@vellumai/assistant 0.4.46 → 0.4.49

package/src/daemon/session.ts

@@ -35,18 +35,23 @@ import {
 } from "../events/tool-profiling-listener.js";
 import { registerToolTraceListener } from "../events/tool-trace-listener.js";
 import { getHookManager } from "../hooks/manager.js";
+import { resolveCanonicalGuardianRequest } from "../memory/canonical-guardian-store.js";
 import { PermissionPrompter } from "../permissions/prompter.js";
 import { SecretPrompter } from "../permissions/secret-prompter.js";
+import { patternMatchesCandidate } from "../permissions/trust-store.js";
 import type { UserDecision } from "../permissions/types.js";
 import { buildSystemPrompt } from "../prompts/system-prompt.js";
 import type { Message } from "../providers/types.js";
 import type { Provider } from "../providers/types.js";
 import type { TrustClass } from "../runtime/actor-trust-resolver.js";
 import type { AuthContext } from "../runtime/auth/types.js";
+import * as pendingInteractions from "../runtime/pending-interactions.js";
 import * as approvalOverrides from "../runtime/session-approval-overrides.js";
 import { ToolExecutor } from "../tools/executor.js";
 import type { AssistantAttachmentDraft } from "./assistant-attachments.js";
 import { HostBashProxy } from "./host-bash-proxy.js";
+import type { CuObservationResult } from "./host-cu-proxy.js";
+import { HostCuProxy } from "./host-cu-proxy.js";
 import { HostFileProxy } from "./host-file-proxy.js";
 import type {
   ServerMessage,
@@ -161,6 +166,7 @@ export class Session {
   /** @internal */ taskRunId?: string;
   /** @internal */ callSessionId?: string;
   /** @internal */ hostBashProxy?: HostBashProxy;
+  /** @internal */ hostCuProxy?: HostCuProxy;
   /** @internal */ hostFileProxy?: HostFileProxy;
   /** @internal */ readonly queue = new MessageQueue();
   /** @internal */ currentActiveSurfaceId?: string;
@@ -199,10 +205,6 @@ export class Session {
     actions?: Array<{ id: string; label: string; style?: string }>;
     display?: string;
   }> = [];
-  /** @internal */ onEscalateToComputerUse?: (
-    task: string,
-    sourceSessionId: string,
-  ) => boolean;
   /** @internal */ workspaceTopLevelContext: string | null = null;
   /** @internal */ workspaceTopLevelDirty = true;
   public readonly traceEmitter: TraceEmitter;
@@ -324,7 +326,7 @@ export class Session {
       const resolved = {
         systemPrompt: hasSystemPromptOverride
           ? systemPrompt
-          : buildSystemPrompt(),
+          : buildSystemPrompt({ hasNoClient: this.hasNoClient }),
         maxTokens: configuredMaxTokens,
       };
       return resolved;
@@ -346,7 +348,7 @@ export class Session {
     );
     this.contextWindowManager = new ContextWindowManager({
       provider,
-      systemPrompt,
+      systemPrompt: () => resolveSystemPromptCallback([]).systemPrompt,
       config: config.contextWindow,
     });
 
@@ -388,6 +390,7 @@ export class Session {
     this.traceEmitter.updateSender(sendToClient);
     if (!opts?.skipProxySenderUpdate) {
       this.hostBashProxy?.updateSender(sendToClient, !hasNoClient);
+      this.hostCuProxy?.updateSender(sendToClient, !hasNoClient);
       this.hostFileProxy?.updateSender(sendToClient, !hasNoClient);
     }
   }
@@ -400,6 +403,7 @@ export class Session {
   /** Mark host proxies as unavailable so tool execution uses local fallback. */
   clearProxyAvailability(): void {
     this.hostBashProxy?.updateSender(this.sendToClient, false);
+    this.hostCuProxy?.updateSender(this.sendToClient, false);
     this.hostFileProxy?.updateSender(this.sendToClient, false);
   }
 
@@ -407,6 +411,7 @@ export class Session {
   restoreProxyAvailability(): void {
     if (!this.hasNoClient) {
       this.hostBashProxy?.updateSender(this.sendToClient, true);
+      this.hostCuProxy?.updateSender(this.sendToClient, true);
       this.hostFileProxy?.updateSender(this.sendToClient, true);
     }
   }
@@ -415,16 +420,6 @@ export class Session {
     this.sandboxOverride = enabled;
   }
 
-  setEscalationHandler(
-    handler: (task: string, sourceSessionId: string) => boolean,
-  ): void {
-    this.onEscalateToComputerUse = handler;
-  }
-
-  hasEscalationHandler(): boolean {
-    return this.onEscalateToComputerUse !== undefined;
-  }
-
   isProcessing(): boolean {
     return this.processing;
   }
@@ -447,6 +442,7 @@ export class Session {
   dispose(): void {
     approvalOverrides.clearMode(this.conversationId);
     this.hostBashProxy?.dispose();
+    this.hostCuProxy?.dispose();
     this.hostFileProxy?.dispose();
     disposeSession(this);
   }
@@ -589,6 +585,122 @@ export class Session {
       undefined,
       "Resuming after approval",
     );
+
+    // Cascade to other pending confirmations that match this decision
+    this.cascadePendingApprovals(requestId, decision, selectedPattern);
+  }
+
+  /**
+   * After resolving one confirmation, auto-resolve other pending
+   * confirmations in the same conversation that match the decision.
+   *
+   * - allow_10m / allow_thread → approve ALL pending in conversation
+   * - always_allow / always_allow_high_risk → approve pattern-matching pending
+   * - always_deny → deny pattern-matching pending
+   * - allow / deny (one-time) → no cascading
+   */
+  private cascadePendingApprovals(
+    primaryRequestId: string,
+    decision: UserDecision,
+    selectedPattern?: string,
+  ): void {
+    // Single-action decisions don't cascade
+    if (decision === "allow" || decision === "deny") return;
+
+    const pendingRequestIds = this.prompter.getPendingRequestIds();
+    if (pendingRequestIds.length === 0) return;
+
+    for (const candidateId of pendingRequestIds) {
+      if (candidateId === primaryRequestId) continue;
+
+      const interaction = pendingInteractions.get(candidateId);
+      if (!interaction) continue;
+      if (interaction.conversationId !== this.conversationId) continue;
+      if (interaction.kind !== "confirmation") continue;
+
+      const cascadeResult = this.shouldCascade(
+        decision,
+        selectedPattern,
+        interaction.confirmationDetails,
+      );
+      if (!cascadeResult) continue;
+
+      // Consume from pending-interactions tracker
+      pendingInteractions.resolve(candidateId);
+
+      // Resolve via handleConfirmationResponse which emits events.
+      // Use simple "allow"/"deny" so the permission-checker won't save
+      // duplicate rules or re-activate temporary modes. Recursion
+      // terminates because allow/deny exit cascadePendingApprovals early.
+      this.handleConfirmationResponse(
+        candidateId,
+        cascadeResult.allow ? "allow" : "deny",
+        undefined,
+        undefined,
+        undefined,
+        {
+          source: "system",
+          causedByRequestId: primaryRequestId,
+        },
+      );
+
+      // Sync the canonical guardian request status for the cascaded request.
+      // Best-effort: canonical request tracking should not break the cascade flow.
+      try {
+        const targetStatus = cascadeResult.allow ? "approved" : "denied";
+        resolveCanonicalGuardianRequest(candidateId, "pending", {
+          status: targetStatus,
+        });
+      } catch {
+        // Ignore — canonical request tracking is best-effort
+      }
+    }
+  }
+
+  /**
+   * Determine whether a pending confirmation should be auto-resolved
+   * based on the cascading decision and pattern.
+   */
+  private shouldCascade(
+    decision: UserDecision,
+    selectedPattern: string | undefined,
+    details?: import("../runtime/pending-interactions.js").ConfirmationDetails,
+  ): { allow: boolean } | null {
+    // Temporary overrides apply to the entire conversation
+    if (decision === "allow_10m" || decision === "allow_thread") {
+      return { allow: true };
+    }
+
+    // Persistent allow: cascade if the pattern matches any allowlist candidate.
+    // "always_allow" must NOT cascade to high-risk pending confirmations —
+    // only "always_allow_high_risk" has consent for those.
+    if (
+      (decision === "always_allow" || decision === "always_allow_high_risk") &&
+      selectedPattern &&
+      details
+    ) {
+      if (decision === "always_allow" && details.riskLevel === "high") {
+        return null;
+      }
+      for (const option of details.allowlistOptions) {
+        if (patternMatchesCandidate(selectedPattern, option.pattern)) {
+          return { allow: true };
+        }
+      }
+      return null;
+    }
+
+    // Persistent deny: cascade denial if the pattern matches
+    if (decision === "always_deny" && selectedPattern && details) {
+      for (const option of details.allowlistOptions) {
+        if (patternMatchesCandidate(selectedPattern, option.pattern)) {
+          return { allow: false };
+        }
+      }
+      return null;
+    }
+
+    return null;
   }
 
   handleSecretResponse(
@@ -632,6 +744,17 @@ export class Session {
     this.hostFileProxy = proxy;
   }
 
+  resolveHostCu(requestId: string, observation: CuObservationResult): void {
+    this.hostCuProxy?.resolve(requestId, observation);
+  }
+
+  setHostCuProxy(proxy: HostCuProxy | undefined): void {
+    if (this.hostCuProxy && this.hostCuProxy !== proxy) {
+      this.hostCuProxy.dispose();
+    }
+    this.hostCuProxy = proxy;
+  }
+
   // ── Server-authoritative state signals ─────────────────────────────
 
   emitConfirmationStateChanged(

package/src/daemon/tool-side-effects.ts

@@ -220,9 +220,7 @@ registerHook(
     const SETTING_TO_KEY: Record<string, string> = {
       activation_key: "pttActivationKey",
       tts_voice_id: "ttsVoiceId",
-      wake_word_enabled: "wakeWordEnabled",
-      wake_word_keyword: "wakeWordKeyword",
-      wake_word_timeout: "wakeWordTimeoutSeconds",
+      conversation_timeout: "voiceConversationTimeoutSeconds",
     };
     const key = SETTING_TO_KEY[setting];
     if (!key) return;
@@ -231,12 +229,8 @@ registerHook(
     // the validation logic in the tool's execute method.
     const raw = input.value;
     let coerced: string | boolean | number = raw as string;
-    if (setting === "wake_word_enabled") {
-      coerced = raw === true || raw === "true";
-    } else if (setting === "wake_word_timeout") {
+    if (setting === "conversation_timeout") {
       coerced = typeof raw === "number" ? raw : Number(raw);
-    } else if (setting === "wake_word_keyword" && typeof raw === "string") {
-      coerced = raw.trim();
     } else if (setting === "tts_voice_id" && typeof raw === "string") {
       coerced = raw.trim();
     }

package/src/daemon/watch-handler.ts

@@ -79,8 +79,8 @@ export async function handleWatchObservation(
       "Observation added to session",
     );
 
-    // 4. Every 3 observations: call the LLM for live commentary (chat-initiated watch only)
-    if (!session.isRideShotgun && session.observations.length % 3 === 0) {
+    // 4. Every 3 observations: call the LLM for live commentary
+    if (session.observations.length % 3 === 0) {
       log.debug(
         { watchId: msg.watchId, observationCount: session.observations.length },
         "Triggering commentary generation (every 3rd observation)",

package/src/email/providers/index.ts

@@ -5,6 +5,7 @@
  */
 
 import { getNestedValue, loadRawConfig } from "../../config/loader.js";
+import { credentialKey } from "../../security/credential-key.js";
 import { getSecureKey } from "../../security/secure-keys.js";
 import { ConfigError } from "../../util/errors.js";
 import type { EmailProvider } from "../provider.js";
@@ -13,7 +14,7 @@ export const SUPPORTED_PROVIDERS = ["agentmail"] as const;
 export type SupportedProvider = (typeof SUPPORTED_PROVIDERS)[number];
 
 const PROVIDER_KEY_MAP: Record<SupportedProvider, string[]> = {
-  agentmail: ["agentmail", "credential:agentmail:api_key"],
+  agentmail: ["agentmail", credentialKey("agentmail", "api_key")],
 };
 
 /**

package/src/events/tool-metrics-listener.ts

@@ -1,4 +1,4 @@
-import { getLogger, isDebug, truncateForLog } from "../util/logger.js";
+import { getLogger, truncateForLog } from "../util/logger.js";
 import type { EventBus, Subscription } from "./bus.js";
 import type { AssistantDomainEvents } from "./domain-events.js";
 
@@ -23,7 +23,7 @@ export function registerToolMetricsLoggingListener(
   options?: MetricsListenerOptions,
 ): Subscription {
   const logger = options?.logger ?? defaultLogger;
-  const debugEnabled = options?.debugEnabled ?? isDebug;
+  const debugEnabled = options?.debugEnabled ?? (() => false);
   const truncate = options?.truncate ?? truncateForLog;
 
   return eventBus.onAny((event) => {

package/src/hooks/manager.ts

@@ -2,7 +2,7 @@ import { type FSWatcher, watch } from "node:fs";
 
 import { Debouncer } from "../util/debounce.js";
 import { pathExists } from "../util/fs.js";
-import { getLogger, isDebug } from "../util/logger.js";
+import { getLogger } from "../util/logger.js";
 import { getHooksDir } from "../util/platform.js";
 import { discoverHooks } from "./discovery.js";
 import { runHookScript } from "./runner.js";
@@ -73,9 +73,6 @@ export class HookManager {
             "Hook exited with non-zero code",
           );
         }
-        if (result.stderr && isDebug()) {
-          process.stderr.write(result.stderr);
-        }
       } catch (err) {
         log.warn({ err, hook: hook.name, event }, "Hook execution failed");
       }

package/src/inbound/public-ingress-urls.ts

@@ -8,13 +8,13 @@
  *   1. **User Settings** (`config.ingress.publicBaseUrl`) — set via
  *      the in-chat config flow, the Settings UI, or `config set ingress.publicBaseUrl`. This is the
  *      primary source of truth. When the assistant spawns or restarts
- *      the gateway, this value is forwarded as the `INGRESS_PUBLIC_BASE_URL`
- *      environment variable so both processes agree on the same URL.
+ *      the gateway, the workspace config file is read so both processes
+ *      agree on the same URL.
  *
- *   2. **Environment variable** (`INGRESS_PUBLIC_BASE_URL`) — serves as a
- *      fallback for operational use (e.g. direct gateway-only deployments
- *      without the assistant, or CI overrides). When the assistant is
- *      managing the gateway, the env var is set automatically from (1).
+ *   2. **Module-level state** (`getIngressPublicBaseUrl()`) — serves as a
+ *      fallback for operational use (e.g. runtime tunnel updates). When
+ *      tunnels start or stop, `setIngressPublicBaseUrl()` updates this
+ *      value in-process.
  *
  * This chain ensures that:
  *   - The assistant's outbound callback URLs (Twilio webhooks, OAuth
@@ -70,7 +70,7 @@ export function getPublicBaseUrl(config: IngressConfig): string {
   }
 
   throw new Error(
-    "No public base URL configured. Set ingress.publicBaseUrl in config or INGRESS_PUBLIC_BASE_URL env var.",
+    "No public base URL configured. Set ingress.publicBaseUrl in config.",
   );
 }
 

package/src/instrument.ts

@@ -1,7 +1,9 @@
+import { arch, platform, release } from "node:os";
+
 import * as Sentry from "@sentry/node";
 
 import { getSentryDsn } from "./config/env.js";
-import { APP_VERSION } from "./version.js";
+import { APP_VERSION, COMMIT_SHA } from "./version.js";
 
 /** Patterns that match sensitive data in Sentry event values. */
 const PII_PATTERNS = [
@@ -42,8 +44,20 @@ export function initSentry(): void {
   Sentry.init({
     dsn: getSentryDsn(),
     release: `vellum-assistant@${APP_VERSION}`,
+    dist: COMMIT_SHA,
     environment: APP_VERSION === "0.0.0-dev" ? "development" : "production",
     sendDefaultPii: false,
+    initialScope: {
+      tags: {
+        commit: COMMIT_SHA,
+        os_platform: platform(),
+        os_release: release(),
+        os_arch: arch(),
+        runtime: "bun",
+        runtime_version:
+          typeof Bun !== "undefined" ? Bun.version : process.version,
+      },
+    },
     beforeSend(event) {
       if (event.exception?.values) {
         event.exception.values = event.exception.values.map((ex) => ({

package/src/logfire.ts

@@ -1,4 +1,4 @@
-import { getLogfireToken, isMonitoringEnabled } from "./config/env.js";
+import { getLogfireToken } from "./config/env.js";
 import type {
   Message,
   Provider,
@@ -13,7 +13,7 @@ const log = getLogger("logfire");
 
 type LogfireModule = typeof import("@pydantic/logfire-node");
 
-const LOGFIRE_ENABLED: boolean = !!getLogfireToken() && isMonitoringEnabled();
+let logfireEnabled: boolean = !!getLogfireToken();
 
 let logfireInstance: LogfireModule | null = null;
 
@@ -23,7 +23,7 @@ let logfireInstance: LogfireModule | null = null;
  * Non-fatal on failure (logs warning and continues).
  */
 export async function initLogfire(): Promise<void> {
-  if (!LOGFIRE_ENABLED) return;
+  if (!logfireEnabled) return;
 
   try {
     const logfire = await import("@pydantic/logfire-node");
@@ -42,12 +42,23 @@ export async function initLogfire(): Promise<void> {
   }
 }
 
+/**
+ * Disable Logfire after early initialization. Called when the user has opted
+ * out via the feature flag. Nulls out the instance so future wrapWithLogfire
+ * calls become no-ops.
+ */
+export function disableLogfire(): void {
+  logfireEnabled = false;
+  logfireInstance = null;
+  log.info("Logfire disabled by feature flag");
+}
+
 /**
  * Wraps a provider with Logfire tracing spans.
- * When LOGFIRE_ENABLED is false, returns the provider as-is (no wrapper allocated).
+ * When logfireEnabled is false, returns the provider as-is (no wrapper allocated).
  */
 export function wrapWithLogfire(provider: Provider): Provider {
-  if (!LOGFIRE_ENABLED) return provider;
+  if (!logfireEnabled) return provider;
   return new LogfireProvider(provider);
 }
 

package/src/media/app-icon-generator.ts

@@ -11,8 +11,16 @@ import { join } from "node:path";
 
 import { getConfig } from "../config/loader.js";
 import { getAppsDir } from "../memory/app-store.js";
+import {
+  buildManagedBaseUrl,
+  resolveManagedProxyContext,
+} from "../providers/managed-proxy/context.js";
 import { getLogger } from "../util/logger.js";
-import { generateImage, mapGeminiError } from "./gemini-image-service.js";
+import {
+  generateImage,
+  type ImageGenCredentials,
+  mapGeminiError,
+} from "./gemini-image-service.js";
 
 const log = getLogger("app-icon-generator");
 
@@ -29,8 +37,26 @@ export async function generateAppIcon(
 ): Promise<void> {
   const config = getConfig();
   const apiKey = config.apiKeys.gemini ?? process.env.GEMINI_API_KEY;
-  if (!apiKey) {
-    log.debug("No Gemini API key — skipping app icon generation");
+
+  let credentials: ImageGenCredentials | undefined;
+  if (apiKey) {
+    credentials = { type: "direct", apiKey };
+  } else {
+    const managedBaseUrl = buildManagedBaseUrl("vertex");
+    if (managedBaseUrl) {
+      const ctx = resolveManagedProxyContext();
+      credentials = {
+        type: "managed-proxy",
+        assistantApiKey: ctx.assistantApiKey,
+        baseUrl: managedBaseUrl,
+      };
+    }
+  }
+
+  if (!credentials) {
+    log.debug(
+      "No Gemini API key or managed proxy — skipping app icon generation",
+    );
     return;
   }
 
@@ -58,7 +84,7 @@ export async function generateAppIcon(
   try {
     log.info({ appId, appName }, "Generating app icon via Gemini");
 
-    const result = await generateImage(apiKey, {
+    const result = await generateImage(credentials, {
       prompt,
       mode: "generate",
       model: config.imageGenModel,

package/src/media/avatar-router.ts

@@ -1,19 +1,42 @@
 import { getConfig } from "../config/loader.js";
+import {
+  buildManagedBaseUrl,
+  resolveManagedProxyContext,
+} from "../providers/managed-proxy/context.js";
 import { ConfigError, ProviderError } from "../util/errors.js";
-import { generateImage } from "./gemini-image-service.js";
+import {
+  generateImage,
+  type ImageGenCredentials,
+} from "./gemini-image-service.js";
 
 export async function generateAvatar(
   prompt: string,
 ): Promise<{ imageBase64: string; mimeType: string }> {
   const config = getConfig();
   const geminiKey = config.apiKeys.gemini ?? process.env.GEMINI_API_KEY;
-  if (!geminiKey) {
+
+  let credentials: ImageGenCredentials | undefined;
+  if (geminiKey) {
+    credentials = { type: "direct", apiKey: geminiKey };
+  } else {
+    const managedBaseUrl = buildManagedBaseUrl("vertex");
+    if (managedBaseUrl) {
+      const ctx = resolveManagedProxyContext();
+      credentials = {
+        type: "managed-proxy",
+        assistantApiKey: ctx.assistantApiKey,
+        baseUrl: managedBaseUrl,
+      };
+    }
+  }
+
+  if (!credentials) {
     throw new ConfigError(
       "Gemini API key is not configured. Set it via `config set apiKeys.gemini <key>` or the GEMINI_API_KEY environment variable.",
     );
   }
 
-  const result = await generateImage(geminiKey, {
+  const result = await generateImage(credentials, {
     prompt,
     mode: "generate",
     model: config.imageGenModel,

package/src/media/gemini-image-service.ts

@@ -13,6 +13,21 @@ export interface ImageGenerationRequest {
   variants?: number;
 }
 
+/** Credentials for direct Gemini API access. */
+export interface DirectCredentials {
+  type: "direct";
+  apiKey: string;
+}
+
+/** Credentials for managed proxy access via Vertex AI. */
+export interface ManagedProxyCredentials {
+  type: "managed-proxy";
+  assistantApiKey: string;
+  baseUrl: string;
+}
+
+export type ImageGenCredentials = DirectCredentials | ManagedProxyCredentials;
+
 export interface GeneratedImage {
   mimeType: string;
   dataBase64: string;
@@ -64,7 +79,7 @@ export function mapGeminiError(error: unknown): string {
 // --- Core function ---
 
 export async function generateImage(
-  apiKey: string,
+  credentials: ImageGenCredentials,
   request: ImageGenerationRequest,
 ): Promise<ImageGenerationResult> {
   const model =
@@ -74,7 +89,18 @@ export async function generateImage(
 
   const variants = Math.max(1, Math.min(request.variants ?? 1, MAX_VARIANTS));
 
-  const client = new GoogleGenAI({ apiKey });
+  const client =
+    credentials.type === "managed-proxy"
+      ? new GoogleGenAI({
+          vertexai: true,
+          project: "proxy",
+          location: "us-central1",
+          httpOptions: {
+            baseUrl: credentials.baseUrl,
+            headers: { Authorization: `Bearer ${credentials.assistantApiKey}` },
+          },
+        })
+      : new GoogleGenAI({ apiKey: credentials.apiKey });
 
   // Build contents array — append a title request so the model's text
   // response contains a short filename-safe title for the generated image.

package/src/memory/conversation-key-store.ts

@@ -117,6 +117,27 @@ export function getOrCreateConversation(conversationKey: string): {
       return { conversationId: existing.conversationId, created: false };
     }
 
+    // Check if the conversationKey itself is an existing conversation ID.
+    // This happens when the client loads a thread from the conversations list
+    // and uses the server's conversationId as its local sessionId / conversationKey.
+    const existingConversation = tx
+      .select({ id: conversations.id })
+      .from(conversations)
+      .where(eq(conversations.id, conversationKey))
+      .get();
+
+    if (existingConversation) {
+      tx.insert(conversationKeys)
+        .values({
+          id: uuid(),
+          conversationKey,
+          conversationId: existingConversation.id,
+          createdAt: Date.now(),
+        })
+        .run();
+      return { conversationId: existingConversation.id, created: false };
+    }
+
     const now = Date.now();
     const conversationId = uuid();
 

package/src/memory/db-init.ts

@@ -28,6 +28,7 @@ import {
   createMediaAssetsTables,
   createMessagesFts,
   createNotificationTables,
+  createOAuthTables,
   createScopedApprovalGrantsTable,
   createSequenceTables,
   createTasksAndWorkItemsTables,
@@ -340,6 +341,9 @@ export function initializeDb(): void {
   // 52. Drop the legacy reminders table after data migration
   migrateDropRemindersTable(database);
 
+  // 53. OAuth provider/app/connection tables
+  createOAuthTables(database);
+
   validateMigrationState(database);
 
   if (process.env.BUN_TEST === "1") {

package/src/memory/guardian-action-store.ts

@@ -44,7 +44,7 @@ export type FollowupState =
   | "completed"
   | "declined"
   | "failed";
-export type FollowupAction = "call_back" | "message_back" | "decline";
+export type FollowupAction = "call_back" | "decline";
 
 export interface GuardianActionRequest {
   id: string;