@vellumai/assistant 0.5.6 → 0.5.8

package/src/daemon/message-types/upgrades.ts

@@ -7,6 +7,13 @@ export interface ServiceGroupUpdateStarting {
   expectedDowntimeSeconds: number;
 }
 
+/** Broadcast to connected clients with a progress update during an upgrade or rollback. */
+export interface ServiceGroupUpdateProgress {
+  type: "service_group_update_progress";
+  /** A short, user-friendly status message describing what's happening right now. */
+  statusMessage: string;
+}
+
 /** Broadcast to connected clients when a service group update has completed. */
 export interface ServiceGroupUpdateComplete {
   type: "service_group_update_complete";
@@ -20,4 +27,5 @@ export interface ServiceGroupUpdateComplete {
 
 export type _UpgradesServerMessages =
   | ServiceGroupUpdateStarting
+  | ServiceGroupUpdateProgress
   | ServiceGroupUpdateComplete;

package/src/daemon/server.ts

@@ -20,13 +20,7 @@ import {
 import { getConfig } from "../config/loader.js";
 import { onContactChange } from "../contacts/contact-events.js";
 import type { CesClient } from "../credential-execution/client.js";
-import { createCesClient } from "../credential-execution/client.js";
-import { isCesToolsEnabled } from "../credential-execution/feature-gates.js";
-import {
-  type CesProcessManager,
-  CesUnavailableError,
-  createCesProcessManager,
-} from "../credential-execution/process-manager.js";
+import type { CesProcessManager } from "../credential-execution/process-manager.js";
 import type { HeartbeatService } from "../heartbeat/heartbeat-service.js";
 import * as attachmentsStore from "../memory/attachments-store.js";
 import {
@@ -45,10 +39,9 @@ import {
 import { updateMetaFile } from "../memory/conversation-disk-view.js";
 import { getOrCreateConversation } from "../memory/conversation-key-store.js";
 import { buildSystemPrompt } from "../prompts/system-prompt.js";
-import { resolveManagedProxyContext } from "../providers/managed-proxy/context.js";
 import { RateLimitProvider } from "../providers/ratelimit.js";
 import {
-  getFailoverProvider,
+  getProvider,
   initializeProviders,
 } from "../providers/registry.js";
 import { buildAssistantEvent } from "../runtime/assistant-event.js";
@@ -57,13 +50,11 @@ import { DAEMON_INTERNAL_ASSISTANT_ID } from "../runtime/assistant-scope.js";
 import { getSigningKeyFingerprint } from "../runtime/auth/token-service.js";
 import { bridgeConfirmationRequestToGuardian } from "../runtime/confirmation-request-guardian-bridge.js";
 import * as pendingInteractions from "../runtime/pending-interactions.js";
-import { checkIngressForSecrets } from "../security/secret-ingress.js";
 import { registerCancelCallback } from "../signals/cancel.js";
 import { registerConversationUndoCallback } from "../signals/conversation-undo.js";
 import { appendEventToStream } from "../signals/event-stream.js";
 import { registerUserMessageCallback } from "../signals/user-message.js";
 import { getSubagentManager } from "../subagent/index.js";
-import { IngressBlockedError } from "../util/errors.js";
 import { getLogger } from "../util/logger.js";
 import {
   getSandboxWorkingDir,
@@ -253,7 +244,6 @@ export class DaemonServer {
   private conversationOptions = new Map<string, ConversationCreateOptions>();
   private conversationCreating = new Map<string, Promise<Conversation>>();
   private sharedRequestTimestamps: number[] = [];
-  private httpPort: number | undefined;
   private unsubscribeContactChange: (() => void) | null = null;
   private evictor: ConversationEvictor;
   private _hubChain: Promise<void> = Promise.resolve();
@@ -262,8 +252,8 @@ export class DaemonServer {
   private configWatcher = new ConfigWatcher();
 
   // CES (Credential Execution Service) — process-level singleton.
-  // The CES sidecar accepts exactly one bootstrap connection, so we must
-  // hold that connection at the server level rather than per-conversation.
+  // Lifecycle is managed by startCesProcess() in lifecycle.ts; the server
+  // receives the result via setCes().
   private cesProcessManager?: CesProcessManager;
   private cesClientPromise?: Promise<CesClient | undefined>;
   private cesInitAbortController?: AbortController;
@@ -274,6 +264,31 @@ export class DaemonServer {
    */
   assistantId: string = DAEMON_INTERNAL_ASSISTANT_ID;
 
+  /**
+   * Inject the CES client and process manager from the caller (lifecycle.ts).
+   * Must be called before start().
+   */
+  setCes(result: {
+    client: CesClient | undefined;
+    processManager: CesProcessManager | undefined;
+    clientPromise: Promise<CesClient | undefined> | undefined;
+    abortController: AbortController | undefined;
+  }): void {
+    this.cesClientRef = result.client;
+    this.cesProcessManager = result.processManager;
+    this.cesInitAbortController = result.abortController;
+
+    // Wrap the external promise so that cesClientRef stays in sync once the
+    // handshake completes — the async work runs in lifecycle.ts but the
+    // server needs the resolved client reference for getCesClient().
+    if (result.clientPromise) {
+      this.cesClientPromise = result.clientPromise.then((client) => {
+        this.cesClientRef = client;
+        return client;
+      });
+    }
+  }
+
   /**
    * Return the CES client reference (if available).
    * Used by routes that need to push updates to CES (e.g. secret-routes).
@@ -538,73 +553,6 @@ export class DaemonServer {
       this.broadcast({ type: "contacts_changed" });
     });
 
-    // CES lifecycle — start the CES process and perform the RPC handshake
-    // once at server level. The managed sidecar accepts exactly one bootstrap
-    // connection, so this must be a process-level singleton.
-    if (isCesToolsEnabled(config)) {
-      const pm = createCesProcessManager({ assistantConfig: config });
-      this.cesProcessManager = pm;
-      const abortController = new AbortController();
-      this.cesInitAbortController = abortController;
-      this.cesClientPromise = (async () => {
-        try {
-          const transport = await pm.start();
-          if (abortController.signal.aborted) {
-            throw new Error("CES initialization aborted during shutdown");
-          }
-          const client = createCesClient(transport);
-          this.cesClientRef = client;
-          // Resolve the assistant API key so CES can use it for platform
-          // credential materialisation. In managed mode the key is provisioned
-          // after hatch and stored in the credential store — CES can't read
-          // the env var, so we pass it via the handshake.
-          const proxyCtx = await resolveManagedProxyContext();
-          const { accepted, reason } = await client.handshake(
-            proxyCtx.assistantApiKey
-              ? { assistantApiKey: proxyCtx.assistantApiKey }
-              : undefined,
-          );
-          if (abortController.signal.aborted) {
-            client.close();
-            throw new Error("CES initialization aborted during shutdown");
-          }
-          if (accepted) {
-            log.info(
-              "CES client initialized and handshake accepted (server-level)",
-            );
-            return client;
-          }
-          log.warn(
-            { reason },
-            "CES handshake rejected — CES tools will be unavailable",
-          );
-          client.close();
-          this.cesClientRef = undefined;
-          await pm.stop();
-          // Reset so next session can retry initialization
-          this.cesClientPromise = undefined;
-          return undefined;
-        } catch (err) {
-          if (err instanceof CesUnavailableError) {
-            log.info(
-              { reason: err.message },
-              "CES is not available — CES tools will be unavailable",
-            );
-          } else {
-            log.warn(
-              { error: err instanceof Error ? err.message : String(err) },
-              "Failed to initialize CES client — CES tools will be unavailable",
-            );
-          }
-          await pm.stop().catch(() => {});
-          // Reset so next session can retry initialization
-          this.cesClientRef = undefined;
-          this.cesClientPromise = undefined;
-          return undefined;
-        }
-      })();
-    }
-
     log.info("DaemonServer started (HTTP-only mode)");
   }
 
@@ -656,11 +604,9 @@ export class DaemonServer {
 
   // ── Conversation management ──────────────────────────────────────────────
 
-  setHttpPort(port: number): void {
-    this.httpPort = port;
+  broadcastStatus(): void {
     this.broadcast({
-      type: "daemon_status",
-      httpPort: port,
+      type: "assistant_status",
       version: daemonVersion,
       keyFingerprint: getSigningKeyFingerprint(),
     });
@@ -756,9 +702,8 @@ export class DaemonServer {
 
       const createPromise = (async () => {
         const config = getConfig();
-        let provider = getFailoverProvider(
+        let provider = getProvider(
           config.services.inference.provider,
-          config.providerOrder,
         );
         const { rateLimit } = config;
         if (rateLimit.maxRequestsPerMinute > 0) {
@@ -884,14 +829,6 @@ export class DaemonServer {
       filePath?: string;
     }[];
   }> {
-    const ingressCheck = checkIngressForSecrets(content);
-    if (ingressCheck.blocked) {
-      throw new IngressBlockedError(
-        ingressCheck.userNotice!,
-        ingressCheck.detectedTypes,
-      );
-    }
-
     const conversation = await this.getOrCreateConversation(
       conversationId,
       options,

package/src/events/domain-events.ts

@@ -25,7 +25,8 @@ export interface ToolDomainEvents {
       | "always_allow_high_risk"
       | "deny"
       | "always_deny"
-      | "temporary_override";
+      | "temporary_override"
+      | "dangerously_skip_permissions";
     riskLevel: string;
     decidedAtMs: number;
   };

package/src/inbound/platform-callback-registration.ts

@@ -2,7 +2,7 @@
  * Platform callback route registration for containerized deployments.
  *
  * When the assistant daemon runs inside a container (IS_CONTAINERIZED=true)
- * with a configured PLATFORM_BASE_URL and PLATFORM_ASSISTANT_ID, external
+ * with a configured VELLUM_PLATFORM_URL and PLATFORM_ASSISTANT_ID, external
  * service callbacks (Twilio webhooks, OAuth redirects, Telegram webhooks, etc.)
  * must route through the platform's gateway proxy instead of hitting the
  * assistant directly.
@@ -12,7 +12,7 @@
  * webhooks to the correct containerized assistant instance.
  *
  * The platform endpoint is:
- *   POST {PLATFORM_BASE_URL}/v1/internal/gateway/callback-routes/register/
+ *   POST {VELLUM_PLATFORM_URL}/v1/internal/gateway/callback-routes/register/
  *
  * It accepts { assistant_id, callback_path, type } and returns a stable
  * callback_url that external services should use.
@@ -30,7 +30,7 @@ const log = getLogger("platform-callback-registration");
 
 /**
  * Whether the daemon should register callback routes with the platform.
- * True when IS_CONTAINERIZED, PLATFORM_BASE_URL, and PLATFORM_ASSISTANT_ID
+ * True when IS_CONTAINERIZED, VELLUM_PLATFORM_URL, and PLATFORM_ASSISTANT_ID
  * are all set. Intentionally does **not** require the managed proxy API key
  * so that callback-only flows (OAuth transport, Telegram/Twilio callback
  * registration) work during partial bootstrap before the key is injected.

package/src/instrument.ts

@@ -39,14 +39,17 @@ function redactObject(obj: unknown): unknown {
 }
 
 /**
- * Call after dotenv has loaded so SENTRY_DSN is available.
- * Always initializes Sentry to capture early startup crashes. If the user
- * later opts out via the sendDiagnostics config key (or VELLUM_DEV=1),
- * call closeSentry() after config is loaded to stop future event capturing.
+ * Call after dotenv has loaded so SENTRY_DSN_ASSISTANT is available.
+ * Initializes Sentry when the DSN is set; no-ops when empty/unset so
+ * local dev builds don't send crash reports. If the user later opts out
+ * via the sendDiagnostics config key (or VELLUM_DEV=1), call closeSentry()
+ * after config is loaded to stop future event capturing.
  */
 export function initSentry(): void {
+  const dsn = getSentryDsn();
+  if (!dsn) return;
   Sentry.init({
-    dsn: getSentryDsn(),
+    dsn,
     release: `vellum-assistant@${APP_VERSION}`,
     dist: COMMIT_SHA,
     environment: APP_VERSION === "0.0.0-dev" ? "development" : "production",

package/src/memory/app-store.ts

@@ -64,6 +64,37 @@ export function isMultifileApp(app: AppDefinition): boolean {
   return app.formatVersion === 2;
 }
 
+/**
+ * Inline dist assets (main.js, main.css) into the compiled HTML so it can be
+ * delivered as a self-contained string via loadHTMLString/SSE without needing
+ * the client to resolve external script/stylesheet URLs.
+ */
+export function inlineDistAssets(appDir: string, html: string): string {
+  const distDir = join(appDir, "dist");
+
+  // Inline main.js
+  const jsPath = join(distDir, "main.js");
+  if (existsSync(jsPath)) {
+    const js = readFileSync(jsPath, "utf-8");
+    html = html.replace(
+      /<script\s+type="module"\s+src="main\.js"\s*><\/script>/,
+      `<script type="module">${js}</script>`,
+    );
+  }
+
+  // Inline main.css
+  const cssPath = join(distDir, "main.css");
+  if (existsSync(cssPath)) {
+    const css = readFileSync(cssPath, "utf-8");
+    html = html.replace(
+      /<link\s+rel="stylesheet"\s+href="main\.css"\s*>/,
+      `<style>${css}</style>`,
+    );
+  }
+
+  return html;
+}
+
 export interface AppRecord {
   id: string;
   appId: string;

package/src/memory/conversation-title-service.ts

@@ -358,12 +358,61 @@ function deriveFallbackTitle(context?: TitleContext): string | null {
   return null;
 }
 
+/**
+ * Extract only human-authored text from stored message content for title
+ * generation. Unlike extractTextFromStoredMessageContent (which includes
+ * tool metadata like "Tool use (...): {...}"), this only extracts:
+ * - `text` blocks (the actual conversation content)
+ * - `tool_result` string content (topical signal from tool responses)
+ *   — web_search_tool_result is skipped (structured search data, not topical)
+ *
+ * Returns empty string for content-block arrays with no extractable text,
+ * preventing raw JSON from polluting the title prompt.
+ */
+function extractTextForTitle(raw: string): string {
+  try {
+    const parsed = JSON.parse(raw);
+    if (typeof parsed === "string") return parsed;
+    if (!Array.isArray(parsed)) return raw;
+    const texts: string[] = [];
+    for (const block of parsed) {
+      if (!block || typeof block !== "object") continue;
+      if (block.type === "text" && typeof block.text === "string") {
+        texts.push(block.text);
+        // guard:allow-tool-result-only — web_search_tool_result has structured
+        // search result arrays, not useful for title generation; only plain
+        // tool_result string content carries topical signal.
+      } else if (block.type === "tool_result") {
+        if (typeof block.content === "string") {
+          texts.push(block.content);
+        } else if (Array.isArray(block.content)) {
+          for (const nested of block.content) {
+            if (
+              nested &&
+              typeof nested === "object" &&
+              nested.type === "text" &&
+              typeof nested.text === "string"
+            ) {
+              texts.push(nested.text);
+            }
+          }
+        }
+      }
+    }
+    return texts.join("\n");
+  } catch {
+    return raw;
+  }
+}
+
 function buildRegenerationPrompt(recentMessages: MessageRow[]): string {
   const parts: string[] = ["Recent messages:"];
 
   for (const msg of recentMessages) {
+    const text = extractTextForTitle(msg.content);
+    if (!text) continue;
     const role = msg.role === "user" ? "User" : "Assistant";
-    parts.push(`${role}: ${truncate(msg.content, 200, "")}`);
+    parts.push(`${role}: ${truncate(text, 200, "")}`);
   }
 
   return parts.join("\n");

package/src/memory/db-init.ts

@@ -34,13 +34,16 @@ import {
   createSequenceTables,
   createTasksAndWorkItemsTables,
   createWatchersAndLogsTables,
+  migrateAddSourceTypeColumns,
   migrateAssistantContactMetadata,
+  migrateBackfillAudioAttachmentMimeTypes,
   migrateBackfillContactInteractionStats,
   migrateBackfillGuardianPrincipalId,
   migrateBackfillInlineAttachmentsToDisk,
   migrateBackfillUsageCacheAccounting,
   migrateCallSessionInviteMetadata,
   migrateCallSessionMode,
+  migrateCallSessionSkipDisclosure,
   migrateCanonicalGuardianDeliveriesDestinationIndex,
   migrateCanonicalGuardianRequesterChatId,
   migrateCapabilityCardColumns,
@@ -51,6 +54,7 @@ import {
   migrateContactsAssistantId,
   migrateContactsNotesColumn,
   migrateContactsRolePrincipal,
+  migrateContactsUserFileColumn,
   migrateConversationForkLineage,
   migrateConversationsThreadTypeIndex,
   migrateCreateThreadStartersTable,
@@ -492,6 +496,18 @@ export function initializeDb(): void {
   // 86. Drop simplified-memory tables and reducer checkpoint columns
   migrateDropSimplifiedMemory(database);
 
+  // 87. Add skip_disclosure column to call_sessions for per-call disclosure control
+  migrateCallSessionSkipDisclosure(database);
+
+  // 88. Backfill correct MIME types for audio attachments stored as application/octet-stream
+  migrateBackfillAudioAttachmentMimeTypes(database);
+
+  // 89. Add user_file column to contacts for per-user persona file mapping
+  migrateContactsUserFileColumn(database);
+
+  // 90. Add source_type and source_message_role columns to memory_items
+  migrateAddSourceTypeColumns(database);
+
   validateMigrationState(database);
 
   if (process.env.BUN_TEST === "1") {

package/src/memory/indexer.ts

@@ -7,7 +7,7 @@ import type { TrustClass } from "../runtime/actor-trust-resolver.js";
 import { getLogger } from "../util/logger.js";
 import { getDb } from "./db.js";
 import { selectedBackendSupportsMultimodal } from "./embedding-backend.js";
-import { enqueueMemoryJob } from "./jobs-store.js";
+import { enqueueMemoryJob, upsertDebouncedJob } from "./jobs-store.js";
 import {
   extractMediaBlockMeta,
   extractTextFromStoredMessageContent,
@@ -17,6 +17,11 @@ import { segmentText } from "./segmenter.js";
 
 const log = getLogger("memory-indexer");
 
+/** Delay before a conversation summary job becomes eligible to run.
+ *  Each new message in the same conversation resets the timer, so the
+ *  summary is only built once the conversation has been idle for this long. */
+const SUMMARY_DEBOUNCE_MS = 3 * 60 * 1000; // 3 minutes
+
 export interface IndexMessageInput {
   messageId: string;
   conversationId: string;
@@ -54,9 +59,11 @@ export async function indexMessageNow(
 
   const text = extractTextFromStoredMessageContent(input.content);
   if (text.length === 0) {
-    enqueueMemoryJob("build_conversation_summary", {
-      conversationId: input.conversationId,
-    });
+    upsertDebouncedJob(
+      "build_conversation_summary",
+      { conversationId: input.conversationId },
+      Date.now() + SUMMARY_DEBOUNCE_MS,
+    );
     return { indexedSegments: 0, enqueuedJobs: 1 };
   }
 
@@ -152,14 +159,16 @@ export async function indexMessageNow(
         tx,
       );
     }
-    enqueueMemoryJob(
-      "build_conversation_summary",
-      { conversationId: input.conversationId },
-      Date.now(),
-      tx,
-    );
   });
 
+  // Debounced outside the transaction — each new message pushes the summary
+  // job's runAfter forward so it only fires once the conversation is idle.
+  upsertDebouncedJob(
+    "build_conversation_summary",
+    { conversationId: input.conversationId },
+    Date.now() + SUMMARY_DEBOUNCE_MS,
+  );
+
   if (skippedEmbedJobs > 0) {
     log.debug(
       `Skipped ${skippedEmbedJobs}/${segments.length} embed_segment jobs (content unchanged)`,