@vellumai/assistant 0.4.48 → 0.4.50

package/src/agent/ax-tree-compaction.test.ts

@@ -0,0 +1,286 @@
+import { describe, expect, test } from "bun:test";
+
+import type { Message } from "../providers/types.js";
+import { compactAxTreeHistory, escapeAxTreeContent } from "./loop.js";
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+/** Build a user message with a single tool_result containing an AX tree. */
+function axTreeToolResult(id: string, axContent: string): Message {
+  return {
+    role: "user",
+    content: [
+      {
+        type: "tool_result",
+        tool_use_id: id,
+        content: `Some preamble\n<ax-tree>\n${axContent}\n</ax-tree>`,
+        is_error: false,
+      },
+    ],
+  };
+}
+
+/** Build an assistant message (no tool use). */
+function assistantText(text: string): Message {
+  return {
+    role: "assistant",
+    content: [{ type: "text", text }],
+  };
+}
+
+/** Build a user message without AX tree content. */
+function userText(text: string): Message {
+  return {
+    role: "user",
+    content: [{ type: "text", text }],
+  };
+}
+
+// ---------------------------------------------------------------------------
+// compactAxTreeHistory
+// ---------------------------------------------------------------------------
+
+describe("compactAxTreeHistory", () => {
+  test("returns messages unchanged when fewer than MAX_AX_TREES_IN_HISTORY AX trees", () => {
+    const messages: Message[] = [
+      axTreeToolResult("t1", "tree-1"),
+      assistantText("ok"),
+      axTreeToolResult("t2", "tree-2"),
+    ];
+    const result = compactAxTreeHistory(messages);
+    expect(result).toBe(messages); // same reference — no copy
+  });
+
+  test("returns messages unchanged when exactly MAX_AX_TREES_IN_HISTORY AX trees", () => {
+    const messages: Message[] = [
+      axTreeToolResult("t1", "tree-1"),
+      assistantText("ok"),
+      axTreeToolResult("t2", "tree-2"),
+    ];
+    const result = compactAxTreeHistory(messages);
+    expect(result).toBe(messages);
+  });
+
+  test("strips oldest AX trees, keeps only last 2 from 5", () => {
+    const messages: Message[] = [
+      axTreeToolResult("t1", "tree-1"),
+      assistantText("ok"),
+      axTreeToolResult("t2", "tree-2"),
+      assistantText("ok"),
+      axTreeToolResult("t3", "tree-3"),
+      assistantText("ok"),
+      axTreeToolResult("t4", "tree-4"),
+      assistantText("ok"),
+      axTreeToolResult("t5", "tree-5"),
+    ];
+
+    const result = compactAxTreeHistory(messages);
+
+    // Messages at indices 0, 2, 4 should have AX trees stripped (t1, t2, t3)
+    for (const idx of [0, 2, 4]) {
+      const block = result[idx].content[0];
+      expect(block.type).toBe("tool_result");
+      if (block.type === "tool_result") {
+        expect(block.content).not.toContain("<ax-tree>");
+        expect(block.content).toContain("<ax_tree_omitted />");
+      }
+    }
+
+    // Messages at indices 6, 8 should still have AX trees (t4, t5)
+    for (const idx of [6, 8]) {
+      const block = result[idx].content[0];
+      expect(block.type).toBe("tool_result");
+      if (block.type === "tool_result") {
+        expect(block.content).toContain("<ax-tree>");
+        expect(block.content).not.toContain("<ax_tree_omitted />");
+      }
+    }
+  });
+
+  test("does not modify assistant messages", () => {
+    const messages: Message[] = [
+      axTreeToolResult("t1", "tree-1"),
+      assistantText("ok"),
+      axTreeToolResult("t2", "tree-2"),
+      assistantText("response with <ax-tree>fake</ax-tree>"),
+      axTreeToolResult("t3", "tree-3"),
+    ];
+
+    const result = compactAxTreeHistory(messages);
+
+    // Assistant message should be unchanged
+    const assistantMsg = result[3];
+    expect(assistantMsg.content[0].type).toBe("text");
+    if (assistantMsg.content[0].type === "text") {
+      expect(assistantMsg.content[0].text).toContain("<ax-tree>");
+    }
+  });
+
+  test("does not modify user messages without tool_result blocks", () => {
+    const messages: Message[] = [
+      axTreeToolResult("t1", "tree-1"),
+      assistantText("ok"),
+      axTreeToolResult("t2", "tree-2"),
+      assistantText("ok"),
+      userText("Please help"),
+      axTreeToolResult("t3", "tree-3"),
+    ];
+
+    const result = compactAxTreeHistory(messages);
+
+    // The plain user text message should be untouched
+    expect(result[4]).toBe(messages[4]);
+  });
+
+  test("preserves non-AX-tree tool_result blocks in stripped messages", () => {
+    const messages: Message[] = [
+      {
+        role: "user",
+        content: [
+          {
+            type: "tool_result",
+            tool_use_id: "t1",
+            content: "normal result without ax tree",
+            is_error: false,
+          },
+          {
+            type: "tool_result",
+            tool_use_id: "t1-ax",
+            content: "<ax-tree>\ntree-1\n</ax-tree>",
+            is_error: false,
+          },
+        ],
+      },
+      assistantText("ok"),
+      axTreeToolResult("t2", "tree-2"),
+      assistantText("ok"),
+      axTreeToolResult("t3", "tree-3"),
+    ];
+
+    const result = compactAxTreeHistory(messages);
+
+    // First message should have the AX tree stripped but normal result preserved
+    const firstMsg = result[0];
+    const normalBlock = firstMsg.content[0];
+    expect(normalBlock.type).toBe("tool_result");
+    if (normalBlock.type === "tool_result") {
+      expect(normalBlock.content).toBe("normal result without ax tree");
+    }
+
+    const axBlock = firstMsg.content[1];
+    expect(axBlock.type).toBe("tool_result");
+    if (axBlock.type === "tool_result") {
+      expect(axBlock.content).toContain("<ax_tree_omitted />");
+      expect(axBlock.content).not.toContain("<ax-tree>");
+    }
+  });
+
+  test("returns empty array for empty input", () => {
+    const result = compactAxTreeHistory([]);
+    expect(result).toEqual([]);
+  });
+
+  test("counts AX trees per block, not per message", () => {
+    // One message has two AX tree blocks — they should count as 2 trees
+    const messages: Message[] = [
+      {
+        role: "user",
+        content: [
+          {
+            type: "tool_result",
+            tool_use_id: "t1a",
+            content: "<ax-tree>\ntree-1a\n</ax-tree>",
+            is_error: false,
+          },
+          {
+            type: "tool_result",
+            tool_use_id: "t1b",
+            content: "<ax-tree>\ntree-1b\n</ax-tree>",
+            is_error: false,
+          },
+        ],
+      },
+      assistantText("ok"),
+      axTreeToolResult("t2", "tree-2"),
+    ];
+
+    const result = compactAxTreeHistory(messages);
+
+    // 3 total AX tree blocks, keep last 2 → strip only first block (t1a)
+    const msg0 = result[0];
+    const block0 = msg0.content[0];
+    expect(block0.type).toBe("tool_result");
+    if (block0.type === "tool_result") {
+      expect(block0.content).toContain("<ax_tree_omitted />");
+      expect(block0.content).not.toContain("<ax-tree>");
+    }
+
+    // Second block in same message (t1b) should be kept
+    const block1 = msg0.content[1];
+    expect(block1.type).toBe("tool_result");
+    if (block1.type === "tool_result") {
+      expect(block1.content).toContain("<ax-tree>");
+      expect(block1.content).not.toContain("<ax_tree_omitted />");
+    }
+
+    // Last message (t2) should also be kept
+    const lastBlock = result[2].content[0];
+    expect(lastBlock.type).toBe("tool_result");
+    if (lastBlock.type === "tool_result") {
+      expect(lastBlock.content).toContain("<ax-tree>");
+    }
+  });
+
+  test("is pure — does not mutate input messages", () => {
+    const messages: Message[] = [
+      axTreeToolResult("t1", "tree-1"),
+      assistantText("ok"),
+      axTreeToolResult("t2", "tree-2"),
+      assistantText("ok"),
+      axTreeToolResult("t3", "tree-3"),
+    ];
+
+    // Deep copy to compare later
+    const originalContent = messages[0].content[0];
+    const originalText =
+      originalContent.type === "tool_result" ? originalContent.content : "";
+
+    compactAxTreeHistory(messages);
+
+    // Original message should be unchanged
+    const afterContent = messages[0].content[0];
+    const afterText =
+      afterContent.type === "tool_result" ? afterContent.content : "";
+    expect(afterText).toBe(originalText);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// escapeAxTreeContent
+// ---------------------------------------------------------------------------
+
+describe("escapeAxTreeContent", () => {
+  test("escapes literal </ax-tree> inside content", () => {
+    const input = "Some XML: <div></ax-tree></div>";
+    const result = escapeAxTreeContent(input);
+    expect(result).toBe("Some XML: <div>&lt;/ax-tree&gt;</div>");
+  });
+
+  test("handles case-insensitive matches", () => {
+    const input = "</AX-TREE> and </Ax-Tree>";
+    const result = escapeAxTreeContent(input);
+    expect(result).toBe("&lt;/ax-tree&gt; and &lt;/ax-tree&gt;");
+  });
+
+  test("returns content unchanged when no closing tags present", () => {
+    const input = "Normal AX tree content with <ax-tree> opening tag";
+    const result = escapeAxTreeContent(input);
+    expect(result).toBe(input);
+  });
+
+  test("handles empty string", () => {
+    expect(escapeAxTreeContent("")).toBe("");
+  });
+});

package/src/agent/loop.ts

@@ -14,7 +14,7 @@ import {
   applyStreamingSubstitution,
   applySubstitutions,
 } from "../tools/sensitive-output-placeholders.js";
-import { getLogger, isDebug, truncateForLog } from "../util/logger.js";
+import { getLogger } from "../util/logger.js";
 
 const log = getLogger("agent-loop");
 
@@ -35,6 +35,7 @@ export interface CheckpointInfo {
   turnIndex: number;
   toolCount: number;
   hasToolUse: boolean;
+  history: Message[]; // current history snapshot for token estimation
 }
 
 export type CheckpointDecision = "continue" | "yield";
@@ -71,7 +72,13 @@ export type AgentEvent =
       toolUseId: string;
       accumulatedJson: string;
     }
-  | { type: "server_tool_start"; name: string; toolUseId: string }
+  | {
+      type: "server_tool_start";
+      name: string;
+      toolUseId: string;
+      input: Record<string, unknown>;
+    }
+  | { type: "server_tool_complete"; toolUseId: string }
   | { type: "error"; error: Error }
   | {
       type: "usage";
@@ -179,7 +186,6 @@ export class AgentLoop {
     let toolUseTurns = 0;
     let nudgedForEmptyResponse = false;
     let lastLlmCallTime = 0;
-    const debug = isDebug();
     const rlog = requestId ? log.child({ requestId }) : log;
 
     // Per-run substitution map for sensitive output placeholders.
@@ -191,7 +197,6 @@ export class AgentLoop {
     while (true) {
       if (signal?.aborted) break;
 
-      const turnStart = Date.now();
       let toolUseBlocks: Extract<ContentBlock, { type: "tool_use" }>[] = [];
 
       try {
@@ -227,22 +232,6 @@ export class AgentLoop {
           providerConfig.tool_choice = this.config.toolChoice;
         }
 
-        if (debug) {
-          rlog.debug(
-            {
-              systemPrompt: truncateForLog(turnSystemPrompt, 200),
-              messageCount: history.length,
-              lastMessage:
-                history.length > 0
-                  ? summarizeMessage(history[history.length - 1])
-                  : null,
-              toolCount: currentTools.length,
-              config: providerConfig,
-            },
-            "Sending request to provider",
-          );
-        }
-
         const preLlmResult = await getHookManager().trigger("pre-llm-call", {
           systemPrompt: turnSystemPrompt,
           messages: history,
@@ -275,7 +264,11 @@ export class AgentLoop {
         // screenshots from accumulating in the context window. The LLM
         // already saw each image on the turn it was captured; keeping
         // base64 blobs in history rapidly exhausts the context budget.
-        const providerHistory = stripOldImageBlocks(history);
+        // Also strip old AX tree snapshots to keep TTFT from growing
+        // linearly with step count in computer-use sessions.
+        const providerHistory = compactAxTreeHistory(
+          stripOldImageBlocks(history),
+        );
 
         const response = await this.provider.sendMessage(
           providerHistory,
@@ -319,6 +312,12 @@ export class AgentLoop {
                   type: "server_tool_start",
                   name: event.name,
                   toolUseId: event.toolUseId,
+                  input: event.input,
+                });
+              } else if (event.type === "server_tool_complete") {
+                onEvent({
+                  type: "server_tool_complete",
+                  toolUseId: event.toolUseId,
                 });
               }
             },
@@ -328,33 +327,6 @@ export class AgentLoop {
 
         const providerDurationMs = Date.now() - providerStart;
 
-        if (debug) {
-          rlog.debug(
-            {
-              providerDurationMs,
-              model: response.model,
-              stopReason: response.stopReason,
-              inputTokens: response.usage.inputTokens,
-              outputTokens: response.usage.outputTokens,
-              cacheCreationInputTokens: response.usage.cacheCreationInputTokens,
-              cacheReadInputTokens: response.usage.cacheReadInputTokens,
-              contentBlocks: response.content.map((b) => ({
-                type: b.type,
-                ...(b.type === "text"
-                  ? { text: truncateForLog(b.text, 1200) }
-                  : {}),
-                ...(b.type === "tool_use"
-                  ? {
-                      name: b.name,
-                      input: truncateForLog(JSON.stringify(b.input), 1200),
-                    }
-                  : {}),
-              })),
-            },
-            "Provider response received",
-          );
-        }
-
         onEvent({
           type: "usage",
           inputTokens: response.usage.inputTokens,
@@ -443,16 +415,6 @@ export class AgentLoop {
             name: toolUse.name,
             input: toolUse.input,
           });
-
-          if (debug) {
-            rlog.debug(
-              {
-                tool: toolUse.name,
-                input: truncateForLog(JSON.stringify(toolUse.input), 300),
-              },
-              "Executing tool",
-            );
-          }
         }
 
         // If already cancelled, synthesize cancelled results and stop
@@ -469,49 +431,11 @@ export class AgentLoop {
           break;
         }
 
-        // Guard against dual-control-mode conflicts in a single turn.
-        // If the model escalates to foreground computer control, browser_* tools
-        // in the same response create competing browser sessions/windows and can
-        // thrash renderer CPU. Reject browser_* calls in that turn.
-        const hasComputerUseEscalation = toolUseBlocks.some(
-          (toolUse) => toolUse.name === "computer_use_request_control",
-        );
-        const blockedBrowserToolIds = hasComputerUseEscalation
-          ? new Set(
-              toolUseBlocks
-                .filter((toolUse) => toolUse.name.startsWith("browser_"))
-                .map((toolUse) => toolUse.id),
-            )
-          : new Set<string>();
-
-        if (blockedBrowserToolIds.size > 0) {
-          log.warn(
-            {
-              blockedBrowserToolCount: blockedBrowserToolIds.size,
-              toolNames: toolUseBlocks.map((toolUse) => toolUse.name),
-            },
-            "Blocking browser_* tools: computer_use_request_control was requested in same turn",
-          );
-        }
-
         // Execute all tools concurrently for reduced latency.
         // Race against the abort signal so cancellation isn't blocked by
         // stuck tools (e.g. a hung browser navigation).
         const toolExecutionPromise = Promise.all(
           toolUseBlocks.map(async (toolUse) => {
-            const toolStart = Date.now();
-
-            if (blockedBrowserToolIds.has(toolUse.id)) {
-              return {
-                toolUse,
-                result: {
-                  content:
-                    "Error: browser_* tools cannot run in the same turn as computer_use_request_control. Continue using the foreground computer-use session only.",
-                  isError: true,
-                },
-              };
-            }
-
             const result = await this.toolExecutor!(
               toolUse.name,
               toolUse.input,
@@ -525,20 +449,6 @@ export class AgentLoop {
               toolUse.id,
             );
 
-            const toolDurationMs = Date.now() - toolStart;
-
-            if (debug) {
-              rlog.debug(
-                {
-                  tool: toolUse.name,
-                  toolDurationMs,
-                  isError: result.isError,
-                  output: truncateForLog(result.content, 300),
-                },
-                "Tool execution complete",
-              );
-            }
-
             return { toolUse, result };
           }),
         );
@@ -658,25 +568,13 @@ export class AgentLoop {
         // Add tool results as a user message and continue the loop
         history.push({ role: "user", content: resultBlocks });
 
-        if (debug) {
-          const turnDurationMs = Date.now() - turnStart;
-          rlog.debug(
-            {
-              turnDurationMs,
-              providerDurationMs,
-              toolCount: toolUseBlocks.length,
-              turn: toolUseTurns,
-            },
-            "Turn complete",
-          );
-        }
-
         // Invoke checkpoint callback after tool results are in history
         if (onCheckpoint) {
           const decision = onCheckpoint({
             turnIndex: toolUseTurns - 1, // 0-based (toolUseTurns was already incremented)
             toolCount: toolUseBlocks.length,
             hasToolUse: true,
+            history,
           });
           if (decision === "yield") {
             break;
@@ -715,14 +613,89 @@ export class AgentLoop {
   }
 }
 
-function summarizeMessage(msg: Message): {
-  role: string;
-  blockTypes: string[];
-} {
-  return {
-    role: msg.role,
-    blockTypes: msg.content.map((b) => b.type),
-  };
+/** Number of most-recent AX tree snapshots to keep in conversation history. */
+const MAX_AX_TREES_IN_HISTORY = 2;
+
+/** Regex that matches the `<ax-tree>...</ax-tree>` markers. */
+const AX_TREE_PATTERN = /<ax-tree>[\s\S]*?<\/ax-tree>/g;
+const AX_TREE_PLACEHOLDER = "<ax_tree_omitted />";
+
+/**
+ * Escapes any literal `</ax-tree>` occurrences inside AX tree content so
+ * that the non-greedy compaction regex (`AX_TREE_PATTERN`) does not stop
+ * prematurely when the user happens to be viewing XML/HTML source that
+ * contains the closing tag.  The escaped content does not need to be
+ * unescaped because compaction replaces the entire block with a placeholder.
+ */
+export function escapeAxTreeContent(content: string): string {
+  return content.replace(/<\/ax-tree>/gi, "&lt;/ax-tree&gt;");
+}
+
+/**
+ * Returns a shallow copy of `messages` where all but the most recent
+ * `MAX_AX_TREES_IN_HISTORY` `<ax-tree>` blocks have been replaced with a
+ * short placeholder.  This keeps the conversation context small so that
+ * TTFT does not grow linearly with step count in computer-use sessions.
+ *
+ * Counting is per-block, not per-message — a single user message can
+ * contain multiple tool_result blocks each with their own AX tree snapshot.
+ */
+export function compactAxTreeHistory(messages: Message[]): Message[] {
+  // Collect (messageIndex, blockIndex) for every tool_result block with <ax-tree>
+  const axBlocks: Array<{ msgIdx: number; blockIdx: number }> = [];
+  for (let i = 0; i < messages.length; i++) {
+    const msg = messages[i];
+    if (msg.role !== "user") continue;
+    for (let j = 0; j < msg.content.length; j++) {
+      const block = msg.content[j];
+      if (
+        block.type === "tool_result" &&
+        typeof block.content === "string" &&
+        block.content.includes("<ax-tree>")
+      ) {
+        axBlocks.push({ msgIdx: i, blockIdx: j });
+      }
+    }
+  }
+
+  if (axBlocks.length <= MAX_AX_TREES_IN_HISTORY) {
+    return messages;
+  }
+
+  // Build a set of "msgIdx:blockIdx" keys for blocks that should be stripped
+  const toStrip = new Set(
+    axBlocks
+      .slice(0, -MAX_AX_TREES_IN_HISTORY)
+      .map((b) => `${b.msgIdx}:${b.blockIdx}`),
+  );
+
+  return messages.map((msg, idx) => {
+    // Quick check: does this message have any blocks to strip?
+    const hasStripTarget = msg.content.some((_, j) =>
+      toStrip.has(`${idx}:${j}`),
+    );
+    if (!hasStripTarget) return msg;
+
+    return {
+      ...msg,
+      content: msg.content.map((block, j) => {
+        if (
+          toStrip.has(`${idx}:${j}`) &&
+          block.type === "tool_result" &&
+          typeof block.content === "string"
+        ) {
+          return {
+            ...block,
+            content: block.content.replace(
+              AX_TREE_PATTERN,
+              AX_TREE_PLACEHOLDER,
+            ),
+          };
+        }
+        return block;
+      }),
+    };
+  });
 }
 
 /**

package/src/approvals/AGENTS.md

@@ -16,7 +16,7 @@ Conversational guardian verification control-plane invocation is guardian-only.
 
 ## Memory Provenance Invariant
 
-All memory extraction and retrieval decisions must consider actor-role provenance. Untrusted actors (non-guardian, unverified_channel) must not trigger profile extraction or receive memory recall/conflict disclosures. This invariant is enforced in `indexer.ts` (write gate) and `session-memory.ts` (read gate).
+All memory retrieval decisions must consider actor-role provenance. Untrusted actors (non-guardian, unverified_channel) must not receive memory recall results. This invariant is enforced in `indexer.ts` (write gate) and `session-memory.ts` (read gate).
 
 ## Guardian Privilege Isolation Invariant
 

package/src/approvals/guardian-request-resolvers.ts

@@ -424,11 +424,17 @@ const accessRequestResolver: GuardianRequestResolver = {
           dedupeKey: `trusted-contact:denied:${request.id}`,
         });
       } else if (desktopDeliverUrl && requesterChatId) {
+        // For Slack, route to DM via requesterExternalUserId (user ID) instead
+        // of requesterChatId (channel ID) to avoid posting in public channels.
+        const targetChatId =
+          channel === "slack" && requesterExternalUserId
+            ? requesterExternalUserId
+            : requesterChatId;
         try {
           await deliverChannelReply(
             desktopDeliverUrl,
             {
-              chatId: requesterChatId,
+              chatId: targetChatId,
               text: "Your access request has been denied by the guardian.",
               assistantId,
             },
@@ -601,11 +607,17 @@ const accessRequestResolver: GuardianRequestResolver = {
         });
       }
     } else if (desktopDeliverUrl && requesterChatId) {
+      // For Slack, route to DM via requesterExternalUserId (user ID) instead
+      // of requesterChatId (channel ID) to avoid posting in public channels.
+      const targetChatId =
+        channel === "slack" && requesterExternalUserId
+          ? requesterExternalUserId
+          : requesterChatId;
       try {
         await deliverChannelReply(
           desktopDeliverUrl,
           {
-            chatId: requesterChatId,
+            chatId: targetChatId,
             text:
               "Your access request has been approved! " +
               "Please enter the 6-digit verification code you receive from the guardian.",