@vellumai/assistant 0.4.48 → 0.4.50

package/src/runtime/routes/conversation-routes.ts

@@ -17,6 +17,7 @@ import {
 import { getConfig } from "../../config/loader.js";
 import { renderHistoryContent } from "../../daemon/handlers/shared.js";
 import { HostBashProxy } from "../../daemon/host-bash-proxy.js";
+import { HostCuProxy } from "../../daemon/host-cu-proxy.js";
 import { HostFileProxy } from "../../daemon/host-file-proxy.js";
 import type { ServerMessage } from "../../daemon/message-protocol.js";
 import {
@@ -449,6 +450,12 @@ function makeHubPublisher(
         conversationId,
         kind: "host_file",
       });
+    } else if (msg.type === "host_cu_request") {
+      pendingInteractions.register(msg.requestId, {
+        session,
+        conversationId,
+        kind: "host_cu",
+      });
     }
 
     // ServerMessage is a large union; sessionId exists on most but not all variants.
@@ -640,9 +647,22 @@ export async function handleSendMessage(
       });
       session.setHostFileProxy(fileProxy);
     }
+    if (!session.isProcessing() || !session.hostCuProxy) {
+      const cuProxy = new HostCuProxy(onEvent, (requestId) => {
+        pendingInteractions.resolve(requestId);
+      });
+      session.setHostCuProxy(cuProxy);
+    }
+    // Only preactivate CU when the session is idle — if the session is
+    // processing, this message will be queued and preactivation is deferred
+    // to dequeue time in drainQueueImpl to avoid mutating in-flight turn state.
+    if (!session.isProcessing()) {
+      session.addPreactivatedSkillId("computer-use");
+    }
   } else if (!session.isProcessing()) {
     session.setHostBashProxy(undefined);
     session.setHostFileProxy(undefined);
+    session.setHostCuProxy(undefined);
   }
   // Wire sendToClient to the SSE hub so all subsystems can reach the HTTP client.
   // Called after setHostBashProxy so updateSender targets the current proxy.
@@ -679,7 +699,13 @@ export async function handleSendMessage(
       attachments,
       session,
       onEvent,
-      approvalConversationGenerator: deps.approvalConversationGenerator,
+      // Desktop path: disable NL classification to avoid consuming non-decision
+      // messages while a tool confirmation is pending. Deterministic code-prefix
+      // and callback parsing remain active. Mirrors session-process.ts behavior.
+      approvalConversationGenerator:
+        sourceChannel === "vellum"
+          ? undefined
+          : deps.approvalConversationGenerator,
       verifiedActorExternalUserId,
       verifiedActorPrincipalId,
     });
@@ -687,6 +713,7 @@ export async function handleSendMessage(
       return Response.json(
         {
           accepted: true,
+          conversationId: mapping.conversationId,
           ...(inlineReplyResult.messageId
             ? { messageId: inlineReplyResult.messageId }
             : {}),
@@ -751,7 +778,10 @@ export async function handleSendMessage(
       pendingInteractions.removeBySession(session);
     }
 
-    return Response.json({ accepted: true, queued: true }, { status: 202 });
+    return Response.json(
+      { accepted: true, queued: true, conversationId: mapping.conversationId },
+      { status: 202 },
+    );
   }
 
   // Session is idle — persist and fire agent loop immediately
@@ -782,6 +812,7 @@ export async function handleSendMessage(
 
   if (slashResult.kind === "unknown") {
     session.processing = true;
+    let cleanupDeferred = false;
     try {
       const provenance = provenanceFromTrustContext(session.trustContext);
       const channelMeta = {
@@ -818,26 +849,54 @@ export async function handleSendMessage(
         sourceInterface,
       );
 
-      // Emit fresh model info before the text delta so the client has
-      // up-to-date configuredProviders when rendering /model, /models,
-      // and provider shortcut commands (/gpt4, /opus, etc.).
-      if (isModelSlashCommand(rawContent) || isProviderShortcut(rawContent)) {
-        onEvent(buildModelInfoEvent());
-      }
-
-      onEvent({ type: "assistant_text_delta", text: slashResult.message });
-      onEvent({
-        type: "message_complete",
-        sessionId: mapping.conversationId,
-      });
+      // Snapshot model info now so the deferred callback cannot observe
+      // a config change from a concurrent request.
+      const modelInfoEvent =
+        isModelSlashCommand(rawContent) || isProviderShortcut(rawContent)
+          ? buildModelInfoEvent()
+          : null;
 
-      return Response.json(
-        { accepted: true, messageId: persisted.id },
+      const response = Response.json(
+        {
+          accepted: true,
+          messageId: persisted.id,
+          conversationId: mapping.conversationId,
+        },
         { status: 202 },
       );
+
+      // Defer event publishing to next tick so the HTTP response reaches the
+      // client first. This ensures the client's serverToLocalSessionMap is
+      // populated before SSE events arrive, preventing dropped events in new
+      // desktop threads.
+      //
+      // session.processing and drainQueue are also deferred so the current
+      // slash command's events are emitted before the next queued message
+      // starts processing.
+      const conversationId = mapping.conversationId;
+      const message = slashResult.message;
+      setTimeout(() => {
+        if (modelInfoEvent) {
+          onEvent(modelInfoEvent);
+        }
+        onEvent({ type: "assistant_text_delta", text: message });
+        onEvent({
+          type: "message_complete",
+          sessionId: conversationId,
+        });
+        session.processing = false;
+        session.drainQueue().catch(() => {});
+      }, 0);
+
+      cleanupDeferred = true;
+      return response;
     } finally {
-      session.processing = false;
-      session.drainQueue().catch(() => {});
+      // No-op for the slash-command early-return path (handled inside
+      // setTimeout above), but still needed for error paths.
+      if (!cleanupDeferred && session.processing) {
+        session.processing = false;
+        session.drainQueue().catch(() => {});
+      }
     }
   }
 
@@ -874,7 +933,10 @@ export async function handleSendMessage(
       );
     });
 
-  return Response.json({ accepted: true, messageId }, { status: 202 });
+  return Response.json(
+    { accepted: true, messageId, conversationId: mapping.conversationId },
+    { status: 202 },
+  );
 }
 
 async function generateLlmSuggestion(

package/src/runtime/routes/events-routes.ts

@@ -7,12 +7,17 @@
  * is called. The AuthContext is threaded through from the HTTP server
  * layer, so no additional actor-token verification is needed here.
  *
- * Subscribers receive all assistant events scoped to the given conversation.
+ * When `conversationKey` is provided, subscribers receive events scoped to
+ * that conversation. When omitted, subscribers receive events from ALL
+ * conversations for this assistant (unfiltered).
  */
 
 import { getOrCreateConversation } from "../../memory/conversation-key-store.js";
 import { formatSseFrame, formatSseHeartbeat } from "../assistant-event.js";
-import type { AssistantEventSubscription } from "../assistant-event-hub.js";
+import type {
+  AssistantEventFilter,
+  AssistantEventSubscription,
+} from "../assistant-event-hub.js";
 import {
   AssistantEventHub,
   assistantEventHub,
@@ -26,10 +31,12 @@ import type { RouteDefinition } from "../http-router.js";
 const DEFAULT_HEARTBEAT_INTERVAL_MS = 30_000;
 
 /**
- * Stream assistant events as Server-Sent Events for a specific conversation.
+ * Stream assistant events as Server-Sent Events.
  *
  * Query params:
- *   conversationKey -- required; scopes the stream to one conversation.
+ *   conversationKey -- optional; when provided, scopes the stream to one
+ *                      conversation. When omitted, the stream delivers events
+ *                      from ALL conversations for this assistant.
  *
  * Options (for testing):
  *   hub               -- override the event hub (defaults to process singleton).
@@ -56,15 +63,21 @@ export function handleSubscribeAssistantEvents(
   // scope and principal type requirements.
 
   const conversationKey = url.searchParams.get("conversationKey");
-  if (!conversationKey) {
-    return httpError("BAD_REQUEST", "conversationKey is required", 400);
+  if (url.searchParams.has("conversationKey") && !conversationKey?.trim()) {
+    return httpError("BAD_REQUEST", "conversationKey must not be empty", 400);
   }
 
   const hub = options?.hub ?? assistantEventHub;
   const heartbeatIntervalMs =
     options?.heartbeatIntervalMs ?? DEFAULT_HEARTBEAT_INTERVAL_MS;
 
-  const mapping = getOrCreateConversation(conversationKey);
+  const filter: AssistantEventFilter = {
+    assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
+  };
+  if (conversationKey) {
+    const mapping = getOrCreateConversation(conversationKey);
+    filter.sessionId = mapping.conversationId;
+  }
   const encoder = new TextEncoder();
 
   // -- Eager subscribe --------------------------------------------------------
@@ -90,10 +103,7 @@ export function handleSubscribeAssistantEvents(
 
   try {
     sub = hub.subscribe(
-      {
-        assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
-        sessionId: mapping.conversationId,
-      },
+      filter,
       (event) => {
         const controller = controllerRef;
         if (!controller) return;

package/src/runtime/routes/host-cu-routes.ts

@@ -0,0 +1,97 @@
+/**
+ * Route handler for host CU (computer-use) result submissions.
+ *
+ * Resolves pending host CU proxy requests by requestId when the desktop
+ * client returns observation results via HTTP.
+ */
+import { requireBoundGuardian } from "../auth/require-bound-guardian.js";
+import type { AuthContext } from "../auth/types.js";
+import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
+import * as pendingInteractions from "../pending-interactions.js";
+
+/**
+ * POST /v1/host-cu-result — resolve a pending host CU request by requestId.
+ * Requires AuthContext with guardian-bound actor.
+ */
+export async function handleHostCuResult(
+  req: Request,
+  authContext: AuthContext,
+): Promise<Response> {
+  const authError = requireBoundGuardian(authContext);
+  if (authError) return authError;
+
+  const body = (await req.json()) as {
+    requestId?: string;
+    axTree?: string;
+    axDiff?: string;
+    screenshot?: string;
+    screenshotWidthPx?: number;
+    screenshotHeightPx?: number;
+    screenWidthPt?: number;
+    screenHeightPt?: number;
+    executionResult?: string;
+    executionError?: string;
+    secondaryWindows?: string;
+    userGuidance?: string;
+  };
+
+  const { requestId } = body;
+
+  if (!requestId || typeof requestId !== "string") {
+    return httpError("BAD_REQUEST", "requestId is required", 400);
+  }
+
+  // Peek first (non-destructive) so we can validate the interaction kind
+  // without accidentally consuming a confirmation or secret interaction.
+  const peeked = pendingInteractions.get(requestId);
+  if (!peeked) {
+    return httpError(
+      "NOT_FOUND",
+      "No pending interaction found for this requestId",
+      404,
+    );
+  }
+
+  if (peeked.kind !== "host_cu") {
+    return httpError(
+      "CONFLICT",
+      `Pending interaction is of kind "${peeked.kind}", expected "host_cu"`,
+      409,
+    );
+  }
+
+  // Validation passed — consume the pending interaction.
+  const interaction = pendingInteractions.resolve(requestId)!;
+
+  interaction.session.resolveHostCu(requestId, {
+    axTree: body.axTree,
+    axDiff: body.axDiff,
+    screenshot: body.screenshot,
+    screenshotWidthPx: body.screenshotWidthPx,
+    screenshotHeightPx: body.screenshotHeightPx,
+    screenWidthPt: body.screenWidthPt,
+    screenHeightPt: body.screenHeightPt,
+    executionResult: body.executionResult,
+    executionError: body.executionError,
+    secondaryWindows: body.secondaryWindows,
+    userGuidance: body.userGuidance,
+  });
+
+  return Response.json({ accepted: true });
+}
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function hostCuRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "host-cu-result",
+      method: "POST",
+      handler: async ({ req, authContext }) =>
+        handleHostCuResult(req, authContext),
+    },
+  ];
+}

package/src/runtime/routes/inbound-stages/acl-enforcement.ts

@@ -334,7 +334,7 @@ export async function enforceIngressAcl(
                   dmCallbackUrl,
                   {
                     chatId: senderUserId,
-                    text: "I've notified the owner. They'll share a verification code with you if they approve access. You can reply with the code here.",
+                    text: "I've notified the owner that you'd like to chat with me. If they approve your request, they'll share a 6-digit verification code with you. You can reply with the code here.",
                     assistantId,
                   },
                   mintBearerToken(),
@@ -423,11 +423,12 @@ export async function enforceIngressAcl(
 
     if (resolvedMember) {
       if (resolvedMember.channel.status !== "active") {
+        const isBlockedMember = resolvedMember.channel.status === "blocked";
         // Same bypass logic as the no-member branch: verification codes and
-        // bootstrap commands must pass through even when the member record is
-        // revoked/blocked — otherwise the user can never re-verify.
+        // bootstrap commands must pass through for re-verifiable states
+        // (pending/revoked), but never for blocked members.
         let denyInactiveMember = true;
-        if (isGuardianVerifyCode) {
+        if (!isBlockedMember && isGuardianVerifyCode) {
           const hasPendingChallenge = !!getPendingSession(sourceChannel);
           const hasActiveOutboundSession = !!findActiveSession(sourceChannel);
           if (hasPendingChallenge || hasActiveOutboundSession) {
@@ -444,7 +445,7 @@ export async function enforceIngressAcl(
             );
           }
         }
-        if (isBootstrapCommand) {
+        if (!isBlockedMember && isBootstrapCommand) {
           const bootstrapPayload = (
             rawCommandIntentForAcl as Record<string, unknown>
           ).payload as string;
@@ -471,9 +472,11 @@ export async function enforceIngressAcl(
         }
 
         // ── Invite token intercept (inactive member) ──
-        // Same as the non-member branch: invite tokens can reactivate
-        // revoked/pending members without requiring guardian approval.
-        if (inviteToken && denyInactiveMember) {
+        // Invite tokens can reactivate revoked/pending members without
+        // requiring guardian approval, but blocked members are excluded so
+        // they are short-circuited at the ACL layer rather than entering the
+        // redemption path.
+        if (!isBlockedMember && inviteToken && denyInactiveMember) {
           const inviteResult = await handleInviteTokenIntercept({
             rawToken: inviteToken,
             sourceChannel,
@@ -496,9 +499,15 @@ export async function enforceIngressAcl(
         }
 
         // ── 6-digit invite code intercept (inactive member) ──
-        // Same as the non-member branch: codes can reactivate revoked/pending
-        // members. Non-matching codes fall through to normal processing.
-        if (denyInactiveMember && /^\d{6}$/.test(trimmedContent)) {
+        // Codes can reactivate revoked/pending members; non-matching codes
+        // fall through. Blocked members are excluded here for consistency —
+        // the redemption service would reject them anyway, but early exit
+        // avoids unnecessary work.
+        if (
+          !isBlockedMember &&
+          denyInactiveMember &&
+          /^\d{6}$/.test(trimmedContent)
+        ) {
           const codeInterceptResult = await handleInviteCodeIntercept({
             code: trimmedContent,
             sourceChannel,
@@ -579,7 +588,7 @@ export async function enforceIngressAcl(
                     dmCallbackUrl,
                     {
                       chatId: senderUserId,
-                      text: "I've notified the owner. They'll share a verification code with you if they approve access. You can reply with the code here.",
+                      text: "I've notified the owner that you'd like to chat with me. If they approve your request, they'll share a 6-digit verification code with you. You can reply with the code here.",
                       assistantId,
                     },
                     mintBearerToken(),

package/src/runtime/routes/inbound-stages/background-dispatch.ts

@@ -31,12 +31,8 @@ import type {
   ApprovalCopyGenerator,
   MessageProcessor,
 } from "../../http-types.js";
-import { TelegramStreamingDelivery } from "../../telegram-streaming-delivery.js";
 import { resolveRoutingState } from "../../trust-context-resolver.js";
-import {
-  deliverAttachmentsOnly,
-  deliverReplyViaCallback,
-} from "../channel-delivery-routes.js";
+import { deliverReplyViaCallback } from "../channel-delivery-routes.js";
 import { deliverGeneratedApprovalPrompt } from "../guardian-approval-prompt.js";
 
 const log = getLogger("runtime-http");
@@ -112,12 +108,6 @@ export function processChannelMessageInBackground(
   } = params;
 
   (async () => {
-    const boundGuardianActor = isBoundGuardianActor({
-      trustClass: trustCtx.trustClass,
-      guardianExternalUserId: trustCtx.guardianExternalUserId,
-      requesterExternalUserId: trustCtx.requesterExternalUserId,
-    });
-
     const typingCallbackUrl = shouldEmitTelegramTyping(
       sourceChannel,
       replyCallbackUrl,
@@ -181,16 +171,6 @@ export function processChannelMessageInBackground(
       }
     }
 
-    const telegramStreaming =
-      sourceChannel === "telegram" && replyCallbackUrl
-        ? new TelegramStreamingDelivery({
-            callbackUrl: replyCallbackUrl,
-            chatId: externalChatId,
-            mintBearerToken,
-            assistantId,
-          })
-        : undefined;
-
     try {
       const cmdIntent =
         commandIntent && typeof commandIntent.type === "string"
@@ -218,9 +198,6 @@ export function processChannelMessageInBackground(
           trustContext: trustCtx,
           isInteractive: resolveRoutingState(trustCtx).promptWaitingAllowed,
           ...(cmdIntent ? { commandIntent: cmdIntent } : {}),
-          ...(telegramStreaming
-            ? { onEvent: (msg) => telegramStreaming.onEvent(msg) }
-            : {}),
         },
         sourceChannel,
         sourceInterface,
@@ -228,94 +205,18 @@ export function processChannelMessageInBackground(
       deliveryCrud.linkMessage(eventId, userMessageId);
       deliveryStatus.markProcessed(eventId);
 
-      if (telegramStreaming) {
-        // Retrieve approval metadata from pending interactions (if any)
-        // so approval buttons can be attached to the final streamed message.
-        // Approval prompts are guardian-only and must never be attached for
-        // non-guardian or unverified actors.
-        const prompt = boundGuardianActor
-          ? getChannelApprovalPrompt(conversationId)
-          : undefined;
-        const pending = boundGuardianActor
-          ? getApprovalInfoByConversation(conversationId)
-          : [];
-        const approvalMeta =
-          prompt && pending.length > 0
-            ? buildApprovalUIMetadata(prompt, pending[0])
-            : undefined;
-        try {
-          await telegramStreaming.finish(approvalMeta);
-          deliveryChannels.updateDeliveredSegmentCount(eventId, 1);
-        } catch (err) {
-          log.error(
-            { err, conversationId },
-            "Telegram streaming finalization failed",
-          );
-          // Fallback: deliver approval as a standalone message so buttons
-          // are not permanently lost when finish() fails.
-          if (approvalMeta && replyCallbackUrl) {
-            try {
-              await deliverChannelReply(
-                replyCallbackUrl,
-                {
-                  chatId: externalChatId,
-                  text: approvalMeta.plainTextFallback ?? "Action needed:",
-                  approval: approvalMeta,
-                  assistantId,
-                },
-                mintBearerToken(),
-              );
-            } catch (fallbackErr) {
-              log.error(
-                { err: fallbackErr, conversationId },
-                "Fallback approval delivery also failed",
-              );
-            }
-          }
-        }
-      }
-
       if (replyCallbackUrl) {
-        // Streaming fully succeeded — only send attachments since text
-        // was already delivered via streaming edits.
-        const streamingFullyDelivered =
-          telegramStreaming?.hasDeliveredText &&
-          telegramStreaming.finishSucceeded;
-
-        if (streamingFullyDelivered) {
-          await deliverAttachmentsOnly(
-            conversationId,
-            externalChatId,
-            replyCallbackUrl,
-            mintBearerToken(),
-            assistantId,
-          );
-        } else {
-          // Non-streaming path, or streaming partially failed (some text
-          // was delivered but finish/finalization threw). In the partial
-          // failure case the user has a truncated message, so we deliver
-          // the full response to ensure nothing is lost.
-          if (
-            telegramStreaming?.hasDeliveredText &&
-            !telegramStreaming.finishSucceeded
-          ) {
-            log.warn(
-              { conversationId },
-              "Telegram streaming partially failed — falling back to full text delivery",
-            );
-          }
-          await deliverReplyViaCallback(
-            conversationId,
-            externalChatId,
-            replyCallbackUrl,
-            mintBearerToken(),
-            assistantId,
-            {
-              onSegmentDelivered: (count) =>
-                deliveryChannels.updateDeliveredSegmentCount(eventId, count),
-            },
-          );
-        }
+        await deliverReplyViaCallback(
+          conversationId,
+          externalChatId,
+          replyCallbackUrl,
+          mintBearerToken(),
+          assistantId,
+          {
+            onSegmentDelivered: (count) =>
+              deliveryChannels.updateDeliveredSegmentCount(eventId, count),
+          },
+        );
       }
     } catch (err) {
       log.error(

package/src/runtime/routes/integrations/slack/share.ts

@@ -12,7 +12,7 @@ import {
   userInfo,
 } from "../../../../messaging/providers/slack/client.js";
 import type { SlackConversation } from "../../../../messaging/providers/slack/types.js";
-import { credentialKey } from "../../../../security/credential-key.js";
+import { getConnectionByProvider } from "../../../../oauth/oauth-store.js";
 import { getSecureKey } from "../../../../security/secure-keys.js";
 import { getLogger } from "../../../../util/logger.js";
 import { httpError } from "../../../http-errors.js";
@@ -25,14 +25,13 @@ const log = getLogger("slack-share");
 // ---------------------------------------------------------------------------
 
 /**
- * Resolve the Slack bot token from secure storage.
- * Prefers the OAuth integration token, falls back to the legacy channel token.
+ * Resolve the Slack bot token from the OAuth connection store.
  */
 function resolveSlackToken(): string | undefined {
-  return (
-    getSecureKey(credentialKey("integration:slack", "access_token")) ??
-    getSecureKey(credentialKey("slack_channel", "bot_token"))
-  );
+  const conn = getConnectionByProvider("integration:slack");
+  return conn
+    ? getSecureKey(`oauth_connection/${conn.id}/access_token`)
+    : undefined;
 }
 
 // ---------------------------------------------------------------------------