@vellumai/assistant 0.6.1 → 0.6.3

package/src/daemon/conversation-agent-loop.ts

@@ -22,7 +22,9 @@ import type {
   TurnChannelContext,
   TurnInterfaceContext,
 } from "../channels/types.js";
+import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import { getConfig } from "../config/loader.js";
+import { derefToolResultReReads,postTurnTruncateToolResults } from "../context/post-turn-tool-result-truncation.js";
 import { estimatePromptTokens } from "../context/token-estimator.js";
 import type { ContextWindowManager } from "../context/window-manager.js";
 import type { ToolProfiler } from "../events/tool-profiling-listener.js";
@@ -44,6 +46,7 @@ import {
   updateConversationTitle,
   updateMessageMetadata,
 } from "../memory/conversation-crud.js";
+import { getResolvedConversationDirPath } from "../memory/conversation-directories.js";
 import { syncMessageToDisk } from "../memory/conversation-disk-view.js";
 import {
   isReplaceableTitle,
@@ -58,6 +61,7 @@ import type { ContentBlock, Message } from "../providers/types.js";
 import type { Provider } from "../providers/types.js";
 import { resolveActorTrust } from "../runtime/actor-trust-resolver.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "../runtime/assistant-scope.js";
+import { getSubagentManager } from "../subagent/index.js";
 import type { UsageActor } from "../usage/actors.js";
 import { getLogger } from "../util/logger.js";
 import { truncate } from "../util/truncate.js";
@@ -100,6 +104,7 @@ import type {
 } from "./conversation-runtime-assembly.js";
 import {
   applyRuntimeInjections,
+  buildSubagentStatusBlock,
   buildUnifiedTurnContextBlock,
   findLastInjectedNowContent,
   inboundActorContextFromTrust,
@@ -109,6 +114,7 @@ import {
   stripInjectionsForCompaction,
 } from "./conversation-runtime-assembly.js";
 import type { SkillProjectionCache } from "./conversation-skill-tools.js";
+import { markSurfaceCompleted } from "./conversation-surfaces.js";
 import { resolveTrustClass } from "./conversation-tool-setup.js";
 import { recordUsage } from "./conversation-usage.js";
 import { formatTurnTimestamp } from "./date-context.js";
@@ -260,6 +266,8 @@ export interface AgentLoopConversationContext {
   lastAttachmentWarnings: string[];
 
   hasNoClient: boolean;
+  /** True when this conversation is itself a subagent (suppresses subagent status injection). */
+  isSubagent?: boolean;
   headlessLock?: boolean;
   readonly streamThinking: boolean;
   readonly prompter: PermissionPrompter;
@@ -438,6 +446,7 @@ export async function runAgentLoopImpl(
           surfaceId,
           summary: "Dismissed",
         });
+        markSurfaceCompleted(ctx, surfaceId, "Dismissed");
         ctx.pendingSurfaceActions.delete(surfaceId);
       }
     }
@@ -501,6 +510,7 @@ export async function runAgentLoopImpl(
 
     const isFirstMessage = ctx.messages.length === 1;
     let shouldInjectWorkspace = isFirstMessage;
+    let compactedThisTurn = false;
 
     const compactCheck = ctx.contextWindowManager.shouldCompact(ctx.messages);
     if (compactCheck.needed) {
@@ -556,6 +566,9 @@ export async function runAgentLoopImpl(
         collapseRawResponses(compacted.summaryRawResponses),
       );
       shouldInjectWorkspace = true;
+      if (compacted.compactedPersistedMessages > 0) {
+        compactedThisTurn = true;
+      }
     }
 
     const state = createEventHandlerState();
@@ -776,16 +789,24 @@ export async function runAgentLoopImpl(
     const isInteractiveResolved =
       options?.isInteractive ?? (!ctx.hasNoClient && !ctx.headlessLock);
 
-    // Only inject NOW.md if it changed since the last injection in the
-    // conversation.  Keeping the previous injection in place avoids mutating
-    // historical user messages and preserves the cached prefix.
+    // Inject NOW.md and PKB content only on the first turn (or after
+    // compaction re-strips them).  Old injections persist in history and
+    // are never stripped on normal turns — this preserves the cached prefix.
     const currentNowContent = readNowScratchpad();
-    const lastInjectedNow = findLastInjectedNowContent(ctx.messages);
-    const nowScratchpad =
-      currentNowContent !== lastInjectedNow ? currentNowContent : null;
+    const shouldInjectNowAndPkb = isFirstMessage || compactedThisTurn;
+    const nowScratchpad = shouldInjectNowAndPkb ? currentNowContent : null;
 
-    // Read PKB always-loaded files (INDEX, essentials, threads, buffer)
     const currentPkbContent = readPkbContext();
+    const pkbContext = shouldInjectNowAndPkb ? currentPkbContent : null;
+    const pkbActive = currentPkbContent !== null;
+
+    // Subagent status injection — gives the parent LLM visibility into active/completed children.
+    // Skipped when this conversation IS a subagent (no nesting) or has no children.
+    const subagentStatusBlock = ctx.isSubagent
+      ? null
+      : buildSubagentStatusBlock(
+          getSubagentManager().getChildrenOf(ctx.conversationId),
+        );
 
     // Shared injection options — reused whenever we need to re-inject after reduction.
     const injectionOpts = {
@@ -796,11 +817,13 @@ export async function runAgentLoopImpl(
       channelCapabilities: ctx.channelCapabilities ?? null,
       channelCommandContext: ctx.commandIntent ?? null,
       unifiedTurnContext: unifiedTurnContextStr,
-      pkbContext: currentPkbContent,
+      pkbContext,
+      pkbActive,
       nowScratchpad,
       voiceCallControlPrompt: ctx.voiceCallControlPrompt ?? null,
       transportHints: ctx.transportHints ?? null,
       isNonInteractive: !isInteractiveResolved,
+      subagentStatusBlock,
     } as const;
 
     let currentInjectionMode: InjectionMode = "full";
@@ -922,7 +945,7 @@ export async function runAgentLoopImpl(
         // value from injectionOpts to avoid duplicate injection.
         runMessages = applyRuntimeInjections(ctx.messages, {
           ...injectionOpts,
-          pkbContext: currentPkbContent,
+          ...(step.compactionResult?.compacted && { pkbContext: currentPkbContent }),
           ...(step.compactionResult?.compacted && { nowScratchpad: currentNowContent }),
           workspaceTopLevelContext: shouldInjectWorkspace
             ? ctx.workspaceTopLevelContext
@@ -1202,8 +1225,16 @@ export async function runAgentLoopImpl(
     // limit), incorporate those new messages into ctx.messages so the
     // convergence loop operates on the full (larger) history.
     if (state.contextTooLargeDetected) {
+      // Detect whether ctx.messages currently lacks NOW.md so we know if
+      // it needs to be re-injected.  Mid-loop compaction (line ~1067) may
+      // have already stripped injections before escalating here, so we
+      // check actual message state rather than tracking mutation sites.
+      let convergenceStripped =
+        findLastInjectedNowContent(ctx.messages) === null;
+
       if (updatedHistory.length > preRunHistoryLength) {
         ctx.messages = stripInjectionsForCompaction(updatedHistory);
+        convergenceStripped = true;
         preRepairMessages = updatedHistory;
         preRunHistoryLength = updatedHistory.length;
       }
@@ -1326,12 +1357,13 @@ export async function runAgentLoopImpl(
           shouldInjectWorkspace = true;
         }
 
-        // ctx.messages has been stripped (line 1206/1373) so NOW.md must
-        // always be re-injected regardless of whether compaction ran.
+        // Only re-inject NOW.md when ctx.messages was actually stripped;
+        // otherwise the existing NOW.md block is still present and
+        // re-injecting would duplicate it.
         runMessages = applyRuntimeInjections(ctx.messages, {
           ...injectionOpts,
           pkbContext: currentPkbContent,
-          nowScratchpad: currentNowContent,
+          nowScratchpad: convergenceStripped ? currentNowContent : null,
           workspaceTopLevelContext: shouldInjectWorkspace
             ? ctx.workspaceTopLevelContext
             : null,
@@ -1373,6 +1405,7 @@ export async function runAgentLoopImpl(
           // pre-rerun messages.
           if (updatedHistory.length > preRunHistoryLength) {
             ctx.messages = stripInjectionsForCompaction(updatedHistory);
+            convergenceStripped = true;
             preRepairMessages = updatedHistory;
             preRunHistoryLength = updatedHistory.length;
           }
@@ -1448,12 +1481,12 @@ export async function runAgentLoopImpl(
               shouldInjectWorkspace = true;
             }
 
-            // ctx.messages was already stripped before the convergence
-            // loop, so NOW.md must always be re-injected here.
+            // Only re-inject NOW.md when ctx.messages was actually stripped;
+            // otherwise the existing block is still present.
             runMessages = applyRuntimeInjections(ctx.messages, {
               ...injectionOpts,
               pkbContext: currentPkbContent,
-              nowScratchpad: currentNowContent,
+              nowScratchpad: convergenceStripped ? currentNowContent : null,
               workspaceTopLevelContext: shouldInjectWorkspace
                 ? ctx.workspaceTopLevelContext
                 : null,
@@ -1568,12 +1601,12 @@ export async function runAgentLoopImpl(
             shouldInjectWorkspace = true;
           }
 
-          // ctx.messages was already stripped before the convergence
-          // loop, so NOW.md must always be re-injected here.
+          // Only re-inject NOW.md when ctx.messages was actually stripped;
+          // otherwise the existing block is still present.
           runMessages = applyRuntimeInjections(ctx.messages, {
             ...injectionOpts,
             pkbContext: currentPkbContent,
-            nowScratchpad: currentNowContent,
+            nowScratchpad: convergenceStripped ? currentNowContent : null,
             workspaceTopLevelContext: shouldInjectWorkspace
               ? ctx.workspaceTopLevelContext
               : null,
@@ -1712,7 +1745,29 @@ export async function runAgentLoopImpl(
       // would create a duplicate plain-text bubble below the alert card.
     }
 
-    const restoredHistory = [...preRepairMessages, ...newMessages];
+    let restoredHistory = [...preRepairMessages, ...newMessages];
+
+    // Post-turn tool result truncation: save large results to disk and
+    // replace in-context content with a prefix/suffix stub + file pointer.
+    if (isAssistantFeatureFlagEnabled("tool-result-truncation", config)) {
+      try {
+        const conv = getConversation(ctx.conversationId);
+        if (conv) {
+          const convDir = getResolvedConversationDirPath(ctx.conversationId, conv.createdAt);
+          const { messages: derefMessages, dereferencedCount } = derefToolResultReReads(restoredHistory);
+          const { messages: truncatedMessages, truncatedCount } = postTurnTruncateToolResults(derefMessages, { conversationDir: convDir });
+          if (truncatedCount > 0 || dereferencedCount > 0) {
+            rlog.info(
+              { truncatedCount, dereferencedCount },
+              "Post-turn tool result truncation applied",
+            );
+          }
+          restoredHistory = truncatedMessages;
+        }
+      } catch (err) {
+        rlog.warn({ err }, "Post-turn tool result truncation failed (non-fatal)");
+      }
+    }
 
     const postLoopContextEstimate = estimatePromptTokens(
       restoredHistory,

package/src/daemon/conversation-attachments.ts

@@ -13,6 +13,11 @@ import {
 import type { PermissionPrompter } from "../permissions/prompter.js";
 import { addRule } from "../permissions/trust-store.js";
 import { isAllowDecision } from "../permissions/types.js";
+import {
+  CONVERSATION_HOST_ACCESS_PROMPT,
+  isConversationHostAccessEnabled,
+  isPermissionControlsV2Enabled,
+} from "../permissions/v2-consent-policy.js";
 import type { ContentBlock } from "../providers/types.js";
 import { getLogger } from "../util/logger.js";
 import {
@@ -45,6 +50,41 @@ export async function approveHostAttachmentRead(
 ): Promise<boolean> {
   const toolName = "host_file_read";
   const input = { path: filePath };
+
+  if (isPermissionControlsV2Enabled()) {
+    if (isConversationHostAccessEnabled(conversationId)) {
+      return true;
+    }
+
+    // HTTP-created sessions use a no-op sendToClient — prompting would
+    // block for the full permission timeout before auto-denying.
+    if (hasNoClient) {
+      log.info(
+        { filePath },
+        "Denying host attachment read: no interactive client connected",
+      );
+      return false;
+    }
+
+    const response = await prompter.prompt(
+      toolName,
+      input,
+      "low",
+      CONVERSATION_HOST_ACCESS_PROMPT.allowlistOptions,
+      CONVERSATION_HOST_ACCESS_PROMPT.scopeOptions,
+      undefined,
+      conversationId,
+      "host",
+      CONVERSATION_HOST_ACCESS_PROMPT.persistentDecisionsAllowed,
+      undefined,
+      CONVERSATION_HOST_ACCESS_PROMPT.temporaryOptionsAvailable,
+      undefined,
+      true,
+    );
+
+    return response.decision === "allow";
+  }
+
   const decision = await check(toolName, input, workingDir);
 
   if (decision.decision === "allow") {
@@ -71,7 +111,6 @@ export async function approveHostAttachmentRead(
     await generateAllowlistOptions(toolName, input),
     generateScopeOptions(workingDir, toolName),
     undefined,
-    undefined,
     conversationId,
     "host",
   );

package/src/daemon/conversation-messaging.ts

@@ -41,6 +41,7 @@ import type {
   ServerMessage,
   UserMessageAttachment,
 } from "./message-protocol.js";
+import type { ConversationTransportMetadata } from "./message-types/conversations.js";
 
 const log = getLogger("conversation-messaging");
 
@@ -222,6 +223,7 @@ export function enqueueMessage(
   metadata?: Record<string, unknown>,
   options?: { isInteractive?: boolean },
   displayContent?: string,
+  transport?: ConversationTransportMetadata,
 ): { queued: boolean; requestId: string; rejected?: boolean } {
   if (!ctx.processing) {
     return { queued: false, requestId };
@@ -246,6 +248,7 @@ export function enqueueMessage(
     turnChannelContext,
     turnInterfaceContext,
     isInteractive: options?.isInteractive,
+    transport,
     displayContent,
     sentAt: Date.now(),
   });

package/src/daemon/conversation-process.ts

@@ -15,7 +15,11 @@ import type {
   TurnChannelContext,
   TurnInterfaceContext,
 } from "../channels/types.js";
-import { parseChannelId, parseInterfaceId } from "../channels/types.js";
+import {
+  parseChannelId,
+  parseInterfaceId,
+  supportsHostProxy,
+} from "../channels/types.js";
 import { getConfig } from "../config/loader.js";
 import type { ContextWindowResult } from "../context/window-manager.js";
 import { listPendingRequestsByConversationScope } from "../memory/canonical-guardian-store.js";
@@ -43,7 +47,9 @@ import type {
   UsageStats,
   UserMessageAttachment,
 } from "./message-protocol.js";
+import type { ConversationTransportMetadata } from "./message-types/conversations.js";
 import type { TraceEmitter } from "./trace-emitter.js";
+import { buildTransportHints } from "./transport-hints.js";
 import { resolveVerificationSessionIntent } from "./verification-session-intent.js";
 
 const log = getLogger("conversation-process");
@@ -131,6 +137,12 @@ export interface ProcessConversationContext {
   clearProxyAvailability(): void;
   /** Restore host proxy availability based on whether a real client is connected. */
   restoreProxyAvailability(): void;
+  /** Restore only the host browser proxy (used by chrome-extension drains). */
+  restoreBrowserProxyAvailability(): void;
+  /** Replace or clear the conversation's host browser proxy. */
+  setHostBrowserProxy(
+    proxy: import("./host-browser-proxy.js").HostBrowserProxy | undefined,
+  ): void;
   emitActivityState(
     phase:
       | "idle"
@@ -157,6 +169,15 @@ export interface ProcessConversationContext {
   ): void;
   /** Force context compaction regardless of threshold/cooldown. */
   forceCompact(): Promise<ContextWindowResult>;
+  /** Set transport-derived hints for the conversation. */
+  setTransportHints(hints: string[] | undefined): void;
+  /**
+   * Apply client-reported host env (home dir, username) from transport
+   * metadata, gating on `supportsHostProxy` so non-host-proxy interfaces
+   * clear any stale values. Shared between the create/reuse path in
+   * `DaemonServer.applyTransportMetadata` and the queue-drain path below.
+   */
+  applyHostEnvFromTransport(transport: ConversationTransportMetadata): void;
 }
 
 function resolveQueuedTurnContext(
@@ -290,22 +311,64 @@ export async function drainQueue(
     conversation.setTurnInterfaceContext(queuedInterfaceCtx);
   }
 
+  // Apply transport hints from the queued message so each turn uses the
+  // transport metadata that arrived with its message. Messages without
+  // transport (subagent notifications, surface actions, etc.) inherit the
+  // conversation's existing hints — clearing them would erase the user's
+  // environment context for internal turns.
+  if (next.transport) {
+    conversation.setTransportHints(buildTransportHints(next.transport));
+    // Route client-reported host env through the same capability-gated
+    // setter used by DaemonServer.applyTransportMetadata so create/reuse
+    // and queue-drain stay in sync without duplicating the gate logic.
+    conversation.applyHostEnvFromTransport(next.transport);
+  }
+
   // Non-interactive queued messages (channel requests) must not execute tools
   // via the desktop host proxy. Clear proxy availability so isAvailable()
   // returns false and tool execution falls back to local.
   if (next.isInteractive === false) {
     conversation.clearProxyAvailability();
+    // chrome-extension is non-interactive (no SSE prompter UI) but DOES have
+    // a connected client that can service host_browser_request events. The
+    // unconditional clear above turned its hostBrowserProxy off; restore it
+    // here so the queued turn can still drive the browser via CDP.
+    const drainInterfaceCtx =
+      queuedInterfaceCtx ?? conversation.getTurnInterfaceContext();
+    const drainInterface = drainInterfaceCtx?.userMessageInterface;
+    if (
+      drainInterface &&
+      !supportsHostProxy(drainInterface) &&
+      supportsHostProxy(drainInterface, "host_browser")
+    ) {
+      conversation.restoreBrowserProxyAvailability();
+    }
   } else {
     // Restore proxy availability only for desktop-originating turns (macos)
     // in case a prior non-interactive drain disabled it. Non-desktop interactive
-    // interfaces (CLI, Vellum) should not re-enable desktop host proxies.
+    // interfaces (CLI, Vellum) should not re-enable desktop host proxies. The
+    // chrome-extension interface only supports host_browser, not the desktop
+    // proxies or computer-use, so it is excluded by the no-arg form of
+    // supportsHostProxy (which returns false for chrome-extension).
     const interfaceCtx =
       queuedInterfaceCtx ?? conversation.getTurnInterfaceContext();
     const sourceInterface = interfaceCtx?.userMessageInterface;
-    if (sourceInterface === "macos") {
+    if (sourceInterface && supportsHostProxy(sourceInterface)) {
       conversation.restoreProxyAvailability();
       conversation.addPreactivatedSkillId("computer-use");
     }
+    // Tear down a stale hostBrowserProxy inherited from a prior turn on a
+    // different interface (e.g. chrome-extension installed one, then a
+    // macos turn drains). Without this, restoreProxyAvailability() above
+    // would re-enable the proxy and getCdpClient() would route browser
+    // tools through host_browser_request and hang waiting for a client
+    // that this turn's interface can't service.
+    if (
+      sourceInterface &&
+      !supportsHostProxy(sourceInterface, "host_browser")
+    ) {
+      conversation.setHostBrowserProxy(undefined);
+    }
   }
 
   // Snapshot persona context at turn start so later tool turns can't pick up

package/src/daemon/conversation-queue-manager.ts

@@ -14,6 +14,7 @@ import type {
   ServerMessage,
   UserMessageAttachment,
 } from "./message-protocol.js";
+import type { ConversationTransportMetadata } from "./message-types/conversations.js";
 
 const log = getLogger("conversation-queue");
 
@@ -29,6 +30,8 @@ export interface QueuedMessage {
   turnInterfaceContext?: TurnInterfaceContext;
   /** When false, the turn has no interactive user and should skip clarification prompts. */
   isInteractive?: boolean;
+  /** Transport metadata snapshot captured at enqueue time, applied when this message becomes active. */
+  transport?: ConversationTransportMetadata;
   /** Original user message text to persist to DB when recording intent stripping produced a different `content`. */
   displayContent?: string;
   /** Wall-clock time (ms since epoch) when the message was enqueued, used as the display timestamp. */
@@ -155,6 +158,11 @@ function estimateItemBytes(item: QueuedMessage): number {
     bytes += a.data.length * 2;
     if (a.extractedText) bytes += a.extractedText.length * 2;
   }
+  // Include transport metadata in the estimate so large transport
+  // payloads (e.g. hostHomeDir, hostUsername) count against the budget.
+  if (item.transport) {
+    bytes += JSON.stringify(item.transport).length * 2;
+  }
   // Small fixed overhead for metadata, pointers, etc. (not worth
   // measuring precisely — the content/attachment data dominates).
   bytes += 512;