@vellumai/assistant 0.5.5 → 0.5.7

package/src/context/window-manager.ts

@@ -538,12 +538,12 @@ export class ContextWindowManager {
     }
 
     const keepTurns = lo;
-    const keepFromIndex =
+    const rawKeepFromIndex =
       keepTurns === 0
         ? messages.length
         : (userTurnStarts[userTurnStarts.length - keepTurns] ??
           messages.length);
-
+    const keepFromIndex = adjustForToolPairs(messages, rawKeepFromIndex);
     return { keepFromIndex, keepTurns };
   }
 
@@ -703,6 +703,57 @@ function isToolResultOnly(message: Message): boolean {
   );
 }
 
+/**
+ * Walk the keep boundary backward to ensure tool_use/tool_result pairs are
+ * never split across the compaction boundary. If the first kept message is
+ * a user message containing tool_result blocks whose matching tool_use blocks
+ * live in the preceding (compacted-away) assistant message, include that
+ * assistant message in the kept set.
+ */
+function adjustForToolPairs(
+  messages: Message[],
+  keepFromIndex: number,
+): number {
+  let idx = keepFromIndex;
+  while (idx > 0) {
+    const msg = messages[idx];
+    if (!msg || msg.role !== "user") break;
+
+    // Collect tool_use_ids referenced by tool_results in this user message
+    const referencedIds = new Set<string>();
+    for (const block of msg.content) {
+      if ((block.type === "tool_result" || block.type === "web_search_tool_result") && "tool_use_id" in block) {
+        referencedIds.add((block as { tool_use_id: string }).tool_use_id);
+      }
+    }
+    if (referencedIds.size === 0) break;
+
+    // Check if the preceding assistant message contains matching tool_uses
+    const prev = messages[idx - 1];
+    if (!prev || prev.role !== "assistant") break;
+
+    const hasOrphanedPair = prev.content.some(
+      (block) =>
+        (block.type === "tool_use" || block.type === "server_tool_use") &&
+        "id" in block &&
+        referencedIds.has((block as { id: string }).id),
+    );
+    if (!hasOrphanedPair) break;
+
+    // Include the assistant message
+    idx--;
+
+    // The assistant message may itself be preceded by a tool_result user
+    // message that pairs with an even earlier assistant — continue the check
+    if (idx > 0 && messages[idx - 1]?.role === "user") {
+      idx--;
+    } else {
+      break;
+    }
+  }
+  return idx;
+}
+
 export function getSummaryFromContextMessage(
   message: Message | undefined,
 ): string | null {

package/src/credential-execution/approval-bridge.ts

@@ -103,6 +103,7 @@ function mapUserDecisionToCesDecision(
         userDecision: decision,
       };
     case "temporary_override":
+    case "dangerously_skip_permissions":
       return {
         grantDecision: "approved",
         ttl: undefined,

package/src/credential-execution/executable-discovery.ts

@@ -79,6 +79,11 @@ export interface LocalDiscoverySuccess {
   executablePath: string;
 }
 
+export interface LocalSourceDiscoverySuccess {
+  mode: "local-source";
+  sourcePath: string;
+}
+
 export interface ManagedDiscoverySuccess {
   mode: "managed";
   socketPath: string;
@@ -91,6 +96,7 @@ export interface DiscoveryFailure {
 
 export type DiscoveryResult =
   | LocalDiscoverySuccess
+  | LocalSourceDiscoverySuccess
   | ManagedDiscoverySuccess
   | DiscoveryFailure;
 
@@ -101,11 +107,16 @@ export type DiscoveryResult =
 /**
  * Discover the local CES executable.
  *
- * Searches well-known paths for the `credential-executor` binary. Returns
- * a structured result — never throws. If the binary is not found, returns
+ * Searches well-known paths for the `credential-executor` binary. If the
+ * compiled binary is not found, falls back to the TypeScript source entry
+ * point in the monorepo. Returns a structured result — never throws. If
+ * neither the binary nor the source entry point is found, returns
  * `{ mode: "unavailable" }` so the caller can fail closed.
  */
-export function discoverLocalCes(): LocalDiscoverySuccess | DiscoveryFailure {
+export function discoverLocalCes():
+  | LocalDiscoverySuccess
+  | LocalSourceDiscoverySuccess
+  | DiscoveryFailure {
   const searchPaths = getLocalBinarySearchPaths();
 
   for (const candidate of searchPaths) {
@@ -115,7 +126,20 @@ export function discoverLocalCes(): LocalDiscoverySuccess | DiscoveryFailure {
     }
   }
 
-  const reason = `CES executable not found. Searched: ${searchPaths.join(", ")}`;
+  // Fallback: check for source entry point in the monorepo
+  const monorepoRoot = join(import.meta.dir, "..", "..", "..", "..");
+  const sourceEntry = join(
+    monorepoRoot,
+    "credential-executor",
+    "src",
+    "main.ts",
+  );
+  if (existsSync(sourceEntry)) {
+    log.info({ path: sourceEntry }, "Found local CES source entry point");
+    return { mode: "local-source", sourcePath: sourceEntry };
+  }
+
+  const reason = `CES executable not found. Searched: ${searchPaths.join(", ")}; also checked source at ${sourceEntry}`;
   log.warn(reason);
   return { mode: "unavailable", reason };
 }

package/src/credential-execution/feature-gates.ts

@@ -35,6 +35,10 @@ export const CES_GRANT_AUDIT_FLAG_KEY =
 export const CES_MANAGED_SIDECAR_FLAG_KEY =
   "feature_flags.ces-managed-sidecar.enabled" as const;
 
+/** Gate for routing credential reads/writes through the CES process. */
+export const CES_CREDENTIAL_BACKEND_FLAG_KEY =
+  "feature_flags.ces-credential-backend.enabled" as const;
+
 // ---------------------------------------------------------------------------
 // Public API — predicate functions
 // ---------------------------------------------------------------------------
@@ -73,3 +77,15 @@ export function isCesGrantAuditEnabled(config: AssistantConfig): boolean {
 export function isCesManagedSidecarEnabled(config: AssistantConfig): boolean {
   return isAssistantFeatureFlagEnabled(CES_MANAGED_SIDECAR_FLAG_KEY, config);
 }
+
+/**
+ * Whether credential reads and writes should be routed through the CES process.
+ */
+export function isCesCredentialBackendEnabled(
+  config: AssistantConfig,
+): boolean {
+  return isAssistantFeatureFlagEnabled(
+    CES_CREDENTIAL_BACKEND_FLAG_KEY,
+    config,
+  );
+}

package/src/credential-execution/process-manager.ts

@@ -38,6 +38,7 @@ import {
   discoverLocalCes,
   type DiscoveryResult,
   type LocalDiscoverySuccess,
+  type LocalSourceDiscoverySuccess,
   type ManagedDiscoverySuccess,
 } from "./executable-discovery.js";
 import { isCesManagedSidecarEnabled } from "./feature-gates.js";
@@ -156,6 +157,12 @@ export function createCesProcessManager(
         return transport;
       }
 
+      if (discoveryResult.mode === "local-source") {
+        const transport = await startLocalSourceProcess(discoveryResult);
+        running = true;
+        return transport;
+      }
+
       // managed mode
       const transport = await connectManagedSocket(discoveryResult);
       running = true;
@@ -235,6 +242,37 @@ export function createCesProcessManager(
     return createStdioTransport(proc);
   }
 
+  // -------------------------------------------------------------------------
+  // Local source mode — child process over stdio (bun run)
+  // -------------------------------------------------------------------------
+
+  async function startLocalSourceProcess(
+    discovery: LocalSourceDiscoverySuccess,
+  ): Promise<CesTransport> {
+    log.info(
+      { sourcePath: discovery.sourcePath },
+      "Spawning CES child process from source",
+    );
+
+    const proc = Bun.spawn({
+      cmd: ["bun", "run", discovery.sourcePath],
+      stdin: "pipe",
+      stdout: "pipe",
+      stderr: "ignore",
+      env: {
+        ...process.env,
+        // Signal to CES that it was launched by the assistant
+        CES_LAUNCHED_BY: "assistant",
+      },
+    });
+
+    childProcess = proc;
+
+    log.info({ pid: proc.pid }, "CES child process started (from source)");
+
+    return createStdioTransport(proc);
+  }
+
   // -------------------------------------------------------------------------
   // Managed mode — Unix socket connection
   // -------------------------------------------------------------------------

package/src/daemon/assistant-attachments.ts

@@ -76,6 +76,15 @@ const EXTENSION_MIME_MAP: Record<string, string> = {
   js: "text/javascript",
   ts: "text/typescript",
 
+  // Audio
+  mp3: "audio/mpeg",
+  wav: "audio/wav",
+  ogg: "audio/ogg",
+  flac: "audio/flac",
+  aac: "audio/aac",
+  m4a: "audio/x-m4a",
+  opus: "audio/opus",
+
   // Video
   mp4: "video/mp4",
   webm: "video/webm",

package/src/daemon/config-watcher.ts

@@ -12,7 +12,7 @@ import {
 } from "node:fs";
 import { join } from "node:path";
 
-import { getIsContainerized } from "../config/env-registry.js";
+import { clearFeatureFlagOverridesCache } from "../config/assistant-feature-flags.js";
 import { getConfig, invalidateConfigCache } from "../config/loader.js";
 import { clearEmbeddingBackendCache } from "../memory/embedding-backend.js";
 import { clearCache as clearTrustCache } from "../permissions/trust-store.js";
@@ -154,6 +154,10 @@ export class ConfigWatcher {
       "trust.json": () => {
         clearTrustCache();
       },
+      "feature-flags.json": () => {
+        clearFeatureFlagOverridesCache();
+        onConversationEvict();
+      },
       "secret-allowlist.json": () => {
         resetAllowlist();
         try {
@@ -210,9 +214,7 @@ export class ConfigWatcher {
       );
     }
 
-    if (!getIsContainerized()) {
-      this.startSignalsWatcher();
-    }
+    this.startSignalsWatcher();
     this.startSkillsWatchers(onConversationEvict);
   }
 

package/src/daemon/conversation-agent-loop.ts

@@ -33,7 +33,6 @@ import {
 } from "../instrument.js";
 import { commitAppTurnChanges } from "../memory/app-git-service.js";
 import { getApp, listAppFiles, resolveAppDir } from "../memory/app-store.js";
-import { insertCompactionEpisode } from "../memory/archive-store.js";
 import {
   addMessage,
   deleteMessageById,
@@ -514,12 +513,6 @@ export async function runAgentLoopImpl(
         compacted.summaryText,
         ctx.contextCompactedMessageCount,
       );
-      dualWriteCompactionEpisode(
-        ctx.conversationId,
-        ctx.memoryPolicy.scopeId,
-        compacted.summaryText,
-        compacted.summaryOutputTokens,
-      );
       onEvent({
         type: "context_compacted",
         previousEstimatedInputTokens: compacted.previousEstimatedInputTokens,
@@ -787,12 +780,6 @@ export async function runAgentLoopImpl(
             step.compactionResult.summaryText,
             ctx.contextCompactedMessageCount,
           );
-          dualWriteCompactionEpisode(
-            ctx.conversationId,
-            ctx.memoryPolicy.scopeId,
-            step.compactionResult.summaryText,
-            step.compactionResult.summaryOutputTokens,
-          );
           onEvent({
             type: "context_compacted",
             previousEstimatedInputTokens:
@@ -977,12 +964,6 @@ export async function runAgentLoopImpl(
           midLoopCompact.summaryText,
           ctx.contextCompactedMessageCount,
         );
-        dualWriteCompactionEpisode(
-          ctx.conversationId,
-          ctx.memoryPolicy.scopeId,
-          midLoopCompact.summaryText,
-          midLoopCompact.summaryOutputTokens,
-        );
         onEvent({
           type: "context_compacted",
           previousEstimatedInputTokens:
@@ -1179,12 +1160,6 @@ export async function runAgentLoopImpl(
             step.compactionResult.summaryText,
             ctx.contextCompactedMessageCount,
           );
-          dualWriteCompactionEpisode(
-            ctx.conversationId,
-            ctx.memoryPolicy.scopeId,
-            step.compactionResult.summaryText,
-            step.compactionResult.summaryOutputTokens,
-          );
           onEvent({
             type: "context_compacted",
             previousEstimatedInputTokens:
@@ -1292,12 +1267,6 @@ export async function runAgentLoopImpl(
                 emergencyCompact.summaryText,
                 ctx.contextCompactedMessageCount,
               );
-              dualWriteCompactionEpisode(
-                ctx.conversationId,
-                ctx.memoryPolicy.scopeId,
-                emergencyCompact.summaryText,
-                emergencyCompact.summaryOutputTokens,
-              );
               onEvent({
                 type: "context_compacted",
                 previousEstimatedInputTokens:
@@ -1402,12 +1371,6 @@ export async function runAgentLoopImpl(
               emergencyCompact.summaryText,
               ctx.contextCompactedMessageCount,
             );
-            dualWriteCompactionEpisode(
-              ctx.conversationId,
-              ctx.memoryPolicy.scopeId,
-              emergencyCompact.summaryText,
-              emergencyCompact.summaryOutputTokens,
-            );
             onEvent({
               type: "context_compacted",
               previousEstimatedInputTokens:
@@ -1873,26 +1836,3 @@ function collapseRawResponses(rawResponses?: unknown[]): unknown | undefined {
   if (!rawResponses || rawResponses.length === 0) return undefined;
   return rawResponses.length === 1 ? rawResponses[0] : rawResponses;
 }
-
-/**
- * Dual-write a compaction summary as an archive episode so it becomes
- * searchable via vector recall. Called after each successful compaction
- * that produces a new summary.
- */
-function dualWriteCompactionEpisode(
-  conversationId: string,
-  scopeId: string,
-  summaryText: string,
-  summaryOutputTokens: number,
-): void {
-  const now = Date.now();
-  insertCompactionEpisode({
-    conversationId,
-    scopeId,
-    title: truncate(summaryText, 120, ""),
-    summary: summaryText,
-    tokenEstimate: summaryOutputTokens,
-    startAt: now,
-    endAt: now,
-  });
-}

package/src/daemon/conversation-memory.ts

@@ -1,8 +1,5 @@
 import { getConfig } from "../config/loader.js";
 import { estimatePromptTokens } from "../context/token-estimator.js";
-import { buildArchiveRecall } from "../memory/archive-recall.js";
-import { compileMemoryBrief } from "../memory/brief.js";
-import { getDb } from "../memory/db.js";
 import { buildMemoryQuery } from "../memory/query-builder.js";
 import { computeRecallBudget } from "../memory/retrieval-budget.js";
 import {
@@ -12,11 +9,8 @@ import {
 import type { ScopePolicyOverride } from "../memory/search/types.js";
 import type { Message } from "../providers/types.js";
 import type { Provider } from "../providers/types.js";
-import { getLogger } from "../util/logger.js";
 import type { ServerMessage } from "./message-protocol.js";
 
-const log = getLogger("conversation-memory");
-
 export interface MemoryRecallResult {
   runMessages: Message[];
   recall: Awaited<ReturnType<typeof buildMemoryRecall>>;
@@ -121,14 +115,6 @@ export async function prepareMemoryContext(
 
   const runtimeConfig = getConfig();
 
-  // ── Simplified memory path ──────────────────────────────────────────
-  // When `memory.simplified.enabled` is true, inject the brief and
-  // optional archive recall instead of the legacy hybrid pipeline.
-  if (runtimeConfig.memory?.simplified?.enabled) {
-    return prepareSimplifiedMemoryContext(ctx, content, userMessageId, onEvent);
-  }
-
-  // ── Legacy memory path (fallback) ──────────────────────────────────
   // Memory recall via the V2 hybrid pipeline
   const recallQuery = buildMemoryQuery(content, ctx.messages);
   const dynamicBudgetConfig = runtimeConfig.memory?.retrieval?.dynamicBudget;
@@ -221,106 +207,3 @@ export async function prepareMemoryContext(
     recall,
   };
 }
-
-// ── Simplified memory injection ─────────────────────────────────────────
-
-/**
- * Build simplified memory context for a turn: compiles the `<memory_brief>`
- * block and conditionally appends `<supporting_recall>` from the archive.
- *
- * Non-empty blocks are injected as text content blocks prepended to the
- * last user message, following the same injection pattern as the legacy
- * pipeline. Stripping is handled by `RUNTIME_INJECTION_PREFIXES` which
- * already includes `<memory_brief>`.
- */
-function prepareSimplifiedMemoryContext(
-  ctx: MemoryPrepareContext,
-  content: string,
-  userMessageId: string,
-  onEvent: (msg: ServerMessage) => void,
-): MemoryRecallResult {
-  const start = Date.now();
-
-  // Build a no-op recall result matching the legacy shape.
-  const noopRecall = (): Awaited<ReturnType<typeof buildMemoryRecall>> =>
-    ({
-      enabled: true,
-      degraded: false,
-      injectedText: "",
-      semanticHits: 0,
-      recencyHits: 0,
-      mergedCount: 0,
-      selectedCount: 0,
-      injectedTokens: 0,
-      latencyMs: 0,
-      topCandidates: [],
-      tier1Count: 0,
-      tier2Count: 0,
-    }) as Awaited<ReturnType<typeof buildMemoryRecall>>;
-
-  try {
-    const db = getDb();
-
-    // Step 1: Build the memory brief
-    const briefResult = compileMemoryBrief(db, ctx.scopeId, userMessageId);
-
-    // Step 2: Conditionally build supporting recall from the archive
-    const archiveResult = buildArchiveRecall(ctx.scopeId, content);
-
-    // Step 3: Assemble the injection blocks (non-empty only)
-    const blocks: string[] = [];
-    if (briefResult.text.length > 0) {
-      blocks.push(briefResult.text);
-    }
-    if (archiveResult.text.length > 0) {
-      blocks.push(archiveResult.text);
-    }
-
-    const latencyMs = Date.now() - start;
-
-    // Emit memory status for the simplified path
-    onEvent({
-      type: "memory_status",
-      enabled: true,
-      degraded: false,
-    });
-
-    // Inject non-empty blocks into the last user message
-    let runMessages = ctx.messages;
-    if (blocks.length > 0) {
-      const injectedText = blocks.join("\n\n");
-      const userTail = ctx.messages[ctx.messages.length - 1];
-      if (userTail && userTail.role === "user") {
-        runMessages = injectMemoryRecallAsUserBlock(ctx.messages, injectedText);
-      }
-
-      log.debug(
-        {
-          briefLength: briefResult.text.length,
-          recallTrigger: archiveResult.trigger,
-          recallBullets: archiveResult.bullets.length,
-          latencyMs,
-        },
-        "Simplified memory injection completed",
-      );
-    }
-
-    return {
-      runMessages,
-      recall: {
-        ...noopRecall(),
-        injectedText: blocks.length > 0 ? blocks.join("\n\n") : "",
-        latencyMs,
-      },
-    };
-  } catch (err) {
-    log.warn({ err }, "Simplified memory injection failed, returning no-op");
-    return {
-      runMessages: ctx.messages,
-      recall: {
-        ...noopRecall(),
-        latencyMs: Date.now() - start,
-      },
-    };
-  }
-}

package/src/daemon/conversation-runtime-assembly.ts

@@ -961,8 +961,6 @@ const RUNTIME_INJECTION_PREFIXES = [
   "<inbound_actor_context>",
   "<interface_turn_context>",
   "<turn_context>",
-  "<memory_brief>",
-  "<supporting_recall>",
   "<memory_context __injected>",
   "<memory_context>", // backward-compat: strip legacy blocks from pre-__injected history
   "<voice_call_control>",

package/src/daemon/conversation-tool-setup.ts

@@ -23,7 +23,6 @@ import {
 import { isAllowDecision } from "../permissions/types.js";
 import type { Message, ToolDefinition } from "../providers/types.js";
 import type { TrustClass } from "../runtime/actor-trust-resolver.js";
-import { getEffectiveMode } from "../runtime/conversation-approval-overrides.js";
 import { coreAppProxyTools } from "../tools/apps/definitions.js";
 import { registerConversationSender } from "../tools/browser/browser-screencast.js";
 import type { ToolExecutor } from "../tools/executor.js";
@@ -234,110 +233,6 @@ export function createToolExecutor(
           params.allowedDomains,
         );
       },
-      requestConfirmation: async (req) => {
-        // Check trust store before prompting
-        const existingRule = findHighestPriorityRule(
-          "cc:" + req.toolName,
-          [req.toolName, `cc:${req.toolName}`, "cc:*"],
-          ctx.workingDir,
-        );
-        if (existingRule && existingRule.decision !== "ask") {
-          return {
-            decision:
-              existingRule.decision === "allow"
-                ? ("allow" as const)
-                : ("deny" as const),
-          };
-        }
-        // Auto-approve sub-tool confirmations when a temporary approval
-        // override is active for this conversation (guardian only).
-        const guardianTrust = ctx.trustContext?.trustClass ?? "unknown";
-        if (
-          guardianTrust === "guardian" &&
-          getEffectiveMode(ctx.conversationId) !== undefined
-        ) {
-          return { decision: "allow" as const };
-        }
-        const allowlistOptions = [
-          {
-            label: `cc:${req.toolName}`,
-            description: `Claude Code ${req.toolName}`,
-            pattern: `cc:${req.toolName}`,
-          },
-          {
-            label: "cc:*",
-            description: "All Claude Code sub-tools",
-            pattern: "cc:*",
-          },
-        ];
-        const scopeOptions = generateScopeOptions(ctx.workingDir);
-        const response = await prompter.prompt(
-          `cc:${req.toolName}`,
-          req.input,
-          req.riskLevel,
-          allowlistOptions,
-          scopeOptions,
-          undefined,
-          undefined,
-          ctx.conversationId,
-          req.executionTarget,
-          undefined,
-          undefined,
-          undefined,
-          toolUseId,
-        );
-        if (
-          (response.decision === "always_allow" ||
-            response.decision === "always_allow_high_risk") &&
-          response.selectedPattern &&
-          response.selectedScope
-        ) {
-          log.info(
-            {
-              toolName: "cc:" + req.toolName,
-              pattern: response.selectedPattern,
-              scope: response.selectedScope,
-              highRisk: response.decision === "always_allow_high_risk",
-            },
-            "Persisting always-allow trust rule",
-          );
-          addRule(
-            "cc:" + req.toolName,
-            response.selectedPattern,
-            response.selectedScope,
-            "allow",
-            100,
-            response.decision === "always_allow_high_risk"
-              ? { allowHighRisk: true }
-              : undefined,
-          );
-        }
-        if (
-          response.decision === "always_deny" &&
-          response.selectedPattern &&
-          response.selectedScope
-        ) {
-          log.info(
-            {
-              toolName: "cc:" + req.toolName,
-              pattern: response.selectedPattern,
-              scope: response.selectedScope,
-            },
-            "Persisting always-deny trust rule",
-          );
-          addRule(
-            "cc:" + req.toolName,
-            response.selectedPattern,
-            response.selectedScope,
-            "deny",
-          );
-        }
-        return {
-          decision: isAllowDecision(response.decision)
-            ? ("allow" as const)
-            : ("deny" as const),
-        };
-      },
     };
 
     // Intercept skill_execute: extract the real tool name and input, then

package/src/daemon/conversation.ts

@@ -42,6 +42,7 @@ import { PermissionPrompter } from "../permissions/prompter.js";
 import { SecretPrompter } from "../permissions/secret-prompter.js";
 import { patternMatchesCandidate } from "../permissions/trust-store.js";
 import type { UserDecision } from "../permissions/types.js";
+import { resolvePersonaContext } from "../prompts/persona-resolver.js";
 import { buildSystemPrompt } from "../prompts/system-prompt.js";
 import type { Message } from "../providers/types.js";
 import type { Provider } from "../providers/types.js";
@@ -353,10 +354,18 @@ export class Conversation {
     const resolveSystemPromptCallback = (
       _history: import("../providers/types.js").Message[],
     ): ResolvedSystemPrompt => {
+      const persona = resolvePersonaContext(
+        this.trustContext,
+        this.channelCapabilities,
+      );
       const resolved = {
         systemPrompt: hasSystemPromptOverride
           ? systemPrompt
-          : buildSystemPrompt({ hasNoClient: this.hasNoClient }),
+          : buildSystemPrompt({
+              hasNoClient: this.hasNoClient,
+              userPersona: persona.userPersona,
+              channelPersona: persona.channelPersona,
+            }),
         maxTokens: configuredMaxTokens,
       };
       return resolved;