@vellumai/assistant 0.5.10 → 0.5.11

package/src/daemon/conversation-memory.ts

@@ -187,7 +187,6 @@ export async function prepareMemoryContext(
             }
           : undefined,
         semanticHits: recall.semanticHits,
-        recencyHits: 0,
         tier1Count: recall.tier1Count ?? 0,
         tier2Count: recall.tier2Count ?? 0,
         hybridSearchLatencyMs: recall.hybridSearchMs ?? 0,

package/src/daemon/handlers/config-slack-channel.ts

@@ -19,6 +19,7 @@ import {
 } from "../../security/secure-keys.js";
 import {
   deleteCredentialMetadata,
+  getCredentialMetadata,
   upsertCredentialMetadata,
 } from "../../tools/credentials/metadata-store.js";
 import { log as _log } from "./shared.js";
@@ -38,6 +39,39 @@ export interface SlackChannelConfigResult {
   warning?: string;
 }
 
+// -- Helpers --
+
+const SLACK_INJECTION_TEMPLATES = [
+  {
+    hostPattern: "slack.com" as const,
+    injectionType: "header" as const,
+    headerName: "Authorization",
+    valuePrefix: "Bearer ",
+  },
+];
+
+/** Ensure the bot token credential has injection templates for the proxy. */
+function ensureBotTokenInjectionTemplates(): void {
+  upsertCredentialMetadata("slack_channel", "bot_token", {
+    allowedDomains: ["slack.com"],
+    injectionTemplates: SLACK_INJECTION_TEMPLATES,
+  });
+}
+
+/**
+ * Backfill injection templates on the Slack bot token credential.
+ * Called on daemon startup so existing credentials get proxy support.
+ */
+export function backfillSlackInjectionTemplates(): void {
+  const meta = getCredentialMetadata("slack_channel", "bot_token");
+  if (
+    meta &&
+    (!meta.injectionTemplates || meta.injectionTemplates.length === 0)
+  ) {
+    ensureBotTokenInjectionTemplates();
+  }
+}
+
 // -- Business logic --
 
 export async function getSlackChannelConfig(): Promise<SlackChannelConfigResult> {
@@ -56,6 +90,13 @@ export async function getSlackChannelConfig(): Promise<SlackChannelConfigResult>
   const conn = getConnectionByProvider("slack_channel");
   const connected =
     !!(conn && conn.status === "active") && hasBotToken && hasAppToken;
+
+  // Backfill injection templates for existing credentials that were stored
+  // before proxy support was added. Safe to call repeatedly (upsert merges).
+  if (hasBotToken) {
+    ensureBotTokenInjectionTemplates();
+  }
+
   return {
     success: true,
     hasBotToken,
@@ -168,7 +209,7 @@ export async function setSlackChannelConfig(
       };
     }
 
-    upsertCredentialMetadata("slack_channel", "bot_token", {});
+    ensureBotTokenInjectionTemplates();
 
     const raw = loadRawConfig();
     setNestedValue(raw, "slack.teamId", metadata.teamId ?? "");
@@ -255,6 +296,7 @@ export async function setSlackChannelConfig(
   // Sync oauth_connection record so getConnectionByProvider("slack_channel")
   // reflects the current credential state.
   if (hasBotToken && hasAppToken) {
+    ensureBotTokenInjectionTemplates();
     const accountInfo = metadata.teamName
       ? `${metadata.teamName}${metadata.botUsername ? ` (@${metadata.botUsername})` : ""}`
       : undefined;

package/src/daemon/handlers/conversations.ts

@@ -59,41 +59,49 @@ export function makeEventSender(params: {
 
   return (event: ServerMessage) => {
     if (event.type === "confirmation_request") {
-      pendingInteractions.register(event.requestId, {
-        conversation,
-        conversationId,
-        kind: "confirmation",
-        confirmationDetails: {
-          toolName: event.toolName,
-          input: event.input,
-          riskLevel: event.riskLevel,
-          executionTarget: event.executionTarget,
-          allowlistOptions: event.allowlistOptions,
-          scopeOptions: event.scopeOptions,
-          persistentDecisionsAllowed: event.persistentDecisionsAllowed,
-          temporaryOptionsAvailable: event.temporaryOptionsAvailable,
-        },
-      });
-
-      try {
-        const trustContext = conversation.trustContext;
-        createCanonicalGuardianRequest({
-          id: event.requestId,
-          kind: "tool_approval",
-          sourceType: "desktop",
-          sourceChannel,
+      // ACP permission requests are handled by client-handler.ts — skip
+      // the normal registration and guardian request creation for them.
+      // The ACP handler registers its own entry with directResolve after
+      // this callback returns.
+      const isAcpPermission = "acpToolKind" in event && !!event.acpToolKind;
+
+      if (!isAcpPermission) {
+        pendingInteractions.register(event.requestId, {
+          conversation,
           conversationId,
-          guardianPrincipalId: trustContext?.guardianPrincipalId ?? undefined,
-          toolName: event.toolName,
-          status: "pending",
-          requestCode: generateCanonicalRequestCode(),
-          expiresAt: Date.now() + 5 * 60 * 1000,
+          kind: "confirmation",
+          confirmationDetails: {
+            toolName: event.toolName,
+            input: event.input,
+            riskLevel: event.riskLevel,
+            executionTarget: event.executionTarget,
+            allowlistOptions: event.allowlistOptions,
+            scopeOptions: event.scopeOptions,
+            persistentDecisionsAllowed: event.persistentDecisionsAllowed,
+            temporaryOptionsAvailable: event.temporaryOptionsAvailable,
+          },
         });
-      } catch (err) {
-        log.debug(
-          { err, requestId: event.requestId, conversationId },
-          "Failed to create canonical request from local confirmation event",
-        );
+
+        try {
+          const trustContext = conversation.trustContext;
+          createCanonicalGuardianRequest({
+            id: event.requestId,
+            kind: "tool_approval",
+            sourceType: "desktop",
+            sourceChannel,
+            conversationId,
+            guardianPrincipalId: trustContext?.guardianPrincipalId ?? undefined,
+            toolName: event.toolName,
+            status: "pending",
+            requestCode: generateCanonicalRequestCode(),
+            expiresAt: Date.now() + 5 * 60 * 1000,
+          });
+        } catch (err) {
+          log.debug(
+            { err, requestId: event.requestId, conversationId },
+            "Failed to create canonical request from local confirmation event",
+          );
+        }
       }
     } else if (event.type === "secret_request") {
       pendingInteractions.register(event.requestId, {

package/src/daemon/lifecycle.ts

@@ -109,6 +109,7 @@ import {
   createGuardianActionCopyGenerator,
   createGuardianFollowUpConversationGenerator,
 } from "./guardian-action-generators.js";
+import { backfillSlackInjectionTemplates } from "./handlers/config-slack-channel.js";
 import {
   cancelGeneration,
   clearAllConversations,
@@ -282,7 +283,7 @@ export async function runDaemon(): Promise<void> {
     log.info("Daemon startup: workspace migrations complete");
 
     // Backfill oauth_connection rows for manual-token providers (Telegram,
-    // Slack channel) that already have keychain credentials from before the
+    // Slack channel) that already have stored credentials from before the
     // oauth_connection migration. Safe to call on every startup.
     //
     // Must run AFTER workspace migrations.
@@ -297,6 +298,17 @@ export async function runDaemon(): Promise<void> {
       );
     }
 
+    // Backfill injection templates on Slack bot token credentials so the
+    // credential proxy can inject Authorization headers. Safe on every startup.
+    try {
+      backfillSlackInjectionTemplates();
+    } catch (err) {
+      log.warn(
+        { err },
+        "Slack injection template backfill failed — continuing startup",
+      );
+    }
+
     // Now that workspace migrations have run (including 003-seed-device-id
     // which may copy the legacy installationId into device.json), it is safe
     // to read the device ID and set the Sentry tag.
@@ -839,6 +851,7 @@ export async function runDaemon(): Promise<void> {
         getHandlerContext: () => server.getHandlerContext(),
       }),
       getCesClient: () => server.getCesClient(),
+      getHeartbeatService: () => server.getHeartbeatService(),
     });
 
     // Inject voice bridge deps BEFORE attempting to start the HTTP server.
@@ -1092,8 +1105,19 @@ export async function runDaemon(): Promise<void> {
     const heartbeatConfig = config.heartbeat;
     const heartbeat = new HeartbeatService({
       processMessage: (conversationId, content) =>
-        server.processMessage(conversationId, content),
+        server.processMessage(conversationId, content, undefined, {
+          trustContext: {
+            sourceChannel: "vellum",
+            trustClass: "guardian",
+          },
+        }),
       alerter: (alert) => server.broadcast(alert),
+      onConversationCreated: (info) =>
+        server.broadcast({
+          type: "heartbeat_conversation_created",
+          conversationId: info.conversationId,
+          title: info.title,
+        }),
     });
     heartbeat.start();
     server.setHeartbeatService(heartbeat);

package/src/daemon/message-types/acp.ts

@@ -25,20 +25,6 @@ export interface AcpSessionUpdate {
   toolStatus?: string;
 }
 
-export interface AcpPermissionRequest {
-  type: "acp_permission_request";
-  acpSessionId: string;
-  requestId: string;
-  toolTitle: string;
-  toolKind: string;
-  rawInput?: unknown;
-  options: Array<{
-    optionId: string;
-    name: string;
-    kind: "allow_once" | "allow_always" | "reject_once" | "reject_always";
-  }>;
-}
-
 export interface AcpSessionCompleted {
   type: "acp_session_completed";
   acpSessionId: string;
@@ -61,6 +47,5 @@ export interface AcpSessionError {
 export type _AcpServerMessages =
   | AcpSessionSpawned
   | AcpSessionUpdate
-  | AcpPermissionRequest
   | AcpSessionCompleted
   | AcpSessionError;

package/src/daemon/message-types/memory.ts

@@ -21,7 +21,6 @@ export interface MemoryRecalled {
   model: string;
   degradation?: MemoryRecalledDegradation;
   semanticHits: number;
-  recencyHits: number;
   tier1Count: number;
   tier2Count: number;
   hybridSearchLatencyMs: number;

package/src/daemon/message-types/messages.ts

@@ -44,7 +44,7 @@ export interface SecretResponse {
   type: "secret_response";
   requestId: string;
   value?: string; // undefined = user cancelled
-  /** How the secret should be delivered: 'store' persists to keychain (default), 'transient_send' for one-time use without persisting. */
+  /** How the secret should be delivered: 'store' persists to credential store (default), 'transient_send' for one-time use without persisting. */
   delivery?: "store" | "transient_send";
 }
 
@@ -156,6 +156,14 @@ export interface ConfirmationRequest {
   temporaryOptionsAvailable?: Array<"allow_10m" | "allow_conversation">;
   /** The tool_use block ID for client-side correlation with specific tool calls. */
   toolUseId?: string;
+  /** ACP tool kind from the agent (e.g. "read", "edit", "execute"). Present only for ACP permission requests. */
+  acpToolKind?: string;
+  /** ACP permission options from the agent. Present only for ACP permission requests. Clients should use these to render the correct buttons. */
+  acpOptions?: Array<{
+    optionId: string;
+    name: string;
+    kind: "allow_once" | "allow_always" | "reject_once" | "reject_always";
+  }>;
 }
 
 export interface SecretRequest {

package/src/daemon/message-types/schedules.ts

@@ -84,6 +84,13 @@ export interface HeartbeatAlert {
   body: string;
 }
 
+/** Server push — broadcast when a heartbeat creates a conversation. */
+export interface HeartbeatConversationCreated {
+  type: "heartbeat_conversation_created";
+  conversationId: string;
+  title: string;
+}
+
 export interface HeartbeatConfigResponse {
   type: "heartbeat_config_response";
   enabled: boolean;
@@ -91,6 +98,7 @@ export interface HeartbeatConfigResponse {
   activeHoursStart: number | null;
   activeHoursEnd: number | null;
   nextRunAt: number | null;
+  lastRunAt: number | null;
   success: boolean;
   error?: string;
 }
@@ -141,6 +149,7 @@ export type _SchedulesClientMessages =
 export type _SchedulesServerMessages =
   | SchedulesListResponse
   | HeartbeatAlert
+  | HeartbeatConversationCreated
   | HeartbeatConfigResponse
   | HeartbeatRunsListResponse
   | HeartbeatRunNowResponse

package/src/daemon/server.ts

@@ -40,16 +40,14 @@ import { updateMetaFile } from "../memory/conversation-disk-view.js";
 import { getOrCreateConversation } from "../memory/conversation-key-store.js";
 import { buildSystemPrompt } from "../prompts/system-prompt.js";
 import { RateLimitProvider } from "../providers/ratelimit.js";
-import {
-  getProvider,
-  initializeProviders,
-} from "../providers/registry.js";
+import { getProvider, initializeProviders } from "../providers/registry.js";
 import { buildAssistantEvent } from "../runtime/assistant-event.js";
 import { assistantEventHub } from "../runtime/assistant-event-hub.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "../runtime/assistant-scope.js";
 import { getSigningKeyFingerprint } from "../runtime/auth/token-service.js";
 import { bridgeConfirmationRequestToGuardian } from "../runtime/confirmation-request-guardian-bridge.js";
 import * as pendingInteractions from "../runtime/pending-interactions.js";
+import { checkIngressForSecrets } from "../security/secret-ingress.js";
 import { registerCancelCallback } from "../signals/cancel.js";
 import { registerConversationUndoCallback } from "../signals/conversation-undo.js";
 import { appendEventToStream } from "../signals/event-stream.js";
@@ -304,6 +302,10 @@ export class DaemonServer {
     this._heartbeatService = service;
   }
 
+  getHeartbeatService(): HeartbeatService | undefined {
+    return this._heartbeatService;
+  }
+
   private deriveMemoryPolicy(conversationId: string): ConversationMemoryPolicy {
     const conversationType = getConversationType(conversationId);
     if (conversationType === "private") {
@@ -508,6 +510,18 @@ export class DaemonServer {
     );
 
     registerUserMessageCallback(async (params) => {
+      // Block messages containing known-format secrets before persistence
+      if (!params.bypassSecretCheck) {
+        const ingressResult = checkIngressForSecrets(params.content);
+        if (ingressResult.blocked) {
+          return {
+            accepted: false,
+            error: "secret_blocked" as const,
+            message: ingressResult.userNotice,
+          };
+        }
+      }
+
       const { conversationId } = getOrCreateConversation(
         params.conversationKey,
       );
@@ -702,9 +716,7 @@ export class DaemonServer {
 
       const createPromise = (async () => {
         const config = getConfig();
-        let provider = getProvider(
-          config.services.inference.provider,
-        );
+        let provider = getProvider(config.services.inference.provider);
         const { rateLimit } = config;
         if (rateLimit.maxRequestsPerMinute > 0) {
           provider = new RateLimitProvider(

package/src/email/feature-gate.ts

@@ -5,15 +5,15 @@
  * Delegates to the unified feature-flag resolver so that config overrides
  * and registry defaults are respected uniformly.
  *
- * The flag key follows the canonical `feature_flags.<id>.enabled` format
- * and is declared in `meta/feature-flags/feature-flag-registry.json`.
+ * The flag key uses simple kebab-case format and is declared in
+ * `meta/feature-flags/feature-flag-registry.json`.
  */
 
 import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import type { AssistantConfig } from "../config/schema.js";
 
 /** Gate for the entire email integration. */
-export const EMAIL_FLAG_KEY = "feature_flags.email-channel.enabled" as const;
+export const EMAIL_FLAG_KEY = "email-channel" as const;
 
 /**
  * Whether the email integration is enabled.

package/src/heartbeat/heartbeat-service.ts

@@ -17,6 +17,10 @@ export interface HeartbeatDeps {
     content: string,
   ) => Promise<{ messageId: string }>;
   alerter: (alert: HeartbeatAlert) => void;
+  onConversationCreated?: (info: {
+    conversationId: string;
+    title: string;
+  }) => void;
   /** Override for current hour (0-23), for testing. */
   getCurrentHour?: () => number;
 }
@@ -25,20 +29,34 @@ export class HeartbeatService {
   private readonly deps: HeartbeatDeps;
   private timer: ReturnType<typeof setInterval> | null = null;
   private activeRun: Promise<void> | null = null;
+  private _lastRunAt: number | null = null;
+  private _nextRunAt: number | null = null;
 
   constructor(deps: HeartbeatDeps) {
     this.deps = deps;
   }
 
+  /** Epoch-ms timestamp of the last completed heartbeat run. */
+  get lastRunAt(): number | null {
+    return this._lastRunAt;
+  }
+
+  /** Epoch-ms timestamp of the next scheduled heartbeat run. */
+  get nextRunAt(): number | null {
+    return this._nextRunAt;
+  }
+
   start(): void {
     const config = getConfig().heartbeat;
     if (!config.enabled) {
       log.info("Heartbeat disabled by config");
+      this._nextRunAt = null;
       return;
     }
     if (this.timer) return;
 
     log.info({ intervalMs: config.intervalMs }, "Heartbeat service started");
+    this.scheduleNextRun(config.intervalMs);
     this.timer = setInterval(() => {
       this.runOnce().catch((err) => {
         log.error({ err }, "Heartbeat runOnce failed");
@@ -52,14 +70,33 @@ export class HeartbeatService {
       clearInterval(this.timer);
       this.timer = null;
     }
+    this._nextRunAt = null;
     this.start();
   }
 
+  /**
+   * Reset the heartbeat timer so the next run is a full interval from now.
+   * Called when the guardian sends a message — no need for a heartbeat shortly
+   * after an active conversation.
+   */
+  resetTimer(): void {
+    if (!this.timer) return;
+    const config = getConfig().heartbeat;
+    clearInterval(this.timer);
+    this.scheduleNextRun(config.intervalMs);
+    this.timer = setInterval(() => {
+      this.runOnce().catch((err) => {
+        log.error({ err }, "Heartbeat runOnce failed");
+      });
+    }, config.intervalMs);
+  }
+
   async stop(): Promise<void> {
     if (this.timer) {
       clearInterval(this.timer);
       this.timer = null;
     }
+    this._nextRunAt = null;
     if (this.activeRun) {
       let timerId: ReturnType<typeof setTimeout>;
       const timeout = new Promise<void>((resolve) => {
@@ -116,10 +153,16 @@ export class HeartbeatService {
       await run;
     } finally {
       this.activeRun = null;
+      this._lastRunAt = Date.now();
+      this.scheduleNextRun(getConfig().heartbeat.intervalMs);
     }
     return true;
   }
 
+  private scheduleNextRun(intervalMs: number): void {
+    this._nextRunAt = Date.now() + intervalMs;
+  }
+
   private async executeRun(): Promise<void> {
     log.info("Running heartbeat");
 
@@ -134,6 +177,11 @@ export class HeartbeatService {
         systemHint: "Heartbeat",
       });
 
+      this.deps.onConversationCreated?.({
+        conversationId: conversation.id,
+        title: "Heartbeat",
+      });
+
       await this.deps.processMessage(conversation.id, prompt);
       log.info({ conversationId: conversation.id }, "Heartbeat completed");
     } catch (err) {

package/src/inbound/platform-callback-registration.ts

@@ -24,10 +24,22 @@ import {
   getPlatformInternalApiKey,
 } from "../config/env.js";
 import { getIsContainerized } from "../config/env-registry.js";
+import { credentialKey } from "../security/credential-key.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { getLogger } from "../util/logger.js";
 
 const log = getLogger("platform-callback-registration");
 
+export interface PlatformCallbackRegistrationContext {
+  containerized: boolean;
+  platformBaseUrl: string;
+  assistantId: string;
+  hasInternalApiKey: boolean;
+  hasAssistantApiKey: boolean;
+  authHeader: string | null;
+  enabled: boolean;
+}
+
 /**
  * Whether the daemon should register callback routes with the platform.
  * True when IS_CONTAINERIZED, VELLUM_PLATFORM_URL, and PLATFORM_ASSISTANT_ID
@@ -43,6 +55,45 @@ export function shouldUsePlatformCallbacks(): boolean {
   );
 }
 
+export async function resolvePlatformCallbackRegistrationContext(): Promise<PlatformCallbackRegistrationContext> {
+  const containerized = getIsContainerized();
+  const [storedBaseUrlRaw, storedAssistantIdRaw, storedAssistantApiKeyRaw] =
+    await Promise.all([
+      getSecureKeyAsync(credentialKey("vellum", "platform_base_url")),
+      getSecureKeyAsync(credentialKey("vellum", "platform_assistant_id")),
+      getSecureKeyAsync(credentialKey("vellum", "assistant_api_key")),
+    ]);
+
+  const storedBaseUrl = storedBaseUrlRaw?.trim();
+  const platformBaseUrl = (storedBaseUrl || getPlatformBaseUrl()).replace(
+    /\/+$/,
+    "",
+  );
+  const assistantId =
+    getPlatformAssistantId().trim() || storedAssistantIdRaw?.trim() || "";
+  const internalApiKey = getPlatformInternalApiKey().trim();
+  const assistantApiKey = storedAssistantApiKeyRaw?.trim() || "";
+  const authHeader = internalApiKey
+    ? `Bearer ${internalApiKey}`
+    : assistantApiKey
+      ? `Api-Key ${assistantApiKey}`
+      : null;
+
+  return {
+    containerized,
+    platformBaseUrl,
+    assistantId,
+    hasInternalApiKey: internalApiKey.length > 0,
+    hasAssistantApiKey: assistantApiKey.length > 0,
+    authHeader,
+    enabled:
+      containerized &&
+      platformBaseUrl.length > 0 &&
+      assistantId.length > 0 &&
+      authHeader !== null,
+  };
+}
+
 interface RegisterCallbackRouteResponse {
   callback_url: string;
   callback_path: string;
@@ -65,20 +116,23 @@ export async function registerCallbackRoute(
   callbackPath: string,
   type: string,
 ): Promise<string> {
-  const platformBaseUrl = getPlatformBaseUrl().replace(/\/+$/, "");
-  const assistantId = getPlatformAssistantId();
-  const apiKey = getPlatformInternalApiKey();
+  const context = await resolvePlatformCallbackRegistrationContext();
+  if (!context.enabled || !context.authHeader) {
+    throw new Error(
+      "Platform callbacks not available — missing containerized platform registration context",
+    );
+  }
+
+  const platformBaseUrl = context.platformBaseUrl;
+  const assistantId = context.assistantId;
 
   const url = `${platformBaseUrl}/v1/internal/gateway/callback-routes/register/`;
 
   const headers: Record<string, string> = {
     "Content-Type": "application/json",
+    Authorization: context.authHeader,
   };
 
-  if (apiKey) {
-    headers["Authorization"] = `Bearer ${apiKey}`;
-  }
-
   const body = JSON.stringify({
     assistant_id: assistantId,
     callback_path: callbackPath,

package/src/mcp/mcp-oauth-provider.ts

@@ -1,8 +1,8 @@
 /**
  * OAuthClientProvider implementation for MCP servers.
  *
- * Uses secure-keys (OS keychain / encrypted file store) for persistent
- * credential storage and a loopback HTTP server for the browser callback.
+ * Uses secure-keys (credential store) for persistent credential storage
+ * and a loopback HTTP server for the browser callback.
  */
 
 import { createServer, type Server } from "node:http";
@@ -30,7 +30,7 @@ const log = getLogger("mcp-oauth");
 const CALLBACK_PATH = "/oauth/callback";
 const CALLBACK_TIMEOUT_MS = 2 * 60 * 1000; // 2 minutes
 
-// Keychain key helpers
+// Credential store key helpers
 function tokensKey(serverId: string): string {
   return `mcp:${serverId}:tokens`;
 }

package/src/memory/app-store.ts

@@ -75,10 +75,10 @@ export function inlineDistAssets(appDir: string, html: string): string {
   // Inline main.js
   const jsPath = join(distDir, "main.js");
   if (existsSync(jsPath)) {
-    const js = readFileSync(jsPath, "utf-8");
+    const js = readFileSync(jsPath, "utf-8").replace(/<\/script>/g, "<\\/script>");
     html = html.replace(
       /<script\s+type="module"\s+src="main\.js"\s*><\/script>/,
-      `<script type="module">${js}</script>`,
+      () => `<script type="module">${js}</script>`,
     );
   }
 
@@ -88,7 +88,7 @@ export function inlineDistAssets(appDir: string, html: string): string {
     const css = readFileSync(cssPath, "utf-8");
     html = html.replace(
       /<link\s+rel="stylesheet"\s+href="main\.css"\s*>/,
-      `<style>${css}</style>`,
+      () => `<style>${css}</style>`,
     );
   }