@vellumai/assistant 0.4.44 → 0.4.45

package/src/schedule/scheduler.ts

@@ -1,13 +1,6 @@
 import { bootstrapConversation } from "../memory/conversation-bootstrap.js";
 import { invalidateAssistantInferredItemsForConversation } from "../memory/task-memory-cleanup.js";
 import { runSequencesOnce } from "../sequence/engine.js";
-import {
-  claimDueReminders,
-  completeReminder,
-  failReminder,
-  type RoutingIntent,
-  setReminderConversationId,
-} from "../tools/reminder/reminder-store.js";
 import { getLogger } from "../util/logger.js";
 import {
   runWatchersOnce,
@@ -17,8 +10,11 @@ import {
 import { hasSetConstructs } from "./recurrence-engine.js";
 import {
   claimDueSchedules,
+  completeOneShot,
   completeScheduleRun,
   createScheduleRun,
+  failOneShot,
+  type RoutingIntent,
 } from "./schedule-store.js";
 
 const log = getLogger("scheduler");
@@ -33,13 +29,13 @@ export type ScheduleMessageProcessor = (
   options?: ScheduleMessageOptions,
 ) => Promise<unknown>;
 
-export type ReminderNotifier = (reminder: {
+export type ScheduleNotifyModeNotifier = (payload: {
   id: string;
   label: string;
   message: string;
   routingIntent: RoutingIntent;
   routingHints: Record<string, unknown>;
-}) => void;
+}) => void | Promise<void>;
 
 export type ScheduleNotifier = (schedule: { id: string; name: string }) => void;
 
@@ -58,7 +54,7 @@ const TICK_INTERVAL_MS = 15_000;
 
 export function startScheduler(
   processMessage: ScheduleMessageProcessor,
-  notifyReminder: ReminderNotifier,
+  notifyScheduleOneShot: ScheduleNotifyModeNotifier,
   notifySchedule: ScheduleNotifier,
   watcherNotifier?: WatcherNotifier,
   watcherEscalator?: WatcherEscalator,
@@ -73,7 +69,7 @@ export function startScheduler(
     try {
       await runScheduleOnce(
         processMessage,
-        notifyReminder,
+        notifyScheduleOneShot,
         notifySchedule,
         watcherNotifier,
         watcherEscalator,
@@ -96,7 +92,7 @@ export function startScheduler(
     async runOnce(): Promise<number> {
       return runScheduleOnce(
         processMessage,
-        notifyReminder,
+        notifyScheduleOneShot,
         notifySchedule,
         watcherNotifier,
         watcherEscalator,
@@ -112,7 +108,7 @@ export function startScheduler(
 
 async function runScheduleOnce(
   processMessage: ScheduleMessageProcessor,
-  notifyReminder: ReminderNotifier,
+  notifyScheduleOneShot: ScheduleNotifyModeNotifier,
   notifySchedule: ScheduleNotifier,
   watcherNotifier?: WatcherNotifier,
   watcherEscalator?: WatcherEscalator,
@@ -121,15 +117,60 @@ async function runScheduleOnce(
   const now = Date.now();
   let processed = 0;
 
-  // ── Recurrence schedules (cron + RRULE) ─────────────────────────────
+  // ── Schedules (recurring cron/RRULE + one-shot) ─────────────────────
   const jobs = claimDueSchedules(now);
   for (const job of jobs) {
+    const isOneShot = job.expression == null;
+
+    // ── Notify mode (one-shot or recurring) ─────────────────────────
+    if (job.mode === "notify") {
+      try {
+        log.info(
+          { jobId: job.id, name: job.name, isOneShot },
+          "Firing schedule notification",
+        );
+        await notifyScheduleOneShot({
+          id: job.id,
+          label: job.name,
+          message: job.message,
+          routingIntent: job.routingIntent,
+          routingHints: job.routingHints,
+        });
+        if (isOneShot) {
+          completeOneShot(job.id);
+        } else {
+          // Track recurring notify-mode success so lastStatus resets to ok
+          // and retryCount clears after a transient failure.
+          const runId = createScheduleRun(job.id, `notify-ok:${job.id}`);
+          completeScheduleRun(runId, { status: "ok" });
+        }
+      } catch (err) {
+        log.warn(
+          { err, jobId: job.id, name: job.name, isOneShot },
+          "Schedule notification failed",
+        );
+        if (isOneShot) {
+          failOneShot(job.id);
+        } else {
+          // Track recurring notify-mode failures via a schedule run so the
+          // occurrence isn't silently lost and lastStatus/retryCount update.
+          const errorMsg = err instanceof Error ? err.message : String(err);
+          const runId = createScheduleRun(job.id, `notify-error:${job.id}`);
+          completeScheduleRun(runId, { status: "error", error: errorMsg });
+        }
+      }
+      processed += 1;
+      continue;
+    }
+
+    // ── Execute mode ────────────────────────────────────────────────
+
     // Check if message is a task invocation (run_task:<task_id>)
     const taskMatch = job.message.match(/^run_task:(\S+)$/);
     if (taskMatch) {
       const taskId = taskMatch[1];
       const isRruleSet =
-        job.syntax === "rrule" && hasSetConstructs(job.expression);
+        job.syntax === "rrule" && job.expression != null && hasSetConstructs(job.expression);
       try {
         log.info(
           {
@@ -139,6 +180,7 @@ async function runScheduleOnce(
             syntax: job.syntax,
             expression: job.expression,
             isRruleSet,
+            isOneShot,
           },
           "Executing scheduled task",
         );
@@ -159,9 +201,11 @@ async function runScheduleOnce(
             status: "error",
             error: result.error ?? "Task run failed",
           });
+          if (isOneShot) failOneShot(job.id);
         } else {
           completeScheduleRun(runId, { status: "ok" });
           notifySchedule({ id: job.id, name: job.name });
+          if (isOneShot) completeOneShot(job.id);
         }
         processed += 1;
       } catch (err) {
@@ -175,6 +219,7 @@ async function runScheduleOnce(
             syntax: job.syntax,
             expression: job.expression,
             isRruleSet,
+            isOneShot,
           },
           "Scheduled task execution failed",
         );
@@ -192,6 +237,7 @@ async function runScheduleOnce(
         });
         const runId = createScheduleRun(job.id, fallbackConversation.id);
         completeScheduleRun(runId, { status: "error", error: message });
+        if (isOneShot) failOneShot(job.id);
       }
       continue;
     }
@@ -200,7 +246,9 @@ async function runScheduleOnce(
       source: "schedule",
       scheduleJobId: job.id,
       origin: "schedule",
-      systemHint: `Schedule: ${job.name}`,
+      systemHint: isOneShot
+        ? `Reminder: ${job.name}`
+        : `Schedule: ${job.name}`,
     });
     onScheduleThreadCreated?.({
       conversationId: conversation.id,
@@ -209,7 +257,7 @@ async function runScheduleOnce(
     });
     const runId = createScheduleRun(job.id, conversation.id);
     const isRruleSetMsg =
-      job.syntax === "rrule" && hasSetConstructs(job.expression);
+      job.syntax === "rrule" && job.expression != null && hasSetConstructs(job.expression);
 
     try {
       log.info(
@@ -219,15 +267,17 @@ async function runScheduleOnce(
           syntax: job.syntax,
           expression: job.expression,
           isRruleSet: isRruleSetMsg,
+          isOneShot,
           conversationId: conversation.id,
         },
-        "Executing schedule",
+        isOneShot ? "Executing one-shot schedule" : "Executing schedule",
       );
       await processMessage(conversation.id, job.message, {
         trustClass: "guardian",
       });
       completeScheduleRun(runId, { status: "ok" });
       notifySchedule({ id: job.id, name: job.name });
+      if (isOneShot) completeOneShot(job.id);
       processed += 1;
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
@@ -239,10 +289,14 @@ async function runScheduleOnce(
           syntax: job.syntax,
           expression: job.expression,
           isRruleSet: isRruleSetMsg,
+          isOneShot,
         },
-        "Schedule execution failed",
+        isOneShot
+          ? "One-shot schedule execution failed"
+          : "Schedule execution failed",
       );
       completeScheduleRun(runId, { status: "error", error: message });
+      if (isOneShot) failOneShot(job.id);
 
       try {
         invalidateAssistantInferredItemsForConversation(conversation.id);
@@ -255,61 +309,6 @@ async function runScheduleOnce(
     }
   }
 
-  // ── One-shot reminders ──────────────────────────────────────────────
-  const dueReminders = claimDueReminders(now);
-  for (const reminder of dueReminders) {
-    if (reminder.mode === "execute") {
-      const conversation = bootstrapConversation({
-        source: "reminder",
-        origin: "reminder",
-        systemHint: `Reminder: ${reminder.label}`,
-      });
-      setReminderConversationId(reminder.id, conversation.id);
-      try {
-        log.info(
-          {
-            reminderId: reminder.id,
-            label: reminder.label,
-            conversationId: conversation.id,
-          },
-          "Executing reminder",
-        );
-        await processMessage(conversation.id, reminder.message, {
-          trustClass: "guardian",
-        });
-        completeReminder(reminder.id);
-      } catch (err) {
-        log.warn(
-          { err, reminderId: reminder.id },
-          "Reminder execution failed, reverting to pending",
-        );
-        failReminder(reminder.id);
-      }
-    } else {
-      try {
-        log.info(
-          { reminderId: reminder.id, label: reminder.label },
-          "Firing reminder notification",
-        );
-        notifyReminder({
-          id: reminder.id,
-          label: reminder.label,
-          message: reminder.message,
-          routingIntent: reminder.routingIntent,
-          routingHints: reminder.routingHints,
-        });
-        completeReminder(reminder.id);
-      } catch (err) {
-        log.warn(
-          { err, reminderId: reminder.id },
-          "Reminder notification failed, reverting to pending",
-        );
-        failReminder(reminder.id);
-      }
-    }
-    processed += 1;
-  }
-
   // ── Watchers (event-driven polling) ────────────────────────────────
   if (watcherNotifier && watcherEscalator) {
     try {

package/src/security/oauth2.ts

@@ -59,7 +59,7 @@ export interface OAuth2TokenResult {
 }
 
 export interface OAuth2FlowCallbacks {
-  /** Open a URL in the user's browser (e.g. via IPC `open_url`). */
+  /** Open a URL in the user's browser (e.g. via `open_url` message). */
   openUrl: (url: string) => void;
 }
 

package/src/sequence/store.ts

@@ -1,7 +1,7 @@
 /**
  * SQLite-backed implementation of the SequenceStore interface.
  *
- * Follows the same patterns as schedule-store.ts and reminder-store.ts:
+ * Follows the same patterns as schedule-store.ts:
  * - Flat exported functions (no class)
  * - getDb() called inside each function
  * - Optimistic locking for claimDueEnrollments
@@ -215,7 +215,7 @@ export function listEnrollments(
 /**
  * Atomically claim enrollments that are due for processing.
  *
- * Uses the same optimistic locking pattern as claimDueReminders:
+ * Uses the same optimistic locking pattern as claimDueSchedules:
  * 1. Query candidates (status=active, nextStepAt <= now)
  * 2. For each, UPDATE with WHERE status='active' — only succeeds if not already claimed
  * 3. Check rawChanges() to confirm the lock was acquired
@@ -315,6 +315,16 @@ export function pauseEnrollment(id: string): void {
     .run();
 }
 
+/** Resume a paused enrollment — re-activates it so the scheduler picks it up. */
+export function resumeEnrollment(id: string): void {
+  const db = getDb();
+  const now = Date.now();
+  db.update(sequenceEnrollments)
+    .set({ status: "active", nextStepAt: now, updatedAt: now })
+    .where(eq(sequenceEnrollments.id, id))
+    .run();
+}
+
 // ── Query Helpers ───────────────────────────────────────────────────
 
 export function findActiveEnrollmentsByEmail(

package/src/skills/frontmatter.ts

@@ -1,17 +1,23 @@
 /**
  * Shared frontmatter parsing for SKILL.md files.
  *
- * Frontmatter is a YAML-like block delimited by `---` at the top of a file.
+ * Frontmatter is a YAML block delimited by `---` at the top of a file.
  * This module provides a single implementation used by the skill catalog loader
  * and the CC command registry.
  */
 
+import { parse as parseYaml } from "yaml";
+
+import { getLogger } from "../util/logger.js";
+
+const log = getLogger("frontmatter");
+
 /** Matches a `---` delimited frontmatter block at the start of a file. */
 export const FRONTMATTER_REGEX = /^---\r?\n([\s\S]*?)\r?\n---(?:\r?\n|$)/;
 
 export interface FrontmatterParseResult {
   /** Key-value pairs extracted from the frontmatter block. */
-  fields: Record<string, string>;
+  fields: Record<string, unknown>;
   /** The remaining file content after the frontmatter block. */
   body: string;
 }
@@ -20,8 +26,8 @@ export interface FrontmatterParseResult {
  * Parse frontmatter fields from file content.
  *
  * Extracts key-value pairs from the `---` delimited block at the top of the
- * file. Handles single- and double-quoted values, and unescapes common escape
- * sequences (`\n`, `\r`, `\\`, `\"`) in double-quoted values.
+ * file using a proper YAML parser. Handles nested objects, arrays, quoted
+ * strings, escape sequences, and all YAML features natively.
  *
  * Returns `null` if no frontmatter block is found.
  */
@@ -32,80 +38,16 @@ export function parseFrontmatterFields(
   if (!match) return null;
 
   const frontmatter = match[1];
-  const fields: Record<string, string> = {};
+  const body = content.slice(match[0].length);
 
-  const lines = frontmatter.split(/\r?\n/);
-  let currentKey: string | undefined;
-  let continuationLines: string[] = [];
-
-  function flushContinuation() {
-    if (currentKey !== undefined) {
-      if (continuationLines.length > 0) {
-        const joined = continuationLines.map((l) => l.trim()).join(" ");
-        // Try parsing as-is first to avoid corrupting commas inside quoted strings.
-        // Only apply trailing-comma cleanup if the raw text isn't valid JSON.
-        try {
-          JSON.parse(joined);
-          fields[currentKey] = joined;
-        } catch {
-          fields[currentKey] = joined.replace(/,\s*([}\]])/g, "$1");
-        }
-      } else {
-        fields[currentKey] = "";
-      }
+  try {
+    const parsed = parseYaml(frontmatter);
+    if (parsed == null || typeof parsed !== "object") {
+      return { fields: {}, body };
     }
-    currentKey = undefined;
-    continuationLines = [];
+    return { fields: parsed as Record<string, unknown>, body };
+  } catch (err) {
+    log.warn({ err }, "Failed to parse YAML frontmatter");
+    return null;
   }
-
-  for (const line of lines) {
-    const trimmed = line.trim();
-    if (!trimmed || trimmed.startsWith("#")) continue;
-
-    // Continuation line: indented and no top-level key: pattern
-    // (i.e. starts with whitespace and either has no colon or the colon
-    // is inside braces/quotes — heuristic: line starts with space/tab)
-    if (currentKey !== undefined && /^\s/.test(line)) {
-      continuationLines.push(trimmed);
-      continue;
-    }
-
-    // Flush any pending multiline value
-    flushContinuation();
-
-    const separatorIndex = trimmed.indexOf(":");
-    if (separatorIndex === -1) continue;
-
-    const key = trimmed.slice(0, separatorIndex).trim();
-    let value = trimmed.slice(separatorIndex + 1).trim();
-
-    if (!value) {
-      // Value may continue on subsequent indented lines
-      currentKey = key;
-      continuationLines = [];
-      continue;
-    }
-
-    const isDoubleQuoted = value.startsWith('"') && value.endsWith('"');
-    const isSingleQuoted = value.startsWith("'") && value.endsWith("'");
-    if (isDoubleQuoted || isSingleQuoted) {
-      value = value.slice(1, -1);
-      if (isDoubleQuoted) {
-        // Unescape sequences produced by buildSkillMarkdown's esc().
-        // Only for double-quoted values — single-quoted YAML treats backslashes literally.
-        // Single-pass to avoid misinterpreting \\n (escaped backslash + n) as a newline.
-        value = value.replace(/\\(["\\nr])/g, (_, ch) => {
-          if (ch === "n") return "\n";
-          if (ch === "r") return "\r";
-          return ch; // handles \\ → \ and \" → "
-        });
-      }
-    }
-    fields[key] = value;
-  }
-
-  // Flush any trailing multiline value
-  flushContinuation();
-
-  return { fields, body: content.slice(match[0].length) };
 }

package/src/skills/managed-store.ts

@@ -9,6 +9,8 @@ import {
 } from "node:fs";
 import { dirname, join } from "node:path";
 
+import { stringify as stringifyYaml } from "yaml";
+
 import { getLogger } from "../util/logger.js";
 import { getWorkspaceSkillsDir } from "../util/platform.js";
 
@@ -67,7 +69,10 @@ export function buildSkillMarkdown(input: BuildSkillMarkdownInput): string {
   lines.push(`description: "${esc(input.description)}"`);
 
   // Build metadata object matching the format parseFrontmatter expects:
-  // metadata: {"vellum":{"emoji":"...","user-invocable":false,...}}
+  // metadata:
+  //   vellum:
+  //     emoji: "..."
+  //     user-invocable: false
   const vellum: Record<string, unknown> = {};
   if (input.emoji) {
     vellum.emoji = input.emoji;
@@ -84,7 +89,11 @@ export function buildSkillMarkdown(input: BuildSkillMarkdownInput): string {
 
   if (Object.keys(vellum).length > 0) {
     const metadata = { vellum };
-    lines.push(`metadata: ${JSON.stringify(metadata)}`);
+    const yamlBlock = stringifyYaml(metadata, { indent: 2 });
+    lines.push("metadata:");
+    for (const yamlLine of yamlBlock.trimEnd().split("\n")) {
+      lines.push(`  ${yamlLine}`);
+    }
   }
 
   lines.push("---");

package/src/subagent/manager.ts

@@ -188,7 +188,7 @@ export class SubagentManager {
       memoryPolicy,
     );
 
-    // Mark session as having no direct IPC client — it routes through parent.
+    // Mark session as having no direct client — it routes through parent.
     // This ensures interactive prompts (host attachment reads) fail fast.
     session.updateClient(wrappedSendToClient, true);
 
@@ -380,7 +380,7 @@ export class SubagentManager {
   async sendMessage(
     subagentId: string,
     content: string,
-  ): Promise<"sent" | "empty" | "not_found" | "terminal" | "queue_full"> {
+  ): Promise<"sent" | "empty" | "not_found" | "terminal"> {
     const trimmed = content?.trim();
     if (!trimmed) return "empty";
 
@@ -398,7 +398,9 @@ export class SubagentManager {
       onEvent,
       requestId,
     );
-    if (result.rejected) return "queue_full";
+    if (result.rejected) {
+      return "sent"; // error event already delivered via onEvent
+    }
     if (!result.queued) {
       // Session is idle — send directly.  Fire-and-forget so we don't block.
       const messageId = await managed.session.persistUserMessage(trimmed, []);

package/src/tasks/ephemeral-permissions.ts

@@ -29,10 +29,9 @@ export function clearTaskRunRules(taskRunId: string): void {
  * default rules (50) so pre-approved tools aren't shadowed by default
  * `ask` rules (which would trigger prompting and auto-deny in
  * non-interactive task runs), but below user rules (100) so user deny
- * rules still take precedence. `allowHighRisk` is set because task runs
- * execute asynchronously without interactive confirmation — the client
- * pre-approves tools via the preflight flow before execution begins,
- * so there is no interactive prompt during the run itself.
+ * rules still take precedence. `allowHighRisk` is intentionally omitted:
+ * high-risk tool invocations still flow through the normal risk-classification
+ * path rather than being blanket-approved.
  */
 export function buildTaskRules(
   taskRunId: string,
@@ -45,7 +44,6 @@ export function buildTaskRules(
     pattern: "**",
     scope: "everywhere",
     decision: "allow" as const,
-    allowHighRisk: true,
     priority: 75,
     createdAt: Date.now(),
   }));

package/src/tools/AGENTS.md

@@ -32,7 +32,6 @@ If Team Jarvis has approved your new tool:
 2. Use `git commit --no-verify` to bypass the hook
 3. Include the approval context in your PR description
 
-
 ## Questions?
 
 Contact Team Jarvis before shipping a new tool.

package/src/tools/browser/browser-manager.ts

@@ -1,5 +1,5 @@
 import { existsSync, mkdirSync } from "node:fs";
-import { join } from "node:path";
+import { isAbsolute, join, relative, resolve } from "node:path";
 
 import { getLogger } from "../../util/logger.js";
 import { getDataDir } from "../../util/platform.js";
@@ -30,10 +30,7 @@ function findSystemChrome(): string | null {
     );
   } else {
     // Linux
-    candidates.push(
-      "/usr/bin/google-chrome",
-      "/usr/bin/google-chrome-stable",
-    );
+    candidates.push("/usr/bin/google-chrome", "/usr/bin/google-chrome-stable");
   }
 
   for (const candidate of candidates) {
@@ -60,6 +57,13 @@ function getDownloadsDir(): string {
   return dir;
 }
 
+export function sanitizeDownloadFilename(filename: string): string {
+  const leaf = filename.replaceAll("\\", "/").split("/").pop() ?? "";
+  const stripped = leaf.replaceAll("\0", "").trim();
+  const safe = stripped.length > 0 ? stripped : "download";
+  return safe === "." || safe === ".." ? "download" : safe;
+}
+
 /** Wraps a promise with a timeout to prevent indefinite hangs. */
 export function withTimeout<T>(
   promise: Promise<T>,
@@ -284,10 +288,7 @@ class BrowserManager {
         const systemChrome = findSystemChrome();
 
         if (systemChrome) {
-          log.info(
-            { path: systemChrome },
-            "Using system Chrome installation",
-          );
+          log.info({ path: systemChrome }, "Using system Chrome installation");
           launch = (userDataDir, options) =>
             pw.chromium.launchPersistentContext(userDataDir, {
               ...options,
@@ -778,8 +779,13 @@ class BrowserManager {
         failure(): Promise<string | null>;
       };
       try {
-        const filename = dl.suggestedFilename();
-        const destPath = join(getDownloadsDir(), `${Date.now()}-${filename}`);
+        const filename = sanitizeDownloadFilename(dl.suggestedFilename());
+        const downloadsDir = getDownloadsDir();
+        const destPath = resolve(downloadsDir, `${Date.now()}-${filename}`);
+        const relPath = relative(resolve(downloadsDir), destPath);
+        if (relPath.startsWith("..") || isAbsolute(relPath)) {
+          throw new Error("Resolved download path escaped downloads directory");
+        }
         await withTimeout(dl.saveAs(destPath), 120_000, "Download save");
         const info: DownloadInfo = { path: destPath, filename };
 

package/src/tools/browser/jit-auth.ts

@@ -1,4 +1,7 @@
-import type { FormField, FormSurfaceData } from "../../daemon/message-protocol.js";
+import type {
+  FormField,
+  FormSurfaceData,
+} from "../../daemon/message-protocol.js";
 import type { AuthChallenge, AuthField } from "./auth-detector.js";
 
 /**

package/src/tools/claude-code/claude-code.ts

@@ -26,7 +26,7 @@ const AUTO_APPROVE_TOOLS = new Set([
   "Bash(find *)",
 ]);
 
-// Tools that always require user approval via confirmation IPC
+// Tools that always require user approval via confirmation prompt
 const APPROVAL_REQUIRED_TOOLS = new Set([
   "Bash",
   "Edit",