@vellumai/assistant 0.4.49 → 0.4.50

package/src/daemon/session-error.ts

@@ -12,6 +12,8 @@ export interface ClassifiedSessionError {
   userMessage: string;
   retryable: boolean;
   debugDetails?: string;
+  /** Machine-readable error category for log report metadata and triage. */
+  errorCategory: string;
 }
 
 // Network-level error patterns (connection refused, timeout, DNS, reset)
@@ -68,6 +70,21 @@ const PROVIDER_API_PATTERNS = [
   /gateway timeout/i,
 ];
 
+// Provider ordering error patterns (tool_use/tool_result mismatches)
+const ORDERING_ERROR_PATTERNS = [
+  /tool_result.*not immediately after.*tool_use/i,
+  /tool_use.*must have.*tool_result/i,
+  /tool_use_id.*without.*tool_result/i,
+  /tool_result.*tool_use_id.*not found/i,
+  /messages.*invalid.*order/i,
+];
+
+// Web-search-specific ordering error patterns
+const WEB_SEARCH_ORDERING_PATTERNS = [
+  /web_search.*tool_use.*without/i,
+  /web_search.*tool_result/i,
+];
+
 // User-initiated cancellation patterns — these should NOT produce session_error
 const CANCEL_PATTERNS = [/abort/i, /cancel/i];
 
@@ -131,6 +148,7 @@ export function classifySessionError(
       userMessage: `Could not regenerate the response. ${base.userMessage}`,
       retryable: true,
       debugDetails,
+      errorCategory: `regenerate:${base.errorCategory}`,
     };
   }
 
@@ -155,8 +173,10 @@ function classifyCore(
     if (error.statusCode === 413) {
       return {
         code: "CONTEXT_TOO_LARGE",
-        userMessage: "This conversation exceeds the model's context limit.",
+        userMessage:
+          "This conversation is too long. Please start a new thread.",
         retryable: false,
+        errorCategory: "context_too_large",
       };
     }
     if (error.statusCode === 401) {
@@ -164,13 +184,15 @@ function classifyCore(
         code: "PROVIDER_BILLING",
         userMessage: "Your API key is invalid or expired.",
         retryable: false,
+        errorCategory: "provider_billing",
       };
     }
     if (error.statusCode === 429) {
       return {
         code: "PROVIDER_RATE_LIMIT",
-        userMessage: "The AI provider is rate limiting requests.",
+        userMessage: "The AI provider is busy. Please try again in a moment.",
         retryable: true,
+        errorCategory: "rate_limit",
       };
     }
     if (error.statusCode >= 500) {
@@ -178,15 +200,35 @@ function classifyCore(
         code: "PROVIDER_API",
         userMessage: "The AI provider returned a server error.",
         retryable: true,
+        errorCategory: "provider_server_error",
       };
     }
-    // 4xx (non-429) — check for context-too-large before generic fallback
+    // 4xx (non-429) — check for context-too-large, ordering errors, then generic fallback
     if (error.statusCode >= 400) {
       if (isContextTooLarge(message)) {
         return {
           code: "CONTEXT_TOO_LARGE",
-          userMessage: "This conversation exceeds the model's context limit.",
+          userMessage:
+            "This conversation is too long. Please start a new thread.",
           retryable: false,
+          errorCategory: "context_too_large",
+        };
+      }
+      if (isWebSearchOrderingError(message)) {
+        return {
+          code: "PROVIDER_WEB_SEARCH",
+          userMessage:
+            "An internal error occurred with web search. Retrying...",
+          retryable: true,
+          errorCategory: "web_search_ordering",
+        };
+      }
+      if (isOrderingError(message)) {
+        return {
+          code: "PROVIDER_ORDERING",
+          userMessage: "An internal error occurred. Retrying...",
+          retryable: true,
+          errorCategory: "tool_ordering",
         };
       }
       if (/credit balance is too low|insufficient.*credits?/i.test(message)) {
@@ -194,6 +236,7 @@ function classifyCore(
           code: "PROVIDER_BILLING",
           userMessage: "Your API key has insufficient credits.",
           retryable: false,
+          errorCategory: "provider_billing",
         };
       }
       if (
@@ -205,12 +248,14 @@ function classifyCore(
           code: "PROVIDER_BILLING",
           userMessage: "Your API key is invalid.",
           retryable: false,
+          errorCategory: "provider_billing",
         };
       }
       return {
         code: "PROVIDER_API",
         userMessage: "The AI provider rejected the request.",
         retryable: true,
+        errorCategory: "provider_api_error",
       };
     }
   }
@@ -224,6 +269,16 @@ export function isContextTooLarge(message: string): boolean {
   return CONTEXT_TOO_LARGE_PATTERNS.some((p) => p.test(message));
 }
 
+/** Check whether an error message indicates a web-search-specific ordering failure. */
+export function isWebSearchOrderingError(message: string): boolean {
+  return WEB_SEARCH_ORDERING_PATTERNS.some((p) => p.test(message));
+}
+
+/** Check whether an error message indicates a tool_use/tool_result ordering failure. */
+export function isOrderingError(message: string): boolean {
+  return ORDERING_ERROR_PATTERNS.some((p) => p.test(message));
+}
+
 function classifyByMessage(
   message: string,
 ): Omit<ClassifiedSessionError, "debugDetails"> {
@@ -231,8 +286,9 @@ function classifyByMessage(
   if (isContextTooLarge(message)) {
     return {
       code: "CONTEXT_TOO_LARGE",
-      userMessage: "This conversation exceeds the model's context limit.",
+      userMessage: "This conversation is too long. Please start a new thread.",
       retryable: false,
+      errorCategory: "context_too_large",
     };
   }
 
@@ -241,12 +297,33 @@ function classifyByMessage(
     if (pattern.test(message)) {
       return {
         code: "PROVIDER_RATE_LIMIT",
-        userMessage: "The AI provider is rate limiting requests.",
+        userMessage: "The AI provider is busy. Please try again in a moment.",
         retryable: true,
+        errorCategory: "rate_limit",
       };
     }
   }
 
+  // Web-search ordering errors (before general ordering errors)
+  if (isWebSearchOrderingError(message)) {
+    return {
+      code: "PROVIDER_WEB_SEARCH",
+      userMessage: "An internal error occurred with web search. Retrying...",
+      retryable: true,
+      errorCategory: "web_search_ordering",
+    };
+  }
+
+  // General tool_use/tool_result ordering errors
+  if (isOrderingError(message)) {
+    return {
+      code: "PROVIDER_ORDERING",
+      userMessage: "An internal error occurred. Retrying...",
+      retryable: true,
+      errorCategory: "tool_ordering",
+    };
+  }
+
   // Network errors (before timeout so "connection timeout" is classified as network)
   for (const pattern of NETWORK_PATTERNS) {
     if (pattern.test(message)) {
@@ -254,6 +331,7 @@ function classifyByMessage(
         code: "PROVIDER_NETWORK",
         userMessage: "Could not connect to the AI provider.",
         retryable: true,
+        errorCategory: "provider_network",
       };
     }
   }
@@ -265,6 +343,7 @@ function classifyByMessage(
         code: "PROVIDER_API",
         userMessage: "The AI provider returned a server error.",
         retryable: true,
+        errorCategory: "provider_server_error",
       };
     }
   }
@@ -277,6 +356,7 @@ function classifyByMessage(
         code: "PROVIDER_API",
         userMessage: "The request to the AI provider timed out.",
         retryable: true,
+        errorCategory: "provider_timeout",
       };
     }
   }
@@ -288,6 +368,7 @@ function classifyByMessage(
         code: "SESSION_ABORTED",
         userMessage: "The request was interrupted.",
         retryable: true,
+        errorCategory: "session_aborted",
       };
     }
   }
@@ -308,6 +389,7 @@ function classifyByMessage(
     code: "SESSION_PROCESSING_FAILED",
     userMessage,
     retryable: false,
+    errorCategory: "processing_failed",
   };
 }
 
@@ -325,5 +407,6 @@ export function buildSessionErrorMessage(
     userMessage: classified.userMessage,
     retryable: classified.retryable,
     debugDetails: classified.debugDetails,
+    errorCategory: classified.errorCategory,
   };
 }

package/src/daemon/session-history.ts

@@ -21,6 +21,14 @@ const log = getLogger("session-history");
 
 // ── Helpers ──────────────────────────────────────────────────────────
 
+function isToolResultBlock(
+  block: ContentBlock | Record<string, unknown>,
+): boolean {
+  return (
+    block.type === "tool_result" || block.type === "web_search_tool_result"
+  );
+}
+
 function isUndoableUserMessage(message: Message): boolean {
   if (message.role !== "user") return false;
   if (getSummaryFromContextMessage(message) != null) return false;
@@ -30,7 +38,7 @@ function isUndoableUserMessage(message: Message): boolean {
   // (e.g. after repairHistory merges a tool_result turn with a user prompt) are still
   // undoable because they contain real user content.
   const hasNonToolResultContent = message.content.some(
-    (block) => block.type !== "tool_result",
+    (block) => !isToolResultBlock(block),
   );
   if (!hasNonToolResultContent) return false;
   return true;
@@ -143,7 +151,9 @@ export function consolidateAssistantMessages(
         const content = JSON.parse(msg.content);
         const isToolResultOnly =
           Array.isArray(content) &&
-          content.every((block) => block.type === "tool_result") &&
+          content.every((block: Record<string, unknown>) =>
+            isToolResultBlock(block),
+          ) &&
           content.length > 0;
         if (isToolResultOnly) {
           internalToolResultMessages.push(msg);
@@ -229,8 +239,8 @@ export function consolidateAssistantMessages(
     try {
       const content = JSON.parse(msg.content);
       if (Array.isArray(content)) {
-        const toolResultBlocks = content.filter(
-          (b: Record<string, unknown>) => b.type === "tool_result",
+        const toolResultBlocks = content.filter((b: Record<string, unknown>) =>
+          isToolResultBlock(b),
         );
         log.info(
           {
@@ -253,8 +263,8 @@ export function consolidateAssistantMessages(
   const toolUseBlocksInConsolidated = consolidatedContent.filter(
     (b) => b.type === "tool_use",
   ).length;
-  const toolResultBlocksInConsolidated = consolidatedContent.filter(
-    (b) => b.type === "tool_result",
+  const toolResultBlocksInConsolidated = consolidatedContent.filter((b) =>
+    isToolResultBlock(b),
   ).length;
   log.info(
     {
@@ -471,7 +481,7 @@ export async function regenerate(
       if (
         Array.isArray(parsed) &&
         parsed.length > 0 &&
-        parsed.every((b: Record<string, unknown>) => b.type === "tool_result")
+        parsed.every((b: Record<string, unknown>) => isToolResultBlock(b))
       ) {
         continue; // Skip tool_result-only user messages
       }

package/src/daemon/session-media-retry.ts

@@ -69,7 +69,7 @@ export function stripMediaPayloadsForRetry(messages: Message[]): {
       }
 
       if (
-        block.type === "tool_result" &&
+        block.type === "tool_result" && // guard:allow-tool-result-only — web_search_tool_result has no contentBlocks
         block.contentBlocks &&
         block.contentBlocks.length > 0
       ) {
@@ -143,7 +143,10 @@ function fileBlockToStub(
 function isToolResultOnlyMessage(message: Message): boolean {
   return (
     message.content.length > 0 &&
-    message.content.every((block) => block.type === "tool_result")
+    message.content.every(
+      (block) =>
+        block.type === "tool_result" || block.type === "web_search_tool_result",
+    )
   );
 }
 
@@ -158,6 +161,7 @@ export function countMediaBlocks(messages: Message[]): number {
       if (block.type === "image" || block.type === "file") {
         count++;
       } else if (block.type === "tool_result" && block.contentBlocks) {
+        // guard:allow-tool-result-only — web_search_tool_result has no contentBlocks
         for (const cb of block.contentBlocks) {
           if (cb.type === "image" || cb.type === "file") {
             count++;

package/src/daemon/session-memory.ts

@@ -1,30 +1,19 @@
 import { getConfig } from "../config/loader.js";
 import { estimatePromptTokens } from "../context/token-estimator.js";
-import { getMemoryConflictAndCleanupStats } from "../memory/admin.js";
-import { compileDynamicProfile } from "../memory/profile-compiler.js";
 import { buildMemoryQuery } from "../memory/query-builder.js";
 import { computeRecallBudget } from "../memory/retrieval-budget.js";
 import {
   buildMemoryRecall,
   injectMemoryRecallAsSeparateMessage,
-  injectMemoryRecallIntoUserMessage,
 } from "../memory/retriever.js";
 import type { ScopePolicyOverride } from "../memory/search/types.js";
 import type { Message } from "../providers/types.js";
 import type { Provider } from "../providers/types.js";
 import type { ServerMessage } from "./message-protocol.js";
-import type { ConflictGate } from "./session-conflict-gate.js";
-import { injectDynamicProfileIntoUserMessage } from "./session-dynamic-profile.js";
-
-export type RecallInjectionStrategy =
-  | "prepend_user_block"
-  | "separate_context_message";
 
 export interface MemoryRecallResult {
   runMessages: Message[];
   recall: Awaited<ReturnType<typeof buildMemoryRecall>>;
-  dynamicProfile: { text: string };
-  recallInjectionStrategy: RecallInjectionStrategy;
 }
 
 export interface MemoryPrepareContext {
@@ -32,12 +21,9 @@ export interface MemoryPrepareContext {
   messages: Message[];
   systemPrompt: string;
   provider: Provider;
-  conflictGate: ConflictGate;
   scopeId: string;
   includeDefaultFallback: boolean;
   trustClass: "guardian" | "trusted_contact" | "unknown";
-  /** When false (e.g. scheduled tasks), skip conflict gate evaluation. */
-  isInteractive?: boolean;
 }
 
 /**
@@ -48,14 +34,43 @@ function isToolResultOnlyUserTurn(message: Message | undefined): boolean {
   return (
     message?.role === "user" &&
     message.content.length > 0 &&
-    message.content.every((block) => block.type === "tool_result")
+    message.content.every(
+      (block) =>
+        block.type === "tool_result" || block.type === "web_search_tool_result",
+    )
   );
 }
 
 /**
- * Build memory recall, dynamic profile, and conflict gate evaluation
- * for a single agent loop turn. Returns the augmented run messages and
- * metadata for downstream event emission.
+ * Fast gate that determines whether the current turn warrants memory
+ * retrieval. Returns `false` for mechanical no-ops (empty content,
+ * tool-result-only) so the full memory pipeline can be skipped.
+ * Runs in microseconds — no external calls.
+ *
+ * Note: We intentionally avoid character-length heuristics here.
+ * Short messages like "What did I say?" or "My preferences?" are
+ * legitimate memory queries. Per AGENTS.md, judgement calls about
+ * message value should be routed through the daemon, not hardcoded.
+ */
+export function needsMemory(messages: Message[], content: string): boolean {
+  // Empty or whitespace-only content — mechanical validation, nothing to query
+  if (!content || content.trim().length === 0) return false;
+
+  // Tool-result-only turns (assistant tool loop)
+  const latestMessage = messages[messages.length - 1];
+  if (isToolResultOnlyUserTurn(latestMessage)) return false;
+
+  return true;
+}
+
+/**
+ * Build memory recall for a single agent loop turn using the V2 hybrid
+ * pipeline. Returns the augmented run messages and metadata for
+ * downstream event emission.
+ *
+ * The V2 pipeline always uses `separate_context_message` injection
+ * strategy (user + assistant ack pair). When injection text is empty,
+ * no synthetic messages are added.
  */
 export async function prepareMemoryContext(
   ctx: MemoryPrepareContext,
@@ -65,104 +80,42 @@ export async function prepareMemoryContext(
   onEvent: (msg: ServerMessage) => void,
 ): Promise<MemoryRecallResult> {
   // Provenance-based trust gating: untrusted actors skip all memory operations
-  // (recall, dynamic profile, conflict gate) to prevent untrusted content from
-  // influencing memory-augmented responses.
+  // to prevent untrusted content from influencing memory-augmented responses.
   const isTrustedActor = ctx.trustClass === "guardian";
 
+  // Build a no-op result that skips the entire memory pipeline.
+  const noopResult = (): MemoryRecallResult => ({
+    runMessages: ctx.messages,
+    recall: {
+      enabled: false,
+      degraded: false,
+      injectedText: "",
+      semanticHits: 0,
+      recencyHits: 0,
+      mergedCount: 0,
+      selectedCount: 0,
+      injectedTokens: 0,
+      latencyMs: 0,
+      topCandidates: [],
+      tier1Count: 0,
+      tier2Count: 0,
+    } as Awaited<ReturnType<typeof buildMemoryRecall>>,
+  });
+
   if (!isTrustedActor) {
-    return {
-      runMessages: ctx.messages,
-      recall: {
-        enabled: false,
-        degraded: false,
-        injectedText: "",
-        lexicalHits: 0,
-        semanticHits: 0,
-        recencyHits: 0,
-        entityHits: 0,
-        relationSeedEntityCount: 0,
-        relationTraversedEdgeCount: 0,
-        relationNeighborEntityCount: 0,
-        relationExpandedItemCount: 0,
-        earlyTerminated: false,
-        mergedCount: 0,
-        selectedCount: 0,
-        rerankApplied: false,
-        injectedTokens: 0,
-        latencyMs: 0,
-        topCandidates: [],
-      } as Awaited<ReturnType<typeof buildMemoryRecall>>,
-      dynamicProfile: { text: "" },
-      recallInjectionStrategy: "prepend_user_block",
-    };
+    return noopResult();
   }
 
-  // Internal tool-result turns (assistant tool loop) should not trigger
-  // memory retrieval/profile injection. Injecting memory here repeats the
-  // same long recall block on every tool step and dramatically inflates
-  // per-step prompt size/latency.
-  const latestMessage = ctx.messages[ctx.messages.length - 1];
-  if (isToolResultOnlyUserTurn(latestMessage)) {
-    return {
-      runMessages: ctx.messages,
-      recall: {
-        enabled: false,
-        degraded: false,
-        injectedText: "",
-        lexicalHits: 0,
-        semanticHits: 0,
-        recencyHits: 0,
-        entityHits: 0,
-        relationSeedEntityCount: 0,
-        relationTraversedEdgeCount: 0,
-        relationNeighborEntityCount: 0,
-        relationExpandedItemCount: 0,
-        earlyTerminated: false,
-        mergedCount: 0,
-        selectedCount: 0,
-        rerankApplied: false,
-        injectedTokens: 0,
-        latencyMs: 0,
-        topCandidates: [],
-      } as Awaited<ReturnType<typeof buildMemoryRecall>>,
-      dynamicProfile: { text: "" },
-      recallInjectionStrategy: "prepend_user_block",
-    };
+  // Gate: skip the entire memory pipeline for mechanical no-ops (empty
+  // content, tool-result-only turns).
+  if (!needsMemory(ctx.messages, content)) {
+    return noopResult();
   }
 
   const runtimeConfig = getConfig();
-  const memoryEnabled = runtimeConfig.memory?.enabled !== false;
 
-  // Conflict gate — evaluate for side effects (background resolution/dismissal)
-  // but do not return any user-facing payload. Non-interactive sessions skip
-  // entirely since there is no human context for conflict evaluation.
-  const isInteractive = ctx.isInteractive !== false;
-  const conflictConfig =
-    memoryEnabled && isInteractive
-      ? runtimeConfig.memory?.conflicts
-      : undefined;
-  if (conflictConfig) {
-    await ctx.conflictGate.evaluate(content, conflictConfig, ctx.scopeId);
-  }
-
-  // Dynamic profile
-  const profileConfig = memoryEnabled
-    ? runtimeConfig.memory?.profile
-    : undefined;
-  const dynamicProfile = profileConfig?.enabled
-    ? compileDynamicProfile({
-        scopeId: ctx.scopeId,
-        includeDefaultFallback: ctx.includeDefaultFallback,
-        maxInjectTokensOverride: profileConfig.maxInjectTokens,
-      })
-    : { text: "" };
-
-  // Memory recall
+  // Memory recall via the V2 hybrid pipeline
   const recallQuery = buildMemoryQuery(content, ctx.messages);
-  const recallInjectionStrategy: RecallInjectionStrategy =
-    (runtimeConfig.memory?.retrieval?.injectionStrategy as
-      | RecallInjectionStrategy
-      | undefined) ?? "prepend_user_block";
   const dynamicBudgetConfig = runtimeConfig.memory?.retrieval?.dynamicBudget;
   const recallBudget = dynamicBudgetConfig?.enabled
     ? computeRecallBudget({
@@ -196,8 +149,6 @@ export async function prepareMemoryContext(
       scopePolicyOverride,
     },
   );
-  const memoryStatus = getMemoryConflictAndCleanupStats();
-
   onEvent({
     type: "memory_status",
     enabled: recall.enabled,
@@ -212,32 +163,18 @@ export async function prepareMemoryContext(
     reason: recall.reason,
     provider: recall.provider,
     model: recall.model,
-    conflictsPending: memoryStatus.conflicts.pending,
-    conflictsResolved: memoryStatus.conflicts.resolved,
-    oldestPendingConflictAgeMs: memoryStatus.conflicts.oldestPendingAgeMs,
-    cleanupResolvedJobsPending: memoryStatus.cleanup.resolvedBacklog,
-    cleanupSupersededJobsPending: memoryStatus.cleanup.supersededBacklog,
-    cleanupResolvedJobsCompleted24h: memoryStatus.cleanup.resolvedCompleted24h,
-    cleanupSupersededJobsCompleted24h:
-      memoryStatus.cleanup.supersededCompleted24h,
   });
 
-  // Inject recall into messages
+  // Inject recall into messages using separate_context_message strategy.
+  // When injection text is empty, skip injection entirely (no synthetic messages).
   let runMessages = ctx.messages;
   if (recall.injectedText.length > 0) {
     const userTail = ctx.messages[ctx.messages.length - 1];
     if (userTail && userTail.role === "user") {
-      if (recallInjectionStrategy === "separate_context_message") {
-        runMessages = injectMemoryRecallAsSeparateMessage(
-          ctx.messages,
-          recall.injectedText,
-        );
-      } else {
-        runMessages = [
-          ...ctx.messages.slice(0, -1),
-          injectMemoryRecallIntoUserMessage(userTail, recall.injectedText),
-        ];
-      }
+      runMessages = injectMemoryRecallAsSeparateMessage(
+        ctx.messages,
+        recall.injectedText,
+      );
       onEvent({
         type: "memory_recalled",
         provider: recall.provider ?? "unknown",
@@ -249,18 +186,14 @@ export async function prepareMemoryContext(
               fallbackSources: [...recall.degradation.fallbackSources],
             }
           : undefined,
-        lexicalHits: recall.lexicalHits,
         semanticHits: recall.semanticHits,
         recencyHits: recall.recencyHits,
-        entityHits: recall.entityHits,
-        relationSeedEntityCount: recall.relationSeedEntityCount,
-        relationTraversedEdgeCount: recall.relationTraversedEdgeCount,
-        relationNeighborEntityCount: recall.relationNeighborEntityCount,
-        relationExpandedItemCount: recall.relationExpandedItemCount,
-        earlyTerminated: recall.earlyTerminated,
+        tier1Count: recall.tier1Count ?? 0,
+        tier2Count: recall.tier2Count ?? 0,
+        hybridSearchLatencyMs: recall.hybridSearchMs ?? 0,
+        sparseVectorUsed: recall.sparseVectorUsed ?? false,
         mergedCount: recall.mergedCount,
         selectedCount: recall.selectedCount,
-        rerankApplied: recall.rerankApplied,
         injectedTokens: recall.injectedTokens,
         latencyMs: recall.latencyMs,
         topCandidates: recall.topCandidates,
@@ -268,21 +201,8 @@ export async function prepareMemoryContext(
     }
   }
 
-  // Inject dynamic profile
-  if (dynamicProfile.text.length > 0) {
-    const userTail = runMessages[runMessages.length - 1];
-    if (userTail && userTail.role === "user") {
-      runMessages = [
-        ...runMessages.slice(0, -1),
-        injectDynamicProfileIntoUserMessage(userTail, dynamicProfile.text),
-      ];
-    }
-  }
-
   return {
     runMessages,
     recall,
-    dynamicProfile,
-    recallInjectionStrategy,
   };
 }

package/src/daemon/session-process.ts

@@ -92,6 +92,8 @@ export interface ProcessSessionContext {
   readonly usageStats: UsageStats;
   /** Request-scoped skill IDs preactivated via slash resolution. */
   preactivatedSkillIds?: string[];
+  /** Add a skill ID to the preactivated set without replacing existing entries. */
+  addPreactivatedSkillId(id: string): void;
   /** Assistant identity — used for scoping notification preferences. */
   readonly assistantId?: string;
   trustContext?: TrustContext;
@@ -140,7 +142,8 @@ export interface ProcessSessionContext {
       | "message_complete"
       | "generation_cancelled"
       | "error_terminal"
-      | "preview_start",
+      | "preview_start"
+      | "context_compacting",
     anchor?: "assistant_turn" | "user_turn" | "global",
     requestId?: string,
     statusText?: string,
@@ -224,6 +227,11 @@ export async function drainQueue(
   const next = session.queue.shift();
   if (!next) return;
 
+  // Reset per-turn preactivation so a prior iteration (e.g. an unknown-slash
+  // from a desktop source that skips runAgentLoop) can't leak CU preactivation
+  // into the next queued message.
+  session.preactivatedSkillIds = undefined;
+
   log.info(
     {
       conversationId: session.conversationId,
@@ -283,6 +291,7 @@ export async function drainQueue(
     const sourceInterface = interfaceCtx?.userMessageInterface;
     if (sourceInterface === "macos" || sourceInterface === "ios") {
       session.restoreProxyAvailability();
+      session.addPreactivatedSkillId("computer-use");
     }
   }