@vellumai/assistant 0.5.6 → 0.5.8

package/src/cli/lib/daemon-credential-client.ts

@@ -0,0 +1,284 @@
+/**
+ * CLI helper for credential operations that routes through the daemon HTTP API
+ * when the daemon is running, falling back to direct secure-keys.ts reads
+ * when it is not.
+ *
+ * Follows the daemon HTTP fetch pattern established in conversations.ts
+ * (health check, JWT minting, HTTP call).
+ */
+
+import providerEnvVarsRegistry from "../../../../meta/provider-env-vars.json" with { type: "json" };
+import { getRuntimeHttpHost, getRuntimeHttpPort } from "../../config/env.js";
+import { API_KEY_PROVIDERS } from "../../config/loader.js";
+import { healthCheckHost, isHttpHealthy } from "../../daemon/daemon-control.js";
+import {
+  initAuthSigningKey,
+  loadOrCreateSigningKey,
+  mintDaemonDeliveryToken,
+} from "../../runtime/auth/token-service.js";
+import type { DeleteResult } from "../../security/credential-backend.js";
+import { credentialKey } from "../../security/credential-key.js";
+import type { SecureKeyResult } from "../../security/secure-keys.js";
+import {
+  deleteSecureKeyAsync,
+  getSecureKeyAsync,
+  getSecureKeyResultAsync,
+  setSecureKeyAsync,
+} from "../../security/secure-keys.js";
+import { getLogger } from "../../util/logger.js";
+
+const log = getLogger("daemon-credential-client");
+const CREDENTIAL_KEY_PREFIX = "credential/";
+
+const PROVIDER_ENV_VARS: Record<string, string> =
+  providerEnvVarsRegistry.providers;
+
+// ---------------------------------------------------------------------------
+// Private daemon fetch helper
+// ---------------------------------------------------------------------------
+
+/**
+ * Attempt an authenticated HTTP request to the running daemon.
+ *
+ * Returns the Response for ANY HTTP response (including non-ok status codes)
+ * so callers can distinguish "daemon rejected the request" from "daemon
+ * unreachable". Returns `null` only when the daemon is genuinely unreachable
+ * (health check fails or network error). Callers fall back to direct
+ * secure-keys.ts only when this returns `null`.
+ */
+async function daemonFetch(
+  path: string,
+  init?: RequestInit,
+): Promise<Response | null> {
+  try {
+    if (!(await isHttpHealthy())) return null;
+
+    const port = getRuntimeHttpPort();
+    const host = healthCheckHost(getRuntimeHttpHost());
+    initAuthSigningKey(loadOrCreateSigningKey());
+    const token = mintDaemonDeliveryToken();
+
+    const res = await fetch(`http://${host}:${port}${path}`, {
+      ...init,
+      headers: {
+        ...init?.headers,
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json",
+      },
+    });
+
+    if (!res.ok) {
+      log.warn(
+        { path, status: res.status },
+        "Daemon credential request returned non-ok status",
+      );
+    }
+
+    return res;
+  } catch (err) {
+    log.warn(
+      { path, error: err instanceof Error ? err.message : String(err) },
+      "Daemon credential request error — falling back to direct access",
+    );
+    return null;
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+
+/**
+ * Derive the canonical credential storage key from a "service:field" name.
+ * Mirrors the parsing in secret-routes.ts handleAddSecret / handleDeleteSecret.
+ *
+ * Uses lastIndexOf to split on the *last* colon so compound service names
+ * (e.g. "integration:google") are preserved intact while the single-segment
+ * field name is extracted correctly.
+ */
+function deriveCredentialStorageKey(name: string): string {
+  // Already a canonical storage key (credential/service/field) — return as-is
+  // to avoid double-encoding (e.g. "credential/integration:google/access_token"
+  // would otherwise become "credential/credential/integration/google/access_token").
+  if (name.startsWith("credential/")) {
+    return name;
+  }
+
+  const colonIdx = name.lastIndexOf(":");
+  if (colonIdx < 1 || colonIdx === name.length - 1) {
+    // Malformed — return raw name so the caller stores *something*.
+    // The daemon would reject this with a 400, so this only fires in
+    // the offline fallback path with bad input.
+    return name;
+  }
+  const service = name.slice(0, colonIdx);
+  const field = name.slice(colonIdx + 1);
+  return credentialKey(service, field);
+}
+
+function deriveReadSecretRequest(account: string): {
+  type: "api_key" | "credential";
+  name: string;
+} {
+  if (account.startsWith(CREDENTIAL_KEY_PREFIX)) {
+    const rest = account.slice(CREDENTIAL_KEY_PREFIX.length);
+    const slashIdx = rest.indexOf("/");
+    if (slashIdx > 0 && slashIdx < rest.length - 1) {
+      return {
+        type: "credential",
+        name: `${rest.slice(0, slashIdx)}:${rest.slice(slashIdx + 1)}`,
+      };
+    }
+  }
+
+  if (
+    account.includes(":") &&
+    !API_KEY_PROVIDERS.includes(account as (typeof API_KEY_PROVIDERS)[number])
+  ) {
+    return { type: "credential", name: account };
+  }
+
+  return { type: "api_key", name: account };
+}
+
+// ---------------------------------------------------------------------------
+// Exported wrapper functions
+// ---------------------------------------------------------------------------
+
+/**
+ * Retrieve a secret value from the daemon (via POST /v1/secrets/read with
+ * reveal: true). Falls back to direct `getSecureKeyAsync()` when the daemon
+ * is not running.
+ */
+export async function getSecureKeyViaDaemon(
+  account: string,
+): Promise<string | undefined> {
+  const request = deriveReadSecretRequest(account);
+  const res = await daemonFetch("/v1/secrets/read", {
+    method: "POST",
+    body: JSON.stringify({ ...request, reveal: true }),
+  });
+
+  if (res?.ok) {
+    const json = (await res.json()) as { found: boolean; value?: string };
+    return json.found ? json.value : undefined;
+  }
+
+  // Fall back to direct read when daemon is unreachable (null) OR returned
+  // a non-ok response — reads are safe to retry via direct access.
+  return getSecureKeyAsync(account);
+}
+
+/**
+ * Retrieve a secret value with richer result metadata. Uses the daemon
+ * POST /v1/secrets/read endpoint (reveal: true), falling back to
+ * `getSecureKeyResultAsync()`.
+ */
+export async function getSecureKeyResultViaDaemon(
+  account: string,
+): Promise<SecureKeyResult> {
+  const request = deriveReadSecretRequest(account);
+  const res = await daemonFetch("/v1/secrets/read", {
+    method: "POST",
+    body: JSON.stringify({ ...request, reveal: true }),
+  });
+
+  if (res?.ok) {
+    const json = (await res.json()) as {
+      found: boolean;
+      value?: string;
+      unreachable?: boolean;
+    };
+    if (json.found && json.value != null) {
+      return { value: json.value, unreachable: false };
+    }
+    return { value: undefined, unreachable: json.unreachable ?? false };
+  }
+
+  // Fall back to direct read when daemon is unreachable (null) OR returned
+  // a non-ok response — reads are safe to retry via direct access.
+  return getSecureKeyResultAsync(account);
+}
+
+/**
+ * Store a secret via the daemon POST /v1/secrets endpoint. Falls back to
+ * direct `setSecureKeyAsync()` when the daemon is not running.
+ */
+export async function setSecureKeyViaDaemon(
+  type: string,
+  name: string,
+  value: string,
+): Promise<boolean> {
+  const res = await daemonFetch("/v1/secrets", {
+    method: "POST",
+    body: JSON.stringify({ type, name, value }),
+  });
+
+  if (res?.ok) {
+    const json = (await res.json()) as { success: boolean };
+    return json.success;
+  }
+
+  if (res) {
+    // Daemon is running but deliberately rejected the write (e.g. 422
+    // validation failure, 400 bad input). Do NOT fall back — the daemon's
+    // rejection is authoritative and bypassing it would skip validation.
+    return false;
+  }
+
+  // Daemon unreachable — fall back to direct write.
+  // For credentials, derive the canonical storage key (credential/service/field)
+  // to match the daemon path which uses credentialKey().
+  const storageKey =
+    type === "credential" ? deriveCredentialStorageKey(name) : name;
+  return setSecureKeyAsync(storageKey, value);
+}
+
+/**
+ * Delete a secret via the daemon DELETE /v1/secrets endpoint. Falls back to
+ * direct `deleteSecureKeyAsync()` when the daemon is not running.
+ */
+export async function deleteSecureKeyViaDaemon(
+  type: string,
+  name: string,
+): Promise<DeleteResult> {
+  const res = await daemonFetch("/v1/secrets", {
+    method: "DELETE",
+    body: JSON.stringify({ type, name }),
+  });
+
+  if (res?.ok) {
+    const json = (await res.json()) as { success: boolean };
+    return json.success ? "deleted" : "error";
+  }
+
+  if (res) {
+    // Daemon is running but rejected the delete. Map common status codes
+    // to appropriate results without falling back to direct access.
+    if (res.status === 404) return "not-found";
+    return "error";
+  }
+
+  // Daemon unreachable — fall back to direct delete.
+  // For credentials, derive the canonical storage key (credential/service/field)
+  // to match the daemon path which uses credentialKey().
+  const storageKey =
+    type === "credential" ? deriveCredentialStorageKey(name) : name;
+  return deleteSecureKeyAsync(storageKey);
+}
+
+/**
+ * Retrieve a provider API key via the daemon, with env var fallback.
+ *
+ * Mirrors the behavior of `getProviderKeyAsync()` from secure-keys.ts:
+ * first checks the secure store (via daemon), then falls back to the
+ * corresponding `<PROVIDER>_API_KEY` environment variable.
+ */
+export async function getProviderKeyViaDaemon(
+  provider: string,
+): Promise<string | undefined> {
+  const stored = await getSecureKeyViaDaemon(provider);
+  if (stored) return stored;
+  const envVar = PROVIDER_ENV_VARS[provider];
+  return envVar ? process.env[envVar] : undefined;
+}

package/src/cli.ts

@@ -728,7 +728,7 @@ export async function startCli(): Promise<void> {
       case "memory_recalled":
         spinner.stop();
         process.stdout.write(
-          `\n\x1B[2m[Memory recalled: ${msg.injectedTokens} tokens | t1 ${msg.tier1Count} t2 ${msg.tier2Count} | semantic ${msg.semanticHits} | recency ${msg.recencyHits} | merged ${msg.mergedCount} → selected ${msg.selectedCount}${msg.sparseVectorUsed ? " (sparse)" : ""} | hybrid ${msg.hybridSearchLatencyMs}ms | ${msg.provider}/${msg.model} | ${msg.latencyMs}ms]\x1B[0m\n`,
+          `\n\x1B[2m[Memory recalled: ${msg.injectedTokens} tokens | t1 ${msg.tier1Count} t2 ${msg.tier2Count} | semantic ${msg.semanticHits} | merged ${msg.mergedCount} → selected ${msg.selectedCount}${msg.sparseVectorUsed ? " (sparse)" : ""} | hybrid ${msg.hybridSearchLatencyMs}ms | ${msg.provider}/${msg.model} | ${msg.latencyMs}ms]\x1B[0m\n`,
         );
         spinner.start("Thinking...");
         break;

package/src/config/assistant-feature-flags.ts

@@ -5,7 +5,8 @@
  * `meta/feature-flags/feature-flag-registry.json` and resolves the effective
  * enabled/disabled state for each declared assistant-scope flag by consulting
  * (in priority order):
- *   1. `config.assistantFeatureFlagValues[key]`  (explicit override)
+ *   1. Override values from `~/.vellum/protected/feature-flags.json` (local)
+ *      or via the gateway HTTP API (Docker/containerized)
  *   2. defaults registry `defaultEnabled`         (for declared keys)
  *   3. `true`                                     (for undeclared keys)
  *
@@ -14,8 +15,10 @@
  */
 
 import { existsSync, readFileSync } from "node:fs";
+import { homedir } from "node:os";
 import { dirname, join } from "node:path";
 
+import { getBaseDataDir, getIsContainerized } from "./env-registry.js";
 import type { AssistantConfig } from "./schema.js";
 
 // ---------------------------------------------------------------------------
@@ -105,6 +108,182 @@ function parseRegistryToDefaults(parsed: unknown): FeatureFlagDefaultsRegistry {
   return result;
 }
 
+// ---------------------------------------------------------------------------
+// Override loading — reads from protected directory or gateway HTTP
+// ---------------------------------------------------------------------------
+
+/**
+ * Module-level cache of feature flag override values. Populated lazily on
+ * first access, invalidated by `clearFeatureFlagOverridesCache()`.
+ */
+let cachedOverrides: Record<string, boolean> | null = null;
+
+/**
+ * File format for `~/.vellum/protected/feature-flags.json`, matching the
+ * gateway's feature-flag-store.ts schema.
+ */
+interface FeatureFlagFileData {
+  version: 1;
+  values: Record<string, boolean>;
+}
+
+/**
+ * Resolve the path to the feature flag overrides file.
+ *
+ * Docker: `GATEWAY_SECURITY_DIR/feature-flags.json`
+ * Local:  `~/.vellum/protected/feature-flags.json`
+ *
+ * Uses `BASE_DATA_DIR` when set (multi-instance mode) so per-instance
+ * feature flag files are correctly scoped.
+ */
+function getFeatureFlagOverridesPath(): string {
+  const securityDir = process.env.GATEWAY_SECURITY_DIR;
+  if (securityDir) {
+    return join(securityDir, "feature-flags.json");
+  }
+  const root = join(getBaseDataDir() || homedir(), ".vellum");
+  return join(root, "protected", "feature-flags.json");
+}
+
+/**
+ * Load override values from the protected feature-flags.json file.
+ * Returns an empty record if the file doesn't exist or is malformed.
+ */
+function loadOverridesFromFile(): Record<string, boolean> {
+  const path = getFeatureFlagOverridesPath();
+  if (!existsSync(path)) return {};
+
+  try {
+    const raw = readFileSync(path, "utf-8");
+    const data = JSON.parse(raw) as FeatureFlagFileData;
+    if (data.version !== 1) return {};
+    if (
+      data.values &&
+      typeof data.values === "object" &&
+      !Array.isArray(data.values)
+    ) {
+      const filtered: Record<string, boolean> = {};
+      for (const [k, v] of Object.entries(data.values)) {
+        if (typeof v === "boolean") filtered[k] = v;
+      }
+      return filtered;
+    }
+    return {};
+  } catch {
+    return {};
+  }
+}
+
+/**
+ * Load override values from the gateway via synchronous HTTP call.
+ *
+ * Follows the trust-client pattern: uses `Bun.spawnSync` + `curl` to make
+ * a blocking GET request to the gateway's feature-flags endpoint. The
+ * gateway returns `{ flags: Array<{ key, enabled, ... }> }` and we extract
+ * just the key → enabled map.
+ */
+function loadOverridesFromGateway(): Record<string, boolean> {
+  try {
+    // Lazy-import to avoid circular dependency and keep this module
+    // importable from bootstrap code when not in containerized mode.
+    const { getGatewayInternalBaseUrl } =
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      require("./env.js") as typeof import("./env.js");
+    const { mintEdgeRelayToken } =
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      require("../runtime/auth/token-service.js") as typeof import("../runtime/auth/token-service.js");
+
+    const url = `${getGatewayInternalBaseUrl()}/v1/feature-flags`;
+    const token = mintEdgeRelayToken();
+
+    const proc = Bun.spawnSync(
+      [
+        "curl",
+        "-s",
+        "-S",
+        "-X",
+        "GET",
+        "--max-time",
+        "10",
+        "-H",
+        `Authorization: Bearer ${token}`,
+        "-H",
+        "Accept: application/json",
+        "-w",
+        "\n%{http_code}",
+        url,
+      ],
+      { stdout: "pipe", stderr: "pipe" },
+    );
+
+    if (proc.exitCode !== 0) return {};
+
+    const output = proc.stdout.toString().trim();
+    const lastNewline = output.lastIndexOf("\n");
+    const responseBody = lastNewline >= 0 ? output.slice(0, lastNewline) : "";
+    const statusCode = parseInt(
+      lastNewline >= 0 ? output.slice(lastNewline + 1) : output,
+      10,
+    );
+
+    if (statusCode < 200 || statusCode >= 300) return {};
+    if (!responseBody) return {};
+
+    const parsed = JSON.parse(responseBody) as {
+      flags?: Array<{ key: string; enabled: boolean }>;
+    };
+    if (!Array.isArray(parsed.flags)) return {};
+
+    const result: Record<string, boolean> = {};
+    for (const entry of parsed.flags) {
+      if (typeof entry.key === "string" && typeof entry.enabled === "boolean") {
+        result[entry.key] = entry.enabled;
+      }
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+
+/**
+ * Load overrides from the appropriate source based on runtime mode.
+ * Results are cached at module level.
+ */
+function loadOverrides(): Record<string, boolean> {
+  if (cachedOverrides != null) return cachedOverrides;
+
+  cachedOverrides = getIsContainerized()
+    ? loadOverridesFromGateway()
+    : loadOverridesFromFile();
+
+  return cachedOverrides;
+}
+
+/**
+ * Invalidate the cached override values so the next call to
+ * `isAssistantFeatureFlagEnabled` re-reads from the source.
+ *
+ * Called by the config watcher when the feature-flags file changes.
+ */
+export function clearFeatureFlagOverridesCache(): void {
+  cachedOverrides = null;
+}
+
+/**
+ * Directly inject override values into the module-level cache.
+ *
+ * **Test-only** — bypasses file/gateway loading so unit tests can control
+ * flag state without writing to disk. Production code should never call this;
+ * use `clearFeatureFlagOverridesCache()` instead and let the resolver
+ * re-read from the appropriate source.
+ */
+export function _setOverridesForTesting(
+  overrides: Record<string, boolean>,
+): void {
+  cachedOverrides = { ...overrides };
+}
+
 // ---------------------------------------------------------------------------
 // Public API
 // ---------------------------------------------------------------------------
@@ -113,19 +292,21 @@ function parseRegistryToDefaults(parsed: unknown): FeatureFlagDefaultsRegistry {
  * Resolve whether an assistant feature flag is enabled.
  *
  * Resolution order:
- *   1. `config.assistantFeatureFlagValues[key]`  (explicit override)
+ *   1. Override from `~/.vellum/protected/feature-flags.json` (local) or
+ *      gateway HTTP (Docker/containerized)
  *   2. defaults registry `defaultEnabled`         (for declared assistant-scope keys)
  *   3. `true`                                     (for undeclared keys with no override)
  */
 export function isAssistantFeatureFlagEnabled(
   key: string,
-  config: AssistantConfig,
+  _config: AssistantConfig,
 ): boolean {
   const defaults = loadDefaultsRegistry();
   const declared = defaults[key];
+  const overrides = loadOverrides();
 
-  // 1. Check config overrides
-  const explicit = config.assistantFeatureFlagValues?.[key];
+  // 1. Check overrides from protected feature-flags file / gateway
+  const explicit = overrides[key];
   if (typeof explicit === "boolean") return explicit;
 
   // 2. For declared keys, use the registry default

package/src/config/bundled-skills/AGENTS.md

@@ -0,0 +1,34 @@
+# Bundled Skills — Agent Instructions
+
+## Registering Tool Executors
+
+When you add a new tool executor to a bundled skill's `TOOLS.json`, you **must** also register it in `assistant/src/config/bundled-tool-registry.ts`. Each new executor needs two things:
+
+1. **A static import** at the top of the file, grouped under the skill's section comment.
+2. **A registry entry** in the `bundledToolRegistry` map.
+
+### Example (settings skill)
+
+```ts
+// ── settings ───────────────────────────────────────────────────────────────────
+import * as avatarUpdate from "./bundled-skills/settings/tools/avatar-update.js";
+// ... other imports ...
+
+export const bundledToolRegistry = new Map<string, SkillToolScript>([
+  // settings
+  ["settings:tools/avatar-update.ts", avatarUpdate],
+  // ... other entries ...
+]);
+```
+
+The map key format is `skillDirBasename:executorPath` (e.g. `settings:tools/avatar-update.ts`).
+
+### Why this is required
+
+`knip` (`lint:unused`) flags dynamically-loaded executor files as unused exports unless they have a static import somewhere in the dependency graph. The registry provides that static import while also enabling the compiled Bun binary to bundle the scripts (since dynamic imports from the filesystem don't work inside `/$bunfs/`).
+
+You can regenerate the full registry with:
+
+```sh
+bun run scripts/generate-bundled-tool-registry.ts
+```

package/src/config/bundled-skills/acp/SKILL.md

@@ -50,6 +50,16 @@ When the user first tries to use ACP and it's not configured, set it up automati
 - NEVER use `claude`, `claude -p`, `claude --acp`, or any other command. Only `claude-agent-acp` speaks the ACP JSON-RPC protocol.
 - NEVER change an existing ACP config to use a different command. If the config already has `claude-agent-acp`, leave it alone.
 
+## Updating the adapter
+
+If `acp_spawn` reports that `claude-agent-acp` is outdated, ask the user before updating. To update:
+
+```bash
+npm install -g @zed-industries/claude-agent-acp@latest
+```
+
+Then retry the `acp_spawn` call.
+
 ## Tips
 
 - The spawned agent runs autonomously with its own tools, file editing, and terminal access.

package/src/config/bundled-skills/app-builder/SKILL.md

@@ -632,7 +632,3 @@ When the user wants to triage or bulk-act on items, generate an interactive UI w
 ## External Links
 
 Use `vellum.openLink(url, metadata)` to make items clickable. Construct deep-link URLs when possible. Include `metadata.provider` and `metadata.type` for context.
-
-## Branding
-
-A "Built on Vellum" badge is auto-injected into every page. Do NOT add your own.

package/src/config/bundled-skills/messaging/SKILL.md

@@ -70,7 +70,7 @@ Slack connects via Socket Mode using a bot token and app-level token (not OAuth)
 - Call `skill_load` with `skill: "slack-app-setup"` to load the dependency skill.
 - Tell the user Slack isn't connected yet and briefly explain what the setup involves, then follow the skill's guided flow.
 
-The slack-app-setup skill handles: manifest-driven app creation, app token and bot token collection via secure prompt (never accept tokens pasted in plaintext chat), and Slack connection setup through the same settings handler used by the Settings UI. That handler validates the bot token, stores workspace metadata, and activates Socket Mode. The skill also covers optional guardian verification.
+The slack-app-setup skill handles: manifest-driven app creation, app token and bot token collection via secure prompt (never accept tokens pasted in plaintext chat), and Slack connection setup through the same settings handler used by the Settings UI. That handler validates the bot token, stores workspace metadata, and activates Socket Mode. The skill also covers optional identity verification.
 
 ### Telegram
 
@@ -81,15 +81,15 @@ Telegram uses a bot token (not OAuth). Load the **telegram-setup** skill (which
 
 The telegram-setup skill handles: verifying the bot token from @BotFather, generating a webhook secret, registering bot commands, and storing credentials securely via the secure credential prompt flow. **Never accept a Telegram bot token pasted in plaintext chat - always use the secure prompt.** Webhook registration with Telegram is handled automatically by the gateway on startup and whenever credentials change.
 
-The telegram-setup skill also includes **guardian verification**, which links your Telegram account as the trusted guardian for the bot.
+The telegram-setup skill also includes **channel verification**, which links your Telegram account for verified message delivery.
 
-### Guardian Verification (Voice or Telegram)
+### Channel Verification (Voice or Telegram)
 
-If the user asks to verify their guardian identity for voice or Telegram, load the **guardian-verify-setup** skill:
+If the user asks to verify their identity for voice or Telegram, load the **guardian-verify-setup** skill:
 
 - Call `skill_load` with `skill: "guardian-verify-setup"` to load the dependency skill.
 
-The guardian-verify-setup skill handles the full outbound verification flow for voice and Telegram channels. It collects the user's destination (phone number or Telegram chat ID/handle), initiates an outbound verification session, and guides the user through entering or replying with the verification code. This is the single source of truth for guardian verification setup -- do not duplicate the verification flow inline.
+The guardian-verify-setup skill handles the full outbound verification flow for voice and Telegram channels. It collects the user's destination (phone number or Telegram chat ID/handle), initiates an outbound verification session, and guides the user through entering or replying with the verification code. This is the single source of truth for channel verification setup -- do not duplicate the verification flow inline.
 
 ## Error Recovery
 

package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts

@@ -50,7 +50,7 @@ function upsertMemoryItem(opts: {
           Math.max(existing.importance ?? 0, opts.importance),
         ),
         lastSeenAt: now,
-        verificationState: "assistant_inferred",
+        sourceType: "extraction",
       })
       .where(eq(memoryItems.id, existing.id))
       .run();
@@ -67,7 +67,7 @@ function upsertMemoryItem(opts: {
         confidence: 0.8,
         importance: clampUnitInterval(opts.importance),
         fingerprint,
-        verificationState: "assistant_inferred",
+        sourceType: "extraction",
         scopeId: opts.scopeId,
         firstSeenAt: now,
         lastSeenAt: now,

package/src/config/bundled-skills/phone-calls/TOOLS.json

@@ -26,6 +26,10 @@
             "enum": ["assistant_number", "user_number"],
             "description": "Which phone number to use as the caller ID. assistant_number uses the AI assistant's Twilio number; user_number uses the user's verified personal number."
           },
+          "skip_disclosure": {
+            "type": "boolean",
+            "description": "Skip the disclosure announcement at the start of the call. Set to true when calling someone who already knows who you are (e.g. your guardian, a family member, or a close contact)."
+          },
           "activity": {
             "type": "string",
             "description": "Brief non-technical explanation of why this tool is being called"

package/src/config/bundled-skills/playbooks/tools/playbook-create.ts

@@ -100,6 +100,7 @@ export async function executePlaybookCreate(
         confidence: 0.95,
         importance: 0.8,
         fingerprint,
+        sourceType: "tool",
         verificationState: "user_confirmed",
         scopeId,
         firstSeenAt: now,

package/src/config/bundled-skills/playbooks/tools/playbook-update.ts

@@ -125,6 +125,7 @@ export async function executePlaybookUpdate(
         statement,
         fingerprint,
         lastSeenAt: now,
+        sourceType: "tool",
         verificationState: "user_confirmed",
       })
       .where(eq(memoryItems.id, existing.id))