@vellumai/assistant 0.5.6 → 0.5.7

package/.env.example

@@ -16,5 +16,19 @@ OLLAMA_BASE_URL=
 # Enable the runtime HTTP server (required for web local mode).
 # RUNTIME_HTTP_PORT=7821
 
-# Platform base URL (defaults to empty string)
-# PLATFORM_BASE_URL=
+# Vellum platform URL (used by the desktop app; defaults to https://platform.vellum.ai in release builds)
+VELLUM_PLATFORM_URL=https://dev-platform.vellum.ai
+
+# --- Sentry (crash reporting) ---
+# Omit to disable Sentry.
+SENTRY_DSN_ASSISTANT=https://db2d38a082e4ee35eeaea08c44b376ec@o4504590528675840.ingest.us.sentry.io/4510874712276992
+
+# --- Telemetry ---
+# Omit to disable telemetry reporting.
+TELEMETRY_PLATFORM_URL=https://platform.vellum.ai
+TELEMETRY_APP_TOKEN=e01cf85768cc3617e986f0a7f1966b72e25316526c5db54c8b94a9c3c5c9eaed
+
+# --- Network proxy ---
+# Comma-separated host patterns allowed through the proxy.
+# localhost is always allowed.
+PROXY_ALLOWED_HOSTS=*.vellum.ai

package/ARCHITECTURE.md

@@ -621,11 +621,11 @@ The assistant feature-flag resolver (`src/config/assistant-feature-flags.ts`) is
 
 **Resolution priority** (highest wins):
 
-1. `config.assistantFeatureFlagValues[key]` — canonical config section, written by the gateway's PATCH endpoint
+1. `~/.vellum/protected/feature-flags.json` overrides (local) or gateway HTTP API (Docker/containerized) — written by the gateway's PATCH endpoint
 2. Defaults registry `defaultEnabled` — from the unified registry (`meta/feature-flags/feature-flag-registry.json`, filtered to `scope: "assistant"`)
 3. `true` — unknown/undeclared flags with no persisted override default to enabled
 
-**Storage:** Flags are persisted in `~/.vellum/workspace/config.json` in the `assistantFeatureFlagValues` section (managed by the gateway's `/v1/feature-flags` API — see [`gateway/ARCHITECTURE.md`](../gateway/ARCHITECTURE.md)). The daemon's config watcher hot-reloads this file, so flag changes take effect on the next tool resolution or session.
+**Storage:** Flags are persisted in `~/.vellum/protected/feature-flags.json` (local) or `GATEWAY_SECURITY_DIR/feature-flags.json` (Docker), managed by the gateway's `/v1/feature-flags` API (see [`gateway/ARCHITECTURE.md`](../gateway/ARCHITECTURE.md)). The daemon's config watcher monitors the protected directory and hot-reloads flag changes, so mutations take effect on the next tool resolution or session.
 
 **Public API:**
 
@@ -656,7 +656,7 @@ All six enforcement points derive the flag key via `skillFlagKey(skill)` — whi
 | `src/prompts/system-prompt.ts`                  | `appendSkillsCatalog()` — enforcement point 2                                                                                                                             |
 | `src/tools/skills/load.ts`                      | `executeSkillLoad()` — enforcement points 3 and 5                                                                                                                         |
 | `src/daemon/conversation-skill-tools.ts`        | `projectSkillTools()` — enforcement point 4                                                                                                                               |
-| `src/config/schema.ts`                          | `assistantFeatureFlagValues` field definition in `AssistantConfig` (Zod schema)                                                                                           |
+| `src/config/schema.ts`                          | `AssistantConfig` Zod schema definition (feature flag values are no longer stored here)                                                                                   |
 | `src/daemon/handlers/skills.ts`                 | `listSkills()` — uses `resolveSkillStates()` for client responses; `installSkill()` — enforcement point 6                                                                 |
 | `meta/feature-flags/feature-flag-registry.json` | Unified feature flag registry (repo root) — all declared flags with scope, label, default values, and descriptions                                                        |
 | `src/config/feature-flag-registry.json`         | Bundled copy of the unified registry for compiled binary resolution                                                                                                       |
@@ -711,7 +711,7 @@ graph LR
     end
 
     subgraph "~/.vellum/workspace/ (Workspace Files)"
-        CONFIG["config files<br/>Hot-reloaded by daemon<br/>(includes assistantFeatureFlagValues)"]
+        CONFIG["config files<br/>Hot-reloaded by daemon"]
         ONBOARD_PLAYBOOKS["onboarding/playbooks/<br/>[channel]_onboarding.md<br/>assistant-updatable checklists"]
         ONBOARD_REGISTRY["onboarding/playbooks/registry.json<br/>channel-start index for fast-path + reconciliation"]
         APPS_STORE["data/apps/<br/><app-id>.json + pages/*.html<br/>User-created apps stored here"]
@@ -1138,7 +1138,7 @@ graph LR
 
 ## Dynamic Skill Tool System — Runtime Tool Projection
 
-Skills can expose custom tools via a `TOOLS.json` manifest alongside their `SKILL.md`. When a skill is activated during a session, its tools are dynamically loaded, registered, and made available to the agent loop. Browser, Gmail, Claude Code, Weather, and other capabilities are delivered as **bundled skills** rather than hardcoded tools. Browser tools (previously the core `headless-browser` tool) are now provided by the bundled `browser` skill with system default allow rules that preserve frictionless auto-approval.
+Skills can expose custom tools via a `TOOLS.json` manifest alongside their `SKILL.md`. When a skill is activated during a session, its tools are dynamically loaded, registered, and made available to the agent loop. Browser, Gmail, Weather, and other capabilities are delivered as **bundled skills** rather than hardcoded tools. Browser tools (previously the core `headless-browser` tool) are now provided by the bundled `browser` skill with system default allow rules that preserve frictionless auto-approval.
 
 ### Bundled Skill Retrieval Contract (CLI-First)
 
@@ -1180,7 +1180,6 @@ The following capabilities ship as bundled skills in `assistant/src/config/bundl
 | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `browser`       | `browser_navigate`, `browser_snapshot`, `browser_screenshot`, `browser_close`, `browser_click`, `browser_type`, `browser_press_key`, `browser_wait_for`, `browser_extract`, `browser_fill_credential`                                                             | Headless browser automation — web scraping, form filling, interaction (previously core-registered as `headless-browser`; now skill-provided with default allow rules)                                                                                                                                |
 | `gmail`         | Gmail search, archive, send, etc.                                                                                                                                                                                                                                 | Email management via OAuth2 integration                                                                                                                                                                                                                                                              |
-| `claude-code`   | Claude Code tool                                                                                                                                                                                                                                                  | Delegate coding tasks to Claude Code subprocess                                                                                                                                                                                                                                                      |
 | `computer-use`  | `computer_use_observe`, `computer_use_click`, `computer_use_type_text`, `computer_use_key`, `computer_use_scroll`, `computer_use_drag`, `computer_use_wait`, `computer_use_open_app`, `computer_use_run_applescript`, `computer_use_done`, `computer_use_respond` | Computer-use proxy tools — preactivated via `preactivatedSkillIds` in desktop sessions. Each tool forwards actions to the connected macOS client via `HostCuProxy`, which handles request/resolve proxying, step counting, loop detection, and observation formatting within the unified agent loop. |
 | `weather`       | `get-weather`                                                                                                                                                                                                                                                     | Fetch current weather data                                                                                                                                                                                                                                                                           |
 | `app-builder`   | `app_create`, `app_delete`, `app_refresh`, `app_generate_icon`                                                                                                                                                                                                    | Dynamic app authoring — create and manage persistent apps; file editing uses generic file tools plus `app_refresh` (activated via `skill_load app-builder`; `app_open` remains a core proxy tool)                                                                                                    |
@@ -1375,7 +1374,7 @@ Every layer in the pipeline defaults to rejection rather than silent degradation
 | File                                                | Role                                                                                       |
 | --------------------------------------------------- | ------------------------------------------------------------------------------------------ |
 | `assistant/src/config/skills.ts`                    | Skill catalog loading: bundled, managed, workspace, extra directories                      |
-| `assistant/src/config/bundled-skills/`              | Bundled skill directories (browser, gmail, claude-code, computer-use, weather, etc.)       |
+| `assistant/src/config/bundled-skills/`              | Bundled skill directories (browser, gmail, computer-use, weather, etc.)                    |
 | `assistant/src/skills/tool-manifest.ts`             | `TOOLS.json` parser and validator                                                          |
 | `assistant/src/skills/active-skill-tools.ts`        | `deriveActiveSkills()` — scans history for `<loaded_skill>` markers                        |
 | `assistant/src/skills/include-graph.ts`             | Include graph builder: `indexCatalogById()`, `validateIncludes()`, cycle/missing detection |
@@ -1588,74 +1587,6 @@ The `tool_permission_simulate` HTTP endpoint lets clients dry-run a tool invocat
 
 ---
 
-## Swarm Orchestration — Parallel Task Execution
-
-When the model invokes `swarm_delegate`, the daemon decomposes a complex task into parallel specialist subtasks and executes them concurrently.
-
-```mermaid
-sequenceDiagram
-    participant Session as Session (Daemon)
-    participant Tool as swarm_delegate tool
-    participant Planner as Router Planner
-    participant LLM as LLM Provider
-    participant Scheduler as DAG Scheduler
-    participant W1 as Worker 1 (claude_code)
-    participant W2 as Worker 2 (claude_code)
-    participant Synth as Synthesizer
-
-    Session->>Tool: execute(objective)
-    Note over Tool: Recursion guard + abort check
-
-    Tool->>Planner: generatePlan(objective)
-    Planner->>LLM: Plan request (plannerModel)
-    LLM-->>Planner: JSON plan
-    Planner->>Planner: validateAndNormalizePlan()
-
-    Tool->>Scheduler: executeSwarm(plan, limits)
-
-    par Parallel workers (bounded by maxWorkers)
-        Scheduler->>W1: runTask(t1, profile=coder)
-        Note over W1: Agent SDK subprocess
-        W1-->>Scheduler: result
-    and
-        Scheduler->>W2: runTask(t2, profile=researcher)
-        Note over W2: Agent SDK subprocess
-        W2-->>Scheduler: result
-    end
-
-    Note over Scheduler: Retry failed tasks (maxRetriesPerTask)<br/>Block dependents on failure
-
-    Scheduler->>Synth: synthesizeResults(results)
-    Synth->>LLM: Synthesis request (synthesizerModel)
-    LLM-->>Synth: Final answer
-    Synth-->>Tool: SwarmExecutionSummary
-    Tool-->>Session: tool_result + stats
-```
-
-### Key design decisions
-
-- **Recursion guard**: A module-level `Set<conversationId>` prevents concurrent swarms within the same conversation while allowing independent conversations to run their own swarms in parallel.
-- **Abort signal**: The tool checks `context.signal?.aborted` before planning and before execution. The signal is also forwarded into `executeSwarm` and the worker backend, enabling cooperative cancellation of in-flight workers.
-- **DAG scheduling**: Tasks with dependencies are topologically ordered. Independent tasks run in parallel up to `maxWorkers`.
-- **Per-task retries**: Failed tasks retry up to `maxRetriesPerTask` before being marked failed. Dependents are transitively blocked.
-- **Role-scoped profiles**: Workers run with restricted tool access based on their role (coder, researcher, reviewer, general).
-- **Synthesis fallback**: If the LLM synthesis call fails, a deterministic markdown summary is generated from task results.
-- **Progress streaming**: Status events (`task_started`, `task_completed`, `task_failed`, `task_blocked`, `done`) are streamed via `context.onOutput`.
-
-### Config knobs
-
-| Config key                |  Default | Purpose                                           |
-| ------------------------- | -------: | ------------------------------------------------- |
-| `swarm.enabled`           |   `true` | Master switch for swarm orchestration             |
-| `swarm.maxWorkers`        |      `3` | Max concurrent worker processes (hard ceiling: 6) |
-| `swarm.maxTasks`          |      `8` | Max tasks per plan (hard ceiling: 20)             |
-| `swarm.maxRetriesPerTask` |      `1` | Per-task retry limit (hard ceiling: 3)            |
-| `swarm.workerTimeoutSec`  |    `900` | Worker timeout in seconds                         |
-| `swarm.plannerModel`      | (varies) | Model used for plan generation                    |
-| `swarm.synthesizerModel`  | (varies) | Model used for result synthesis                   |
-
----
-
 ## Opportunistic Message Queue — Handoff Flow
 
 When the daemon is busy generating a response, the client can continue sending messages. These are queued (FIFO, max 10) and drained automatically at safe checkpoints in the tool loop, not only at full completion.

package/Dockerfile

@@ -83,7 +83,7 @@ ENV PATH="${PYTHONUSERBASE}/bin:${PATH}"
 # Ensure the CES bootstrap socket volume is writable by the non-root CES user.
 RUN mkdir -p /run/ces-bootstrap && chmod 777 /run/ces-bootstrap
 
-USER assistant
+USER root
 
 EXPOSE 3001
 

package/README.md

@@ -18,7 +18,6 @@ CLI / macOS app / iOS app
         │
         ├── Memory System (Qdrant Hybrid Search)
         ├── Skill Tool System (bundled + managed + workspace)
-        ├── Swarm Orchestration (DAG scheduler + worker pool)
         ├── Script Proxy (credential injection + MITM)
         └── Tracing (per-session event emitter)
 ```
@@ -102,7 +101,6 @@ assistant/
 │   ├── memory/               # Conversation store, memory indexer, recall (Qdrant hybrid search)
 │   ├── skills/               # Skill catalog, loading, and tool factory
 │   ├── tools/                # Built-in tool definitions
-│   ├── swarm/                # Swarm orchestration (DAG scheduler, worker pool)
 │   ├── permissions/          # Trust rules and permission system
 │   ├── security/             # Secure key storage, credential broker
 │   ├── config/               # Configuration loader and schema