@vellumai/assistant 0.6.1 → 0.6.3

package/src/daemon/conversation.ts

@@ -18,6 +18,7 @@
 import type { ResolvedSystemPrompt } from "../agent/loop.js";
 import { AgentLoop } from "../agent/loop.js";
 import type {
+  InterfaceId,
   TurnChannelContext,
   TurnInterfaceContext,
 } from "../channels/types.js";
@@ -43,12 +44,20 @@ import {
 import { registerToolTraceListener } from "../events/tool-trace-listener.js";
 import { getHookManager } from "../hooks/manager.js";
 import { resolveCanonicalGuardianRequest } from "../memory/canonical-guardian-store.js";
-import { updateConversationContextWindow } from "../memory/conversation-crud.js";
+import {
+  updateConversationContextWindow,
+  updateConversationHostAccess,
+} from "../memory/conversation-crud.js";
 import { ConversationGraphMemory } from "../memory/graph/conversation-graph-memory.js";
 import { PermissionPrompter } from "../permissions/prompter.js";
 import { SecretPrompter } from "../permissions/secret-prompter.js";
 import { patternMatchesCandidate } from "../permissions/trust-store.js";
 import type { UserDecision } from "../permissions/types.js";
+import {
+  isConversationHostAccessDecision,
+  isConversationHostAccessEnabled,
+  isConversationHostAccessEnablePrompt,
+} from "../permissions/v2-consent-policy.js";
 import { resolvePersonaContext } from "../prompts/persona-resolver.js";
 import { buildSystemPrompt } from "../prompts/system-prompt.js";
 import type { Message } from "../providers/types.js";
@@ -104,6 +113,7 @@ import {
 } from "./conversation-tool-setup.js";
 import { refreshWorkspaceTopLevelContextIfNeeded as refreshWorkspaceImpl } from "./conversation-workspace.js";
 import { HostBashProxy } from "./host-bash-proxy.js";
+import { HostBrowserProxy } from "./host-browser-proxy.js";
 import type { CuObservationResult } from "./host-cu-proxy.js";
 import { HostCuProxy } from "./host-cu-proxy.js";
 import { HostFileProxy } from "./host-file-proxy.js";
@@ -114,6 +124,8 @@ import type {
   UsageStats,
   UserMessageAttachment,
 } from "./message-protocol.js";
+import type { ConversationTransportMetadata } from "./message-types/conversations.js";
+import { isHostProxyTransport } from "./message-types/conversations.js";
 import type {
   AssistantActivityState,
   ConfirmationStateChanged,
@@ -156,7 +168,6 @@ export class Conversation {
   /** @internal */ sendToClient: (msg: ServerMessage) => void;
   /** @internal */ eventBus = new EventBus<AssistantDomainEvents>();
   /** @internal */ workingDir: string;
-  /** @internal */ sandboxOverride?: boolean;
   /** @internal */ allowedToolNames?: Set<string>;
   /** @internal */ toolsDisabledDepth = 0;
   /** @internal */ preactivatedSkillIds?: string[];
@@ -180,8 +191,22 @@ export class Conversation {
   /** @internal */ taskRunId?: string;
   /** @internal */ callSessionId?: string;
   /** @internal */ hostBashProxy?: HostBashProxy;
+  /** @internal */ hostBrowserProxy?: HostBrowserProxy;
   /** @internal */ hostCuProxy?: HostCuProxy;
   /** @internal */ hostFileProxy?: HostFileProxy;
+  /**
+   * Optional override sender used by `restoreBrowserProxyAvailability` so
+   * non-SSE transports (e.g. chrome-extension, whose host_browser_request
+   * frames flow through the ChromeExtensionRegistry WebSocket rather than
+   * the SSE hub) can preserve their registry-routed sender across drain
+   * queue restores. When set, `restoreBrowserProxyAvailability()` uses this
+   * function instead of `sendToClient` so the drain-queue path doesn't
+   * clobber the chrome-extension sender with the SSE hub emitter.
+   *
+   * Populated by the POST /messages handler for chrome-extension turns and
+   * cleared when an unrelated interface takes over (see `updateClient`).
+   */
+  /** @internal */ hostBrowserSenderOverride?: (msg: ServerMessage) => void;
   /** @internal */ cesClient?: CesClient;
   /** @internal */ readonly queue = new MessageQueue();
   /** @internal */ currentActiveSurfaceId?: string;
@@ -246,8 +271,24 @@ export class Conversation {
   }> = [];
   /** @internal */ workspaceTopLevelContext: string | null = null;
   /** @internal */ workspaceTopLevelDirty = true;
+  /**
+   * Host home directory reported by the client (e.g. macOS
+   * `NSHomeDirectory()`). Populated from `HostProxyTransportMetadata` when
+   * a message arrives from an interface that supports host-proxy tools
+   * (see `supportsHostProxy`). Consumed by the `<workspace>` block renderer
+   * so platform-managed (containerized) daemons show the user's actual
+   * client-side home dir instead of the container's `os.homedir()`.
+   * @internal
+   */
+  hostHomeDir?: string;
+  /**
+   * Host username reported by the client (e.g. macOS `NSUserName()`).
+   * See `hostHomeDir`.
+   * @internal
+   */
+  hostUsername?: string;
   public readonly traceEmitter: TraceEmitter;
-  public readonly hasSystemPromptOverride: boolean;
+  /** @internal */ hasSystemPromptOverride: boolean;
   public memoryPolicy: ConversationMemoryPolicy;
   /** @internal */ readonly graphMemory: ConversationGraphMemory;
   /** @internal */ activeContextNodeIds?: string[];
@@ -387,7 +428,7 @@ export class Conversation {
       _history: import("../providers/types.js").Message[],
     ): ResolvedSystemPrompt => {
       const resolved = {
-        systemPrompt: hasSystemPromptOverride
+        systemPrompt: this.hasSystemPromptOverride
           ? systemPrompt
           : (() => {
               const persona = resolvePersonaContext(
@@ -501,6 +542,7 @@ export class Conversation {
     this.traceEmitter.updateSender(sendToClient);
     if (!opts?.skipProxySenderUpdate) {
       this.hostBashProxy?.updateSender(sendToClient, !hasNoClient);
+      this.hostBrowserProxy?.updateSender(sendToClient, !hasNoClient);
       this.hostCuProxy?.updateSender(sendToClient, !hasNoClient);
       this.hostFileProxy?.updateSender(sendToClient, !hasNoClient);
     }
@@ -527,6 +569,7 @@ export class Conversation {
   /** Mark host proxies as unavailable so tool execution uses local fallback. */
   clearProxyAvailability(): void {
     this.hostBashProxy?.updateSender(this.sendToClient, false);
+    this.hostBrowserProxy?.updateSender(this.sendToClient, false);
     this.hostCuProxy?.updateSender(this.sendToClient, false);
     this.hostFileProxy?.updateSender(this.sendToClient, false);
   }
@@ -535,13 +578,41 @@ export class Conversation {
   restoreProxyAvailability(): void {
     if (!this.hasNoClient) {
       this.hostBashProxy?.updateSender(this.sendToClient, true);
+      this.hostBrowserProxy?.updateSender(this.sendToClient, true);
       this.hostCuProxy?.updateSender(this.sendToClient, true);
       this.hostFileProxy?.updateSender(this.sendToClient, true);
     }
   }
 
-  setSandboxOverride(enabled: boolean | undefined): void {
-    this.sandboxOverride = enabled;
+  /**
+   * Restore host browser proxy availability only. Used for non-desktop
+   * interfaces (e.g. chrome-extension) that support host_browser but not
+   * the full desktop proxy set, so calling restoreProxyAvailability() would
+   * incorrectly re-enable bash/file/CU proxies that should stay disabled.
+   *
+   * Unlike `restoreProxyAvailability()`, this helper does NOT gate on
+   * `hasNoClient`. The chrome-extension interface is non-interactive (so
+   * `hasNoClient === true`), but it DOES have a connected client that can
+   * service `host_browser_request` events. Gating on `hasNoClient` would
+   * leave the just-constructed proxy unavailable and the only way to make
+   * it available would be to flip `hasNoClient` false, which would
+   * incorrectly enable host_bash/host_file/host_cu tool gating downstream.
+   *
+   * When `hostBrowserSenderOverride` is set, that function is used as the
+   * sender instead of `sendToClient`. This is required for the
+   * chrome-extension interface whose host_browser frames route through the
+   * ChromeExtensionRegistry WebSocket rather than the SSE hub: if the
+   * queue-drain path called this helper with `sendToClient`, the
+   * registry-routed sender established at turn-start would be clobbered by
+   * the SSE hub emitter and host_browser_request frames would stop
+   * reaching the extension.
+   *
+   * Callers must only invoke this when they know the current interface
+   * supports host_browser (see `supportsHostProxy(id, "host_browser")`).
+   */
+  restoreBrowserProxyAvailability(): void {
+    const sender = this.hostBrowserSenderOverride ?? this.sendToClient;
+    this.hostBrowserProxy?.updateSender(sender, true);
   }
 
   setSubagentAllowedTools(tools: Set<string> | undefined): void {
@@ -552,6 +623,35 @@ export class Conversation {
     this.isSubagent = value;
   }
 
+  /**
+   * Prepend inherited parent messages into the in-memory message array so that
+   * the AgentLoop includes them in provider calls (enabling KV cache sharing).
+   *
+   * These messages are NOT persisted to the database — they exist only in
+   * memory. When the conversation is later read from DB via getMessages(),
+   * only the conversation's own persisted messages appear.
+   *
+   * Must be called before the first persistUserMessage() call — i.e. while
+   * `this.messages` is still empty.
+   */
+  injectInheritedContext(messages: Message[]): void {
+    if (this.messages.length !== 0) {
+      throw new Error(
+        "injectInheritedContext must be called before any messages have been added",
+      );
+    }
+    this.messages = [...messages];
+    this.contextWindowManager.nonPersistedPrefixCount = messages.length;
+  }
+
+  /**
+   * Return the system prompt string set at construction time (or its override).
+   * Fork consumers use this to pass the parent's system prompt to the fork.
+   */
+  getCurrentSystemPrompt(): string {
+    return this.systemPrompt;
+  }
+
   isProcessing(): boolean {
     return this.processing;
   }
@@ -574,6 +674,7 @@ export class Conversation {
   dispose(): void {
     approvalOverrides.clearMode(this.conversationId);
     this.hostBashProxy?.dispose();
+    this.hostBrowserProxy?.dispose();
     this.hostCuProxy?.dispose();
     this.hostFileProxy?.dispose();
     // CES client is owned by DaemonServer — just drop the reference.
@@ -609,6 +710,7 @@ export class Conversation {
     metadata?: Record<string, unknown>,
     options?: { isInteractive?: boolean },
     displayContent?: string,
+    transport?: ConversationTransportMetadata,
   ): { queued: boolean; requestId: string; rejected?: boolean } {
     return enqueueMessageImpl(
       this,
@@ -621,6 +723,7 @@ export class Conversation {
       metadata,
       options,
       displayContent,
+      transport,
     );
   }
 
@@ -674,12 +777,35 @@ export class Conversation {
       return;
     }
 
+    const hostAccessEnablePrompt =
+      this.prompter.isHostAccessEnablePrompt(requestId) ||
+      isConversationHostAccessEnablePrompt(
+        pendingInteractions.get(requestId)?.confirmationDetails,
+      );
+    const effectiveDecision =
+      hostAccessEnablePrompt && !isConversationHostAccessDecision(decision)
+        ? "deny"
+        : decision;
+
+    if (
+      hostAccessEnablePrompt &&
+      effectiveDecision === "allow" &&
+      !isConversationHostAccessEnabled(this.conversationId)
+    ) {
+      updateConversationHostAccess(this.conversationId, true);
+      this.sendToClient({
+        type: "conversation_host_access_updated",
+        conversationId: this.conversationId,
+        hostAccess: true,
+      });
+    }
+
     // Capture toolUseId before resolving (resolution deletes the pending entry)
     const toolUseId = this.prompter.getToolUseId(requestId);
 
     this.prompter.resolveConfirmation(
       requestId,
-      decision,
+      effectiveDecision,
       selectedPattern,
       selectedScope,
       decisionContext,
@@ -693,7 +819,7 @@ export class Conversation {
     // so ALL callers (HTTP handlers, /v1/confirm, channel bridges) get
     // consistent events without duplicating emission logic.
     const resolvedState =
-      decision === "deny" || decision === "always_deny"
+      effectiveDecision === "deny" || effectiveDecision === "always_deny"
         ? ("denied" as const)
         : ("approved" as const);
     this.emitConfirmationStateChanged({
@@ -737,7 +863,12 @@ export class Conversation {
     }
 
     // Cascade to other pending confirmations that match this decision
-    this.cascadePendingApprovals(requestId, decision, selectedPattern);
+    this.cascadePendingApprovals(
+      requestId,
+      effectiveDecision,
+      selectedPattern,
+      hostAccessEnablePrompt,
+    );
   }
 
   /**
@@ -753,9 +884,14 @@ export class Conversation {
     primaryRequestId: string,
     decision: UserDecision,
     selectedPattern?: string,
+    hostAccessEnablePrompt = false,
   ): void {
     // Single-action decisions don't cascade
-    if (decision === "allow" || decision === "deny") return;
+    if (decision === "allow" || decision === "deny") {
+      if (!hostAccessEnablePrompt || decision !== "allow") {
+        return;
+      }
+    }
 
     const pendingRequestIds = this.prompter.getPendingRequestIds();
     if (pendingRequestIds.length === 0) return;
@@ -768,6 +904,28 @@ export class Conversation {
       if (interaction.conversationId !== this.conversationId) continue;
       if (interaction.kind !== "confirmation") continue;
 
+      if (
+        hostAccessEnablePrompt &&
+        (this.prompter.isHostAccessEnablePrompt(candidateId) ||
+          isConversationHostAccessEnablePrompt(interaction.confirmationDetails))
+      ) {
+        // Enabling computer access is conversation-scoped, so sibling host
+        // prompts should resolve immediately once the first approval lands.
+        pendingInteractions.resolve(candidateId);
+        this.handleConfirmationResponse(
+          candidateId,
+          "allow",
+          undefined,
+          undefined,
+          undefined,
+          {
+            source: "system",
+            causedByRequestId: primaryRequestId,
+          },
+        );
+        continue;
+      }
+
       const cascadeResult = this.shouldCascade(
         decision,
         selectedPattern,
@@ -870,9 +1028,23 @@ export class Conversation {
     this.hostBashProxy = proxy;
   }
 
-  resolveHostFile(
+  resolveHostBrowser(
     requestId: string,
     response: { content: string; isError: boolean },
+  ): void {
+    this.hostBrowserProxy?.resolve(requestId, response);
+  }
+
+  setHostBrowserProxy(proxy: HostBrowserProxy | undefined): void {
+    if (this.hostBrowserProxy && this.hostBrowserProxy !== proxy) {
+      this.hostBrowserProxy.dispose();
+    }
+    this.hostBrowserProxy = proxy;
+  }
+
+  resolveHostFile(
+    requestId: string,
+    response: { content: string; isError: boolean; imageData?: string },
   ): void {
     this.hostFileProxy?.resolve(requestId, response);
   }
@@ -986,6 +1158,40 @@ export class Conversation {
     this.transportHints = hints;
   }
 
+  /**
+   * Apply client-reported host environment (home dir, username) from
+   * transport metadata onto the conversation. Only interfaces whose
+   * interfaceId passes `supportsHostProxy()` contribute values — all other
+   * interfaces (CLI, channels, iOS, chrome-extension) clear any previously
+   * stored values so a conversation reused across interfaces doesn't leak
+   * stale paths into later `<workspace>` blocks.
+   *
+   * Gating on `supportsHostProxy` (rather than a specific interface name)
+   * keeps this in lock-step with the capability set defined in
+   * `HostProxyInterfaceId` — adding a new host-capable client only requires
+   * extending those two, not touching this method.
+   *
+   * Invalidates the cached workspace top-level block when values change so
+   * the next render picks up the new host env.
+   */
+  applyHostEnvFromTransport(transport: ConversationTransportMetadata): void {
+    const prevHomeDir = this.hostHomeDir;
+    const prevUsername = this.hostUsername;
+    if (isHostProxyTransport(transport)) {
+      this.hostHomeDir = transport.hostHomeDir;
+      this.hostUsername = transport.hostUsername;
+    } else {
+      this.hostHomeDir = undefined;
+      this.hostUsername = undefined;
+    }
+    if (
+      prevHomeDir !== this.hostHomeDir ||
+      prevUsername !== this.hostUsername
+    ) {
+      this.workspaceTopLevelDirty = true;
+    }
+  }
+
   setAssistantId(assistantId: string | null): void {
     this.assistantId = assistantId ?? undefined;
   }
@@ -1028,6 +1234,16 @@ export class Conversation {
     return this.currentTurnInterfaceContext;
   }
 
+  /**
+   * Implements the `transportInterface` field of `SkillProjectionContext` so
+   * that `isToolActiveForContext` can gate host tools by per-capability
+   * `supportsHostProxy(transport, capability)`. Derived from the live turn
+   * interface context so it tracks the connected client across turns.
+   */
+  get transportInterface(): InterfaceId | undefined {
+    return this.currentTurnInterfaceContext?.userMessageInterface;
+  }
+
   async persistUserMessage(
     content: string,
     attachments: UserMessageAttachment[],

package/src/daemon/date-context.ts

@@ -18,14 +18,14 @@ export interface TemporalContextOptions {
   userTimeZone?: string | null;
 }
 
-const WEEKDAY_SHORT = [
-  "Sun",
-  "Mon",
-  "Tue",
-  "Wed",
-  "Thu",
-  "Fri",
-  "Sat",
+const WEEKDAY_LONG = [
+  "Sunday",
+  "Monday",
+  "Tuesday",
+  "Wednesday",
+  "Thursday",
+  "Friday",
+  "Saturday",
 ] as const;
 const UTC_GMT_OFFSET_TOKEN_RE = /^(?:UTC|GMT)([+-])(\d{1,2})(?::?(\d{2}))?$/i;
 
@@ -295,7 +295,7 @@ function formatLocalDate(date: Date, timeZone: string): string {
  * Uses the timezone resolution cascade:
  * explicit override → configured user tz → profile user tz → host fallback.
  *
- * Returns format: `2026-04-02 (Thu) 01:52:33 -05:00 (America/Chicago)`
+ * Returns format: `2026-04-02 (Thursday) 01:52:33 -05:00 (America/Chicago)`
  */
 export function formatTurnTimestamp(
   options: TemporalContextOptions = {},
@@ -322,7 +322,7 @@ export function formatTurnTimestamp(
 
   const dateStr = formatLocalDate(now, timeZone);
   const todayParts = localDateParts(now, timeZone);
-  const dayName = WEEKDAY_SHORT[todayParts.weekday];
+  const dayName = WEEKDAY_LONG[todayParts.weekday];
 
   const fmt = new Intl.DateTimeFormat("en-US", {
     timeZone,

package/src/daemon/first-greeting.ts

@@ -5,10 +5,11 @@ import { getWorkspacePromptPath } from "../util/platform.js";
 /**
  * The canned assistant response for the wake-up greeting on a fresh workspace.
  * Warm, non-presumptuous greeting that communicates "I'm new," "I improve over
- * time," "I'm ready to be useful," and "you're in control."
+ * time," and invites the user to lead with whatever they want — a task, a
+ * question, or getting to know each other.
  */
 export const CANNED_FIRST_GREETING =
-  "Hey, I'm brand new. No name, no memories, nothing yet. Think of me like a new colleague on their first day: I'll get better the more we work together. First things first, let's figure out how we work best. What should I call you?";
+  "Hey — I'm brand new. No name, no memories, no idea who you are yet. I'll get sharper the more we work together. What can I do for you?";
 
 /**
  * Returns `true` when all of the following are true:

package/src/daemon/handlers/conversations.ts

@@ -1,10 +1,5 @@
 import { v4 as uuid } from "uuid";
 
-import {
-  type InterfaceId,
-  parseChannelId,
-  parseInterfaceId,
-} from "../../channels/types.js";
 import { getConfig } from "../../config/loader.js";
 import {
   createCanonicalGuardianRequest,
@@ -13,28 +8,18 @@ import {
 import {
   batchSetDisplayOrders,
   clearAll,
-  createConversation,
   getConversation,
   updateConversationTitle,
 } from "../../memory/conversation-crud.js";
 import { resolveConversationId } from "../../memory/conversation-key-store.js";
-import {
-  GENERATING_TITLE,
-  queueGenerateConversationTitle,
-  UNTITLED_FALLBACK,
-} from "../../memory/conversation-title-service.js";
 import * as pendingInteractions from "../../runtime/pending-interactions.js";
 import { redactSecrets } from "../../security/secret-scanner.js";
 import { getSubagentManager } from "../../subagent/index.js";
 import { summarizeToolInput } from "../../tools/tool-input-summary.js";
 import { truncate } from "../../util/truncate.js";
 import type { Conversation } from "../conversation.js";
-import { HostBashProxy } from "../host-bash-proxy.js";
-import { HostCuProxy } from "../host-cu-proxy.js";
-import { HostFileProxy } from "../host-file-proxy.js";
 import type {
   ConfirmationResponse,
-  ConversationCreateRequest,
   ConversationRenameRequest,
   ConversationSwitchRequest,
   DeleteQueuedMessage,
@@ -131,6 +116,12 @@ export function makeEventSender(params: {
         conversationId,
         kind: "host_bash",
       });
+    } else if (event.type === "host_browser_request") {
+      pendingInteractions.register(event.requestId, {
+        conversation,
+        conversationId,
+        kind: "host_browser",
+      });
     } else if (event.type === "host_file_request") {
       pendingInteractions.register(event.requestId, {
         conversation,
@@ -226,130 +217,6 @@ export function clearAllConversations(ctx: HandlerContext): number {
   return cleared;
 }
 
-export async function handleConversationCreate(
-  msg: ConversationCreateRequest,
-  ctx: HandlerContext,
-): Promise<void> {
-  const conversationType = normalizeConversationType(msg.conversationType);
-  const title =
-    msg.title ?? (msg.initialMessage ? GENERATING_TITLE : "New Conversation");
-  const conversation = createConversation({
-    title,
-    conversationType,
-  });
-  const conversationObj = await ctx.getOrCreateConversation(conversation.id, {
-    systemPromptOverride: msg.systemPromptOverride,
-    maxResponseTokens: msg.maxResponseTokens,
-    transport: msg.transport,
-  });
-
-  // Pre-activate skills before sending conversation_info so they're available
-  // for the initial message processing.
-  if (msg.preactivatedSkillIds?.length) {
-    conversationObj.setPreactivatedSkillIds(msg.preactivatedSkillIds);
-  }
-
-  ctx.send({
-    type: "conversation_info",
-    conversationId: conversation.id,
-    title: conversation.title ?? "New Conversation",
-    ...(msg.correlationId ? { correlationId: msg.correlationId } : {}),
-    conversationType: normalizeConversationType(conversation.conversationType),
-  });
-
-  // Auto-send the initial message if provided, kick-starting the skill.
-  if (msg.initialMessage) {
-    // Queue title generation eagerly — some processMessage paths (guardian
-    // replies, unknown slash commands) bypass the agent loop entirely, so
-    // we can't rely on the agent loop's early title generation alone.
-    // The agent loop also queues title generation, but isReplaceableTitle
-    // prevents double-writes since the first to complete sets a real title.
-    if (title === GENERATING_TITLE) {
-      queueGenerateConversationTitle({
-        conversationId: conversation.id,
-        context: { origin: "local" },
-        userMessage: msg.initialMessage,
-        onTitleUpdated: (newTitle) => {
-          ctx.send({
-            type: "conversation_title_updated",
-            conversationId: conversation.id,
-            title: newTitle,
-          });
-        },
-      });
-    }
-
-    const requestId = uuid();
-    const transportChannel =
-      parseChannelId(msg.transport?.channelId) ?? "vellum";
-    const sendEvent = makeEventSender({
-      ctx,
-      conversation: conversationObj,
-      conversationId: conversation.id,
-      sourceChannel: transportChannel,
-    });
-    conversationObj.setTurnChannelContext({
-      userMessageChannel: transportChannel,
-      assistantMessageChannel: transportChannel,
-    });
-    const transportInterface: InterfaceId =
-      parseInterfaceId(msg.transport?.interfaceId) ?? "vellum";
-    conversationObj.setTurnInterfaceContext({
-      userMessageInterface: transportInterface,
-      assistantMessageInterface: transportInterface,
-    });
-    // Only create the host bash proxy for desktop client interfaces that can
-    // execute commands on the user's machine. Set before updateClient so
-    // updateClient's call to hostBashProxy.updateSender targets the new proxy.
-    if (transportInterface === "macos") {
-      const proxy = new HostBashProxy(sendEvent, (requestId) => {
-        pendingInteractions.resolve(requestId);
-      });
-      conversationObj.setHostBashProxy(proxy);
-      const fileProxy = new HostFileProxy(sendEvent, (requestId) => {
-        pendingInteractions.resolve(requestId);
-      });
-      conversationObj.setHostFileProxy(fileProxy);
-      const cuProxy = new HostCuProxy(sendEvent, (requestId) => {
-        pendingInteractions.resolve(requestId);
-      });
-      conversationObj.setHostCuProxy(cuProxy);
-      conversationObj.addPreactivatedSkillId("computer-use");
-    }
-    conversationObj.updateClient(sendEvent, false);
-    conversationObj
-      .processMessage(msg.initialMessage, [], sendEvent, requestId)
-      .catch((err) => {
-        const message = err instanceof Error ? err.message : String(err);
-        log.error(
-          { err, conversationId: conversation.id },
-          "Error processing initial message",
-        );
-        ctx.send({
-          type: "error",
-          message: `Failed to process initial message: ${message}`,
-        });
-
-        // Replace stuck loading placeholder with a stable fallback title
-        // if title generation hasn't already completed or been renamed.
-        try {
-          const current = getConversation(conversation.id);
-          if (current && current.title === GENERATING_TITLE) {
-            const fallback = UNTITLED_FALLBACK;
-            updateConversationTitle(conversation.id, fallback);
-            ctx.send({
-              type: "conversation_title_updated",
-              conversationId: conversation.id,
-              title: fallback,
-            });
-          }
-        } catch {
-          // Best-effort fallback
-        }
-      });
-  }
-}
-
 /**
  * Switch to an existing conversation. Returns conversation info on success,
  * or throws/returns an error result when the conversation is not found.
@@ -361,6 +228,7 @@ export async function switchConversation(
   conversationId: string;
   title: string;
   conversationType: ReturnType<typeof normalizeConversationType>;
+  hostAccess: boolean;
 } | null> {
   const conversation = getConversation(conversationId);
   if (!conversation) {
@@ -383,6 +251,7 @@ export async function switchConversation(
     conversationId: conversation.id,
     title: conversation.title ?? "Untitled",
     conversationType: normalizeConversationType(conversation.conversationType),
+    hostAccess: conversation.hostAccess === 1,
   };
 }
 
@@ -404,6 +273,7 @@ export async function handleConversationSwitch(
     conversationId: result.conversationId,
     title: result.title,
     conversationType: result.conversationType,
+    hostAccess: result.hostAccess,
   });
 }