npm - @vellumai/assistant - Versions diffs - 0.4.52 → 0.4.54 - Mend

@vellumai/assistant 0.4.52 → 0.4.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (380) hide show

package/ARCHITECTURE.md +2 -2
package/bun.lock +62 -349
package/docs/architecture/integrations.md +1 -1
package/docs/architecture/keychain-broker.md +91 -40
package/docs/architecture/memory.md +3 -3
package/docs/architecture/security.md +2 -2
package/knip.json +7 -29
package/package.json +2 -9
package/src/__tests__/agent-loop.test.ts +1 -1
package/src/__tests__/app-git-history.test.ts +0 -2
package/src/__tests__/app-git-service.test.ts +1 -6
package/src/__tests__/approval-cascade.test.ts +3 -2
package/src/__tests__/approval-routes-http.test.ts +0 -1
package/src/__tests__/asset-materialize-tool.test.ts +0 -1
package/src/__tests__/asset-search-tool.test.ts +0 -1
package/src/__tests__/assistant-events-sse-hardening.test.ts +0 -1
package/src/__tests__/attachments-store.test.ts +0 -1
package/src/__tests__/avatar-e2e.test.ts +5 -1
package/src/__tests__/browser-fill-credential.test.ts +4 -6
package/src/__tests__/btw-routes.test.ts +39 -0
package/src/__tests__/call-controller.test.ts +0 -1
package/src/__tests__/call-domain.test.ts +1 -1
package/src/__tests__/call-routes-http.test.ts +1 -3
package/src/__tests__/canonical-guardian-store.test.ts +33 -2
package/src/__tests__/channel-guardian.test.ts +4 -4
package/src/__tests__/channel-readiness-routes.test.ts +0 -1
package/src/__tests__/channel-readiness-service.test.ts +1 -1
package/src/__tests__/checker.test.ts +13 -11
package/src/__tests__/claude-code-skill-regression.test.ts +5 -2
package/src/__tests__/claude-code-tool-profiles.test.ts +7 -3
package/src/__tests__/config-loader-backfill.test.ts +1 -5
package/src/__tests__/config-schema.test.ts +9 -46
package/src/__tests__/config-watcher.test.ts +11 -3
package/src/__tests__/conversation-routes-slash-commands.test.ts +0 -1
package/src/__tests__/credential-broker-browser-fill.test.ts +27 -24
package/src/__tests__/credential-broker-server-use.test.ts +76 -40
package/src/__tests__/credential-security-e2e.test.ts +1 -6
package/src/__tests__/credential-security-invariants.test.ts +27 -8
package/src/__tests__/credential-vault-unit.test.ts +32 -16
package/src/__tests__/credential-vault.test.ts +40 -28
package/src/__tests__/credentials-cli.test.ts +1 -21
package/src/__tests__/email-invite-adapter.test.ts +0 -1
package/src/__tests__/error-handler-friendly-messages.test.ts +4 -5
package/src/__tests__/fixtures/credential-security-fixtures.ts +3 -3
package/src/__tests__/fixtures/media-reuse-fixtures.ts +3 -79
package/src/__tests__/gateway-only-enforcement.test.ts +1 -23
package/src/__tests__/guardian-action-conversation-turn.test.ts +8 -8
package/src/__tests__/guardian-action-late-reply.test.ts +13 -14
package/src/__tests__/guardian-action-store.test.ts +0 -57
package/src/__tests__/guardian-outbound-http.test.ts +1 -1
package/src/__tests__/guardian-verification-voice-binding.test.ts +1 -3
package/src/__tests__/hooks-blocking.test.ts +1 -1
package/src/__tests__/hooks-config.test.ts +5 -29
package/src/__tests__/hooks-discovery.test.ts +1 -1
package/src/__tests__/hooks-integration.test.ts +1 -1
package/src/__tests__/hooks-manager.test.ts +1 -1
package/src/__tests__/hooks-runner.test.ts +1 -23
package/src/__tests__/hooks-settings.test.ts +1 -1
package/src/__tests__/hooks-templates.test.ts +1 -1
package/src/__tests__/host-shell-tool.test.ts +0 -1
package/src/__tests__/http-user-message-parity.test.ts +19 -0
package/src/__tests__/integration-status.test.ts +0 -1
package/src/__tests__/invite-routes-http.test.ts +0 -3
package/src/__tests__/list-messages-attachments.test.ts +0 -1
package/src/__tests__/llm-usage-store.test.ts +50 -0
package/src/__tests__/log-export-workspace.test.ts +233 -0
package/src/__tests__/managed-proxy-context.test.ts +41 -41
package/src/__tests__/managed-skill-lifecycle.test.ts +0 -1
package/src/__tests__/media-generate-image.test.ts +9 -4
package/src/__tests__/media-reuse-story.e2e.test.ts +1 -7
package/src/__tests__/memory-regressions.experimental.test.ts +4 -4
package/src/__tests__/memory-regressions.test.ts +27 -28
package/src/__tests__/memory-retrieval.benchmark.test.ts +1 -1
package/src/__tests__/memory-upsert-concurrency.test.ts +4 -4
package/src/__tests__/migration-cross-version-compatibility.test.ts +0 -1
package/src/__tests__/migration-export-http.test.ts +0 -1
package/src/__tests__/migration-import-commit-http.test.ts +0 -1
package/src/__tests__/migration-import-preflight-http.test.ts +0 -1
package/src/__tests__/migration-validate-http.test.ts +0 -1
package/src/__tests__/notification-decision-fallback.test.ts +1 -1
package/src/__tests__/notification-schedule-dedup.test.ts +237 -0
package/src/__tests__/oauth-cli.test.ts +2 -14
package/src/__tests__/oauth-store.test.ts +3 -7
package/src/__tests__/oauth2-gateway-transport.test.ts +5 -4
package/src/__tests__/onboarding-starter-tasks.test.ts +1 -1
package/src/__tests__/onboarding-template-contract.test.ts +1 -2
package/src/__tests__/openai-provider.test.ts +7 -7
package/src/__tests__/platform.test.ts +14 -4
package/src/__tests__/pricing.test.ts +0 -234
package/src/__tests__/provider-commit-message-generator.test.ts +19 -15
package/src/__tests__/provider-fail-open-selection.test.ts +67 -62
package/src/__tests__/provider-managed-proxy-integration.test.ts +88 -85
package/src/__tests__/provider-registry-ollama.test.ts +10 -4
package/src/__tests__/public-ingress-urls.test.ts +1 -1
package/src/__tests__/recording-handler.test.ts +0 -1
package/src/__tests__/registry.test.ts +3 -103
package/src/__tests__/relay-server.test.ts +0 -1
package/src/__tests__/runtime-attachment-metadata.test.ts +0 -1
package/src/__tests__/runtime-events-sse-parity.test.ts +0 -1
package/src/__tests__/runtime-events-sse.test.ts +0 -1
package/src/__tests__/script-proxy-injection-runtime.test.ts +2 -7
package/src/__tests__/secret-onetime-send.test.ts +1 -6
package/src/__tests__/secret-routes-managed-proxy.test.ts +6 -14
package/src/__tests__/secret-scanner-executor.test.ts +0 -1
package/src/__tests__/secure-keys.test.ts +241 -229
package/src/__tests__/send-endpoint-busy.test.ts +0 -1
package/src/__tests__/session-abort-tool-results.test.ts +3 -2
package/src/__tests__/session-agent-loop-overflow.test.ts +1012 -838
package/src/__tests__/session-agent-loop.test.ts +2 -2
package/src/__tests__/session-confirmation-signals.test.ts +3 -2
package/src/__tests__/session-error.test.ts +5 -4
package/src/__tests__/session-history-web-search.test.ts +34 -9
package/src/__tests__/session-messaging-secret-redirect.test.ts +1 -7
package/src/__tests__/session-pre-run-repair.test.ts +3 -2
package/src/__tests__/session-provider-retry-repair.test.ts +31 -27
package/src/__tests__/session-queue.test.ts +5 -5
package/src/__tests__/session-runtime-assembly.test.ts +118 -0
package/src/__tests__/session-slash-known.test.ts +31 -14
package/src/__tests__/session-slash-queue.test.ts +3 -2
package/src/__tests__/session-slash-unknown.test.ts +3 -2
package/src/__tests__/session-workspace-cache-state.test.ts +3 -1
package/src/__tests__/session-workspace-injection.test.ts +3 -2
package/src/__tests__/session-workspace-tool-tracking.test.ts +3 -2
package/src/__tests__/shell-tool-proxy-mode.test.ts +0 -1
package/src/__tests__/skill-projection-feature-flag.test.ts +0 -1
package/src/__tests__/skill-script-runner-sandbox.test.ts +0 -1
package/src/__tests__/skillssh-registry.test.ts +21 -0
package/src/__tests__/slack-channel-config.test.ts +1 -7
package/src/__tests__/slack-share-routes.test.ts +1 -1
package/src/__tests__/swarm-recursion.test.ts +4 -1
package/src/__tests__/swarm-session-integration.test.ts +24 -14
package/src/__tests__/swarm-tool.test.ts +4 -2
package/src/__tests__/task-compiler.test.ts +1 -1
package/src/__tests__/telegram-bot-username-resolution.test.ts +2 -4
package/src/__tests__/test-support/browser-skill-harness.ts +0 -18
package/src/__tests__/test-support/computer-use-skill-harness.ts +0 -23
package/src/__tests__/token-estimator-accuracy.benchmark.test.ts +1521 -0
package/src/__tests__/tool-execution-abort-cleanup.test.ts +0 -1
package/src/__tests__/tool-executor-lifecycle-events.test.ts +0 -1
package/src/__tests__/tool-executor-shell-integration.test.ts +0 -1
package/src/__tests__/tool-executor.test.ts +1 -2
package/src/__tests__/trust-store.test.ts +8 -83
package/src/__tests__/twilio-config.test.ts +0 -1
package/src/__tests__/twilio-provider.test.ts +0 -5
package/src/__tests__/twilio-routes.test.ts +2 -3
package/src/__tests__/usage-cache-backfill-migration.test.ts +10 -10
package/src/__tests__/verification-control-plane-policy.test.ts +0 -1
package/src/__tests__/voice-quality.test.ts +2 -1
package/src/__tests__/voice-scoped-grant-consumer.test.ts +0 -1
package/src/__tests__/web-search.test.ts +1 -1
package/src/agent/loop.ts +17 -1
package/src/bundler/app-bundler.ts +40 -24
package/src/calls/call-controller.ts +16 -0
package/src/calls/guardian-question-copy.ts +1 -1
package/src/calls/relay-server.ts +29 -13
package/src/calls/voice-control-protocol.ts +1 -0
package/src/calls/voice-quality.ts +1 -1
package/src/calls/voice-session-bridge.ts +9 -3
package/src/channels/types.ts +16 -0
package/src/cli/commands/bash.ts +173 -0
package/src/cli/commands/doctor.ts +15 -57
package/src/cli/commands/memory.ts +3 -5
package/src/cli/commands/oauth/connections.ts +4 -2
package/src/cli/commands/oauth/providers.ts +1 -13
package/src/cli/commands/sessions.ts +1 -1
package/src/cli/commands/usage.ts +359 -0
package/src/cli/http-client.ts +22 -12
package/src/cli/program.ts +4 -0
package/src/cli/reference.ts +2 -0
package/src/cli.ts +251 -181
package/src/config/assistant-feature-flags.ts +0 -7
package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
package/src/config/bundled-skills/claude-code/SKILL.md +1 -1
package/src/config/bundled-skills/claude-code/TOOLS.json +1 -1
package/src/config/bundled-skills/gmail/SKILL.md +0 -1
package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +4 -3
package/src/config/bundled-skills/media-processing/services/reduce.ts +1 -1
package/src/config/bundled-skills/media-processing/tools/analyze-keyframes.ts +3 -5
package/src/config/bundled-skills/media-processing/tools/extract-keyframes.ts +2 -3
package/src/config/bundled-skills/messaging/SKILL.md +0 -1
package/src/config/bundled-skills/phone-calls/references/CONFIG.md +1 -1
package/src/config/bundled-skills/sequences/SKILL.md +0 -1
package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts +5 -6
package/src/config/env.ts +13 -0
package/src/config/feature-flag-registry.json +15 -39
package/src/config/loader.ts +7 -135
package/src/config/schema.ts +0 -6
package/src/config/schemas/channels.ts +1 -0
package/src/config/schemas/elevenlabs.ts +2 -2
package/src/config/schemas/security.ts +1 -2
package/src/config/skills.ts +1 -1
package/src/contacts/contact-store.ts +21 -75
package/src/contacts/contacts-write.ts +6 -6
package/src/contacts/types.ts +2 -0
package/src/context/token-estimator.ts +35 -2
package/src/context/window-manager.ts +16 -2
package/src/daemon/approved-devices-store.ts +0 -44
package/src/daemon/classifier.ts +1 -1
package/src/daemon/config-watcher.ts +35 -11
package/src/daemon/context-overflow-reducer.ts +13 -2
package/src/daemon/handlers/config-ingress.ts +25 -8
package/src/daemon/handlers/config-model.ts +22 -16
package/src/daemon/handlers/config-telegram.ts +18 -6
package/src/daemon/handlers/dictation.ts +0 -429
package/src/daemon/handlers/sessions.ts +4 -116
package/src/daemon/handlers/skills.ts +2 -201
package/src/daemon/lifecycle.ts +21 -20
package/src/daemon/message-types/contacts.ts +2 -0
package/src/daemon/message-types/integrations.ts +1 -0
package/src/daemon/message-types/sessions.ts +2 -0
package/src/daemon/parse-actual-tokens-from-error.test.ts +75 -0
package/src/daemon/providers-setup.ts +1 -1
package/src/daemon/server.ts +42 -5
package/src/daemon/session-agent-loop-handlers.ts +1 -1
package/src/daemon/session-agent-loop.ts +27 -79
package/src/daemon/session-error.ts +5 -4
package/src/daemon/session-process.ts +17 -10
package/src/daemon/session-runtime-assembly.ts +50 -0
package/src/daemon/session-slash.ts +34 -22
package/src/daemon/session.ts +1 -0
package/src/daemon/shutdown-handlers.ts +15 -0
package/src/daemon/watch-handler.ts +2 -2
package/src/email/guardrails.ts +1 -1
package/src/email/service.ts +0 -5
package/src/events/domain-events.ts +1 -0
package/src/hooks/templates.ts +1 -1
package/src/media/app-icon-generator.ts +4 -3
package/src/media/avatar-router.ts +5 -4
package/src/media/gemini-image-service.ts +5 -5
package/src/memory/admin.ts +2 -2
package/src/memory/app-git-service.ts +0 -7
package/src/memory/canonical-guardian-store.ts +25 -3
package/src/memory/conversation-crud.ts +1 -1
package/src/memory/conversation-title-service.ts +2 -2
package/src/memory/db-init.ts +12 -0
package/src/memory/embedding-backend.ts +46 -33
package/src/memory/external-conversation-store.ts +0 -30
package/src/memory/guardian-action-store.ts +0 -31
package/src/memory/guardian-approvals.ts +1 -56
package/src/memory/indexer.ts +4 -3
package/src/memory/items-extractor.ts +1 -1
package/src/memory/job-handlers/backfill.ts +5 -2
package/src/memory/job-handlers/index-maintenance.ts +2 -2
package/src/memory/job-handlers/media-processing.ts +2 -2
package/src/memory/job-handlers/summarization.ts +1 -1
package/src/memory/job-utils.ts +1 -2
package/src/memory/jobs-worker.ts +2 -2
package/src/memory/llm-usage-store.ts +57 -11
package/src/memory/media-store.ts +4 -535
package/src/memory/migrations/032-guardian-delivery-conversation-index.ts +2 -2
package/src/memory/migrations/110-channel-guardian.ts +0 -1
package/src/memory/migrations/158-channel-interaction-columns.ts +18 -0
package/src/memory/migrations/159-drop-contact-interaction-columns.ts +16 -0
package/src/memory/migrations/160-drop-loopback-port-column.ts +13 -0
package/src/memory/migrations/index.ts +3 -0
package/src/memory/published-pages-store.ts +0 -83
package/src/memory/qdrant-circuit-breaker.ts +0 -8
package/src/memory/retriever.test.ts +19 -12
package/src/memory/retriever.ts +1 -1
package/src/memory/schema/contacts.ts +2 -2
package/src/memory/schema/oauth.ts +0 -1
package/src/memory/search/semantic.ts +1 -8
package/src/memory/shared-app-links-store.ts +0 -15
package/src/messaging/registry.ts +0 -5
package/src/messaging/style-analyzer.ts +1 -1
package/src/notifications/copy-composer.ts +5 -13
package/src/notifications/decision-engine.ts +2 -2
package/src/notifications/deliveries-store.ts +0 -39
package/src/notifications/guardian-question-mode.ts +6 -10
package/src/notifications/preference-extractor.ts +1 -1
package/src/oauth/byo-connection.test.ts +29 -20
package/src/oauth/connect-orchestrator.ts +5 -3
package/src/oauth/connect-types.ts +9 -2
package/src/oauth/manual-token-connection.ts +9 -7
package/src/oauth/oauth-store.ts +2 -8
package/src/oauth/provider-behaviors.ts +11 -1
package/src/oauth/seed-providers.ts +13 -5
package/src/permissions/checker.ts +21 -2
package/src/permissions/shell-identity.ts +0 -5
package/src/permissions/trust-store.ts +0 -37
package/src/prompts/__tests__/build-cli-reference-section.test.ts +1 -1
package/src/prompts/system-prompt.ts +5 -14
package/src/prompts/templates/BOOTSTRAP.md +1 -3
package/src/providers/anthropic/client.ts +16 -8
package/src/providers/managed-proxy/constants.ts +9 -11
package/src/providers/managed-proxy/context.ts +14 -9
package/src/providers/provider-send-message.ts +4 -52
package/src/providers/registry.ts +29 -57
package/src/providers/types.ts +1 -1
package/src/runtime/actor-token-store.ts +0 -23
package/src/runtime/auth/route-policy.ts +4 -0
package/src/runtime/channel-invite-transports/telegram.ts +12 -6
package/src/runtime/channel-retry-sweep.ts +6 -0
package/src/runtime/http-router.ts +5 -1
package/src/runtime/http-server.ts +101 -4
package/src/runtime/http-types.ts +1 -0
package/src/runtime/invite-instruction-generator.ts +25 -51
package/src/runtime/invite-service.ts +0 -20
package/src/runtime/middleware/error-handler.ts +1 -2
package/src/runtime/routes/app-management-routes.ts +1 -0
package/src/runtime/routes/attachment-routes.ts +1 -1
package/src/runtime/routes/brain-graph-routes.ts +1 -1
package/src/runtime/routes/btw-routes.ts +20 -1
package/src/runtime/routes/call-routes.ts +1 -1
package/src/runtime/routes/conversation-routes.ts +64 -24
package/src/runtime/routes/debug-routes.ts +1 -1
package/src/runtime/routes/diagnostics-routes.ts +2 -2
package/src/runtime/routes/documents-routes.ts +3 -3
package/src/runtime/routes/global-search-routes.ts +1 -1
package/src/runtime/routes/guardian-bootstrap-routes.ts +0 -20
package/src/runtime/routes/guardian-refresh-routes.ts +0 -20
package/src/runtime/routes/inbound-message-handler.ts +10 -2
package/src/runtime/routes/inbound-stages/background-dispatch.ts +4 -0
package/src/runtime/routes/inbound-stages/edit-intercept.ts +5 -5
package/src/runtime/routes/integrations/slack/share.ts +5 -5
package/src/runtime/routes/log-export-routes.ts +122 -10
package/src/runtime/routes/secret-routes.ts +4 -4
package/src/runtime/routes/session-query-routes.ts +3 -3
package/src/runtime/routes/settings-routes.ts +53 -0
package/src/runtime/routes/trust-rules-routes.ts +1 -1
package/src/runtime/routes/workspace-routes.ts +3 -0
package/src/runtime/verification-templates.ts +1 -1
package/src/security/credential-backend.ts +148 -0
package/src/security/oauth2.ts +5 -5
package/src/security/secret-allowlist.ts +1 -1
package/src/security/secure-keys.ts +98 -160
package/src/security/token-manager.ts +0 -7
package/src/sequence/guardrails.ts +0 -4
package/src/sequence/store.ts +1 -20
package/src/sequence/types.ts +1 -36
package/src/signals/bash.ts +157 -0
package/src/signals/cancel.ts +69 -0
package/src/signals/conversation-undo.ts +127 -0
package/src/signals/trust-rule.ts +174 -0
package/src/skills/clawhub.ts +5 -5
package/src/skills/managed-store.ts +4 -4
package/src/skills/skillssh-registry.ts +6 -1
package/src/swarm/backend-claude-code.ts +6 -6
package/src/swarm/worker-backend.ts +1 -1
package/src/swarm/worker-runner.ts +1 -1
package/src/telegram/bot-username.ts +11 -0
package/src/telemetry/usage-telemetry-reporter.test.ts +366 -0
package/src/telemetry/usage-telemetry-reporter.ts +181 -0
package/src/tools/claude-code/claude-code.ts +6 -6
package/src/tools/credentials/broker.ts +7 -5
package/src/tools/credentials/vault.ts +11 -6
package/src/tools/memory/handlers.test.ts +24 -26
package/src/tools/memory/handlers.ts +1 -13
package/src/tools/network/__tests__/web-search.test.ts +18 -86
package/src/tools/network/web-search.ts +9 -15
package/src/tools/registry.ts +5 -100
package/src/tools/terminal/parser.ts +34 -4
package/src/tools/tool-manifest.ts +0 -10
package/src/usage/actors.ts +0 -12
package/src/util/canonicalize-identity.ts +0 -9
package/src/util/errors.ts +0 -3
package/src/util/platform.ts +31 -8
package/src/util/pricing.ts +0 -39
package/src/watcher/constants.ts +0 -7
package/src/watcher/providers/linear.ts +1 -1
package/src/work-items/work-item-store.ts +4 -4
package/src/workspace/commit-message-provider.ts +1 -1
package/src/workspace/git-service.ts +44 -1
package/src/workspace/provider-commit-message-generator.ts +11 -7
package/src/__tests__/fixtures/proxy-fixtures.ts +0 -147
package/src/browser-extension-relay/client.ts +0 -155
package/src/contacts/index.ts +0 -18
package/src/daemon/tls-certs.ts +0 -270
package/src/errors.ts +0 -41
package/src/events/index.ts +0 -18
package/src/followups/index.ts +0 -10
package/src/playbooks/index.ts +0 -10
package/src/runtime/auth/index.ts +0 -44
package/src/tasks/candidate-store.ts +0 -95
package/src/tools/browser/api-map.ts +0 -313
package/src/tools/browser/auto-navigate.ts +0 -469
package/src/tools/browser/headless-browser.ts +0 -590
package/src/tools/browser/recording-store.ts +0 -75
package/src/tools/computer-use/registry.ts +0 -21
package/src/tools/tasks/index.ts +0 -27

package/src/daemon/session-agent-loop.ts CHANGED Viewed

@@ -133,7 +133,7 @@ const log = getLogger("session-agent-loop");
  *
  * Returns the actual token count or null if it cannot be parsed.
  */
-function parseActualTokensFromError(
+export function parseActualTokensFromError(
   errorMessage: string | null,
 ): number | null {
   if (!errorMessage) return null;
@@ -710,10 +710,11 @@ export async function runAgentLoopImpl(
     const preflightBudget = Math.floor(providerMaxTokens * (1 - safetyMargin));
     let reducerState: ReducerState | undefined;
+    const toolTokenBudget = ctx.agentLoop.getToolTokenBudget(runMessages);
     const preflightTokens = estimatePromptTokens(
       runMessages,
       ctx.systemPrompt,
-      { providerName: ctx.provider.name },
+      { providerName: ctx.provider.name, toolTokenBudget },
     );
     if (overflowRecovery.enabled && preflightTokens > preflightBudget) {
@@ -747,6 +748,7 @@ export async function runAgentLoopImpl(
             systemPrompt: ctx.systemPrompt,
             contextWindow: config.contextWindow,
             targetTokens: preflightBudget,
+            toolTokenBudget,
           },
           reducerState,
           (msgs, signal, opts) =>
@@ -863,7 +865,7 @@ export async function runAgentLoopImpl(
         const estimated = estimatePromptTokens(
           checkpoint.history,
           ctx.systemPrompt,
-          { providerName: ctx.provider.name },
+          { providerName: ctx.provider.name, toolTokenBudget },
         );
         if (estimated > midLoopThreshold) {
           rlog.warn(
@@ -993,6 +995,23 @@ export async function runAgentLoopImpl(
       );
     }
+    // If mid-loop compaction exhausted all attempts but the agent loop
+    // still yielded (yieldedForBudget is true), the turn is incomplete.
+    // Escalate to the convergence loop's more aggressive reducer tiers
+    // (tool-result truncation, media stubbing, injection downgrade)
+    // instead of silently treating an incomplete turn as done.
+    if (yieldedForBudget && !abortController.signal.aborted) {
+      rlog.warn(
+        {
+          phase: "mid-loop-compact",
+          midLoopCompactAttempts,
+          maxAttempts: overflowRecovery.maxAttempts,
+        },
+        "Mid-loop compaction exhausted all attempts — escalating to convergence loop",
+      );
+      state.contextTooLargeDetected = true;
+    }
     // One-shot ordering error retry
     if (
       state.orderingErrorDetected &&
@@ -1045,6 +1064,7 @@ export async function runAgentLoopImpl(
             ),
         });
         preRepairMessages = updatedHistory;
+        preRunHistoryLength = updatedHistory.length;
       }
       if (!reducerState) {
         reducerState = createInitialReducerState();
@@ -1061,7 +1081,7 @@ export async function runAgentLoopImpl(
       const estimatedTokensAtOverflow = estimatePromptTokens(
         ctx.messages,
         ctx.systemPrompt,
-        { providerName: ctx.provider.name },
+        { providerName: ctx.provider.name, toolTokenBudget },
       );
       let correctedTarget = preflightBudget;
       if (actualTokens && estimatedTokensAtOverflow > 0) {
@@ -1113,6 +1133,7 @@ export async function runAgentLoopImpl(
             systemPrompt: ctx.systemPrompt,
             contextWindow: config.contextWindow,
             targetTokens: correctedTarget,
+            toolTokenBudget,
           },
           reducerState,
           (msgs, signal, opts) =>
@@ -1124,12 +1145,6 @@ export async function runAgentLoopImpl(
         ctx.messages = step.messages;
         currentInjectionMode = step.state.injectionMode;
-        // If the reducer is now exhausted without compacting, break out
-        // so the overflow policy path can attempt emergency compaction.
-        if (reducerState.exhausted && !step.compactionResult?.compacted) {
-          break;
-        }
         if (step.compactionResult?.compacted) {
           ctx.contextCompactedMessageCount +=
             step.compactionResult.compactedPersistedMessages;
@@ -1183,77 +1198,10 @@ export async function runAgentLoopImpl(
         );
       }
-      // When all reducer tiers are exhausted but the context is still too
-      // large, attempt one last emergency compaction before consulting the
-      // overflow policy. This covers the case where progress was made
-      // (messages grew) and the normal tiers couldn't compact enough.
-      if (state.contextTooLargeDetected && reducerState.exhausted) {
-        const emergencyCompact = await ctx.contextWindowManager.maybeCompact(
-          ctx.messages,
-          abortController.signal,
-          {
-            lastCompactedAt: ctx.contextCompactedAt ?? undefined,
-            force: true,
-            minKeepRecentUserTurns: 0,
-            targetInputTokensOverride: correctedTarget,
-          },
-        );
-        if (emergencyCompact.compacted) {
-          ctx.messages = emergencyCompact.messages;
-          ctx.contextCompactedMessageCount +=
-            emergencyCompact.compactedPersistedMessages;
-          ctx.contextCompactedAt = Date.now();
-          updateConversationContextWindow(
-            ctx.conversationId,
-            emergencyCompact.summaryText,
-            ctx.contextCompactedMessageCount,
-          );
-          onEvent({
-            type: "context_compacted",
-            previousEstimatedInputTokens:
-              emergencyCompact.previousEstimatedInputTokens,
-            estimatedInputTokens: emergencyCompact.estimatedInputTokens,
-            maxInputTokens: emergencyCompact.maxInputTokens,
-            thresholdTokens: emergencyCompact.thresholdTokens,
-            compactedMessages: emergencyCompact.compactedMessages,
-            summaryCalls: emergencyCompact.summaryCalls,
-            summaryInputTokens: emergencyCompact.summaryInputTokens,
-            summaryOutputTokens: emergencyCompact.summaryOutputTokens,
-            summaryModel: emergencyCompact.summaryModel,
-          });
-          emitUsage(
-            ctx,
-            emergencyCompact.summaryInputTokens,
-            emergencyCompact.summaryOutputTokens,
-            emergencyCompact.summaryModel,
-            onEvent,
-            "context_compactor",
-            reqId,
-            emergencyCompact.summaryCacheCreationInputTokens ?? 0,
-            emergencyCompact.summaryCacheReadInputTokens ?? 0,
-            collapseRawResponses(emergencyCompact.summaryRawResponses),
-          );
-          runMessages = applyRuntimeInjections(ctx.messages, {
-            ...injectionOpts,
-            mode: currentInjectionMode,
-          });
-          preRepairMessages = runMessages;
-          preRunHistoryLength = runMessages.length;
-          state.contextTooLargeDetected = false;
-          updatedHistory = await ctx.agentLoop.run(
-            runMessages,
-            eventHandler,
-            abortController.signal,
-            reqId,
-            onCheckpoint,
-          );
-        }
-      }
       // All reducer tiers exhausted but provider still rejects —
       // consult the overflow policy for latest-turn compression.
+      // Emergency compaction is deferred to the policy-gated paths below
+      // so that `request_user_approval` sessions collect consent first.
       if (state.contextTooLargeDetected) {
         const action = resolveOverflowAction({
           overflowRecovery,

package/src/daemon/session-error.ts CHANGED Viewed

@@ -218,7 +218,7 @@ function classifyCore(
         return {
           code: "PROVIDER_WEB_SEARCH",
           userMessage:
-            "An internal error occurred with web search. Retrying...",
+            "An internal error occurred with web search. Please try again.",
           retryable: true,
           errorCategory: "web_search_ordering",
         };
@@ -226,7 +226,7 @@ function classifyCore(
       if (isOrderingError(message)) {
         return {
           code: "PROVIDER_ORDERING",
-          userMessage: "An internal error occurred. Retrying...",
+          userMessage: "An internal error occurred. Please try again.",
           retryable: true,
           errorCategory: "tool_ordering",
         };
@@ -308,7 +308,8 @@ function classifyByMessage(
   if (isWebSearchOrderingError(message)) {
     return {
       code: "PROVIDER_WEB_SEARCH",
-      userMessage: "An internal error occurred with web search. Retrying...",
+      userMessage:
+        "An internal error occurred with web search. Please try again.",
       retryable: true,
       errorCategory: "web_search_ordering",
     };
@@ -318,7 +319,7 @@ function classifyByMessage(
   if (isOrderingError(message)) {
     return {
       code: "PROVIDER_ORDERING",
-      userMessage: "An internal error occurred. Retrying...",
+      userMessage: "An internal error occurred. Please try again.",
       retryable: true,
       errorCategory: "tool_ordering",
     };

package/src/daemon/session-process.ts CHANGED Viewed

@@ -15,7 +15,7 @@ import type {
   TurnInterfaceContext,
 } from "../channels/types.js";
 import { parseChannelId, parseInterfaceId } from "../channels/types.js";
-import { getConfig } from "../config/loader.js";
+import { API_KEY_PROVIDERS, getConfig } from "../config/loader.js";
 import { listPendingRequestsByConversationScope } from "../memory/canonical-guardian-store.js";
 import {
   addMessage,
@@ -27,6 +27,7 @@ import { extractPreferences } from "../notifications/preference-extractor.js";
 import { createPreference } from "../notifications/preferences-store.js";
 import type { Message } from "../providers/types.js";
 import { routeGuardianReply } from "../runtime/guardian-reply-router.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { getLogger } from "../util/logger.js";
 import type {
   ServerMessage,
@@ -47,12 +48,15 @@ import { resolveVerificationSessionIntent } from "./verification-session-intent.
 const log = getLogger("session-process");
 /** Build a model_info event with fresh config data. */
-export function buildModelInfoEvent(): ServerMessage {
+export async function buildModelInfoEvent(): Promise<ServerMessage> {
   const config = getConfig();
-  const configured = Object.keys(config.apiKeys).filter(
-    (k) => !!config.apiKeys[k],
-  );
-  if (!configured.includes("ollama")) configured.push("ollama");
+  const configured: string[] = ["ollama"];
+  for (const p of API_KEY_PROVIDERS) {
+    if (p === "ollama") continue;
+    if (await getSecureKeyAsync(p)) {
+      configured.push(p);
+    }
+  }
   return {
     type: "model_info",
     model: config.model,
@@ -296,7 +300,10 @@ export async function drainQueue(
   }
   // Resolve slash commands for queued messages
-  const slashResult = resolveSlash(next.content, buildSlashContext(session));
+  const slashResult = await resolveSlash(
+    next.content,
+    buildSlashContext(session),
+  );
   // Unknown slash — persist the exchange and continue draining.
   // Persist each message before pushing to session.messages so that a
@@ -365,7 +372,7 @@ export async function drainQueue(
         isModelSlashCommand(next.content) ||
         isProviderShortcut(next.content)
       ) {
-        next.onEvent(buildModelInfoEvent());
+        next.onEvent(await buildModelInfoEvent());
       }
       next.onEvent({ type: "assistant_text_delta", text: slashResult.message });
       session.traceEmitter.emit(
@@ -651,7 +658,7 @@ export async function processMessage(
   }
   // Resolve slash commands before persistence
-  const slashResult = resolveSlash(content, buildSlashContext(session));
+  const slashResult = await resolveSlash(content, buildSlashContext(session));
   // Unknown slash command — persist the exchange (user + assistant) so the
   // messageId is real.  Persist each message before pushing to session.messages
@@ -715,7 +722,7 @@ export async function processMessage(
     // Emit fresh model info before the text delta so the client has
     // up-to-date configuredProviders when rendering /model or /models UI.
     if (isModelSlashCommand(content) || isProviderShortcut(content)) {
-      onEvent(buildModelInfoEvent());
+      onEvent(await buildModelInfoEvent());
     }
     onEvent({ type: "assistant_text_delta", text: slashResult.message });
     session.traceEmitter.emit(

package/src/daemon/session-runtime-assembly.ts CHANGED Viewed

@@ -37,6 +37,8 @@ export interface ChannelCapabilities {
   pttActivationKey?: string;
   /** Whether the client has been granted microphone permission by the OS. */
   microphonePermissionGranted?: boolean;
+  /** Chat type from the gateway (e.g. "private", "group", "supergroup", "channel", "im", "mpim"). */
+  chatType?: string;
 }
 /**
@@ -296,6 +298,7 @@ export function resolveChannelCapabilities(
   sourceChannel?: string | null,
   sourceInterface?: string | null,
   pttMetadata?: PttMetadata | null,
+  chatType?: string | null,
 ): ChannelCapabilities {
   // Normalise legacy pseudo-channel IDs to canonical ChannelId values.
   let channel: string;
@@ -330,6 +333,8 @@ export function resolveChannelCapabilities(
     }
   }
+  const resolvedChatType = chatType ?? undefined;
   switch (channel) {
     case "vellum": {
       const supportsDesktopUi = iface === "macos";
@@ -342,6 +347,7 @@ export function resolveChannelCapabilities(
           pttMetadata?.pttActivationKey,
         ),
         microphonePermissionGranted: pttMetadata?.microphonePermissionGranted,
+        chatType: resolvedChatType,
       };
     }
     case "telegram":
@@ -354,6 +360,7 @@ export function resolveChannelCapabilities(
         dashboardCapable: false,
         supportsDynamicUi: false,
         supportsVoiceInput: false,
+        chatType: resolvedChatType,
       };
     default:
       return {
@@ -361,10 +368,28 @@ export function resolveChannelCapabilities(
         dashboardCapable: false,
         supportsDynamicUi: false,
         supportsVoiceInput: false,
+        chatType: resolvedChatType,
       };
   }
 }
+/**
+ * Returns true when the chat type indicates a group/multi-party conversation
+ * (Telegram group/supergroup, Slack channel/group/mpim, etc.).
+ */
+export function isGroupChatType(chatType?: string): boolean {
+  if (!chatType) return false;
+  switch (chatType) {
+    case "group":
+    case "supergroup":
+    case "channel":
+    case "mpim":
+      return true;
+    default:
+      return false;
+  }
+}
 /** Context about the active workspace surface, passed to applyRuntimeInjections. */
 export interface ActiveSurfaceContext {
   surfaceId: string;
@@ -632,6 +657,31 @@ export function injectChannelCapabilityContext(
     }
   }
+  // Inject group chat etiquette only when the chat type indicates a multi-party
+  // conversation, avoiding misconditioned "stay silent" guidance in 1:1 DMs.
+  if (isGroupChatType(caps.chatType)) {
+    lines.push(`chat_type: ${caps.chatType}`);
+    lines.push("");
+    lines.push("GROUP CHAT ETIQUETTE:");
+    lines.push(
+      "- You are a **participant**, not the user's proxy. Think before you speak.",
+    );
+    lines.push(
+      "- **Respond when:** directly mentioned, you can add genuine value, something witty fits naturally, or correcting important misinformation.",
+    );
+    lines.push(
+      '- **Stay silent when:** casual banter between humans, someone already answered, your response would just be "yeah" or "nice", or the conversation flows fine without you.',
+    );
+    lines.push(
+      "- **The human rule:** humans don't respond to every message in a group chat. Neither should you. Quality over quantity.",
+    );
+    if (caps.channel === "slack") {
+      lines.push(
+        "- Use emoji reactions naturally to acknowledge without cluttering.",
+      );
+    }
+  }
   lines.push("</channel_capabilities>");
   const block = lines.join("\n");

package/src/daemon/session-slash.ts CHANGED Viewed

@@ -5,10 +5,16 @@ import { join } from "node:path";
 import QRCode from "qrcode";
 import { getGatewayPort, getIngressPublicBaseUrl } from "../config/env.js";
-import { getConfig, loadRawConfig, saveRawConfig } from "../config/loader.js";
+import {
+  API_KEY_PROVIDERS,
+  getConfig,
+  loadRawConfig,
+  saveRawConfig,
+} from "../config/loader.js";
 import { resolveSkillStates } from "../config/skill-state.js";
 import { loadSkillCatalog } from "../config/skills.js";
 import { initializeProviders } from "../providers/registry.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import {
   buildInvocableSlashCatalog,
   resolveSlashSkillCommand,
@@ -53,14 +59,12 @@ export interface SlashContext {
 const AVAILABLE_MODELS = [
   "claude-opus-4-6",
-  "claude-opus-4-6-fast",
   "claude-sonnet-4-6",
   "claude-haiku-4-5-20251001",
 ] as const;
 const MODEL_DISPLAY_NAMES: Record<string, string> = {
   "claude-opus-4-6": "Claude Opus 4.6",
-  "claude-opus-4-6-fast": "Claude Opus 4.6 Fast",
   "claude-sonnet-4-6": "Claude Sonnet 4.6",
   "claude-haiku-4-5-20251001": "Claude Haiku 4.5",
 };
@@ -75,11 +79,6 @@ const PROVIDER_MODEL_SHORTCUTS: Record<
     model: "claude-opus-4-6",
     displayName: "Claude Opus 4.6",
   },
-  "opus-fast": {
-    provider: "anthropic",
-    model: "claude-opus-4-6-fast",
-    displayName: "Claude Opus 4.6 Fast",
-  },
   sonnet: {
     provider: "anthropic",
     model: "claude-sonnet-4-6",
@@ -146,7 +145,9 @@ function matchModel(input: string): string | undefined {
   return AVAILABLE_MODELS.find((m) => m.includes(lower));
 }
-function resolveProviderModelCommand(content: string): SlashResolution | null {
+async function resolveProviderModelCommand(
+  content: string,
+): Promise<SlashResolution | null> {
   const trimmed = content.trim();
   if (!trimmed.startsWith("/")) return null;
@@ -163,7 +164,7 @@ function resolveProviderModelCommand(content: string): SlashResolution | null {
   const name = getAssistantName();
   // Check if API key exists for this provider (Ollama doesn't require an API key)
-  if (provider !== "ollama" && !config.apiKeys[provider]) {
+  if (provider !== "ollama" && !(await getSecureKeyAsync(provider))) {
     return {
       kind: "unknown",
       message: `Cannot switch to ${displayName}. No API key configured for ${provider}.\n\nSet it with: \`keys set ${provider} <your-key>\``,
@@ -189,7 +190,7 @@ function resolveProviderModelCommand(content: string): SlashResolution | null {
   // Re-initialize providers with new config
   const newConfig = getConfig();
-  initializeProviders(newConfig);
+  await initializeProviders(newConfig);
   const switchedMsg = name
     ? `Switched ${name} to **${displayName}**. New conversations will use this model.`
@@ -201,14 +202,23 @@ function resolveProviderModelCommand(content: string): SlashResolution | null {
   };
 }
-function resolveModelList(): SlashResolution {
+async function resolveModelList(): Promise<SlashResolution> {
   const config = getConfig();
+  // Build a set of providers that have a configured API key.
+  const configuredProviders = new Set<string>(["ollama"]);
+  for (const p of API_KEY_PROVIDERS) {
+    if (await getSecureKeyAsync(p)) {
+      configuredProviders.add(p);
+    }
+  }
   const lines = ["Available models:\n"];
   for (const [cmd, { provider, model, displayName }] of Object.entries(
     PROVIDER_MODEL_SHORTCUTS,
   )) {
-    const hasKey = provider === "ollama" || !!config.apiKeys[provider];
+    const hasKey = configuredProviders.has(provider);
     const isCurrent = config.provider === provider && config.model === model;
     const status = hasKey ? "✓" : "✗";
     const current = isCurrent ? " **[current]**" : "";
@@ -224,11 +234,13 @@ function resolveModelList(): SlashResolution {
   };
 }
-function resolveModelCommand(content: string): SlashResolution | null {
+async function resolveModelCommand(
+  content: string,
+): Promise<SlashResolution | null> {
   const trimmed = content.trim();
   // Match /models → route to list
   if (trimmed === "/models") {
-    return resolveModelList();
+    return await resolveModelList();
   }
   if (!trimmed.startsWith("/model")) return null;
@@ -251,7 +263,7 @@ function resolveModelCommand(content: string): SlashResolution | null {
   // Handle /model list
   if (args === "list") {
-    return resolveModelList();
+    return await resolveModelList();
   }
   // Try to match the model name
@@ -280,7 +292,7 @@ function resolveModelCommand(content: string): SlashResolution | null {
   }
   // Validate that Anthropic provider is available
-  if (!currentConfig.apiKeys.anthropic) {
+  if (!(await getSecureKeyAsync("anthropic"))) {
     const displayName = MODEL_DISPLAY_NAMES[matched] ?? matched;
     return {
       kind: "unknown",
@@ -294,7 +306,7 @@ function resolveModelCommand(content: string): SlashResolution | null {
   raw.model = matched;
   saveRawConfig(raw);
   const config = getConfig();
-  initializeProviders(config);
+  await initializeProviders(config);
   const displayName = MODEL_DISPLAY_NAMES[matched] ?? matched;
   const switchedMsg = name
@@ -343,16 +355,16 @@ function resolveStatusCommand(context: SlashContext): SlashResolution {
  * Resolve slash commands against the current skill catalog.
  * Returns `unknown` with a deterministic message, or the (possibly rewritten) content.
  */
-export function resolveSlash(
+export async function resolveSlash(
   content: string,
   context?: SlashContext,
-): SlashResolution {
+): Promise<SlashResolution> {
   // Check provider shortcuts first (/gpt4, /opus, etc.)
-  const providerResult = resolveProviderModelCommand(content);
+  const providerResult = await resolveProviderModelCommand(content);
   if (providerResult) return providerResult;
   // Handle /model command
-  const modelResult = resolveModelCommand(content);
+  const modelResult = await resolveModelCommand(content);
   if (modelResult) return modelResult;
   // Handle /pair command

package/src/daemon/session.ts CHANGED Viewed

@@ -348,6 +348,7 @@ export class Session {
       provider,
       systemPrompt: () => resolveSystemPromptCallback([]).systemPrompt,
       config: config.contextWindow,
+      toolTokenBudget: this.agentLoop.getToolTokenBudget(),
     });
     void getHookManager().trigger("session-start", {

package/src/daemon/shutdown-handlers.ts CHANGED Viewed

@@ -24,6 +24,7 @@ export interface ShutdownDeps {
   memoryWorker: { stop(): void };
   qdrantManager: QdrantManager;
   mcpManager: McpServerManager | null;
+  telemetryReporter: { stop(): Promise<void> } | null;
   cleanupPidFile: () => void;
 }
@@ -87,6 +88,20 @@ export function installShutdownHandlers(deps: ShutdownDeps): void {
       log.warn({ err }, "Enrichment service shutdown failed (non-fatal)");
     }
+    if (deps.telemetryReporter) {
+      try {
+        const timeout = new Promise<void>((_, reject) =>
+          setTimeout(
+            () => reject(new Error("Telemetry flush timed out")),
+            3_000,
+          ),
+        );
+        await Promise.race([deps.telemetryReporter.stop(), timeout]);
+      } catch (err) {
+        log.warn({ err }, "Telemetry reporter shutdown failed (non-fatal)");
+      }
+    }
     if (deps.runtimeHttp) await deps.runtimeHttp.stop();
     await browserManager.closeAllPages();
     deps.scheduler.stop();

package/src/daemon/watch-handler.ts CHANGED Viewed

@@ -107,7 +107,7 @@ export async function handleWatchObservation(
 async function generateCommentary(session: WatchSession): Promise<void> {
   try {
-    const provider = getConfiguredProvider();
+    const provider = await getConfiguredProvider();
     if (!provider) {
       log.warn(
         { watchId: session.watchId },
@@ -198,7 +198,7 @@ export async function generateSummary(session: WatchSession): Promise<void> {
       },
       "generateSummary starting — calling LLM",
     );
-    const provider = getConfiguredProvider();
+    const provider = await getConfiguredProvider();
     if (!provider) {
       log.warn(
         { watchId: session.watchId },

package/src/email/guardrails.ts CHANGED Viewed

@@ -104,7 +104,7 @@ export function setDailySendCap(cap: number): void {
   saveState(state);
 }
-export function isAddressAllowed(email: string): {
+function isAddressAllowed(email: string): {
   allowed: boolean;
   reason?: string;
   rule?: AddressRule;

package/src/email/service.ts CHANGED Viewed

@@ -382,8 +382,3 @@ export function getEmailService(): EmailService {
   }
   return instance;
 }
-/** @internal Test-only: reset singleton. */
-export function _resetEmailService(): void {
-  instance = null;
-}

package/src/events/domain-events.ts CHANGED Viewed

@@ -25,6 +25,7 @@ export interface ToolDomainEvents {
       | "allow_10m"
       | "allow_thread"
       | "always_allow"
+      | "always_allow_high_risk"
       | "deny"
       | "always_deny"
       | "temporary_override";

package/src/hooks/templates.ts CHANGED Viewed

@@ -18,7 +18,7 @@ const log = getLogger("hooks-templates");
 /**
  * Install bundled hook templates into the user's hooks directory.
- * Templates are copied from `assistant/hook-templates/` to `~/.vellum/workspace/hooks/`.
+ * Templates are copied from `assistant/hook-templates/` to `~/.vellum/hooks/`.
  * - Never overwrites existing hooks (user modifications are preserved).
  * - Newly installed hooks are disabled by default.
  */

package/src/media/app-icon-generator.ts CHANGED Viewed

@@ -15,6 +15,7 @@ import {
   buildManagedBaseUrl,
   resolveManagedProxyContext,
 } from "../providers/managed-proxy/context.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { getLogger } from "../util/logger.js";
 import {
   generateImage,
@@ -36,15 +37,15 @@ export async function generateAppIcon(
   appDescription?: string,
 ): Promise<void> {
   const config = getConfig();
-  const apiKey = config.apiKeys.gemini ?? process.env.GEMINI_API_KEY;
+  const apiKey = await getSecureKeyAsync("gemini");
   let credentials: ImageGenCredentials | undefined;
   if (apiKey) {
     credentials = { type: "direct", apiKey };
   } else {
-    const managedBaseUrl = buildManagedBaseUrl("vertex");
+    const managedBaseUrl = await buildManagedBaseUrl("vertex");
     if (managedBaseUrl) {
-      const ctx = resolveManagedProxyContext();
+      const ctx = await resolveManagedProxyContext();
       credentials = {
         type: "managed-proxy",
         assistantApiKey: ctx.assistantApiKey,