npm - @vellumai/assistant - Versions diffs - 0.6.1 → 0.6.3 - Mend

@vellumai/assistant 0.6.1 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (463) hide show

package/bun.lock +40 -40
package/bunfig.toml +3 -0
package/docker-entrypoint.sh +12 -2
package/docs/architecture/memory.md +1 -1
package/node_modules/@vellumai/ces-contracts/src/handles.ts +7 -9
package/node_modules/@vellumai/ces-contracts/src/rpc.ts +42 -0
package/openapi.yaml +184 -69
package/package.json +41 -41
package/scripts/generate-openapi.ts +1 -2
package/src/__tests__/acp-session.test.ts +43 -0
package/src/__tests__/app-builder-tool-scripts.test.ts +1 -0
package/src/__tests__/app-executors.test.ts +1 -0
package/src/__tests__/app-source-watcher.test.ts +37 -11
package/src/__tests__/approval-routes-http.test.ts +178 -1
package/src/__tests__/assistant-event-hub.test.ts +30 -0
package/src/__tests__/browser-fill-credential.test.ts +229 -94
package/src/__tests__/browser-manager.test.ts +40 -27
package/src/__tests__/catalog-files.test.ts +862 -0
package/src/__tests__/channel-approvals.test.ts +53 -0
package/src/__tests__/checker.test.ts +104 -170
package/src/__tests__/cli-command-risk-guard.test.ts +1 -1
package/src/__tests__/config-managed-gemini-defaults.test.ts +326 -0
package/src/__tests__/config-schema-cmd.test.ts +2 -2
package/src/__tests__/config-schema.test.ts +125 -48
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +23 -0
package/src/__tests__/context-overflow-approval.test.ts +21 -6
package/src/__tests__/conversation-agent-loop-overflow.test.ts +1 -1
package/src/__tests__/conversation-agent-loop.test.ts +1 -1
package/src/__tests__/conversation-analysis-routes.test.ts +169 -0
package/src/__tests__/conversation-attachments.test.ts +80 -4
package/src/__tests__/conversation-confirmation-signals.test.ts +155 -0
package/src/__tests__/conversation-directories-parse.test.ts +105 -0
package/src/__tests__/conversation-fork-crud.test.ts +17 -0
package/src/__tests__/conversation-history-web-search.test.ts +1 -0
package/src/__tests__/conversation-host-access-routes.test.ts +229 -0
package/src/__tests__/conversation-inject-context.test.ts +103 -0
package/src/__tests__/conversation-queue.test.ts +45 -2
package/src/__tests__/conversation-routes-disk-view.test.ts +5 -0
package/src/__tests__/conversation-routes-guardian-reply.test.ts +16 -0
package/src/__tests__/conversation-routes-slash-commands.test.ts +1 -0
package/src/__tests__/conversation-runtime-assembly.test.ts +269 -46
package/src/__tests__/conversation-starter-routes.test.ts +126 -0
package/src/__tests__/conversation-starters-cadence.test.ts +161 -0
package/src/__tests__/conversation-store.test.ts +195 -0
package/src/__tests__/conversation-workspace-cache-state.test.ts +193 -0
package/src/__tests__/credential-execution-approval-bridge.test.ts +32 -3
package/src/__tests__/credential-security-invariants.test.ts +1 -0
package/src/__tests__/credential-vault-unit.test.ts +4 -4
package/src/__tests__/credential-vault.test.ts +152 -13
package/src/__tests__/credentials-cli.test.ts +2 -2
package/src/__tests__/date-context.test.ts +4 -4
package/src/__tests__/embedding-managed-proxy-selection.test.ts +256 -0
package/src/__tests__/extension-id-sync-guard.test.ts +155 -0
package/src/__tests__/fixtures/mock-chrome-extension.ts +375 -0
package/src/__tests__/gateway-only-guard.test.ts +3 -0
package/src/__tests__/gemini-provider.test.ts +2 -2
package/src/__tests__/guardian-routing-invariants.test.ts +70 -2
package/src/__tests__/headless-browser-interactions.test.ts +707 -371
package/src/__tests__/headless-browser-navigate.test.ts +389 -47
package/src/__tests__/headless-browser-read-tools.test.ts +266 -103
package/src/__tests__/headless-browser-snapshot.test.ts +240 -77
package/src/__tests__/host-bash-proxy.test.ts +150 -1
package/src/__tests__/host-browser-e2e-cloud.test.ts +462 -0
package/src/__tests__/host-browser-e2e-self-hosted-capability.test.ts +286 -0
package/src/__tests__/host-browser-e2e-self-hosted.test.ts +374 -0
package/src/__tests__/host-browser-event-routes.test.ts +350 -0
package/src/__tests__/host-browser-proxy.test.ts +444 -0
package/src/__tests__/host-browser-routes.test.ts +198 -0
package/src/__tests__/host-browser-ws-events-e2e.test.ts +320 -0
package/src/__tests__/host-cu-proxy.test.ts +171 -1
package/src/__tests__/host-file-proxy.test.ts +185 -1
package/src/__tests__/host-file-read-tool.test.ts +52 -0
package/src/__tests__/host-proxy-interface.test.ts +165 -0
package/src/__tests__/host-shell-tool.test.ts +1 -11
package/src/__tests__/http-user-message-parity.test.ts +1 -0
package/src/__tests__/init-feature-flag-overrides.test.ts +167 -0
package/src/__tests__/inline-command-runner.test.ts +7 -5
package/src/__tests__/integration-status.test.ts +6 -7
package/src/__tests__/list-messages-tool-merge.test.ts +37 -12
package/src/__tests__/log-export-workspace.test.ts +190 -0
package/src/__tests__/managed-credential-catalog-cli.test.ts +12 -14
package/src/__tests__/mcp-client-auth.test.ts +40 -4
package/src/__tests__/mcp-health-check.test.ts +10 -3
package/src/__tests__/migration-cross-version-compatibility.test.ts +3 -1
package/src/__tests__/migration-export-http.test.ts +61 -2
package/src/__tests__/migration-export-streaming.test.ts +66 -0
package/src/__tests__/migration-import-commit-http.test.ts +101 -1
package/src/__tests__/native-host-marker-sync-guard.test.ts +157 -0
package/src/__tests__/navigate-settings-tab.test.ts +14 -1
package/src/__tests__/notification-broadcaster.test.ts +65 -0
package/src/__tests__/oauth-apps-routes.test.ts +17 -12
package/src/__tests__/oauth-cli.test.ts +707 -60
package/src/__tests__/oauth-connect-orchestrator.test.ts +116 -24
package/src/__tests__/oauth-provider-seed-logos.test.ts +23 -0
package/src/__tests__/oauth-provider-serializer.test.ts +146 -10
package/src/__tests__/oauth-provider-visibility.test.ts +19 -21
package/src/__tests__/oauth-providers-routes.test.ts +50 -14
package/src/__tests__/oauth-store.test.ts +1386 -182
package/src/__tests__/oauth2-gateway-transport.test.ts +211 -20
package/src/__tests__/onboarding-template-contract.test.ts +74 -55
package/src/__tests__/openai-provider.test.ts +2 -2
package/src/__tests__/outlook-categories.test.ts +1 -1
package/src/__tests__/outlook-client-automation.test.ts +1 -1
package/src/__tests__/outlook-compose-tools.test.ts +1 -1
package/src/__tests__/outlook-email-watcher.test.ts +1 -1
package/src/__tests__/outlook-follow-up.test.ts +1 -1
package/src/__tests__/outlook-messaging-provider.test.ts +2 -2
package/src/__tests__/outlook-trash.test.ts +1 -1
package/src/__tests__/outlook-unsubscribe.test.ts +1 -1
package/src/__tests__/permission-checker-host-gate.test.ts +74 -14
package/src/__tests__/permission-mode.test.ts +28 -56
package/src/__tests__/pkb-autoinject.test.ts +96 -0
package/src/__tests__/platform-callback-registration.test.ts +19 -0
package/src/__tests__/post-turn-tool-result-truncation.test.ts +296 -0
package/src/__tests__/proxy-approval-callback.test.ts +18 -0
package/src/__tests__/require-fresh-approval.test.ts +40 -3
package/src/__tests__/sandbox-diagnostics.test.ts +1 -32
package/src/__tests__/sanitize-config-for-transfer.test.ts +132 -0
package/src/__tests__/schedule-routes.test.ts +162 -0
package/src/__tests__/secret-detection-handler.test.ts +84 -0
package/src/__tests__/secret-ingress-http.test.ts +1 -0
package/src/__tests__/send-endpoint-busy.test.ts +3 -0
package/src/__tests__/set-permission-mode.test.ts +13 -250
package/src/__tests__/skills-file-content-endpoint.test.ts +670 -0
package/src/__tests__/skills-files-catalog-fallback.test.ts +450 -0
package/src/__tests__/slack-channel-config.test.ts +12 -15
package/src/__tests__/subagent-detail.test.ts +44 -2
package/src/__tests__/subagent-disposal.test.ts +1 -0
package/src/__tests__/subagent-fork-notifications.test.ts +291 -0
package/src/__tests__/subagent-fork-spawn.test.ts +384 -0
package/src/__tests__/subagent-manager-notify.test.ts +1 -0
package/src/__tests__/subagent-notify-parent.test.ts +1 -0
package/src/__tests__/subagent-spawn-tool-fork.test.ts +411 -0
package/src/__tests__/subagent-tools.test.ts +1 -0
package/src/__tests__/subagent-types.test.ts +1 -0
package/src/__tests__/system-prompt-ask-mode.test.ts +27 -71
package/src/__tests__/system-prompt.test.ts +72 -1
package/src/__tests__/task-scheduler.test.ts +32 -6
package/src/__tests__/telegram-config.test.ts +10 -13
package/src/__tests__/terminal-sandbox.test.ts +1 -1
package/src/__tests__/terminal-tools.test.ts +11 -5
package/src/__tests__/test-preload.ts +14 -0
package/src/__tests__/tool-approval-handler.test.ts +73 -0
package/src/__tests__/tool-domain-event-publisher.test.ts +0 -1
package/src/__tests__/tool-executor-lifecycle-events.test.ts +1 -8
package/src/__tests__/tool-executor.test.ts +0 -1
package/src/__tests__/tool-side-effects-slack-dm.test.ts +22 -0
package/src/__tests__/top-level-renderer.test.ts +73 -1
package/src/__tests__/transport-hints-queue.test.ts +62 -0
package/src/__tests__/trust-store.test.ts +4 -4
package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +109 -0
package/src/__tests__/v2-consent-policy.test.ts +103 -0
package/src/__tests__/workspace-migration-030-seed-pkb-autoinject.test.ts +168 -0
package/src/__tests__/workspace-policy.test.ts +2 -7
package/src/acp/client-handler.ts +30 -4
package/src/agent/loop.ts +12 -35
package/src/approvals/guardian-request-resolvers.ts +21 -15
package/src/browser-session/__tests__/manager.test.ts +297 -0
package/src/browser-session/backends/cdp-inspect.ts +30 -0
package/src/browser-session/backends/extension.ts +26 -0
package/src/browser-session/backends/local.ts +24 -0
package/src/browser-session/events.ts +164 -0
package/src/browser-session/index.ts +27 -0
package/src/browser-session/manager.ts +159 -0
package/src/browser-session/types.ts +28 -0
package/src/channels/__tests__/types.test.ts +134 -0
package/src/channels/types.ts +55 -0
package/src/cli/__tests__/run-assistant-command.ts +34 -7
package/src/cli/__tests__/unknown-command.test.ts +33 -0
package/src/cli/commands/browser-relay.ts +339 -409
package/src/cli/commands/credentials.ts +3 -3
package/src/cli/commands/default-action.ts +68 -1
package/src/cli/commands/email.ts +18 -13
package/src/cli/commands/mcp.ts +16 -4
package/src/cli/commands/oauth/__tests__/connect.test.ts +68 -41
package/src/cli/commands/oauth/__tests__/disconnect.test.ts +21 -21
package/src/cli/commands/oauth/__tests__/mode.test.ts +17 -17
package/src/cli/commands/oauth/__tests__/ping.test.ts +16 -16
package/src/cli/commands/oauth/__tests__/providers-delete.test.ts +31 -33
package/src/cli/commands/oauth/__tests__/providers-register.test.ts +329 -0
package/src/cli/commands/oauth/__tests__/providers-update.test.ts +116 -12
package/src/cli/commands/oauth/__tests__/status.test.ts +10 -10
package/src/cli/commands/oauth/__tests__/token.test.ts +7 -7
package/src/cli/commands/oauth/apps.ts +7 -4
package/src/cli/commands/oauth/connect.ts +16 -2
package/src/cli/commands/oauth/disconnect.ts +1 -1
package/src/cli/commands/oauth/providers.ts +200 -36
package/src/cli/commands/oauth/shared.ts +5 -5
package/src/cli/commands/platform/__tests__/callback-routes-list.test.ts +259 -0
package/src/cli/commands/platform/__tests__/connect.test.ts +1 -1
package/src/cli/commands/platform/__tests__/disconnect.test.ts +1 -1
package/src/cli/commands/platform/__tests__/status.test.ts +1 -1
package/src/cli/commands/platform/index.ts +107 -10
package/src/cli/commands/usage.ts +10 -9
package/src/cli/lib/daemon-credential-client.ts +4 -0
package/src/cli/program.ts +10 -3
package/src/config/assistant-feature-flags.ts +59 -55
package/src/config/bundled-skills/app-builder/SKILL.md +33 -173
package/src/config/bundled-skills/app-builder/references/CUSTOM_ROUTES.md +105 -0
package/src/config/bundled-skills/app-builder/references/INTERACTION_HOOKS.md +56 -0
package/src/config/bundled-skills/app-builder/references/WIDGETS.md +125 -0
package/src/config/bundled-skills/contacts/SKILL.md +3 -0
package/src/config/bundled-skills/document/SKILL.md +4 -0
package/src/config/bundled-skills/gmail/SKILL.md +12 -7
package/src/config/bundled-skills/gmail/TOOLS.json +1 -1
package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +2 -1
package/src/config/bundled-skills/outlook/SKILL.md +7 -0
package/src/config/bundled-skills/settings/TOOLS.json +1 -1
package/src/config/bundled-skills/settings/tools/navigate-settings-tab.ts +8 -3
package/src/config/bundled-skills/subagent/SKILL.md +21 -0
package/src/config/bundled-skills/subagent/TOOLS.json +8 -4
package/src/config/bundled-skills/tasks/SKILL.md +5 -0
package/src/config/env-registry.ts +14 -0
package/src/config/env.ts +21 -0
package/src/config/feature-flag-registry.json +46 -7
package/src/config/loader.ts +56 -1
package/src/config/sanitize-for-transfer.ts +47 -0
package/src/config/schema.ts +46 -5
package/src/config/schemas/host-browser.ts +66 -0
package/src/config/schemas/memory-lifecycle.ts +1 -1
package/src/config/schemas/memory-retrieval.ts +103 -0
package/src/config/schemas/security.ts +0 -6
package/src/config/schemas/services.ts +16 -0
package/src/config/types.ts +0 -1
package/src/context/post-turn-tool-result-truncation.ts +176 -0
package/src/context/window-manager.ts +19 -1
package/src/credential-execution/approval-bridge.ts +49 -16
package/src/credential-execution/managed-catalog.ts +3 -7
package/src/daemon/__tests__/conversation-tool-setup.test.ts +186 -0
package/src/daemon/app-source-watcher.ts +35 -0
package/src/daemon/config-watcher.ts +6 -2
package/src/daemon/context-overflow-approval.ts +5 -1
package/src/daemon/conversation-agent-loop-handlers.ts +17 -2
package/src/daemon/conversation-agent-loop.ts +74 -19
package/src/daemon/conversation-attachments.ts +40 -1
package/src/daemon/conversation-messaging.ts +3 -0
package/src/daemon/conversation-process.ts +66 -3
package/src/daemon/conversation-queue-manager.ts +8 -0
package/src/daemon/conversation-runtime-assembly.ts +159 -20
package/src/daemon/conversation-surfaces.ts +78 -12
package/src/daemon/conversation-tool-setup.ts +74 -11
package/src/daemon/conversation-workspace.ts +12 -0
package/src/daemon/conversation.ts +227 -11
package/src/daemon/date-context.ts +10 -10
package/src/daemon/first-greeting.ts +3 -2
package/src/daemon/handlers/conversations.ts +9 -139
package/src/daemon/handlers/shared.ts +65 -0
package/src/daemon/handlers/skills.ts +232 -37
package/src/daemon/host-bash-proxy.ts +48 -13
package/src/daemon/host-browser-proxy.ts +191 -0
package/src/daemon/host-cu-proxy.ts +36 -11
package/src/daemon/host-file-proxy.ts +57 -9
package/src/daemon/lifecycle.ts +86 -12
package/src/daemon/message-protocol.ts +7 -0
package/src/daemon/message-types/conversations.ts +59 -13
package/src/daemon/message-types/host-browser.ts +100 -0
package/src/daemon/message-types/messages.ts +5 -6
package/src/daemon/message-types/notifications.ts +12 -0
package/src/daemon/message-types/settings.ts +12 -0
package/src/daemon/message-types/skills.ts +10 -0
package/src/daemon/message-types/subagents.ts +2 -0
package/src/daemon/server.ts +112 -35
package/src/daemon/tool-side-effects.ts +6 -0
package/src/daemon/transport-hints.ts +14 -0
package/src/inbound/platform-callback-registration.ts +18 -17
package/src/index.ts +1 -1
package/src/mcp/client.ts +59 -24
package/src/memory/app-store.ts +31 -1
package/src/memory/conversation-crud.ts +38 -10
package/src/memory/conversation-directories.ts +39 -0
package/src/memory/conversation-group-migration.ts +65 -5
package/src/memory/conversation-starters-cadence.ts +76 -0
package/src/memory/conversation-title-service.ts +5 -2
package/src/memory/db-init.ts +12 -0
package/src/memory/embedding-backend.test.ts +75 -0
package/src/memory/embedding-backend.ts +131 -5
package/src/memory/embedding-gemini.test.ts +54 -0
package/src/memory/embedding-gemini.ts +20 -9
package/src/memory/embedding-local.ts +177 -18
package/src/memory/graph/capability-seed.ts +3 -5
package/src/memory/graph/consolidation.ts +10 -23
package/src/memory/graph/extraction-job.ts +15 -0
package/src/memory/graph/retriever.ts +40 -22
package/src/memory/graph/store.test.ts +7 -3
package/src/memory/graph/store.ts +47 -12
package/src/memory/group-crud.ts +25 -9
package/src/memory/llm-usage-store.ts +45 -4
package/src/memory/migrations/213-oauth-providers-scope-separator.ts +13 -0
package/src/memory/migrations/214-oauth-providers-refresh-url.ts +11 -0
package/src/memory/migrations/215-oauth-providers-revoke.ts +14 -0
package/src/memory/migrations/216-oauth-providers-token-auth-method.ts +30 -0
package/src/memory/migrations/217-conversation-host-access.ts +40 -0
package/src/memory/migrations/218-oauth-providers-logo-url.ts +11 -0
package/src/memory/migrations/index.ts +6 -0
package/src/memory/migrations/registry.ts +8 -0
package/src/memory/schema/conversations.ts +1 -0
package/src/memory/schema/oauth.ts +18 -13
package/src/messaging/provider.ts +1 -1
package/src/notifications/broadcaster.ts +6 -0
package/src/notifications/conversation-pairing.ts +12 -4
package/src/notifications/emit-signal.ts +14 -0
package/src/notifications/signal.ts +11 -0
package/src/oauth/AGENTS.md +76 -0
package/src/oauth/__tests__/identity-verifier.test.ts +24 -19
package/src/oauth/__tests__/seed-providers-managed.test.ts +32 -0
package/src/oauth/byo-connection.test.ts +8 -8
package/src/oauth/byo-connection.ts +7 -7
package/src/oauth/connect-orchestrator.ts +23 -21
package/src/oauth/connect-types.ts +3 -3
package/src/oauth/connection-resolver.test.ts +17 -4
package/src/oauth/connection-resolver.ts +16 -16
package/src/oauth/connection.ts +1 -1
package/src/oauth/manual-token-connection.ts +13 -13
package/src/oauth/oauth-store.ts +214 -100
package/src/oauth/platform-connection.test.ts +5 -5
package/src/oauth/platform-connection.ts +4 -4
package/src/oauth/provider-serializer.ts +31 -5
package/src/oauth/revoke.ts +76 -0
package/src/oauth/seed-providers.ts +127 -87
package/src/oauth/token-persistence.ts +1 -1
package/src/permissions/checker.ts +3 -3
package/src/permissions/defaults.ts +7 -8
package/src/permissions/permission-mode.ts +4 -11
package/src/permissions/prompter.ts +13 -3
package/src/permissions/v2-consent-policy.ts +87 -0
package/src/platform/client.ts +1 -1
package/src/prompts/system-prompt.ts +18 -21
package/src/prompts/templates/BOOTSTRAP-REFERENCE.md +3 -65
package/src/prompts/templates/BOOTSTRAP.md +59 -96
package/src/prompts/templates/SOUL.md +11 -11
package/src/providers/anthropic/client.ts +1 -0
package/src/providers/types.ts +1 -1
package/src/runtime/AGENTS.md +23 -0
package/src/runtime/__tests__/browser-extension-pair-routes.test.ts +715 -0
package/src/runtime/__tests__/capability-tokens.test.ts +258 -0
package/src/runtime/__tests__/chrome-extension-registry.test.ts +518 -0
package/src/runtime/assistant-event-hub.ts +24 -2
package/src/runtime/auth/__tests__/guard-tests.test.ts +1 -0
package/src/runtime/auth/__tests__/middleware.test.ts +116 -1
package/src/runtime/auth/__tests__/route-policy.test.ts +8 -0
package/src/runtime/auth/middleware.ts +98 -0
package/src/runtime/auth/route-policy.ts +6 -7
package/src/runtime/auth/token-service.ts +8 -0
package/src/runtime/capability-tokens.ts +414 -0
package/src/runtime/channel-approvals.ts +18 -5
package/src/runtime/chrome-extension-registry.ts +332 -0
package/src/runtime/confirmation-request-guardian-bridge.ts +6 -0
package/src/runtime/guardian-decision-types.ts +7 -0
package/src/runtime/http-server.ts +425 -70
package/src/runtime/migrations/__tests__/rebind-secrets-credentials.test.ts +172 -0
package/src/runtime/migrations/__tests__/vbundle-builder-credentials.test.ts +276 -0
package/src/runtime/migrations/__tests__/vbundle-import-credentials.test.ts +162 -0
package/src/runtime/migrations/migration-transport.ts +6 -0
package/src/runtime/migrations/migration-wizard.ts +22 -2
package/src/runtime/migrations/rebind-secrets-screen.ts +76 -15
package/src/runtime/migrations/vbundle-builder.ts +145 -38
package/src/runtime/migrations/vbundle-import-analyzer.ts +19 -0
package/src/runtime/migrations/vbundle-importer.ts +55 -5
package/src/runtime/pending-interactions.ts +29 -13
package/src/runtime/routes/approval-routes.ts +90 -16
package/src/runtime/routes/browser-cdp-routes.ts +229 -0
package/src/runtime/routes/browser-extension-pair-routes.ts +497 -0
package/src/runtime/routes/conversation-analysis-routes.ts +18 -5
package/src/runtime/routes/conversation-management-routes.ts +108 -0
package/src/runtime/routes/conversation-routes.ts +308 -28
package/src/runtime/routes/conversation-starter-routes.ts +78 -16
package/src/runtime/routes/group-routes.ts +22 -8
package/src/runtime/routes/guardian-action-routes.ts +24 -13
package/src/runtime/routes/host-browser-routes.ts +279 -0
package/src/runtime/routes/host-file-routes.ts +9 -1
package/src/runtime/routes/identity-routes.ts +259 -16
package/src/runtime/routes/log-export/AGENTS.md +104 -0
package/src/runtime/routes/log-export/__tests__/workspace-allowlist-error-contract.test.ts +103 -0
package/src/runtime/routes/log-export/__tests__/workspace-allowlist.test.ts +716 -0
package/src/runtime/routes/log-export/workspace-allowlist.ts +458 -0
package/src/runtime/routes/log-export-routes.ts +60 -25
package/src/runtime/routes/memory-item-routes.ts +1 -7
package/src/runtime/routes/migration-routes.ts +87 -2
package/src/runtime/routes/oauth-apps.ts +15 -17
package/src/runtime/routes/oauth-providers.ts +4 -0
package/src/runtime/routes/schedule-routes.ts +24 -11
package/src/runtime/routes/settings-routes.ts +9 -97
package/src/runtime/routes/skills-routes.ts +52 -2
package/src/runtime/routes/subagents-routes.ts +14 -10
package/src/runtime/routes/usage-routes.ts +8 -7
package/src/runtime/routes/workspace-routes.test.ts +22 -0
package/src/runtime/routes/workspace-routes.ts +8 -1
package/src/runtime/routes/workspace-utils.ts +2 -0
package/src/schedule/scheduler.ts +7 -5
package/src/security/ces-credential-client.ts +20 -0
package/src/security/ces-rpc-credential-backend.ts +17 -0
package/src/security/credential-backend.ts +5 -0
package/src/security/oauth2.ts +42 -25
package/src/security/secure-keys.ts +118 -25
package/src/security/token-manager.ts +23 -10
package/src/skills/catalog-files.ts +492 -0
package/src/skills/inline-command-runner.ts +12 -14
package/src/subagent/manager.ts +131 -26
package/src/subagent/types.ts +19 -0
package/src/tools/apps/executors.ts +11 -2
package/src/tools/browser/__tests__/auth-detector.test.ts +202 -108
package/src/tools/browser/auth-detector.ts +43 -12
package/src/tools/browser/browser-execution.ts +645 -340
package/src/tools/browser/browser-manager.ts +36 -12
package/src/tools/browser/cdp-client/__tests__/accessibility-snapshot.test.ts +318 -0
package/src/tools/browser/cdp-client/__tests__/cdp-dom-helpers.test.ts +1175 -0
package/src/tools/browser/cdp-client/__tests__/cdp-inspect-client.test.ts +870 -0
package/src/tools/browser/cdp-client/__tests__/extension-cdp-client.test.ts +330 -0
package/src/tools/browser/cdp-client/__tests__/factory.test.ts +377 -0
package/src/tools/browser/cdp-client/__tests__/fixtures/ax-tree-nested-frames.json +64 -0
package/src/tools/browser/cdp-client/__tests__/fixtures/ax-tree-simple.json +69 -0
package/src/tools/browser/cdp-client/__tests__/local-cdp-client.test.ts +310 -0
package/src/tools/browser/cdp-client/__tests__/types.test.ts +96 -0
package/src/tools/browser/cdp-client/accessibility-snapshot.ts +387 -0
package/src/tools/browser/cdp-client/cdp-dom-helpers.ts +695 -0
package/src/tools/browser/cdp-client/cdp-inspect/__tests__/discovery.test.ts +743 -0
package/src/tools/browser/cdp-client/cdp-inspect/__tests__/ws-transport.test.ts +580 -0
package/src/tools/browser/cdp-client/cdp-inspect/discovery.ts +578 -0
package/src/tools/browser/cdp-client/cdp-inspect/ws-transport.ts +579 -0
package/src/tools/browser/cdp-client/cdp-inspect-client.ts +635 -0
package/src/tools/browser/cdp-client/errors.ts +34 -0
package/src/tools/browser/cdp-client/extension-cdp-client.ts +125 -0
package/src/tools/browser/cdp-client/factory.ts +204 -0
package/src/tools/browser/cdp-client/index.ts +14 -0
package/src/tools/browser/cdp-client/local-cdp-client.ts +187 -0
package/src/tools/browser/cdp-client/types.ts +52 -0
package/src/tools/filesystem/edit.ts +1 -1
package/src/tools/filesystem/list.ts +1 -1
package/src/tools/filesystem/read.ts +1 -1
package/src/tools/filesystem/write.ts +2 -1
package/src/tools/host-filesystem/edit.ts +1 -1
package/src/tools/host-filesystem/read.ts +12 -15
package/src/tools/host-filesystem/write.ts +1 -1
package/src/tools/host-terminal/host-shell.ts +21 -16
package/src/tools/permission-checker.ts +77 -100
package/src/tools/registry.ts +0 -2
package/src/tools/secret-detection-handler.ts +34 -1
package/src/tools/shared/filesystem/image-read.ts +61 -40
package/src/tools/skills/sandbox-runner.ts +3 -6
package/src/tools/subagent/spawn.ts +47 -3
package/src/tools/subagent/status.ts +2 -0
package/src/tools/system/register.ts +2 -16
package/src/tools/terminal/safe-env.ts +7 -0
package/src/tools/terminal/sandbox-diagnostics.ts +4 -4
package/src/tools/terminal/sandbox.ts +4 -1
package/src/tools/terminal/shell.ts +24 -21
package/src/tools/tool-approval-handler.ts +48 -2
package/src/tools/types.ts +2 -3
package/src/util/platform.ts +14 -19
package/src/watcher/provider-types.ts +1 -1
package/src/workspace/migrations/029-seed-pkb.ts +1 -0
package/src/workspace/migrations/030-seed-pkb-autoinject.ts +73 -0
package/src/workspace/migrations/registry.ts +2 -0
package/src/workspace/top-level-renderer.ts +19 -1
package/src/__tests__/chrome-cdp.test.ts +0 -419
package/src/__tests__/permission-mode-sse.test.ts +0 -418
package/src/__tests__/permission-mode-store.test.ts +0 -277
package/src/browser-extension-relay/protocol.ts +0 -63
package/src/browser-extension-relay/server.ts +0 -203
package/src/config/schemas/sandbox.ts +0 -14
package/src/permissions/permission-mode-store.ts +0 -180
package/src/tools/browser/chrome-cdp.ts +0 -239
package/src/tools/system/set-permission-mode.ts +0 -103

package/src/tools/browser/cdp-client/extension-cdp-client.ts ADDED Viewed

@@ -0,0 +1,125 @@
+import type { HostBrowserProxy } from "../../../daemon/host-browser-proxy.js";
+import { getLogger } from "../../../util/logger.js";
+import { CdpError } from "./errors.js";
+import type { CdpClientKind, ScopedCdpClient } from "./types.js";
+const log = getLogger("extension-cdp-client");
+/**
+ * CdpClient backed by HostBrowserProxy. Each `send` becomes a
+ * host_browser_request / host_browser_result round-trip over the
+ * chrome-extension WebSocket.
+ *
+ * Unlike LocalCdpClient, this implementation cannot deliver
+ * CDP events (subscribing to "Page.lifecycleEvent" etc.) because
+ * HostBrowserProxy is request/reply only. Helpers that need
+ * event subscription (waitForLifecycleEvent) must fall back to
+ * polling via Runtime.evaluate — see cdp-dom-helpers.ts#navigateAndWait.
+ */
+export class ExtensionCdpClient implements ScopedCdpClient {
+  readonly kind: CdpClientKind = "extension";
+  private disposed = false;
+  constructor(
+    private readonly proxy: HostBrowserProxy,
+    public readonly conversationId: string,
+    private readonly cdpSessionId?: string,
+  ) {}
+  async send<T = unknown>(
+    method: string,
+    params?: Record<string, unknown>,
+    signal?: AbortSignal,
+  ): Promise<T> {
+    if (this.disposed) {
+      throw new CdpError("disposed", "ExtensionCdpClient already disposed", {
+        cdpMethod: method,
+        cdpParams: params,
+      });
+    }
+    if (signal?.aborted) {
+      throw new CdpError("aborted", "Aborted before send", {
+        cdpMethod: method,
+        cdpParams: params,
+      });
+    }
+    let result;
+    try {
+      result = await this.proxy.request(
+        {
+          cdpMethod: method,
+          cdpParams: params,
+          cdpSessionId: this.cdpSessionId,
+        },
+        this.conversationId,
+        signal,
+      );
+    } catch (err) {
+      throw new CdpError(
+        "transport_error",
+        err instanceof Error ? err.message : String(err),
+        {
+          cdpMethod: method,
+          cdpParams: params,
+          underlying: err,
+        },
+      );
+    }
+    if (signal?.aborted || result.content === "Aborted") {
+      throw new CdpError("aborted", "CDP call aborted", {
+        cdpMethod: method,
+        cdpParams: params,
+      });
+    }
+    let parsed: unknown;
+    try {
+      parsed = JSON.parse(result.content);
+    } catch (err) {
+      throw new CdpError(
+        "transport_error",
+        `Non-JSON content from host_browser_result: ${result.content.slice(0, 200)}`,
+        {
+          cdpMethod: method,
+          cdpParams: params,
+          underlying: err,
+        },
+      );
+    }
+    if (result.isError) {
+      const msg =
+        (typeof parsed === "object" &&
+          parsed !== null &&
+          "message" in parsed &&
+          typeof (parsed as { message: unknown }).message === "string" &&
+          (parsed as { message: string }).message) ||
+        `CDP error for ${method}`;
+      log.debug({ method, params, parsed }, "ExtensionCdpClient: CDP error");
+      throw new CdpError("cdp_error", msg, {
+        cdpMethod: method,
+        cdpParams: params,
+        underlying: parsed,
+      });
+    }
+    return parsed as T;
+  }
+  dispose(): void {
+    this.disposed = true;
+    // HostBrowserProxy is owned by the conversation — do NOT dispose
+    // it here. In-flight requests will be cancelled by the AbortSignal
+    // the tool passes in, or by conversation teardown.
+  }
+}
+export function createExtensionCdpClient(
+  proxy: HostBrowserProxy,
+  conversationId: string,
+  cdpSessionId?: string,
+): ExtensionCdpClient {
+  return new ExtensionCdpClient(proxy, conversationId, cdpSessionId);
+}

package/src/tools/browser/cdp-client/factory.ts ADDED Viewed

@@ -0,0 +1,204 @@
+import {
+  type BrowserBackend,
+  BrowserSessionManager,
+  type CdpCommand,
+  type CdpResult,
+  createCdpInspectBackend,
+  createExtensionBackend,
+  createLocalBackend,
+} from "../../../browser-session/index.js";
+import { getConfig } from "../../../config/loader.js";
+import type { ToolContext } from "../../types.js";
+import { createCdpInspectClient } from "./cdp-inspect-client.js";
+import { CdpError } from "./errors.js";
+import { createExtensionCdpClient } from "./extension-cdp-client.js";
+import { createLocalCdpClient } from "./local-cdp-client.js";
+import type { CdpClient, CdpClientKind, ScopedCdpClient } from "./types.js";
+/**
+ * Select the appropriate CdpClient implementation for a tool
+ * invocation based on the ToolContext and config. Three backends are
+ * considered in priority order:
+ *
+ *  1. **Extension** — When `context.hostBrowserProxy` is set (macOS
+ *     desktop / cloud-hosted with a chrome-extension bound to the
+ *     conversation), register an extension backend so CDP commands
+ *     ride the host_browser_request / host_browser_result round-trip.
+ *  2. **cdp-inspect** — When the extension is absent and
+ *     `hostBrowser.cdpInspect.enabled` is `true` in config, construct
+ *     a `CdpInspectClient` that attaches to an already-running Chrome
+ *     via the DevTools JSON protocol (`--remote-debugging-port`).
+ *  3. **Local** — Default. Drives Playwright's CDPSession
+ *     against the sacrificial-profile browser managed by
+ *     browserManager.
+ *
+ * All three paths go through a per-invocation `BrowserSessionManager`
+ * so the manager is the single choke point for CDP routing, session
+ * lifetime, and (future) session invalidation handling. The returned
+ * client is `kind`-tagged so tools can branch on transport — e.g.
+ * browser_navigate skips Playwright-specific screencast and handoff
+ * hooks when `kind === "extension"`.
+ *
+ * IMPORTANT: the returned client is per-invocation. Tools MUST call
+ * `dispose()` in a finally block. Dispose tears down the manager's
+ * session and the underlying CDP client. Disposing an extension-backed
+ * client does NOT dispose the underlying HostBrowserProxy — that is
+ * owned by the conversation.
+ */
+export function getCdpClient(context: ToolContext): ScopedCdpClient {
+  const { conversationId, hostBrowserProxy } = context;
+  // 1. Extension backend — preferred when a chrome-extension is bound.
+  if (hostBrowserProxy) {
+    const client = createExtensionCdpClient(hostBrowserProxy, conversationId);
+    const backend = createExtensionBackend({
+      isAvailable: () => true,
+      sendCdp: (command, signal) =>
+        dispatchThroughClient(client, command, signal),
+      dispose: () => client.dispose(),
+    });
+    return buildManagedClient("extension", conversationId, backend);
+  }
+  // 2. cdp-inspect backend — opt-in via config when the extension is absent.
+  const cdpInspectConfig = getConfig().hostBrowser.cdpInspect;
+  if (cdpInspectConfig.enabled) {
+    const client = createCdpInspectClient(conversationId, {
+      host: cdpInspectConfig.host,
+      port: cdpInspectConfig.port,
+      discoveryTimeoutMs: cdpInspectConfig.probeTimeoutMs,
+    });
+    const backend = createCdpInspectBackend({
+      isAvailable: () => true,
+      sendCdp: (command, signal) =>
+        dispatchThroughClient(client, command, signal),
+      dispose: () => client.dispose(),
+    });
+    return buildManagedClient("cdp-inspect", conversationId, backend);
+  }
+  // 3. Local backend — default (Playwright-backed Chromium).
+  const client = createLocalCdpClient(conversationId);
+  const backend = createLocalBackend({
+    isAvailable: () => true,
+    sendCdp: (command, signal) =>
+      dispatchThroughClient(client, command, signal),
+    dispose: () => client.dispose(),
+  });
+  return buildManagedClient("local", conversationId, backend);
+}
+/**
+ * Build a ScopedCdpClient whose `send()` routes through a
+ * BrowserSessionManager seeded with a single backend + session. This
+ * lets tool call sites remain backend-agnostic while giving the
+ * manager a seam for future session-invalidation and multi-target
+ * routing work.
+ */
+function buildManagedClient(
+  kind: CdpClientKind,
+  conversationId: string,
+  backend: BrowserBackend,
+): ScopedCdpClient {
+  const manager = new BrowserSessionManager({ backends: [backend] });
+  const session = manager.createSession();
+  let disposed = false;
+  return {
+    kind,
+    conversationId,
+    async send<T = unknown>(
+      method: string,
+      params?: Record<string, unknown>,
+      signal?: AbortSignal,
+    ): Promise<T> {
+      if (disposed) {
+        const clientName =
+          kind === "extension"
+            ? "ExtensionCdpClient"
+            : kind === "cdp-inspect"
+              ? "CdpInspectClient"
+              : "LocalCdpClient";
+        throw new CdpError("disposed", `${clientName} already disposed`, {
+          cdpMethod: method,
+          cdpParams: params,
+        });
+      }
+      const command: CdpCommand = { method, params };
+      const envelope = await manager.send(session.id, command, signal);
+      return unwrapResult<T>(envelope, method, params);
+    },
+    dispose(): void {
+      if (disposed) return;
+      disposed = true;
+      // disposeAll() tears down the per-invocation backend (which in
+      // turn disposes the underlying CdpClient) and clears the single
+      // session we created in buildManagedClient.
+      manager.disposeAll();
+    },
+  };
+}
+/**
+ * Adapter that makes an existing `CdpClient` look like a
+ * `BrowserBackend.send`. Converts thrown CdpErrors back into a
+ * `CdpResult` envelope with an `error` payload so the manager does
+ * not need to know about our thrown-error convention, then the
+ * envelope is unwrapped again on the way out of the managed client.
+ *
+ * The per-command `command.sessionId` (populated by the manager from
+ * a session's opaque `targetId`) is intentionally not forwarded to
+ * the underlying CdpClient today — both LocalCdpClient and
+ * ExtensionCdpClient take their CDP sessionId at construction time
+ * and tools run one client per invocation. The seam is preserved so
+ * a future multi-target backend can read it off the CdpCommand.
+ */
+async function dispatchThroughClient(
+  client: CdpClient,
+  command: CdpCommand,
+  signal: AbortSignal | undefined,
+): Promise<CdpResult> {
+  try {
+    const result = await client.send(command.method, command.params, signal);
+    return { result };
+  } catch (err) {
+    if (err instanceof CdpError) {
+      // Preserve the original CdpError so unwrapResult can re-throw it
+      // verbatim. CdpResult's error channel is opaque to the manager,
+      // so stashing the instance under `data` is safe.
+      return {
+        error: {
+          code: -1,
+          message: err.message,
+          data: err,
+        },
+      };
+    }
+    throw err;
+  }
+}
+/**
+ * Unwrap a CdpResult envelope into the raw CDP result `T` or throw
+ * the underlying CdpError. If the envelope carries an error but the
+ * `data` is not a CdpError (e.g. a future backend surfaces a JSON-RPC
+ * error envelope directly), synthesize a transport_error CdpError so
+ * call sites keep their uniform error handling.
+ */
+function unwrapResult<T>(
+  envelope: CdpResult,
+  method: string,
+  params?: Record<string, unknown>,
+): T {
+  if (envelope.error) {
+    if (envelope.error.data instanceof CdpError) {
+      throw envelope.error.data;
+    }
+    throw new CdpError("cdp_error", envelope.error.message, {
+      cdpMethod: method,
+      cdpParams: params,
+      underlying: envelope.error,
+    });
+  }
+  return envelope.result as T;
+}

package/src/tools/browser/cdp-client/index.ts ADDED Viewed

@@ -0,0 +1,14 @@
+export {
+  CdpInspectClient,
+  type CdpInspectClientOptions,
+  type CdpInspectHelpers,
+  createCdpInspectClient,
+} from "./cdp-inspect-client.js";
+export { CdpError, type CdpErrorCode } from "./errors.js";
+export {
+  createExtensionCdpClient,
+  ExtensionCdpClient,
+} from "./extension-cdp-client.js";
+export { getCdpClient } from "./factory.js";
+export { createLocalCdpClient, LocalCdpClient } from "./local-cdp-client.js";
+export type { CdpClient, CdpClientKind, ScopedCdpClient } from "./types.js";

package/src/tools/browser/cdp-client/local-cdp-client.ts ADDED Viewed

@@ -0,0 +1,187 @@
+import { getLogger } from "../../../util/logger.js";
+import { browserManager } from "../browser-manager.js";
+import { CdpError } from "./errors.js";
+import type { CdpClientKind, ScopedCdpClient } from "./types.js";
+const log = getLogger("local-cdp-client");
+/**
+ * Minimal shape of the Playwright CDPSession we depend on. Avoids a
+ * direct Playwright type import so the CDP client stays buildable
+ * even when Playwright types are not present (dev builds, CI jobs
+ * that skip the playwright install).
+ */
+interface PlaywrightCdpSession {
+  send(method: string, params?: Record<string, unknown>): Promise<unknown>;
+  detach(): Promise<void>;
+}
+/**
+ * Minimal shape of the Playwright Page we use for CDP session
+ * creation. Intentionally narrow so we never have to import the
+ * Playwright types directly from this module.
+ */
+interface RawPlaywrightPage {
+  context(): {
+    newCDPSession(page: unknown): Promise<PlaywrightCdpSession>;
+  };
+}
+/**
+ * Playwright-backed implementation of {@link ScopedCdpClient}. Used
+ * for CLI conversations, headless cloud conversations, unit tests,
+ * and any desktop conversation that does not have a `hostBrowserProxy`
+ * configured.
+ *
+ * LocalCdpClient owns only the per-conversation CDP session; the
+ * underlying Chromium is still launched and torn down by
+ * `browserManager.ensureContext()` / `browserManager.shutdown()`.
+ */
+export class LocalCdpClient implements ScopedCdpClient {
+  readonly kind: CdpClientKind = "local";
+  private sessionPromise: Promise<PlaywrightCdpSession> | null = null;
+  private disposed = false;
+  constructor(public readonly conversationId: string) {}
+  /**
+   * Lazily create (and cache) a Playwright CDP session for this
+   * conversation. Concurrent callers share the same in-flight promise
+   * so `newCDPSession` is only called once per LocalCdpClient
+   * instance.
+   *
+   * If the underlying browser launch / `newCDPSession` rejects (e.g.
+   * a transient Chromium spawn failure), the cached promise is
+   * cleared so the next `ensureSession()` call retries from scratch
+   * instead of replaying the same rejection forever.
+   */
+  private async ensureSession(): Promise<PlaywrightCdpSession> {
+    if (this.disposed) {
+      throw new CdpError("disposed", "LocalCdpClient already disposed");
+    }
+    if (this.sessionPromise) return this.sessionPromise;
+    const created = this.createSession();
+    this.sessionPromise = created;
+    // Clear the cached promise on rejection so the next call retries
+    // from scratch instead of replaying the same failure forever.
+    // Only clear if `created` is still the cached promise — a
+    // concurrent dispose may have already nulled it.
+    created.catch(() => {
+      if (this.sessionPromise === created) {
+        this.sessionPromise = null;
+      }
+    });
+    return created;
+  }
+  private async createSession(): Promise<PlaywrightCdpSession> {
+    const page = await browserManager.getOrCreateSessionPage(
+      this.conversationId,
+    );
+    const rawPage = page as unknown as RawPlaywrightPage;
+    const session = await rawPage.context().newCDPSession(rawPage);
+    log.debug(
+      { conversationId: this.conversationId },
+      "Created Playwright CDP session for LocalCdpClient",
+    );
+    return session;
+  }
+  async send<T = unknown>(
+    method: string,
+    params?: Record<string, unknown>,
+    signal?: AbortSignal,
+  ): Promise<T> {
+    if (this.disposed) {
+      throw new CdpError("disposed", "LocalCdpClient already disposed", {
+        cdpMethod: method,
+        cdpParams: params,
+      });
+    }
+    if (signal?.aborted) {
+      throw new CdpError("aborted", "Aborted before send", {
+        cdpMethod: method,
+        cdpParams: params,
+      });
+    }
+    let session: PlaywrightCdpSession;
+    try {
+      session = await this.ensureSession();
+    } catch (err) {
+      if (signal?.aborted) {
+        throw new CdpError("aborted", "Aborted during send", {
+          cdpMethod: method,
+          cdpParams: params,
+          underlying: err,
+        });
+      }
+      // Re-throw existing CdpError instances unchanged so we don't
+      // double-wrap (e.g. a "disposed" error raised by a concurrent
+      // dispose landing during ensureSession()).
+      if (err instanceof CdpError) {
+        throw err;
+      }
+      // ensureSession failures (browser launch errors, Chromium
+      // spawn failures, etc) are surfaced as transport_error so
+      // callers can distinguish them from CDP protocol errors raised
+      // by session.send below.
+      const msg = err instanceof Error ? err.message : String(err);
+      throw new CdpError("transport_error", msg, {
+        cdpMethod: method,
+        cdpParams: params,
+        underlying: err,
+      });
+    }
+    try {
+      const result = (await session.send(method, params)) as T;
+      return result;
+    } catch (err) {
+      if (signal?.aborted) {
+        throw new CdpError("aborted", "Aborted during send", {
+          cdpMethod: method,
+          cdpParams: params,
+          underlying: err,
+        });
+      }
+      if (err instanceof CdpError) {
+        throw err;
+      }
+      const msg = err instanceof Error ? err.message : String(err);
+      throw new CdpError("cdp_error", msg, {
+        cdpMethod: method,
+        cdpParams: params,
+        underlying: err,
+      });
+    }
+  }
+  dispose(): void {
+    if (this.disposed) return;
+    this.disposed = true;
+    const pending = this.sessionPromise;
+    this.sessionPromise = null;
+    if (!pending) return;
+    pending
+      .then(async (session) => {
+        try {
+          await session.detach();
+        } catch (err) {
+          log.debug({ err }, "LocalCdpClient: session.detach threw (ignored)");
+        }
+      })
+      .catch(() => {
+        // Session never resolved — nothing to detach.
+      });
+  }
+}
+/**
+ * Factory for a fresh {@link LocalCdpClient} bound to a conversation.
+ * Keeping the constructor + factory split lets the cdp-client factory
+ * branch between local and extension transports without
+ * exposing the class directly to callers.
+ */
+export function createLocalCdpClient(conversationId: string): LocalCdpClient {
+  return new LocalCdpClient(conversationId);
+}

package/src/tools/browser/cdp-client/types.ts ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * Minimal typed surface over Chrome DevTools Protocol. Implemented by
+ * LocalCdpClient (Playwright-backed, same-process Chromium),
+ * ExtensionCdpClient (routes through HostBrowserProxy to the user's
+ * Chrome via chrome.debugger), and CdpInspectClient (connects to a
+ * remote browser over a raw CDP WebSocket URL). Tools call
+ * `send(method, params)` with a CDP method name and return the raw
+ * CDP result object; errors are thrown as {@link CdpError}.
+ */
+export interface CdpClient {
+  /**
+   * Send a CDP command and await the result. `method` must be a
+   * well-known CDP method name (e.g. "Page.navigate",
+   * "Runtime.evaluate", "Accessibility.getFullAXTree"). `params` is
+   * forwarded verbatim.
+   *
+   * On success, returns the raw `result` object from the CDP response
+   * as `T`. On JSON-RPC error or transport failure, throws a
+   * {@link CdpError}. Abort propagates via `signal`; aborted calls
+   * throw an {@link CdpError} with `code === "aborted"`.
+   */
+  send<T = unknown>(
+    method: string,
+    params?: Record<string, unknown>,
+    signal?: AbortSignal,
+  ): Promise<T>;
+  /**
+   * Release any backend-side resources (CDP sessions, in-flight
+   * requests, listeners). Idempotent. Calling `send` after `dispose`
+   * is allowed but should surface as an error.
+   */
+  dispose(): void;
+}
+/**
+ * Backend kind exposed by a concrete CdpClient. Used by tools that
+ * want to branch on the transport (e.g. browser_navigate should skip
+ * the sacrificial-profile screencast setup when running against the
+ * user's own Chrome via the extension).
+ */
+export type CdpClientKind = "local" | "extension" | "cdp-inspect";
+/**
+ * Concrete CdpClient instance returned by the factory. Carries the
+ * backend `kind` for transport-aware branches in tool code.
+ */
+export interface ScopedCdpClient extends CdpClient {
+  readonly kind: CdpClientKind;
+  /** Stable conversation id this client is bound to. */
+  readonly conversationId: string;
+}

package/src/tools/filesystem/edit.ts CHANGED Viewed

@@ -9,7 +9,7 @@ import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 class FileEditTool implements Tool {
   name = "file_edit";
   description =
-    "Replace an exact string in a file with a new string. Use this for surgical edits instead of rewriting entire files. To delete a file, use bash with rm instead.";
+    "Replace an exact string in a file on your own machine with a new string. Use this for surgical edits instead of rewriting entire files. Use host_file_edit for files on your guardian's device instead.";
   category = "filesystem";
   defaultRiskLevel = RiskLevel.Low;

package/src/tools/filesystem/list.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 class FileListTool implements Tool {
   name = "file_list";
   description =
-    "List the contents of a directory. Returns file and subdirectory names with type indicators and sizes.";
+    "List the contents of a directory on your own machine. Returns file and subdirectory names with type indicators and sizes.";
   category = "filesystem";
   defaultRiskLevel = RiskLevel.Low;

package/src/tools/filesystem/read.ts CHANGED Viewed

@@ -14,7 +14,7 @@ import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 class FileReadTool implements Tool {
   name = "file_read";
   description =
-    "Read the contents of a file. For image files (JPEG, PNG, GIF, WebP), returns the image for visual analysis. Always use this tool (not host_file_read) for workspace files under .vellum.";
+    "Read the contents of a file on your own machine. For image files (JPEG, PNG, GIF, WebP), returns the image for visual analysis. Use host_file_read for files on your guardian's device instead.";
   category = "filesystem";
   defaultRiskLevel = RiskLevel.Low;

package/src/tools/filesystem/write.ts CHANGED Viewed

@@ -8,7 +8,8 @@ import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 class FileWriteTool implements Tool {
   name = "file_write";
-  description = "Write content to a file, creating it if it does not exist";
+  description =
+    "Write content to a file on your own machine, creating it if it does not exist. Use host_file_write for files on your guardian's device instead.";
   category = "filesystem";
   defaultRiskLevel = RiskLevel.Low;

package/src/tools/host-filesystem/edit.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 class HostFileEditTool implements Tool {
   name = "host_file_edit";
   description =
-    "Replace exact text in a host filesystem file with new text. Not for workspace files under .vellum (use file_edit instead).";
+    "Replace exact text in a file on your guardian's device with new text. For files on your own machine, use file_edit instead.";
   category = "host-filesystem";
   defaultRiskLevel = RiskLevel.Medium;

package/src/tools/host-filesystem/read.ts CHANGED Viewed

@@ -13,7 +13,7 @@ import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 class HostFileReadTool implements Tool {
   name = "host_file_read";
   description =
-    "Read the contents of a file on the host filesystem, including images (JPEG, PNG, GIF, WebP). Not for workspace files under .vellum (use file_read instead).";
+    "Read the contents of a file on your guardian's device, including images (JPEG, PNG, GIF, WebP). For files on your own machine, use file_read instead.";
   category = "host-filesystem";
   defaultRiskLevel = RiskLevel.Medium;
@@ -54,21 +54,9 @@ class HostFileReadTool implements Tool {
       };
     }
-    // Image files must be handled locally — the host-file proxy protocol
-    // only carries {content, isError} and cannot transport contentBlocks
-    // (base64 image data). Check for image extensions before the proxy
-    // short-circuit so image reads work in managed/macOS+iOS sessions.
-    const ext = extname(rawPath).toLowerCase();
-    if (IMAGE_EXTENSIONS.has(ext)) {
-      const pathCheck = hostPolicy(rawPath);
-      if (!pathCheck.ok) {
-        return { content: `Error: ${pathCheck.error}`, isError: true };
-      }
-      return readImageFile(pathCheck.resolved);
-    }
     // Proxy to connected client for execution on the user's machine
-    // when a capable client is available (managed/cloud-hosted mode).
+    // when a capable client is available (managed/cloud-hosted mode),
+    // including image reads that need the host filesystem view.
     if (context.hostFileProxy?.isAvailable()) {
       return context.hostFileProxy.request(
         {
@@ -82,6 +70,15 @@ class HostFileReadTool implements Tool {
       );
     }
+    const ext = extname(rawPath).toLowerCase();
+    if (IMAGE_EXTENSIONS.has(ext)) {
+      const pathCheck = hostPolicy(rawPath);
+      if (!pathCheck.ok) {
+        return { content: `Error: ${pathCheck.error}`, isError: true };
+      }
+      return readImageFile(pathCheck.resolved);
+    }
     const ops = new FileSystemOps(hostPolicy);
     const result = ops.readFileSafe({