@vellumai/assistant 0.4.48 → 0.4.49

package/src/providers/anthropic/client.ts

@@ -63,6 +63,20 @@ function isToolUseBlock(block: unknown): block is Anthropic.ToolUseBlockParam {
   );
 }
 
+/** Type-guard for server_tool_use blocks (e.g. native web search). */
+function isServerToolUseBlock(block: unknown): block is {
+  type: "server_tool_use";
+  id: string;
+  name: string;
+  input: unknown;
+} {
+  return (
+    typeof block === "object" &&
+    block != null &&
+    (block as { type: string }).type === "server_tool_use"
+  );
+}
+
 /** Type-guard for tool_result blocks in Anthropic-formatted content. */
 function isToolResultBlock(
   block: unknown,
@@ -74,6 +88,19 @@ function isToolResultBlock(
   );
 }
 
+/** Type-guard for web_search_tool_result blocks. */
+function isWebSearchToolResultBlock(block: unknown): block is {
+  type: "web_search_tool_result";
+  tool_use_id: string;
+  content: unknown;
+} {
+  return (
+    typeof block === "object" &&
+    block != null &&
+    (block as { type: string }).type === "web_search_tool_result"
+  );
+}
+
 /**
  * Build a short diagnostic summary of a message array for error logging.
  * Shows role + block types (with tool_use/tool_result IDs) for each message.
@@ -84,8 +111,12 @@ function summarizeMessages(messages: Anthropic.MessageParam[]): string[] {
     const blockDescs = content.map((b) => {
       const bt = (b as { type: string }).type;
       if (bt === "tool_use") return `tool_use(${(b as { id: string }).id})`;
+      if (bt === "server_tool_use")
+        return `server_tool_use(${(b as { id: string }).id})`;
       if (bt === "tool_result")
         return `tool_result(${(b as { tool_use_id: string }).tool_use_id})`;
+      if (bt === "web_search_tool_result")
+        return `web_search_tool_result(${(b as { tool_use_id: string }).tool_use_id})`;
       return bt;
     });
     return `[${idx}] ${m.role}: ${blockDescs.join(", ") || "(empty)"}`;
@@ -103,29 +134,70 @@ function buildSyntheticToolResult(
   };
 }
 
-function getOrderedToolUseIds(
-  content: Anthropic.ContentBlockParam[],
-): string[] {
+function buildSyntheticWebSearchToolResult(
+  toolUseId: string,
+): Anthropic.ContentBlockParam {
+  return {
+    type: "web_search_tool_result",
+    tool_use_id: toolUseId,
+    content: {
+      type: "web_search_tool_result_error",
+      error_code: "unavailable",
+    },
+  } as unknown as Anthropic.ContentBlockParam;
+}
+
+/** Build the appropriate synthetic result block based on whether the ID is for a server tool or regular tool. */
+function buildSyntheticResult(
+  toolUseId: string,
+  serverToolIds: ReadonlySet<string>,
+): Anthropic.ContentBlockParam {
+  if (serverToolIds.has(toolUseId)) {
+    return buildSyntheticWebSearchToolResult(toolUseId);
+  }
+  return buildSyntheticToolResult(toolUseId);
+}
+
+function getOrderedToolUseIds(content: Anthropic.ContentBlockParam[]): {
+  ids: string[];
+  serverToolIds: Set<string>;
+} {
   const ids: string[] = [];
   const seen = new Set<string>();
+  const serverToolIds = new Set<string>();
   for (const block of content) {
-    if (!isToolUseBlock(block)) continue;
-    if (seen.has(block.id)) continue;
-    seen.add(block.id);
-    ids.push(block.id);
+    if (isToolUseBlock(block)) {
+      if (!seen.has(block.id)) {
+        seen.add(block.id);
+        ids.push(block.id);
+      }
+    } else if (isServerToolUseBlock(block)) {
+      if (!seen.has(block.id)) {
+        seen.add(block.id);
+        ids.push(block.id);
+        serverToolIds.add(block.id);
+      }
+    }
   }
-  return ids;
+  return { ids, serverToolIds };
 }
 
 function hasOrderedToolResultPrefix(
   content: Anthropic.ContentBlockParam[],
   orderedToolUseIds: string[],
+  serverToolIds: ReadonlySet<string>,
 ): boolean {
   if (content.length < orderedToolUseIds.length) return false;
   for (let idx = 0; idx < orderedToolUseIds.length; idx++) {
     const block = content[idx];
-    if (!isToolResultBlock(block)) return false;
-    if (block.tool_use_id !== orderedToolUseIds[idx]) return false;
+    const expectedId = orderedToolUseIds[idx];
+    if (serverToolIds.has(expectedId)) {
+      if (!isWebSearchToolResultBlock(block)) return false;
+      if (block.tool_use_id !== expectedId) return false;
+    } else {
+      if (!isToolResultBlock(block)) return false;
+      if (block.tool_use_id !== expectedId) return false;
+    }
   }
   return true;
 }
@@ -134,14 +206,15 @@ function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
   pairedContent: Anthropic.ContentBlockParam[];
   carryoverContent: Anthropic.ContentBlockParam[];
   toolUseIds: string[];
+  serverToolIds: Set<string>;
 } {
   const leading: Anthropic.ContentBlockParam[] = [];
-  const toolUseBlocks: Anthropic.ToolUseBlockParam[] = [];
+  const toolUseBlocks: Anthropic.ContentBlockParam[] = [];
   const carryover: Anthropic.ContentBlockParam[] = [];
   let seenToolUse = false;
 
   for (const block of content) {
-    if (isToolUseBlock(block)) {
+    if (isToolUseBlock(block) || isServerToolUseBlock(block)) {
       seenToolUse = true;
       toolUseBlocks.push(block);
       continue;
@@ -158,6 +231,7 @@ function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
       pairedContent: content,
       carryoverContent: [],
       toolUseIds: [],
+      serverToolIds: new Set(),
     };
   }
 
@@ -165,16 +239,19 @@ function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
     ...leading,
     ...toolUseBlocks,
   ];
+  const { ids, serverToolIds } = getOrderedToolUseIds(pairedContent);
   return {
     pairedContent,
     carryoverContent: carryover,
-    toolUseIds: getOrderedToolUseIds(pairedContent),
+    toolUseIds: ids,
+    serverToolIds,
   };
 }
 
 function normalizeFollowingUserContent(
   nextContent: Anthropic.ContentBlockParam[],
   orderedToolUseIds: string[],
+  serverToolIds: ReadonlySet<string>,
 ): {
   toolResultPrefix: Anthropic.ContentBlockParam[];
   remainingContent: Anthropic.ContentBlockParam[];
@@ -182,24 +259,37 @@ function normalizeFollowingUserContent(
   hadOrderedPrefix: boolean;
 } {
   const pendingIds = new Set(orderedToolUseIds);
-  const matchedById = new Map<string, Anthropic.ToolResultBlockParam>();
+  const matchedById = new Map<string, Anthropic.ContentBlockParam>();
   const remaining: Anthropic.ContentBlockParam[] = [];
 
   for (const block of nextContent) {
     if (
       isToolResultBlock(block) &&
       pendingIds.has(block.tool_use_id) &&
-      !matchedById.has(block.tool_use_id)
+      !matchedById.has(block.tool_use_id) &&
+      !serverToolIds.has(block.tool_use_id)
     ) {
       matchedById.set(block.tool_use_id, block);
       continue;
     }
+    if (
+      isWebSearchToolResultBlock(block) &&
+      pendingIds.has(block.tool_use_id) &&
+      !matchedById.has(block.tool_use_id) &&
+      serverToolIds.has(block.tool_use_id)
+    ) {
+      matchedById.set(
+        block.tool_use_id,
+        block as unknown as Anthropic.ContentBlockParam,
+      );
+      continue;
+    }
     remaining.push(block);
   }
 
   const missingIds = orderedToolUseIds.filter((id) => !matchedById.has(id));
   const orderedResults = orderedToolUseIds.map(
-    (id) => matchedById.get(id) ?? buildSyntheticToolResult(id),
+    (id) => matchedById.get(id) ?? buildSyntheticResult(id, serverToolIds),
   );
 
   return {
@@ -209,6 +299,7 @@ function normalizeFollowingUserContent(
     hadOrderedPrefix: hasOrderedToolResultPrefix(
       nextContent,
       orderedToolUseIds,
+      serverToolIds,
     ),
   };
 }
@@ -237,7 +328,7 @@ function ensureToolPairing(
     }
 
     const content = Array.isArray(msg.content) ? msg.content : [];
-    const { pairedContent, carryoverContent, toolUseIds } =
+    const { pairedContent, carryoverContent, toolUseIds, serverToolIds } =
       splitAssistantForToolPairing(content);
 
     if (toolUseIds.length === 0) {
@@ -246,7 +337,7 @@ function ensureToolPairing(
       continue;
     }
 
-    // Assistant message — push the paired portion (pre-tool text + tool_use blocks)
+    // Assistant message — push the paired portion (pre-tool text + tool_use/server_tool_use blocks)
     result.push({
       role: "assistant" as const,
       content: pairedContent,
@@ -267,7 +358,11 @@ function ensureToolPairing(
     const next = messages[i + 1];
     if (next && next.role === "user") {
       const nextContent = Array.isArray(next.content) ? next.content : [];
-      const normalized = normalizeFollowingUserContent(nextContent, toolUseIds);
+      const normalized = normalizeFollowingUserContent(
+        nextContent,
+        toolUseIds,
+        serverToolIds,
+      );
       if (normalized.missingIds.length > 0) {
         log.warn(
           {
@@ -332,7 +427,9 @@ function ensureToolPairing(
       );
       result.push({
         role: "user" as const,
-        content: toolUseIds.map((id) => buildSyntheticToolResult(id)),
+        content: toolUseIds.map((id) =>
+          buildSyntheticResult(id, serverToolIds),
+        ),
       });
 
       // If the assistant contained collapsed post-tool text, preserve it as a
@@ -353,17 +450,29 @@ function ensureToolPairing(
     const m = result[j];
     if (m.role !== "assistant") continue;
     const c = Array.isArray(m.content) ? m.content : [];
-    const ids = getOrderedToolUseIds(c);
-    if (ids.length === 0) continue;
+    const { ids: validationIds, serverToolIds: validationServerToolIds } =
+      getOrderedToolUseIds(c);
+    if (validationIds.length === 0) continue;
 
     const nxt = result[j + 1];
     const nxtContent =
       nxt && nxt.role === "user" && Array.isArray(nxt.content)
         ? nxt.content
         : [];
-    if (!hasOrderedToolResultPrefix(nxtContent, ids)) {
-      const unmatchedIds = ids.filter((id, idx) => {
+    if (
+      !hasOrderedToolResultPrefix(
+        nxtContent,
+        validationIds,
+        validationServerToolIds,
+      )
+    ) {
+      const unmatchedIds = validationIds.filter((id, idx) => {
         const block = nxtContent[idx];
+        if (validationServerToolIds.has(id)) {
+          return !(
+            isWebSearchToolResultBlock(block) && block.tool_use_id === id
+          );
+        }
         return !(isToolResultBlock(block) && block.tool_use_id === id);
       });
       log.error(

package/src/providers/retry.ts

@@ -1,5 +1,5 @@
 import { ProviderError } from "../util/errors.js";
-import { getLogger, isDebug } from "../util/logger.js";
+import { getLogger } from "../util/logger.js";
 import {
   computeRetryDelay,
   DEFAULT_BASE_DELAY_MS,
@@ -96,43 +96,17 @@ export class RetryProvider implements Provider {
     options?: SendMessageOptions,
   ): Promise<ProviderResponse> {
     let lastError: unknown;
-    const debug = isDebug();
-
-    if (debug) {
-      log.debug(
-        {
-          provider: this.name,
-          messageCount: messages.length,
-          toolCount: tools?.length ?? 0,
-        },
-        "Provider sendMessage start",
-      );
-    }
 
     const normalizedOptions = normalizeSendMessageOptions(this.name, options);
 
     for (let attempt = 0; attempt <= DEFAULT_MAX_RETRIES; attempt++) {
       try {
-        const start = Date.now();
         const result = await this.inner.sendMessage(
           messages,
           tools,
           systemPrompt,
           normalizedOptions,
         );
-        if (debug) {
-          log.debug(
-            {
-              provider: this.name,
-              durationMs: Date.now() - start,
-              attempt: attempt + 1,
-              model: result.model,
-              inputTokens: result.usage.inputTokens,
-              outputTokens: result.usage.outputTokens,
-            },
-            "Provider sendMessage success",
-          );
-        }
         return result;
       } catch (error) {
         lastError = error;

package/src/runtime/auth/route-policy.ts

@@ -358,9 +358,6 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "computer-use/sessions/abort", scopes: ["chat.write"] },
   { endpoint: "computer-use/observations", scopes: ["chat.write"] },
   { endpoint: "computer-use/tasks", scopes: ["chat.write"] },
-  { endpoint: "computer-use/ride-shotgun/start", scopes: ["chat.write"] },
-  { endpoint: "computer-use/ride-shotgun/stop", scopes: ["chat.write"] },
-  { endpoint: "computer-use/ride-shotgun/status", scopes: ["chat.write"] },
   { endpoint: "computer-use/watch", scopes: ["chat.write"] },
 
   // Recordings

package/src/runtime/channel-reply-delivery.ts

@@ -208,43 +208,3 @@ export async function deliverReplyViaCallback(
     break;
   }
 }
-
-/**
- * Deliver only the attachments from the last assistant message, skipping text.
- * Used when streaming already delivered the text content and only file
- * attachments remain to be sent via the normal delivery path.
- */
-export async function deliverAttachmentsOnly(
-  conversationId: string,
-  externalChatId: string,
-  callbackUrl: string,
-  bearerToken?: string,
-  assistantId?: string,
-): Promise<void> {
-  const msgs = getMessages(conversationId);
-  for (let i = msgs.length - 1; i >= 0; i--) {
-    if (msgs[i].role !== "assistant") continue;
-
-    const linked = attachmentsStore.getAttachmentMetadataForMessage(msgs[i].id);
-    if (linked.length === 0) return;
-
-    const replyAttachments: RuntimeAttachmentMetadata[] = linked.map((a) => ({
-      id: a.id,
-      filename: a.originalFilename,
-      mimeType: a.mimeType,
-      sizeBytes: a.sizeBytes,
-      kind: a.kind,
-    }));
-
-    await deliverChannelReply(
-      callbackUrl,
-      {
-        chatId: externalChatId,
-        attachments: replyAttachments,
-        assistantId,
-      },
-      bearerToken,
-    );
-    break;
-  }
-}

package/src/runtime/gateway-client.ts

@@ -31,8 +31,6 @@ export interface ChannelReplyPayload {
   ephemeral?: boolean;
   /** Slack user ID — required when `ephemeral` is true. */
   user?: string;
-  /** Telegram message_id for editing an existing message instead of sending a new one. */
-  messageId?: number;
   /** When provided, instructs the delivery endpoint to update an existing message instead of posting a new one. */
   messageTs?: string;
   /** When true, auto-generate Block Kit blocks from text via textToBlocks(). */
@@ -45,8 +43,6 @@ export interface ChannelDeliveryResult {
   ok: boolean;
   /** The message timestamp returned by the delivery endpoint (e.g. Slack message ts). */
   ts?: string;
-  /** The Telegram message_id returned when a new message was sent. */
-  messageId?: number;
 }
 
 interface ManagedOutboundCallbackContext {
@@ -100,9 +96,6 @@ export async function deliverChannelReply(
     if (typeof responseBody.ts === "string") {
       result.ts = responseBody.ts;
     }
-    if (typeof responseBody.messageId === "number") {
-      result.messageId = responseBody.messageId;
-    }
   } catch {
     // Response may not be JSON for non-Slack channels; that's fine.
   }

package/src/runtime/http-server.ts

@@ -110,7 +110,6 @@ import {
   stopGuardianExpirySweep,
 } from "./routes/channel-routes.js";
 import { channelVerificationRouteDefinitions } from "./routes/channel-verification-routes.js";
-import { computerUseRouteDefinitions } from "./routes/computer-use-routes.js";
 import {
   contactCatchAllRouteDefinitions,
   contactRouteDefinitions,
@@ -126,6 +125,7 @@ import { guardianActionRouteDefinitions } from "./routes/guardian-action-routes.
 import { handleGuardianBootstrap } from "./routes/guardian-bootstrap-routes.js";
 import { handleGuardianRefresh } from "./routes/guardian-refresh-routes.js";
 import { hostBashRouteDefinitions } from "./routes/host-bash-routes.js";
+import { hostCuRouteDefinitions } from "./routes/host-cu-routes.js";
 import { hostFileRouteDefinitions } from "./routes/host-file-routes.js";
 import { handleHealth } from "./routes/identity-routes.js";
 import { identityRouteDefinitions } from "./routes/identity-routes.js";
@@ -155,6 +155,7 @@ import { surfaceActionRouteDefinitions } from "./routes/surface-action-routes.js
 import { surfaceContentRouteDefinitions } from "./routes/surface-content-routes.js";
 import { trustRulesRouteDefinitions } from "./routes/trust-rules-routes.js";
 import { usageRouteDefinitions } from "./routes/usage-routes.js";
+import { watchRouteDefinitions } from "./routes/watch-routes.js";
 import { workItemRouteDefinitions } from "./routes/work-items-routes.js";
 import { workspaceRouteDefinitions } from "./routes/workspace-routes.js";
 
@@ -216,7 +217,7 @@ export class RuntimeHttpServer {
   private getSkillContext?: RuntimeHttpServerOptions["getSkillContext"];
   private sessionManagementDeps?: RuntimeHttpServerOptions["sessionManagementDeps"];
   private getModelSetContext?: RuntimeHttpServerOptions["getModelSetContext"];
-  private getComputerUseDeps?: RuntimeHttpServerOptions["getComputerUseDeps"];
+  private getWatchDeps?: RuntimeHttpServerOptions["getWatchDeps"];
   private getRecordingDeps?: RuntimeHttpServerOptions["getRecordingDeps"];
   private router: HttpRouter;
 
@@ -237,7 +238,7 @@ export class RuntimeHttpServer {
     this.getSkillContext = options.getSkillContext;
     this.sessionManagementDeps = options.sessionManagementDeps;
     this.getModelSetContext = options.getModelSetContext;
-    this.getComputerUseDeps = options.getComputerUseDeps;
+    this.getWatchDeps = options.getWatchDeps;
     this.getRecordingDeps = options.getRecordingDeps;
     this.router = new HttpRouter(this.buildRouteTable());
   }
@@ -946,6 +947,7 @@ export class RuntimeHttpServer {
       ...globalSearchRouteDefinitions(),
       ...approvalRouteDefinitions(),
       ...hostBashRouteDefinitions(),
+      ...hostCuRouteDefinitions(),
       ...hostFileRouteDefinitions(),
       ...(this.getSkillContext
         ? skillRouteDefinitions({
@@ -973,9 +975,9 @@ export class RuntimeHttpServer {
       ...channelReadinessRouteDefinitions(),
       ...attachmentRouteDefinitions(),
 
-      ...(this.getComputerUseDeps
-        ? computerUseRouteDefinitions({
-            getComputerUseDeps: this.getComputerUseDeps,
+      ...(this.getWatchDeps
+        ? watchRouteDefinitions({
+            getWatchDeps: this.getWatchDeps,
           })
         : []),
       ...(this.getRecordingDeps

package/src/runtime/http-types.ts

@@ -219,8 +219,8 @@ export interface RuntimeHttpServerOptions {
   sessionManagementDeps?: SessionManagementDeps;
   /** Lazy factory for model config set context (session eviction, config reload suppression). */
   getModelSetContext?: () => import("../daemon/handlers/config-model.js").ModelSetContext;
-  /** Provider for computer-use session dependencies (CU routes). */
-  getComputerUseDeps?: () => import("./routes/computer-use-routes.js").ComputerUseDeps;
+  /** Provider for watch observation dependencies (watch routes). */
+  getWatchDeps?: () => import("./routes/watch-routes.js").WatchDeps;
   /** Provider for recording dependencies (recording routes). */
   getRecordingDeps?: () => import("./routes/recording-routes.js").RecordingDeps;
 }

package/src/runtime/middleware/twilio-validation.ts

@@ -3,7 +3,6 @@
  */
 
 import { TwilioConversationRelayProvider } from "../../calls/twilio-provider.js";
-import { isTwilioWebhookValidationDisabled } from "../../config/env.js";
 import { loadConfig } from "../../config/loader.js";
 import { getPublicBaseUrl } from "../../inbound/public-ingress-urls.js";
 import { getLogger } from "../../util/logger.js";
@@ -51,22 +50,13 @@ export const GATEWAY_ONLY_BLOCKED_SUBPATHS = new Set([
  * Returns a 403 Response if signature validation fails.
  *
  * Fail-closed: if the auth token is not configured, the request is rejected
- * with 403 rather than silently skipping validation. An explicit local-dev
- * bypass is available via TWILIO_WEBHOOK_VALIDATION_DISABLED=true.
+ * with 403 rather than silently skipping validation.
  */
 export async function validateTwilioWebhook(
   req: Request,
 ): Promise<{ body: string } | Response> {
   const rawBody = await req.text();
 
-  // Allow explicit local-dev bypass -- must be exactly "true"
-  if (isTwilioWebhookValidationDisabled()) {
-    log.warn(
-      "Twilio webhook signature validation explicitly disabled via TWILIO_WEBHOOK_VALIDATION_DISABLED",
-    );
-    return { body: rawBody };
-  }
-
   const authToken = TwilioConversationRelayProvider.getAuthToken();
 
   if (!authToken) {

package/src/runtime/pending-interactions.ts

@@ -1,12 +1,13 @@
 /**
  * In-memory tracker that maps requestId to session info for pending
- * confirmation, secret, host_bash, and host_file interactions.
+ * confirmation, secret, host_bash, host_file, and host_cu interactions.
  *
  * When the agent loop emits a confirmation_request, secret_request,
- * host_bash_request, or host_file_request, the onEvent callback registers
- * the interaction here. Standalone HTTP endpoints (/v1/confirm, /v1/secret,
- * /v1/trust-rules, /v1/host-bash-result, /v1/host-file-result) look up
- * the session from this tracker to resolve the interaction.
+ * host_bash_request, host_file_request, or host_cu_request, the onEvent
+ * callback registers the interaction here. Standalone HTTP endpoints
+ * (/v1/confirm, /v1/secret, /v1/trust-rules, /v1/host-bash-result,
+ * /v1/host-file-result, /v1/host-cu-result) look up the session from
+ * this tracker to resolve the interaction.
  */
 
 import type { Session } from "../daemon/session.js";
@@ -29,7 +30,7 @@ export interface ConfirmationDetails {
 export interface PendingInteraction {
   session: Session;
   conversationId: string;
-  kind: "confirmation" | "secret" | "host_bash" | "host_file";
+  kind: "confirmation" | "secret" | "host_bash" | "host_file" | "host_cu";
   confirmationDetails?: ConfirmationDetails;
 }
 
@@ -82,19 +83,20 @@ export function getByConversation(
  * Remove pending confirmation and secret interactions for a given session.
  * Used when auto-denying all pending interactions (e.g. new user message).
  *
- * host_bash and host_file interactions are intentionally skipped — they
- * represent in-flight tool executions proxied to the client, not
+ * host_bash, host_file, and host_cu interactions are intentionally skipped
+ * — they represent in-flight tool executions proxied to the client, not
  * confirmations to auto-deny. Removing them would orphan the request: the
- * client would POST to /v1/host-bash-result or /v1/host-file-result after
- * completing the operation, get a 404, and the proxy timer would fire with
- * a spurious timeout error.
+ * client would POST to /v1/host-bash-result, /v1/host-file-result, or
+ * /v1/host-cu-result after completing the operation, get a 404, and the
+ * proxy timer would fire with a spurious timeout error.
  */
 export function removeBySession(session: Session): void {
   for (const [requestId, interaction] of pending) {
     if (
       interaction.session === session &&
       interaction.kind !== "host_bash" &&
-      interaction.kind !== "host_file"
+      interaction.kind !== "host_file" &&
+      interaction.kind !== "host_cu"
     ) {
       pending.delete(requestId);
     }

package/src/runtime/routes/channel-delivery-routes.ts

@@ -5,7 +5,6 @@
 import * as deliveryStatus from "../../memory/delivery-status.js";
 import { httpError } from "../http-errors.js";
 export {
-  deliverAttachmentsOnly,
   type DeliverReplyOptions,
   deliverReplyViaCallback,
 } from "../channel-reply-delivery.js";