@vellumai/assistant 0.4.48 → 0.4.50

package/src/permissions/prompter.ts

@@ -84,7 +84,10 @@ export class PermissionPrompter {
           "Permission prompt timed out, defaulting to deny",
         );
         this.onStateChanged?.(requestId, "timed_out", "timeout", toolUseId);
-        resolve({ decision: "deny" });
+        resolve({
+          decision: "deny",
+          decisionContext: `The permission prompt for the "${toolName}" tool timed out. The user did not explicitly deny this request — they may have been away or busy. You may retry this tool call if it is still needed for the current task.`,
+        });
       }, timeoutMs);
 
       this.pending.set(requestId, { resolve, reject, timer, toolUseId });
@@ -121,6 +124,7 @@ export class PermissionPrompter {
         executionTarget,
         persistentDecisionsAllowed: persistentDecisionsAllowed ?? true,
         temporaryOptionsAvailable,
+        toolUseId,
       });
 
       this.onStateChanged?.(requestId, "pending", "system", toolUseId);
@@ -131,6 +135,11 @@ export class PermissionPrompter {
     return this.pending.has(requestId);
   }
 
+  /** Returns all currently pending request IDs. */
+  getPendingRequestIds(): string[] {
+    return [...this.pending.keys()];
+  }
+
   /** Returns the toolUseId associated with a pending request, if any. */
   getToolUseId(requestId: string): string | undefined {
     return this.pending.get(requestId)?.toolUseId;

package/src/permissions/trust-store.ts

@@ -76,6 +76,19 @@ function getCompiledPattern(pattern: string): Minimatch | null {
   return compiled;
 }
 
+/**
+ * Check whether a minimatch pattern matches a candidate string.
+ * Reuses the compiled pattern cache from trust rule evaluation.
+ */
+export function patternMatchesCandidate(
+  pattern: string,
+  candidate: string,
+): boolean {
+  const compiled = getCompiledPattern(pattern);
+  if (!compiled) return false;
+  return compiled.match(candidate);
+}
+
 /** Rebuild the compiled pattern cache from the current rule set. */
 function rebuildPatternCache(rules: TrustRule[]): void {
   compiledPatterns.clear();
@@ -270,12 +283,28 @@ function loadFromDisk(): TrustRule[] {
       // Restore persisted starter bundle flag
       cachedStarterBundleAccepted = data.starterBundleAccepted === true;
 
+      // Defense-in-depth: strip any __internal: prefixed rules that may have
+      // been hand-edited into trust.json.
+      const sanitizedRules = rawRules.filter((r) => {
+        if (typeof r.tool === "string" && r.tool.startsWith("__internal:")) {
+          log.warn(
+            { ruleId: r.id, tool: r.tool },
+            "Stripping __internal: rule from trust file on load",
+          );
+          return false;
+        }
+        return true;
+      });
+
       if (
         data.version === TRUST_FILE_VERSION ||
         data.version === 1 ||
         data.version === 2
       ) {
-        rules = rawRules;
+        rules = sanitizedRules;
+        if (sanitizedRules.length < rawRules.length) {
+          needsSave = true;
+        }
         if (data.version !== TRUST_FILE_VERSION) {
           needsSave = true;
           log.info(
@@ -382,6 +411,8 @@ export function addRule(
     executionTarget?: string;
   },
 ): TrustRule {
+  if (tool.startsWith("__internal:"))
+    throw new Error(`Cannot create internal pseudo-rule via addRule: ${tool}`);
   // Re-read from disk to avoid lost updates if another call modified rules
   // between our last read and now (e.g. two rapid trust rule additions).
   cachedRules = null;
@@ -424,6 +455,10 @@ export function updateRule(
   const defaultIds = new Set(getDefaultRuleTemplates().map((t) => t.id));
   if (defaultIds.has(id))
     throw new Error(`Cannot modify default trust rule: ${id}`);
+  if (updates.tool?.startsWith("__internal:"))
+    throw new Error(
+      `Cannot update tool to internal pseudo-rule: ${updates.tool}`,
+    );
 
   // Re-read from disk to avoid lost updates from concurrent modifications.
   cachedRules = null;

package/src/playbooks/playbook-compiler.ts

@@ -1,7 +1,7 @@
 /**
  * Compile all active playbook memory items into a triage context block
  * that can be injected into the system prompt alongside the contact
- * graph and dynamic profile.
+ * graph.
  */
 
 import { and, desc, eq, isNull } from "drizzle-orm";

package/src/prompts/__tests__/build-cli-reference-section.test.ts

@@ -38,7 +38,9 @@ describe("buildCliReferenceSection", () => {
       "prefer real `assistant` CLI workflows over any legacy account-record abstraction",
     );
     expect(result).toContain("assistant credentials");
-    expect(result).toContain("assistant oauth token <service>");
+    expect(result).toContain(
+      "assistant oauth connections token <provider-key>",
+    );
     expect(result).toContain("assistant mcp auth <name>");
     expect(result).toContain("assistant platform status");
   });

package/src/prompts/system-prompt.ts

@@ -4,10 +4,10 @@ import { join } from "node:path";
 import { CLI_HELP_REFERENCE } from "../cli/reference.js";
 import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import { getBaseDataDir, getIsContainerized } from "../config/env-registry.js";
-import { getConfig, getNestedValue, loadRawConfig } from "../config/loader.js";
+import { getConfig } from "../config/loader.js";
 import { skillFlagKey } from "../config/skill-state.js";
 import { loadSkillCatalog, type SkillSummary } from "../config/skills.js";
-import { listCredentialMetadata } from "../tools/credentials/metadata-store.js";
+import { listConnections } from "../oauth/oauth-store.js";
 import { resolveBundledDir } from "../util/bundled-asset.js";
 import { getLogger } from "../util/logger.js";
 import {
@@ -283,7 +283,7 @@ function buildAttachmentSection(): string {
     "",
     'Example: `<vellum-attachment source="sandbox" path="scratch/chart.png" />`',
     "",
-    "Limits: up to 5 attachments per turn, 20 MB each. Tool outputs that produce image or file content blocks are also automatically converted into attachments.",
+    "Limits: 20 MB per attachment. Tool outputs that produce image or file content blocks are also automatically converted into attachments.",
     "",
     "### Inline Images and GIFs",
     "Embed images/GIFs inline using markdown: `![description](URL)`. Do NOT wrap in code fences.",
@@ -368,13 +368,11 @@ export function buildVoiceSetupRoutingSection(): string {
   return [
     "## Routing: Voice Setup & Troubleshooting",
     "",
-    "Voice features include push-to-talk (PTT), wake word detection, and text-to-speech.",
+    "Voice features include push-to-talk (PTT) and text-to-speech.",
     "",
     "### Quick changes — use `voice_config_update` directly",
     '- "Change my PTT key to ctrl" — call `voice_config_update` with `setting: "activation_key"`',
-    '- "Enable wake word" — call `voice_config_update` with `setting: "wake_word_enabled"`, `value: true`',
-    '- "Set my wake word to jarvis" — call `voice_config_update` with `setting: "wake_word_keyword"`',
-    '- "Set wake word timeout to 30 seconds" — call `voice_config_update` with `setting: "wake_word_timeout"`',
+    '- "Set conversation timeout to 30 seconds" — call `voice_config_update` with `setting: "conversation_timeout"`',
     "",
     "For simple setting changes, use the tool directly without loading the voice-setup skill.",
     "",
@@ -384,15 +382,14 @@ export function buildVoiceSetupRoutingSection(): string {
     "**Trigger phrases:**",
     '- "Help me set up voice"',
     '- "Set up push-to-talk"',
-    '- "Configure voice / PTT / wake word"',
+    '- "Configure voice / PTT"',
     '- "PTT isn\'t working" / "push-to-talk not working"',
     '- "Recording but no text"',
-    '- "Wake word not detecting"',
     '- "Microphone not working"',
     '- "Set up ElevenLabs" / "configure TTS"',
     "",
     "### Disambiguation",
-    "- Voice setup (this skill) = **local PTT, wake word, microphone permissions** on the Mac desktop app.",
+    "- Voice setup (this skill) = **local PTT, microphone permissions** on the Mac desktop app.",
     "- Phone calls skill = **Twilio-powered voice calls** over the phone network. Completely separate.",
     '- If the user says "voice" in the context of phone calls or Twilio, load `phone-calls` instead.',
   ].join("\n");
@@ -423,7 +420,7 @@ export function buildPhoneCallsRoutingSection(): string {
     "",
     "### Exclusivity rules",
     "- Do NOT improvise Twilio setup instructions from general knowledge — always load the skill first.",
-    "- Do NOT confuse with voice-setup (local PTT/wake word/microphone) or guardian-verify-setup (channel verification).",
+    "- Do NOT confuse with voice-setup (local PTT/microphone) or guardian-verify-setup (channel verification).",
     '- If the user says "voice" in the context of phone calls or Twilio, load phone-calls, not voice-setup.',
     "- For guardian voice verification specifically, load guardian-verify-setup instead.",
   ].join("\n");
@@ -630,42 +627,38 @@ function buildAccessPreferenceSection(hasNoClient: boolean): string {
           "",
           "### Foreground Computer Use — Last Resort",
           "",
-          "Foreground computer use (`computer_use_request_control`) takes over the user's cursor and",
-          "keyboard. It is disruptive and should be your LAST resort. Prefer this hierarchy:",
+          "Computer use tools (clicking, typing, scrolling) take over the user's cursor and keyboard.",
+          "They are disruptive and should be your LAST resort. Prefer this hierarchy:",
           "",
           "1. **CLI tools / osascript** — Use `host_bash` with shell commands or `osascript` with",
           "   AppleScript to accomplish tasks in the background without interrupting the user.",
           "2. **Background computer use** — If you must interact with a GUI app, prefer AppleScript",
           '   automation (e.g. `tell application "Safari" to set URL of current tab to ...`).',
-          "3. **Foreground computer use** — Only escalate via `computer_use_request_control` when",
-          "   the task genuinely cannot be done any other way (e.g. complex multi-step GUI interactions",
-          "   with no scripting support) or the user explicitly asks you to take control.",
+          "3. **Foreground computer use** — Only use computer use tools when the task genuinely",
+          "   cannot be done any other way (e.g. complex multi-step GUI interactions with no scripting",
+          "   support) or the user explicitly asks you to take control.",
         ]
       : []),
   ].join("\n");
 }
 
 function buildIntegrationSection(): string {
-  const allCreds = listCredentialMetadata();
-  // Show OAuth2-connected services (those with oauth2TokenUrl in metadata)
-  const oauthCreds = allCreds.filter(
-    (c) => c.oauth2TokenUrl && c.field === "access_token",
-  );
-  if (oauthCreds.length === 0) return "";
+  let connections: { providerKey: string; accountInfo?: string | null }[];
+  try {
+    connections = listConnections().filter((c) => c.status === "active");
+  } catch {
+    // DB not available — no connected services to show
+    return "";
+  }
+
+  if (connections.length === 0) return "";
 
-  const raw = loadRawConfig();
   const lines = ["## Connected Services", ""];
-  for (const cred of oauthCreds) {
-    const acctInfo = (getNestedValue(
-      raw,
-      `integrations.${cred.service}.accountInfo`,
-    ) ??
-      // Fallback: legacy config path used before the namespace migration
-      getNestedValue(raw, `integrations.accountInfo.${cred.service}`)) as
-      | string
-      | undefined;
-    const state = acctInfo ? `Connected (${acctInfo})` : "Connected";
-    lines.push(`- **${cred.service}**: ${state}`);
+  for (const conn of connections) {
+    const state = conn.accountInfo
+      ? `Connected (${conn.accountInfo})`
+      : "Connected";
+    lines.push(`- **${conn.providerKey}**: ${state}`);
   }
 
   return lines.join("\n");
@@ -697,7 +690,7 @@ function buildMemoryRecallSection(): string {
     "- The auto-injected memory context doesn't contain what you need",
     "- The user references something from a previous session",
     "",
-    "The tool searches across semantic, lexical, entity graph, and recency sources. Be specific in your query for best results.",
+    "The tool uses hybrid search (dense and sparse vectors) supplemented by recency. Be specific in your query for best results.",
   ].join("\n");
 }
 
@@ -852,10 +845,10 @@ export function buildCliReferenceSection(): string {
   return [
     "## Assistant CLI",
     "",
-    "The `assistant` CLI is installed on the user's machine and available via `bash`.",
+    "The `assistant` CLI is available in the sandbox. Always use the `bash` tool (never `host_bash`) when running `assistant` commands.",
     "For account and authentication work, prefer real `assistant` CLI workflows over any legacy account-record abstraction.",
     "- Use `assistant credentials ...` for stored secrets and credential metadata.",
-    "- Use `assistant oauth token <service>` for connected integration tokens.",
+    "- Use `assistant oauth connections token <provider-key>` for connected integration tokens.",
     "- Use `assistant mcp auth <name>` when an MCP server needs OAuth login.",
     "- Use `assistant platform status` for platform-linked deployment and auth context.",
     "- If a bundled skill documents a service-specific `assistant <service>` auth or session flow, follow that CLI exactly.",
@@ -967,6 +960,22 @@ function buildDynamicSkillWorkflowSection(
     );
   }
 
+  lines.push(
+    "",
+    "### Community Skills Discovery",
+    "",
+    "When no built-in skill satisfies a request, search the community skills.sh registry:",
+    "1. Run `assistant skills search <query>` to find community skills. Results include install counts and security audit badges (ATH, Socket, Snyk).",
+    "2. Present the search results to the user, highlighting the security audit status. ATH is Gen Agent Trust Hub. Audits show PASS (safe/low risk), WARN (medium risk), or FAIL (high/critical risk) for each provider.",
+    "3. Check the skill's **source owner** to determine the trust level:",
+    "   - **Vellum-owned** (source starts with `vellum-ai/`): These are first-party skills published by the Vellum team. Install them directly without prompting — they are vetted and trusted.",
+    "   - **Third-party** (any other owner): Ask the user for permission before installing. Say something like: \"I found a community skill that could help with this, but it's published by a third party — we haven't vetted it. Want to install it anyway?\" Share the skill name, source, audit results, and install count.",
+    "4. Install with `assistant skills add <owner>/<repo>@<skill-name>` (e.g., `assistant skills add vercel-labs/skills@find-skills`).",
+    "5. After installation, load the skill with `skill_load` as usual.",
+    "",
+    "**Never install third-party community skills without explicit user confirmation.** Vellum-owned skills (`vellum-ai/*`) can be installed automatically.",
+  );
+
   return lines.join("\n");
 }
 
@@ -1029,10 +1038,5 @@ function formatSkillsCatalog(skills: SkillSummary[]): string {
     "",
     lines.join("\n"),
     "",
-    "### Installing additional skills",
-    "If `skill_load` fails because a skill is not found, additional first-party skills may be available in the Vellum catalog.",
-    "Use `bash` to discover and install them:",
-    "- `assistant skills list` — list all available catalog skills",
-    "- `assistant skills install <skill-id>` — install a skill, then retry `skill_load`",
   ].join("\n");
 }

package/src/providers/anthropic/client.ts

@@ -84,8 +84,12 @@ function summarizeMessages(messages: Anthropic.MessageParam[]): string[] {
     const blockDescs = content.map((b) => {
       const bt = (b as { type: string }).type;
       if (bt === "tool_use") return `tool_use(${(b as { id: string }).id})`;
+      if (bt === "server_tool_use")
+        return `server_tool_use(${(b as { id: string }).id})`;
       if (bt === "tool_result")
         return `tool_result(${(b as { tool_use_id: string }).tool_use_id})`;
+      if (bt === "web_search_tool_result")
+        return `web_search_tool_result(${(b as { tool_use_id: string }).tool_use_id})`;
       return bt;
     });
     return `[${idx}] ${m.role}: ${blockDescs.join(", ") || "(empty)"}`;
@@ -103,16 +107,24 @@ function buildSyntheticToolResult(
   };
 }
 
+
+/**
+ * Collect ordered IDs of client-side tool_use blocks only.
+ * Server-side tools (server_tool_use / web_search_tool_result) are self-paired
+ * within the assistant message and do not need cross-message pairing.
+ */
 function getOrderedToolUseIds(
   content: Anthropic.ContentBlockParam[],
 ): string[] {
   const ids: string[] = [];
   const seen = new Set<string>();
   for (const block of content) {
-    if (!isToolUseBlock(block)) continue;
-    if (seen.has(block.id)) continue;
-    seen.add(block.id);
-    ids.push(block.id);
+    if (isToolUseBlock(block)) {
+      if (!seen.has(block.id)) {
+        seen.add(block.id);
+        ids.push(block.id);
+      }
+    }
   }
   return ids;
 }
@@ -124,19 +136,29 @@ function hasOrderedToolResultPrefix(
   if (content.length < orderedToolUseIds.length) return false;
   for (let idx = 0; idx < orderedToolUseIds.length; idx++) {
     const block = content[idx];
+    const expectedId = orderedToolUseIds[idx];
     if (!isToolResultBlock(block)) return false;
-    if (block.tool_use_id !== orderedToolUseIds[idx]) return false;
+    if (block.tool_use_id !== expectedId) return false;
   }
   return true;
 }
 
+/**
+ * Split an assistant message into:
+ * - pairedContent: everything up to and including client-side tool_use blocks
+ * - carryoverContent: trailing non-tool blocks after the last tool_use
+ *
+ * Server-side tools (server_tool_use / web_search_tool_result) are treated as
+ * regular content — they are self-paired within the assistant message and must
+ * not be separated by the cross-message pairing logic.
+ */
 function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
   pairedContent: Anthropic.ContentBlockParam[];
   carryoverContent: Anthropic.ContentBlockParam[];
   toolUseIds: string[];
 } {
   const leading: Anthropic.ContentBlockParam[] = [];
-  const toolUseBlocks: Anthropic.ToolUseBlockParam[] = [];
+  const toolUseBlocks: Anthropic.ContentBlockParam[] = [];
   const carryover: Anthropic.ContentBlockParam[] = [];
   let seenToolUse = false;
 
@@ -182,7 +204,7 @@ function normalizeFollowingUserContent(
   hadOrderedPrefix: boolean;
 } {
   const pendingIds = new Set(orderedToolUseIds);
-  const matchedById = new Map<string, Anthropic.ToolResultBlockParam>();
+  const matchedById = new Map<string, Anthropic.ContentBlockParam>();
   const remaining: Anthropic.ContentBlockParam[] = [];
 
   for (const block of nextContent) {
@@ -206,10 +228,7 @@ function normalizeFollowingUserContent(
     toolResultPrefix: orderedResults,
     remainingContent: remaining,
     missingIds,
-    hadOrderedPrefix: hasOrderedToolResultPrefix(
-      nextContent,
-      orderedToolUseIds,
-    ),
+    hadOrderedPrefix: hasOrderedToolResultPrefix(nextContent, orderedToolUseIds),
   };
 }
 
@@ -348,21 +367,23 @@ function ensureToolPairing(
     }
   }
 
-  // Self-validation: verify no tool_use/tool_result mismatches remain
+  // Self-validation: verify no client-side tool_use/tool_result mismatches remain.
+  // Server-side tools (server_tool_use / web_search_tool_result) are self-paired
+  // within assistant messages and are not validated here.
   for (let j = 0; j < result.length; j++) {
     const m = result[j];
     if (m.role !== "assistant") continue;
     const c = Array.isArray(m.content) ? m.content : [];
-    const ids = getOrderedToolUseIds(c);
-    if (ids.length === 0) continue;
+    const validationIds = getOrderedToolUseIds(c);
+    if (validationIds.length === 0) continue;
 
     const nxt = result[j + 1];
     const nxtContent =
       nxt && nxt.role === "user" && Array.isArray(nxt.content)
         ? nxt.content
         : [];
-    if (!hasOrderedToolResultPrefix(nxtContent, ids)) {
-      const unmatchedIds = ids.filter((id, idx) => {
+    if (!hasOrderedToolResultPrefix(nxtContent, validationIds)) {
+      const unmatchedIds = validationIds.filter((id, idx) => {
         const block = nxtContent[idx];
         return !(isToolResultBlock(block) && block.tool_use_id === id);
       });
@@ -659,10 +680,14 @@ export class AnthropicProvider implements Provider {
               onEvent?.({ type: "text_delta", text: " " });
             }
             hasSeenTextBlock = true;
-          } else if (event.type === "content_block_start") {
-            // Reset on non-text blocks so that text separated by tool_use
-            // (text -> tool_use -> text) doesn't get a spurious leading space
-            // in the second text segment.
+          } else if (
+            event.type === "content_block_start" &&
+            event.content_block.type === "tool_use"
+          ) {
+            // Reset only for client-side tool_use blocks, which create visual
+            // separators in the UI. Server-side tool blocks (server_tool_use,
+            // web_search_tool_result) are transparent in the text stream and
+            // need the space preserved between surrounding text blocks.
             hasSeenTextBlock = false;
           }
           if (
@@ -687,6 +712,20 @@ export class AnthropicProvider implements Provider {
               type: "server_tool_start",
               name: event.content_block.name,
               toolUseId: event.content_block.id,
+              input: (
+                event.content_block as { input?: Record<string, unknown> }
+              ).input ?? {},
+            });
+          }
+          if (
+            event.type === "content_block_start" &&
+            event.content_block.type === "web_search_tool_result"
+          ) {
+            onEvent?.({
+              type: "server_tool_complete",
+              toolUseId: (
+                event.content_block as { tool_use_id: string }
+              ).tool_use_id,
             });
           }
           if (event.type === "content_block_stop") {

package/src/providers/retry.ts

@@ -1,5 +1,5 @@
 import { ProviderError } from "../util/errors.js";
-import { getLogger, isDebug } from "../util/logger.js";
+import { getLogger } from "../util/logger.js";
 import {
   computeRetryDelay,
   DEFAULT_BASE_DELAY_MS,
@@ -96,43 +96,17 @@ export class RetryProvider implements Provider {
     options?: SendMessageOptions,
   ): Promise<ProviderResponse> {
     let lastError: unknown;
-    const debug = isDebug();
-
-    if (debug) {
-      log.debug(
-        {
-          provider: this.name,
-          messageCount: messages.length,
-          toolCount: tools?.length ?? 0,
-        },
-        "Provider sendMessage start",
-      );
-    }
 
     const normalizedOptions = normalizeSendMessageOptions(this.name, options);
 
     for (let attempt = 0; attempt <= DEFAULT_MAX_RETRIES; attempt++) {
       try {
-        const start = Date.now();
         const result = await this.inner.sendMessage(
           messages,
           tools,
           systemPrompt,
           normalizedOptions,
         );
-        if (debug) {
-          log.debug(
-            {
-              provider: this.name,
-              durationMs: Date.now() - start,
-              attempt: attempt + 1,
-              model: result.model,
-              inputTokens: result.usage.inputTokens,
-              outputTokens: result.usage.outputTokens,
-            },
-            "Provider sendMessage success",
-          );
-        }
         return result;
       } catch (error) {
         lastError = error;

package/src/providers/types.ts

@@ -117,7 +117,13 @@ export type ProviderEvent =
       toolUseId: string;
       accumulatedJson: string;
     }
-  | { type: "server_tool_start"; name: string; toolUseId: string };
+  | {
+      type: "server_tool_start";
+      name: string;
+      toolUseId: string;
+      input: Record<string, unknown>;
+    }
+  | { type: "server_tool_complete"; toolUseId: string };
 
 export interface SendMessageConfig {
   model?: string;

package/src/runtime/AGENTS.md

@@ -43,6 +43,15 @@ Host file allows the assistant to perform file operations (read, write, edit) on
   - `POST /v1/host-file-result` — `{ requestId, content, isError }`
 - **Tracking**: Uses the same `pending-interactions` tracker as approvals and host bash, with `kind: "host_file"`. The endpoint validates the interaction kind before resolving.
 
+### Host CU (desktop proxy computer-use execution)
+
+Host CU allows the assistant to proxy computer-use actions (screenshots, mouse/keyboard input) to the desktop host via the client, following the same pattern as host bash and host file.
+
+- **Discovery**: Clients discover pending host CU requests via SSE events (`host_cu_request`) which include a `requestId`.
+- **Resolution**: Clients execute the CU action on the host and respond via:
+  - `POST /v1/host-cu-result` — `{ requestId, axTree?, axDiff?, screenshot?, screenshotWidthPx?, screenshotHeightPx?, screenWidthPt?, screenHeightPt?, executionResult?, executionError?, secondaryWindows?, userGuidance? }`
+- **Tracking**: Uses the same `pending-interactions` tracker as the other host proxy types, with `kind: "host_cu"`. Registration happens in `conversation-routes.ts` and the route handler is in `host-cu-routes.ts`.
+
 ### Channel approvals (Telegram, Slack)
 
 Channel approval flows use `requestId` (not `runId`) as the primary identifier:

package/src/runtime/auth/route-policy.ts

@@ -347,6 +347,12 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "skills:DELETE", scopes: ["settings.write"] },
   { endpoint: "skills:PATCH", scopes: ["settings.write"] },
 
+  // Memory items
+  { endpoint: "memory-items:GET", scopes: ["settings.read"] },
+  { endpoint: "memory-items:POST", scopes: ["settings.write"] },
+  { endpoint: "memory-items:PATCH", scopes: ["settings.write"] },
+  { endpoint: "memory-items:DELETE", scopes: ["settings.write"] },
+
   // Trust rule CRUD management
   { endpoint: "trust-rules/manage:GET", scopes: ["settings.read"] },
   { endpoint: "trust-rules/manage:POST", scopes: ["settings.write"] },
@@ -358,9 +364,6 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "computer-use/sessions/abort", scopes: ["chat.write"] },
   { endpoint: "computer-use/observations", scopes: ["chat.write"] },
   { endpoint: "computer-use/tasks", scopes: ["chat.write"] },
-  { endpoint: "computer-use/ride-shotgun/start", scopes: ["chat.write"] },
-  { endpoint: "computer-use/ride-shotgun/stop", scopes: ["chat.write"] },
-  { endpoint: "computer-use/ride-shotgun/status", scopes: ["chat.write"] },
   { endpoint: "computer-use/watch", scopes: ["chat.write"] },
 
   // Recordings
@@ -381,9 +384,6 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   // Delivery ack
   { endpoint: "channels/delivery-ack", scopes: ["internal.write"] },
 
-  // MCP
-  { endpoint: "mcp/reload", scopes: ["settings.write"] },
-
   // Migrations
   { endpoint: "migrations/validate", scopes: ["settings.write"] },
   { endpoint: "migrations/export", scopes: ["settings.write"] },

package/src/runtime/channel-reply-delivery.ts

@@ -208,43 +208,3 @@ export async function deliverReplyViaCallback(
     break;
   }
 }
-
-/**
- * Deliver only the attachments from the last assistant message, skipping text.
- * Used when streaming already delivered the text content and only file
- * attachments remain to be sent via the normal delivery path.
- */
-export async function deliverAttachmentsOnly(
-  conversationId: string,
-  externalChatId: string,
-  callbackUrl: string,
-  bearerToken?: string,
-  assistantId?: string,
-): Promise<void> {
-  const msgs = getMessages(conversationId);
-  for (let i = msgs.length - 1; i >= 0; i--) {
-    if (msgs[i].role !== "assistant") continue;
-
-    const linked = attachmentsStore.getAttachmentMetadataForMessage(msgs[i].id);
-    if (linked.length === 0) return;
-
-    const replyAttachments: RuntimeAttachmentMetadata[] = linked.map((a) => ({
-      id: a.id,
-      filename: a.originalFilename,
-      mimeType: a.mimeType,
-      sizeBytes: a.sizeBytes,
-      kind: a.kind,
-    }));
-
-    await deliverChannelReply(
-      callbackUrl,
-      {
-        chatId: externalChatId,
-        attachments: replyAttachments,
-        assistantId,
-      },
-      bearerToken,
-    );
-    break;
-  }
-}

package/src/runtime/gateway-client.ts

@@ -31,8 +31,6 @@ export interface ChannelReplyPayload {
   ephemeral?: boolean;
   /** Slack user ID — required when `ephemeral` is true. */
   user?: string;
-  /** Telegram message_id for editing an existing message instead of sending a new one. */
-  messageId?: number;
   /** When provided, instructs the delivery endpoint to update an existing message instead of posting a new one. */
   messageTs?: string;
   /** When true, auto-generate Block Kit blocks from text via textToBlocks(). */
@@ -45,8 +43,6 @@ export interface ChannelDeliveryResult {
   ok: boolean;
   /** The message timestamp returned by the delivery endpoint (e.g. Slack message ts). */
   ts?: string;
-  /** The Telegram message_id returned when a new message was sent. */
-  messageId?: number;
 }
 
 interface ManagedOutboundCallbackContext {
@@ -100,9 +96,6 @@ export async function deliverChannelReply(
     if (typeof responseBody.ts === "string") {
       result.ts = responseBody.ts;
     }
-    if (typeof responseBody.messageId === "number") {
-      result.messageId = responseBody.messageId;
-    }
   } catch {
     // Response may not be JSON for non-Slack channels; that's fine.
   }