@vellumai/assistant 0.4.48 → 0.4.49

package/src/daemon/session.ts

@@ -35,18 +35,23 @@ import {
 } from "../events/tool-profiling-listener.js";
 import { registerToolTraceListener } from "../events/tool-trace-listener.js";
 import { getHookManager } from "../hooks/manager.js";
+import { resolveCanonicalGuardianRequest } from "../memory/canonical-guardian-store.js";
 import { PermissionPrompter } from "../permissions/prompter.js";
 import { SecretPrompter } from "../permissions/secret-prompter.js";
+import { patternMatchesCandidate } from "../permissions/trust-store.js";
 import type { UserDecision } from "../permissions/types.js";
 import { buildSystemPrompt } from "../prompts/system-prompt.js";
 import type { Message } from "../providers/types.js";
 import type { Provider } from "../providers/types.js";
 import type { TrustClass } from "../runtime/actor-trust-resolver.js";
 import type { AuthContext } from "../runtime/auth/types.js";
+import * as pendingInteractions from "../runtime/pending-interactions.js";
 import * as approvalOverrides from "../runtime/session-approval-overrides.js";
 import { ToolExecutor } from "../tools/executor.js";
 import type { AssistantAttachmentDraft } from "./assistant-attachments.js";
 import { HostBashProxy } from "./host-bash-proxy.js";
+import type { CuObservationResult } from "./host-cu-proxy.js";
+import { HostCuProxy } from "./host-cu-proxy.js";
 import { HostFileProxy } from "./host-file-proxy.js";
 import type {
   ServerMessage,
@@ -161,6 +166,7 @@ export class Session {
   /** @internal */ taskRunId?: string;
   /** @internal */ callSessionId?: string;
   /** @internal */ hostBashProxy?: HostBashProxy;
+  /** @internal */ hostCuProxy?: HostCuProxy;
   /** @internal */ hostFileProxy?: HostFileProxy;
   /** @internal */ readonly queue = new MessageQueue();
   /** @internal */ currentActiveSurfaceId?: string;
@@ -199,10 +205,6 @@ export class Session {
     actions?: Array<{ id: string; label: string; style?: string }>;
     display?: string;
   }> = [];
-  /** @internal */ onEscalateToComputerUse?: (
-    task: string,
-    sourceSessionId: string,
-  ) => boolean;
   /** @internal */ workspaceTopLevelContext: string | null = null;
   /** @internal */ workspaceTopLevelDirty = true;
   public readonly traceEmitter: TraceEmitter;
@@ -346,7 +348,7 @@ export class Session {
     );
     this.contextWindowManager = new ContextWindowManager({
       provider,
-      systemPrompt,
+      systemPrompt: () => resolveSystemPromptCallback([]).systemPrompt,
       config: config.contextWindow,
     });
 
@@ -388,6 +390,7 @@ export class Session {
     this.traceEmitter.updateSender(sendToClient);
     if (!opts?.skipProxySenderUpdate) {
       this.hostBashProxy?.updateSender(sendToClient, !hasNoClient);
+      this.hostCuProxy?.updateSender(sendToClient, !hasNoClient);
       this.hostFileProxy?.updateSender(sendToClient, !hasNoClient);
     }
   }
@@ -400,6 +403,7 @@ export class Session {
   /** Mark host proxies as unavailable so tool execution uses local fallback. */
   clearProxyAvailability(): void {
     this.hostBashProxy?.updateSender(this.sendToClient, false);
+    this.hostCuProxy?.updateSender(this.sendToClient, false);
     this.hostFileProxy?.updateSender(this.sendToClient, false);
   }
 
@@ -407,6 +411,7 @@ export class Session {
   restoreProxyAvailability(): void {
     if (!this.hasNoClient) {
       this.hostBashProxy?.updateSender(this.sendToClient, true);
+      this.hostCuProxy?.updateSender(this.sendToClient, true);
       this.hostFileProxy?.updateSender(this.sendToClient, true);
     }
   }
@@ -415,16 +420,6 @@ export class Session {
     this.sandboxOverride = enabled;
   }
 
-  setEscalationHandler(
-    handler: (task: string, sourceSessionId: string) => boolean,
-  ): void {
-    this.onEscalateToComputerUse = handler;
-  }
-
-  hasEscalationHandler(): boolean {
-    return this.onEscalateToComputerUse !== undefined;
-  }
-
   isProcessing(): boolean {
     return this.processing;
   }
@@ -447,6 +442,7 @@ export class Session {
   dispose(): void {
     approvalOverrides.clearMode(this.conversationId);
     this.hostBashProxy?.dispose();
+    this.hostCuProxy?.dispose();
     this.hostFileProxy?.dispose();
     disposeSession(this);
   }
@@ -589,6 +585,122 @@ export class Session {
       undefined,
       "Resuming after approval",
     );
+
+    // Cascade to other pending confirmations that match this decision
+    this.cascadePendingApprovals(requestId, decision, selectedPattern);
+  }
+
+  /**
+   * After resolving one confirmation, auto-resolve other pending
+   * confirmations in the same conversation that match the decision.
+   *
+   * - allow_10m / allow_thread → approve ALL pending in conversation
+   * - always_allow / always_allow_high_risk → approve pattern-matching pending
+   * - always_deny → deny pattern-matching pending
+   * - allow / deny (one-time) → no cascading
+   */
+  private cascadePendingApprovals(
+    primaryRequestId: string,
+    decision: UserDecision,
+    selectedPattern?: string,
+  ): void {
+    // Single-action decisions don't cascade
+    if (decision === "allow" || decision === "deny") return;
+
+    const pendingRequestIds = this.prompter.getPendingRequestIds();
+    if (pendingRequestIds.length === 0) return;
+
+    for (const candidateId of pendingRequestIds) {
+      if (candidateId === primaryRequestId) continue;
+
+      const interaction = pendingInteractions.get(candidateId);
+      if (!interaction) continue;
+      if (interaction.conversationId !== this.conversationId) continue;
+      if (interaction.kind !== "confirmation") continue;
+
+      const cascadeResult = this.shouldCascade(
+        decision,
+        selectedPattern,
+        interaction.confirmationDetails,
+      );
+      if (!cascadeResult) continue;
+
+      // Consume from pending-interactions tracker
+      pendingInteractions.resolve(candidateId);
+
+      // Resolve via handleConfirmationResponse which emits events.
+      // Use simple "allow"/"deny" so the permission-checker won't save
+      // duplicate rules or re-activate temporary modes. Recursion
+      // terminates because allow/deny exit cascadePendingApprovals early.
+      this.handleConfirmationResponse(
+        candidateId,
+        cascadeResult.allow ? "allow" : "deny",
+        undefined,
+        undefined,
+        undefined,
+        {
+          source: "system",
+          causedByRequestId: primaryRequestId,
+        },
+      );
+
+      // Sync the canonical guardian request status for the cascaded request.
+      // Best-effort: canonical request tracking should not break the cascade flow.
+      try {
+        const targetStatus = cascadeResult.allow ? "approved" : "denied";
+        resolveCanonicalGuardianRequest(candidateId, "pending", {
+          status: targetStatus,
+        });
+      } catch {
+        // Ignore — canonical request tracking is best-effort
+      }
+    }
+  }
+
+  /**
+   * Determine whether a pending confirmation should be auto-resolved
+   * based on the cascading decision and pattern.
+   */
+  private shouldCascade(
+    decision: UserDecision,
+    selectedPattern: string | undefined,
+    details?: import("../runtime/pending-interactions.js").ConfirmationDetails,
+  ): { allow: boolean } | null {
+    // Temporary overrides apply to the entire conversation
+    if (decision === "allow_10m" || decision === "allow_thread") {
+      return { allow: true };
+    }
+
+    // Persistent allow: cascade if the pattern matches any allowlist candidate.
+    // "always_allow" must NOT cascade to high-risk pending confirmations —
+    // only "always_allow_high_risk" has consent for those.
+    if (
+      (decision === "always_allow" || decision === "always_allow_high_risk") &&
+      selectedPattern &&
+      details
+    ) {
+      if (decision === "always_allow" && details.riskLevel === "high") {
+        return null;
+      }
+      for (const option of details.allowlistOptions) {
+        if (patternMatchesCandidate(selectedPattern, option.pattern)) {
+          return { allow: true };
+        }
+      }
+      return null;
+    }
+
+    // Persistent deny: cascade denial if the pattern matches
+    if (decision === "always_deny" && selectedPattern && details) {
+      for (const option of details.allowlistOptions) {
+        if (patternMatchesCandidate(selectedPattern, option.pattern)) {
+          return { allow: false };
+        }
+      }
+      return null;
+    }
+
+    return null;
   }
 
   handleSecretResponse(
@@ -632,6 +744,17 @@ export class Session {
     this.hostFileProxy = proxy;
   }
 
+  resolveHostCu(requestId: string, observation: CuObservationResult): void {
+    this.hostCuProxy?.resolve(requestId, observation);
+  }
+
+  setHostCuProxy(proxy: HostCuProxy | undefined): void {
+    if (this.hostCuProxy && this.hostCuProxy !== proxy) {
+      this.hostCuProxy.dispose();
+    }
+    this.hostCuProxy = proxy;
+  }
+
   // ── Server-authoritative state signals ─────────────────────────────
 
   emitConfirmationStateChanged(

package/src/daemon/tool-side-effects.ts

@@ -220,9 +220,7 @@ registerHook(
     const SETTING_TO_KEY: Record<string, string> = {
       activation_key: "pttActivationKey",
       tts_voice_id: "ttsVoiceId",
-      wake_word_enabled: "wakeWordEnabled",
-      wake_word_keyword: "wakeWordKeyword",
-      wake_word_timeout: "wakeWordTimeoutSeconds",
+      conversation_timeout: "voiceConversationTimeoutSeconds",
     };
     const key = SETTING_TO_KEY[setting];
     if (!key) return;
@@ -231,12 +229,8 @@ registerHook(
     // the validation logic in the tool's execute method.
     const raw = input.value;
     let coerced: string | boolean | number = raw as string;
-    if (setting === "wake_word_enabled") {
-      coerced = raw === true || raw === "true";
-    } else if (setting === "wake_word_timeout") {
+    if (setting === "conversation_timeout") {
       coerced = typeof raw === "number" ? raw : Number(raw);
-    } else if (setting === "wake_word_keyword" && typeof raw === "string") {
-      coerced = raw.trim();
     } else if (setting === "tts_voice_id" && typeof raw === "string") {
       coerced = raw.trim();
     }

package/src/daemon/watch-handler.ts

@@ -79,8 +79,8 @@ export async function handleWatchObservation(
       "Observation added to session",
     );
 
-    // 4. Every 3 observations: call the LLM for live commentary (chat-initiated watch only)
-    if (!session.isRideShotgun && session.observations.length % 3 === 0) {
+    // 4. Every 3 observations: call the LLM for live commentary
+    if (session.observations.length % 3 === 0) {
       log.debug(
         { watchId: msg.watchId, observationCount: session.observations.length },
         "Triggering commentary generation (every 3rd observation)",

package/src/events/tool-metrics-listener.ts

@@ -1,4 +1,4 @@
-import { getLogger, isDebug, truncateForLog } from "../util/logger.js";
+import { getLogger, truncateForLog } from "../util/logger.js";
 import type { EventBus, Subscription } from "./bus.js";
 import type { AssistantDomainEvents } from "./domain-events.js";
 
@@ -23,7 +23,7 @@ export function registerToolMetricsLoggingListener(
   options?: MetricsListenerOptions,
 ): Subscription {
   const logger = options?.logger ?? defaultLogger;
-  const debugEnabled = options?.debugEnabled ?? isDebug;
+  const debugEnabled = options?.debugEnabled ?? (() => false);
   const truncate = options?.truncate ?? truncateForLog;
 
   return eventBus.onAny((event) => {

package/src/hooks/manager.ts

@@ -2,7 +2,7 @@ import { type FSWatcher, watch } from "node:fs";
 
 import { Debouncer } from "../util/debounce.js";
 import { pathExists } from "../util/fs.js";
-import { getLogger, isDebug } from "../util/logger.js";
+import { getLogger } from "../util/logger.js";
 import { getHooksDir } from "../util/platform.js";
 import { discoverHooks } from "./discovery.js";
 import { runHookScript } from "./runner.js";
@@ -73,9 +73,6 @@ export class HookManager {
             "Hook exited with non-zero code",
           );
         }
-        if (result.stderr && isDebug()) {
-          process.stderr.write(result.stderr);
-        }
       } catch (err) {
         log.warn({ err, hook: hook.name, event }, "Hook execution failed");
       }

package/src/inbound/public-ingress-urls.ts

@@ -8,13 +8,13 @@
  *   1. **User Settings** (`config.ingress.publicBaseUrl`) — set via
  *      the in-chat config flow, the Settings UI, or `config set ingress.publicBaseUrl`. This is the
  *      primary source of truth. When the assistant spawns or restarts
- *      the gateway, this value is forwarded as the `INGRESS_PUBLIC_BASE_URL`
- *      environment variable so both processes agree on the same URL.
+ *      the gateway, the workspace config file is read so both processes
+ *      agree on the same URL.
  *
- *   2. **Environment variable** (`INGRESS_PUBLIC_BASE_URL`) — serves as a
- *      fallback for operational use (e.g. direct gateway-only deployments
- *      without the assistant, or CI overrides). When the assistant is
- *      managing the gateway, the env var is set automatically from (1).
+ *   2. **Module-level state** (`getIngressPublicBaseUrl()`) — serves as a
+ *      fallback for operational use (e.g. runtime tunnel updates). When
+ *      tunnels start or stop, `setIngressPublicBaseUrl()` updates this
+ *      value in-process.
  *
  * This chain ensures that:
  *   - The assistant's outbound callback URLs (Twilio webhooks, OAuth
@@ -70,7 +70,7 @@ export function getPublicBaseUrl(config: IngressConfig): string {
   }
 
   throw new Error(
-    "No public base URL configured. Set ingress.publicBaseUrl in config or INGRESS_PUBLIC_BASE_URL env var.",
+    "No public base URL configured. Set ingress.publicBaseUrl in config.",
   );
 }
 

package/src/logfire.ts

@@ -1,4 +1,4 @@
-import { getLogfireToken, isMonitoringEnabled } from "./config/env.js";
+import { getLogfireToken } from "./config/env.js";
 import type {
   Message,
   Provider,
@@ -13,7 +13,7 @@ const log = getLogger("logfire");
 
 type LogfireModule = typeof import("@pydantic/logfire-node");
 
-const LOGFIRE_ENABLED: boolean = !!getLogfireToken() && isMonitoringEnabled();
+let logfireEnabled: boolean = !!getLogfireToken();
 
 let logfireInstance: LogfireModule | null = null;
 
@@ -23,7 +23,7 @@ let logfireInstance: LogfireModule | null = null;
  * Non-fatal on failure (logs warning and continues).
  */
 export async function initLogfire(): Promise<void> {
-  if (!LOGFIRE_ENABLED) return;
+  if (!logfireEnabled) return;
 
   try {
     const logfire = await import("@pydantic/logfire-node");
@@ -42,12 +42,23 @@ export async function initLogfire(): Promise<void> {
   }
 }
 
+/**
+ * Disable Logfire after early initialization. Called when the user has opted
+ * out via the feature flag. Nulls out the instance so future wrapWithLogfire
+ * calls become no-ops.
+ */
+export function disableLogfire(): void {
+  logfireEnabled = false;
+  logfireInstance = null;
+  log.info("Logfire disabled by feature flag");
+}
+
 /**
  * Wraps a provider with Logfire tracing spans.
- * When LOGFIRE_ENABLED is false, returns the provider as-is (no wrapper allocated).
+ * When logfireEnabled is false, returns the provider as-is (no wrapper allocated).
  */
 export function wrapWithLogfire(provider: Provider): Provider {
-  if (!LOGFIRE_ENABLED) return provider;
+  if (!logfireEnabled) return provider;
   return new LogfireProvider(provider);
 }
 

package/src/memory/conversation-key-store.ts

@@ -117,6 +117,27 @@ export function getOrCreateConversation(conversationKey: string): {
       return { conversationId: existing.conversationId, created: false };
     }
 
+    // Check if the conversationKey itself is an existing conversation ID.
+    // This happens when the client loads a thread from the conversations list
+    // and uses the server's conversationId as its local sessionId / conversationKey.
+    const existingConversation = tx
+      .select({ id: conversations.id })
+      .from(conversations)
+      .where(eq(conversations.id, conversationKey))
+      .get();
+
+    if (existingConversation) {
+      tx.insert(conversationKeys)
+        .values({
+          id: uuid(),
+          conversationKey,
+          conversationId: existingConversation.id,
+          createdAt: Date.now(),
+        })
+        .run();
+      return { conversationId: existingConversation.id, created: false };
+    }
+
     const now = Date.now();
     const conversationId = uuid();
 

package/src/memory/db-init.ts

@@ -28,6 +28,7 @@ import {
   createMediaAssetsTables,
   createMessagesFts,
   createNotificationTables,
+  createOAuthTables,
   createScopedApprovalGrantsTable,
   createSequenceTables,
   createTasksAndWorkItemsTables,
@@ -340,6 +341,9 @@ export function initializeDb(): void {
   // 52. Drop the legacy reminders table after data migration
   migrateDropRemindersTable(database);
 
+  // 53. OAuth provider/app/connection tables
+  createOAuthTables(database);
+
   validateMigrationState(database);
 
   if (process.env.BUN_TEST === "1") {

package/src/memory/migrations/149-oauth-tables.ts

@@ -0,0 +1,60 @@
+import type { DrizzleDb } from "../db-connection.js";
+
+/**
+ * OAuth provider, app, and connection tables.
+ * Creates tables in FK-dependency order: providers → apps → connections.
+ */
+export function createOAuthTables(database: DrizzleDb): void {
+  database.run(/*sql*/ `
+    CREATE TABLE IF NOT EXISTS oauth_providers (
+      provider_key TEXT PRIMARY KEY,
+      auth_url TEXT NOT NULL,
+      token_url TEXT NOT NULL,
+      token_endpoint_auth_method TEXT,
+      userinfo_url TEXT,
+      base_url TEXT,
+      default_scopes TEXT NOT NULL DEFAULT '[]',
+      scope_policy TEXT NOT NULL DEFAULT '{}',
+      extra_params TEXT,
+      callback_transport TEXT,
+      loopback_port INTEGER,
+      created_at INTEGER NOT NULL,
+      updated_at INTEGER NOT NULL
+    )
+  `);
+
+  database.run(/*sql*/ `
+    CREATE TABLE IF NOT EXISTS oauth_apps (
+      id TEXT PRIMARY KEY,
+      provider_key TEXT NOT NULL REFERENCES oauth_providers(provider_key),
+      client_id TEXT NOT NULL,
+      created_at INTEGER NOT NULL,
+      updated_at INTEGER NOT NULL
+    )
+  `);
+
+  database.run(/*sql*/ `
+    CREATE TABLE IF NOT EXISTS oauth_connections (
+      id TEXT PRIMARY KEY,
+      oauth_app_id TEXT NOT NULL REFERENCES oauth_apps(id),
+      provider_key TEXT NOT NULL,
+      account_info TEXT,
+      granted_scopes TEXT NOT NULL DEFAULT '[]',
+      expires_at INTEGER,
+      has_refresh_token INTEGER NOT NULL DEFAULT 0,
+      status TEXT NOT NULL DEFAULT 'active',
+      label TEXT,
+      metadata TEXT,
+      created_at INTEGER NOT NULL,
+      updated_at INTEGER NOT NULL
+    )
+  `);
+
+  database.run(
+    /*sql*/ `CREATE UNIQUE INDEX IF NOT EXISTS idx_oauth_apps_provider_client ON oauth_apps(provider_key, client_id)`,
+  );
+
+  database.run(
+    /*sql*/ `CREATE INDEX IF NOT EXISTS idx_oauth_connections_provider_key ON oauth_connections(provider_key)`,
+  );
+}

package/src/memory/migrations/index.ts

@@ -90,6 +90,7 @@ export { migrateDropAccountsTable } from "./145-drop-accounts-table.js";
 export { migrateScheduleOneShotRouting } from "./146-schedule-oneshot-routing.js";
 export { migrateRemindersToSchedules } from "./147-migrate-reminders-to-schedules.js";
 export { migrateDropRemindersTable } from "./148-drop-reminders-table.js";
+export { createOAuthTables } from "./149-oauth-tables.js";
 export {
   MIGRATION_REGISTRY,
   type MigrationRegistryEntry,

package/src/memory/schema/index.ts

@@ -5,4 +5,5 @@ export * from "./guardian.js";
 export * from "./infrastructure.js";
 export * from "./memory-core.js";
 export * from "./notifications.js";
+export * from "./oauth.js";
 export * from "./tasks.js";

package/src/memory/schema/oauth.ts

@@ -0,0 +1,65 @@
+import {
+  index,
+  integer,
+  sqliteTable,
+  text,
+  uniqueIndex,
+} from "drizzle-orm/sqlite-core";
+
+export const oauthProviders = sqliteTable("oauth_providers", {
+  providerKey: text("provider_key").primaryKey(),
+  authUrl: text("auth_url").notNull(),
+  tokenUrl: text("token_url").notNull(),
+  tokenEndpointAuthMethod: text("token_endpoint_auth_method"),
+  userinfoUrl: text("userinfo_url"),
+  baseUrl: text("base_url"),
+  defaultScopes: text("default_scopes").notNull().default("[]"),
+  scopePolicy: text("scope_policy").notNull().default("{}"),
+  extraParams: text("extra_params"),
+  callbackTransport: text("callback_transport"),
+  loopbackPort: integer("loopback_port"),
+  createdAt: integer("created_at").notNull(),
+  updatedAt: integer("updated_at").notNull(),
+});
+
+export const oauthApps = sqliteTable(
+  "oauth_apps",
+  {
+    id: text("id").primaryKey(),
+    providerKey: text("provider_key")
+      .notNull()
+      .references(() => oauthProviders.providerKey),
+    clientId: text("client_id").notNull(),
+    createdAt: integer("created_at").notNull(),
+    updatedAt: integer("updated_at").notNull(),
+  },
+  (table) => [
+    uniqueIndex("idx_oauth_apps_provider_client").on(
+      table.providerKey,
+      table.clientId,
+    ),
+  ],
+);
+
+export const oauthConnections = sqliteTable(
+  "oauth_connections",
+  {
+    id: text("id").primaryKey(),
+    oauthAppId: text("oauth_app_id")
+      .notNull()
+      .references(() => oauthApps.id),
+    providerKey: text("provider_key").notNull(),
+    accountInfo: text("account_info"),
+    grantedScopes: text("granted_scopes").notNull().default("[]"),
+    expiresAt: integer("expires_at"),
+    hasRefreshToken: integer("has_refresh_token").notNull().default(0),
+    status: text("status").notNull().default("active"),
+    label: text("label"),
+    metadata: text("metadata"),
+    createdAt: integer("created_at").notNull(),
+    updatedAt: integer("updated_at").notNull(),
+  },
+  (table) => [
+    index("idx_oauth_connections_provider_key").on(table.providerKey),
+  ],
+);

package/src/messaging/provider.ts

@@ -82,10 +82,10 @@ export interface MessagingProvider {
 
   /**
    * Override the default credential check used by getConnectedProviders().
-   * When present, the registry calls this instead of looking for
-   * credential/{credentialService}/access_token. Useful for providers
-   * that don't use OAuth (e.g. Telegram bot tokens stored under a
-   * non-standard key).
+   * When present, the registry calls this instead of checking for an
+   * active oauth-store connection via isProviderConnected(). Useful
+   * for providers that don't use OAuth (e.g. Telegram bot tokens stored
+   * under a non-standard key).
    */
   isConnected?(): boolean;