@vellumai/assistant 0.5.11 → 0.5.13

package/src/prompts/system-prompt.ts

@@ -1,8 +1,15 @@
-import { copyFileSync, existsSync, mkdirSync, readFileSync } from "node:fs";
+import {
+  copyFileSync,
+  existsSync,
+  mkdirSync,
+  readdirSync,
+  readFileSync,
+  unlinkSync,
+} from "node:fs";
 import { join } from "node:path";
 
 import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
-import { getBaseDataDir, getIsContainerized } from "../config/env-registry.js";
+import { getIsContainerized } from "../config/env-registry.js";
 import { getConfig } from "../config/loader.js";
 import { skillFlagKey } from "../config/skill-state.js";
 import { loadSkillCatalog, type SkillSummary } from "../config/skills.js";
@@ -10,6 +17,7 @@ import { listConnections } from "../oauth/oauth-store.js";
 import { resolveBundledDir } from "../util/bundled-asset.js";
 import { getLogger } from "../util/logger.js";
 import {
+  getConversationsDir,
   getWorkspaceDir,
   getWorkspacePromptPath,
   isMacOS,
@@ -84,6 +92,24 @@ export function ensurePromptFiles(): void {
     }
   }
 
+  // Auto-delete stale BOOTSTRAP.md at startup.  The model is instructed to
+  // delete it at the end of the first conversation, but if the user closes
+  // the app or starts a new thread before the model gets another turn, it
+  // never gets the chance.  If BOOTSTRAP.md still exists but prior
+  // conversations are present, the onboarding window has passed — clean up.
+  const bootstrapCleanup = getWorkspacePromptPath("BOOTSTRAP.md");
+  if (!isFirstRun && existsSync(bootstrapCleanup)) {
+    const convDir = getConversationsDir();
+    try {
+      if (existsSync(convDir) && readdirSync(convDir).length > 0) {
+        unlinkSync(bootstrapCleanup);
+        log.info("Auto-deleted stale BOOTSTRAP.md — prior conversations exist");
+      }
+    } catch (err) {
+      log.warn({ err }, "Failed to auto-delete stale BOOTSTRAP.md");
+    }
+  }
+
   // Seed NOW.md scratchpad — always created if missing, regardless of whether
   // this is a fresh install or not.  Kept out of PROMPT_FILES because NOW.md is
   // ephemeral state, not identity context.
@@ -171,6 +197,7 @@ export function buildSystemPrompt(options?: BuildSystemPromptOptions): string {
   // System Permissions section removed — guidance lives in request_system_permission tool description.
   // Parallel Task Orchestration section removed — orchestration skill description + hints cover this.
   staticParts.push(buildAccessPreferenceSection(hasNoClient));
+  staticParts.push(buildCredentialSecuritySection());
   // Memory Persistence, Memory Recall, Workspace Reflection, Learning from Mistakes
   // sections removed — guidance lives in memory_manage/memory_recall tool descriptions
   // and the Proactive Workspace Editing subsection in Configuration.
@@ -206,7 +233,15 @@ export function buildSystemPrompt(options?: BuildSystemPromptOptions): string {
   const userIsTemplate = isTemplateContent(user, "USER.md");
 
   if (identity && !identityIsTemplate) {
-    dynamicParts.push(identity);
+    // Strip placeholder lines (e.g. "- **Name:** _(not yet chosen)_") so
+    // the model doesn't treat unresolved fields as prompts to ask the user.
+    const cleanedIdentity = identity
+      .split("\n")
+      .filter((line) => !/_\(not yet (?:chosen|established)\)_/.test(line))
+      .join("\n");
+    if (cleanedIdentity.trim()) {
+      dynamicParts.push(cleanedIdentity);
+    }
   }
   if (soul) dynamicParts.push(soul);
   if (options?.userPersona) dynamicParts.push(options.userPersona);
@@ -275,6 +310,8 @@ function buildInChatConfigurationSection(): string {
     "## In-Chat Configuration",
     "",
     "When the user needs to configure a value, collect it conversationally in the chat. Never direct the user to the Settings page for initial setup - Settings is for reviewing and updating existing configuration.",
+    "",
+    'The Settings tabs are: General, Models & Services, Voice, Sounds, Permissions & Privacy, Billing, Archived Conversations, Schedules, Developer. There is NO "Integrations" tab — never refer to "Settings > Integrations". For API keys and provider configuration, the correct tab is "Models & Services".',
   ].join("\n");
 }
 
@@ -300,6 +337,14 @@ function buildAccessPreferenceSection(hasNoClient: boolean): string {
   ].join("\n");
 }
 
+function buildCredentialSecuritySection(): string {
+  return [
+    "## Credential Security",
+    "",
+    'Never ask users to share secrets (API keys, tokens, passwords, webhook secrets) in chat — secret messages may be blocked at ingress. Use the `credential_store` tool with `action: "prompt"` instead; it collects secrets through a secure UI that never exposes the value in the conversation. Non-secret values (Client IDs, Account SIDs, usernames) may be collected conversationally.',
+  ].join("\n");
+}
+
 function buildIntegrationSection(): string {
   let connections: { providerKey: string; accountInfo?: string | null }[];
   try {
@@ -323,16 +368,16 @@ function buildIntegrationSection(): string {
 }
 
 function buildContainerizedSection(): string {
-  const baseDataDir = getBaseDataDir() ?? "$BASE_DATA_DIR";
+  const workspaceDir = getWorkspaceDir();
   return [
     "## Running in a Container - Data Persistence",
     "",
-    `You are running inside a container. Only the directory \`${baseDataDir}\` is mounted to a persistent volume.`,
+    `You are running inside a container. Only the directory \`${workspaceDir}\` is mounted to a persistent volume.`,
     "",
     "**Any new files or data you create MUST be written inside that directory, or they will be lost when the container restarts.**",
     "",
     "Rules:",
-    `- Always store new data, notes, memories, configs, and downloads under \`${baseDataDir}\``,
+    `- Always store new data, notes, memories, configs, and downloads under \`${workspaceDir}\``,
     "- Never write persistent data to system directories, `/tmp`, or paths outside the mounted volume",
     "- When in doubt, prefer paths nested under the data directory",
     "- If you create a file that is only needed temporarily (scratch files, intermediate outputs, download staging), delete it when you are done - disk space on the persistent volume is finite and will grow unboundedly if temp files are not cleaned up",
@@ -435,9 +480,9 @@ function readPromptFile(path: string): string | null {
  * This is useful for injecting identity context into subsystems (e.g. memory
  * extraction) that run outside the main system prompt pipeline.
  */
-export function buildCoreIdentityContext(
-  opts?: { userPersona?: string | null },
-): string | null {
+export function buildCoreIdentityContext(opts?: {
+  userPersona?: string | null;
+}): string | null {
   const parts: string[] = [];
   for (const file of PROMPT_FILES) {
     const content = readPromptFile(getWorkspacePromptPath(file));

package/src/prompts/templates/BOOTSTRAP.md

@@ -194,9 +194,13 @@ When saving to `USER.md`, mark declined fields so you don't re-ask later (e.g.,
 
 ## Saving What You Learn
 
-Save what you learn as you go. Update `IDENTITY.md` (name, nature, personality, style tendency) and `USER.md` (their name, how to address them, goals, locale, work role, hobbies, daily tools) using `file_edit`. If the conversation reveals how the user wants you to behave (e.g., "be direct," "don't be too chatty"), save those behavioral guidelines to `SOUL.md`.
+**Call `file_edit` immediately whenever you learn something, in the same turn.** Don't batch saves for later. Don't wait until onboarding is "done." The moment the user gives you a name, call `file_edit` on IDENTITY.md in that same response. The moment you infer their communication style, call `file_edit` on SOUL.md. Every piece of information gets saved the turn you learn it.
 
-Do it quietly. Don't tell the user which files you're editing or mention tool names.
+**The contents of IDENTITY.md, SOUL.md, and USER.md are already in your system prompt.** Use the exact text you see there for the `old_string` in `file_edit`. Do not guess or invent content that isn't in your context.
+
+Update `IDENTITY.md` (name, nature, personality, style tendency) and `USER.md` (their name, how to address them, goals, locale, work role, hobbies, daily tools). If the conversation reveals how the user wants you to behave (e.g., "be direct," "don't be too chatty"), save those behavioral guidelines to `SOUL.md`.
+
+Do it silently. Never tell the user you're saving, never mention file names or tool names. Just call `file_edit` alongside your normal response.
 
 When saving to `IDENTITY.md`, be specific about the tone, energy, and conversational style you discovered during onboarding. This file persists after onboarding, so everything about how you should come across needs to be captured there. Not just your name, but the full vibe: how you talk, how much energy you bring, whether you're blunt or gentle, funny or serious.
 
@@ -204,11 +208,18 @@ When saving to `SOUL.md`, also add an `## Identity Intro` section with a very sh
 
 ## Wrapping Up
 
-Once you've completed Phase 1 and made reasonable progress through Phase 2, you're done with onboarding. Use your best judgment on when the conversation has naturally moved past the bootstrap stage. There's no hard checklist. The goal is that the user feels set up and ready to work, not that every box is ticked.
+**Always delete `BOOTSTRAP.md` at the end of this conversation, regardless of how far you got through the phases.** Onboarding is a one-shot opportunity. If the user skipped steps, partially completed them, or blazed through everything, it doesn't matter. Delete it. Never let a second conversation start with the first-run script.
+
+Deletion triggers:
+- The conversation is ending (user stops responding, says bye, moves on)
+- The user completed Phase 2 (ideal case)
+- The user named you but skipped other steps
+- The user explicitly skipped onboarding ("skip", "not now", "later")
+- The user ignored the onboarding pitch and just did tasks
 
-If you still haven't shown the two suggestions (Phase 2 step 4), do that before wrapping.
+If onboarding was partial, that's fine. IDENTITY.md, SOUL.md, and USER.md persist. You can organically pick up incomplete personalization in future conversations by checking those files, without replaying the bootstrap script.
 
-When you're confident onboarding is complete, delete `BOOTSTRAP.md` so it doesn't re-trigger on the next conversation.
+If you still haven't shown the two suggestions (Phase 2 step 4), try to fit them in before wrapping, but do NOT let that block deletion of BOOTSTRAP.md.
 
 ---
 

package/src/providers/anthropic/client.ts

@@ -253,8 +253,7 @@ function expandCollapsedAssistantTurns(
 
     for (const block of content) {
       const type = (block as { type: string }).type;
-      const isThinking =
-        type === "thinking" || type === "redacted_thinking";
+      const isThinking = type === "thinking" || type === "redacted_thinking";
 
       if (isThinking && segmentHasToolUse) {
         segments.push(current);
@@ -310,10 +309,7 @@ function expandCollapsedAssistantTurns(
     // tool_results that were already distributed to intermediate segments.
     if (nextIsUser) {
       const remainingResults = Array.from(toolResultMap.values());
-      const rebuiltUserContent = [
-        ...remainingResults,
-        ...nonToolResultContent,
-      ];
+      const rebuiltUserContent = [...remainingResults, ...nonToolResultContent];
       // Replace the original user message with the rebuilt one
       result.push({
         role: "user" as const,
@@ -949,10 +945,6 @@ export class AnthropicProvider implements Provider {
           signal: timeoutSignal,
         }) as unknown as UnifiedStream;
 
-        // Track whether we've seen a text content block so we can insert a
-        // separator between consecutive text blocks in the same response.
-        let hasSeenTextBlock = false;
-
         stream.on("text", (text) => {
           onEvent?.({ type: "text_delta", text });
         });
@@ -969,29 +961,6 @@ export class AnthropicProvider implements Provider {
         let pendingInputJsonFlush: ReturnType<typeof setTimeout> | undefined;
 
         stream.on("streamEvent", (event) => {
-          // Insert a space separator when a new text content block starts
-          // after a previous one, so consecutive text blocks don't get
-          // concatenated without whitespace (e.g. "sentence.NextSentence").
-          // Uses a space instead of \n because the client's MarkdownRenderer
-          // can collapse soft line breaks (\n) within a paragraph.
-          if (
-            event.type === "content_block_start" &&
-            event.content_block.type === "text"
-          ) {
-            if (hasSeenTextBlock) {
-              onEvent?.({ type: "text_delta", text: " " });
-            }
-            hasSeenTextBlock = true;
-          } else if (
-            event.type === "content_block_start" &&
-            event.content_block.type === "tool_use"
-          ) {
-            // Reset only for client-side tool_use blocks, which create visual
-            // separators in the UI. Server-side tool blocks (server_tool_use,
-            // web_search_tool_result) are transparent in the text stream and
-            // need the space preserved between surrounding text blocks.
-            hasSeenTextBlock = false;
-          }
           if (
             event.type === "content_block_start" &&
             event.content_block.type === "tool_use"

package/src/runtime/guardian-action-service.ts

@@ -42,7 +42,7 @@ export interface ProcessGuardianDecisionParams {
 }
 
 export type ProcessGuardianDecisionResult =
-  | { ok: true; applied: true; requestId: string }
+  | { ok: true; applied: true; requestId: string; replyText?: string }
   | {
       ok: true;
       applied: false;
@@ -116,7 +116,12 @@ export async function processGuardianDecision(
       };
     }
 
-    return { ok: true, applied: true, requestId: canonicalResult.requestId };
+    return {
+      ok: true,
+      applied: true,
+      requestId: canonicalResult.requestId,
+      replyText: canonicalResult.resolverReplyText,
+    };
   }
 
   return {

package/src/runtime/http-server.ts

@@ -6,7 +6,6 @@
  */
 
 import { existsSync, readFileSync } from "node:fs";
-import { homedir } from "node:os";
 import { join, resolve } from "node:path";
 
 import type { ServerWebSocket } from "bun";
@@ -28,13 +27,11 @@ import {
   handleVoiceWebhook,
 } from "../calls/twilio-routes.js";
 import { parseChannelId } from "../channels/types.js";
-import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import {
   getGatewayInternalBaseUrl,
   hasUngatedHttpAuthDisabled,
   isHttpAuthDisabled,
 } from "../config/env.js";
-import { getConfig } from "../config/loader.js";
 import type { ServerMessage } from "../daemon/message-protocol.js";
 import { PairingStore } from "../daemon/pairing-store.js";
 import {
@@ -64,6 +61,7 @@ import {
 } from "../security/oauth-callback-registry.js";
 import { UserError } from "../util/errors.js";
 import { getLogger } from "../util/logger.js";
+import { getRootDir } from "../util/platform.js";
 import { buildAssistantEvent } from "./assistant-event.js";
 import { assistantEventHub } from "./assistant-event-hub.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "./assistant-scope.js";
@@ -251,6 +249,7 @@ export class RuntimeHttpServer {
   private getWatchDeps?: RuntimeHttpServerOptions["getWatchDeps"];
   private getRecordingDeps?: RuntimeHttpServerOptions["getRecordingDeps"];
   private getCesClient?: RuntimeHttpServerOptions["getCesClient"];
+  private onProviderCredentialsChanged?: RuntimeHttpServerOptions["onProviderCredentialsChanged"];
   private getHeartbeatService?: RuntimeHttpServerOptions["getHeartbeatService"];
   private router: HttpRouter;
 
@@ -274,6 +273,7 @@ export class RuntimeHttpServer {
     this.getWatchDeps = options.getWatchDeps;
     this.getRecordingDeps = options.getRecordingDeps;
     this.getCesClient = options.getCesClient;
+    this.onProviderCredentialsChanged = options.onProviderCredentialsChanged;
     this.getHeartbeatService = options.getHeartbeatService;
     this.router = new HttpRouter(this.buildRouteTable());
   }
@@ -296,8 +296,7 @@ export class RuntimeHttpServer {
   /** Read the feature-flag client token from disk so it can be included in pairing approval responses. */
   private readFeatureFlagToken(): string | undefined {
     try {
-      const baseDir = process.env.BASE_DATA_DIR?.trim() || homedir();
-      const tokenPath = join(baseDir, ".vellum", "feature-flag-token");
+      const tokenPath = join(getRootDir(), "feature-flag-token");
       const token = readFileSync(tokenPath, "utf-8").trim();
       return token || undefined;
     } catch {
@@ -944,6 +943,7 @@ export class RuntimeHttpServer {
       ...appManagementRouteDefinitions(),
       ...secretRouteDefinitions({
         getCesClient: this.getCesClient,
+        onProviderCredentialsChanged: this.onProviderCredentialsChanged,
       }),
       ...identityRouteDefinitions(),
       ...upgradeBroadcastRouteDefinitions(),
@@ -1028,17 +1028,11 @@ export class RuntimeHttpServer {
         handler: ({ url }) => {
           const limit = Number(url.searchParams.get("limit") ?? 50);
           const offset = Number(url.searchParams.get("offset") ?? 0);
-          const includeBackground = isAssistantFeatureFlagEnabled(
-            "show-background-conversations",
-            getConfig(),
-          );
-          const conversations = listConversations(
-            limit,
-            includeBackground,
-            offset,
-          );
-          const totalCount = countConversations(includeBackground);
-          const conversationIds = conversations.map((c) => c.id);
+          const backgroundOnly =
+            url.searchParams.get("conversationType") === "background";
+          const rows = listConversations(limit, backgroundOnly, offset);
+          const totalCount = countConversations(backgroundOnly);
+          const conversationIds = rows.map((c) => c.id);
           const displayMeta = getDisplayMetaForConversations(conversationIds);
           const bindings =
             externalConversationStore.getBindingsForConversations(
@@ -1048,7 +1042,7 @@ export class RuntimeHttpServer {
             getAttentionStateByConversationIds(conversationIds);
           const parentCache = new Map<string, ConversationRow | null>();
           return Response.json({
-            conversations: conversations.map((conversation) =>
+            conversations: rows.map((conversation) =>
               this.serializeConversationSummary({
                 conversation,
                 binding: bindings.get(conversation.id),
@@ -1057,7 +1051,7 @@ export class RuntimeHttpServer {
                 parentCache,
               }),
             ),
-            hasMore: offset + conversations.length < totalCount,
+            hasMore: offset + rows.length < totalCount,
           });
         },
       },

package/src/runtime/http-types.ts

@@ -228,8 +228,15 @@ export interface RuntimeHttpServerOptions {
   getRecordingDeps?: () => import("./routes/recording-routes.js").RecordingDeps;
   /** Accessor for the CES client, used to push API key updates to CES after hatch. */
   getCesClient?: () => CesClient | undefined;
+  /**
+   * Called after provider-affecting credentials reload so live conversations
+   * can be recreated with fresh provider instances.
+   */
+  onProviderCredentialsChanged?: () => void | Promise<void>;
   /** Accessor for the heartbeat service (for run-now and config routes). */
-  getHeartbeatService?: () => import("../heartbeat/heartbeat-service.js").HeartbeatService | undefined;
+  getHeartbeatService?: () =>
+    | import("../heartbeat/heartbeat-service.js").HeartbeatService
+    | undefined;
 }
 
 export interface RuntimeAttachmentMetadata {

package/src/runtime/migrations/rebind-secrets-screen.ts

@@ -106,7 +106,7 @@ const TASK_DEFINITIONS: readonly TaskDefinition[] = [
       "Secrets are redacted in export bundles for security. Re-enter all API keys, tokens, and credentials in the destination instance.",
     required: true,
     helpText:
-      "Navigate to Settings > Integrations to re-enter provider API keys (e.g., Anthropic, OpenAI). Check Settings > Secrets for any custom secrets used by skills.",
+      "Navigate to Settings > Models & Services to re-enter provider API keys (e.g., Anthropic, OpenAI). Check Settings > Models & Services for any custom secrets used by skills.",
   },
   {
     id: "rebind-channels",
@@ -133,7 +133,7 @@ const TASK_DEFINITIONS: readonly TaskDefinition[] = [
       "Ensure all webhook URLs registered with external services point to the new instance's public ingress URL.",
     required: false,
     helpText:
-      "Review the public ingress URL in Settings > Gateway. Update any external services (GitHub, calendar providers, etc.) that send webhooks to this assistant.",
+      "Review the public ingress URL in Settings > Developer. Update any external services (GitHub, calendar providers, etc.) that send webhooks to this assistant.",
   },
 ] as const;
 

package/src/runtime/routes/conversation-management-routes.ts

@@ -18,7 +18,9 @@ import { z } from "zod";
 
 import {
   batchSetDisplayOrders,
+  countConversationsByScheduleJobId,
   deleteConversation,
+  getConversation,
   PRIVATE_CONVERSATION_FORK_ERROR,
   wipeConversation,
 } from "../../memory/conversation-crud.js";
@@ -29,6 +31,7 @@ import {
   setConversationKeyIfAbsent,
 } from "../../memory/conversation-key-store.js";
 import { enqueueMemoryJob } from "../../memory/jobs-store.js";
+import { deleteSchedule } from "../../schedule/schedule-store.js";
 import { UserError } from "../../util/errors.js";
 import { getLogger } from "../../util/logger.js";
 import { httpError } from "../http-errors.js";
@@ -318,6 +321,20 @@ export function conversationManagementRouteDefinitions(
             404,
           );
         }
+
+        // Cancel the associated schedule job (if any) before wiping the
+        // conversation — but only when this is the last conversation that
+        // references the schedule.  Recurring schedules create a new
+        // conversation per run, so we must not cancel the schedule when
+        // earlier run conversations are cleaned up.
+        const conv = getConversation(resolvedId);
+        if (
+          conv?.scheduleJobId &&
+          countConversationsByScheduleJobId(conv.scheduleJobId) <= 1
+        ) {
+          deleteSchedule(conv.scheduleJobId);
+        }
+
         deps.destroyConversation(resolvedId);
         const result = wipeConversation(resolvedId);
         // Enqueue Qdrant vector cleanup jobs
@@ -372,6 +389,20 @@ export function conversationManagementRouteDefinitions(
             404,
           );
         }
+
+        // Cancel the associated schedule job (if any) before deleting the
+        // conversation — but only when this is the last conversation that
+        // references the schedule.  Recurring schedules create a new
+        // conversation per run, so we must not cancel the schedule when
+        // earlier run conversations are cleaned up.
+        const conv = getConversation(resolvedId);
+        if (
+          conv?.scheduleJobId &&
+          countConversationsByScheduleJobId(conv.scheduleJobId) <= 1
+        ) {
+          deleteSchedule(conv.scheduleJobId);
+        }
+
         // Tear down the in-memory conversation (abort + dispose) before removing
         // persistence so that a running agent loop doesn't write to a deleted
         // conversation row, tripping FK constraints.

package/src/runtime/routes/conversation-routes.ts

@@ -48,7 +48,10 @@ import {
 } from "../../memory/canonical-guardian-store.js";
 import {
   addMessage,
+  getLastAssistantTimestampBefore,
   getMessages,
+  getMessagesPaginated,
+  type MessageRow,
   provenanceFromTrustContext,
   setConversationOriginChannelIfUnset,
   setConversationOriginInterfaceIfUnset,
@@ -360,7 +363,49 @@ export function handleListMessages(
   if (!resolvedConversationId) {
     return Response.json({ messages: [] });
   }
-  const rawMessages = getMessages(resolvedConversationId);
+
+  const beforeTimestampRaw = url.searchParams.get("beforeTimestamp");
+  const limitRaw = url.searchParams.get("limit");
+
+  // Validate: reject NaN values with 400
+  if (beforeTimestampRaw !== null && isNaN(Number(beforeTimestampRaw))) {
+    return httpError(
+      "BAD_REQUEST",
+      "beforeTimestamp must be a valid number",
+      400,
+    );
+  }
+  if (limitRaw !== null && isNaN(Number(limitRaw))) {
+    return httpError("BAD_REQUEST", "limit must be a valid number", 400);
+  }
+
+  const beforeTimestamp = beforeTimestampRaw
+    ? Number(beforeTimestampRaw)
+    : undefined;
+  // Clamp limit to 1-500 range
+  const limit = limitRaw
+    ? Math.min(Math.max(Math.floor(Number(limitRaw)), 1), 500)
+    : undefined;
+
+  // Option A: only paginate when beforeTimestamp is present.
+  // Initial load and reconnect send limit but no beforeTimestamp — those must continue
+  // returning all messages for zero regression risk.
+  const isPaginated = beforeTimestamp != null;
+
+  let rawMessages: MessageRow[];
+  let hasMore = false;
+
+  if (isPaginated) {
+    const result = getMessagesPaginated(
+      resolvedConversationId,
+      limit,
+      beforeTimestamp,
+    );
+    rawMessages = result.messages;
+    hasMore = result.hasMore;
+  } else {
+    rawMessages = getMessages(resolvedConversationId);
+  }
 
   // Parse content blocks and extract text + tool calls
   const parsed = rawMessages.map((msg) => {
@@ -429,6 +474,12 @@ export function handleListMessages(
   const interfaceFiles = getInterfaceFilesWithMtimes(interfacesDir);
 
   let prevAssistantTimestamp = 0;
+  if (isPaginated && rawMessages.length > 0) {
+    prevAssistantTimestamp = getLastAssistantTimestampBefore(
+      resolvedConversationId!,
+      rawMessages[0].createdAt,
+    );
+  }
   const messages: RuntimeMessagePayload[] = parsed.map((m) => {
     let msgAttachments: RuntimeAttachmentMetadata[] = [];
     if (m.id) {
@@ -498,6 +549,19 @@ export function handleListMessages(
     };
   });
 
+  if (isPaginated) {
+    const oldestTimestamp =
+      rawMessages.length > 0 ? rawMessages[0].createdAt : undefined;
+    const oldestMessageId =
+      rawMessages.length > 0 ? rawMessages[0].id : undefined;
+    return Response.json({
+      messages,
+      hasMore,
+      ...(oldestTimestamp != null ? { oldestTimestamp } : {}),
+      ...(oldestMessageId != null ? { oldestMessageId } : {}),
+    });
+  }
+
   return Response.json({ messages });
 }
 
@@ -1502,9 +1566,20 @@ export function conversationRouteDefinitions(deps: {
       tags: ["messages"],
       responseBody: z.object({
         messages: z.array(z.unknown()).describe("Array of message objects"),
-        interfaceFiles: z
-          .array(z.unknown())
-          .describe("Interface file paths with modification timestamps"),
+        hasMore: z
+          .boolean()
+          .optional()
+          .describe("Whether older messages exist beyond this page"),
+        oldestTimestamp: z
+          .number()
+          .optional()
+          .describe(
+            "Timestamp of the oldest message in this page (ms since epoch)",
+          ),
+        oldestMessageId: z
+          .string()
+          .optional()
+          .describe("ID of the oldest message in this page"),
       }),
       handler: ({ url }) => handleListMessages(url, deps.interfacesDir),
     },

package/src/runtime/routes/guardian-action-routes.ts

@@ -121,7 +121,11 @@ export async function handleGuardianActionDecision(
     return httpError("BAD_REQUEST", result.message, 400);
   }
   if (result.applied) {
-    return Response.json({ applied: true, requestId: result.requestId });
+    return Response.json({
+      applied: true,
+      requestId: result.requestId,
+      ...(result.replyText ? { replyText: result.replyText } : {}),
+    });
   }
   return result.reason === "not_found"
     ? httpError(
@@ -297,7 +301,16 @@ export function guardianActionRouteDefinitions(): RouteDefinition[] {
       responseBody: z.object({
         applied: z.boolean(),
         requestId: z.string(),
-        reason: z.string(),
+        reason: z
+          .string()
+          .optional()
+          .describe("Decline reason (present only when applied is false)"),
+        replyText: z
+          .string()
+          .optional()
+          .describe(
+            "Resolver reply text for the guardian (e.g. verification code)",
+          ),
       }),
       handler: async ({ req, authContext }) =>
         handleGuardianActionDecision(req, authContext),