@vellumai/assistant 0.4.46 → 0.4.49

package/src/permissions/prompter.ts

@@ -84,7 +84,10 @@ export class PermissionPrompter {
           "Permission prompt timed out, defaulting to deny",
         );
         this.onStateChanged?.(requestId, "timed_out", "timeout", toolUseId);
-        resolve({ decision: "deny" });
+        resolve({
+          decision: "deny",
+          decisionContext: `The permission prompt for the "${toolName}" tool timed out. The user did not explicitly deny this request — they may have been away or busy. You may retry this tool call if it is still needed for the current task.`,
+        });
       }, timeoutMs);
 
       this.pending.set(requestId, { resolve, reject, timer, toolUseId });
@@ -121,6 +124,7 @@ export class PermissionPrompter {
         executionTarget,
         persistentDecisionsAllowed: persistentDecisionsAllowed ?? true,
         temporaryOptionsAvailable,
+        toolUseId,
       });
 
       this.onStateChanged?.(requestId, "pending", "system", toolUseId);
@@ -131,6 +135,11 @@ export class PermissionPrompter {
     return this.pending.has(requestId);
   }
 
+  /** Returns all currently pending request IDs. */
+  getPendingRequestIds(): string[] {
+    return [...this.pending.keys()];
+  }
+
   /** Returns the toolUseId associated with a pending request, if any. */
   getToolUseId(requestId: string): string | undefined {
     return this.pending.get(requestId)?.toolUseId;

package/src/permissions/trust-store.ts

@@ -76,6 +76,19 @@ function getCompiledPattern(pattern: string): Minimatch | null {
   return compiled;
 }
 
+/**
+ * Check whether a minimatch pattern matches a candidate string.
+ * Reuses the compiled pattern cache from trust rule evaluation.
+ */
+export function patternMatchesCandidate(
+  pattern: string,
+  candidate: string,
+): boolean {
+  const compiled = getCompiledPattern(pattern);
+  if (!compiled) return false;
+  return compiled.match(candidate);
+}
+
 /** Rebuild the compiled pattern cache from the current rule set. */
 function rebuildPatternCache(rules: TrustRule[]): void {
   compiledPatterns.clear();

package/src/prompts/__tests__/build-cli-reference-section.test.ts

@@ -38,7 +38,9 @@ describe("buildCliReferenceSection", () => {
       "prefer real `assistant` CLI workflows over any legacy account-record abstraction",
     );
     expect(result).toContain("assistant credentials");
-    expect(result).toContain("assistant oauth token <service>");
+    expect(result).toContain(
+      "assistant oauth connections token <provider-key>",
+    );
     expect(result).toContain("assistant mcp auth <name>");
     expect(result).toContain("assistant platform status");
   });

package/src/prompts/system-prompt.ts

@@ -4,10 +4,10 @@ import { join } from "node:path";
 import { CLI_HELP_REFERENCE } from "../cli/reference.js";
 import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import { getBaseDataDir, getIsContainerized } from "../config/env-registry.js";
-import { getConfig, getNestedValue, loadRawConfig } from "../config/loader.js";
+import { getConfig } from "../config/loader.js";
 import { skillFlagKey } from "../config/skill-state.js";
 import { loadSkillCatalog, type SkillSummary } from "../config/skills.js";
-import { listCredentialMetadata } from "../tools/credentials/metadata-store.js";
+import { listConnections } from "../oauth/oauth-store.js";
 import { resolveBundledDir } from "../util/bundled-asset.js";
 import { getLogger } from "../util/logger.js";
 import {
@@ -109,7 +109,11 @@ export function isOnboardingComplete(): boolean {
  *   3. If BOOTSTRAP.md exists, append first-run ritual instructions
  *   4. Append skills catalog from ~/.vellum/workspace/skills
  */
-export function buildSystemPrompt(): string {
+export interface BuildSystemPromptOptions {
+  hasNoClient?: boolean;
+}
+
+export function buildSystemPrompt(options?: BuildSystemPromptOptions): string {
   const soulPath = getWorkspacePromptPath("SOUL.md");
   const identityPath = getWorkspacePromptPath("IDENTITY.md");
   const userPath = getWorkspacePromptPath("USER.md");
@@ -156,13 +160,14 @@ export function buildSystemPrompt(): string {
     );
   }
   if (getIsContainerized()) parts.push(buildContainerizedSection());
-  parts.push(buildConfigSection());
+  const hasNoClient = options?.hasNoClient ?? false;
+  parts.push(buildConfigSection(hasNoClient));
   parts.push(buildCliReferenceSection());
   parts.push(buildPostToolResponseSection());
   parts.push(buildExternalCommsIdentitySection());
   parts.push(buildChannelAwarenessSection());
   const config = getConfig();
-  parts.push(buildToolPermissionSection());
+  if (!hasNoClient) parts.push(buildToolPermissionSection());
   parts.push(buildTaskScheduleReminderRoutingSection());
   if (
     isAssistantFeatureFlagEnabled(
@@ -181,9 +186,9 @@ export function buildSystemPrompt(): string {
   if (!isOnboardingComplete()) {
     parts.push(buildStarterTaskPlaybookSection());
   }
-  parts.push(buildSystemPermissionSection());
+  if (!hasNoClient) parts.push(buildSystemPermissionSection());
   parts.push(buildSwarmGuidanceSection());
-  parts.push(buildAccessPreferenceSection());
+  parts.push(buildAccessPreferenceSection(hasNoClient));
   parts.push(buildIntegrationSection());
   parts.push(buildMemoryPersistenceSection());
   parts.push(buildMemoryRecallSection());
@@ -278,7 +283,7 @@ function buildAttachmentSection(): string {
     "",
     'Example: `<vellum-attachment source="sandbox" path="scratch/chart.png" />`',
     "",
-    "Limits: up to 5 attachments per turn, 20 MB each. Tool outputs that produce image or file content blocks are also automatically converted into attachments.",
+    "Limits: 20 MB per attachment. Tool outputs that produce image or file content blocks are also automatically converted into attachments.",
     "",
     "### Inline Images and GIFs",
     "Embed images/GIFs inline using markdown: `![description](URL)`. Do NOT wrap in code fences.",
@@ -363,13 +368,11 @@ export function buildVoiceSetupRoutingSection(): string {
   return [
     "## Routing: Voice Setup & Troubleshooting",
     "",
-    "Voice features include push-to-talk (PTT), wake word detection, and text-to-speech.",
+    "Voice features include push-to-talk (PTT) and text-to-speech.",
     "",
     "### Quick changes — use `voice_config_update` directly",
     '- "Change my PTT key to ctrl" — call `voice_config_update` with `setting: "activation_key"`',
-    '- "Enable wake word" — call `voice_config_update` with `setting: "wake_word_enabled"`, `value: true`',
-    '- "Set my wake word to jarvis" — call `voice_config_update` with `setting: "wake_word_keyword"`',
-    '- "Set wake word timeout to 30 seconds" — call `voice_config_update` with `setting: "wake_word_timeout"`',
+    '- "Set conversation timeout to 30 seconds" — call `voice_config_update` with `setting: "conversation_timeout"`',
     "",
     "For simple setting changes, use the tool directly without loading the voice-setup skill.",
     "",
@@ -379,15 +382,14 @@ export function buildVoiceSetupRoutingSection(): string {
     "**Trigger phrases:**",
     '- "Help me set up voice"',
     '- "Set up push-to-talk"',
-    '- "Configure voice / PTT / wake word"',
+    '- "Configure voice / PTT"',
     '- "PTT isn\'t working" / "push-to-talk not working"',
     '- "Recording but no text"',
-    '- "Wake word not detecting"',
     '- "Microphone not working"',
     '- "Set up ElevenLabs" / "configure TTS"',
     "",
     "### Disambiguation",
-    "- Voice setup (this skill) = **local PTT, wake word, microphone permissions** on the Mac desktop app.",
+    "- Voice setup (this skill) = **local PTT, microphone permissions** on the Mac desktop app.",
     "- Phone calls skill = **Twilio-powered voice calls** over the phone network. Completely separate.",
     '- If the user says "voice" in the context of phone calls or Twilio, load `phone-calls` instead.',
   ].join("\n");
@@ -418,7 +420,7 @@ export function buildPhoneCallsRoutingSection(): string {
     "",
     "### Exclusivity rules",
     "- Do NOT improvise Twilio setup instructions from general knowledge — always load the skill first.",
-    "- Do NOT confuse with voice-setup (local PTT/wake word/microphone) or guardian-verify-setup (channel verification).",
+    "- Do NOT confuse with voice-setup (local PTT/microphone) or guardian-verify-setup (channel verification).",
     '- If the user says "voice" in the context of phone calls or Twilio, load phone-calls, not voice-setup.',
     "- For guardian voice verification specifically, load guardian-verify-setup instead.",
   ].join("\n");
@@ -572,7 +574,23 @@ export function buildSwarmGuidanceSection(): string {
   ].join("\n");
 }
 
-function buildAccessPreferenceSection(): string {
+function buildAccessPreferenceSection(hasNoClient: boolean): string {
+  if (hasNoClient) {
+    return [
+      "## External Service Access Preference",
+      "",
+      "When interacting with external services (GitHub, Slack, Linear, Jira, cloud providers, etc.),",
+      "follow this priority order:",
+      "",
+      "1. **Sandbox first (`bash`)** — Always try to do things in your own sandbox environment first.",
+      "   If a tool (git, curl, jq, etc.) is not installed, install it yourself using `bash`",
+      "   (e.g. `apt-get install -y git`). The sandbox is your own machine — you have full control.",
+      "2. **web_fetch** — For public endpoints or simple API calls that don't need auth.",
+      "3. **Browser automation as last resort** — Only when the task genuinely requires a browser",
+      "   (e.g., no API exists, visual interaction needed, or OAuth consent screen).",
+    ].join("\n");
+  }
+
   return [
     "## External Service Access Preference",
     "",
@@ -609,38 +627,38 @@ function buildAccessPreferenceSection(): string {
           "",
           "### Foreground Computer Use — Last Resort",
           "",
-          "Foreground computer use (`computer_use_request_control`) takes over the user's cursor and",
-          "keyboard. It is disruptive and should be your LAST resort. Prefer this hierarchy:",
+          "Computer use tools (clicking, typing, scrolling) take over the user's cursor and keyboard.",
+          "They are disruptive and should be your LAST resort. Prefer this hierarchy:",
           "",
           "1. **CLI tools / osascript** — Use `host_bash` with shell commands or `osascript` with",
           "   AppleScript to accomplish tasks in the background without interrupting the user.",
           "2. **Background computer use** — If you must interact with a GUI app, prefer AppleScript",
           '   automation (e.g. `tell application "Safari" to set URL of current tab to ...`).',
-          "3. **Foreground computer use** — Only escalate via `computer_use_request_control` when",
-          "   the task genuinely cannot be done any other way (e.g. complex multi-step GUI interactions",
-          "   with no scripting support) or the user explicitly asks you to take control.",
+          "3. **Foreground computer use** — Only use computer use tools when the task genuinely",
+          "   cannot be done any other way (e.g. complex multi-step GUI interactions with no scripting",
+          "   support) or the user explicitly asks you to take control.",
         ]
       : []),
   ].join("\n");
 }
 
 function buildIntegrationSection(): string {
-  const allCreds = listCredentialMetadata();
-  // Show OAuth2-connected services (those with oauth2TokenUrl in metadata)
-  const oauthCreds = allCreds.filter(
-    (c) => c.oauth2TokenUrl && c.field === "access_token",
-  );
-  if (oauthCreds.length === 0) return "";
+  let connections: { providerKey: string; accountInfo?: string | null }[];
+  try {
+    connections = listConnections().filter((c) => c.status === "active");
+  } catch {
+    // DB not available — no connected services to show
+    return "";
+  }
+
+  if (connections.length === 0) return "";
 
-  const raw = loadRawConfig();
   const lines = ["## Connected Services", ""];
-  for (const cred of oauthCreds) {
-    const acctInfo = getNestedValue(
-      raw,
-      `integrations.accountInfo.${cred.service}`,
-    ) as string | undefined;
-    const state = acctInfo ? `Connected (${acctInfo})` : "Connected";
-    lines.push(`- **${cred.service}**: ${state}`);
+  for (const conn of connections) {
+    const state = conn.accountInfo
+      ? `Connected (${conn.accountInfo})`
+      : "Connected";
+    lines.push(`- **${conn.providerKey}**: ${state}`);
   }
 
   return lines.join("\n");
@@ -751,10 +769,12 @@ function buildPostToolResponseSection(): string {
     "  → Call document_create",
     "",
     "For permission-gated tools, send one short context sentence immediately before the tool call so the user can make an informed allow/deny decision.",
+    "",
+    '**Reason field:** For every tool call, include a `reason` parameter — a brief, non-technical explanation of what you are doing and why. This is shown to the user as a live status update. Use simple language a non-technical person would understand (e.g. "Checking your project settings" not "file_read config.ts").',
   ].join("\n");
 }
 
-function buildConfigSection(): string {
+function buildConfigSection(hasNoClient: boolean): string {
   // Always use `file_edit` (not `host_file_edit`) for workspace files — file_edit
   // handles sandbox path mapping internally, and host_file_edit is permission-gated
   // which would trigger approval prompts for routine workspace updates.
@@ -763,10 +783,14 @@ function buildConfigSection(): string {
   const config = getConfig();
   const configPreamble = `Your configuration directory is \`${hostWorkspaceDir}/\`.`;
 
+  const fileToolGuidance = hasNoClient
+    ? `${configPreamble} **Always use \`file_read\` and \`file_edit\` for these files** — they are inside your sandbox working directory:`
+    : `${configPreamble} **Always use \`file_read\` and \`file_edit\` (not \`host_file_read\` / \`host_file_edit\`) for these files** — they are inside your sandbox working directory and do not require host access or user approval:`;
+
   return [
     "## Configuration",
     `- **Active model**: \`${config.model}\` (provider: ${config.provider})`,
-    `${configPreamble} **Always use \`file_read\` and \`file_edit\` (not \`host_file_read\` / \`host_file_edit\`) for these files** — they are inside your sandbox working directory and do not require host access or user approval:`,
+    fileToolGuidance,
     "",
     "- `IDENTITY.md` — Your name, nature, personality, and emoji. Updated during the first-run ritual.",
     "- `SOUL.md` — Core principles, personality, and evolution guidance. Your behavioral foundation.",
@@ -801,7 +825,13 @@ function buildConfigSection(): string {
     "- They rename you or change your role",
     "- Your avatar appearance changes (update the `## Avatar` section with a description of the new look)",
     "",
-    "When reading or updating workspace files, always use the sandbox tools (`file_read`, `file_edit`). Never use `host_file_read` or `host_file_edit` for workspace files — those are for host-only resources outside your workspace.",
+    ...(hasNoClient
+      ? [
+          "When reading or updating workspace files, always use the sandbox tools (`file_read`, `file_edit`).",
+        ]
+      : [
+          "When reading or updating workspace files, always use the sandbox tools (`file_read`, `file_edit`). Never use `host_file_read` or `host_file_edit` for workspace files — those are for host-only resources outside your workspace.",
+        ]),
     "",
     "When updating, read the file first, then make a targeted edit. Include all useful information, but don't bloat the files over time",
   ].join("\n");
@@ -818,7 +848,7 @@ export function buildCliReferenceSection(): string {
     "The `assistant` CLI is installed on the user's machine and available via `bash`.",
     "For account and authentication work, prefer real `assistant` CLI workflows over any legacy account-record abstraction.",
     "- Use `assistant credentials ...` for stored secrets and credential metadata.",
-    "- Use `assistant oauth token <service>` for connected integration tokens.",
+    "- Use `assistant oauth connections token <provider-key>` for connected integration tokens.",
     "- Use `assistant mcp auth <name>` when an MCP server needs OAuth login.",
     "- Use `assistant platform status` for platform-linked deployment and auth context.",
     "- If a bundled skill documents a service-specific `assistant <service>` auth or session flow, follow that CLI exactly.",
@@ -992,10 +1022,5 @@ function formatSkillsCatalog(skills: SkillSummary[]): string {
     "",
     lines.join("\n"),
     "",
-    "### Installing additional skills",
-    "If `skill_load` fails because a skill is not found, additional first-party skills may be available in the Vellum catalog.",
-    "Use `bash` to discover and install them:",
-    "- `assistant skills list` — list all available catalog skills",
-    "- `assistant skills install <skill-id>` — install a skill, then retry `skill_load`",
   ].join("\n");
 }

package/src/providers/anthropic/client.ts

@@ -63,6 +63,20 @@ function isToolUseBlock(block: unknown): block is Anthropic.ToolUseBlockParam {
   );
 }
 
+/** Type-guard for server_tool_use blocks (e.g. native web search). */
+function isServerToolUseBlock(block: unknown): block is {
+  type: "server_tool_use";
+  id: string;
+  name: string;
+  input: unknown;
+} {
+  return (
+    typeof block === "object" &&
+    block != null &&
+    (block as { type: string }).type === "server_tool_use"
+  );
+}
+
 /** Type-guard for tool_result blocks in Anthropic-formatted content. */
 function isToolResultBlock(
   block: unknown,
@@ -74,6 +88,19 @@ function isToolResultBlock(
   );
 }
 
+/** Type-guard for web_search_tool_result blocks. */
+function isWebSearchToolResultBlock(block: unknown): block is {
+  type: "web_search_tool_result";
+  tool_use_id: string;
+  content: unknown;
+} {
+  return (
+    typeof block === "object" &&
+    block != null &&
+    (block as { type: string }).type === "web_search_tool_result"
+  );
+}
+
 /**
  * Build a short diagnostic summary of a message array for error logging.
  * Shows role + block types (with tool_use/tool_result IDs) for each message.
@@ -84,8 +111,12 @@ function summarizeMessages(messages: Anthropic.MessageParam[]): string[] {
     const blockDescs = content.map((b) => {
       const bt = (b as { type: string }).type;
       if (bt === "tool_use") return `tool_use(${(b as { id: string }).id})`;
+      if (bt === "server_tool_use")
+        return `server_tool_use(${(b as { id: string }).id})`;
       if (bt === "tool_result")
         return `tool_result(${(b as { tool_use_id: string }).tool_use_id})`;
+      if (bt === "web_search_tool_result")
+        return `web_search_tool_result(${(b as { tool_use_id: string }).tool_use_id})`;
       return bt;
     });
     return `[${idx}] ${m.role}: ${blockDescs.join(", ") || "(empty)"}`;
@@ -103,29 +134,70 @@ function buildSyntheticToolResult(
   };
 }
 
-function getOrderedToolUseIds(
-  content: Anthropic.ContentBlockParam[],
-): string[] {
+function buildSyntheticWebSearchToolResult(
+  toolUseId: string,
+): Anthropic.ContentBlockParam {
+  return {
+    type: "web_search_tool_result",
+    tool_use_id: toolUseId,
+    content: {
+      type: "web_search_tool_result_error",
+      error_code: "unavailable",
+    },
+  } as unknown as Anthropic.ContentBlockParam;
+}
+
+/** Build the appropriate synthetic result block based on whether the ID is for a server tool or regular tool. */
+function buildSyntheticResult(
+  toolUseId: string,
+  serverToolIds: ReadonlySet<string>,
+): Anthropic.ContentBlockParam {
+  if (serverToolIds.has(toolUseId)) {
+    return buildSyntheticWebSearchToolResult(toolUseId);
+  }
+  return buildSyntheticToolResult(toolUseId);
+}
+
+function getOrderedToolUseIds(content: Anthropic.ContentBlockParam[]): {
+  ids: string[];
+  serverToolIds: Set<string>;
+} {
   const ids: string[] = [];
   const seen = new Set<string>();
+  const serverToolIds = new Set<string>();
   for (const block of content) {
-    if (!isToolUseBlock(block)) continue;
-    if (seen.has(block.id)) continue;
-    seen.add(block.id);
-    ids.push(block.id);
+    if (isToolUseBlock(block)) {
+      if (!seen.has(block.id)) {
+        seen.add(block.id);
+        ids.push(block.id);
+      }
+    } else if (isServerToolUseBlock(block)) {
+      if (!seen.has(block.id)) {
+        seen.add(block.id);
+        ids.push(block.id);
+        serverToolIds.add(block.id);
+      }
+    }
   }
-  return ids;
+  return { ids, serverToolIds };
 }
 
 function hasOrderedToolResultPrefix(
   content: Anthropic.ContentBlockParam[],
   orderedToolUseIds: string[],
+  serverToolIds: ReadonlySet<string>,
 ): boolean {
   if (content.length < orderedToolUseIds.length) return false;
   for (let idx = 0; idx < orderedToolUseIds.length; idx++) {
     const block = content[idx];
-    if (!isToolResultBlock(block)) return false;
-    if (block.tool_use_id !== orderedToolUseIds[idx]) return false;
+    const expectedId = orderedToolUseIds[idx];
+    if (serverToolIds.has(expectedId)) {
+      if (!isWebSearchToolResultBlock(block)) return false;
+      if (block.tool_use_id !== expectedId) return false;
+    } else {
+      if (!isToolResultBlock(block)) return false;
+      if (block.tool_use_id !== expectedId) return false;
+    }
   }
   return true;
 }
@@ -134,14 +206,15 @@ function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
   pairedContent: Anthropic.ContentBlockParam[];
   carryoverContent: Anthropic.ContentBlockParam[];
   toolUseIds: string[];
+  serverToolIds: Set<string>;
 } {
   const leading: Anthropic.ContentBlockParam[] = [];
-  const toolUseBlocks: Anthropic.ToolUseBlockParam[] = [];
+  const toolUseBlocks: Anthropic.ContentBlockParam[] = [];
   const carryover: Anthropic.ContentBlockParam[] = [];
   let seenToolUse = false;
 
   for (const block of content) {
-    if (isToolUseBlock(block)) {
+    if (isToolUseBlock(block) || isServerToolUseBlock(block)) {
       seenToolUse = true;
       toolUseBlocks.push(block);
       continue;
@@ -158,6 +231,7 @@ function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
       pairedContent: content,
       carryoverContent: [],
       toolUseIds: [],
+      serverToolIds: new Set(),
     };
   }
 
@@ -165,16 +239,19 @@ function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
     ...leading,
     ...toolUseBlocks,
   ];
+  const { ids, serverToolIds } = getOrderedToolUseIds(pairedContent);
   return {
     pairedContent,
     carryoverContent: carryover,
-    toolUseIds: getOrderedToolUseIds(pairedContent),
+    toolUseIds: ids,
+    serverToolIds,
   };
 }
 
 function normalizeFollowingUserContent(
   nextContent: Anthropic.ContentBlockParam[],
   orderedToolUseIds: string[],
+  serverToolIds: ReadonlySet<string>,
 ): {
   toolResultPrefix: Anthropic.ContentBlockParam[];
   remainingContent: Anthropic.ContentBlockParam[];
@@ -182,24 +259,37 @@ function normalizeFollowingUserContent(
   hadOrderedPrefix: boolean;
 } {
   const pendingIds = new Set(orderedToolUseIds);
-  const matchedById = new Map<string, Anthropic.ToolResultBlockParam>();
+  const matchedById = new Map<string, Anthropic.ContentBlockParam>();
   const remaining: Anthropic.ContentBlockParam[] = [];
 
   for (const block of nextContent) {
     if (
       isToolResultBlock(block) &&
       pendingIds.has(block.tool_use_id) &&
-      !matchedById.has(block.tool_use_id)
+      !matchedById.has(block.tool_use_id) &&
+      !serverToolIds.has(block.tool_use_id)
     ) {
       matchedById.set(block.tool_use_id, block);
       continue;
     }
+    if (
+      isWebSearchToolResultBlock(block) &&
+      pendingIds.has(block.tool_use_id) &&
+      !matchedById.has(block.tool_use_id) &&
+      serverToolIds.has(block.tool_use_id)
+    ) {
+      matchedById.set(
+        block.tool_use_id,
+        block as unknown as Anthropic.ContentBlockParam,
+      );
+      continue;
+    }
     remaining.push(block);
   }
 
   const missingIds = orderedToolUseIds.filter((id) => !matchedById.has(id));
   const orderedResults = orderedToolUseIds.map(
-    (id) => matchedById.get(id) ?? buildSyntheticToolResult(id),
+    (id) => matchedById.get(id) ?? buildSyntheticResult(id, serverToolIds),
   );
 
   return {
@@ -209,6 +299,7 @@ function normalizeFollowingUserContent(
     hadOrderedPrefix: hasOrderedToolResultPrefix(
       nextContent,
       orderedToolUseIds,
+      serverToolIds,
     ),
   };
 }
@@ -237,7 +328,7 @@ function ensureToolPairing(
     }
 
     const content = Array.isArray(msg.content) ? msg.content : [];
-    const { pairedContent, carryoverContent, toolUseIds } =
+    const { pairedContent, carryoverContent, toolUseIds, serverToolIds } =
       splitAssistantForToolPairing(content);
 
     if (toolUseIds.length === 0) {
@@ -246,7 +337,7 @@ function ensureToolPairing(
       continue;
     }
 
-    // Assistant message — push the paired portion (pre-tool text + tool_use blocks)
+    // Assistant message — push the paired portion (pre-tool text + tool_use/server_tool_use blocks)
     result.push({
       role: "assistant" as const,
       content: pairedContent,
@@ -267,7 +358,11 @@ function ensureToolPairing(
     const next = messages[i + 1];
     if (next && next.role === "user") {
       const nextContent = Array.isArray(next.content) ? next.content : [];
-      const normalized = normalizeFollowingUserContent(nextContent, toolUseIds);
+      const normalized = normalizeFollowingUserContent(
+        nextContent,
+        toolUseIds,
+        serverToolIds,
+      );
       if (normalized.missingIds.length > 0) {
         log.warn(
           {
@@ -332,7 +427,9 @@ function ensureToolPairing(
       );
       result.push({
         role: "user" as const,
-        content: toolUseIds.map((id) => buildSyntheticToolResult(id)),
+        content: toolUseIds.map((id) =>
+          buildSyntheticResult(id, serverToolIds),
+        ),
       });
 
       // If the assistant contained collapsed post-tool text, preserve it as a
@@ -353,17 +450,29 @@ function ensureToolPairing(
     const m = result[j];
     if (m.role !== "assistant") continue;
     const c = Array.isArray(m.content) ? m.content : [];
-    const ids = getOrderedToolUseIds(c);
-    if (ids.length === 0) continue;
+    const { ids: validationIds, serverToolIds: validationServerToolIds } =
+      getOrderedToolUseIds(c);
+    if (validationIds.length === 0) continue;
 
     const nxt = result[j + 1];
     const nxtContent =
       nxt && nxt.role === "user" && Array.isArray(nxt.content)
         ? nxt.content
         : [];
-    if (!hasOrderedToolResultPrefix(nxtContent, ids)) {
-      const unmatchedIds = ids.filter((id, idx) => {
+    if (
+      !hasOrderedToolResultPrefix(
+        nxtContent,
+        validationIds,
+        validationServerToolIds,
+      )
+    ) {
+      const unmatchedIds = validationIds.filter((id, idx) => {
         const block = nxtContent[idx];
+        if (validationServerToolIds.has(id)) {
+          return !(
+            isWebSearchToolResultBlock(block) && block.tool_use_id === id
+          );
+        }
         return !(isToolResultBlock(block) && block.tool_use_id === id);
       });
       log.error(

package/src/providers/gemini/client.ts

@@ -16,6 +16,10 @@ export interface GeminiProviderOptions {
   streamTimeoutMs?: number;
   /** When set, routes requests through the managed proxy at this base URL. */
   managedBaseUrl?: string;
+  /** Vertex AI project placeholder (used with managed proxy). */
+  vertexProject?: string;
+  /** Vertex AI location placeholder (used with managed proxy). */
+  vertexLocation?: string;
 }
 
 export class GeminiProvider implements Provider {
@@ -29,12 +33,17 @@ export class GeminiProvider implements Provider {
     model: string,
     options: GeminiProviderOptions = {},
   ) {
-    this.client = new GoogleGenAI({
-      apiKey,
-      ...(options.managedBaseUrl
-        ? { httpOptions: { baseUrl: options.managedBaseUrl } }
-        : {}),
-    });
+    this.client = options.managedBaseUrl
+      ? new GoogleGenAI({
+          vertexai: true,
+          project: options.vertexProject ?? "proxy",
+          location: options.vertexLocation ?? "us-central1",
+          httpOptions: {
+            baseUrl: options.managedBaseUrl,
+            headers: { Authorization: `Bearer ${apiKey}` },
+          },
+        })
+      : new GoogleGenAI({ apiKey });
     this.model = model;
     this.streamTimeoutMs = options.streamTimeoutMs ?? 300_000;
   }

package/src/providers/managed-proxy/constants.ts

@@ -29,12 +29,12 @@ export const MANAGED_PROVIDER_META: Record<string, ManagedProviderMeta> = {
   anthropic: {
     name: "anthropic",
     managed: true,
-    proxyPath: "/v1/runtime-proxy/anthropic",
+    proxyPath: "/v1/runtime-proxy/vertex",
   },
   gemini: {
     name: "gemini",
     managed: true,
-    proxyPath: "/v1/runtime-proxy/gemini",
+    proxyPath: "/v1/runtime-proxy/vertex",
   },
   fireworks: {
     name: "fireworks",