@vellumai/assistant 0.6.2 → 0.6.3

package/src/daemon/message-types/conversations.ts

@@ -1,6 +1,11 @@
 // Conversation lifecycle, auth, model config, and history types.
 
-import type { ChannelId, InterfaceId } from "../../channels/types.js";
+import type {
+  ChannelId,
+  HostProxyInterfaceId,
+  InterfaceId,
+} from "../../channels/types.js";
+import { supportsHostProxy } from "../../channels/types.js";
 import type { ConversationType } from "./shared.js";
 import type { UserMessageAttachment } from "./shared.js";
 
@@ -26,26 +31,61 @@ interface BaseTransportMetadata {
   chatType?: string;
 }
 
-/** Transport metadata for macOS desktop clients, including host environment fields. */
-export interface MacosTransportMetadata extends BaseTransportMetadata {
-  /** Interface identifier for macOS transport. */
-  interfaceId: "macos";
-  /** Home directory of the host macOS user. */
+/**
+ * Transport metadata for interfaces that support the full desktop host-proxy
+ * set (see `HostProxyInterfaceId` / `supportsHostProxy`). Carries the host
+ * environment fields the client reports so the `<workspace>` block renders
+ * the user's actual machine rather than a containerized daemon's own OS.
+ *
+ * Today this variant is populated only by the macOS client, but the shape
+ * is capability-keyed (not interface-name-keyed) so future host-capable
+ * clients (e.g. a native Linux or Windows desktop) get the same treatment
+ * automatically when added to `HostProxyInterfaceId`.
+ */
+export interface HostProxyTransportMetadata extends BaseTransportMetadata {
+  /** Interface identifier — restricted to interfaces that support host proxies. */
+  interfaceId: HostProxyInterfaceId;
+  /** Home directory of the user on the host machine (e.g. `NSHomeDirectory()`). */
   hostHomeDir?: string;
-  /** Username of the host macOS user. */
+  /** Username of the user on the host machine (e.g. `NSUserName()`). */
   hostUsername?: string;
 }
 
-/** Transport metadata for non-macOS transports. */
-export interface NonMacosTransportMetadata extends BaseTransportMetadata {
+/**
+ * Transport metadata for interfaces that do NOT support host-proxy tools
+ * (iOS, CLI, channel ingress, chrome-extension, etc.). No host environment
+ * because the assistant has no local filesystem to address on the client.
+ */
+export interface NonHostProxyTransportMetadata extends BaseTransportMetadata {
   /** Interface identifier for this transport (e.g. "ios", "cli"). */
-  interfaceId?: Exclude<InterfaceId, "macos">;
+  interfaceId?: Exclude<InterfaceId, HostProxyInterfaceId>;
 }
 
-/** Lightweight conversation transport metadata for channel identity and natural-language guidance. */
+/**
+ * Discriminated union of transport metadata variants, keyed on whether the
+ * interface supports host-proxy tools (`supportsHostProxy`). The daemon uses
+ * that same predicate at runtime to decide whether to populate / read host
+ * environment fields on the conversation, so the type system and the runtime
+ * gate stay in lock-step as new host-capable interfaces are added.
+ */
 export type ConversationTransportMetadata =
-  | MacosTransportMetadata
-  | NonMacosTransportMetadata;
+  | HostProxyTransportMetadata
+  | NonHostProxyTransportMetadata;
+
+/**
+ * Type guard: does this transport belong to an interface that supports the
+ * full host-proxy set? Wraps `supportsHostProxy` so the capability logic
+ * stays in one place (channels/types.ts) and narrows the discriminated
+ * union to `HostProxyTransportMetadata` for safe field access.
+ */
+export function isHostProxyTransport(
+  transport: ConversationTransportMetadata,
+): transport is HostProxyTransportMetadata {
+  return (
+    transport.interfaceId !== undefined &&
+    supportsHostProxy(transport.interfaceId)
+  );
+}
 
 export interface ConversationCreateRequest {
   type: "conversation_create";
@@ -171,6 +211,7 @@ export interface ConversationInfo {
   title: string;
   correlationId?: string;
   conversationType?: ConversationType;
+  hostAccess: boolean;
 }
 
 export interface ConversationTitleUpdated {
@@ -212,6 +253,7 @@ export interface ConversationListResponse {
     updatedAt: number;
     conversationType?: ConversationType;
     source?: string;
+    hostAccess: boolean;
     scheduleJobId?: string;
     channelBinding?: ChannelBinding;
     conversationOriginChannel?: ChannelId;

package/src/daemon/message-types/host-browser.ts

@@ -0,0 +1,100 @@
+// Host browser proxy types.
+// Enables proxying CDP commands to the desktop client (host machine)
+// when running as a managed assistant.
+
+// === Server → Client ===
+
+export interface HostBrowserRequest {
+  type: "host_browser_request";
+  requestId: string;
+  conversationId: string;
+  /** CDP method name, e.g. "Page.navigate", "Runtime.evaluate", "Accessibility.getFullAXTree". */
+  cdpMethod: string;
+  /** Opaque JSON params object forwarded verbatim to CDP. */
+  cdpParams?: Record<string, unknown>;
+  /** Optional CDP target/session ID; omitted = "most-recently-active tab". */
+  cdpSessionId?: string;
+  /** Client-side timeout hint; defaults to 30s in the proxy. */
+  timeout_seconds?: number;
+}
+
+export interface HostBrowserCancelRequest {
+  type: "host_browser_cancel";
+  requestId: string;
+}
+
+// === Client → Server ===
+
+/**
+ * Unsolicited CDP event forwarded from the chrome extension to the
+ * runtime. The extension subscribes to `chrome.debugger.onEvent` and
+ * pushes each event here so the runtime can observe lifecycle signals
+ * (e.g. `Target.targetDestroyed`, `Page.frameNavigated`,
+ * `Network.requestWillBeSent`) without having to round-trip a CDP
+ * command. Events are routed through the relay WebSocket using the
+ * same envelope vocabulary as `host_browser_result`.
+ *
+ * The envelope is transport-level only — the runtime dispatcher in
+ * `resolveHostBrowserEvent` fans out into a module-level event bus
+ * that tool-side consumers (currently just the
+ * BrowserSessionRegistry) subscribe to by method name. No request/
+ * response contract is implied; events can arrive at any time while
+ * a chrome extension is attached and there is no ordering guarantee
+ * relative to `host_browser_result` frames.
+ */
+export interface HostBrowserEvent {
+  type: "host_browser_event";
+  /** CDP event method name, e.g. "Page.frameNavigated", "Target.targetDestroyed". */
+  method: string;
+  /** CDP event params forwarded verbatim. Opaque to the runtime. */
+  params?: unknown;
+  /**
+   * Optional CDP session id — populated for flat child sessions
+   * routed through `Target.attachToTarget` with `flatten: true`.
+   * Matches the `source.sessionId` field surfaced by Chrome 125+ in
+   * its `chrome.debugger.onEvent` callback.
+   */
+  cdpSessionId?: string;
+}
+
+/**
+ * Notification that the chrome extension has lost its debugger
+ * attachment to a target (tab closed, user clicked Cancel on the
+ * infobar, navigation across origins, another debugger took over
+ * via `Target.attachToTarget`, or the extension itself tore the
+ * session down on worker shutdown).
+ *
+ * The runtime dispatcher evicts any in-memory session state that
+ * references the invalidated target so the next CDP command from a
+ * tool force a fresh attach on the extension side. The extension's
+ * `host-browser-dispatcher` clears its local attach cache in the
+ * same way — the two signals are symmetric and together make
+ * reattach deterministic across the round-trip.
+ */
+export interface HostBrowserSessionInvalidated {
+  type: "host_browser_session_invalidated";
+  /**
+   * Opaque target identifier. When the extension detached from a
+   * top-level tab target, this is the tab's id as a string. For a
+   * flat child session it is the CDP sessionId. Matches the shape
+   * used on the `cdpSessionId` field of outbound
+   * `host_browser_request` frames so runtime-side session lookups
+   * can use either field interchangeably.
+   */
+  targetId?: string;
+  /**
+   * Free-form human-readable reason surfaced by Chrome via
+   * `chrome.debugger.onDetach`. Used only for logging.
+   */
+  reason?: string;
+}
+
+// --- Domain-level union aliases (consumed by the barrel file) ---
+
+export type _HostBrowserServerMessages =
+  | HostBrowserRequest
+  | HostBrowserCancelRequest;
+
+export type _HostBrowserClientMessages =
+  | HostBrowserEvent
+  | HostBrowserSessionInvalidated;

package/src/daemon/message-types/messages.ts

@@ -307,10 +307,10 @@ export interface AssistantActivityState {
   statusText?: string;
 }
 
-/** Broadcast to clients when the two-axis permission mode changes. */
-export interface PermissionModeUpdate {
-  type: "permission_mode_update";
-  askBeforeActing: boolean;
+/** Broadcast to clients when a conversation's host-access setting changes. */
+export interface ConversationHostAccessUpdated {
+  type: "conversation_host_access_updated";
+  conversationId: string;
   hostAccess: boolean;
 }
 
@@ -376,4 +376,4 @@ export type _MessagesServerMessages =
   | TraceEvent
   | ConfirmationStateChanged
   | AssistantActivityState
-  | PermissionModeUpdate;
+  | ConversationHostAccessUpdated;

package/src/daemon/message-types/skills.ts

@@ -189,6 +189,16 @@ export type SkillDetailResponse =
   | SkillsshSkillDetail
   | CustomSkillDetail;
 
+// ─── Single-file content response (HTTP API) ─────────────────────────────
+export interface SkillFileContentResponse {
+  path: string;
+  name: string;
+  size: number;
+  mimeType: string;
+  isBinary: boolean;
+  content: string | null;
+}
+
 export interface SkillsDraftResponse {
   type: "skills_draft_response";
   success: boolean;

package/src/daemon/message-types/subagents.ts

@@ -10,6 +10,7 @@ export interface SubagentSpawned {
   parentConversationId: string;
   label: string;
   objective: string;
+  isFork?: boolean;
 }
 
 export interface SubagentStatusChanged {
@@ -29,6 +30,7 @@ export interface SubagentDetailResponse {
     content: string;
     toolName?: string;
     isError?: boolean;
+    messageId?: string;
   }>;
 }
 

package/src/daemon/server.ts

@@ -66,7 +66,10 @@ import {
   getWorkspacePromptPath,
 } from "../util/platform.js";
 import { registerDaemonCallbacks } from "../work-items/work-item-runner.js";
-import { AppSourceWatcher } from "./app-source-watcher.js";
+import {
+  AppSourceWatcher,
+  setEnsureAppSourceWatcher,
+} from "./app-source-watcher.js";
 import { ConfigWatcher } from "./config-watcher.js";
 import {
   Conversation,
@@ -86,6 +89,7 @@ import type {
 } from "./handlers/shared.js";
 import type { SkillOperationContext } from "./handlers/skills.js";
 import { HostBashProxy } from "./host-bash-proxy.js";
+import { HostBrowserProxy } from "./host-browser-proxy.js";
 import { HostCuProxy } from "./host-cu-proxy.js";
 import { HostFileProxy } from "./host-file-proxy.js";
 import type {
@@ -158,9 +162,10 @@ function resolveCanonicalRequestSourceType(
 
 /**
  * Build an onEvent callback that registers pending interactions when the agent
- * loop emits confirmation_request, secret_request, host_bash_request, or
- * host_file_request events. This ensures that channel approval interception
- * can look up the conversation by requestId.
+ * loop emits confirmation_request, secret_request, host_bash_request,
+ * host_browser_request, host_file_request, or host_cu_request events. This
+ * ensures that channel approval interception can look up the conversation by
+ * requestId.
  */
 function makePendingInteractionRegistrar(
   conversation: Conversation,
@@ -249,6 +254,12 @@ function makePendingInteractionRegistrar(
         conversationId,
         kind: "host_bash",
       });
+    } else if (msg.type === "host_browser_request") {
+      pendingInteractions.register(msg.requestId, {
+        conversation,
+        conversationId,
+        kind: "host_browser",
+      });
     } else if (msg.type === "host_file_request") {
       pendingInteractions.register(msg.requestId, {
         conversation,
@@ -376,13 +387,23 @@ export class DaemonServer {
       "Transport metadata received",
     );
     conversation.setTransportHints(buildTransportHints(transport));
+    // Route client-reported host env through the capability-gated setter on
+    // Conversation so both the create/reuse path here and the queue-drain
+    // path in conversation-process share one implementation. The method
+    // gates on `supportsHostProxy` (not a specific interface name), so any
+    // new host-capable client added to `HostProxyInterfaceId` will flow its
+    // host env through automatically.
+    conversation.applyHostEnvFromTransport(transport);
   }
 
   constructor() {
     this.evictor = new ConversationEvictor(this.conversations);
     getSubagentManager().sharedRequestTimestamps = this.sharedRequestTimestamps;
     getSubagentManager().broadcastToAllClients = (msg) => this.broadcast(msg);
+    getSubagentManager().resolveParentConversation = (id) =>
+      this.conversations.get(id);
     setBroadcastToAllClients((msg) => this.broadcast(msg));
+    setEnsureAppSourceWatcher(() => this.appSourceWatcher.ensureStarted());
     this.evictor.onEvict = (conversationId: string) => {
       getSubagentManager().abortAllForParent(conversationId);
     };
@@ -880,10 +901,11 @@ export class DaemonServer {
     let conversation = this.conversations.get(conversationId);
     const sendToClient = () => {};
 
-    if (options && Object.values(options).some((v) => v !== undefined)) {
+    const { taskRunId: _taskRunId, ...persistentOptions } = options ?? {};
+    if (Object.values(persistentOptions).some((v) => v !== undefined)) {
       this.conversationOptions.set(conversationId, {
         ...this.conversationOptions.get(conversationId),
-        ...options,
+        ...persistentOptions,
       });
     }
 
@@ -1055,6 +1077,7 @@ export class DaemonServer {
     conversation.setAssistantId(
       options?.assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
     );
+    conversation.taskRunId = options?.taskRunId;
     // Only overwrite trust/auth context when explicitly provided. Callers that
     // don't supply a trust context (e.g. signal-injected messages) should
     // inherit whatever the conversation already has from a prior session.
@@ -1082,13 +1105,36 @@ export class DaemonServer {
         options?.transport?.chatType,
       ),
     );
-    // Only create the host bash proxy for desktop client interfaces that can
-    // execute commands on the user's machine. Non-desktop conversations (CLI,
-    // channels, headless) fall back to local execution.
+    // Chrome-extension host_browser wiring is intentionally not supported
+    // through this entry point. `prepareConversationForMessage` constructs
+    // host_browser proxies that capture `conversation.getCurrentSender()`
+    // directly, which would route browser frames through the daemon SSE
+    // channel instead of the `ChromeExtensionRegistry`. Chrome-extension
+    // flows reach host_browser exclusively through the
+    // `/v1/messages` flow in `conversation-routes.ts`, which wires a
+    // registry-aware sender and sets `hostBrowserSenderOverride`.
+    //
+    // Fail loudly rather than silently returning a mis-wired proxy so that
+    // any future caller that tries to route chrome-extension through this
+    // path discovers the gap immediately. When the time comes, factor the
+    // wiring in conversation-routes.ts (registry lookup + override) into a
+    // shared helper and call it from both sites.
+    if (resolvedInterface === "chrome-extension") {
+      throw new Error(
+        "prepareConversationForMessage does not yet support chrome-extension transport — " +
+          "use the conversation-routes.ts /v1/messages flow which routes host_browser through " +
+          "the ChromeExtensionRegistry. If you need chrome-extension here, factor out the " +
+          "wiring in conversation-routes.ts into a shared helper.",
+      );
+    }
+    // Only create each host proxy for interfaces that support the matching
+    // capability. macOS supports all four; the chrome-extension interface only
+    // supports host_browser. Non-desktop conversations (CLI, channels, headless)
+    // fall back to local execution.
     // Guard: don't replace an active proxy during concurrent turn races —
     // another request may have started processing between the isProcessing()
     // check above and the await on ensureActorScopedHistory().
-    if (supportsHostProxy(resolvedInterface)) {
+    if (supportsHostProxy(resolvedInterface, "host_bash")) {
       if (!conversation.isProcessing() || !conversation.hostBashProxy) {
         conversation.setHostBashProxy(
           new HostBashProxy(conversation.getCurrentSender(), (requestId) => {
@@ -1096,6 +1142,21 @@ export class DaemonServer {
           }),
         );
       }
+    } else if (!conversation.isProcessing()) {
+      conversation.setHostBashProxy(undefined);
+    }
+    if (supportsHostProxy(resolvedInterface, "host_browser")) {
+      if (!conversation.isProcessing() || !conversation.hostBrowserProxy) {
+        conversation.setHostBrowserProxy(
+          new HostBrowserProxy(conversation.getCurrentSender(), (requestId) => {
+            pendingInteractions.resolve(requestId);
+          }),
+        );
+      }
+    } else if (!conversation.isProcessing()) {
+      conversation.setHostBrowserProxy(undefined);
+    }
+    if (supportsHostProxy(resolvedInterface, "host_file")) {
       if (!conversation.isProcessing() || !conversation.hostFileProxy) {
         conversation.setHostFileProxy(
           new HostFileProxy(conversation.getCurrentSender(), (requestId) => {
@@ -1103,6 +1164,10 @@ export class DaemonServer {
           }),
         );
       }
+    } else if (!conversation.isProcessing()) {
+      conversation.setHostFileProxy(undefined);
+    }
+    if (supportsHostProxy(resolvedInterface, "host_cu")) {
       if (!conversation.isProcessing() || !conversation.hostCuProxy) {
         conversation.setHostCuProxy(
           new HostCuProxy(conversation.getCurrentSender(), (requestId) => {
@@ -1112,8 +1177,6 @@ export class DaemonServer {
       }
       conversation.addPreactivatedSkillId("computer-use");
     } else if (!conversation.isProcessing()) {
-      conversation.setHostBashProxy(undefined);
-      conversation.setHostFileProxy(undefined);
       conversation.setHostCuProxy(undefined);
     }
     conversation.setCommandIntent(options?.commandIntent ?? null);
@@ -1192,8 +1255,25 @@ export class DaemonServer {
           }
         }
       : registrar;
+    // Non-interactive interfaces that still have a connected client capable
+    // of handling host_browser_request events (e.g. chrome-extension) need
+    // their hostBrowserProxy explicitly marked connected. The proxy
+    // constructor defaults clientConnected = false, so without an explicit
+    // sender update the chrome-extension proxy would be created and
+    // immediately unavailable. We do NOT call updateClient(onEvent, false)
+    // for that case, because flipping hasNoClient false would also enable
+    // host_bash/host_file/host_cu tool gating for an interface that can't
+    // service them. Instead, provision just the browser proxy's sender.
+    const persistInterfaceCtx = conversation.getTurnInterfaceContext();
+    const persistInterface = persistInterfaceCtx?.userMessageInterface;
     if (options?.isInteractive === true) {
       conversation.updateClient(onEvent, false);
+    } else if (
+      persistInterface &&
+      !supportsHostProxy(persistInterface) &&
+      supportsHostProxy(persistInterface, "host_browser")
+    ) {
+      conversation.hostBrowserProxy?.updateSender(onEvent, true);
     }
 
     conversation

package/src/daemon/tool-side-effects.ts

@@ -15,6 +15,7 @@ import { deliverVerificationSlack } from "../runtime/verification-outbound-actio
 import { updatePublishedAppDeployment } from "../services/published-app-updater.js";
 import type { ToolExecutionResult } from "../tools/types.js";
 import { getLogger } from "../util/logger.js";
+import { ensureAppSourceWatcher } from "./app-source-watcher.js";
 import { refreshSurfacesForApp } from "./conversation-surfaces.js";
 import type { ToolSetupContext } from "./conversation-tool-setup.js";
 import { isDoordashCommand, updateDoordashProgress } from "./doordash-steps.js";
@@ -109,6 +110,11 @@ registerHook(
         description?: string;
       };
       if (parsed.id) {
+        // The apps directory may have just been created — ensure the
+        // filesystem watcher is running so subsequent file edits
+        // trigger live reload.
+        ensureAppSourceWatcher();
+
         handleAppChange(ctx, parsed.id, broadcastToAllClients);
 
         // Fire-and-forget: generate an app icon in the background.

package/src/daemon/transport-hints.ts

@@ -1,33 +1,14 @@
-import { parseInterfaceId } from "../channels/types.js";
 import type { ConversationTransportMetadata } from "./message-types/conversations.js";
 
 /**
- * Build enriched transport hints from conversation transport metadata.
+ * Build transport hints from conversation transport metadata.
  *
- * Interface ID first, then host environment (macOS only), then any
- * client-provided hints. Shared between the conversation creation path
- * (server.ts) and the queue drain path (conversation-process.ts).
+ * Only forwards client-provided hints. Interface identity is already
+ * covered by `<turn_context>`, and host environment fields (home dir,
+ * username) are rendered in the `<workspace>` block.
  */
 export function buildTransportHints(
   transport: ConversationTransportMetadata,
 ): string[] {
-  const hints: string[] = [];
-
-  const interfaceLabel = parseInterfaceId(transport.interfaceId) ?? "vellum";
-  hints.push(`User is messaging from interface: ${interfaceLabel}`);
-
-  if (transport.interfaceId === "macos") {
-    if (transport.hostHomeDir) {
-      hints.push(`Host home directory: ${transport.hostHomeDir}`);
-    }
-    if (transport.hostUsername) {
-      hints.push(`Host username: ${transport.hostUsername}`);
-    }
-  }
-
-  if (transport.hints) {
-    hints.push(...transport.hints);
-  }
-
-  return hints;
+  return transport.hints ? [...transport.hints] : [];
 }

package/src/inbound/platform-callback-registration.ts

@@ -1,15 +1,13 @@
 /**
- * Platform callback route registration for platform-managed deployments.
+ * Platform callback route registration.
  *
- * When the assistant daemon runs as a platform-managed instance (IS_PLATFORM=true)
- * with a configured VELLUM_PLATFORM_URL and PLATFORM_ASSISTANT_ID, external
- * service callbacks (Twilio webhooks, OAuth redirects, Telegram webhooks, etc.)
- * must route through the platform's gateway proxy instead of hitting the
- * assistant directly.
+ * Both platform-managed (IS_PLATFORM=true) and self-hosted assistants can
+ * register callback routes with the platform so inbound provider webhooks
+ * (Telegram, Twilio, email, OAuth) are forwarded correctly.
  *
- * This module registers callback routes with the platform's internal
- * gateway endpoint so the platform knows how to forward inbound provider
- * webhooks to the correct platform-managed assistant instance.
+ * Platform-managed assistants pick up context from environment variables.
+ * Self-hosted assistants use stored credentials (from `assistant platform
+ * connect` or the ensure-registration bootstrap).
  *
  * The platform endpoint is:
  *   POST {VELLUM_PLATFORM_URL}/v1/internal/gateway/callback-routes/register/
@@ -41,17 +39,18 @@ export interface PlatformCallbackRegistrationContext {
 }
 
 /**
- * Whether the daemon should register callback routes with the platform.
+ * Whether the **runtime** should automatically register callback routes.
  * True when IS_PLATFORM, VELLUM_PLATFORM_URL, and PLATFORM_ASSISTANT_ID
- * are all set. Intentionally does **not** require the managed proxy API key
- * so that callback-only flows (OAuth transport, Telegram/Twilio callback
- * registration) work during partial bootstrap before the key is injected.
+ * are all set — i.e. this is a platform-managed deployment.
+ *
+ * This is intentionally stricter than `context.enabled` (which also covers
+ * self-hosted assistants with stored credentials). Runtime auto-registration
+ * only applies to managed deployments; self-hosted assistants register
+ * explicitly via the CLI or gateway startup hooks.
  */
 export function shouldUsePlatformCallbacks(): boolean {
   return (
-    getIsPlatform() &&
-    !!getPlatformBaseUrl() &&
-    !!getPlatformAssistantId()
+    getIsPlatform() && !!getPlatformBaseUrl() && !!getPlatformAssistantId()
   );
 }
 
@@ -86,8 +85,10 @@ export async function resolvePlatformCallbackRegistrationContext(): Promise<Plat
     hasInternalApiKey: internalApiKey.length > 0,
     hasAssistantApiKey: assistantApiKey.length > 0,
     authHeader,
+    // Enabled when we have enough context to register callback routes.
+    // Does NOT require IS_PLATFORM — self-hosted assistants with stored
+    // credentials can also register routes.
     enabled:
-      platform &&
       platformBaseUrl.length > 0 &&
       assistantId.length > 0 &&
       authHeader !== null,