npm - @vellumai/assistant - Versions diffs - 0.4.56 → 0.5.0 - Mend

@vellumai/assistant 0.4.56 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (457) hide show

package/ARCHITECTURE.md +10 -10
package/Dockerfile +3 -0
package/README.md +11 -11
package/docs/architecture/integrations.md +2 -2
package/docs/architecture/memory.md +3 -4
package/docs/credential-execution-service.md +13 -20
package/node_modules/@vellumai/ces-contracts/src/error.ts +5 -4
package/package.json +1 -1
package/src/__tests__/actor-token-service.test.ts +7 -7
package/src/__tests__/anthropic-provider.test.ts +172 -0
package/src/__tests__/app-builder-tool-scripts.test.ts +15 -1
package/src/__tests__/approval-cascade.test.ts +2 -2
package/src/__tests__/approval-routes-http.test.ts +3 -4
package/src/__tests__/asset-materialize-tool.test.ts +5 -5
package/src/__tests__/asset-search-tool.test.ts +1 -1
package/src/__tests__/assistant-attachments.test.ts +5 -5
package/src/__tests__/assistant-events-sse-hardening.test.ts +1 -1
package/src/__tests__/assistant-feature-flags-integration.test.ts +50 -38
package/src/__tests__/attachments-store.test.ts +2 -2
package/src/__tests__/avatar-e2e.test.ts +5 -3
package/src/__tests__/browser-skill-endstate.test.ts +0 -1
package/src/__tests__/call-routes-http.test.ts +2 -2
package/src/__tests__/callback-handoff-copy.test.ts +1 -1
package/src/__tests__/cancel-resolves-conversation-key.test.ts +158 -0
package/src/__tests__/channel-readiness-routes.test.ts +0 -1
package/src/__tests__/channel-readiness-service.test.ts +0 -1
package/src/__tests__/checker.test.ts +31 -32
package/src/__tests__/chrome-cdp.test.ts +47 -18
package/src/__tests__/claude-code-skill-regression.test.ts +2 -2
package/src/__tests__/config-schema-cmd.test.ts +2 -2
package/src/__tests__/config-schema.test.ts +9 -18
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +1 -1
package/src/__tests__/conversation-abort-tool-results.test.ts +4 -4
package/src/__tests__/conversation-agent-loop-overflow.test.ts +2 -2
package/src/__tests__/conversation-agent-loop.test.ts +11 -4
package/src/__tests__/conversation-attachments.test.ts +1 -1
package/src/__tests__/conversation-confirmation-signals.test.ts +2 -2
package/src/__tests__/conversation-error.test.ts +33 -0
package/src/__tests__/conversation-init.benchmark.test.ts +0 -1
package/src/__tests__/conversation-load-history-repair.test.ts +1 -1
package/src/__tests__/conversation-pairing.test.ts +1 -1
package/src/__tests__/conversation-pre-run-repair.test.ts +4 -4
package/src/__tests__/conversation-provider-retry-repair.test.ts +4 -4
package/src/__tests__/conversation-queue.test.ts +23 -14
package/src/__tests__/conversation-routes-slash-commands.test.ts +3 -3
package/src/__tests__/conversation-runtime-assembly.test.ts +204 -185
package/src/__tests__/conversation-seed-composer.test.ts +1 -1
package/src/__tests__/conversation-slash-queue.test.ts +4 -4
package/src/__tests__/conversation-slash-unknown.test.ts +4 -4
package/src/__tests__/conversation-starter-routes.test.ts +291 -0
package/src/__tests__/conversation-wipe.test.ts +438 -0
package/src/__tests__/conversation-workspace-cache-state.test.ts +2 -3
package/src/__tests__/conversation-workspace-injection.test.ts +4 -5
package/src/__tests__/conversation-workspace-tool-tracking.test.ts +4 -5
package/src/__tests__/credential-security-e2e.test.ts +20 -0
package/src/__tests__/credential-security-invariants.test.ts +1 -0
package/src/__tests__/credential-vault-unit.test.ts +227 -0
package/src/__tests__/credentials-cli.test.ts +3 -0
package/src/__tests__/date-context.test.ts +59 -377
package/src/__tests__/drop-capability-card-state-migration.test.ts +169 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +11 -45
package/src/__tests__/emit-signal-routing-intent.test.ts +3 -3
package/src/__tests__/encrypted-store.test.ts +249 -15
package/src/__tests__/ephemeral-permissions.test.ts +4 -5
package/src/__tests__/event-bus.test.ts +3 -3
package/src/__tests__/file-read-tool.test.ts +40 -0
package/src/__tests__/gateway-only-enforcement.test.ts +2 -2
package/src/__tests__/gateway-only-guard.test.ts +1 -0
package/src/__tests__/gemini-image-service.test.ts +4 -4
package/src/__tests__/gemini-provider.test.ts +6 -9
package/src/__tests__/guardian-binding-drift-heal.test.ts +128 -0
package/src/__tests__/guardian-dispatch.test.ts +0 -1
package/src/__tests__/host-file-read-tool.test.ts +87 -0
package/src/__tests__/host-shell-tool.test.ts +6 -6
package/src/__tests__/http-user-message-parity.test.ts +2 -2
package/src/__tests__/identity-intro-cache.test.ts +209 -0
package/src/__tests__/intent-routing.test.ts +51 -99
package/src/__tests__/invite-routes-http.test.ts +5 -0
package/src/__tests__/list-messages-attachments.test.ts +1 -1
package/src/__tests__/managed-proxy-context.test.ts +2 -5
package/src/__tests__/managed-skill-lifecycle.test.ts +8 -8
package/src/__tests__/media-generate-image.test.ts +32 -15
package/src/__tests__/media-reuse-story.e2e.test.ts +1 -1
package/src/__tests__/memory-context-benchmark.benchmark.test.ts +1 -1
package/src/__tests__/memory-lifecycle-e2e.test.ts +24 -18
package/src/__tests__/memory-recall-quality.test.ts +4 -3
package/src/__tests__/memory-regressions.test.ts +86 -90
package/src/__tests__/migration-cross-version-compatibility.test.ts +32 -32
package/src/__tests__/migration-export-http.test.ts +26 -27
package/src/__tests__/migration-import-commit-http.test.ts +165 -37
package/src/__tests__/migration-import-preflight-http.test.ts +81 -20
package/src/__tests__/migration-validate-http.test.ts +16 -16
package/src/__tests__/model-intents.test.ts +2 -2
package/src/__tests__/no-domain-routing-in-prompt-guard.test.ts +1 -1
package/src/__tests__/non-member-access-request.test.ts +3 -3
package/src/__tests__/notification-broadcaster.test.ts +1 -1
package/src/__tests__/notification-decision-fallback.test.ts +2 -2
package/src/__tests__/notification-decision-identity.test.ts +8 -9
package/src/__tests__/notification-decision-strategy.test.ts +1 -1
package/src/__tests__/notification-deep-link.test.ts +1 -1
package/src/__tests__/notification-guardian-path.test.ts +0 -1
package/src/__tests__/notification-schedule-dedup.test.ts +7 -7
package/src/__tests__/oauth-store.test.ts +1 -3
package/src/__tests__/oauth2-gateway-transport.test.ts +6 -1
package/src/__tests__/onboarding-template-contract.test.ts +23 -59
package/src/__tests__/provider-error-scenarios.test.ts +154 -0
package/src/__tests__/provider-fail-open-selection.test.ts +2 -2
package/src/__tests__/provider-managed-proxy-integration.test.ts +8 -9
package/src/__tests__/provider-registry-ollama.test.ts +5 -2
package/src/__tests__/qdrant-manager.test.ts +7 -7
package/src/__tests__/ratelimit.test.ts +0 -74
package/src/__tests__/recording-handler.test.ts +0 -1
package/src/__tests__/require-fresh-approval.test.ts +1 -1
package/src/__tests__/runtime-attachment-metadata.test.ts +1 -1
package/src/__tests__/runtime-events-sse-parity.test.ts +1 -1
package/src/__tests__/runtime-events-sse.test.ts +1 -1
package/src/__tests__/scheduler-recurrence.test.ts +46 -2
package/src/__tests__/schema-transforms.test.ts +114 -54
package/src/__tests__/secret-onetime-send.test.ts +20 -0
package/src/__tests__/secret-routes-managed-proxy.test.ts +5 -2
package/src/__tests__/secret-scanner-executor.test.ts +1 -2
package/src/__tests__/send-endpoint-busy.test.ts +63 -4
package/src/__tests__/send-notification-tool.test.ts +2 -2
package/src/__tests__/shell-credential-ref.test.ts +0 -1
package/src/__tests__/shell-tool-proxy-mode.test.ts +1 -2
package/src/__tests__/skill-memory.test.ts +549 -0
package/src/__tests__/skill-script-runner-sandbox.test.ts +1 -2
package/src/__tests__/slack-app-setup-skill-regression.test.ts +37 -0
package/src/__tests__/slack-channel-config.test.ts +109 -94
package/src/__tests__/swarm-conversation-integration.test.ts +2 -2
package/src/__tests__/swarm-recursion.test.ts +2 -2
package/src/__tests__/swarm-tool.test.ts +2 -2
package/src/__tests__/system-prompt.test.ts +19 -66
package/src/__tests__/telegram-config.test.ts +121 -0
package/src/__tests__/terminal-tools.test.ts +1 -1
package/src/__tests__/tool-execution-abort-cleanup.test.ts +1 -2
package/src/__tests__/tool-executor-lifecycle-events.test.ts +1 -1
package/src/__tests__/tool-executor-shell-integration.test.ts +1 -1
package/src/__tests__/tool-executor.test.ts +1 -1
package/src/__tests__/trace-emitter.test.ts +8 -1
package/src/__tests__/trust-store.test.ts +7 -8
package/src/__tests__/twilio-routes.test.ts +1 -18
package/src/__tests__/user-reference.test.ts +82 -2
package/src/__tests__/vbundle-pax-and-symlink.test.ts +196 -0
package/src/__tests__/verification-control-plane-policy.test.ts +1 -1
package/src/approvals/guardian-request-resolvers.ts +3 -3
package/src/avatar/ascii-renderer.ts +2 -2
package/src/avatar/png-renderer.ts +2 -2
package/src/avatar/resvg-lazy.ts +21 -0
package/src/calls/guardian-dispatch.ts +1 -1
package/src/calls/relay-access-wait.ts +2 -2
package/src/calls/twilio-rest.ts +0 -248
package/src/cli/AGENTS.md +5 -8
package/src/cli/__tests__/notifications.test.ts +5 -5
package/src/cli/commands/avatar.ts +64 -2
package/src/cli/commands/conversations.ts +131 -1
package/src/cli/commands/credentials.ts +2 -0
package/src/cli/commands/notifications.ts +3 -3
package/src/cli.ts +10 -0
package/src/config/bundled-skills/acp/SKILL.md +5 -5
package/src/config/bundled-skills/acp/TOOLS.json +6 -6
package/src/config/bundled-skills/app-builder/SKILL.md +42 -42
package/src/config/bundled-skills/app-builder/TOOLS.json +10 -10
package/src/config/bundled-skills/browser/SKILL.md +15 -15
package/src/config/bundled-skills/browser/TOOLS.json +14 -14
package/src/config/bundled-skills/chatgpt-import/SKILL.md +2 -2
package/src/config/bundled-skills/chatgpt-import/TOOLS.json +1 -1
package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
package/src/config/bundled-skills/claude-code/SKILL.md +5 -5
package/src/config/bundled-skills/computer-use/SKILL.md +2 -2
package/src/config/bundled-skills/computer-use/TOOLS.json +15 -15
package/src/config/bundled-skills/contacts/SKILL.md +3 -3
package/src/config/bundled-skills/contacts/TOOLS.json +4 -4
package/src/config/bundled-skills/document/SKILL.md +4 -4
package/src/config/bundled-skills/document/TOOLS.json +2 -2
package/src/config/bundled-skills/followups/TOOLS.json +3 -3
package/src/config/bundled-skills/gmail/SKILL.md +32 -32
package/src/config/bundled-skills/gmail/TOOLS.json +16 -16
package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +1 -1
package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +1 -1
package/src/config/bundled-skills/google-calendar/SKILL.md +1 -1
package/src/config/bundled-skills/google-calendar/TOOLS.json +5 -5
package/src/config/bundled-skills/google-calendar/types.ts +1 -1
package/src/config/bundled-skills/heartbeat/SKILL.md +43 -0
package/src/config/bundled-skills/image-studio/SKILL.md +3 -3
package/src/config/bundled-skills/image-studio/TOOLS.json +2 -3
package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +16 -12
package/src/config/bundled-skills/media-processing/SKILL.md +40 -40
package/src/config/bundled-skills/media-processing/TOOLS.json +8 -8
package/src/config/bundled-skills/media-processing/__tests__/concurrency-pool.test.ts +2 -2
package/src/config/bundled-skills/media-processing/__tests__/preprocess.test.ts +1 -1
package/src/config/bundled-skills/media-processing/services/gemini-map.ts +5 -5
package/src/config/bundled-skills/media-processing/services/gemini-video.ts +2 -2
package/src/config/bundled-skills/media-processing/services/preprocess.ts +2 -2
package/src/config/bundled-skills/media-processing/services/processing-pipeline.ts +2 -2
package/src/config/bundled-skills/media-processing/services/reduce.ts +3 -3
package/src/config/bundled-skills/media-processing/tools/generate-clip.ts +2 -2
package/src/config/bundled-skills/media-processing/tools/query-media-events.ts +1 -1
package/src/config/bundled-skills/messaging/SKILL.md +29 -25
package/src/config/bundled-skills/messaging/TOOLS.json +11 -11
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +1 -1
package/src/config/bundled-skills/messaging/tools/shared.ts +1 -1
package/src/config/bundled-skills/notifications/SKILL.md +3 -3
package/src/config/bundled-skills/notifications/TOOLS.json +2 -2
package/src/config/bundled-skills/notifications/tools/send-notification.ts +3 -3
package/src/config/bundled-skills/orchestration/SKILL.md +1 -1
package/src/config/bundled-skills/orchestration/TOOLS.json +1 -1
package/src/config/bundled-skills/phone-calls/SKILL.md +18 -14
package/src/config/bundled-skills/phone-calls/TOOLS.json +3 -3
package/src/config/bundled-skills/phone-calls/references/CONFIG.md +2 -2
package/src/config/bundled-skills/phone-calls/references/TRANSCRIPTS.md +2 -2
package/src/config/bundled-skills/phone-calls/references/TROUBLESHOOTING.md +1 -1
package/src/config/bundled-skills/playbooks/TOOLS.json +4 -4
package/src/config/bundled-skills/schedule/SKILL.md +26 -26
package/src/config/bundled-skills/schedule/TOOLS.json +5 -5
package/src/config/bundled-skills/screen-watch/SKILL.md +3 -3
package/src/config/bundled-skills/screen-watch/TOOLS.json +1 -1
package/src/config/bundled-skills/sequences/SKILL.md +2 -2
package/src/config/bundled-skills/sequences/TOOLS.json +10 -10
package/src/config/bundled-skills/sequences/tools/sequence-analytics.ts +2 -2
package/src/config/bundled-skills/sequences/tools/sequence-enroll.ts +2 -2
package/src/config/bundled-skills/sequences/tools/sequence-enrollment-list.ts +1 -1
package/src/config/bundled-skills/sequences/tools/sequence-get.ts +1 -1
package/src/config/bundled-skills/sequences/tools/sequence-import.ts +3 -3
package/src/config/bundled-skills/sequences/tools/sequence-list.ts +1 -1
package/src/config/bundled-skills/sequences/tools/sequence-update.ts +1 -1
package/src/config/bundled-skills/settings/TOOLS.json +3 -3
package/src/config/bundled-skills/settings/tools/open-system-settings.ts +1 -1
package/src/config/bundled-skills/skill-management/TOOLS.json +5 -5
package/src/config/bundled-skills/skills-catalog/SKILL.md +84 -0
package/src/config/bundled-skills/slack/SKILL.md +2 -2
package/src/config/bundled-skills/slack/TOOLS.json +8 -8
package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts +3 -3
package/src/config/bundled-skills/subagent/TOOLS.json +5 -5
package/src/config/bundled-skills/tasks/SKILL.md +1 -1
package/src/config/bundled-skills/tasks/TOOLS.json +9 -9
package/src/config/bundled-skills/transcribe/SKILL.md +5 -5
package/src/config/bundled-skills/transcribe/TOOLS.json +1 -1
package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts +10 -10
package/src/config/bundled-skills/watcher/SKILL.md +4 -4
package/src/config/bundled-skills/watcher/TOOLS.json +5 -5
package/src/config/feature-flag-registry.json +33 -17
package/src/config/schemas/sandbox.ts +1 -1
package/src/config/schemas/services.ts +13 -3
package/src/config/schemas/timeouts.ts +0 -10
package/src/contacts/contact-store.ts +63 -0
package/src/contacts/contacts-write.ts +1 -1
package/src/daemon/assistant-attachments.ts +2 -2
package/src/daemon/conversation-agent-loop-handlers.ts +2 -2
package/src/daemon/conversation-agent-loop.ts +7 -30
package/src/daemon/conversation-error.ts +24 -0
package/src/daemon/conversation-memory.ts +8 -7
package/src/daemon/conversation-runtime-assembly.ts +141 -275
package/src/daemon/conversation-slash.ts +7 -26
package/src/daemon/conversation-surfaces.ts +14 -0
package/src/daemon/conversation-tool-setup.ts +9 -8
package/src/daemon/conversation.ts +2 -0
package/src/daemon/daemon-control.ts +1 -1
package/src/daemon/date-context.ts +10 -83
package/src/daemon/handlers/config-channels.ts +12 -2
package/src/daemon/handlers/config-slack-channel.ts +7 -1
package/src/daemon/handlers/config-telegram.ts +6 -1
package/src/daemon/handlers/conversations.ts +2 -2
package/src/daemon/handlers/skills.ts +4 -0
package/src/daemon/lifecycle.ts +28 -4
package/src/daemon/providers-setup.ts +1 -1
package/src/daemon/server.ts +1 -5
package/src/daemon/shutdown-handlers.ts +9 -3
package/src/daemon/tool-side-effects.ts +40 -0
package/src/daemon/trace-emitter.ts +26 -2
package/src/events/domain-events.ts +1 -1
package/src/events/tool-permission-telemetry-listener.ts +46 -0
package/src/inbound/platform-callback-registration.ts +0 -18
package/src/media/app-icon-generator.ts +15 -8
package/src/media/avatar-router.ts +15 -8
package/src/media/gemini-image-service.ts +125 -21
package/src/memory/attachments-store.ts +3 -3
package/src/memory/channel-verification-sessions.ts +6 -6
package/src/memory/conversation-crud.ts +196 -1
package/src/memory/{thread-starters-cadence.ts → conversation-starters-cadence.ts} +9 -42
package/src/memory/conversation-title-service.ts +2 -3
package/src/memory/db-init.ts +25 -1
package/src/memory/invite-store.ts +4 -4
package/src/memory/items-extractor.ts +4 -4
package/src/memory/job-handlers/{thread-starters.ts → conversation-starters.ts} +123 -38
package/src/memory/jobs-store.ts +3 -2
package/src/memory/jobs-worker.ts +7 -5
package/src/memory/lifecycle-events-store.ts +63 -0
package/src/memory/migrations/172-rename-created-by-session-id.ts +27 -0
package/src/memory/migrations/173-rename-source-session-id.ts +16 -0
package/src/memory/migrations/174-rename-thread-starters-table.ts +52 -0
package/src/memory/migrations/175-create-lifecycle-events.ts +15 -0
package/src/memory/migrations/176-drop-capability-card-state.ts +36 -0
package/src/memory/migrations/177-create-trace-events-table.ts +40 -0
package/src/memory/migrations/index.ts +6 -0
package/src/memory/migrations/registry.ts +13 -0
package/src/memory/retriever.test.ts +223 -96
package/src/memory/retriever.ts +115 -138
package/src/memory/schema/calls.ts +1 -1
package/src/memory/schema/contacts.ts +1 -1
package/src/memory/schema/infrastructure.ts +29 -0
package/src/memory/schema/memory-core.ts +7 -17
package/src/memory/schema/notifications.ts +1 -1
package/src/memory/search/formatting.ts +23 -6
package/src/memory/search/lexical.ts +2 -0
package/src/memory/search/semantic.ts +2 -0
package/src/memory/search/staleness.ts +5 -1
package/src/memory/search/types.ts +4 -0
package/src/memory/task-memory-cleanup.ts +96 -6
package/src/memory/trace-event-store.ts +148 -0
package/src/notifications/README.md +1 -1
package/src/notifications/decision-engine.ts +45 -4
package/src/notifications/emit-signal.ts +5 -4
package/src/notifications/events-store.ts +4 -4
package/src/notifications/signal.ts +1 -1
package/src/oauth/manual-token-connection.ts +49 -25
package/src/permissions/checker.ts +6 -5
package/src/permissions/defaults.ts +4 -4
package/src/prompts/__tests__/build-cli-reference-section.test.ts +9 -90
package/src/prompts/cache-boundary.ts +8 -0
package/src/prompts/system-prompt.ts +105 -634
package/src/prompts/templates/BOOTSTRAP.md +172 -33
package/src/prompts/templates/IDENTITY.md +8 -24
package/src/prompts/templates/SOUL.md +20 -41
package/src/prompts/templates/USER.md +3 -19
package/src/prompts/user-reference.ts +14 -16
package/src/providers/anthropic/client.ts +51 -19
package/src/providers/gemini/client.ts +6 -9
package/src/providers/managed-proxy/constants.ts +1 -7
package/src/providers/managed-proxy/context.ts +0 -1
package/src/providers/model-intents.ts +5 -5
package/src/providers/openai/client.ts +10 -1
package/src/providers/openrouter/client.ts +1 -0
package/src/providers/ratelimit.ts +0 -35
package/src/providers/registry.ts +3 -5
package/src/providers/retry.ts +18 -1
package/src/runtime/access-request-helper.ts +16 -2
package/src/runtime/auth/route-policy.ts +7 -0
package/src/runtime/channel-verification-service.ts +1 -1
package/src/runtime/confirmation-request-guardian-bridge.ts +1 -1
package/src/runtime/guardian-vellum-migration.ts +61 -1
package/src/runtime/http-server.ts +8 -4
package/src/runtime/migrations/vbundle-builder.ts +212 -32
package/src/runtime/migrations/vbundle-import-analyzer.ts +74 -8
package/src/runtime/migrations/vbundle-importer.ts +66 -1
package/src/runtime/migrations/vbundle-validator.ts +17 -3
package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +4 -4
package/src/runtime/routes/attachment-routes.ts +2 -2
package/src/runtime/routes/btw-routes.ts +93 -0
package/src/runtime/routes/channel-verification-routes.ts +19 -2
package/src/runtime/routes/conversation-management-routes.ts +55 -1
package/src/runtime/routes/conversation-query-routes.ts +1 -1
package/src/runtime/routes/conversation-routes.ts +49 -5
package/src/runtime/routes/conversation-starter-routes.ts +207 -0
package/src/runtime/routes/guardian-bootstrap-routes.ts +13 -9
package/src/runtime/routes/identity-intro-cache.ts +105 -0
package/src/runtime/routes/identity-routes.ts +51 -0
package/src/runtime/routes/inbound-stages/escalation-intercept.ts +1 -1
package/src/runtime/routes/inbound-stages/verification-intercept.ts +1 -1
package/src/runtime/routes/migration-routes.ts +25 -13
package/src/runtime/routes/secret-routes.ts +18 -0
package/src/runtime/routes/settings-routes.ts +9 -9
package/src/runtime/routes/telemetry-routes.ts +53 -0
package/src/runtime/routes/trace-event-routes.ts +62 -0
package/src/runtime/tool-grant-request-helper.ts +1 -1
package/src/runtime/verification-outbound-actions.ts +47 -31
package/src/security/encrypted-store.ts +262 -78
package/src/skills/catalog-install.ts +10 -0
package/src/skills/managed-store.ts +2 -0
package/src/skills/skill-memory.ts +222 -0
package/src/subagent/manager.ts +1 -4
package/src/telemetry/types.ts +10 -1
package/src/telemetry/usage-telemetry-reporter.test.ts +7 -2
package/src/telemetry/usage-telemetry-reporter.ts +53 -4
package/src/tools/AGENTS.md +11 -11
package/src/tools/acp/spawn.ts +1 -1
package/src/tools/apps/executors.ts +8 -8
package/src/tools/apps/registry.ts +1 -1
package/src/tools/assets/materialize.ts +6 -6
package/src/tools/assets/search.ts +10 -10
package/src/tools/browser/__tests__/auth-cache.test.ts +2 -2
package/src/tools/browser/__tests__/auth-detector.test.ts +4 -4
package/src/tools/browser/auth-detector.ts +6 -6
package/src/tools/browser/browser-execution.ts +13 -13
package/src/tools/browser/browser-manager.ts +3 -3
package/src/tools/browser/chrome-cdp.ts +5 -5
package/src/tools/browser/jit-auth.ts +2 -2
package/src/tools/browser/network-recorder.test.ts +2 -2
package/src/tools/browser/network-recorder.ts +3 -3
package/src/tools/browser/runtime-check.ts +3 -3
package/src/tools/claude-code/claude-code.ts +2 -2
package/src/tools/computer-use/definitions.ts +18 -18
package/src/tools/credential-execution/make-authenticated-request.ts +4 -4
package/src/tools/credential-execution/manage-secure-command-tool.ts +3 -3
package/src/tools/credential-execution/run-authenticated-command.ts +4 -4
package/src/tools/credentials/broker-types.ts +5 -5
package/src/tools/credentials/broker.ts +15 -15
package/src/tools/credentials/metadata-store.ts +2 -2
package/src/tools/credentials/resolve.ts +1 -1
package/src/tools/credentials/selection.ts +1 -1
package/src/tools/credentials/tool-policy.ts +1 -1
package/src/tools/credentials/vault.ts +115 -25
package/src/tools/execution-target.ts +2 -2
package/src/tools/executor.ts +7 -7
package/src/tools/filesystem/edit.ts +2 -2
package/src/tools/filesystem/read.ts +15 -4
package/src/tools/filesystem/write.ts +1 -1
package/src/tools/host-filesystem/edit.ts +2 -1
package/src/tools/host-filesystem/read.ts +18 -1
package/src/tools/host-filesystem/write.ts +1 -1
package/src/tools/host-terminal/host-shell.ts +9 -8
package/src/tools/mcp/mcp-tool-factory.ts +7 -6
package/src/tools/memory/definitions.ts +6 -5
package/src/tools/memory/handlers.test.ts +1 -1
package/src/tools/network/__tests__/web-search.test.ts +3 -3
package/src/tools/network/domain-normalize.ts +2 -2
package/src/tools/network/script-proxy/session-manager.ts +10 -10
package/src/tools/network/web-fetch.ts +1 -1
package/src/tools/network/web-search.ts +3 -3
package/src/tools/permission-checker.ts +8 -8
package/src/tools/registry.ts +7 -7
package/src/tools/schedule/list.ts +2 -2
package/src/tools/schema-transforms.ts +31 -21
package/src/tools/secret-detection-handler.ts +1 -1
package/src/tools/sensitive-output-placeholders.ts +1 -1
package/src/tools/shared/filesystem/edit-engine.ts +1 -1
package/src/tools/shared/filesystem/file-ops-service.ts +3 -3
package/src/tools/shared/filesystem/image-read.ts +25 -5
package/src/tools/shared/filesystem/path-policy.ts +2 -2
package/src/tools/shared/shell-output.ts +1 -1
package/src/tools/side-effects.ts +1 -1
package/src/tools/skills/execute.ts +1 -1
package/src/tools/skills/load.ts +3 -3
package/src/tools/skills/sandbox-runner.ts +3 -3
package/src/tools/subagent/read.ts +1 -1
package/src/tools/subagent/spawn.ts +2 -2
package/src/tools/swarm/delegate.ts +3 -3
package/src/tools/system/request-permission.ts +5 -4
package/src/tools/terminal/backends/native.ts +4 -4
package/src/tools/terminal/parser.ts +6 -6
package/src/tools/terminal/sandbox-diagnostics.ts +1 -1
package/src/tools/terminal/shell.ts +16 -16
package/src/tools/tool-approval-handler.ts +21 -12
package/src/tools/tool-manifest.ts +4 -4
package/src/tools/types.ts +3 -3
package/src/tools/ui-surface/definitions.ts +9 -37
package/src/tools/watcher/list.ts +1 -1
package/src/util/logger.ts +7 -2
package/src/util/pricing.ts +4 -0
package/src/util/retry.ts +29 -1
package/src/workspace/migrations/007-web-search-provider-rename.ts +37 -0
package/src/workspace/migrations/registry.ts +2 -0
package/src/__tests__/cli-help-reference-sync.test.ts +0 -26
package/src/__tests__/onboarding-starter-tasks.test.ts +0 -190
package/src/cli/reference.ts +0 -38
package/src/memory/job-handlers/capability-cards.ts +0 -420
package/src/runtime/routes/thread-starter-routes.ts +0 -294

package/src/providers/managed-proxy/constants.ts CHANGED Viewed

@@ -38,7 +38,7 @@ export const MANAGED_PROVIDER_META: Record<string, ManagedProviderMeta> = {
   gemini: {
     name: "gemini",
     managed: true,
-    proxyPath: "/v1/runtime-proxy/vertex",
+    proxyPath: "/v1/runtime-proxy/gemini",
   },
   fireworks: {
     name: "fireworks",
@@ -48,11 +48,5 @@ export const MANAGED_PROVIDER_META: Record<string, ManagedProviderMeta> = {
     name: "openrouter",
     managed: false,
   },
-  vertex: {
-    name: "vertex",
-    managed: true,
-    proxyPath: "/v1/runtime-proxy/vertex",
-  },
   ollama: { name: "ollama", managed: false },
 };

package/src/providers/managed-proxy/context.ts CHANGED Viewed

@@ -47,7 +47,6 @@ export async function resolveManagedProxyContext(): Promise<ManagedProxyContext>
   const platformBaseUrl = getPlatformBaseUrl().replace(/\/+$/, "");
   const assistantApiKey =
     (await getSecureKeyAsync(ASSISTANT_API_KEY_STORAGE_KEY)) ?? "";
   const enabled = !!platformBaseUrl && !!assistantApiKey;
   _managedProxyEnabled = enabled;

package/src/providers/model-intents.ts CHANGED Viewed

@@ -18,12 +18,12 @@ const PROVIDER_MODEL_INTENTS: Record<
   anthropic: {
     "latency-optimized": "claude-haiku-4-5-20251001",
     "quality-optimized": "claude-opus-4-6",
-    "vision-optimized": "claude-sonnet-4-6",
+    "vision-optimized": "claude-opus-4-6",
   },
   openai: {
-    "latency-optimized": "gpt-4o-mini",
-    "quality-optimized": "gpt-5.2",
-    "vision-optimized": "gpt-4o",
+    "latency-optimized": "gpt-5.4-nano",
+    "quality-optimized": "gpt-5.4",
+    "vision-optimized": "gpt-5.4",
   },
   gemini: {
     "latency-optimized": "gemini-3-flash",
@@ -42,7 +42,7 @@ const PROVIDER_MODEL_INTENTS: Record<
   },
   openrouter: {
     "latency-optimized": "x-ai/grok-4",
-    "quality-optimized": "x-ai/grok-4",
+    "quality-optimized": "x-ai/grok-4.20-beta",
     "vision-optimized": "x-ai/grok-4",
   },
 };

package/src/providers/openai/client.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import OpenAI from "openai";
+import { SYSTEM_PROMPT_CACHE_BOUNDARY } from "../../prompts/cache-boundary.js";
 import { ProviderError } from "../../util/errors.js";
 import { extractRetryAfterMs } from "../../util/retry.js";
 import { escapeXmlAttr } from "../../util/xml.js";
@@ -18,6 +19,8 @@ export interface OpenAICompatibleProviderOptions {
   providerName?: string;
   providerLabel?: string;
   streamTimeoutMs?: number;
+  /** Extra params spread into every chat.completions.create call (e.g. reasoning). */
+  extraCreateParams?: Record<string, unknown>;
 }
 const OPENAI_SUPPORTED_IMAGE_TYPES = new Set([
@@ -33,6 +36,7 @@ export class OpenAIProvider implements Provider {
   private client: OpenAI;
   private model: string;
   private streamTimeoutMs: number;
+  private extraCreateParams: Record<string, unknown>;
   constructor(
     apiKey: string,
@@ -47,6 +51,7 @@ export class OpenAIProvider implements Provider {
     });
     this.model = model;
     this.streamTimeoutMs = options.streamTimeoutMs ?? 300_000;
+    this.extraCreateParams = options.extraCreateParams ?? {};
   }
   async sendMessage(
@@ -69,6 +74,7 @@ export class OpenAIProvider implements Provider {
           messages: openaiMessages,
           stream: true as const,
           stream_options: { include_usage: true },
+          ...this.extraCreateParams,
         };
       if (maxTokens) {
@@ -224,7 +230,10 @@ export class OpenAIProvider implements Provider {
     const result: OpenAI.Chat.Completions.ChatCompletionMessageParam[] = [];
     if (systemPrompt) {
-      result.push({ role: "system", content: systemPrompt });
+      result.push({
+        role: "system",
+        content: systemPrompt.replaceAll(SYSTEM_PROMPT_CACHE_BOUNDARY, "\n"),
+      });
     }
     for (const msg of messages) {

package/src/providers/openrouter/client.ts CHANGED Viewed

@@ -19,6 +19,7 @@ export class OpenRouterProvider extends OpenAIProvider {
       providerName: "openrouter",
       providerLabel: "OpenRouter",
       streamTimeoutMs: options.streamTimeoutMs,
+      extraCreateParams: { reasoning: { enabled: true } },
     });
   }
 }

package/src/providers/ratelimit.ts CHANGED Viewed

@@ -15,7 +15,6 @@ export class RateLimitProvider implements Provider {
   public readonly name: string;
   private requestTimestamps: number[];
-  private sessionTokens = 0;
   constructor(
     private readonly inner: Provider,
@@ -33,7 +32,6 @@ export class RateLimitProvider implements Provider {
     options?: SendMessageOptions,
   ): Promise<ProviderResponse> {
     this.enforceRequestRate();
-    this.enforceTokenBudget();
     // Record the request timestamp before the await to prevent concurrent
     // calls from bypassing the rate limit during the async gap.
@@ -46,8 +44,6 @@ export class RateLimitProvider implements Provider {
       options,
     );
-    this.recordTokens(response.usage.inputTokens + response.usage.outputTokens);
     return response;
   }
@@ -89,39 +85,8 @@ export class RateLimitProvider implements Provider {
     }
   }
-  private enforceTokenBudget(): void {
-    const limit = this.config.maxTokensPerSession;
-    if (limit <= 0) return;
-    if (this.sessionTokens >= limit) {
-      log.warn(
-        {
-          provider: this.name,
-          sessionTokens: this.sessionTokens,
-          limit,
-        },
-        `Session token budget exhausted for ${this.name}: ${this.sessionTokens.toLocaleString()}/${limit.toLocaleString()}`,
-      );
-      throw new RateLimitError(
-        `Session token budget exhausted: ${this.sessionTokens.toLocaleString()}/${limit.toLocaleString()} tokens used. Start a new session to continue.`,
-      );
-    }
-  }
   private recordRequest(): void {
     if (this.config.maxRequestsPerMinute <= 0) return;
     this.requestTimestamps.push(Date.now());
   }
-  private recordTokens(tokens: number): void {
-    if (this.config.maxTokensPerSession <= 0) return;
-    this.sessionTokens += tokens;
-    log.debug(
-      {
-        sessionTokens: this.sessionTokens,
-        limit: this.config.maxTokensPerSession,
-      },
-      "Token usage updated",
-    );
-  }
 }

package/src/providers/registry.ts CHANGED Viewed

@@ -235,8 +235,7 @@ async function resolveProviderCredentials(
 } | null> {
   if (mode === "managed") {
     // In managed mode, try managed proxy first, then fall back to user key
-    const proxyName = providerName === "gemini" ? "vertex" : providerName;
-    const managedBaseUrl = await buildManagedBaseUrl(proxyName);
+    const managedBaseUrl = await buildManagedBaseUrl(providerName);
     if (managedBaseUrl) {
       const ctx = await resolveManagedProxyContext();
       return {
@@ -258,8 +257,7 @@ async function resolveProviderCredentials(
     return { apiKey: userKey, source: "user-key" };
   }
   // Fall back to managed proxy even in your-own mode (backwards compat)
-  const proxyName = providerName === "gemini" ? "vertex" : providerName;
-  const managedBaseUrl = await buildManagedBaseUrl(proxyName);
+  const managedBaseUrl = await buildManagedBaseUrl(providerName);
   if (managedBaseUrl) {
     const ctx = await resolveManagedProxyContext();
     return {
@@ -283,7 +281,7 @@ export async function initializeProviders(
     (config.timeouts?.providerStreamTimeoutSec ?? 300) * 1000;
   const inferenceMode = config.services.inference.mode;
   const useNativeWebSearch =
-    config.services["web-search"].provider === "anthropic-native";
+    config.services["web-search"].provider === "inference-provider-native";
   // Anthropic
   const anthropicCreds = await resolveProviderCredentials(

package/src/providers/retry.ts CHANGED Viewed

@@ -18,10 +18,25 @@ import type {
 const log = getLogger("retry");
+/** Patterns that indicate a transient streaming corruption from the SDK. */
+const RETRYABLE_STREAM_PATTERNS = [
+  "Unexpected event order",
+  "stream ended without producing",
+  "request ended without sending any chunks",
+  "stream has ended, this shouldn't happen",
+];
+function isRetryableStreamError(error: unknown): boolean {
+  if (!(error instanceof ProviderError)) return false;
+  if (error.statusCode !== undefined) return false; // has a real HTTP status — not a stream error
+  return RETRYABLE_STREAM_PATTERNS.some((p) => error.message.includes(p));
+}
 function isRetryableError(error: unknown): boolean {
   if (error instanceof ProviderError && error.statusCode !== undefined) {
     if (error.statusCode === 429 || error.statusCode >= 500) return true;
   }
+  if (isRetryableStreamError(error)) return true;
   return isRetryableNetworkError(error);
 }
@@ -127,7 +142,9 @@ export class RetryProvider implements Provider {
                   error.statusCode !== undefined &&
                   error.statusCode >= 500
                 ? `server_error_${error.statusCode}`
-                : "network_error";
+                : isRetryableStreamError(error)
+                  ? "stream_corruption"
+                  : "network_error";
           log.warn(
             {
               attempt: attempt + 1,

package/src/runtime/access-request-helper.ts CHANGED Viewed

@@ -200,10 +200,24 @@ export function notifyGuardianOfAccessRequest(
   });
   let vellumDeliveryId: string | null = null;
+  // When the access request originates from a text channel with
+  // notification delivery support (Slack, Telegram), route the guardian
+  // notification to that same channel only. Delivering on the macOS
+  // client as well is noisy and approving from there doesn't work
+  // because the desktop path lacks the channel delivery context needed
+  // to deliver the verification code. Phone is excluded because it is
+  // not a deliverable notification channel.
+  const TEXT_CHANNELS_WITH_DELIVERY: ReadonlySet<string> = new Set([
+    "slack",
+    "telegram",
+  ]);
+  const sameChannelOnly = TEXT_CHANNELS_WITH_DELIVERY.has(sourceChannel);
   void emitNotificationSignal({
     sourceEventName: "ingress.access_request",
     sourceChannel: sourceChannel as NotificationSourceChannel,
-    sourceSessionId: `access-req-${sourceChannel}-${actorExternalId}`,
+    sourceContextId: `access-req-${sourceChannel}-${actorExternalId}`,
+    ...(sameChannelOnly ? { routingIntent: "single_channel" as const } : {}),
     attentionHints: {
       requiresAction: true,
       urgency: "high",
@@ -258,7 +272,7 @@ export function notifyGuardianOfAccessRequest(
         applyDeliveryStatus(delivery.id, result);
       }
-      if (!vellumDeliveryId) {
+      if (!vellumDeliveryId && !sameChannelOnly) {
         const fallback = createCanonicalGuardianDelivery({
           requestId: canonicalRequest.id,
           destinationChannel: "vellum",

package/src/runtime/auth/route-policy.ts CHANGED Viewed

@@ -157,6 +157,9 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   // Events (SSE)
   { endpoint: "events", scopes: ["chat.read"] },
+  // Trace events
+  { endpoint: "trace-events", scopes: ["chat.read"] },
   // Attachments
   { endpoint: "attachments:POST", scopes: ["attachments.write"] },
   { endpoint: "attachments:DELETE", scopes: ["attachments.write"] },
@@ -291,6 +294,9 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "usage/daily", scopes: ["settings.read"] },
   { endpoint: "usage/breakdown", scopes: ["settings.read"] },
+  // Lifecycle telemetry
+  { endpoint: "telemetry/lifecycle", scopes: ["settings.write"] },
   // Debug
   { endpoint: "debug", scopes: ["settings.read"] },
@@ -337,6 +343,7 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "model/image-gen", scopes: ["settings.write"] },
   // Conversation management
+  { endpoint: "conversations/wipe", scopes: ["chat.write"] },
   { endpoint: "conversations/reorder", scopes: ["chat.write"] },
   // Conversation search

package/src/runtime/channel-verification-service.ts CHANGED Viewed

@@ -128,7 +128,7 @@ export function createInboundVerificationSession(
     channel,
     challengeHash,
     expiresAt,
-    createdByConversationId: conversationId,
+    sourceConversationId: conversationId,
   });
   const ttlSeconds = CHALLENGE_TTL_MS / 1000;

package/src/runtime/confirmation-request-guardian-bridge.ts CHANGED Viewed

@@ -146,7 +146,7 @@ export function bridgeConfirmationRequestToGuardian(
   const signalPromise = emitNotificationSignal({
     sourceEventName: "guardian.question",
     sourceChannel: sourceChannel as NotificationSourceChannel,
-    sourceSessionId: conversationId,
+    sourceContextId: conversationId,
     attentionHints: {
       requiresAction: true,
       urgency: "high",

package/src/runtime/guardian-vellum-migration.ts CHANGED Viewed

@@ -12,7 +12,10 @@
 import { v4 as uuid } from "uuid";
-import { findGuardianForChannel } from "../contacts/contact-store.js";
+import {
+  findGuardianForChannel,
+  updateContactPrincipalAndChannel,
+} from "../contacts/contact-store.js";
 import { createGuardianBinding } from "../contacts/contacts-write.js";
 import { getLogger } from "../util/logger.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "./assistant-scope.js";
@@ -70,3 +73,60 @@ export function ensureVellumGuardianBinding(
   return guardianPrincipalId;
 }
+/**
+ * Heal guardian binding drift for the vellum channel.
+ *
+ * After a DB reset, the daemon creates a new guardian binding with a fresh
+ * `vellum-principal-<uuid>`, but the client may still hold a valid JWT
+ * signed with the surviving signing key containing the old principal.
+ * The JWT passes signature validation but trust resolution returns
+ * `unknown` because the principals don't match.
+ *
+ * This function detects that scenario and updates the binding to match
+ * the JWT's principal. Only heals when both the stored and incoming
+ * principals have the `vellum-principal-` prefix (both auto-generated,
+ * no external identity meaning). The JWT's signature proves it was
+ * minted by this daemon's signing key.
+ *
+ * Returns true if healing occurred, false otherwise.
+ */
+export function healGuardianBindingDrift(incomingPrincipalId: string): boolean {
+  if (!incomingPrincipalId.startsWith("vellum-principal-")) {
+    return false;
+  }
+  const guardianResult = findGuardianForChannel("vellum");
+  if (!guardianResult) return false;
+  const currentPrincipalId = guardianResult.contact.principalId;
+  if (!currentPrincipalId?.startsWith("vellum-principal-")) return false;
+  if (currentPrincipalId === incomingPrincipalId) return false;
+  const updated = updateContactPrincipalAndChannel(
+    guardianResult.contact.id,
+    guardianResult.channel.id,
+    incomingPrincipalId,
+  );
+  if (!updated) {
+    log.warn(
+      {
+        oldPrincipalId: currentPrincipalId,
+        newPrincipalId: incomingPrincipalId,
+      },
+      "Skipped guardian binding drift heal — address collision on contact_channels",
+    );
+    return false;
+  }
+  log.info(
+    {
+      oldPrincipalId: currentPrincipalId,
+      newPrincipalId: incomingPrincipalId,
+    },
+    "Healed vellum guardian binding drift — updated principalId to match JWT actor",
+  );
+  return true;
+}

package/src/runtime/http-server.ts CHANGED Viewed

@@ -125,6 +125,7 @@ import { conversationAttentionRouteDefinitions } from "./routes/conversation-att
 import { conversationManagementRouteDefinitions } from "./routes/conversation-management-routes.js";
 import { conversationQueryRouteDefinitions } from "./routes/conversation-query-routes.js";
 import { conversationRouteDefinitions } from "./routes/conversation-routes.js";
+import { conversationStarterRouteDefinitions } from "./routes/conversation-starter-routes.js";
 import { debugRouteDefinitions } from "./routes/debug-routes.js";
 import { diagnosticsRouteDefinitions } from "./routes/diagnostics-routes.js";
 import { documentRouteDefinitions } from "./routes/documents-routes.js";
@@ -160,7 +161,8 @@ import { skillRouteDefinitions } from "./routes/skills-routes.js";
 import { subagentRouteDefinitions } from "./routes/subagents-routes.js";
 import { surfaceActionRouteDefinitions } from "./routes/surface-action-routes.js";
 import { surfaceContentRouteDefinitions } from "./routes/surface-content-routes.js";
-import { threadStarterRouteDefinitions } from "./routes/thread-starter-routes.js";
+import { telemetryRouteDefinitions } from "./routes/telemetry-routes.js";
+import { traceEventRouteDefinitions } from "./routes/trace-event-routes.js";
 import { trustRulesRouteDefinitions } from "./routes/trust-rules-routes.js";
 import { usageRouteDefinitions } from "./routes/usage-routes.js";
 import { watchRouteDefinitions } from "./routes/watch-routes.js";
@@ -198,8 +200,8 @@ const log = getLogger("runtime-http");
 const DEFAULT_PORT = 7821;
 const DEFAULT_HOSTNAME = "127.0.0.1";
-/** Global hard cap on request body size (50 MB). */
-const MAX_REQUEST_BODY_BYTES = 50 * 1024 * 1024;
+/** Global hard cap on request body size (150 MB — accommodates base64-encoded 100 MB attachments). */
+const MAX_REQUEST_BODY_BYTES = 150 * 1024 * 1024;
 export class RuntimeHttpServer {
   private server: ReturnType<typeof Bun.serve> | null = null;
@@ -739,9 +741,10 @@ export class RuntimeHttpServer {
       ...identityRouteDefinitions(),
       ...debugRouteDefinitions(),
       ...usageRouteDefinitions(),
+      ...telemetryRouteDefinitions(),
       ...workspaceRouteDefinitions(),
       ...memoryItemRouteDefinitions(),
-      ...threadStarterRouteDefinitions(),
+      ...conversationStarterRouteDefinitions(),
       ...settingsRouteDefinitions(),
       ...avatarRouteDefinitions(),
       ...scheduleRouteDefinitions({
@@ -1194,6 +1197,7 @@ export class RuntimeHttpServer {
       ...brainGraphRouteDefinitions({ mintUiPageToken }),
       ...eventsRouteDefinitions(),
+      ...traceEventRouteDefinitions(),
       ...migrationRouteDefinitions(),
       // Internal OAuth callback (gateway -> runtime)