@vellumai/assistant 0.7.0 → 0.7.1

package/src/config/schema.ts

@@ -2,173 +2,17 @@ import { z } from "zod";
 
 import { getDataDir } from "../util/platform.js";
 
-// Re-export all domain schemas
+// Re-export domain schemas that have external consumers
 export { AnalysisConfigSchema } from "./schemas/analysis.js";
 export type { BackupConfig, BackupDestination } from "./schemas/backup.js";
 export { BackupConfigSchema } from "./schemas/backup.js";
 export { VALID_CALLER_IDENTITY_MODES } from "./schemas/calls.js";
 export { DEFAULT_ELEVENLABS_VOICE_ID } from "./schemas/elevenlabs.js";
 export type {
-  ContextOverflowRecoveryConfig,
   ContextWindowConfig,
   ModelPricingOverride,
-  ThinkingConfig,
 } from "./schemas/inference.js";
-export {
-  ContextOverflowRecoveryConfigSchema,
-  ContextWindowConfigSchema,
-  ModelPricingOverrideSchema,
-  ThinkingConfigSchema,
-} from "./schemas/inference.js";
-export type {
-  IngressConfig,
-  IngressRateLimitConfig,
-  IngressWebhookConfig,
-} from "./schemas/ingress.js";
-export {
-  IngressConfigSchema,
-  IngressRateLimitConfigSchema,
-} from "./schemas/ingress.js";
-export type { JournalConfig } from "./schemas/journal.js";
-export { JournalConfigSchema } from "./schemas/journal.js";
-export type {
-  LLMCallSite,
-  LLMCallSiteConfig,
-  LLMConfig,
-  LLMConfigBase,
-  LLMConfigFragment,
-} from "./schemas/llm.js";
-export { LLMCallSiteEnum, LLMSchema } from "./schemas/llm.js";
-export type { AuditLogConfig, LogFileConfig } from "./schemas/logging.js";
-export {
-  AuditLogConfigSchema,
-  LogFileConfigSchema,
-} from "./schemas/logging.js";
-export type {
-  McpConfig,
-  McpServerConfig,
-  McpTransport,
-} from "./schemas/mcp.js";
-export {
-  McpConfigSchema,
-  McpServerConfigSchema,
-  McpTransportSchema,
-} from "./schemas/mcp.js";
-export type { MemoryConfig } from "./schemas/memory.js";
-export { MemoryConfigSchema } from "./schemas/memory.js";
-export type {
-  MemoryCleanupConfig,
-  MemoryJobsConfig,
-  MemoryRetentionConfig,
-} from "./schemas/memory-lifecycle.js";
-export {
-  MemoryCleanupConfigSchema,
-  MemoryJobsConfigSchema,
-  MemoryRetentionConfigSchema,
-} from "./schemas/memory-lifecycle.js";
-export type {
-  MemoryExtractionConfig,
-  MemorySummarizationConfig,
-} from "./schemas/memory-processing.js";
-export {
-  MemoryExtractionConfigSchema,
-  MemorySummarizationConfigSchema,
-} from "./schemas/memory-processing.js";
-export type { MemoryRetrievalConfig } from "./schemas/memory-retrieval.js";
-export {
-  MemoryDynamicBudgetConfigSchema,
-  MemoryInjectionConfigSchema,
-  MemoryRetrievalConfigSchema,
-} from "./schemas/memory-retrieval.js";
-export type {
-  MemoryEmbeddingsConfig,
-  MemorySegmentationConfig,
-  QdrantConfig,
-} from "./schemas/memory-storage.js";
-export {
-  MemoryEmbeddingsConfigSchema,
-  MemorySegmentationConfigSchema,
-  QdrantConfigSchema,
-} from "./schemas/memory-storage.js";
-export type { NotificationsConfig } from "./schemas/notifications.js";
-export { NotificationsConfigSchema } from "./schemas/notifications.js";
-export type {
-  DaemonConfig,
-  PlatformConfig,
-  UiConfig,
-} from "./schemas/platform.js";
-export {
-  DaemonConfigSchema,
-  PlatformConfigSchema,
-  UiConfigSchema,
-} from "./schemas/platform.js";
-export type { SecretDetectionConfig } from "./schemas/security.js";
-export { SecretDetectionConfigSchema } from "./schemas/security.js";
-export type {
-  ImageGenerationService,
-  InferenceService,
-  ServiceMode,
-  Services,
-  WebSearchService,
-} from "./schemas/services.js";
-export {
-  ImageGenerationServiceSchema,
-  InferenceServiceSchema,
-  ServiceModeSchema,
-  ServicesSchema,
-  VALID_IMAGE_GEN_PROVIDERS,
-  VALID_INFERENCE_PROVIDERS,
-  VALID_WEB_SEARCH_PROVIDERS,
-  WebSearchServiceSchema,
-} from "./schemas/services.js";
-export type {
-  RemotePolicyConfig,
-  RemoteProviderConfig,
-  RemoteProvidersConfig,
-  SkillEntryConfig,
-  SkillsConfig,
-  SkillsInstallConfig,
-  SkillsLoadConfig,
-} from "./schemas/skills.js";
-export {
-  RemotePolicyConfigSchema,
-  RemoteProviderConfigSchema,
-  RemoteProvidersConfigSchema,
-  SkillEntryConfigSchema,
-  SkillsConfigSchema,
-  SkillsInstallConfigSchema,
-  SkillsLoadConfigSchema,
-} from "./schemas/skills.js";
-export type { SttProviders, SttService } from "./schemas/stt.js";
-export {
-  SttProvidersSchema,
-  SttServiceSchema,
-  VALID_STT_PROVIDERS,
-} from "./schemas/stt.js";
-export type { RateLimitConfig, TimeoutConfig } from "./schemas/timeouts.js";
-export {
-  RateLimitConfigSchema,
-  TimeoutConfigSchema,
-} from "./schemas/timeouts.js";
-export type {
-  TtsDeepgramProviderConfig,
-  TtsElevenLabsProviderConfig,
-  TtsFishAudioProviderConfig,
-  TtsProviders,
-  TtsService,
-} from "./schemas/tts.js";
-export {
-  TtsDeepgramProviderConfigSchema,
-  TtsElevenLabsProviderConfigSchema,
-  TtsFishAudioProviderConfigSchema,
-  TtsProvidersSchema,
-  TtsServiceSchema,
-  VALID_TTS_PROVIDERS as VALID_TTS_SERVICE_PROVIDERS,
-} from "./schemas/tts.js";
-export type { UpdatesConfig } from "./schemas/updates.js";
-export { UpdatesConfigSchema } from "./schemas/updates.js";
-export type { WorkspaceGitConfig } from "./schemas/workspace-git.js";
-export { WorkspaceGitConfigSchema } from "./schemas/workspace-git.js";
+export type { SkillEntryConfig } from "./schemas/skills.js";
 
 // Imports for AssistantConfigSchema composition
 import { AcpConfigSchema } from "./acp-schema.js";

package/src/config/schemas/__tests__/memory-v2.test.ts

@@ -22,6 +22,7 @@ describe("MemoryV2ConfigSchema", () => {
       sparse_weight: 0.3,
       consolidation_interval_hours: 4,
       max_page_chars: 5000,
+      consolidation_prompt_path: null,
     });
   });
 

package/src/config/schemas/call-site-catalog.ts

@@ -0,0 +1,271 @@
+import { type LLMCallSite } from "./llm.js";
+
+export const CALL_SITE_DOMAINS = [
+  { id: "agentLoop", displayName: "Agent Loop" },
+  { id: "memory", displayName: "Memory" },
+  { id: "workspace", displayName: "Workspace" },
+  { id: "ui", displayName: "UI" },
+  { id: "notifications", displayName: "Notifications" },
+  { id: "skills", displayName: "Skills" },
+] as const;
+
+export type CallSiteDomainId = (typeof CALL_SITE_DOMAINS)[number]["id"];
+
+export interface CallSiteDomainEntry {
+  id: CallSiteDomainId;
+  displayName: string;
+}
+
+export interface CallSiteEntry {
+  id: LLMCallSite;
+  displayName: string;
+  description: string;
+  domain: CallSiteDomainId;
+}
+
+/**
+ * Keyed by every member of LLMCallSite. TypeScript enforces exhaustiveness:
+ * adding or removing a value from LLMCallSiteEnum without updating this object
+ * is a compile error — no runtime drift guard needed.
+ */
+type CatalogRecord = {
+  [K in LLMCallSite]: {
+    id: K;
+    displayName: string;
+    description: string;
+    domain: CallSiteDomainId;
+  };
+};
+
+const CATALOG_RECORD: CatalogRecord = {
+  // agentLoop
+  mainAgent: {
+    id: "mainAgent",
+    displayName: "Main Agent",
+    description: "The primary conversation agent that handles user messages.",
+    domain: "agentLoop",
+  },
+  subagentSpawn: {
+    id: "subagentSpawn",
+    displayName: "Subagent Spawn",
+    description: "Spawns a subagent to handle a delegated subtask.",
+    domain: "agentLoop",
+  },
+  heartbeatAgent: {
+    id: "heartbeatAgent",
+    displayName: "Heartbeat Agent",
+    description: "Runs background tasks and proactive checks on a schedule.",
+    domain: "agentLoop",
+  },
+  filingAgent: {
+    id: "filingAgent",
+    displayName: "Filing Agent",
+    description:
+      "Files memories and updates the knowledge base after conversations.",
+    domain: "agentLoop",
+  },
+  compactionAgent: {
+    id: "compactionAgent",
+    displayName: "Compaction Agent",
+    description: "Compacts conversation history to stay within context limits.",
+    domain: "agentLoop",
+  },
+  analyzeConversation: {
+    id: "analyzeConversation",
+    displayName: "Analyze Conversation",
+    description: "Analyzes conversation content for summaries and insights.",
+    domain: "agentLoop",
+  },
+  callAgent: {
+    id: "callAgent",
+    displayName: "Call Agent",
+    description: "Handles voice call conversations.",
+    domain: "agentLoop",
+  },
+
+  // memory
+  memoryExtraction: {
+    id: "memoryExtraction",
+    displayName: "Memory Extraction",
+    description: "Extracts memorable facts from conversation turns.",
+    domain: "memory",
+  },
+  memoryConsolidation: {
+    id: "memoryConsolidation",
+    displayName: "Memory Consolidation",
+    description: "Merges and deduplicates related memories.",
+    domain: "memory",
+  },
+  memoryRetrieval: {
+    id: "memoryRetrieval",
+    displayName: "Memory Retrieval",
+    description: "Retrieves relevant memories to augment the agent context.",
+    domain: "memory",
+  },
+  memoryV2Migration: {
+    id: "memoryV2Migration",
+    displayName: "Memory V2 Migration",
+    description: "One-time migration of memories to the V2 storage format.",
+    domain: "memory",
+  },
+  memoryV2Sweep: {
+    id: "memoryV2Sweep",
+    displayName: "Memory V2 Sweep",
+    description: "Background sweep pass for V2 memory maintenance.",
+    domain: "memory",
+  },
+  recall: {
+    id: "recall",
+    displayName: "Recall",
+    description: "Searches memory to answer a specific question during a turn.",
+    domain: "memory",
+  },
+  narrativeRefinement: {
+    id: "narrativeRefinement",
+    displayName: "Narrative Refinement",
+    description: "Refines the autobiographical narrative stored in memory.",
+    domain: "memory",
+  },
+  patternScan: {
+    id: "patternScan",
+    displayName: "Pattern Scan",
+    description: "Scans memories for recurring behavioral patterns.",
+    domain: "memory",
+  },
+
+  // workspace
+  conversationSummarization: {
+    id: "conversationSummarization",
+    displayName: "Conversation Summarization",
+    description: "Generates a summary of a completed conversation.",
+    domain: "workspace",
+  },
+  commitMessage: {
+    id: "commitMessage",
+    displayName: "Commit Message",
+    description: "Generates a git commit message for staged changes.",
+    domain: "workspace",
+  },
+
+  // ui
+  conversationStarters: {
+    id: "conversationStarters",
+    displayName: "Conversation Starters",
+    description:
+      "Generates suggested conversation openers for the home screen.",
+    domain: "ui",
+  },
+  conversationTitle: {
+    id: "conversationTitle",
+    displayName: "Conversation Title",
+    description: "Generates a title for a conversation from its content.",
+    domain: "ui",
+  },
+  identityIntro: {
+    id: "identityIntro",
+    displayName: "Identity Intro",
+    description: "Generates the assistant's introductory identity text.",
+    domain: "ui",
+  },
+  emptyStateGreeting: {
+    id: "emptyStateGreeting",
+    displayName: "Empty State Greeting",
+    description: "Generates a greeting shown on the empty conversation screen.",
+    domain: "ui",
+  },
+  guardianQuestionCopy: {
+    id: "guardianQuestionCopy",
+    displayName: "Guardian Question Copy",
+    description: "Generates copy for guardian onboarding questions.",
+    domain: "ui",
+  },
+  approvalCopy: {
+    id: "approvalCopy",
+    displayName: "Approval Copy",
+    description: "Generates copy for tool approval prompts shown to the user.",
+    domain: "ui",
+  },
+  approvalConversation: {
+    id: "approvalConversation",
+    displayName: "Approval Conversation",
+    description: "Handles conversational approval flows.",
+    domain: "ui",
+  },
+  feedEventCopy: {
+    id: "feedEventCopy",
+    displayName: "Feed Event Copy",
+    description: "Generates copy for home feed event cards.",
+    domain: "ui",
+  },
+  trustRuleSuggestion: {
+    id: "trustRuleSuggestion",
+    displayName: "Trust Rule Suggestion",
+    description:
+      "Suggests a trust rule pattern when the user creates a new rule.",
+    domain: "ui",
+  },
+
+  // notifications
+  notificationDecision: {
+    id: "notificationDecision",
+    displayName: "Notification Decision",
+    description:
+      "Decides whether a background event warrants sending a notification.",
+    domain: "notifications",
+  },
+  preferenceExtraction: {
+    id: "preferenceExtraction",
+    displayName: "Preference Extraction",
+    description:
+      "Extracts notification and communication preferences from messages.",
+    domain: "notifications",
+  },
+
+  // skills
+  interactionClassifier: {
+    id: "interactionClassifier",
+    displayName: "Interaction Classifier",
+    description: "Classifies the type of interaction to route it correctly.",
+    domain: "skills",
+  },
+  styleAnalyzer: {
+    id: "styleAnalyzer",
+    displayName: "Style Analyzer",
+    description: "Analyzes the user's communication style for personalization.",
+    domain: "skills",
+  },
+  inviteInstructionGenerator: {
+    id: "inviteInstructionGenerator",
+    displayName: "Invite Instruction Generator",
+    description: "Generates setup instructions for new skill invites.",
+    domain: "skills",
+  },
+  skillCategoryInference: {
+    id: "skillCategoryInference",
+    displayName: "Skill Category Inference",
+    description: "Infers the category of a skill from its description.",
+    domain: "skills",
+  },
+  meetConsentMonitor: {
+    id: "meetConsentMonitor",
+    displayName: "Meet Consent Monitor",
+    description: "Monitors meeting consent signals during live calls.",
+    domain: "skills",
+  },
+  meetChatOpportunity: {
+    id: "meetChatOpportunity",
+    displayName: "Meet Chat Opportunity",
+    description: "Identifies opportunities to engage in meeting chat.",
+    domain: "skills",
+  },
+  inference: {
+    id: "inference",
+    displayName: "Inference",
+    description: "General-purpose LLM inference call site for skill use.",
+    domain: "skills",
+  },
+};
+
+// Source of truth for call-site display metadata. API responses and usage
+// display paths should reuse this catalog instead of defining separate labels.
+export const CALL_SITE_CATALOG: CallSiteEntry[] = Object.values(CATALOG_RECORD);

package/src/config/schemas/calls.ts

@@ -5,7 +5,7 @@ export const VALID_CALLER_IDENTITY_MODES = [
   "assistant_number",
   "user_number",
 ] as const;
-export const CallsDisclosureConfigSchema = z
+const CallsDisclosureConfigSchema = z
   .object({
     enabled: z
       .boolean({ error: "calls.disclosure.enabled must be a boolean" })
@@ -26,7 +26,7 @@ export const CallsDisclosureConfigSchema = z
     "Controls whether and how the assistant discloses its nature at the start of a phone call",
   );
 
-export const CallsSafetyConfigSchema = z
+const CallsSafetyConfigSchema = z
   .object({
     denyCategories: z
       .array(
@@ -41,7 +41,7 @@ export const CallsSafetyConfigSchema = z
   })
   .describe("Safety guardrails for phone calls");
 
-export const CallsVoiceConfigSchema = z
+const CallsVoiceConfigSchema = z
   .object({
     language: z
       .string({ error: "calls.voice.language must be a string" })
@@ -65,7 +65,7 @@ export const CallsVoiceConfigSchema = z
   })
   .describe("Voice and speech settings for phone calls");
 
-export const CallerIdentityConfigSchema = z
+const CallerIdentityConfigSchema = z
   .object({
     allowPerCallOverride: z
       .boolean({
@@ -82,7 +82,7 @@ export const CallerIdentityConfigSchema = z
   })
   .describe("Controls which phone number is shown as the caller ID");
 
-export const CallsVerificationConfigSchema = z
+const CallsVerificationConfigSchema = z
   .object({
     enabled: z
       .boolean({ error: "calls.verification.enabled must be a boolean" })

package/src/config/schemas/inference.ts

@@ -98,7 +98,7 @@ export const ContextWindowConfigSchema = z
       .positive("contextWindow.maxInputTokens must be a positive integer")
       .default(200000)
       .describe(
-        "Conservative cap on input tokens allowed in the context window. Acts as an override that further constrains the model's catalog `contextWindow`; the effective budget is `min(catalog.contextWindow, maxInputTokens)`. Leave at the default to use the model's full native window.",
+        "Conservative cap on input tokens allowed in the context window. Acts as an override that further constrains the model's catalog `contextWindow`; the effective budget is `min(catalog.contextWindow, maxInputTokens)`. Increase this value to opt into larger model-native windows where supported.",
       ),
     targetBudgetRatio: z
       .number({ error: "contextWindow.targetBudgetRatio must be a number" })

package/src/config/schemas/ingress.ts

@@ -39,7 +39,7 @@ const IngressWebhookConfigSchema = z
   })
   .describe("Webhook configuration for ingress event delivery");
 
-export const IngressRateLimitConfigSchema = z
+const IngressRateLimitConfigSchema = z
   .object({
     maxRequestsPerMinute: z
       .number({

package/src/config/schemas/llm.ts

@@ -193,6 +193,8 @@ const ContextOverflowRecoveryFragmentSchema = z.object({
 
 // Leaf primitives for context-window fields.
 const ContextEnabledSchema = z.boolean();
+export const DEFAULT_CONTEXT_WINDOW_MAX_INPUT_TOKENS = 200000;
+
 const ContextMaxInputTokensSchema = z.number().int().positive();
 const ContextTargetBudgetRatioSchema = z.number().finite().gt(0).lte(1);
 const ContextCompactThresholdSchema = z.number().finite().gt(0).lte(1);
@@ -200,7 +202,9 @@ const ContextSummaryBudgetRatioSchema = z.number().finite().gt(0).lte(1);
 
 const ContextWindowSchema = z.object({
   enabled: ContextEnabledSchema.default(true),
-  maxInputTokens: ContextMaxInputTokensSchema.default(200000),
+  maxInputTokens: ContextMaxInputTokensSchema.default(
+    DEFAULT_CONTEXT_WINDOW_MAX_INPUT_TOKENS,
+  ),
   targetBudgetRatio: ContextTargetBudgetRatioSchema.default(0.3),
   compactThreshold: ContextCompactThresholdSchema.default(0.8),
   summaryBudgetRatio: ContextSummaryBudgetRatioSchema.default(0.05),
@@ -245,6 +249,17 @@ const OpenRouterDeepPartialSchema = z.object({
   only: z.array(OpenRouterOnlyItemSchema).optional(),
 });
 
+// ---------------------------------------------------------------------------
+// Profile metadata
+// ---------------------------------------------------------------------------
+
+/**
+ * Distinguishes daemon-managed profiles (overwritten on every startup) from
+ * user-created ones (never touched by the daemon).
+ */
+export const ProfileSource = z.enum(["managed", "user"]);
+export type ProfileSource = z.infer<typeof ProfileSource>;
+
 // ---------------------------------------------------------------------------
 // Pricing overrides
 // ---------------------------------------------------------------------------
@@ -301,12 +316,25 @@ export const LLMConfigFragment = z.object({
 });
 export type LLMConfigFragment = z.infer<typeof LLMConfigFragment>;
 
+/**
+ * A named profile entry: an `LLMConfigFragment` augmented with
+ * presentation/ownership metadata. These fields are intentionally kept off
+ * `LLMConfigFragment` so they don't leak into `LLMCallSiteConfig` or the
+ * resolver's deep-merge output.
+ */
+export const ProfileEntry = LLMConfigFragment.extend({
+  source: ProfileSource.optional(),
+  label: z.string().min(1).optional(),
+  description: z.string().optional(),
+});
+export type ProfileEntry = z.infer<typeof ProfileEntry>;
+
 /**
  * Per-call-site config: a fragment plus an optional `profile` reference.
  * The resolver merges in the named profile (if any) before applying
  * call-site-level overrides.
  */
-export const LLMCallSiteConfig = LLMConfigFragment.extend({
+const LLMCallSiteConfig = LLMConfigFragment.extend({
   profile: z.string().min(1).optional(),
 });
 export type LLMCallSiteConfig = z.infer<typeof LLMCallSiteConfig>;
@@ -318,7 +346,7 @@ export type LLMCallSiteConfig = z.infer<typeof LLMCallSiteConfig>;
 export const LLMSchema = z
   .object({
     default: LLMConfigBase.default(LLMConfigBase.parse({})),
-    profiles: z.record(z.string().min(1), LLMConfigFragment).default({}),
+    profiles: z.record(z.string().min(1), ProfileEntry).default({}),
     // Presentation-only order for named profiles. The resolver ignores this;
     // clients use it to render profile pickers consistently.
     profileOrder: z.array(z.string().min(1)).default([]),

package/src/config/schemas/memory-retrieval.ts

@@ -1,6 +1,6 @@
 import { z } from "zod";
 
-export const MemoryDynamicBudgetConfigSchema = z
+const MemoryDynamicBudgetConfigSchema = z
   .object({
     enabled: z
       .boolean({
@@ -271,7 +271,7 @@ const MemoryPerTurnInjectionSchema = z
   })
   .describe("Memory injection limits for mid-conversation turns");
 
-export const MemoryInjectionConfigSchema = z
+const MemoryInjectionConfigSchema = z
   .object({
     contextLoad: MemoryContextLoadInjectionSchema.default(
       MemoryContextLoadInjectionSchema.parse({}),

package/src/config/schemas/memory-v2.ts

@@ -139,6 +139,15 @@ export const MemoryV2ConfigSchema = z
       .describe(
         "Soft upper bound on concept-page body length — pages exceeding this are flagged for split during consolidation",
       ),
+    consolidation_prompt_path: z
+      .string({
+        error: "memory.v2.consolidation_prompt_path must be a string",
+      })
+      .nullable()
+      .default(null)
+      .describe(
+        "Optional path to a file whose contents replace the bundled consolidation prompt. Absolute paths are used as-is, a leading `~/` is expanded to the home directory, otherwise the path is resolved under the workspace root. The loaded contents may include `{{CUTOFF}}`, which is substituted with the run's ISO-8601 cutoff timestamp. If the file is missing, unreadable, or empty, the bundled prompt is used and a warning is logged.",
+      ),
   })
   .describe(
     "Memory v2 — concept-page activation model with hourly LLM-driven consolidation",

package/src/config/schemas/security.ts

@@ -1,46 +1,11 @@
 import { z } from "zod";
 
-const VALID_SECRET_ACTIONS = ["redact", "warn", "block", "prompt"] as const;
-
-const CustomSecretPatternSchema = z
-  .object({
-    label: z
-      .string({
-        error: "secretDetection.customPatterns[].label must be a string",
-      })
-      .describe("Human-readable label for this secret pattern"),
-    pattern: z
-      .string({
-        error: "secretDetection.customPatterns[].pattern must be a string",
-      })
-      .describe("Regular expression pattern to match secrets"),
-  })
-  .describe("Custom pattern for detecting secrets in messages");
-
 export const SecretDetectionConfigSchema = z
   .object({
     enabled: z
       .boolean({ error: "secretDetection.enabled must be a boolean" })
       .default(true)
       .describe("Whether automatic secret detection is enabled"),
-    action: z
-      .enum(VALID_SECRET_ACTIONS, {
-        error: `secretDetection.action must be one of: ${VALID_SECRET_ACTIONS.join(
-          ", ",
-        )}`,
-      })
-      .default("redact")
-      .describe(
-        "Action to take when a secret is detected: redact (replace with placeholder), warn (log a warning), block (reject the message), or prompt (ask the user)",
-      ),
-    entropyThreshold: z
-      .number({ error: "secretDetection.entropyThreshold must be a number" })
-      .finite("secretDetection.entropyThreshold must be finite")
-      .positive("secretDetection.entropyThreshold must be a positive number")
-      .default(4.0)
-      .describe(
-        "Shannon entropy threshold for detecting high-entropy strings as potential secrets",
-      ),
     blockIngress: z
       .boolean({ error: "secretDetection.blockIngress must be a boolean" })
       .default(true)
@@ -53,15 +18,9 @@ export const SecretDetectionConfigSchema = z
       .describe(
         "Whether to allow sending a detected secret once (with user confirmation) before redacting future occurrences",
       ),
-    customPatterns: z
-      .array(CustomSecretPatternSchema)
-      .optional()
-      .describe(
-        "Additional regex patterns for detecting domain-specific secrets",
-      ),
   })
   .describe(
-    "Automatic secret detection and redaction to prevent leaking sensitive data",
+    "Prefix-based secret detection at user-message ingress, plus one-time-send override for the secure credential prompt",
   );
 
 export type SecretDetectionConfig = z.infer<typeof SecretDetectionConfigSchema>;