npm - @vellumai/assistant - Versions diffs - 0.6.5 → 0.6.6 - Mend

@vellumai/assistant 0.6.5 → 0.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (443) hide show

package/AGENTS.md +9 -1
package/ARCHITECTURE.md +15 -17
package/Dockerfile +6 -4
package/__tests__/permissions/gateway-threshold-reader.test.ts +283 -0
package/docs/architecture/integrations.md +32 -39
package/docs/architecture/memory.md +25 -30
package/docs/architecture/security.md +7 -6
package/docs/browser-use-architecture-phase2.md +63 -20
package/docs/plugins.md +761 -0
package/examples/plugins/echo/README.md +132 -0
package/examples/plugins/echo/package.json +17 -0
package/examples/plugins/echo/register.ts +187 -0
package/node_modules/@vellumai/egress-proxy/src/types.ts +19 -0
package/openapi.yaml +212 -68
package/package.json +1 -1
package/src/__tests__/app-compiler.test.ts +57 -0
package/src/__tests__/approval-cascade.test.ts +7 -2
package/src/__tests__/auto-analysis-end-to-end.test.ts +1 -0
package/src/__tests__/avatar-generator.test.ts +4 -2
package/src/__tests__/bundled-asset.test.ts +6 -6
package/src/__tests__/catalog-cache.test.ts +69 -0
package/src/__tests__/checker.test.ts +459 -171
package/src/__tests__/circuit-breaker-pipeline.test.ts +406 -0
package/src/__tests__/compaction-events.test.ts +501 -0
package/src/__tests__/compaction-pipeline.test.ts +210 -0
package/src/__tests__/compaction-strip-metadata-clear.test.ts +181 -0
package/src/__tests__/compaction-timeout-recovery.test.ts +262 -0
package/src/__tests__/config-model-image-provider.test.ts +110 -0
package/src/__tests__/config-schema.test.ts +22 -9
package/src/__tests__/config-watcher-cleanup-throttle.test.ts +0 -4
package/src/__tests__/contacts-tools.test.ts +26 -0
package/src/__tests__/context-overflow-policy.test.ts +7 -7
package/src/__tests__/context-window-manager.test.ts +355 -4
package/src/__tests__/conversation-abort-tool-results.test.ts +4 -1
package/src/__tests__/conversation-agent-loop-overflow.test.ts +26 -30
package/src/__tests__/conversation-agent-loop.test.ts +30 -141
package/src/__tests__/conversation-confirmation-signals.test.ts +6 -1
package/src/__tests__/conversation-history-web-search.test.ts +1 -0
package/src/__tests__/conversation-init.benchmark.test.ts +2 -16
package/src/__tests__/conversation-pairing.test.ts +174 -10
package/src/__tests__/conversation-pre-run-repair.test.ts +4 -1
package/src/__tests__/conversation-process-callsite.test.ts +3 -0
package/src/__tests__/conversation-provider-retry-repair.test.ts +16 -7
package/src/__tests__/conversation-queue.test.ts +29 -14
package/src/__tests__/conversation-routes-disk-view.test.ts +7 -6
package/src/__tests__/conversation-runtime-assembly.test.ts +155 -110
package/src/__tests__/conversation-runtime-workspace.test.ts +23 -38
package/src/__tests__/conversation-seed-composer.test.ts +2 -2
package/src/__tests__/conversation-slash-queue.test.ts +7 -2
package/src/__tests__/conversation-slash-unknown.test.ts +25 -2
package/src/__tests__/conversation-speed-override.test.ts +6 -1
package/src/__tests__/conversation-title-service.test.ts +116 -0
package/src/__tests__/conversation-tool-setup-app-refresh.test.ts +41 -2
package/src/__tests__/conversation-usage.test.ts +1 -1
package/src/__tests__/conversation-workspace-cache-state.test.ts +4 -1
package/src/__tests__/conversation-workspace-injection.test.ts +3 -0
package/src/__tests__/conversation-workspace-tool-tracking.test.ts +4 -1
package/src/__tests__/credential-health-service.test.ts +78 -9
package/src/__tests__/credential-security-invariants.test.ts +2 -2
package/src/__tests__/db-schedule-syntax-migration.test.ts +1 -0
package/src/__tests__/empty-response-pipeline.test.ts +305 -0
package/src/__tests__/extension-id-sync-guard.test.ts +3 -3
package/src/__tests__/first-greeting.test.ts +247 -5
package/src/__tests__/headless-browser-mode.test.ts +57 -0
package/src/__tests__/history-repair-pipeline.test.ts +399 -0
package/src/__tests__/host-browser-e2e-cloud.test.ts +307 -0
package/src/__tests__/host-browser-e2e-self-hosted.test.ts +3 -3
package/src/__tests__/host-proxy-interface.test.ts +36 -2
package/src/__tests__/image-credentials.test.ts +137 -0
package/src/__tests__/image-service-dispatcher.test.ts +186 -0
package/src/__tests__/injector-chain.test.ts +526 -0
package/src/__tests__/intent-routing.test.ts +0 -26
package/src/__tests__/llm-call-pipeline.test.ts +285 -0
package/src/__tests__/llm-schema.test.ts +1 -1
package/src/__tests__/media-generate-image.test.ts +119 -13
package/src/__tests__/memory-retrieval-pipeline.test.ts +401 -0
package/src/__tests__/memory-upsert-concurrency.test.ts +1 -0
package/src/__tests__/migration-import-from-url.test.ts +5 -68
package/src/__tests__/model-intents.test.ts +4 -2
package/src/__tests__/notification-broadcaster.test.ts +3 -3
package/src/__tests__/notification-decision-strategy.test.ts +0 -11
package/src/__tests__/notification-schedule-notify-dedup.test.ts +108 -0
package/src/__tests__/oauth-apps-routes.test.ts +1 -1
package/src/__tests__/oauth-cli.test.ts +14 -12
package/src/__tests__/oauth-connect-orchestrator.test.ts +4 -13
package/src/__tests__/oauth-provider-serializer.test.ts +6 -4
package/src/__tests__/oauth-provider-visibility.test.ts +3 -5
package/src/__tests__/oauth-providers-routes.test.ts +3 -2
package/src/__tests__/oauth-store.test.ts +41 -76
package/src/__tests__/onboarding-template-contract.test.ts +16 -64
package/src/__tests__/openai-image-service.test.ts +368 -0
package/src/__tests__/overflow-reduce-pipeline.test.ts +676 -0
package/src/__tests__/permission-checker-host-gate.test.ts +0 -24
package/src/__tests__/persist-onboarding-artifacts.test.ts +266 -0
package/src/__tests__/persistence-pipeline.test.ts +377 -0
package/src/__tests__/pipeline-runner.test.ts +565 -0
package/src/__tests__/platform.test.ts +5 -2
package/src/__tests__/plugin-bootstrap.test.ts +483 -0
package/src/__tests__/plugin-registry.test.ts +273 -0
package/src/__tests__/plugin-route-contribution.test.ts +288 -0
package/src/__tests__/plugin-skill-contribution.test.ts +367 -0
package/src/__tests__/plugin-tool-contribution.test.ts +286 -0
package/src/__tests__/plugin-types.test.ts +320 -0
package/src/__tests__/pricing.test.ts +44 -12
package/src/__tests__/proxy-approval-callback.test.ts +69 -8
package/src/__tests__/reaction-persistence.test.ts +1 -0
package/src/__tests__/regenerate-fire-and-forget-trace.test.ts +1 -0
package/src/__tests__/registry.test.ts +0 -2
package/src/__tests__/schedule-routes.test.ts +131 -1
package/src/__tests__/scheduler-recurrence.test.ts +14 -70
package/src/__tests__/scheduler-reuse-conversation.test.ts +10 -50
package/src/__tests__/secret-detection-handler.test.ts +0 -10
package/src/__tests__/shell-identity.test.ts +0 -134
package/src/__tests__/suggestion-routes.test.ts +103 -4
package/src/__tests__/task-memory-cleanup.test.ts +1 -0
package/src/__tests__/task-scheduler.test.ts +3 -15
package/src/__tests__/test-preload.ts +11 -0
package/src/__tests__/title-generate-pipeline.test.ts +224 -0
package/src/__tests__/token-estimate-pipeline.test.ts +431 -0
package/src/__tests__/tool-error-pipeline.test.ts +244 -0
package/src/__tests__/tool-execute-pipeline.test.ts +431 -0
package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +0 -6
package/src/__tests__/tool-executor-shell-integration.test.ts +7 -10
package/src/__tests__/tool-executor.test.ts +141 -0
package/src/__tests__/tool-result-truncate-pipeline.test.ts +356 -0
package/src/__tests__/tool-result-truncation.test.ts +0 -110
package/src/__tests__/user-plugin-loader.test.ts +191 -0
package/src/__tests__/workspace-migration-046-seed-conversation-starters-callsite.test.ts +185 -0
package/src/__tests__/workspace-migration-049-release-notes-default-sonnet.test.ts +100 -0
package/src/__tests__/workspace-migration-050-seed-main-agent-opus-callsite.test.ts +171 -0
package/src/__tests__/workspace-migration-051-seed-conversation-summarization-callsite.test.ts +252 -0
package/src/__tests__/workspace-migration-remove-hooks.test.ts +99 -0
package/src/__tests__/workspace-policy.test.ts +21 -3
package/src/agent/loop.ts +340 -102
package/src/approvals/__tests__/guardian-feed-event.test.ts +304 -0
package/src/approvals/guardian-request-resolvers.ts +80 -0
package/src/backup/__tests__/backup-worker.test.ts +2 -13
package/src/backup/backup-worker.ts +3 -15
package/src/bundler/app-compiler.ts +84 -1
package/src/calls/call-state.ts +2 -2
package/src/channels/__tests__/types.test.ts +3 -3
package/src/channels/types.ts +6 -4
package/src/cli/__tests__/notifications.test.ts +87 -211
package/src/cli/commands/__tests__/backup.test.ts +1 -1
package/src/cli/commands/__tests__/image-generation.test.ts +255 -35
package/src/cli/commands/__tests__/inference-send.test.ts +12 -0
package/src/cli/commands/__tests__/tts-synthesize.test.ts +12 -0
package/src/cli/commands/backup.ts +2 -2
package/src/cli/commands/clients.ts +138 -0
package/src/cli/commands/completions.ts +2 -9
package/src/cli/commands/conversations.ts +55 -7
package/src/cli/commands/image-generation.ts +33 -34
package/src/cli/commands/notifications.ts +68 -103
package/src/cli/commands/oauth/__tests__/providers-register.test.ts +1 -1
package/src/cli/commands/oauth/__tests__/providers-update.test.ts +1 -1
package/src/cli/commands/oauth/connect.ts +2 -2
package/src/cli/commands/oauth/providers.ts +176 -8
package/src/cli/commands/oauth/status.ts +46 -36
package/src/cli/commands/skills.ts +3 -4
package/src/cli/program.ts +25 -29
package/src/config/__tests__/backup-schema.test.ts +7 -2
package/src/config/bundled-skills/app-builder/SKILL.md +2 -2
package/src/config/bundled-skills/app-builder/references/WIDGETS.md +10 -10
package/src/config/bundled-skills/contacts/tools/contact-merge.ts +66 -87
package/src/config/bundled-skills/contacts/tools/contact-search.ts +28 -51
package/src/config/bundled-skills/contacts/tools/contact-upsert.ts +22 -40
package/src/config/bundled-skills/image-studio/SKILL.md +2 -1
package/src/config/bundled-skills/image-studio/TOOLS.json +2 -1
package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +23 -39
package/src/config/bundled-skills/messaging/SKILL.md +3 -3
package/src/config/bundled-skills/messaging/tools/__tests__/messaging-feed-events.test.ts +207 -0
package/src/config/bundled-skills/messaging/tools/messaging-archive-by-sender.ts +12 -0
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +58 -0
package/src/config/bundled-skills/schedule/SKILL.md +8 -3
package/src/config/bundled-skills/schedule/TOOLS.json +15 -7
package/src/config/bundled-skills/schedule/references/SCRIPT_MODE_PATTERNS.md +59 -0
package/src/config/bundled-tool-registry.ts +0 -15
package/src/config/feature-flag-registry.json +17 -1
package/src/config/schema.ts +19 -0
package/src/config/schemas/backup.ts +1 -1
package/src/config/schemas/conversations.ts +16 -0
package/src/config/schemas/llm.ts +2 -3
package/src/config/schemas/security.ts +6 -6
package/src/config/schemas/tts.ts +11 -0
package/src/config/skill-state.ts +6 -2
package/src/config/skills.ts +94 -5
package/src/context/__tests__/compact-prompt.test.ts +27 -9
package/src/context/prompts/compact.md +26 -12
package/src/context/tool-result-truncation.ts +3 -63
package/src/context/window-manager.ts +190 -16
package/src/credential-health/credential-health-service.ts +19 -6
package/src/daemon/__tests__/conversation-feed-event.test.ts +317 -0
package/src/daemon/__tests__/conversation-lifecycle-auto-analyze.test.ts +4 -12
package/src/daemon/__tests__/conversation-tool-setup.test.ts +14 -15
package/src/daemon/config-watcher.ts +0 -2
package/src/daemon/context-overflow-policy.ts +4 -13
package/src/daemon/conversation-agent-loop-handlers.ts +83 -22
package/src/daemon/conversation-agent-loop.ts +984 -683
package/src/daemon/conversation-history.ts +10 -19
package/src/daemon/conversation-lifecycle.ts +37 -19
package/src/daemon/conversation-notifiers.ts +2 -110
package/src/daemon/conversation-process.ts +14 -7
package/src/daemon/conversation-runtime-assembly.ts +532 -411
package/src/daemon/conversation-tool-setup.ts +41 -4
package/src/daemon/conversation.ts +80 -35
package/src/daemon/external-plugins-bootstrap.ts +478 -0
package/src/daemon/first-greeting.ts +191 -14
package/src/daemon/handlers/config-model.ts +11 -0
package/src/daemon/handlers/skills.ts +5 -1
package/src/daemon/lifecycle.ts +33 -68
package/src/daemon/message-types/computer-use.ts +2 -34
package/src/daemon/message-types/conversations.ts +49 -0
package/src/daemon/message-types/messages.ts +12 -0
package/src/daemon/server.ts +5 -3
package/src/daemon/shutdown-handlers.ts +2 -12
package/src/daemon/tool-side-effects.ts +14 -56
package/src/heartbeat/__tests__/heartbeat-feed-event.test.ts +160 -0
package/src/heartbeat/heartbeat-service.ts +24 -1
package/src/home/__tests__/feed-population-integration.test.ts +312 -0
package/src/home/emit-feed-event.ts +7 -0
package/src/home/feed-types.ts +41 -2
package/src/home/rewrite-command-preview.ts +66 -0
package/src/ipc/__tests__/socket-path.test.ts +11 -50
package/src/ipc/cli-client.ts +1 -1
package/src/ipc/cli-server.ts +3 -3
package/src/ipc/gateway-client.ts +4 -1
package/src/ipc/routes/browser-context.ts +2 -0
package/src/ipc/routes/browser.ts +1 -0
package/src/ipc/routes/get-contact.ts +16 -0
package/src/ipc/routes/index.ts +14 -0
package/src/ipc/routes/list-clients.ts +31 -0
package/src/ipc/routes/merge-contacts.ts +17 -0
package/src/ipc/routes/notification.ts +133 -0
package/src/ipc/routes/rename-conversation.ts +59 -0
package/src/ipc/routes/search-contacts.ts +19 -0
package/src/ipc/routes/upsert-contact.ts +25 -0
package/src/ipc/socket-path.ts +14 -38
package/src/media/app-icon-generator.ts +23 -46
package/src/media/avatar-router.ts +26 -41
package/src/media/gemini-image-service.ts +8 -41
package/src/media/image-credentials.ts +73 -0
package/src/media/image-service.ts +85 -0
package/src/media/openai-image-service.ts +131 -0
package/src/media/types.ts +46 -0
package/src/memory/conversation-crud.ts +48 -18
package/src/memory/conversation-queries.ts +57 -4
package/src/memory/conversation-title-service.ts +25 -0
package/src/memory/db-init.ts +8 -0
package/src/memory/embedding-gemini.test.ts +41 -2
package/src/memory/embedding-gemini.ts +6 -1
package/src/memory/graph/bootstrap.test.ts +282 -0
package/src/memory/graph/bootstrap.ts +8 -5
package/src/memory/graph/extraction.ts +10 -2
package/src/memory/graph/graph-search.test.ts +1 -0
package/src/memory/graph/inspect.ts +2 -2
package/src/memory/graph/retriever.ts +10 -3
package/src/memory/migrations/041-approval-prompt-ts-tracker.ts +26 -0
package/src/memory/migrations/149-oauth-tables.ts +1 -0
package/src/memory/migrations/223-schedule-script-column.ts +11 -0
package/src/memory/migrations/224-oauth-providers-managed-service-is-paid.ts +24 -0
package/src/memory/migrations/225-oauth-providers-available-scopes.ts +13 -0
package/src/memory/migrations/index.ts +4 -0
package/src/memory/pkb/pkb-index.test.ts +1 -0
package/src/memory/pkb/pkb-reconcile.test.ts +1 -0
package/src/memory/pkb/pkb-search.test.ts +65 -4
package/src/memory/pkb/pkb-search.ts +40 -18
package/src/memory/qdrant-client.test.ts +60 -0
package/src/memory/qdrant-client.ts +25 -0
package/src/memory/schema/infrastructure.ts +1 -0
package/src/memory/schema/oauth.ts +4 -1
package/src/messaging/providers/slack/render-transcript.test.ts +77 -29
package/src/messaging/providers/slack/render-transcript.ts +58 -0
package/src/notifications/conversation-pairing.ts +78 -19
package/src/notifications/copy-composer.ts +0 -5
package/src/notifications/emit-signal.ts +1 -1
package/src/notifications/signal.ts +1 -2
package/src/oauth/AGENTS.md +1 -1
package/src/oauth/__tests__/identity-verifier.test.ts +2 -1
package/src/oauth/connect-orchestrator.ts +8 -34
package/src/oauth/connect-types.ts +6 -10
package/src/oauth/manual-token-connection.ts +23 -0
package/src/oauth/oauth-store.ts +30 -14
package/src/oauth/provider-serializer.ts +6 -1
package/src/oauth/seed-providers.ts +56 -108
package/src/outbound-proxy/http-forwarder.ts +9 -0
package/src/permissions/approval-policy.test.ts +293 -18
package/src/permissions/approval-policy.ts +110 -58
package/src/permissions/arg-parser.test.ts +161 -0
package/src/permissions/arg-parser.ts +141 -0
package/src/permissions/bash-risk-classifier.test.ts +414 -2
package/src/permissions/bash-risk-classifier.ts +303 -60
package/src/permissions/checker.ts +157 -29
package/src/permissions/command-registry.test.ts +239 -0
package/src/permissions/command-registry.ts +234 -54
package/src/permissions/defaults.ts +5 -4
package/src/permissions/gateway-threshold-reader.ts +196 -0
package/src/permissions/prompter.ts +4 -0
package/src/permissions/risk-types.ts +61 -4
package/src/permissions/schedule-risk-classifier.test.ts +129 -0
package/src/permissions/schedule-risk-classifier.ts +85 -0
package/src/permissions/shell-identity.ts +2 -42
package/src/permissions/types.ts +2 -0
package/src/permissions/workspace-policy.ts +8 -3
package/src/plugins/defaults/circuit-breaker.ts +146 -0
package/src/plugins/defaults/compaction.ts +145 -0
package/src/plugins/defaults/empty-response.ts +126 -0
package/src/plugins/defaults/history-repair.ts +85 -0
package/src/plugins/defaults/index.ts +116 -0
package/src/plugins/defaults/injectors.ts +491 -0
package/src/plugins/defaults/llm-call.ts +82 -0
package/src/plugins/defaults/memory-retrieval.ts +226 -0
package/src/plugins/defaults/overflow-reduce.ts +181 -0
package/src/plugins/defaults/persistence.ts +129 -0
package/src/plugins/defaults/title-generate.ts +95 -0
package/src/plugins/defaults/token-estimate.ts +104 -0
package/src/plugins/defaults/tool-error.ts +126 -0
package/src/plugins/defaults/tool-execute.ts +89 -0
package/src/plugins/defaults/tool-result-truncate.ts +88 -0
package/src/plugins/pipeline.ts +316 -0
package/src/plugins/plugin-skill-contributions.ts +292 -0
package/src/plugins/registry.ts +241 -0
package/src/plugins/types.ts +1134 -0
package/src/plugins/user-loader.ts +177 -0
package/src/prompts/templates/BOOTSTRAP.md +27 -77
package/src/providers/model-catalog.ts +52 -29
package/src/providers/model-intents.ts +1 -1
package/src/providers/openrouter/client.ts +5 -1
package/src/providers/speech-to-text/deepgram-realtime.test.ts +61 -0
package/src/providers/speech-to-text/deepgram-realtime.ts +57 -0
package/src/providers/speech-to-text/xai-realtime.test.ts +72 -4
package/src/providers/speech-to-text/xai-realtime.ts +39 -14
package/src/runtime/AGENTS.md +25 -16
package/src/runtime/__tests__/browser-extension-pair-routes.test.ts +3 -3
package/src/runtime/__tests__/client-registry.test.ts +293 -0
package/src/runtime/client-registry.ts +261 -0
package/src/runtime/http-server.ts +77 -8
package/src/runtime/http-types.ts +0 -2
package/src/runtime/migrations/vbundle-builder.ts +1 -22
package/src/runtime/routes/approval-prompt-ts-tracker.ts +51 -31
package/src/runtime/routes/approval-routes.ts +17 -0
package/src/runtime/routes/browser-extension-pair-routes.ts +27 -8
package/src/runtime/routes/conversation-routes.ts +223 -116
package/src/runtime/routes/inbound-message-handler.ts +88 -13
package/src/runtime/routes/memory-item-routes.test.ts +1 -0
package/src/runtime/routes/migration-routes.ts +0 -3
package/src/runtime/routes/playground/__tests__/force-compact.test.ts +284 -0
package/src/runtime/routes/playground/__tests__/guard.test.ts +80 -0
package/src/runtime/routes/playground/__tests__/inject-failures.test.ts +294 -0
package/src/runtime/routes/playground/__tests__/reset-circuit.test.ts +271 -0
package/src/runtime/routes/playground/__tests__/seed-conversation.test.ts +202 -0
package/src/runtime/routes/playground/__tests__/seeded-conversations.test.ts +309 -0
package/src/runtime/routes/playground/__tests__/state.test.ts +224 -0
package/src/runtime/routes/playground/conversation-not-found.ts +29 -0
package/src/runtime/routes/playground/deps.ts +56 -0
package/src/runtime/routes/playground/force-compact.ts +73 -0
package/src/runtime/routes/playground/guard.ts +37 -0
package/src/runtime/routes/playground/index.ts +28 -0
package/src/runtime/routes/playground/inject-failures.ts +159 -0
package/src/runtime/routes/playground/reset-circuit.ts +115 -0
package/src/runtime/routes/playground/seed-conversation.ts +139 -0
package/src/runtime/routes/playground/seeded-conversations.ts +78 -0
package/src/runtime/routes/playground/state.ts +78 -0
package/src/runtime/routes/schedule-routes.ts +89 -8
package/src/runtime/skill-route-registry.ts +75 -15
package/src/schedule/run-script.ts +68 -0
package/src/schedule/schedule-store.ts +7 -1
package/src/schedule/scheduler.ts +48 -8
package/src/skills/catalog-cache.ts +12 -5
package/src/tools/browser/__tests__/browser-status.test.ts +189 -0
package/src/tools/browser/browser-execution.ts +88 -19
package/src/tools/browser/cdp-client/__tests__/extension-cdp-client.test.ts +230 -0
package/src/tools/browser/cdp-client/__tests__/factory.test.ts +146 -3
package/src/tools/browser/cdp-client/extension-cdp-client.ts +54 -3
package/src/tools/browser/cdp-client/factory.ts +15 -4
package/src/tools/executor.ts +126 -74
package/src/tools/network/script-proxy/session-manager.ts +37 -1
package/src/tools/permission-checker.ts +98 -49
package/src/tools/policy-context.ts +4 -0
package/src/tools/registry.ts +140 -3
package/src/tools/schedule/create.ts +23 -8
package/src/tools/schedule/update.ts +3 -1
package/src/tools/secret-detection-handler.ts +0 -51
package/src/tools/system/avatar-generator.ts +6 -2
package/src/tools/types.ts +28 -2
package/src/util/platform.ts +7 -2
package/src/util/pricing.ts +26 -3
package/src/workspace/migrations/006-services-config.ts +2 -4
package/src/workspace/migrations/022-move-hooks-to-workspace.ts +2 -3
package/src/workspace/migrations/041-backfill-google-gmail-settings-scope.ts +3 -4
package/src/workspace/migrations/046-seed-conversation-starters-callsite.ts +108 -0
package/src/workspace/migrations/047-remove-watch-callsites.ts +54 -0
package/src/workspace/migrations/048-remove-workspace-hooks.ts +81 -0
package/src/workspace/migrations/049-release-notes-default-sonnet.ts +80 -0
package/src/workspace/migrations/050-seed-main-agent-opus-callsite.ts +86 -0
package/src/workspace/migrations/051-seed-conversation-summarization-callsite.ts +128 -0
package/src/workspace/migrations/registry.ts +12 -0
package/tsconfig.json +1 -1
package/hook-templates/debug-prompt-logger/hook.json +0 -7
package/hook-templates/debug-prompt-logger/run.sh +0 -66
package/src/__tests__/compaction-circuit-breaker.test.ts +0 -336
package/src/__tests__/context-overflow-approval.test.ts +0 -156
package/src/__tests__/hooks-blocking.test.ts +0 -178
package/src/__tests__/hooks-cli.test.ts +0 -182
package/src/__tests__/hooks-config.test.ts +0 -108
package/src/__tests__/hooks-discovery.test.ts +0 -211
package/src/__tests__/hooks-integration.test.ts +0 -196
package/src/__tests__/hooks-manager.test.ts +0 -226
package/src/__tests__/hooks-runner.test.ts +0 -175
package/src/__tests__/hooks-settings.test.ts +0 -160
package/src/__tests__/hooks-templates.test.ts +0 -169
package/src/__tests__/hooks-ts-runner.test.ts +0 -170
package/src/__tests__/hooks-watch.test.ts +0 -112
package/src/__tests__/notification-schedule-dedup.test.ts +0 -213
package/src/__tests__/oauth-scope-policy.test.ts +0 -180
package/src/__tests__/send-notification-tool.test.ts +0 -83
package/src/cli/commands/shotgun.ts +0 -266
package/src/config/bundled-skills/conversations/SKILL.md +0 -20
package/src/config/bundled-skills/conversations/TOOLS.json +0 -23
package/src/config/bundled-skills/conversations/tools/rename-conversation.ts +0 -88
package/src/config/bundled-skills/heartbeat/SKILL.md +0 -43
package/src/config/bundled-skills/notifications/SKILL.md +0 -40
package/src/config/bundled-skills/notifications/TOOLS.json +0 -80
package/src/config/bundled-skills/notifications/tools/send-notification.ts +0 -152
package/src/config/bundled-skills/notifications/tools/shared.ts +0 -13
package/src/config/bundled-skills/screen-watch/SKILL.md +0 -27
package/src/config/bundled-skills/screen-watch/TOOLS.json +0 -35
package/src/config/bundled-skills/screen-watch/tools/start-screen-watch.ts +0 -12
package/src/config/bundled-skills/skills-catalog/SKILL.md +0 -84
package/src/daemon/context-overflow-approval.ts +0 -52
package/src/daemon/watch-handler.ts +0 -399
package/src/hooks/cli.ts +0 -253
package/src/hooks/config.ts +0 -100
package/src/hooks/discovery.ts +0 -135
package/src/hooks/manager.ts +0 -179
package/src/hooks/runner.ts +0 -117
package/src/hooks/templates.ts +0 -77
package/src/hooks/types.ts +0 -75
package/src/oauth/scope-policy.ts +0 -89
package/src/runtime/gateway-internal-client.ts +0 -94
package/src/runtime/routes/watch-routes.ts +0 -156
package/src/signals/shotgun.ts +0 -203
package/src/tools/watch/screen-watch.ts +0 -144
package/src/tools/watch/watch-state.ts +0 -142

package/src/oauth/oauth-store.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * CRUD store for OAuth providers, apps, and connections.
  *
- * Backed by Drizzle + SQLite. All JSON fields (default_scopes, scope_policy,
+ * Backed by Drizzle + SQLite. All JSON fields (default_scopes, available_scopes,
  * extra_params, granted_scopes, metadata) are stored as serialized JSON strings.
  *
  * Note: TS field names use camelCase from the platform's naming
@@ -31,6 +31,7 @@ import {
   setSecureKeyAsync,
 } from "../security/secure-keys.js";
 import { getLogger } from "../util/logger.js";
+import type { AvailableScopes } from "./connect-types.js";
 import { tryRevokeOAuthToken } from "./revoke.js";
 const log = getLogger("oauth-store");
@@ -56,12 +57,10 @@ export type OAuthConnectionRow = typeof oauthConnections.$inferSelect;
  * loopbackPort, injectionTemplates, appType, setupNotes,
  * identityUrl, identityMethod, identityHeaders, identityBody,
  * identityResponsePaths, identityFormat, identityOkField, featureFlag,
- * scopeSeparator)
+ * scopeSeparator, defaultScopes, availableScopes)
  * and display metadata (displayLabel, description, dashboardUrl,
  * clientIdPlaceholder, logoUrl, requiresClientSecret) propagate to existing
- * installations on every startup, while user-customizable fields
- * (defaultScopes, scopePolicy) are only written on the
- * initial insert. baseUrl is backfilled from seed data when null
+ * installations on every startup. baseUrl is backfilled from seed data when null
  * (e.g. legacy rows created before the column existed) but preserved
  * if the user has set a custom value.
  */
@@ -82,10 +81,11 @@ export function seedProviders(
     revokeBodyTemplate?: Record<string, string>;
     baseUrl?: string;
     defaultScopes: string[];
-    scopePolicy: Record<string, unknown>;
+    availableScopes?: AvailableScopes;
     scopeSeparator?: string;
     authorizeParams?: Record<string, string>;
     managedServiceConfigKey?: string;
+    managedServiceIsPaid?: boolean;
     displayLabel?: string;
     description?: string;
     dashboardUrl?: string | null;
@@ -136,7 +136,9 @@ export function seedProviders(
       : null;
     const baseUrl = p.baseUrl ?? null;
     const defaultScopes = JSON.stringify(p.defaultScopes);
-    const scopePolicy = JSON.stringify(p.scopePolicy);
+    const availableScopes = p.availableScopes
+      ? JSON.stringify(p.availableScopes)
+      : null;
     // Coerce empty string to the default space separator. An empty separator
     // would join scopes into a single concatenated token (e.g. "readwrite"),
     // which is never a valid OAuth authorize URL value.
@@ -145,6 +147,7 @@ export function seedProviders(
       ? JSON.stringify(p.authorizeParams)
       : null;
     const managedServiceConfigKey = p.managedServiceConfigKey ?? null;
+    const managedServiceIsPaid = p.managedServiceIsPaid === true;
     const displayLabel = p.displayLabel ?? null;
     const description = p.description ?? null;
     const dashboardUrl = p.dashboardUrl ?? null;
@@ -182,7 +185,7 @@ export function seedProviders(
         userinfoUrl,
         baseUrl,
         defaultScopes,
-        scopePolicy,
+        availableScopes,
         scopeSeparator,
         authorizeParams,
         pingUrl,
@@ -192,6 +195,7 @@ export function seedProviders(
         revokeUrl,
         revokeBodyTemplate,
         managedServiceConfigKey,
+        managedServiceIsPaid,
         displayLabel,
         description,
         dashboardUrl,
@@ -224,6 +228,7 @@ export function seedProviders(
           userinfoUrl,
           baseUrl: sql`COALESCE(${oauthProviders.baseUrl}, ${baseUrl})`,
           defaultScopes,
+          availableScopes,
           scopeSeparator,
           authorizeParams,
           pingUrl,
@@ -233,6 +238,7 @@ export function seedProviders(
           revokeUrl,
           revokeBodyTemplate,
           managedServiceConfigKey,
+          managedServiceIsPaid,
           displayLabel,
           description,
           dashboardUrl,
@@ -294,10 +300,11 @@ export function registerProvider(params: {
   revokeBodyTemplate?: Record<string, string>;
   baseUrl?: string;
   defaultScopes: string[];
-  scopePolicy: Record<string, unknown>;
+  availableScopes?: AvailableScopes;
   scopeSeparator?: string;
   authorizeParams?: Record<string, string>;
   managedServiceConfigKey?: string;
+  managedServiceIsPaid?: boolean;
   displayLabel?: string;
   description?: string;
   dashboardUrl?: string;
@@ -341,7 +348,9 @@ export function registerProvider(params: {
     userinfoUrl: params.userinfoUrl ?? null,
     baseUrl: params.baseUrl ?? null,
     defaultScopes: JSON.stringify(params.defaultScopes),
-    scopePolicy: JSON.stringify(params.scopePolicy),
+    availableScopes: params.availableScopes
+      ? JSON.stringify(params.availableScopes)
+      : null,
     // Coerce empty string to the default space separator (see seedProviders).
     scopeSeparator: params.scopeSeparator || " ",
     authorizeParams: params.authorizeParams
@@ -357,6 +366,7 @@ export function registerProvider(params: {
       ? JSON.stringify(params.revokeBodyTemplate)
       : null,
     managedServiceConfigKey: params.managedServiceConfigKey ?? null,
+    managedServiceIsPaid: params.managedServiceIsPaid === true,
     displayLabel: params.displayLabel ?? null,
     description: params.description ?? null,
     dashboardUrl: params.dashboardUrl ?? null,
@@ -396,7 +406,7 @@ export function registerProvider(params: {
 /**
  * Update mutable fields on an existing provider. Only the fields explicitly
  * provided (not `undefined`) are written; everything else is left unchanged.
- * JSON fields (defaultScopes, scopePolicy, authorizeParams, pingHeaders, pingBody)
+ * JSON fields (defaultScopes, availableScopes, authorizeParams, pingHeaders, pingBody)
  * are serialized with JSON.stringify before storage.
  *
  * Returns the updated provider row, or `undefined` if no provider with the
@@ -419,7 +429,7 @@ export function updateProvider(
     revokeBodyTemplate: Record<string, string> | null;
     baseUrl: string;
     defaultScopes: string[];
-    scopePolicy: Record<string, unknown>;
+    availableScopes: AvailableScopes | null;
     scopeSeparator: string;
     authorizeParams: Record<string, string>;
     displayLabel: string;
@@ -445,6 +455,7 @@ export function updateProvider(
     identityFormat: string;
     identityOkField: string;
     featureFlag: string;
+    managedServiceIsPaid: boolean;
   }>,
 ): OAuthProviderRow | undefined {
   const existing = getProvider(provider);
@@ -478,8 +489,11 @@ export function updateProvider(
   if (params.baseUrl !== undefined) set.baseUrl = params.baseUrl;
   if (params.defaultScopes !== undefined)
     set.defaultScopes = JSON.stringify(params.defaultScopes);
-  if (params.scopePolicy !== undefined)
-    set.scopePolicy = JSON.stringify(params.scopePolicy);
+  if (params.availableScopes !== undefined)
+    set.availableScopes =
+      params.availableScopes === null
+        ? null
+        : JSON.stringify(params.availableScopes);
   if (params.scopeSeparator !== undefined)
     // Coerce empty string to the default space separator (see seedProviders).
     set.scopeSeparator = params.scopeSeparator || " ";
@@ -513,6 +527,8 @@ export function updateProvider(
   if (params.identityOkField !== undefined)
     set.identityOkField = params.identityOkField;
   if (params.featureFlag !== undefined) set.featureFlag = params.featureFlag;
+  if (params.managedServiceIsPaid !== undefined)
+    set.managedServiceIsPaid = params.managedServiceIsPaid;
   db.update(oauthProviders)
     .set(set)

package/src/oauth/provider-serializer.ts CHANGED Viewed

@@ -32,6 +32,7 @@ export interface SerializedProviderSummary {
   requires_client_secret: boolean;
   logo_url: string | null;
   supports_managed_mode: boolean;
+  managed_service_is_paid: boolean;
   feature_flag: string | null;
 }
@@ -86,8 +87,11 @@ function _serializeProvider(
     clientIdPlaceholder: row.clientIdPlaceholder ?? null,
     requiresClientSecret: !!(row.requiresClientSecret ?? 1),
     supportsManagedMode: !!row.managedServiceConfigKey,
+    managedServiceIsPaid: !!row.managedServiceIsPaid,
     defaultScopes: row.defaultScopes ? JSON.parse(row.defaultScopes) : [],
-    scopePolicy: row.scopePolicy ? JSON.parse(row.scopePolicy) : {},
+    availableScopes: row.availableScopes
+      ? JSON.parse(row.availableScopes)
+      : null,
     scopeSeparator: row.scopeSeparator,
     extraParams: authorizeParams ? JSON.parse(authorizeParams) : null,
     pingHeaders: row.pingHeaders ? JSON.parse(row.pingHeaders) : null,
@@ -140,6 +144,7 @@ export function serializeProviderSummary(
     requires_client_secret: !!(row.requiresClientSecret ?? 1),
     logo_url: row.logoUrl ?? null,
     supports_managed_mode: !!row.managedServiceConfigKey,
+    managed_service_is_paid: !!row.managedServiceIsPaid,
     feature_flag: row.featureFlag ?? null,
   };
 }

package/src/oauth/seed-providers.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import type { AvailableScopes } from "./connect-types.js";
 import { seedProviders } from "./oauth-store.js";
 /**
@@ -7,7 +8,7 @@ import { seedProviders } from "./oauth-store.js";
  * every startup. Only Vellum implementation fields (authorizeUrl, tokenExchangeUrl,
  * refreshUrl, tokenEndpointAuthMethod, userinfoUrl, authorizeParams,
  * pingUrl, pingMethod, pingHeaders, pingBody, revokeUrl, revokeBodyTemplate,
- * managedServiceConfigKey,
+ * managedServiceConfigKey, managedServiceIsPaid,
  * loopbackPort, injectionTemplates, appType, setupNotes,
  * identityUrl, identityMethod, identityHeaders, identityBody,
  * identityResponsePaths, identityFormat, identityOkField, featureFlag,
@@ -15,12 +16,10 @@ import { seedProviders } from "./oauth-store.js";
  * and display metadata (displayLabel,
  * description, dashboardUrl, clientIdPlaceholder, requiresClientSecret,
  * logoUrl)
- * are overwritten on subsequent startups — user-customizable
- * fields (scopePolicy) are only
- * written on initial insert and preserved across restarts.
- * defaultScopes are also overwritten on subsequent startups so that
- * upstream scope additions (e.g. new Gmail API scopes) propagate to
- * existing installations.
+ * are overwritten on subsequent startups.
+ * defaultScopes and availableScopes are also overwritten on subsequent
+ * startups so that upstream scope additions (e.g. new Gmail API scopes)
+ * propagate to existing installations.
  */
 export const PROVIDER_SEED_DATA: Record<
   string,
@@ -40,14 +39,11 @@ export const PROVIDER_SEED_DATA: Record<
     revokeBodyTemplate?: Record<string, string>;
     baseUrl?: string;
     defaultScopes: string[];
-    scopePolicy: {
-      allowAdditionalScopes: boolean;
-      allowedOptionalScopes: string[];
-      forbiddenScopes: string[];
-    };
+    availableScopes?: AvailableScopes;
     scopeSeparator?: string;
     authorizeParams?: Record<string, string>;
     managedServiceConfigKey?: string;
+    managedServiceIsPaid?: boolean;
     displayLabel: string;
     description: string;
     dashboardUrl: string | null;
@@ -95,14 +91,8 @@ export const PROVIDER_SEED_DATA: Record<
       "https://www.googleapis.com/auth/userinfo.email",
       "https://www.googleapis.com/auth/contacts.readonly",
     ],
-    scopePolicy: {
-      allowAdditionalScopes: true,
-      allowedOptionalScopes: [
-        "https://www.googleapis.com/auth/drive.readonly",
-        "https://www.googleapis.com/auth/drive.file",
-      ],
-      forbiddenScopes: [],
-    },
+    availableScopes:
+      "https://developers.google.com/identity/protocols/oauth2/scopes",
     authorizeParams: { access_type: "offline", prompt: "consent" },
     loopbackPort: 17321,
     managedServiceConfigKey: "google-oauth",
@@ -160,11 +150,7 @@ export const PROVIDER_SEED_DATA: Record<
       "search:read",
       "reactions:write",
     ],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
+    availableScopes: "https://api.slack.com/scopes",
     authorizeParams: {
       user_scope:
         "channels:read,channels:history,groups:read,groups:history,im:read,im:history,im:write,mpim:read,mpim:history,users:read,chat:write,search:read,reactions:write",
@@ -198,11 +184,6 @@ export const PROVIDER_SEED_DATA: Record<
     clientIdPlaceholder: null,
     logoUrl: "https://cdn.simpleicons.org/notion",
     defaultScopes: [],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
     authorizeParams: { owner: "user" },
     tokenEndpointAuthMethod: "client_secret_basic",
     tokenExchangeBodyFormat: "json",
@@ -237,16 +218,16 @@ export const PROVIDER_SEED_DATA: Record<
       "tweet.read",
       "tweet.write",
       "users.read",
+      "like.read",
+      "bookmark.read",
       "offline.access",
     ],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
+    availableScopes:
+      "https://developer.x.com/en/docs/authentication/oauth-2-0/authorization-code",
     tokenEndpointAuthMethod: "client_secret_basic",
     loopbackPort: 17335,
     managedServiceConfigKey: "twitter-oauth",
+    managedServiceIsPaid: true,
     injectionTemplates: [
       {
         hostPattern: "api.x.com",
@@ -279,16 +260,8 @@ export const PROVIDER_SEED_DATA: Record<
     clientIdPlaceholder: null,
     logoUrl: "https://cdn.simpleicons.org/github",
     defaultScopes: ["repo", "read:user", "notifications"],
-    scopePolicy: {
-      allowAdditionalScopes: true,
-      allowedOptionalScopes: [
-        "read:org",
-        "write:discussion",
-        "gist",
-        "project",
-      ],
-      forbiddenScopes: ["delete_repo", "admin:org"],
-    },
+    availableScopes:
+      "https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps",
     managedServiceConfigKey: "github-oauth",
     loopbackPort: 17332,
     injectionTemplates: [
@@ -320,11 +293,20 @@ export const PROVIDER_SEED_DATA: Record<
     clientIdPlaceholder: null,
     logoUrl: "https://cdn.simpleicons.org/linear",
     defaultScopes: ["read", "write", "issues:create"],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
+    availableScopes: [
+      { scope: "read", description: "Read access for the user's account" },
+      { scope: "write", description: "Write access for the user's account" },
+      {
+        scope: "issues:create",
+        description: "Create new issues and attachments",
+      },
+      { scope: "comments:create", description: "Create new issue comments" },
+      {
+        scope: "timeSchedule:write",
+        description: "Create and modify time schedules",
+      },
+      { scope: "admin", description: "Full access to admin-level endpoints" },
+    ],
     scopeSeparator: ",",
     authorizeParams: { prompt: "consent" },
     loopbackPort: 17324,
@@ -369,11 +351,8 @@ export const PROVIDER_SEED_DATA: Record<
       "user-library-read",
       "user-library-modify",
     ],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
+    availableScopes:
+      "https://developer.spotify.com/documentation/web-api/concepts/scopes",
     tokenEndpointAuthMethod: "client_secret_basic",
     loopbackPort: 17333,
     injectionTemplates: [
@@ -401,11 +380,18 @@ export const PROVIDER_SEED_DATA: Record<
     clientIdPlaceholder: null,
     logoUrl: "https://cdn.simpleicons.org/todoist",
     defaultScopes: ["data:read_write"],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: ["data:delete"],
-    },
+    availableScopes: [
+      {
+        scope: "data:read",
+        description: "Read-only access to tasks and projects",
+      },
+      {
+        scope: "data:read_write",
+        description: "Read and write access to tasks and projects",
+      },
+      { scope: "data:delete", description: "Delete tasks and projects" },
+      { scope: "project:delete", description: "Delete entire projects" },
+    ],
     loopbackPort: 17325,
     injectionTemplates: [
       {
@@ -440,11 +426,8 @@ export const PROVIDER_SEED_DATA: Record<
       "guilds.members.read",
       "messages.read",
     ],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: ["bot"],
-      forbiddenScopes: [],
-    },
+    availableScopes:
+      "https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-scopes",
     loopbackPort: 17326,
     injectionTemplates: [
       {
@@ -477,11 +460,7 @@ export const PROVIDER_SEED_DATA: Record<
       "files.content.write",
       "sharing.read",
     ],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
+    availableScopes: "https://developers.dropbox.com/oauth-guide",
     authorizeParams: { token_access_type: "offline" },
     loopbackPort: 17327,
     injectionTemplates: [
@@ -516,11 +495,7 @@ export const PROVIDER_SEED_DATA: Record<
     clientIdPlaceholder: null,
     logoUrl: "https://cdn.simpleicons.org/asana",
     defaultScopes: ["default"],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
+    availableScopes: "https://developers.asana.com/docs/oauth-scopes",
     loopbackPort: 17328,
     injectionTemplates: [
       {
@@ -551,11 +526,7 @@ export const PROVIDER_SEED_DATA: Record<
       "data.records:write",
       "schema.bases:read",
     ],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
+    availableScopes: "https://airtable.com/developers/web/api/scopes",
     tokenEndpointAuthMethod: "client_secret_basic",
     loopbackPort: 17329,
     injectionTemplates: [
@@ -589,14 +560,8 @@ export const PROVIDER_SEED_DATA: Record<
       "crm.objects.deals.write",
       "crm.objects.companies.read",
     ],
-    scopePolicy: {
-      allowAdditionalScopes: true,
-      allowedOptionalScopes: [
-        "crm.objects.companies.write",
-        "crm.objects.owners.read",
-      ],
-      forbiddenScopes: [],
-    },
+    availableScopes:
+      "https://developers.hubspot.com/docs/guides/apps/authentication/scopes",
     loopbackPort: 17330,
     injectionTemplates: [
       {
@@ -623,11 +588,7 @@ export const PROVIDER_SEED_DATA: Record<
     clientIdPlaceholder: null,
     logoUrl: "https://cdn.simpleicons.org/figma",
     defaultScopes: ["files:read", "file_comments:write"],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
+    availableScopes: "https://developers.figma.com/docs/rest-api/scopes/",
     tokenEndpointAuthMethod: "client_secret_basic",
     loopbackPort: 17331,
     injectionTemplates: [
@@ -669,11 +630,8 @@ export const PROVIDER_SEED_DATA: Record<
       "Calendars.ReadWrite",
       "MailboxSettings.ReadWrite",
     ],
-    scopePolicy: {
-      allowAdditionalScopes: true,
-      allowedOptionalScopes: ["Contacts.Read", "Files.Read", "Tasks.ReadWrite"],
-      forbiddenScopes: [],
-    },
+    availableScopes:
+      "https://learn.microsoft.com/en-us/graph/permissions-reference",
     authorizeParams: { prompt: "consent" },
     tokenEndpointAuthMethod: "client_secret_post",
     loopbackPort: 17334,
@@ -707,11 +665,6 @@ export const PROVIDER_SEED_DATA: Record<
     requiresClientSecret: false,
     logoUrl: "https://cdn.simpleicons.org/slack",
     defaultScopes: [],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
   },
   telegram: {
@@ -726,11 +679,6 @@ export const PROVIDER_SEED_DATA: Record<
     requiresClientSecret: false,
     logoUrl: "https://cdn.simpleicons.org/telegram",
     defaultScopes: [],
-    scopePolicy: {
-      allowAdditionalScopes: false,
-      allowedOptionalScopes: [],
-      forbiddenScopes: [],
-    },
   },
 };

package/src/outbound-proxy/http-forwarder.ts CHANGED Viewed

@@ -27,12 +27,19 @@ const HOP_BY_HOP = new Set([
  * Optional callback for credential injection or policy gating.
  * Called before the upstream request is sent. Returns extra headers
  * to merge, or null to reject the request.
+ *
+ * `method` and `requestHeaders` are populated for plain-HTTP proxied
+ * requests (absolute-URL form). For HTTPS CONNECT tunnels the proxy has
+ * not yet terminated TLS and cannot see HTTP-level details, so these are
+ * left undefined.
  */
 export type PolicyCallback = (
   hostname: string,
   port: number | null,
   path: string,
   scheme: "http" | "https",
+  method?: string,
+  requestHeaders?: IncomingMessage["headers"],
 ) => Promise<Record<string, string> | null>;
 /**
@@ -141,6 +148,8 @@ export function forwardHttpRequest(
       parsed.port ? Number(parsed.port) : null,
       path,
       "http",
+      clientReq.method,
+      clientReq.headers,
     )
       .then((extraHeaders) => {
         if (extraHeaders == null) {