.ts +9 -8
package/src/runtime/auth/__tests__/subject.test.ts +8 -8
package/src/runtime/auth/__tests__/token-service.test.ts +0 -1
package/src/runtime/auth/route-policy.ts +8 -8
package/src/runtime/auth/scopes.ts +2 -1
package/src/runtime/auth/subject.ts +4 -4
package/src/runtime/auth/token-service.ts +1 -24
package/src/runtime/auth/types.ts +3 -3
package/src/runtime/guardian-action-followup-executor.ts +1 -1
package/src/runtime/guardian-action-grant-minter.ts +1 -1
package/src/runtime/guardian-action-service.ts +3 -3
package/src/runtime/http-server.ts +15 -2
package/src/runtime/http-types.ts +10 -0
package/src/runtime/invite-service.ts +3 -3
package/src/runtime/local-actor-identity.ts +17 -22
package/src/runtime/middleware/error-handler.ts +14 -1
package/src/runtime/pending-interactions.ts +21 -9
package/src/runtime/routes/app-management-routes.ts +63 -67
package/src/runtime/routes/approval-routes.ts +1 -3
package/src/runtime/routes/brain-graph/brain-graph.html +1845 -0
package/src/runtime/routes/brain-graph-routes.ts +4 -42
package/src/runtime/routes/btw-routes.ts +155 -0
package/src/runtime/routes/computer-use-routes.ts +77 -31
package/src/runtime/routes/conversation-routes.ts +234 -47
package/src/runtime/routes/diagnostics-routes.ts +154 -43
package/src/runtime/routes/documents-routes.ts +2 -2
package/src/runtime/routes/global-search-routes.ts +1 -1
package/src/runtime/routes/host-bash-routes.ts +83 -0
package/src/runtime/routes/host-file-routes.ts +79 -0
package/src/runtime/routes/integrations/slack/share.ts +1 -1
package/src/runtime/routes/log-export-routes.ts +120 -0
package/src/runtime/routes/mcp-routes.ts +20 -0
package/src/runtime/routes/migration-routes.ts +3 -3
package/src/runtime/routes/pairing-routes.ts +1 -1
package/src/runtime/routes/recording-routes.ts +6 -4
package/src/runtime/routes/schedule-routes.ts +31 -5
package/src/runtime/routes/session-management-routes.ts +2 -6
package/src/runtime/routes/session-query-routes.ts +18 -15
package/src/runtime/routes/settings-routes.ts +7 -351
package/src/runtime/routes/skills-routes.ts +7 -6
package/src/runtime/routes/subagents-routes.ts +4 -10
package/src/runtime/routes/surface-action-routes.ts +3 -14
package/src/runtime/routes/surface-content-routes.ts +22 -5
package/src/runtime/routes/work-items-routes.ts +21 -25
package/src/runtime/routes/workspace-routes.test.ts +3 -3
package/src/runtime/routes/workspace-utils.ts +1 -1
package/src/runtime/telegram-streaming-delivery.ts +3 -0
package/src/runtime/verification-outbound-actions.ts +2 -2
package/src/schedule/integration-status.ts +0 -6
package/src/schedule/schedule-store.ts +234 -43
package/src/schedule/scheduler.ts +73 -74
package/src/security/oauth2.ts +1 -1
package/src/sequence/store.ts +12 -2
package/src/skills/frontmatter.ts +19 -77
package/src/skills/managed-store.ts +11 -2
package/src/subagent/manager.ts +5 -3
package/src/tasks/ephemeral-permissions.ts +3 -5
package/src/tools/AGENTS.md +37 -0
package/src/tools/apps/executors.ts +0 -6
package/src/tools/browser/browser-manager.ts +17 -11
package/src/tools/browser/jit-auth.ts +4 -1
package/src/tools/claude-code/claude-code.ts +1 -1
package/src/tools/computer-use/definitions.ts +48 -60
package/src/tools/document/document-tool.ts +6 -6
package/src/tools/document/editor-template.ts +10 -8
package/src/tools/filesystem/edit.ts +2 -1
package/src/tools/filesystem/read.ts +20 -2
package/src/tools/filesystem/write.ts +2 -1
package/src/tools/host-filesystem/edit.ts +17 -1
package/src/tools/host-filesystem/read.ts +16 -1
package/src/tools/host-filesystem/write.ts +15 -1
package/src/tools/host-terminal/host-shell.ts +24 -0
package/src/tools/memory/definitions.ts +45 -81
package/src/tools/memory/handlers.test.ts +0 -1
package/src/tools/memory/handlers.ts +1 -1
package/src/tools/memory/register.ts +26 -60
package/src/tools/network/script-proxy/session-manager.ts +6 -8
package/src/tools/network/web-fetch.ts +7 -1
package/src/tools/network/web-search.ts +2 -1
package/src/tools/registry.ts +23 -0
package/src/tools/schedule/create.ts +113 -5
package/src/tools/schedule/list.ts +57 -15
package/src/tools/schedule/update.ts +73 -3
package/src/tools/shared/filesystem/image-read.ts +192 -0
package/src/tools/side-effects.ts +1 -7
package/src/tools/skills/delete-managed.ts +27 -64
package/src/tools/skills/execute.ts +54 -0
package/src/tools/skills/load.ts +127 -5
package/src/tools/skills/scaffold-managed.ts +93 -172
package/src/tools/subagent/message.ts +0 -7
package/src/tools/subagent/spawn.ts +1 -1
package/src/tools/swarm/delegate.ts +0 -3
package/src/tools/system/avatar-generator.ts +13 -19
package/src/tools/system/request-permission.ts +2 -1
package/src/tools/terminal/safe-env.ts +1 -0
package/src/tools/tool-manifest.ts +41 -47
package/src/tools/types.ts +6 -2
package/src/tools/ui-surface/definitions.ts +0 -55
package/src/util/errors.ts +12 -10
package/src/workspace/git-service.ts +0 -2
package/src/__tests__/account-registry.test.ts +0 -258
package/src/__tests__/email-classifier.test.ts +0 -25
package/src/__tests__/gmail-integration.test.ts +0 -97
package/src/__tests__/handle-user-message-secret-resume.test.ts +0 -172
package/src/__tests__/home-base-bootstrap.test.ts +0 -84
package/src/__tests__/managed-twitter-guardrails.test.ts +0 -353
package/src/__tests__/prebuilt-home-base-seed.test.ts +0 -79
package/src/__tests__/recording-intent-fallback.test.ts +0 -199
package/src/__tests__/recording-intent.test.ts +0 -985
package/src/__tests__/recording-state-machine.test.ts +0 -1574
package/src/__tests__/reminder-store.test.ts +0 -350
package/src/__tests__/reminder.test.ts +0 -337
package/src/__tests__/scan-result-store.test.ts +0 -121
package/src/__tests__/twitter-platform-proxy-client.test.ts +0 -450
package/src/__tests__/view-image-tool.test.ts +0 -241
package/src/cli/commands/amazon/cart.ts +0 -513
package/src/cli/commands/amazon/checkout.ts +0 -394
package/src/cli/commands/amazon/client.ts +0 -513
package/src/cli/commands/amazon/index.ts +0 -920
package/src/cli/commands/amazon/product-details.ts +0 -145
package/src/cli/commands/amazon/request-extractor.ts +0 -187
package/src/cli/commands/amazon/search.ts +0 -76
package/src/cli/commands/amazon/session.ts +0 -116
package/src/cli/commands/twitter/__tests__/cli-error-shaping.test.ts +0 -265
package/src/cli/commands/twitter/__tests__/cli-read-routing.test.ts +0 -483
package/src/cli/commands/twitter/__tests__/cli-routing.test.ts +0 -412
package/src/cli/commands/twitter/__tests__/oauth-client.test.ts +0 -197
package/src/cli/commands/twitter/client.ts +0 -989
package/src/cli/commands/twitter/index.ts +0 -1160
package/src/cli/commands/twitter/oauth-client.ts +0 -94
package/src/cli/commands/twitter/router.ts +0 -396
package/src/cli/commands/twitter/session.ts +0 -121
package/src/config/bundled-skills/agentmail/SKILL.md +0 -132
package/src/config/bundled-skills/agentmail/icon.svg +0 -21
package/src/config/bundled-skills/amazon/SKILL.md +0 -137
package/src/config/bundled-skills/amazon/icon.svg +0 -13
package/src/config/bundled-skills/api-mapping/SKILL.md +0 -78
package/src/config/bundled-skills/api-mapping/icon.svg +0 -18
package/src/config/bundled-skills/cli-discover/SKILL.md +0 -68
package/src/config/bundled-skills/deploy-fullstack-vercel/SKILL.md +0 -179
package/src/config/bundled-skills/document-writer/SKILL.md +0 -195
package/src/config/bundled-skills/elevenlabs-voice/SKILL.md +0 -140
package/src/config/bundled-skills/email-setup/SKILL.md +0 -68
package/src/config/bundled-skills/frontend-design/SKILL.md +0 -44
package/src/config/bundled-skills/frontend-design/icon.svg +0 -16
package/src/config/bundled-skills/google-oauth-setup/SKILL.md +0 -452
package/src/config/bundled-skills/guardian-verify-setup/SKILL.md +0 -203
package/src/config/bundled-skills/influencer/SKILL.md +0 -144
package/src/config/bundled-skills/influencer/scripts/client.ts +0 -1269
package/src/config/bundled-skills/influencer/scripts/influencer.ts +0 -267
package/src/config/bundled-skills/macos-automation/SKILL.md +0 -65
package/src/config/bundled-skills/macos-automation/icon.svg +0 -12
package/src/config/bundled-skills/mcp-setup/SKILL.md +0 -75
package/src/config/bundled-skills/media-processing/tools/media-diagnostics.ts +0 -184
package/src/config/bundled-skills/messaging/tools/gmail-archive-by-query.ts +0 -80
package/src/config/bundled-skills/messaging/tools/gmail-archive.ts +0 -29
package/src/config/bundled-skills/messaging/tools/gmail-batch-archive.ts +0 -56
package/src/config/bundled-skills/messaging/tools/gmail-batch-label.ts +0 -34
package/src/config/bundled-skills/messaging/tools/gmail-download-attachment.ts +0 -47
package/src/config/bundled-skills/messaging/tools/gmail-label.ts +0 -31
package/src/config/bundled-skills/messaging/tools/gmail-list-attachments.ts +0 -67
package/src/config/bundled-skills/messaging/tools/gmail-send-with-attachments.ts +0 -97
package/src/config/bundled-skills/messaging/tools/gmail-summarize-thread.ts +0 -87
package/src/config/bundled-skills/messaging/tools/gmail-triage.ts +0 -135
package/src/config/bundled-skills/messaging/tools/messaging-analyze-activity.ts +0 -24
package/src/config/bundled-skills/messaging/tools/messaging-reply.ts +0 -201
package/src/config/bundled-skills/messaging/tools/send-notification.ts +0 -1
package/src/config/bundled-skills/messaging/tools/sequence-cancel.ts +0 -27
package/src/config/bundled-skills/messaging/tools/sequence-pause.ts +0 -48
package/src/config/bundled-skills/messaging/tools/sequence-resume.ts +0 -27
package/src/config/bundled-skills/messaging/tools/sequence-update.ts +0 -56
package/src/config/bundled-skills/notion/SKILL.md +0 -240
package/src/config/bundled-skills/notion-oauth-setup/SKILL.md +0 -126
package/src/config/bundled-skills/oauth-setup/SKILL.md +0 -143
package/src/config/bundled-skills/public-ingress/SKILL.md +0 -258
package/src/config/bundled-skills/reminder/SKILL.md +0 -79
package/src/config/bundled-skills/reminder/TOOLS.json +0 -89
package/src/config/bundled-skills/reminder/tools/reminder-list.ts +0 -12
package/src/config/bundled-skills/restaurant-reservation/SKILL.md +0 -141
package/src/config/bundled-skills/screen-recording/SKILL.md +0 -148
package/src/config/bundled-skills/self-upgrade/SKILL.md +0 -69
package/src/config/bundled-skills/skills-catalog/SKILL.md +0 -78
package/src/config/bundled-skills/slack-app-setup/SKILL.md +0 -178
package/src/config/bundled-skills/slack-digest-setup/SKILL.md +0 -163
package/src/config/bundled-skills/slack-oauth-setup/SKILL.md +0 -157
package/src/config/bundled-skills/start-the-day/SKILL.md +0 -70
package/src/config/bundled-skills/start-the-day/icon.svg +0 -13
package/src/config/bundled-skills/telegram-setup/SKILL.md +0 -105
package/src/config/bundled-skills/time-based-actions/SKILL.md +0 -142
package/src/config/bundled-skills/twilio-setup/SKILL.md +0 -232
package/src/config/bundled-skills/twitter/SKILL.md +0 -319
package/src/config/bundled-skills/twitter/icon.svg +0 -14
package/src/config/bundled-skills/typescript-eval/SKILL.md +0 -60
package/src/config/bundled-skills/vercel-token-setup/SKILL.md +0 -214
package/src/config/bundled-skills/voice-setup/SKILL.md +0 -131
package/src/config/bundled-skills/voice-setup/icon.svg +0 -20
package/src/daemon/handlers/pairing.ts +0 -119
package/src/daemon/handlers/session-user-message.ts +0 -961
package/src/daemon/recording-executor.ts +0 -180
package/src/daemon/recording-intent-fallback.ts +0 -162
package/src/daemon/recording-intent.ts +0 -493
package/src/home-base/app-link-store.ts +0 -78
package/src/home-base/bootstrap.ts +0 -74
package/src/home-base/prebuilt/brain-graph.html +0 -1483
package/src/home-base/prebuilt/index.html +0 -702
package/src/home-base/prebuilt/seed-metadata.json +0 -21
package/src/home-base/prebuilt/seed.ts +0 -122
package/src/home-base/prebuilt-home-base-updater.ts +0 -36
package/src/memory/account-store.ts +0 -117
package/src/messaging/activity-analyzer.ts +0 -76
package/src/messaging/email-classifier.ts +0 -208
package/src/messaging/index.ts +0 -2
package/src/messaging/outreach-classifier.ts +0 -185
package/src/messaging/thread-summarizer.ts +0 -346
package/src/messaging/types.ts +0 -17
package/src/tools/browser/x-auto-navigate.ts +0 -254
package/src/tools/credentials/account-registry.ts +0 -144
package/src/tools/filesystem/view-image.ts +0 -244
package/src/tools/reminder/reminder-store.ts +0 -194
package/src/tools/reminder/reminder.ts +0 -158
package/src/tools/system/navigate-settings.ts +0 -74
package/src/tools/system/open-system-settings.ts +0 -85
package/src/tools/system/version.ts +0 -54
package/src/twitter/platform-proxy-client.ts +0 -405
package/src/util/cookie-session.ts +0 -98
/package/src/config/bundled-skills/{messaging → gmail}/tools/scan-result-store.ts +0 -0
/package/src/config/bundled-skills/{messaging → sequences}/tools/sequence-analytics.ts +0 -0
/package/src/config/bundled-skills/{messaging → sequences}/tools/sequence-create.ts +0 -0
/package/src/config/bundled-skills/{messaging → sequences}/tools/sequence-delete.ts +0 -0
/package/src/config/bundled-skills/{messaging → sequences}/tools/sequence-enroll.ts +0 -0
/package/src/config/bundled-skills/{messaging → sequences}/tools/sequence-enrollment-list.ts +0 -0
/package/src/config/bundled-skills/{messaging → sequences}/tools/sequence-get.ts +0 -0
/package/src/config/bundled-skills/{messaging → sequences}/tools/sequence-import.ts +0 -0
/package/src/config/bundled-skills/{messaging → sequences}/tools/sequence-list.ts +0 -0

package/src/runtime/local-actor-identity.ts CHANGED Viewed

@@ -1,12 +1,12 @@
 /**
- * Deterministic local actor identity for IPC connections.
+ * Deterministic local actor identity for local connections.
  *
- * IPC (Unix domain socket) connections come from the local macOS native app.
- * No actor token is sent over the socket; instead, the daemon assigns a
+ * Local connections come from the native app via local HTTP sessions.
+ * No actor token is sent over the connection; instead, the daemon assigns a
  * deterministic local actor identity server-side by looking up the vellum
  * channel guardian binding.
  *
- * This routes IPC connections through the same `resolveTrustContext`
+ * This routes local connections through the same `resolveTrustContext`
  * pathway used by HTTP channel ingress, producing equivalent
  * guardian-context behavior for the vellum channel.
  */
@@ -34,34 +34,29 @@ const log = getLogger("local-actor-identity");
  */
 export function buildLocalAuthContext(sessionId: string): AuthContext {
   return {
-    subject: `ipc:self:${sessionId}`,
-    principalType: "ipc",
+    subject: `local:self:${sessionId}`,
+    principalType: "local",
     assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
     sessionId,
-    scopeProfile: "ipc_v1",
-    scopes: resolveScopeProfile("ipc_v1"),
+    scopeProfile: "local_v1",
+    scopes: resolveScopeProfile("local_v1"),
     policyEpoch: CURRENT_POLICY_EPOCH,
   };
 }
 /**
- * @deprecated Use `buildLocalAuthContext` instead.
- */
-export const buildIpcAuthContext = buildLocalAuthContext;
-/**
- * Resolve the guardian runtime context for a local IPC connection.
+ * Resolve the guardian runtime context for a local connection.
  *
  * Looks up the vellum guardian binding to obtain the `guardianPrincipalId`,
  * then passes it as the sender identity through `resolveTrustContext` --
- * the same pathway HTTP channel routes use. This ensures IPC and HTTP
+ * the same pathway HTTP channel routes use. This ensures local and HTTP
  * produce equivalent trust classification for the vellum channel.
  *
  * When no vellum guardian binding exists (e.g. fresh install before
  * bootstrap), falls back to a minimal guardian context so the local
  * user is not incorrectly denied.
  */
-export function resolveLocalIpcTrustContext(
+export function resolveLocalTrustContext(
   sourceChannel: ChannelId = "vellum",
 ): TrustContext {
   const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
@@ -81,7 +76,7 @@ export function resolveLocalIpcTrustContext(
   // No guardian contact with a principalId — bootstrap via ensureVellumGuardianBinding
   // to self-heal (creates the binding + contact if missing).
-  log.debug("No vellum guardian contact found; bootstrapping binding for IPC");
+  log.debug("No vellum guardian contact found; bootstrapping binding for local session");
   try {
     const principalId = ensureVellumGuardianBinding(assistantId);
     const trustCtx = resolveTrustContext({
@@ -107,15 +102,15 @@ export function resolveLocalIpcTrustContext(
 }
 /**
- * Build an AuthContext for a local IPC connection.
+ * Build an AuthContext for a local connection.
  *
  * Produces the same AuthContext shape that HTTP routes receive from JWT
- * verification, using the `ipc_v1` scope profile. The `actorPrincipalId`
+ * verification, using the `local_v1` scope profile. The `actorPrincipalId`
  * is populated from the vellum guardian binding when available, enabling
  * downstream code to resolve guardian context using the same
  * `authContext.actorPrincipalId` path as HTTP sessions.
  */
-export function resolveLocalIpcAuthContext(sessionId: string): AuthContext {
+export function resolveLocalAuthContext(sessionId: string): AuthContext {
   const authContext = buildLocalAuthContext(sessionId);
   // Enrich with the guardian principal ID from contacts-first path
@@ -128,10 +123,10 @@ export function resolveLocalIpcAuthContext(sessionId: string): AuthContext {
   }
   // Self-heal: no guardian contact with principalId — bootstrap via
-  // ensureVellumGuardianBinding (mirrors resolveLocalIpcTrustContext).
+  // ensureVellumGuardianBinding (mirrors resolveLocalTrustContext).
   try {
     log.debug(
-      "No vellum guardian contact found; bootstrapping binding for IPC auth",
+      "No vellum guardian contact found; bootstrapping binding for local auth",
     );
     const principalId = ensureVellumGuardianBinding(authContext.assistantId);
     return { ...authContext, actorPrincipalId: principalId };

package/src/runtime/middleware/error-handler.ts CHANGED Viewed

@@ -2,7 +2,11 @@
  * Centralized error handling for runtime HTTP request dispatch.
  */
-import { ConfigError, IngressBlockedError } from "../../util/errors.js";
+import {
+  ConfigError,
+  IngressBlockedError,
+  ProviderNotConfiguredError,
+} from "../../util/errors.js";
 import { getLogger } from "../../util/logger.js";
 import { httpError } from "../http-errors.js";
@@ -26,6 +30,15 @@ export async function withErrorHandling(
       );
       return httpError("UNPROCESSABLE_ENTITY", err.message, 422);
     }
+    if (err instanceof ProviderNotConfiguredError) {
+      log.warn({ err, endpoint }, "No LLM provider configured");
+      const envVar = `${err.requestedProvider.toUpperCase()}_API_KEY`;
+      return httpError(
+        "UNPROCESSABLE_ENTITY",
+        `No API key configured. Set ${envVar} in your environment or run \`vellum hatch\` to set up your assistant.`,
+        422,
+      );
+    }
     if (err instanceof ConfigError) {
       log.warn({ err, endpoint }, "Runtime HTTP config error");
       return httpError("UNPROCESSABLE_ENTITY", err.message, 422);

package/src/runtime/pending-interactions.ts CHANGED Viewed

@@ -1,11 +1,12 @@
 /**
  * In-memory tracker that maps requestId to session info for pending
- * confirmation and secret interactions.
+ * confirmation, secret, host_bash, and host_file interactions.
  *
- * When the agent loop emits a confirmation_request or secret_request,
- * the onEvent callback registers the interaction here. Standalone HTTP
- * endpoints (/v1/confirm, /v1/secret, /v1/trust-rules) look up the
- * session from this tracker to resolve the interaction.
+ * When the agent loop emits a confirmation_request, secret_request,
+ * host_bash_request, or host_file_request, the onEvent callback registers
+ * the interaction here. Standalone HTTP endpoints (/v1/confirm, /v1/secret,
+ * /v1/trust-rules, /v1/host-bash-result, /v1/host-file-result) look up
+ * the session from this tracker to resolve the interaction.
  */
 import type { Session } from "../daemon/session.js";
@@ -28,7 +29,7 @@ export interface ConfirmationDetails {
 export interface PendingInteraction {
   session: Session;
   conversationId: string;
-  kind: "confirmation" | "secret";
+  kind: "confirmation" | "secret" | "host_bash" | "host_file";
   confirmationDetails?: ConfirmationDetails;
 }
@@ -78,12 +79,23 @@ export function getByConversation(
 }
 /**
- * Remove all pending interactions for a given session.
- * Used when auto-denying all pending confirmations (e.g. new user message).
+ * Remove pending confirmation and secret interactions for a given session.
+ * Used when auto-denying all pending interactions (e.g. new user message).
+ *
+ * host_bash and host_file interactions are intentionally skipped — they
+ * represent in-flight tool executions proxied to the client, not
+ * confirmations to auto-deny. Removing them would orphan the request: the
+ * client would POST to /v1/host-bash-result or /v1/host-file-result after
+ * completing the operation, get a 404, and the proxy timer would fire with
+ * a spurious timeout error.
  */
 export function removeBySession(session: Session): void {
   for (const [requestId, interaction] of pending) {
-    if (interaction.session === session) {
+    if (
+      interaction.session === session &&
+      interaction.kind !== "host_bash" &&
+      interaction.kind !== "host_file"
+    ) {
       pending.delete(requestId);
     }
   }

package/src/runtime/routes/app-management-routes.ts CHANGED Viewed

@@ -2,7 +2,7 @@
  * HTTP route definitions for app CRUD, bundling, sharing, versioning,
  * gallery, and signing operations.
  *
- * Business logic is extracted from the IPC handlers in
+ * Business logic is extracted from the handlers in
  * `daemon/handlers/apps.ts`, `daemon/handlers/publish.ts`,
  * `daemon/handlers/signing.ts`, and `daemon/handlers/open-bundle-handler.ts`
  * so that the same operations are available over HTTP.
@@ -23,8 +23,6 @@ import { compileApp } from "../../bundler/app-compiler.js";
 import { scanBundle } from "../../bundler/bundle-scanner.js";
 import { verifyBundleSignature } from "../../bundler/signature-verifier.js";
 import { defaultGallery } from "../../gallery/default-gallery.js";
-import { resolveHomeBaseAppId } from "../../home-base/bootstrap.js";
-import { isPrebuiltHomeBaseApp } from "../../home-base/prebuilt-home-base-updater.js";
 import {
   getAppDiff,
   getAppHistory,
@@ -90,45 +88,19 @@ function listAppsFiltered(): Array<{
   version: string;
   contentId: string;
 }> {
-  const allApps = listApps();
-  const homeBaseId = resolveHomeBaseAppId();
-  const excludeIds = new Set<string>();
-  if (homeBaseId) {
-    excludeIds.add(homeBaseId);
-  } else {
-    for (const a of allApps) {
-      if (isPrebuiltHomeBaseApp(a)) {
-        excludeIds.add(a.id);
-        continue;
-      }
-      const fullApp = getApp(a.id);
-      if (fullApp && isPrebuiltHomeBaseApp(fullApp)) {
-        excludeIds.add(a.id);
-        continue;
-      }
-    }
-  }
-  return allApps
-    .filter((a) => {
-      if (excludeIds.has(a.id)) return false;
-      if (isPrebuiltHomeBaseApp(a)) return false;
-      return true;
-    })
-    .map((a) => {
-      const version = a.version ?? "1.0.0";
-      const contentId = computeContentId(a.name);
-      return {
-        id: a.id,
-        name: a.name,
-        description: a.description,
-        icon: a.icon,
-        createdAt: a.createdAt,
-        version,
-        contentId,
-      };
-    });
+  return listApps().map((a) => {
+    const version = a.version ?? "1.0.0";
+    const contentId = computeContentId(a.name);
+    return {
+      id: a.id,
+      name: a.name,
+      description: a.description,
+      icon: a.icon,
+      createdAt: a.createdAt,
+      version,
+      contentId,
+    };
+  });
 }
 function getAppDataResult(
@@ -251,7 +223,9 @@ function listSharedApps(): Array<Record<string, unknown>> {
 function forkSharedApp(
   appUuid: string,
-): { success: true; appId: string; name: string } | { success: false; error: string } {
+):
+  | { success: true; appId: string; name: string }
+  | { success: false; error: string } {
   if (
     appUuid.includes("/") ||
     appUuid.includes("\\") ||
@@ -294,10 +268,11 @@ function forkSharedApp(
 async function installGalleryApp(
   galleryAppId: string,
-): Promise<{ success: true; appId: string; name: string } | { success: false; error: string }> {
-  const galleryApp = defaultGallery.apps.find(
-    (a) => a.id === galleryAppId,
-  );
+): Promise<
+  | { success: true; appId: string; name: string }
+  | { success: false; error: string }
+> {
+  const galleryApp = defaultGallery.apps.find((a) => a.id === galleryAppId);
   if (!galleryApp) {
     return {
       success: false,
@@ -408,7 +383,11 @@ export function appManagementRouteDefinitions(): RouteDefinition[] {
         } catch (err) {
           const message = err instanceof Error ? err.message : String(err);
           log.error({ err }, "Failed to list apps");
-          return httpError("INTERNAL_ERROR", `Failed to list apps: ${message}`, 500);
+          return httpError(
+            "INTERNAL_ERROR",
+            `Failed to list apps: ${message}`,
+            500,
+          );
         }
       },
     },
@@ -560,15 +539,16 @@ export function appManagementRouteDefinitions(): RouteDefinition[] {
               return httpError("BAD_REQUEST", "payload is not valid JSON", 400);
             }
-            const signatureJson: import("../../bundler/bundle-signer.js").SignatureJson = {
-              algorithm: "ed25519",
-              signer: {
-                key_id: body.keyId,
-                display_name: "HTTP Signer",
-              },
-              content_hashes: contentHashes,
-              signature: body.signature,
-            };
+            const signatureJson: import("../../bundler/bundle-signer.js").SignatureJson =
+              {
+                algorithm: "ed25519",
+                signer: {
+                  key_id: body.keyId,
+                  display_name: "HTTP Signer",
+                },
+                content_hashes: contentHashes,
+                signature: body.signature,
+              };
             return Response.json({ signed: true, signatureJson });
           }
@@ -629,8 +609,14 @@ export function appManagementRouteDefinitions(): RouteDefinition[] {
           return Response.json({ success: true, result });
         } catch (err) {
           const message = err instanceof Error ? err.message : String(err);
-          log.error({ err, appId: params.id }, "Error handling app data request");
-          return Response.json({ success: false, error: message }, { status: 400 });
+          log.error(
+            { err, appId: params.id },
+            "Error handling app data request",
+          );
+          return Response.json(
+            { success: false, error: message },
+            { status: 400 },
+          );
         }
       },
     },
@@ -656,8 +642,14 @@ export function appManagementRouteDefinitions(): RouteDefinition[] {
           return Response.json({ success: true, result });
         } catch (err) {
           const message = err instanceof Error ? err.message : String(err);
-          log.error({ err, appId: params.id }, "Error handling app data request");
-          return Response.json({ success: false, error: message }, { status: 400 });
+          log.error(
+            { err, appId: params.id },
+            "Error handling app data request",
+          );
+          return Response.json(
+            { success: false, error: message },
+            { status: 400 },
+          );
         }
       },
     },
@@ -704,7 +696,10 @@ export function appManagementRouteDefinitions(): RouteDefinition[] {
           });
         } catch (err) {
           const message = err instanceof Error ? err.message : String(err);
-          log.error({ err, appId: params.id }, "Failed to handle app open request");
+          log.error(
+            { err, appId: params.id },
+            "Failed to handle app open request",
+          );
           return httpError(
             "INTERNAL_ERROR",
             `Failed to open app: ${message}`,
@@ -819,8 +814,7 @@ export function appManagementRouteDefinitions(): RouteDefinition[] {
               400,
             );
           }
-          const toCommit =
-            url.searchParams.get("toCommit") ?? undefined;
+          const toCommit = url.searchParams.get("toCommit") ?? undefined;
           const diff = await getAppDiff(params.id, fromCommit, toCommit);
           return Response.json({ appId: params.id, diff });
         } catch (err) {
@@ -893,12 +887,14 @@ export function appManagementRouteDefinitions(): RouteDefinition[] {
       handler: async ({ params }) => {
         try {
           // Package without signing callback (HTTP clients handle signing
-          // separately or skip it). The IPC flow used a socket-based
-          // signing callback; HTTP callers can use the sign-bundle
+          // separately or skip it). HTTP callers can use the sign-bundle
           // endpoint independently if needed.
           const result = await packageApp(params.id);
           const bundleData = readFileSync(result.bundlePath);
-          const { shareToken } = createSharedAppLink(bundleData, result.manifest);
+          const { shareToken } = createSharedAppLink(
+            bundleData,
+            result.manifest,
+          );
           const shareUrl = `/v1/apps/shared/${shareToken}`;

package/src/runtime/routes/approval-routes.ts CHANGED Viewed

@@ -107,9 +107,7 @@ export async function handleConfirm(
     }
     if (selectedScope) {
-      const validScopes = (confirmation.scopeOptions ?? []).map(
-        (o) => o.scope,
-      );
+      const validScopes = (confirmation.scopeOptions ?? []).map((o) => o.scope);
       if (validScopes.length === 0) {
         if (selectedScope !== "everywhere") {
           return httpError(