@vellumai/assistant 0.4.49 → 0.4.51

package/src/providers/anthropic/client.ts

@@ -63,20 +63,6 @@ function isToolUseBlock(block: unknown): block is Anthropic.ToolUseBlockParam {
   );
 }
 
-/** Type-guard for server_tool_use blocks (e.g. native web search). */
-function isServerToolUseBlock(block: unknown): block is {
-  type: "server_tool_use";
-  id: string;
-  name: string;
-  input: unknown;
-} {
-  return (
-    typeof block === "object" &&
-    block != null &&
-    (block as { type: string }).type === "server_tool_use"
-  );
-}
-
 /** Type-guard for tool_result blocks in Anthropic-formatted content. */
 function isToolResultBlock(
   block: unknown,
@@ -88,19 +74,6 @@ function isToolResultBlock(
   );
 }
 
-/** Type-guard for web_search_tool_result blocks. */
-function isWebSearchToolResultBlock(block: unknown): block is {
-  type: "web_search_tool_result";
-  tool_use_id: string;
-  content: unknown;
-} {
-  return (
-    typeof block === "object" &&
-    block != null &&
-    (block as { type: string }).type === "web_search_tool_result"
-  );
-}
-
 /**
  * Build a short diagnostic summary of a message array for error logging.
  * Shows role + block types (with tool_use/tool_result IDs) for each message.
@@ -134,79 +107,55 @@ function buildSyntheticToolResult(
   };
 }
 
-function buildSyntheticWebSearchToolResult(
-  toolUseId: string,
-): Anthropic.ContentBlockParam {
-  return {
-    type: "web_search_tool_result",
-    tool_use_id: toolUseId,
-    content: {
-      type: "web_search_tool_result_error",
-      error_code: "unavailable",
-    },
-  } as unknown as Anthropic.ContentBlockParam;
-}
-
-/** Build the appropriate synthetic result block based on whether the ID is for a server tool or regular tool. */
-function buildSyntheticResult(
-  toolUseId: string,
-  serverToolIds: ReadonlySet<string>,
-): Anthropic.ContentBlockParam {
-  if (serverToolIds.has(toolUseId)) {
-    return buildSyntheticWebSearchToolResult(toolUseId);
-  }
-  return buildSyntheticToolResult(toolUseId);
-}
 
-function getOrderedToolUseIds(content: Anthropic.ContentBlockParam[]): {
-  ids: string[];
-  serverToolIds: Set<string>;
-} {
+/**
+ * Collect ordered IDs of client-side tool_use blocks only.
+ * Server-side tools (server_tool_use / web_search_tool_result) are self-paired
+ * within the assistant message and do not need cross-message pairing.
+ */
+function getOrderedToolUseIds(
+  content: Anthropic.ContentBlockParam[],
+): string[] {
   const ids: string[] = [];
   const seen = new Set<string>();
-  const serverToolIds = new Set<string>();
   for (const block of content) {
     if (isToolUseBlock(block)) {
       if (!seen.has(block.id)) {
         seen.add(block.id);
         ids.push(block.id);
       }
-    } else if (isServerToolUseBlock(block)) {
-      if (!seen.has(block.id)) {
-        seen.add(block.id);
-        ids.push(block.id);
-        serverToolIds.add(block.id);
-      }
     }
   }
-  return { ids, serverToolIds };
+  return ids;
 }
 
 function hasOrderedToolResultPrefix(
   content: Anthropic.ContentBlockParam[],
   orderedToolUseIds: string[],
-  serverToolIds: ReadonlySet<string>,
 ): boolean {
   if (content.length < orderedToolUseIds.length) return false;
   for (let idx = 0; idx < orderedToolUseIds.length; idx++) {
     const block = content[idx];
     const expectedId = orderedToolUseIds[idx];
-    if (serverToolIds.has(expectedId)) {
-      if (!isWebSearchToolResultBlock(block)) return false;
-      if (block.tool_use_id !== expectedId) return false;
-    } else {
-      if (!isToolResultBlock(block)) return false;
-      if (block.tool_use_id !== expectedId) return false;
-    }
+    if (!isToolResultBlock(block)) return false;
+    if (block.tool_use_id !== expectedId) return false;
   }
   return true;
 }
 
+/**
+ * Split an assistant message into:
+ * - pairedContent: everything up to and including client-side tool_use blocks
+ * - carryoverContent: trailing non-tool blocks after the last tool_use
+ *
+ * Server-side tools (server_tool_use / web_search_tool_result) are treated as
+ * regular content — they are self-paired within the assistant message and must
+ * not be separated by the cross-message pairing logic.
+ */
 function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
   pairedContent: Anthropic.ContentBlockParam[];
   carryoverContent: Anthropic.ContentBlockParam[];
   toolUseIds: string[];
-  serverToolIds: Set<string>;
 } {
   const leading: Anthropic.ContentBlockParam[] = [];
   const toolUseBlocks: Anthropic.ContentBlockParam[] = [];
@@ -214,7 +163,7 @@ function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
   let seenToolUse = false;
 
   for (const block of content) {
-    if (isToolUseBlock(block) || isServerToolUseBlock(block)) {
+    if (isToolUseBlock(block)) {
       seenToolUse = true;
       toolUseBlocks.push(block);
       continue;
@@ -231,7 +180,6 @@ function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
       pairedContent: content,
       carryoverContent: [],
       toolUseIds: [],
-      serverToolIds: new Set(),
     };
   }
 
@@ -239,19 +187,16 @@ function splitAssistantForToolPairing(content: Anthropic.ContentBlockParam[]): {
     ...leading,
     ...toolUseBlocks,
   ];
-  const { ids, serverToolIds } = getOrderedToolUseIds(pairedContent);
   return {
     pairedContent,
     carryoverContent: carryover,
-    toolUseIds: ids,
-    serverToolIds,
+    toolUseIds: getOrderedToolUseIds(pairedContent),
   };
 }
 
 function normalizeFollowingUserContent(
   nextContent: Anthropic.ContentBlockParam[],
   orderedToolUseIds: string[],
-  serverToolIds: ReadonlySet<string>,
 ): {
   toolResultPrefix: Anthropic.ContentBlockParam[];
   remainingContent: Anthropic.ContentBlockParam[];
@@ -266,41 +211,24 @@ function normalizeFollowingUserContent(
     if (
       isToolResultBlock(block) &&
       pendingIds.has(block.tool_use_id) &&
-      !matchedById.has(block.tool_use_id) &&
-      !serverToolIds.has(block.tool_use_id)
+      !matchedById.has(block.tool_use_id)
     ) {
       matchedById.set(block.tool_use_id, block);
       continue;
     }
-    if (
-      isWebSearchToolResultBlock(block) &&
-      pendingIds.has(block.tool_use_id) &&
-      !matchedById.has(block.tool_use_id) &&
-      serverToolIds.has(block.tool_use_id)
-    ) {
-      matchedById.set(
-        block.tool_use_id,
-        block as unknown as Anthropic.ContentBlockParam,
-      );
-      continue;
-    }
     remaining.push(block);
   }
 
   const missingIds = orderedToolUseIds.filter((id) => !matchedById.has(id));
   const orderedResults = orderedToolUseIds.map(
-    (id) => matchedById.get(id) ?? buildSyntheticResult(id, serverToolIds),
+    (id) => matchedById.get(id) ?? buildSyntheticToolResult(id),
   );
 
   return {
     toolResultPrefix: orderedResults,
     remainingContent: remaining,
     missingIds,
-    hadOrderedPrefix: hasOrderedToolResultPrefix(
-      nextContent,
-      orderedToolUseIds,
-      serverToolIds,
-    ),
+    hadOrderedPrefix: hasOrderedToolResultPrefix(nextContent, orderedToolUseIds),
   };
 }
 
@@ -328,7 +256,7 @@ function ensureToolPairing(
     }
 
     const content = Array.isArray(msg.content) ? msg.content : [];
-    const { pairedContent, carryoverContent, toolUseIds, serverToolIds } =
+    const { pairedContent, carryoverContent, toolUseIds } =
       splitAssistantForToolPairing(content);
 
     if (toolUseIds.length === 0) {
@@ -337,7 +265,7 @@ function ensureToolPairing(
       continue;
     }
 
-    // Assistant message — push the paired portion (pre-tool text + tool_use/server_tool_use blocks)
+    // Assistant message — push the paired portion (pre-tool text + tool_use blocks)
     result.push({
       role: "assistant" as const,
       content: pairedContent,
@@ -358,11 +286,7 @@ function ensureToolPairing(
     const next = messages[i + 1];
     if (next && next.role === "user") {
       const nextContent = Array.isArray(next.content) ? next.content : [];
-      const normalized = normalizeFollowingUserContent(
-        nextContent,
-        toolUseIds,
-        serverToolIds,
-      );
+      const normalized = normalizeFollowingUserContent(nextContent, toolUseIds);
       if (normalized.missingIds.length > 0) {
         log.warn(
           {
@@ -427,9 +351,7 @@ function ensureToolPairing(
       );
       result.push({
         role: "user" as const,
-        content: toolUseIds.map((id) =>
-          buildSyntheticResult(id, serverToolIds),
-        ),
+        content: toolUseIds.map((id) => buildSyntheticToolResult(id)),
       });
 
       // If the assistant contained collapsed post-tool text, preserve it as a
@@ -445,13 +367,14 @@ function ensureToolPairing(
     }
   }
 
-  // Self-validation: verify no tool_use/tool_result mismatches remain
+  // Self-validation: verify no client-side tool_use/tool_result mismatches remain.
+  // Server-side tools (server_tool_use / web_search_tool_result) are self-paired
+  // within assistant messages and are not validated here.
   for (let j = 0; j < result.length; j++) {
     const m = result[j];
     if (m.role !== "assistant") continue;
     const c = Array.isArray(m.content) ? m.content : [];
-    const { ids: validationIds, serverToolIds: validationServerToolIds } =
-      getOrderedToolUseIds(c);
+    const validationIds = getOrderedToolUseIds(c);
     if (validationIds.length === 0) continue;
 
     const nxt = result[j + 1];
@@ -459,20 +382,9 @@ function ensureToolPairing(
       nxt && nxt.role === "user" && Array.isArray(nxt.content)
         ? nxt.content
         : [];
-    if (
-      !hasOrderedToolResultPrefix(
-        nxtContent,
-        validationIds,
-        validationServerToolIds,
-      )
-    ) {
+    if (!hasOrderedToolResultPrefix(nxtContent, validationIds)) {
       const unmatchedIds = validationIds.filter((id, idx) => {
         const block = nxtContent[idx];
-        if (validationServerToolIds.has(id)) {
-          return !(
-            isWebSearchToolResultBlock(block) && block.tool_use_id === id
-          );
-        }
         return !(isToolResultBlock(block) && block.tool_use_id === id);
       });
       log.error(
@@ -768,10 +680,14 @@ export class AnthropicProvider implements Provider {
               onEvent?.({ type: "text_delta", text: " " });
             }
             hasSeenTextBlock = true;
-          } else if (event.type === "content_block_start") {
-            // Reset on non-text blocks so that text separated by tool_use
-            // (text -> tool_use -> text) doesn't get a spurious leading space
-            // in the second text segment.
+          } else if (
+            event.type === "content_block_start" &&
+            event.content_block.type === "tool_use"
+          ) {
+            // Reset only for client-side tool_use blocks, which create visual
+            // separators in the UI. Server-side tool blocks (server_tool_use,
+            // web_search_tool_result) are transparent in the text stream and
+            // need the space preserved between surrounding text blocks.
             hasSeenTextBlock = false;
           }
           if (
@@ -796,6 +712,20 @@ export class AnthropicProvider implements Provider {
               type: "server_tool_start",
               name: event.content_block.name,
               toolUseId: event.content_block.id,
+              input: (
+                event.content_block as { input?: Record<string, unknown> }
+              ).input ?? {},
+            });
+          }
+          if (
+            event.type === "content_block_start" &&
+            event.content_block.type === "web_search_tool_result"
+          ) {
+            onEvent?.({
+              type: "server_tool_complete",
+              toolUseId: (
+                event.content_block as { tool_use_id: string }
+              ).tool_use_id,
             });
           }
           if (event.type === "content_block_stop") {

package/src/providers/types.ts

@@ -117,7 +117,13 @@ export type ProviderEvent =
       toolUseId: string;
       accumulatedJson: string;
     }
-  | { type: "server_tool_start"; name: string; toolUseId: string };
+  | {
+      type: "server_tool_start";
+      name: string;
+      toolUseId: string;
+      input: Record<string, unknown>;
+    }
+  | { type: "server_tool_complete"; toolUseId: string };
 
 export interface SendMessageConfig {
   model?: string;

package/src/runtime/AGENTS.md

@@ -43,6 +43,15 @@ Host file allows the assistant to perform file operations (read, write, edit) on
   - `POST /v1/host-file-result` — `{ requestId, content, isError }`
 - **Tracking**: Uses the same `pending-interactions` tracker as approvals and host bash, with `kind: "host_file"`. The endpoint validates the interaction kind before resolving.
 
+### Host CU (desktop proxy computer-use execution)
+
+Host CU allows the assistant to proxy computer-use actions (screenshots, mouse/keyboard input) to the desktop host via the client, following the same pattern as host bash and host file.
+
+- **Discovery**: Clients discover pending host CU requests via SSE events (`host_cu_request`) which include a `requestId`.
+- **Resolution**: Clients execute the CU action on the host and respond via:
+  - `POST /v1/host-cu-result` — `{ requestId, axTree?, axDiff?, screenshot?, screenshotWidthPx?, screenshotHeightPx?, screenWidthPt?, screenHeightPt?, executionResult?, executionError?, secondaryWindows?, userGuidance? }`
+- **Tracking**: Uses the same `pending-interactions` tracker as the other host proxy types, with `kind: "host_cu"`. Registration happens in `conversation-routes.ts` and the route handler is in `host-cu-routes.ts`.
+
 ### Channel approvals (Telegram, Slack)
 
 Channel approval flows use `requestId` (not `runId`) as the primary identifier:

package/src/runtime/auth/route-policy.ts

@@ -347,6 +347,12 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "skills:DELETE", scopes: ["settings.write"] },
   { endpoint: "skills:PATCH", scopes: ["settings.write"] },
 
+  // Memory items
+  { endpoint: "memory-items:GET", scopes: ["settings.read"] },
+  { endpoint: "memory-items:POST", scopes: ["settings.write"] },
+  { endpoint: "memory-items:PATCH", scopes: ["settings.write"] },
+  { endpoint: "memory-items:DELETE", scopes: ["settings.write"] },
+
   // Trust rule CRUD management
   { endpoint: "trust-rules/manage:GET", scopes: ["settings.read"] },
   { endpoint: "trust-rules/manage:POST", scopes: ["settings.write"] },
@@ -378,9 +384,6 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   // Delivery ack
   { endpoint: "channels/delivery-ack", scopes: ["internal.write"] },
 
-  // MCP
-  { endpoint: "mcp/reload", scopes: ["settings.write"] },
-
   // Migrations
   { endpoint: "migrations/validate", scopes: ["settings.write"] },
   { endpoint: "migrations/export", scopes: ["settings.write"] },

package/src/runtime/channel-readiness-service.ts

@@ -4,7 +4,7 @@ import { getChannelInvitePolicy } from "../channels/config.js";
 import { loadRawConfig } from "../config/loader.js";
 import { getEmailService } from "../email/service.js";
 import { credentialKey } from "../security/credential-key.js";
-import { getSecureKey } from "../security/secure-keys.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { resolveWhatsAppDisplayNumber } from "./channel-invite-transports/whatsapp.js";
 import type {
   ChannelId,
@@ -46,13 +46,13 @@ function check(
 }
 
 /** Check that a secure credential key exists. */
-function checkCredential(
+async function checkCredential(
   name: string,
   service: string,
   field: string,
   label: string,
-): ReadinessCheckResult {
-  const exists = !!getSecureKey(credentialKey(service, field));
+): Promise<ReadinessCheckResult> {
+  const exists = !!(await getSecureKeyAsync(credentialKey(service, field)));
   return check(
     name,
     exists,
@@ -77,7 +77,7 @@ function checkIngress(): ReadinessCheckResult {
 const voiceProbe: ChannelProbe = {
   channel: "phone",
   async runLocalChecks(): Promise<ReadinessCheckResult[]> {
-    const hasCreds = hasTwilioCredentials();
+    const hasCreds = await hasTwilioCredentials();
     const hasPhone = !!resolveTwilioPhoneNumber();
     const ingress = checkIngress();
 
@@ -117,26 +117,33 @@ const voiceProbe: ChannelProbe = {
 
 const telegramProbe: ChannelProbe = {
   channel: "telegram",
-  runLocalChecks: () => [
-    checkCredential("bot_token", "telegram", "bot_token", "Telegram bot token"),
-    checkCredential(
-      "webhook_secret",
-      "telegram",
-      "webhook_secret",
-      "Telegram webhook secret",
-    ),
-    checkIngress(),
-  ],
+  async runLocalChecks(): Promise<ReadinessCheckResult[]> {
+    return [
+      await checkCredential(
+        "bot_token",
+        "telegram",
+        "bot_token",
+        "Telegram bot token",
+      ),
+      await checkCredential(
+        "webhook_secret",
+        "telegram",
+        "webhook_secret",
+        "Telegram webhook secret",
+      ),
+      checkIngress(),
+    ];
+  },
 };
 
 // ── Email Probe ─────────────────────────────────────────────────────────────
 
 const emailProbe: ChannelProbe = {
   channel: "email",
-  runLocalChecks(): ReadinessCheckResult[] {
+  async runLocalChecks(): Promise<ReadinessCheckResult[]> {
     const hasApiKey = !!(
-      getSecureKey("agentmail") ||
-      getSecureKey(credentialKey("agentmail", "api_key"))
+      (await getSecureKeyAsync("agentmail")) ||
+      (await getSecureKeyAsync(credentialKey("agentmail", "api_key")))
     );
     const invitePolicy = getChannelInvitePolicy("email");
     return [
@@ -155,12 +162,11 @@ const emailProbe: ChannelProbe = {
       checkIngress(),
     ];
   },
-  // runRemoteChecks UNCHANGED — keep the existing inbox_configured check as-is
   async runRemoteChecks(): Promise<ReadinessCheckResult[]> {
     // Only worth checking if the API key is present
     const hasApiKey = !!(
-      getSecureKey("agentmail") ||
-      getSecureKey(credentialKey("agentmail", "api_key"))
+      (await getSecureKeyAsync("agentmail")) ||
+      (await getSecureKeyAsync(credentialKey("agentmail", "api_key")))
     );
     if (!hasApiKey) return [];
 
@@ -193,29 +199,29 @@ const emailProbe: ChannelProbe = {
 
 const whatsappProbe: ChannelProbe = {
   channel: "whatsapp",
-  runLocalChecks(): ReadinessCheckResult[] {
+  async runLocalChecks(): Promise<ReadinessCheckResult[]> {
     const displayNumber = resolveWhatsAppDisplayNumber();
     const invitePolicy = getChannelInvitePolicy("whatsapp");
     return [
-      checkCredential(
+      await checkCredential(
         "whatsapp_phone_number_id",
         "whatsapp",
         "phone_number_id",
         "WhatsApp phone number ID",
       ),
-      checkCredential(
+      await checkCredential(
         "whatsapp_access_token",
         "whatsapp",
         "access_token",
         "WhatsApp access token",
       ),
-      checkCredential(
+      await checkCredential(
         "whatsapp_app_secret",
         "whatsapp",
         "app_secret",
         "WhatsApp app secret",
       ),
-      checkCredential(
+      await checkCredential(
         "whatsapp_webhook_verify_token",
         "whatsapp",
         "webhook_verify_token",
@@ -242,20 +248,22 @@ const whatsappProbe: ChannelProbe = {
 
 const slackProbe: ChannelProbe = {
   channel: "slack",
-  runLocalChecks: () => [
-    checkCredential(
-      "bot_token",
-      "slack_channel",
-      "bot_token",
-      "Slack bot token",
-    ),
-    checkCredential(
-      "app_token",
-      "slack_channel",
-      "app_token",
-      "Slack app token",
-    ),
-  ],
+  async runLocalChecks(): Promise<ReadinessCheckResult[]> {
+    return [
+      await checkCredential(
+        "bot_token",
+        "slack_channel",
+        "bot_token",
+        "Slack bot token",
+      ),
+      await checkCredential(
+        "app_token",
+        "slack_channel",
+        "app_token",
+        "Slack app token",
+      ),
+    ];
+  },
 };
 
 // ── Service ─────────────────────────────────────────────────────────────────

package/src/runtime/guardian-reply-router.ts

@@ -30,6 +30,7 @@ import {
   type CanonicalGuardianRequest,
   getCanonicalGuardianRequest,
   getCanonicalGuardianRequestByCode,
+  isRequestExpired,
   listCanonicalGuardianRequests,
 } from "../memory/canonical-guardian-store.js";
 import {
@@ -198,49 +199,50 @@ function findPendingCanonicalRequests(
   pendingRequestIds?: string[],
   conversationId?: string,
 ): CanonicalGuardianRequest[] {
+  let results: CanonicalGuardianRequest[];
+
   // When explicit IDs are provided, look them up directly
   if (pendingRequestIds) {
     if (pendingRequestIds.length === 0) {
       return [];
     }
-    return pendingRequestIds
+    results = pendingRequestIds
       .map(getCanonicalGuardianRequest)
       .filter((r): r is CanonicalGuardianRequest => r?.status === "pending");
-  }
-
-  // Query by guardian identity when available
-  if (actor.actorExternalUserId) {
-    return listCanonicalGuardianRequests({
+  } else if (actor.actorExternalUserId) {
+    // Query by guardian identity when available
+    results = listCanonicalGuardianRequests({
       status: "pending",
       guardianExternalUserId: actor.actorExternalUserId,
     });
-  }
-
-  // Actors without an actorExternalUserId: scope by conversationId so the NL
-  // path can discover pending requests bound to this conversation.
-  // Include guardianPrincipalId filter when available so the guardian only
-  // sees requests they are authorized to act on.
-  if (conversationId) {
-    return listCanonicalGuardianRequests({
+  } else if (conversationId) {
+    // Actors without an actorExternalUserId: scope by conversationId so the NL
+    // path can discover pending requests bound to this conversation.
+    // Include guardianPrincipalId filter when available so the guardian only
+    // sees requests they are authorized to act on.
+    results = listCanonicalGuardianRequests({
       status: "pending",
       conversationId,
       ...(actor.guardianPrincipalId
         ? { guardianPrincipalId: actor.guardianPrincipalId }
         : {}),
     });
-  }
-
-  // Actors with a guardianPrincipalId but no actorExternalUserId or
-  // conversationId: query by principal so desktop sessions can still
-  // discover pending guardian work via their bound principal.
-  if (actor.guardianPrincipalId) {
-    return listCanonicalGuardianRequests({
+  } else if (actor.guardianPrincipalId) {
+    // Actors with a guardianPrincipalId but no actorExternalUserId or
+    // conversationId: query by principal so desktop sessions can still
+    // discover pending guardian work via their bound principal.
+    results = listCanonicalGuardianRequests({
       status: "pending",
       guardianPrincipalId: actor.guardianPrincipalId,
     });
+  } else {
+    return [];
   }
 
-  return [];
+  // Exclude requests that have passed their expiresAt deadline — they can
+  // no longer be resolved and should not trigger disambiguation or NL
+  // classification.
+  return results.filter((r) => !isRequestExpired(r));
 }
 
 /** Map an approval action string to the NL engine's allowed actions for guardians. */

package/src/runtime/http-server.ts

@@ -135,7 +135,7 @@ import { telegramRouteDefinitions } from "./routes/integrations/telegram.js";
 import { twilioRouteDefinitions } from "./routes/integrations/twilio.js";
 import { inviteRouteDefinitions } from "./routes/invite-routes.js";
 import { logExportRouteDefinitions } from "./routes/log-export-routes.js";
-import { mcpRouteDefinitions } from "./routes/mcp-routes.js";
+import { memoryItemRouteDefinitions } from "./routes/memory-item-routes.js";
 import { migrationRouteDefinitions } from "./routes/migration-routes.js";
 import type { PairingHandlerContext } from "./routes/pairing-routes.js";
 import {
@@ -723,9 +723,9 @@ export class RuntimeHttpServer {
       ...secretRouteDefinitions(),
       ...identityRouteDefinitions(),
       ...debugRouteDefinitions(),
-      ...mcpRouteDefinitions(),
       ...usageRouteDefinitions(),
       ...workspaceRouteDefinitions(),
+      ...memoryItemRouteDefinitions(),
       ...settingsRouteDefinitions(),
       ...scheduleRouteDefinitions({
         sendMessageDeps: this.sendMessageDeps,

package/src/runtime/http-types.ts

@@ -231,6 +231,8 @@ export interface RuntimeAttachmentMetadata {
   mimeType: string;
   sizeBytes: number;
   kind: string;
+  data?: string;
+  thumbnailData?: string;
 }
 
 export interface RuntimeMessagePayload {