@vellumai/assistant 0.4.48 → 0.4.50

package/src/cli.ts

@@ -3,7 +3,7 @@ import { appendFileSync, mkdirSync, readFileSync } from "node:fs";
 import { dirname } from "node:path";
 import * as readline from "node:readline";
 
-import { httpHealthCheck, httpSend, readHttpToken } from "./cli/http-client.js";
+import { httpSend } from "./cli/http-client.js";
 import {
   type MainScreenLayout,
   renderMainScreen,
@@ -11,6 +11,7 @@ import {
   updateStatusText,
 } from "./cli/main-screen.jsx";
 import { shouldAutoStartDaemon } from "./daemon/connection-policy.js";
+import { isHttpHealthy } from "./daemon/daemon-control.js";
 import { ensureDaemonRunning } from "./daemon/lifecycle.js";
 import type {
   ConfirmationRequest,
@@ -637,7 +638,7 @@ export async function startCli(): Promise<void> {
       case "memory_recalled":
         spinner.stop();
         process.stdout.write(
-          `\n\x1B[2m[Memory recalled: ${msg.injectedTokens} tokens | lexical ${msg.lexicalHits} | semantic ${msg.semanticHits} | recency ${msg.recencyHits} | entity ${msg.entityHits} | merged ${msg.mergedCount} → selected ${msg.selectedCount}${msg.rerankApplied ? " (reranked)" : ""} | ${msg.provider}/${msg.model} | ${msg.latencyMs}ms]\x1B[0m\n`,
+          `\n\x1B[2m[Memory recalled: ${msg.injectedTokens} tokens | t1 ${msg.tier1Count} t2 ${msg.tier2Count} | semantic ${msg.semanticHits} | recency ${msg.recencyHits} | merged ${msg.mergedCount} → selected ${msg.selectedCount}${msg.sparseVectorUsed ? " (sparse)" : ""} | hybrid ${msg.hybridSearchLatencyMs}ms | ${msg.provider}/${msg.model} | ${msg.latencyMs}ms]\x1B[0m\n`,
         );
         spinner.start("Thinking...");
         break;
@@ -885,17 +886,10 @@ export async function startCli(): Promise<void> {
 
   /** Connect the SSE event stream for the current conversation. */
   async function connectSse(): Promise<void> {
-    const token = readHttpToken();
     const controller = new AbortController();
     sseAbortController = controller;
 
     const url = `/v1/events?conversationKey=${encodeURIComponent(conversationKey)}`;
-    const headers: Record<string, string> = {
-      Accept: "text/event-stream",
-    };
-    if (token) {
-      headers["Authorization"] = `Bearer ${token}`;
-    }
 
     try {
       const response = await httpSend(url, {
@@ -1010,7 +1004,7 @@ export async function startCli(): Promise<void> {
       try {
         if (shouldAutoStartDaemon()) await ensureDaemonRunning();
         // Verify the daemon is healthy before attempting SSE
-        const healthy = await httpHealthCheck(2000);
+        const healthy = await isHttpHealthy();
         if (!healthy) throw new Error("Health check failed");
         await connectSse();
         reconnectDelay = RECONNECT_BASE_DELAY_MS;

package/src/config/assistant-feature-flags.ts

@@ -42,10 +42,7 @@ function loadDefaultsRegistry(): FeatureFlagDefaultsRegistry {
   if (cachedDefaults) return cachedDefaults;
 
   const thisDir = import.meta.dirname ?? __dirname;
-  const envPath = process.env.FEATURE_FLAG_DEFAULTS_PATH?.trim();
   const candidates = [
-    // Explicit override (primarily for tests / controlled environments)
-    ...(envPath ? [envPath] : []),
     // Bundled: co-located copy in the same directory as this source file.
     // Works in Docker / packaged builds where the repo-root `meta/` dir
     // is not available.

package/src/config/bundled-skills/_shared/CLI_RETRIEVAL_PATTERN.md

@@ -6,7 +6,7 @@ For account and auth workflows, prefer documented `assistant` CLI commands over
 any generic account registry:
 
 - `assistant credentials ...` for stored secrets and credential metadata
-- `assistant oauth token <service>` for OAuth-backed integrations
+- `assistant oauth connections token <provider-key>` for OAuth-backed integrations
 - `assistant mcp auth <name>` when an MCP server needs browser login
 - `assistant platform status` for platform-linked deployment/auth context
 

package/src/config/bundled-skills/computer-use/SKILL.md

@@ -10,13 +10,10 @@ metadata:
     disable-model-invocation: true
 ---
 
-This skill provides the 12 computer*use*\* action tools for controlling
-the macOS desktop (used by CU sessions).
+This skill provides the computer_use_* action tools for controlling
+the macOS desktop. CU tools run through the main agent loop via HostCuProxy.
 
-The `computer_use_request_control` escalation tool is registered in the core
-registry (not this skill) so text_qa sessions can execute it directly.
-
-The skill is internally preactivated for computer-use sessions.
+The skill is internally preactivated for sessions with a connected desktop client.
 
 Tools in this skill are proxy tools — execution is forwarded to the connected
 macOS client, never handled locally by the assistant.

package/src/config/bundled-skills/computer-use/TOOLS.json

@@ -1,9 +1,27 @@
 {
   "version": 1,
   "tools": [
+    {
+      "name": "computer_use_observe",
+      "description": "Capture the current screen state. Returns the accessibility tree with [ID] element references and optionally a screenshot.\n\nThe accessibility tree shows interactive elements like [3] AXButton 'Save' or [17] AXTextField 'Search'. Use element_id to target these elements in subsequent actions — this is much more reliable than pixel coordinates.\n\nCall this before your first computer use action, or to check screen state without acting.",
+      "category": "computer-use",
+      "risk": "low",
+      "input_schema": {
+        "type": "object",
+        "properties": {
+          "reason": {
+            "type": "string",
+            "description": "Brief non-technical explanation of why this tool is being called"
+          }
+        },
+        "required": ["reason"]
+      },
+      "executor": "tools/computer-use-observe.ts",
+      "execution_target": "host"
+    },
     {
       "name": "computer_use_click",
-      "description": "Click on a UI element by its [ID] from the accessibility tree, or at raw screen coordinates as fallback. Supports single click, double-click, and right-click via the click_type parameter.",
+      "description": "Click an element on screen. Prefer element_id (from the accessibility tree) over x/y coordinates.",
       "category": "computer-use",
       "risk": "low",
       "input_schema": {
@@ -42,7 +60,7 @@
     },
     {
       "name": "computer_use_type_text",
-      "description": "Type text at the current cursor position. The target field must already be focused (click it first).",
+      "description": "Type text at the current cursor position. First click a text field (by element_id) to focus it, then call this tool. If a field shows 'FOCUSED', skip the click.",
       "category": "computer-use",
       "risk": "low",
       "input_schema": {
@@ -235,7 +253,7 @@
     },
     {
       "name": "computer_use_run_applescript",
-      "description": "Execute an AppleScript to control applications via Apple's scripting bridge. Use this for operations that are more reliable through scripting than UI interaction: setting a browser URL directly, navigating Finder to a path, querying app state (tab count, window titles, document status), or clicking deeply nested menu items. The script's return value (if any) will be reported back. NEVER use \"do shell script\" \u2014 it is blocked for security. Keep scripts short and targeted to a single operation.",
+      "description": "Run an AppleScript command. Prefer this over click/type when possible \u2014 it doesn't move the cursor or interrupt the user. Never use 'do shell script' inside AppleScript (blocked for security).",
       "category": "computer-use",
       "risk": "low",
       "input_schema": {
@@ -261,7 +279,7 @@
     },
     {
       "name": "computer_use_done",
-      "description": "Task is complete",
+      "description": "Signal that the computer use task is complete. Provide a summary of what was accomplished. This ends the computer use session.",
       "category": "computer-use",
       "risk": "low",
       "input_schema": {
@@ -283,7 +301,7 @@
     },
     {
       "name": "computer_use_respond",
-      "description": "Respond directly to the user with a text answer. Use this when the user is asking a question (about their schedule, meetings, calendar, etc.) rather than asking you to control the computer.",
+      "description": "Respond to the user with a text answer instead of performing computer actions. Use this when you can answer directly without interacting with the screen.",
       "category": "computer-use",
       "risk": "low",
       "input_schema": {

package/src/config/bundled-skills/computer-use/tools/{computer-use-request-control.ts → computer-use-observe.ts}

@@ -8,9 +8,5 @@ export async function run(
   input: Record<string, unknown>,
   context: ToolContext,
 ): Promise<ToolExecutionResult> {
-  return forwardComputerUseProxyTool(
-    "computer_use_request_control",
-    input,
-    context,
-  );
+  return forwardComputerUseProxyTool("computer_use_observe", input, context);
 }

package/src/config/bundled-skills/google-calendar/calendar-client.ts

@@ -1,5 +1,6 @@
 import type { OAuthConnection } from "../../../oauth/connection.js";
-import { GOOGLE_CALENDAR_BASE_URL } from "../../../oauth/provider-base-urls.js";
+
+const GOOGLE_CALENDAR_BASE_URL = "https://www.googleapis.com/calendar/v3";
 import type {
   CalendarEvent,
   CalendarEventsListResponse,
@@ -23,6 +24,7 @@ async function request<T>(
   connection: OAuthConnection,
   path: string,
   options?: RequestInit,
+  query?: Record<string, string | string[]>,
 ): Promise<T> {
   const method = (options?.method ?? "GET").toUpperCase();
 
@@ -65,6 +67,7 @@ async function request<T>(
   const resp = await connection.request({
     method,
     path,
+    query,
     baseUrl: GOOGLE_CALENDAR_BASE_URL,
     headers: {
       "Content-Type": "application/json",
@@ -106,29 +109,31 @@ export async function listEvents(
     syncToken?: string;
   },
 ): Promise<CalendarEventsListResponse> {
-  const params = new URLSearchParams();
+  const query: Record<string, string> = {};
 
-  if (options?.timeMin) params.set("timeMin", options.timeMin);
-  if (options?.timeMax) params.set("timeMax", options.timeMax);
-  params.set("maxResults", String(options?.maxResults ?? 25));
-  if (options?.query) params.set("q", options.query);
+  if (options?.timeMin) query.timeMin = options.timeMin;
+  if (options?.timeMax) query.timeMax = options.timeMax;
+  query.maxResults = String(options?.maxResults ?? 25);
+  if (options?.query) query.q = options.query;
 
   // Default to expanding recurring events into instances
   const singleEvents = options?.singleEvents ?? true;
-  params.set("singleEvents", String(singleEvents));
+  query.singleEvents = String(singleEvents);
 
   if (singleEvents && options?.orderBy) {
-    params.set("orderBy", options.orderBy);
+    query.orderBy = options.orderBy;
   } else if (singleEvents) {
-    params.set("orderBy", "startTime");
+    query.orderBy = "startTime";
   }
 
-  if (options?.pageToken) params.set("pageToken", options.pageToken);
-  if (options?.syncToken) params.set("syncToken", options.syncToken);
+  if (options?.pageToken) query.pageToken = options.pageToken;
+  if (options?.syncToken) query.syncToken = options.syncToken;
 
   return request<CalendarEventsListResponse>(
     connection,
-    `/calendars/${encodeURIComponent(calendarId)}/events?${params}`,
+    `/calendars/${encodeURIComponent(calendarId)}/events`,
+    undefined,
+    query,
   );
 }
 
@@ -160,14 +165,14 @@ export async function createEvent(
   calendarId = "primary",
   sendUpdates: "all" | "externalOnly" | "none" = "all",
 ): Promise<CalendarEvent> {
-  const params = new URLSearchParams({ sendUpdates });
   return request<CalendarEvent>(
     connection,
-    `/calendars/${encodeURIComponent(calendarId)}/events?${params}`,
+    `/calendars/${encodeURIComponent(calendarId)}/events`,
     {
       method: "POST",
       body: JSON.stringify(event),
     },
+    { sendUpdates },
   );
 }
 
@@ -186,16 +191,16 @@ export async function patchEvent(
   calendarId = "primary",
   sendUpdates: "all" | "externalOnly" | "none" = "all",
 ): Promise<CalendarEvent> {
-  const params = new URLSearchParams({ sendUpdates });
   return request<CalendarEvent>(
     connection,
     `/calendars/${encodeURIComponent(calendarId)}/events/${encodeURIComponent(
       eventId,
-    )}?${params}`,
+    )}`,
     {
       method: "PATCH",
       body: JSON.stringify(updates),
     },
+    { sendUpdates },
   );
 }
 

package/src/config/bundled-skills/messaging/tools/shared.ts

@@ -6,7 +6,6 @@ import type { MessagingProvider } from "../../../../messaging/provider.js";
 import {
   getConnectedProviders,
   getMessagingProvider,
-  isPlatformEnabled,
 } from "../../../../messaging/registry.js";
 import type { OAuthConnection } from "../../../../oauth/connection.js";
 import { resolveOAuthConnection } from "../../../../oauth/connection-resolver.js";
@@ -110,9 +109,7 @@ export function extractEmail(address: string): string {
 export function resolveProvider(platformInput?: string): MessagingProvider {
   if (platformInput) return getMessagingProvider(platformInput);
 
-  const connected = getConnectedProviders().filter((p) =>
-    isPlatformEnabled(p.id),
-  );
+  const connected = getConnectedProviders();
   if (connected.length === 1) return connected[0];
   if (connected.length === 0) {
     throw new Error(

package/src/config/bundled-skills/settings/SKILL.md

@@ -9,4 +9,4 @@ metadata:
     user-invocable: true
 ---
 
-Tools for managing assistant settings: voice configuration (TTS voice, PTT activation key, wake word), avatar generation, system settings navigation, and in-app settings tab navigation.
+Tools for managing assistant settings: voice configuration (TTS voice, PTT activation key, conversation timeout), avatar generation, system settings navigation, and in-app settings tab navigation.

package/src/config/bundled-skills/settings/TOOLS.json

@@ -3,7 +3,7 @@
   "tools": [
     {
       "name": "voice_config_update",
-      "description": "Update a voice configuration setting (TTS voice ID, PTT activation key, wake word enabled/keyword/timeout). Changes take effect immediately.",
+      "description": "Update a voice configuration setting (TTS voice ID, PTT activation key, conversation timeout). Changes take effect immediately.",
       "category": "system",
       "risk": "low",
       "input_schema": {
@@ -11,13 +11,7 @@
         "properties": {
           "setting": {
             "type": "string",
-            "enum": [
-              "activation_key",
-              "wake_word_enabled",
-              "wake_word_keyword",
-              "wake_word_timeout",
-              "tts_voice_id"
-            ],
+            "enum": ["activation_key", "conversation_timeout", "tts_voice_id"],
             "description": "The voice setting to change"
           },
           "value": {

package/src/config/bundled-skills/settings/tools/voice-config-update.ts

@@ -18,16 +18,8 @@ const VOICE_SETTINGS = {
     userDefaultsKey: "pttActivationKey",
     type: "string" as const,
   },
-  wake_word_enabled: {
-    userDefaultsKey: "wakeWordEnabled",
-    type: "boolean" as const,
-  },
-  wake_word_keyword: {
-    userDefaultsKey: "wakeWordKeyword",
-    type: "string" as const,
-  },
-  wake_word_timeout: {
-    userDefaultsKey: "wakeWordTimeoutSeconds",
+  conversation_timeout: {
+    userDefaultsKey: "voiceConversationTimeoutSeconds",
     type: "number" as const,
   },
   tts_voice_id: { userDefaultsKey: "ttsVoiceId", type: "string" as const },
@@ -41,9 +33,7 @@ const VALID_TIMEOUTS = [5, 10, 15, 30, 60];
 
 const FRIENDLY_NAMES: Record<VoiceSettingName, string> = {
   activation_key: "PTT activation key",
-  wake_word_enabled: "Wake word",
-  wake_word_keyword: "Wake word keyword",
-  wake_word_timeout: "Wake word timeout",
+  conversation_timeout: "Conversation timeout",
   tts_voice_id: "ElevenLabs voice",
 };
 
@@ -76,30 +66,12 @@ function validateSetting(
       }
       return { ok: true, coerced: result.value };
     }
-    case "wake_word_enabled": {
-      if (typeof value === "boolean") return { ok: true, coerced: value };
-      if (value === "true") return { ok: true, coerced: true };
-      if (value === "false") return { ok: true, coerced: false };
-      return {
-        ok: false,
-        error: 'wake_word_enabled must be a boolean (or "true"/"false" string)',
-      };
-    }
-    case "wake_word_keyword": {
-      if (typeof value !== "string" || value.trim().length === 0) {
-        return {
-          ok: false,
-          error: "wake_word_keyword must be a non-empty string",
-        };
-      }
-      return { ok: true, coerced: value.trim() };
-    }
-    case "wake_word_timeout": {
+    case "conversation_timeout": {
       const num = typeof value === "number" ? value : Number(value);
       if (Number.isNaN(num) || !VALID_TIMEOUTS.includes(num)) {
         return {
           ok: false,
-          error: `wake_word_timeout must be one of: ${VALID_TIMEOUTS.join(
+          error: `conversation_timeout must be one of: ${VALID_TIMEOUTS.join(
             ", ",
           )}`,
         };

package/src/config/bundled-tool-registry.ts

@@ -48,6 +48,7 @@ import * as computerUseClick from "./bundled-skills/computer-use/tools/computer-
 import * as computerUseDone from "./bundled-skills/computer-use/tools/computer-use-done.js";
 import * as computerUseDrag from "./bundled-skills/computer-use/tools/computer-use-drag.js";
 import * as computerUseKey from "./bundled-skills/computer-use/tools/computer-use-key.js";
+import * as computerUseObserve from "./bundled-skills/computer-use/tools/computer-use-observe.js";
 import * as computerUseOpenApp from "./bundled-skills/computer-use/tools/computer-use-open-app.js";
 import * as computerUseRespond from "./bundled-skills/computer-use/tools/computer-use-respond.js";
 import * as computerUseRunApplescript from "./bundled-skills/computer-use/tools/computer-use-run-applescript.js";
@@ -88,8 +89,6 @@ import * as calendarListEvents from "./bundled-skills/google-calendar/tools/cale
 import * as calendarRsvp from "./bundled-skills/google-calendar/tools/calendar-rsvp.js";
 // ── image-studio ───────────────────────────────────────────────────────────────
 import * as mediaGenerateImage from "./bundled-skills/image-studio/tools/media-generate-image.js";
-// ── knowledge-graph ────────────────────────────────────────────────────────────
-import * as graphQuery from "./bundled-skills/knowledge-graph/tools/graph-query.js";
 // ── media-processing ───────────────────────────────────────────────────────────
 import * as analyzeKeyframes from "./bundled-skills/media-processing/tools/analyze-keyframes.js";
 import * as extractKeyframes from "./bundled-skills/media-processing/tools/extract-keyframes.js";
@@ -219,6 +218,7 @@ export const bundledToolRegistry = new Map<string, SkillToolScript>([
   ["claude-code:tools/claude-code.ts", claudeCode],
 
   // computer-use
+  ["computer-use:tools/computer-use-observe.ts", computerUseObserve],
   ["computer-use:tools/computer-use-click.ts", computerUseClick],
   ["computer-use:tools/computer-use-type-text.ts", computerUseTypeText],
   ["computer-use:tools/computer-use-key.ts", computerUseKey],
@@ -276,9 +276,6 @@ export const bundledToolRegistry = new Map<string, SkillToolScript>([
   // image-studio
   ["image-studio:tools/media-generate-image.ts", mediaGenerateImage],
 
-  // knowledge-graph
-  ["knowledge-graph:tools/graph-query.ts", graphQuery],
-
   // media-processing
   ["media-processing:tools/ingest-media.ts", ingestMedia],
   ["media-processing:tools/media-status.ts", mediaStatus],

package/src/config/env-registry.ts

@@ -24,13 +24,6 @@ function flag(name: string): boolean {
   return raw === "true" || raw === "1";
 }
 
-function flagTriState(name: string): boolean | undefined {
-  const raw = str(name);
-  if (raw === "true" || raw === "1") return true;
-  if (raw === "false" || raw === "0") return false;
-  return undefined;
-}
-
 // ── Registry ─────────────────────────────────────────────────────────────────
 // Each entry documents the env var name, type, default, and purpose.
 
@@ -43,62 +36,6 @@ export function getBaseDataDir(): string | undefined {
   return str("BASE_DATA_DIR");
 }
 
-/**
- * VELLUM_DAEMON_TCP_PORT — number, default: 8765
- * TCP port for the daemon's TCP listener (used by iOS clients).
- */
-export function getDaemonTcpPort(): number {
-  const raw = str("VELLUM_DAEMON_TCP_PORT");
-  if (raw) {
-    const port = parseInt(raw, 10);
-    if (!isNaN(port) && port > 0 && port <= 65535) return port;
-  }
-  return 8765;
-}
-
-/**
- * VELLUM_DAEMON_TCP_ENABLED — boolean tri-state, default: undefined (falls back to flag file)
- * Whether the daemon TCP listener should be active.
- * 'true'/'1' → on, 'false'/'0' → off, unset → check flag file.
- */
-export function getDaemonTcpEnabled(): boolean | undefined {
-  return flagTriState("VELLUM_DAEMON_TCP_ENABLED");
-}
-
-/**
- * VELLUM_DAEMON_TCP_HOST — string, default: context-dependent (127.0.0.1 or 0.0.0.0)
- * Hostname/address for the TCP listener. When unset, platform.ts resolves
- * based on whether iOS pairing is enabled.
- */
-export function getDaemonTcpHost(): string | undefined {
-  return str("VELLUM_DAEMON_TCP_HOST");
-}
-
-/**
- * VELLUM_DAEMON_IOS_PAIRING — boolean tri-state, default: undefined (falls back to flag file)
- * Whether iOS pairing mode is enabled. When on, TCP binds to 0.0.0.0.
- * 'true'/'1' → on, 'false'/'0' → off, unset → check flag file.
- */
-export function getDaemonIosPairing(): boolean | undefined {
-  return flagTriState("VELLUM_DAEMON_IOS_PAIRING");
-}
-
-/**
- * VELLUM_DEBUG — boolean, default: false
- * Enables debug-level logging and verbose output.
- */
-export function getDebugMode(): boolean {
-  return flag("VELLUM_DEBUG");
-}
-
-/**
- * VELLUM_LOG_STDERR — boolean, default: false
- * Forces logger output to stderr instead of log files.
- */
-export function getLogStderr(): boolean {
-  return flag("VELLUM_LOG_STDERR");
-}
-
 /**
  * DEBUG_STDOUT_LOGS — boolean, default: false
  * Enables additional log output to stdout (alongside file logging).
@@ -107,14 +44,6 @@ export function getDebugStdoutLogs(): boolean {
   return flag("DEBUG_STDOUT_LOGS");
 }
 
-/**
- * VELLUM_ENABLE_MONITORING — boolean, default: false
- * Enables monitoring/telemetry (Logfire, etc.).
- */
-export function getEnableMonitoring(): boolean {
-  return flag("VELLUM_ENABLE_MONITORING");
-}
-
 /**
  * IS_CONTAINERIZED — boolean, default: false
  * When true, indicates the assistant is running inside a container (e.g. Docker).
@@ -132,24 +61,26 @@ export function getIsContainerized(): boolean {
  * to warn about typos or unrecognized variables.
  */
 const KNOWN_VELLUM_VARS = new Set([
-  "VELLUM_DAEMON_TCP_PORT",
-  "VELLUM_DAEMON_TCP_ENABLED",
-  "VELLUM_DAEMON_TCP_HOST",
-  "VELLUM_DAEMON_IOS_PAIRING",
-  "VELLUM_DAEMON_NOAUTH",
+  "VELLUM_ASSISTANT_NAME",
+  "VELLUM_AWS_ROLE_ARN",
+  "VELLUM_CLAUDE_CODE_DEPTH",
+  "VELLUM_CUSTOM_QR_CODE_PATH",
   "VELLUM_DAEMON_AUTOSTART",
-  "VELLUM_DEBUG",
-  "VELLUM_LOG_STDERR",
-  "VELLUM_ENABLE_MONITORING",
+  "VELLUM_DAEMON_NOAUTH",
+  "VELLUM_DATA_DIR",
+  "VELLUM_DESKTOP_APP",
+  "VELLUM_DEV",
+  "VELLUM_ENABLE_INSECURE_LAN_PAIRING",
+  "VELLUM_HATCHED_BY",
   "VELLUM_HOOK_EVENT",
   "VELLUM_HOOK_NAME",
   "VELLUM_HOOK_SETTINGS",
+  "VELLUM_LOCKFILE_DIR",
+  "VELLUM_PLATFORM_URL",
   "VELLUM_ROOT_DIR",
-  "VELLUM_WORKSPACE_DIR",
-  "VELLUM_CLAUDE_CODE_DEPTH",
-  "VELLUM_ASSISTANT_PLATFORM_URL",
+  "VELLUM_SSH_USER",
   "VELLUM_UNSAFE_AUTH_BYPASS",
-  "VELLUM_DATA_DIR",
+  "VELLUM_WORKSPACE_DIR",
 ]);
 
 /**

package/src/config/env.ts

@@ -8,17 +8,13 @@
  * - Fail-fast validation via validateEnv() at startup
  * - Shared derived values (e.g. gateway base URL) instead of duplicated logic
  *
- * Bootstrap-level env vars (BASE_DATA_DIR, VELLUM_DAEMON_*, VELLUM_DEBUG,
- * VELLUM_LOG_STDERR, DEBUG_STDOUT_LOGS) are defined in config/env-registry.ts
- * which has no internal dependencies and can be imported from platform/logger
- * without circular imports.
+ * Bootstrap-level env vars (BASE_DATA_DIR, DEBUG_STDOUT_LOGS) are defined
+ * in config/env-registry.ts which has no internal dependencies and can be
+ * imported from platform/logger without circular imports.
  */
 
 import { getLogger } from "../util/logger.js";
-import {
-  checkUnrecognizedEnvVars,
-  getEnableMonitoring,
-} from "./env-registry.js";
+import { checkUnrecognizedEnvVars } from "./env-registry.js";
 
 const log = getLogger("env");
 
@@ -55,33 +51,23 @@ export function getGatewayPort(): number {
   return int("GATEWAY_PORT", DEFAULT_GATEWAY_PORT);
 }
 
-/**
- * Resolve the gateway base URL for internal service-to-service calls.
- * Prefers GATEWAY_INTERNAL_BASE_URL if set, then INTERNAL_GATEWAY_BASE_URL
- * (used by skill subprocesses), otherwise derives from port.
- */
+/** Resolve the gateway base URL for internal service-to-service calls. */
 export function getGatewayInternalBaseUrl(): string {
-  const explicit = str("GATEWAY_INTERNAL_BASE_URL");
-  if (explicit) return explicit.replace(/\/+$/, "");
-  const skillInjected = str("INTERNAL_GATEWAY_BASE_URL");
-  if (skillInjected) return skillInjected.replace(/\/+$/, "");
   return `http://127.0.0.1:${getGatewayPort()}`;
 }
 
 // ── Ingress ──────────────────────────────────────────────────────────────────
 
-/** Read the INGRESS_PUBLIC_BASE_URL env var (may be mutated at runtime by config handlers). */
+let _ingressPublicBaseUrl: string | undefined;
+
+/** Read the ingress public base URL (module-level state, mutated at runtime by config handlers). */
 export function getIngressPublicBaseUrl(): string | undefined {
-  return str("INGRESS_PUBLIC_BASE_URL");
+  return _ingressPublicBaseUrl;
 }
 
-/** Set or clear the INGRESS_PUBLIC_BASE_URL env var (used by config handlers). */
+/** Set or clear the ingress public base URL (used by config handlers). */
 export function setIngressPublicBaseUrl(value: string | undefined): void {
-  if (value) {
-    process.env.INGRESS_PUBLIC_BASE_URL = value;
-  } else {
-    delete process.env.INGRESS_PUBLIC_BASE_URL;
-  }
+  _ingressPublicBaseUrl = value;
 }
 
 // ── Runtime HTTP ─────────────────────────────────────────────────────────────
@@ -117,37 +103,12 @@ export function hasUngatedHttpAuthDisabled(): boolean {
   return str("VELLUM_UNSAFE_AUTH_BYPASS")?.trim() !== "1";
 }
 
-// ── Twilio ───────────────────────────────────────────────────────────────────
-
-export function getTwilioPhoneNumberEnv(): string | undefined {
-  return str("TWILIO_PHONE_NUMBER");
-}
-
-export function getTwilioUserPhoneNumber(): string | undefined {
-  return str("TWILIO_USER_PHONE_NUMBER");
-}
-
-export function isTwilioWebhookValidationDisabled(): boolean {
-  // Intentionally strict: only exact "true" disables validation (not "1").
-  // This is a security-sensitive bypass — we don't want environments that
-  // template booleans as "1" to silently skip webhook signature checks.
-  return process.env.TWILIO_WEBHOOK_VALIDATION_DISABLED === "true";
-}
-
-export function getCallWelcomeGreeting(): string | undefined {
-  return str("CALL_WELCOME_GREETING");
-}
-
 // ── Monitoring ───────────────────────────────────────────────────────────────
 
 export function getLogfireToken(): string | undefined {
   return str("LOGFIRE_TOKEN");
 }
 
-export function isMonitoringEnabled(): boolean {
-  return getEnableMonitoring();
-}
-
 const DEFAULT_SENTRY_DSN =
   "https://db2d38a082e4ee35eeaea08c44b376ec@o4504590528675840.ingest.us.sentry.io/4510874712276992";