@vellumai/assistant 0.6.1 → 0.6.3

package/src/config/bundled-skills/app-builder/references/WIDGETS.md

@@ -0,0 +1,125 @@
+# Widget Component Library
+
+A CSS/JS widget library is auto-injected alongside the design system. Use these for standard UI patterns - skip them when custom HTML serves the user better.
+
+## Layout widgets
+
+| Widget                                                       | Purpose                                                        |
+| ------------------------------------------------------------ | -------------------------------------------------------------- |
+| `.v-metric-card` (`.v-metric-grid`)                          | Big number with emoji icon, label, trend                       |
+| `.v-data-table`                                              | Sortable table with sticky header, `th[data-sortable]`         |
+| `.v-tabs` / `.v-tab-bar` / `.v-tab-panel`                    | Tab navigation with keyboard support                           |
+| `.v-accordion` / `.v-accordion-item`                         | Collapsible sections                                           |
+| `.v-search-bar`                                              | Search input with clear button                                 |
+| `.v-empty-state`                                             | No-data placeholder with CTA                                   |
+| `.v-timeline` / `.v-timeline-entry`                          | Vertical timeline (`.active`/`.success`/`.error`)              |
+| `.v-action-list` / `.v-action-list-item`                     | Rows with per-item actions                                     |
+| `.v-card-grid`                                               | Responsive card grid                                           |
+| `.v-progress-bar` / `.v-progress-track` / `.v-progress-fill` | Horizontal progress                                            |
+| `.v-status-badge`                                            | Colored pill with dot (`.success`/`.error`/`.warning`/`.info`) |
+| `.v-stat-row` / `.v-stat`                                    | Horizontal label-value pairs                                   |
+| `.v-toast`                                                   | Notification banner - prefer `vellum.widgets.toast()`          |
+| `.v-avatar-row`                                              | Contact/team display                                           |
+| `.v-tag-group`                                               | Wrapping tag row                                               |
+
+## Domain-specific widgets
+
+| Widget             | Purpose                |
+| ------------------ | ---------------------- |
+| `.v-weather-card`  | Temperature + forecast |
+| `.v-stock-ticker`  | Price display + chart  |
+| `.v-flight-card`   | Flight info with route |
+| `.v-billing-chart` | Usage/billing display  |
+| `.v-boarding-pass` | Pass-styled layout     |
+| `.v-itinerary`     | Day-by-day travel plan |
+| `.v-receipt`       | Receipt layout         |
+| `.v-invoice`       | Formal invoice         |
+
+## Content & landing page components
+
+| Widget                                           | Purpose                                             |
+| ------------------------------------------------ | --------------------------------------------------- |
+| `.v-hero` / `.v-hero-badge` / `.v-hero-subtitle` | Hero banner with gradient, trust badge, accent word |
+| `.v-section-header` / `.v-section-label`         | Section intro with label                            |
+| `.v-feature-grid` / `.v-feature-card`            | Feature showcase with hover lift                    |
+| `.v-pullquote`                                   | Blockquote with gradient accent border              |
+| `.v-comparison`                                  | Before/after cards (`.before`/`.after`)             |
+| `.v-page`                                        | Centered container (max-width 600px)                |
+| `.v-gradient-text`                               | Accent-colored gradient text                        |
+| `.v-animate-in`                                  | Staggered fade-in for children                      |
+
+## Widget JavaScript utilities
+
+Interactive utilities at `window.vellum.widgets.*`:
+
+### Charts
+
+Always use these instead of hand-coding SVG/CSS charts:
+
+```javascript
+vellum.widgets.sparkline("container-id", [10, 25, 15, 30], {
+  width: 200,
+  height: 40,
+  color: "var(--v-success)",
+  strokeWidth: 2,
+  fill: true,
+});
+vellum.widgets.barChart(
+  "container-id",
+  [
+    { label: "Jan", value: 120 },
+    { label: "Feb", value: 180, color: "var(--v-success)" },
+  ],
+  {
+    width: 400,
+    height: 200,
+    showLabels: true,
+    showValues: true,
+    horizontal: false,
+  },
+);
+vellum.widgets.lineChart(
+  "container-id",
+  [
+    { label: "Mon", value: 42 },
+    { label: "Tue", value: 58 },
+  ],
+  { width: 400, height: 200, showDots: true, showGrid: true, gridLines: 4 },
+);
+vellum.widgets.progressRing("container-id", 75, {
+  size: 100,
+  strokeWidth: 8,
+  color: "var(--v-success)",
+  label: "75%",
+});
+```
+
+### Data Formatting
+
+```javascript
+vellum.widgets.formatCurrency(1234.56, "USD"); // "$1,234.56"
+vellum.widgets.formatDate("2025-01-15", "relative"); // "3d ago"
+vellum.widgets.formatDate("2025-01-15", "short"); // "1/15/25"
+vellum.widgets.formatNumber(1234567, { compact: true }); // "1.2M"
+```
+
+### Interactive Behaviors
+
+```javascript
+vellum.widgets.sortTable("table-id"); // Wire th[data-sortable] click-to-sort
+vellum.widgets.filterTable("table-id", "input-id"); // Live text search
+vellum.widgets.tabs("tabs-id"); // Tab switching + keyboard nav
+vellum.widgets.accordion("accordion-id", { allowMultiple: true });
+vellum.widgets.multiSelect("table-id"); // Checkboxes + select-all
+vellum.widgets.toast("Saved!", "success", 4000); // Auto-dismiss notification
+vellum.widgets.countdown("timer-el", "2025-12-31T00:00:00Z", {
+  onComplete: () => {},
+});
+```
+
+## When to use widgets vs custom HTML
+
+- **Use widgets** for standard patterns - tables, metrics, timelines, notifications
+- **Use custom HTML** for novel or creative UIs - games, art tools, unique dashboards
+- **Mix freely** - widgets compose well together and with custom elements
+- **ALWAYS use `vellum.widgets.*` chart functions** instead of hand-coding SVG/CSS charts. They handle overflow clipping, bounds, scaling, and dark mode. Hand-coded charts break layouts.

package/src/config/bundled-skills/contacts/SKILL.md

@@ -6,6 +6,9 @@ metadata:
   emoji: "👥"
   vellum:
     display-name: "Contacts"
+    activation-hints:
+      - "Look up contact info before asking the user for email addresses or phone numbers"
+      - "User wants to manage who can message the assistant, or create/revoke invite links"
 ---
 
 Manage the user's contacts, relationship graph, access control (trusted contacts), and invite links. This skill covers contact CRUD with multi-channel tracking, controlling who can message the assistant through external channels (Telegram, phone), and creating/managing invite links that grant access.

package/src/config/bundled-skills/document/SKILL.md

@@ -6,6 +6,10 @@ metadata:
   emoji: "📄"
   vellum:
     display-name: "Document"
+    activation-hints:
+      - "User asks to write, draft, or collaborate on long-form content — use the document editor for a better editing experience"
+      - "When content will be iterated on, reviewed, or exported, prefer the document editor over inline markdown"
+      - "When a file attachment contains a draft or document the user wants to iterate on, open it in the editor"
 ---
 
 Create and edit long-form documents using the built-in rich text editor. Documents open in workspace mode with chat docked to the side.

package/src/config/bundled-skills/gmail/SKILL.md

@@ -110,22 +110,27 @@ When a user asks to declutter, clean up, or organize their email - start scannin
 
 ### Workflow
 
-1. **Scan**: Call `gmail_sender_digest`. Default query targets promotions from the last 90 days.
+1. **Scan**: Call `gmail_sender_digest`. Default query targets promotions currently in the inbox from the last 90 days (`in:inbox category:promotions newer_than:90d`). Counts shown in the table reflect only what is currently in the inbox — these are the emails that will be archived.
 2. **Present**: Show results as a `ui_show` table with `selectionMode: "multiple"`:
    - **Columns (exactly 3)**: Sender, Emails Found, Unsub?
      - **Unsub? cell values**: Use rich cell format: `{ "text": "Yes", "icon": "checkmark.circle.fill", "iconColor": "success" }` when `has_unsubscribe` is true, `{ "text": "No", "icon": "minus.circle", "iconColor": "muted" }` when false.
    - **Pre-select all rows** (`selected: true`) - users deselect what they want to keep
    - **Caption**: Include two parts separated by a newline: (1) data scope, e.g. "Newsletters, notifications, and outreach from last 90 days. Deselect anything you want to keep." (adjusted to match the query used), and (2) the Unsub? column legend: "Unsub? - \"Yes\" means these emails contain an unsubscribe link, so I can opt you out automatically. \"No\" means no unsubscribe link was found - these will be archived but you may continue receiving them."
    - **Action buttons (exactly 2)**: "Archive & Unsubscribe" (primary), "Archive Only" (secondary). **NEVER offer Delete, Trash, or any destructive action.**
-3. **Wait for user action**: Stop and wait. Do NOT proceed to archiving or unsubscribing until the user clicks one of the action buttons on the table. When the user clicks an action button:
+3. **Embed scan_id in button data**: When constructing the action buttons in `ui_show`, include the `scan_id` from the `gmail_sender_digest` result in each button's `data` field. This ensures `scan_id` is forwarded automatically when the user clicks — the LLM does not need to recall it from earlier context:
+   ```json
+   { "id": "archive_unsubscribe", "label": "Archive & Unsubscribe", "style": "primary", "data": { "scan_id": "<scan_id value here>" } }
+   ```
+4. **Wait for user action**: Stop and wait. Do NOT proceed to archiving or unsubscribing until the user clicks one of the action buttons on the table. When the user clicks an action button you will receive a surface action message containing `action data: { scan_id, selectedIds }`:
+   - `selectedIds` are **sender IDs** (the `id` values from the scan result rows, base64-encoded email addresses) — NOT Gmail message IDs. Always use them as `sender_ids` with `scan_id`, never as `message_ids`.
    - **Dismiss the table immediately** with `ui_dismiss` - it collapses to a completion chip
    - **Show a `task_progress` card** with steps for each phase (e.g., "Archiving 89 senders (2,400 emails)", "Unsubscribing from 72 senders"). Update each step from `in_progress` → `completed` as each phase finishes.
    - When all senders are processed, set the progress card's `status: "completed"`.
-4. **Act on selection** - batch, don't loop:
-   - **Archive all at once**: Call `gmail_archive` **once** with `scan_id` + **all** selected senders' `id` values in the `sender_ids` array. The tool resolves message IDs server-side and batches the Gmail API calls internally - never loop sender-by-sender.
+5. **Act on selection** - batch, don't loop:
+   - **Archive all at once**: Call `gmail_archive` **once** with `scan_id` (from action data) + `sender_ids` set to all `selectedIds` from the action data. The tool resolves message IDs server-side and batches the Gmail API calls internally - never loop sender-by-sender. **Never** pass `selectedIds` as `message_ids` — they are sender IDs, not Gmail message IDs.
    - **Unsubscribe in bulk**: If the action is "Archive & Unsubscribe", call `gmail_unsubscribe` for each sender that has `has_unsubscribe: true` - but emit **all** unsubscribe tool calls in a **single assistant response** (parallel tool use) rather than one-at-a-time across separate turns.
-5. **Accurate summary**: The scan counts are exact - the `message_count` shown in the table matches the number of messages archived. Format: "Cleaned up [total_archived] emails from [sender_count] senders. Unsubscribed from [unsub_count]."
-6. **Ongoing protection offer**: After reporting results, offer auto-archive filters:
+6. **Accurate summary**: The scan counts are exact - the `message_count` shown in the table matches the number of messages archived. Format: "Cleaned up [total_archived] emails from [sender_count] senders. Unsubscribed from [unsub_count]."
+7. **Ongoing protection offer**: After reporting results, offer auto-archive filters:
    - "Want me to set up auto-archive filters so future emails from these senders skip your inbox?"
    - If yes, call `gmail_filters` with `action: "create"` for each sender with `from` set to the sender's email and `remove_label_ids: ["INBOX"]`.
    - Then offer a recurring declutter schedule: "Want me to scan for new clutter monthly?" If yes, use `schedule_create` to set up a monthly declutter check.
@@ -156,7 +161,7 @@ Scan tools (`gmail_sender_digest`, `gmail_outreach_scan`) return a `scan_id` tha
 
 Before composing any email that references a date or time:
 
-1. Check the `timestamp:` field in the `<turn_context>` block for today's date and timezone
+1. Check the `current_time:` field in the `<turn_context>` block for today's date and timezone
 2. Verify that "tomorrow" means the day after today's date, "next week" means the upcoming Monday–Friday, etc.
 3. If the email references a date from another message, cross-check it against the turn context to ensure it's in the future
 

package/src/config/bundled-skills/gmail/TOOLS.json

@@ -490,7 +490,7 @@
         "properties": {
           "query": {
             "type": "string",
-            "description": "Gmail search query (default 'category:promotions newer_than:90d')"
+            "description": "Gmail search query (default 'in:inbox category:promotions newer_than:90d')"
           },
           "max_messages": {
             "type": "number",

package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts

@@ -49,7 +49,8 @@ export async function run(
   _context: ToolContext,
 ): Promise<ToolExecutionResult> {
   const account = input.account as string | undefined;
-  const query = (input.query as string) ?? "category:promotions newer_than:90d";
+  const query =
+    (input.query as string) ?? "in:inbox category:promotions newer_than:90d";
   const maxMessages = Math.min(
     (input.max_messages as number) ?? 5000,
     MAX_MESSAGES_CAP,

package/src/config/bundled-skills/outlook/SKILL.md

@@ -35,6 +35,13 @@ When the user mentions "email" - sending, reading, checking, decluttering, draft
 
 Do not offer AgentMail as an option or mention it unless the user specifically asks. If Outlook is not connected, guide them through Outlook setup - do not suggest AgentMail as an alternative.
 
+## Connection Setup
+
+### Outlook
+
+1. **Try connecting directly first.** Run `assistant oauth status outlook`. This will show whether or not the user had previously connected their Outlook/Microsoft account. If so, they are ready to go.
+2. **If no connections are found:** Call `skill_load` with `skill: "vellum-oauth-integrations"`. The skill will evaluate whether managed or your-own mode is appropriate and guide the user accordingly.
+
 ## Communication Style
 
 - **Be action-oriented.** When the user asks to do something ("declutter", "check my email"), start doing it immediately. Don't ask for permission to read their inbox - that's obviously what they want.

package/src/config/bundled-skills/settings/TOOLS.json

@@ -72,7 +72,7 @@
               "Sounds",
               "Permissions & Privacy",
               "Billing",
-              "Archived Conversations",
+              "Archive",
               "Schedules",
               "Developer"
             ],

package/src/config/bundled-skills/settings/tools/navigate-settings-tab.ts

@@ -10,21 +10,26 @@ const SETTINGS_TABS = [
   "Sounds",
   "Permissions & Privacy",
   "Billing",
-  "Archived Conversations",
+  "Archive",
   "Schedules",
   "Developer",
 ] as const;
 
 type SettingsTab = (typeof SETTINGS_TABS)[number];
 
+const LEGACY_TAB_ALIASES: Record<string, SettingsTab> = {
+  "Archived Conversations": "Archive",
+};
+
 export async function run(
   input: Record<string, unknown>,
   context: ToolContext,
 ): Promise<ToolExecutionResult> {
-  const tab = input.tab as string;
+  const rawTab = input.tab as string;
+  const tab = LEGACY_TAB_ALIASES[rawTab] ?? rawTab;
   if (!SETTINGS_TABS.includes(tab as SettingsTab)) {
     return {
-      content: `Error: unknown tab "${tab}". Valid tabs: ${SETTINGS_TABS.join(
+      content: `Error: unknown tab "${rawTab}". Valid tabs: ${SETTINGS_TABS.join(
         ", ",
       )}`,
       isError: true,

package/src/config/bundled-skills/subagent/SKILL.md

@@ -63,6 +63,24 @@ Only the parent conversation that spawned a subagent can interact with it (check
 
 Set `send_result_to_user: false` when spawning a subagent whose result is for internal processing only. The parent will still be notified on completion, but the notification will instruct it to read the result without presenting it to the user.
 
+## Fork Mode
+
+Forks are sub-agents that inherit the parent's full context -- messages, system prompt, and memory -- sharing the KV cache for near-free context inheritance. Use forks when the task benefits from knowing what you've been discussing; use a regular sub-agent when the task is self-contained.
+
+**Key behaviors:** Forks always run as `general` role (the `role` parameter is ignored). `send_result_to_user` defaults to `false`. Read fork output with `last_n: 1` to get only the final synthesis.
+
+**When to fork vs regular sub-agent:**
+
+| Task | Mode |
+|---|---|
+| Single tool call (one search, one file read) | Direct -- don't spawn at all |
+| Multi-page web research needing conversation context | Fork |
+| Exploratory file search informed by prior discussion | Fork |
+| Comparing multiple sources against what was discussed | Parallel forks |
+| Self-contained task with a clear objective | Regular sub-agent |
+
+Rule of thumb: "Does this task need to know what we've been talking about?" If yes, fork. If the objective is fully self-describing, use a regular sub-agent with a scoped role.
+
 ## Tips
 
 - Do NOT poll `subagent_status` in a loop. You will be notified automatically when a subagent completes.
@@ -71,3 +89,6 @@ Set `send_result_to_user: false` when spawning a subagent whose result is for in
 - Use `notify_parent` for interim findings instead of waiting for completion. This lets the parent act on partial results early.
 - Use `subagent_message` to send follow-up instructions to a running subagent.
 - Use `subagent_abort` to cancel a subagent that is no longer needed.
+- Default to spawning subagents for any task that involves web research, multi-file exploration, or independent coding work. Serial execution should be the exception, not the rule.
+- When a user request has both an information-gathering component and an action component, spawn a researcher immediately rather than doing the research inline yourself.
+- Prefer spawning 2-3 focused subagents over one large general-purpose subagent. Smaller scopes finish faster and fail more gracefully.

package/src/config/bundled-skills/subagent/TOOLS.json

@@ -3,7 +3,7 @@
   "tools": [
     {
       "name": "subagent_spawn",
-      "description": "Spawn an independent subagent to work on a task in parallel. The subagent runs autonomously and its results are reported back when complete.",
+      "description": "Spawn an independent subagent to work on a task in parallel. The subagent runs autonomously and its results are reported back when complete.\n\nTwo modes:\n- **Regular sub-agent** (fork: false or omitted): Gets only the objective + context fields. Use for self-contained tasks with clear objectives. Can use scoped roles (researcher, coder, planner).\n- **Fork** (fork: true): Inherits full parent context (messages, system prompt, memory). Shares KV cache for near-free context inheritance. Use when the task benefits from knowing what you've been discussing. Always runs as general role. Results are internal by default (send_result_to_user: false). Read with last_n: 1 to get only the final synthesis.\n\nDecision heuristic: Does the task need to know what we've been talking about? Fork. Is it self-contained? Regular sub-agent.",
       "category": "orchestration",
       "risk": "low",
       "input_schema": {
@@ -19,16 +19,20 @@
           },
           "context": {
             "type": "string",
-            "description": "Optional additional context to pass to the subagent"
+            "description": "Optional additional context to pass to the subagent. Ignored when fork is true — forks inherit the parent's full context."
+          },
+          "fork": {
+            "type": "boolean",
+            "description": "When true, the subagent inherits the parent's full context (messages, system prompt, memory) instead of receiving only the objective + context fields. Fork mode always runs as 'general' role (the role parameter is ignored) and defaults send_result_to_user to false. Use for tasks that benefit from the full conversational context."
           },
           "send_result_to_user": {
             "type": "boolean",
-            "description": "Whether to present the subagent's result to the user when it completes. Defaults to true. Set to false for internal/silent processing."
+            "description": "Whether to present the subagent's result to the user when it completes. Defaults to true for regular sub-agents, false for forks. Set explicitly to override."
           },
           "role": {
             "type": "string",
             "enum": ["general", "researcher", "coder", "planner"],
-            "description": "Agent specialization that controls tool access. 'researcher': read-only (web, files, memory). 'coder': file and bash access. 'planner': read-only analysis. 'general': full access (default)."
+            "description": "Agent specialization that controls tool access. 'researcher': read-only (web, files, memory). 'coder': file and bash access. 'planner': read-only analysis. 'general': full access (default). Ignored when fork: true (forks always use general)."
           },
           "activity": {
             "type": "string",

package/src/config/bundled-skills/tasks/SKILL.md

@@ -6,6 +6,11 @@ metadata:
   emoji: "✅"
   vellum:
     display-name: "Tasks"
+    activation-hints:
+      - "User wants to add, check, or manage items on their to-do list or task queue"
+      - "For one-off action items, not recurring automations (use schedule for those)"
+    avoid-when:
+      - "User wants recurring/scheduled automation — use the schedule skill instead"
 ---
 
 Two-layer task system: **task templates** (reusable definitions with input placeholders) and **work items** (instances in the Task Queue with priority tiers and status tracking).

package/src/config/env-registry.ts

@@ -86,6 +86,17 @@ export function getWorkspaceDirOverride(): string | undefined {
 // profiler mode. The runtime uses them to locate, scope, and budget-limit
 // profiler output on the workspace volume.
 
+/**
+ * VELLUM_CPU_LIMIT — string (K8s resource format), default: undefined
+ * The CPU resource limit for the container (e.g. "2000m", "2").
+ * Set by the platform StatefulSet template to the exact K8s CPU limit.
+ * Used by the health endpoint to report accurate CPU core count inside
+ * gVisor sandboxes where cgroup files may expose the host node's CPUs.
+ */
+export function getCpuLimit(): string | undefined {
+  return str("VELLUM_CPU_LIMIT");
+}
+
 /**
  * VELLUM_PROFILER_RUN_ID — string, default: undefined
  * Unique identifier for the current profiler run. When set, the profiler
@@ -148,6 +159,7 @@ const KNOWN_VELLUM_VARS = new Set([
   "VELLUM_DATA_DIR",
   "VELLUM_DESKTOP_APP",
   "VELLUM_DEV",
+  "VELLUM_DOCS_BASE_URL",
   "VELLUM_ENABLE_INSECURE_LAN_PAIRING",
   "VELLUM_HATCHED_BY",
   "VELLUM_HOOK_EVENT",
@@ -164,6 +176,8 @@ const KNOWN_VELLUM_VARS = new Set([
   "VELLUM_SSH_USER",
   "VELLUM_UNSAFE_AUTH_BYPASS",
   "VELLUM_WORKSPACE_DIR",
+  "VELLUM_CPU_LIMIT",
+  "VELLUM_MEMORY_LIMIT",
 ]);
 
 /**

package/src/config/env.ts

@@ -164,6 +164,27 @@ export function getPlatformBaseUrl(): string {
   );
 }
 
+/**
+ * Derive the assistant service domain from the platform base URL.
+ *
+ * - `dev-platform.vellum.ai`  → `dev.vellum.me`
+ * - `platform.vellum.ai`      → `vellum.me`
+ * - anything else              → `vellum.me` (safe default)
+ */
+export function getAssistantDomain(): string {
+  try {
+    const url = getPlatformBaseUrl();
+    const host = new URL(url).hostname;
+    const prefix = host.replace(/[-.]?platform\.vellum\.ai$/, "");
+    if (prefix) {
+      return `${prefix}.vellum.me`;
+    }
+  } catch {
+    // Fall through to default
+  }
+  return "vellum.me";
+}
+
 let _platformAssistantIdOverride: string | undefined;
 
 export function setPlatformAssistantId(value: string | undefined): void {

package/src/config/feature-flag-registry.json

@@ -126,8 +126,8 @@
       "scope": "macos",
       "key": "referral-codes",
       "label": "Referral Codes",
-      "description": "Show the referral invite link and stats panel on the Billing tab in Settings",
-      "defaultEnabled": false
+      "description": "Surface the Earn Credits referral entry points (sidebar drawer row and Billing tab button) that open the referral modal",
+      "defaultEnabled": true
     },
     {
       "id": "managed-sign-in",
@@ -178,11 +178,11 @@
       "defaultEnabled": false
     },
     {
-      "id": "settings-integrations-grid",
+      "id": "multi-platform-assistant",
       "scope": "assistant",
-      "key": "settings-integrations-grid",
-      "label": "Integrations Grid",
-      "description": "Show the Integrations grid in Models & Services settings, replacing individual OAuth provider cards",
+      "key": "multi-platform-assistant",
+      "label": "Multi-Platform Assistant Switcher",
+      "description": "Enable the menu-bar assistant switcher for managing multiple platform-hosted assistants (new/switch/retire)",
       "defaultEnabled": false
     },
     {
@@ -288,7 +288,46 @@
       "label": "Permission Controls V2",
       "description": "Replace risk-level permission system with two independent controls: 'Ask before acting' (LLM behavior toggle) and 'Host access' (system-enforced gate)",
       "defaultEnabled": false
+    },
+    {
+      "id": "apple-container",
+      "scope": "macos",
+      "key": "apple-container",
+      "label": "Apple Container",
+      "description": "Enable assistant sandboxing via Apple Containers on macOS 26+, providing a lightweight native sandbox without third-party dependencies",
+      "defaultEnabled": false
+    },
+    {
+      "id": "tool-result-truncation",
+      "scope": "assistant",
+      "key": "tool-result-truncation",
+      "label": "Post-Turn Tool Result Truncation",
+      "description": "Truncate large tool results after each assistant turn, persisting full content to disk for on-demand re-reads",
+      "defaultEnabled": false
+    },
+    {
+      "id": "managed-gemini-embeddings-enabled",
+      "scope": "assistant",
+      "key": "managed-gemini-embeddings-enabled",
+      "label": "Managed Gemini Embeddings Enabled",
+      "description": "Route embedding requests through the platform runtime proxy using Vellum-managed Gemini credentials when available",
+      "defaultEnabled": false
+    },
+    {
+      "id": "fork-from-message",
+      "scope": "macos",
+      "key": "fork-from-message",
+      "label": "Fork from Message",
+      "description": "Show the 'Fork from here' option in message overflow menus",
+      "defaultEnabled": false
+    },
+    {
+      "id": "fork-from-message",
+      "scope": "macos",
+      "key": "fork-from-message",
+      "label": "Fork from Message",
+      "description": "Show the Fork from here option in message overflow menus",
+      "defaultEnabled": false
     }
   ]
 }
-

package/src/config/loader.ts

@@ -11,6 +11,7 @@ import { dirname, join } from "node:path";
 import { ConfigError } from "../util/errors.js";
 import { getLogger } from "../util/logger.js";
 import { ensureDataDir, getWorkspaceConfigPath } from "../util/platform.js";
+import { isAssistantFeatureFlagEnabled } from "./assistant-feature-flags.js";
 import { AssistantConfigSchema } from "./schema.js";
 import type { AssistantConfig } from "./types.js";
 
@@ -385,7 +386,46 @@ export function loadConfig(): AssistantConfig {
     warnAndStripDeprecatedFields(fileConfig, configPath);
 
     // Validate and apply defaults via Zod schema
-    const config = validateWithSchema(fileConfig);
+    let config = validateWithSchema(fileConfig);
+
+    // Managed Gemini embedding defaults migration.
+    // When on a managed platform (IS_PLATFORM=true) with the feature flag
+    // enabled and no explicit embedding provider chosen (provider=auto),
+    // persist Gemini embedding defaults into the raw config file.
+    // Idempotent: once provider=gemini is written, subsequent loads skip this.
+    if (config.memory.embeddings.provider === "auto") {
+      try {
+        if (
+          (process.env.IS_PLATFORM === "true" ||
+            process.env.IS_PLATFORM === "1") &&
+          isManagedGeminiFFEnabled(config)
+        ) {
+          setNestedValue(fileConfig, "memory.embeddings.provider", "gemini");
+          setNestedValue(
+            fileConfig,
+            "memory.embeddings.geminiModel",
+            "gemini-embedding-2-preview",
+          );
+          setNestedValue(
+            fileConfig,
+            "memory.embeddings.geminiDimensions",
+            3072,
+          );
+          setNestedValue(fileConfig, "memory.qdrant.vectorSize", 3072);
+          writeFileSync(configPath, JSON.stringify(fileConfig, null, 2) + "\n");
+          log.info(
+            "Applied managed Gemini embedding defaults (provider=gemini, model=gemini-embedding-2-preview, dimensions=3072, vectorSize=3072)",
+          );
+          // Re-validate so the returned config reflects the migration.
+          config = validateWithSchema(fileConfig);
+        }
+      } catch (err) {
+        log.warn(
+          { err },
+          "Managed Gemini defaults migration failed — continuing with existing config",
+        );
+      }
+    }
 
     // If the config file didn't exist, write the full defaults to disk so
     // users can discover and edit all available options.
@@ -421,6 +461,21 @@ export function loadConfig(): AssistantConfig {
   }
 }
 
+/**
+ * Check whether the managed-gemini-embeddings-enabled feature flag is on.
+ * Wrapped in a try/catch so a flag-resolver failure never breaks config loading.
+ */
+function isManagedGeminiFFEnabled(config: AssistantConfig): boolean {
+  try {
+    return isAssistantFeatureFlagEnabled(
+      "managed-gemini-embeddings-enabled",
+      config,
+    );
+  } catch {
+    return false;
+  }
+}
+
 export function saveConfig(config: AssistantConfig): void {
   ensureMigratedDataDir();
   const configPath = getConfigPath();

package/src/config/sanitize-for-transfer.ts

@@ -0,0 +1,47 @@
+/**
+ * Strips environment-specific fields from config JSON before transferring
+ * between local and platform environments (teleport/restore).
+ *
+ * Fields removed or reset:
+ * - `ingress.publicBaseUrl` → set to `""`
+ * - `ingress.enabled` → deleted
+ * - `daemon` → deleted entirely
+ * - `skills.load.extraDirs` → set to `[]`
+ */
+export function sanitizeConfigForTransfer(configJson: string): string {
+  let config: Record<string, unknown>;
+  try {
+    const parsed = JSON.parse(configJson);
+    if (
+      typeof parsed !== "object" ||
+      parsed === null ||
+      Array.isArray(parsed)
+    ) {
+      return configJson;
+    }
+    config = parsed;
+  } catch {
+    return configJson;
+  }
+
+  // Strip ingress environment-specific fields
+  if (config.ingress && typeof config.ingress === "object") {
+    const ingress = config.ingress as Record<string, unknown>;
+    ingress.publicBaseUrl = "";
+    delete ingress.enabled;
+  }
+
+  // Strip daemon entirely
+  delete config.daemon;
+
+  // Strip skills.load.extraDirs
+  if (config.skills && typeof config.skills === "object") {
+    const skills = config.skills as Record<string, unknown>;
+    if (skills.load && typeof skills.load === "object") {
+      const load = skills.load as Record<string, unknown>;
+      load.extraDirs = [];
+    }
+  }
+
+  return JSON.stringify(config, null, 2) + "\n";
+}