@vellumai/assistant 0.7.0 → 0.7.1

package/src/config/schemas/services.ts

@@ -3,7 +3,7 @@ import { z } from "zod";
 import { SttServiceSchema } from "./stt.js";
 import { TtsServiceSchema } from "./tts.js";
 
-export const ServiceModeSchema = z.enum(["managed", "your-own"]);
+const ServiceModeSchema = z.enum(["managed", "your-own"]);
 export type ServiceMode = z.infer<typeof ServiceModeSchema>;
 
 export const VALID_INFERENCE_PROVIDERS = [
@@ -15,9 +15,9 @@ export const VALID_INFERENCE_PROVIDERS = [
   "openrouter",
 ] as const;
 
-export const VALID_IMAGE_GEN_PROVIDERS = ["gemini", "openai"] as const;
+const VALID_IMAGE_GEN_PROVIDERS = ["gemini", "openai"] as const;
 
-export const VALID_WEB_SEARCH_PROVIDERS = [
+const VALID_WEB_SEARCH_PROVIDERS = [
   "perplexity",
   "brave",
   "inference-provider-native",
@@ -36,10 +36,10 @@ export type BaseService = z.infer<typeof BaseServiceSchema>;
  * legacy configs that still carry them have those keys stripped by
  * workspace migration `039-drop-legacy-llm-keys`.
  */
-export const InferenceServiceSchema = BaseServiceSchema;
+const InferenceServiceSchema = BaseServiceSchema;
 export type InferenceService = z.infer<typeof InferenceServiceSchema>;
 
-export const ImageGenerationServiceSchema = BaseServiceSchema.extend({
+const ImageGenerationServiceSchema = BaseServiceSchema.extend({
   provider: z.enum(VALID_IMAGE_GEN_PROVIDERS).default("gemini"),
   model: z.string().default("gemini-3.1-flash-image-preview"),
 });
@@ -47,7 +47,7 @@ export type ImageGenerationService = z.infer<
   typeof ImageGenerationServiceSchema
 >;
 
-export const WebSearchServiceSchema = BaseServiceSchema.extend({
+const WebSearchServiceSchema = BaseServiceSchema.extend({
   provider: z
     .enum(VALID_WEB_SEARCH_PROVIDERS)
     .default("inference-provider-native"),

package/src/config/schemas/skills.ts

@@ -24,7 +24,7 @@ export const SkillEntryConfigSchema = z
   })
   .describe("Configuration for an individual skill");
 
-export const SkillsLoadConfigSchema = z
+const SkillsLoadConfigSchema = z
   .object({
     extraDirs: z
       .array(
@@ -49,7 +49,7 @@ export const SkillsLoadConfigSchema = z
   })
   .describe("Controls how skills are discovered and loaded");
 
-export const SkillsInstallConfigSchema = z
+const SkillsInstallConfigSchema = z
   .object({
     nodeManager: z
       .enum(["npm", "pnpm", "yarn", "bun"], {
@@ -61,7 +61,7 @@ export const SkillsInstallConfigSchema = z
   })
   .describe("Skill dependency installation settings");
 
-export const RemoteProviderConfigSchema = z
+const RemoteProviderConfigSchema = z
   .object({
     enabled: z
       .boolean({
@@ -72,7 +72,7 @@ export const RemoteProviderConfigSchema = z
   })
   .describe("Configuration for a remote skill provider");
 
-export const RemoteProvidersConfigSchema = z
+const RemoteProvidersConfigSchema = z
   .object({
     skillssh: RemoteProviderConfigSchema.default(
       RemoteProviderConfigSchema.parse({}),
@@ -93,7 +93,7 @@ const VALID_MAX_RISK_LEVELS = [
   "critical",
 ] as const;
 
-export const RemotePolicyConfigSchema = z
+const RemotePolicyConfigSchema = z
   .object({
     blockSuspicious: z
       .boolean({

package/src/config/schemas/tts.ts

@@ -220,7 +220,7 @@ export const TtsXaiProviderConfigSchema = z
 
 export type TtsXaiProviderConfig = z.infer<typeof TtsXaiProviderConfigSchema>;
 
-export const TtsProvidersSchema = z.object({
+const TtsProvidersSchema = z.object({
   elevenlabs: TtsElevenLabsProviderConfigSchema.default(
     TtsElevenLabsProviderConfigSchema.parse({}),
   ),

package/src/config/seed-inference-profiles.ts

@@ -0,0 +1,117 @@
+import { loadRawConfig, saveRawConfig } from "./loader.js";
+import {
+  DEFAULT_CONTEXT_WINDOW_MAX_INPUT_TOKENS,
+  type ProfileEntry,
+} from "./schemas/llm.js";
+
+/**
+ * Declarative seed data for daemon-managed inference profiles.
+ *
+ * These profiles are overwritten on every startup so upstream model
+ * updates propagate automatically. User-created profiles (keyed by
+ * different names) are never touched.
+ */
+export const MANAGED_PROFILE_SEED_DATA: Record<string, ProfileEntry> = {
+  balanced: {
+    source: "managed",
+    label: "Balanced",
+    description: "Good balance of quality, cost, and speed",
+    provider: "anthropic",
+    model: "claude-sonnet-4-6",
+    maxTokens: 16000,
+    effort: "high",
+    thinking: { enabled: true, streamThinking: true },
+    contextWindow: { maxInputTokens: DEFAULT_CONTEXT_WINDOW_MAX_INPUT_TOKENS },
+  },
+  "quality-optimized": {
+    source: "managed",
+    label: "Quality",
+    description: "Best results with the most capable model",
+    provider: "anthropic",
+    model: "claude-opus-4-7",
+    maxTokens: 32000,
+    effort: "max",
+    thinking: { enabled: true, streamThinking: true },
+    contextWindow: { maxInputTokens: DEFAULT_CONTEXT_WINDOW_MAX_INPUT_TOKENS },
+  },
+  "cost-optimized": {
+    source: "managed",
+    label: "Speed",
+    description: "Fastest responses at lower cost",
+    provider: "anthropic",
+    model: "claude-haiku-4-5-20251001",
+    maxTokens: 8192,
+    effort: "low",
+    thinking: { enabled: false, streamThinking: false },
+    contextWindow: { maxInputTokens: DEFAULT_CONTEXT_WINDOW_MAX_INPUT_TOKENS },
+  },
+};
+
+export const MANAGED_PROFILE_NAMES = new Set(
+  Object.keys(MANAGED_PROFILE_SEED_DATA),
+);
+
+/**
+ * Seed managed inference profiles into the workspace config.
+ *
+ * Called on every daemon startup after workspace migrations and before
+ * the first `loadConfig()`. Managed profiles are overwritten entirely
+ * (replace, not merge) so upstream model/effort changes propagate.
+ * User-created profiles are never touched; pre-existing profiles
+ * without a `source` field get `source: "user"` backfilled.
+ *
+ * No-op when `VELLUM_DEFAULT_WORKSPACE_CONFIG_PATH` is set (same guard
+ * as migration 052) because the platform-provided default-config overlay
+ * is the authoritative source for profile seeds.
+ */
+export function seedInferenceProfiles(): void {
+  if (process.env.VELLUM_DEFAULT_WORKSPACE_CONFIG_PATH) return;
+
+  const config = loadRawConfig();
+
+  if (config.llm == null || typeof config.llm !== "object") {
+    config.llm = {};
+  }
+  const llm = config.llm as Record<string, unknown>;
+
+  if (llm.profiles == null || typeof llm.profiles !== "object") {
+    llm.profiles = {};
+  }
+  const profiles = llm.profiles as Record<string, Record<string, unknown>>;
+
+  for (const [name, seed] of Object.entries(MANAGED_PROFILE_SEED_DATA)) {
+    profiles[name] = { ...seed };
+  }
+
+  // Reset to the default managed profile when the current value is missing.
+  if (
+    typeof llm.activeProfile !== "string" ||
+    !(llm.activeProfile in profiles)
+  ) {
+    llm.activeProfile = "balanced";
+  }
+
+  const profileOrder = Array.isArray(llm.profileOrder)
+    ? (llm.profileOrder as string[])
+    : [];
+  const orderSet = new Set(profileOrder);
+  for (const name of MANAGED_PROFILE_NAMES) {
+    if (!orderSet.has(name)) {
+      profileOrder.push(name);
+    }
+  }
+  llm.profileOrder = profileOrder;
+
+  for (const [name, profile] of Object.entries(profiles)) {
+    if (MANAGED_PROFILE_NAMES.has(name)) continue;
+    if (
+      profile != null &&
+      typeof profile === "object" &&
+      !("source" in profile)
+    ) {
+      profile.source = "user";
+    }
+  }
+
+  saveRawConfig(config);
+}

package/src/config/skills.ts

@@ -5,7 +5,6 @@ import {
   readFileSync,
   realpathSync,
   statSync,
-  writeFileSync,
 } from "node:fs";
 import {
   basename,
@@ -22,11 +21,6 @@ import {
   getPluginContributedSkillDefinition,
   getPluginContributedSkillSummaries,
 } from "../plugins/plugin-skill-contributions.js";
-import {
-  extractAllText,
-  getConfiguredProvider,
-  userMessage,
-} from "../providers/provider-send-message.js";
 import { parseFrontmatterFields } from "../skills/frontmatter.js";
 import type { InlineCommandExpansion } from "../skills/inline-command-expansions.js";
 import { parseInlineCommandExpansions } from "../skills/inline-command-expansions.js";
@@ -1232,87 +1226,3 @@ export function loadSkillBySelector(
 }
 
 // ─── Icon generation ─────────────────────────────────────────────────────────
-
-async function generateSkillIcon(
-  name: string,
-  description: string,
-): Promise<string> {
-  const provider = await getConfiguredProvider("skillCategoryInference");
-  if (!provider) {
-    throw new Error("Configured provider unavailable for icon generation");
-  }
-
-  const response = await provider.sendMessage(
-    [
-      userMessage(
-        `Create a 16x16 pixel art SVG icon representing this skill:\nName: ${name}\nDescription: ${description}`,
-      ),
-    ],
-    undefined,
-    'You are a pixel art icon designer. When asked, return ONLY a single <svg> element — no explanation, no markdown, no code fences. The SVG must be a 16x16 grid pixel art icon using <rect> elements. Use a limited palette (3-5 colors). Keep it under 2KB. The viewBox should be "0 0 16 16" with each pixel being a 1x1 rect.',
-    {
-      config: {
-        callSite: "skillCategoryInference",
-        max_tokens: 1024,
-      },
-    },
-  );
-
-  const text = extractAllText(response);
-
-  const svgMatch = text.match(/<svg[\s\S]*<\/svg>/i);
-  if (!svgMatch) {
-    throw new Error("No <svg> element found in response");
-  }
-
-  return svgMatch[0];
-}
-
-/**
- * Synchronously read a cached icon if it exists on disk. Returns undefined if not cached yet.
- */
-export function readCachedSkillIcon(directoryPath: string): string | undefined {
-  const iconPath = join(directoryPath, "icon.svg");
-  if (existsSync(iconPath)) {
-    try {
-      return readFileSync(iconPath, "utf-8");
-    } catch {
-      return undefined;
-    }
-  }
-  return undefined;
-}
-
-export async function ensureSkillIcon(
-  directoryPath: string,
-  name: string,
-  description: string,
-): Promise<string | undefined> {
-  const iconPath = join(directoryPath, "icon.svg");
-
-  if (existsSync(iconPath)) {
-    try {
-      return readFileSync(iconPath, "utf-8");
-    } catch {
-      log.warn({ iconPath }, "Failed to read existing icon.svg");
-      return undefined;
-    }
-  }
-
-  try {
-    const svg = await generateSkillIcon(name, description);
-    try {
-      writeFileSync(iconPath, svg, "utf-8");
-      log.info({ iconPath }, "Generated skill icon");
-    } catch (writeErr) {
-      log.warn(
-        { err: writeErr, iconPath },
-        "Failed to cache icon.svg (returning generated icon anyway)",
-      );
-    }
-    return svg;
-  } catch (err) {
-    log.warn({ err, iconPath }, "Failed to generate skill icon");
-    return undefined;
-  }
-}

package/src/config/types.ts

@@ -1,6 +1,3 @@
-export type {
-  AssistantConfig,
-  ContextWindowConfig,
-  MemoryConfig,
-  RateLimitConfig,
-} from "./schema.js";
+export type { AssistantConfig, ContextWindowConfig } from "./schema.js";
+export type { MemoryConfig } from "./schemas/memory.js";
+export type { RateLimitConfig } from "./schemas/timeouts.js";

package/src/contacts/contact-store.ts

@@ -839,23 +839,6 @@ export function findContactChannel(params: {
   return null;
 }
 
-/**
- * Find the guardian contact regardless of channel.
- * Returns the first contact with role='guardian', or null if none exists.
- */
-export function findGuardianContact(): ContactWithChannels | null {
-  const db = getDb();
-  const row = db
-    .select()
-    .from(contacts)
-    .where(eq(contacts.role, "guardian"))
-    .orderBy(asc(contacts.createdAt))
-    .limit(1)
-    .get();
-  if (!row) return null;
-  return withChannels(parseContact(row));
-}
-
 /**
  * Find the guardian contact and their specific channel entry for a given channel type.
  * This is the contacts-based equivalent of getGuardianBinding(assistantId, channel).

package/src/contacts/contacts-write.ts

@@ -7,8 +7,6 @@
  */
 
 import type { ChannelId } from "../channels/types.js";
-import type { GuardianBinding } from "../memory/channel-verification-sessions.js";
-import { ensureGuardianPersonaFile } from "../prompts/persona-resolver.js";
 import { canonicalizeInboundIdentity } from "../util/canonicalize-identity.js";
 import { getLogger } from "../util/logger.js";
 import { emitContactChange } from "./contact-events.js";
@@ -32,110 +30,8 @@ import type {
 
 const log = getLogger("contacts-write");
 
-// ── Helpers ──────────────────────────────────────────────────────────
-
-function parseDisplayNameFromMetadata(
-  metadataJson: string | null | undefined,
-): string | null {
-  if (!metadataJson) return null;
-  try {
-    const parsed = JSON.parse(metadataJson);
-    if (
-      typeof parsed.displayName === "string" &&
-      parsed.displayName.length > 0
-    ) {
-      return parsed.displayName;
-    }
-  } catch {
-    // Malformed JSON — fall through
-  }
-  return null;
-}
-
 // ── Guardian operations ──────────────────────────────────────────────
 
-/**
- * Create a guardian binding by writing to the contacts table.
- * Returns a GuardianBinding-compatible object synthesized from the input params
- * (so callers expecting binding.id still work).
- */
-export function createGuardianBinding(params: {
-  channel: string;
-  guardianExternalUserId: string;
-  guardianDeliveryChatId: string;
-  guardianPrincipalId: string;
-  verifiedVia?: string;
-  metadataJson?: string | null;
-}): GuardianBinding {
-  const canonicalId =
-    canonicalizeInboundIdentity(
-      params.channel as ChannelId,
-      params.guardianExternalUserId,
-    ) ?? params.guardianExternalUserId;
-
-  const displayName =
-    parseDisplayNameFromMetadata(params.metadataJson) ??
-    params.guardianExternalUserId;
-
-  const contact = upsertContact({
-    displayName,
-    role: "guardian",
-    notes: "guardian",
-    principalId: params.guardianPrincipalId,
-    channels: [
-      {
-        type: params.channel,
-        address: canonicalId,
-        externalUserId: canonicalId,
-        externalChatId: params.guardianDeliveryChatId,
-        status: "active",
-        verifiedAt: Date.now(),
-        verifiedVia: params.verifiedVia ?? "challenge",
-      },
-    ],
-  });
-
-  // Seed the per-user persona file so downstream readers (journaling,
-  // persona resolution) can rely on `users/<slug>.md` existing on disk.
-  // Idempotent: pre-existing customized files are preserved.
-  //
-  // Seeding is restricted to the guardian-creation path only — it must
-  // NOT run from inbound-message upsertContactChannel calls, since the
-  // `users/` directory watcher would fire on every new contact and
-  // evict live conversations.
-  if (contact.userFile) {
-    // Tolerate filesystem failures (read-only or full workspace) so a
-    // disk error doesn't leave the DB commit orphaned. The persona file
-    // can be reseeded later; failing the binding here would be worse.
-    try {
-      ensureGuardianPersonaFile(contact.userFile);
-    } catch (err) {
-      log.warn(
-        { err, userFile: contact.userFile },
-        "failed to seed guardian persona file; continuing",
-      );
-    }
-  }
-
-  const now = Date.now();
-  const result: GuardianBinding = {
-    id: `contact-binding-${params.channel}`,
-    assistantId: "self",
-    channel: params.channel,
-    guardianExternalUserId: params.guardianExternalUserId,
-    guardianDeliveryChatId: params.guardianDeliveryChatId,
-    guardianPrincipalId: params.guardianPrincipalId,
-    status: "active",
-    verifiedAt: now,
-    verifiedVia: params.verifiedVia ?? "challenge",
-    metadataJson: params.metadataJson ?? null,
-    createdAt: now,
-    updatedAt: now,
-  };
-
-  return result;
-}
-
 /**
  * Revoke a guardian binding by updating the contacts table.
  * Returns true when a guardian channel was found and revoked, false otherwise.
@@ -237,7 +133,7 @@ export function upsertContactChannel(params: {
   // inbound-message hot path — every new contact (Slack, phone, email, etc)
   // would otherwise fire the `users/` directory watcher in
   // config-watcher.ts and evict live conversations. Persona-file seeding
-  // is the sole responsibility of `createGuardianBinding`.
+  // is handled by the gateway's guardian bootstrap flow.
 
   const contactResult = findContactChannel({
     channelType: params.sourceChannel,

package/src/context/window-manager.ts

@@ -1,6 +1,7 @@
 import { readFileSync } from "node:fs";
 import { join } from "node:path";
 
+import type { LLMCallSite } from "../config/schemas/llm.js";
 import type { ContextWindowConfig } from "../config/types.js";
 import type {
   ContentBlock,
@@ -21,6 +22,8 @@ import { truncateToolResultsAcrossHistory } from "./tool-result-truncation.js";
 const log = getLogger("context-window");
 
 export const CONTEXT_SUMMARY_MARKER = "<context_summary>";
+export const CONVERSATION_SUMMARY_CALL_SITE: LLMCallSite =
+  "conversationSummarization";
 const MAX_BLOCK_PREVIEW_CHARS = 3000;
 const MAX_FALLBACK_SUMMARY_CHARS = 12000;
 const COMPACTION_COOLDOWN_MS = 2 * 60 * 1000;
@@ -241,6 +244,8 @@ export interface ContextWindowResult {
   summaryInputTokens: number;
   summaryOutputTokens: number;
   summaryModel: string;
+  summaryCallSite?: LLMCallSite;
+  summaryOverrideProfile?: string | null;
   summaryCacheCreationInputTokens?: number;
   summaryCacheReadInputTokens?: number;
   summaryRawResponses?: unknown[];
@@ -278,6 +283,11 @@ export interface ContextWindowCompactOptions {
    * aggressively. Explicit `minKeepRecentUserTurns` overrides this hint.
    */
   conversationOriginChannel?: string;
+  /**
+   * Per-conversation inference-profile override forwarded to the summary LLM
+   * call and usage attribution.
+   */
+  overrideProfile?: string | null;
   /**
    * Override the target input token budget used for keep-boundary
    * projected-fit checks. Clamped to no looser than `config.targetInputTokens`
@@ -305,7 +315,7 @@ export interface ContextWindowManagerOptions {
 export class ContextWindowManager {
   private readonly provider: Provider;
   private readonly _systemPrompt: string | (() => string);
-  private readonly config: ContextWindowConfig;
+  private config: ContextWindowConfig;
   private readonly toolTokenBudget: number;
   /**
    * Number of leading messages that are non-persisted (injected inherited
@@ -339,6 +349,10 @@ export class ContextWindowManager {
     this.toolTokenBudget = options.toolTokenBudget ?? 0;
   }
 
+  updateConfig(config: ContextWindowConfig): void {
+    this.config = config;
+  }
+
   /**
    * Provider key for the local token estimator. Wrapper providers (e.g.
    * OpenRouter routing to `anthropic/*`) override `tokenEstimationProvider`
@@ -480,6 +494,7 @@ export class ContextWindowManager {
       targetInputTokensOverride: options?.targetInputTokensOverride,
       conversationOriginChannel: options?.conversationOriginChannel,
       force: options?.force,
+      previousEstimatedInputTokens,
     });
     if (keepPlan.keepFromIndex <= summaryOffset) {
       // All turns fit after truncation projection, but the real in-memory
@@ -672,6 +687,7 @@ export class ContextWindowManager {
       transcriptBlocks,
       retainedThreadRefs,
       signal,
+      options?.overrideProfile ?? null,
     );
     const summary = summaryUpdate.summary;
     const summaryInputTokens = summaryUpdate.inputTokens;
@@ -748,6 +764,8 @@ export class ContextWindowManager {
       summaryInputTokens,
       summaryOutputTokens,
       summaryModel,
+      summaryCallSite: CONVERSATION_SUMMARY_CALL_SITE,
+      summaryOverrideProfile: options?.overrideProfile ?? null,
       summaryCacheCreationInputTokens,
       summaryCacheReadInputTokens,
       summaryRawResponses,
@@ -771,6 +789,7 @@ export class ContextWindowManager {
       targetInputTokensOverride?: number;
       conversationOriginChannel?: string;
       force?: boolean;
+      previousEstimatedInputTokens?: number;
     },
   ): { keepFromIndex: number; keepTurns: number } {
     // Slack-originated conversations rely on multi-turn thread context
@@ -854,6 +873,20 @@ export class ContextWindowManager {
       }
     }
 
+    // The projection's summary-swap and tool_result truncation can make
+    // projectedTokensForKeep(hi) optimistically fit even when the live
+    // conversation is well over target — sending /compact through the
+    // "already fits" skip path as a no-op. Clamp lo so summarization runs.
+    if (
+      opts?.force &&
+      floorIsImplicitDefault &&
+      lo === userTurnStarts.length &&
+      lo > 0 &&
+      (opts?.previousEstimatedInputTokens ?? 0) > targetTokens
+    ) {
+      lo -= 1;
+    }
+
     const keepTurns = lo;
     const rawKeepFromIndex =
       keepTurns === 0
@@ -994,6 +1027,7 @@ export class ContextWindowManager {
     transcriptBlocks: ContentBlock[],
     retainedThreadRefs: string[],
     signal?: AbortSignal,
+    overrideProfile?: string | null,
   ): Promise<{
     summary: string;
     inputTokens: number;
@@ -1025,15 +1059,20 @@ export class ContextWindowManager {
     const summaryMessage: Message = { role: "user", content: contentBlocks };
     let failed = false;
     try {
+      const providerConfig: Record<string, unknown> = {
+        callSite: CONVERSATION_SUMMARY_CALL_SITE,
+        usageTracking: "manual",
+        max_tokens: this.summaryMaxTokens,
+      };
+      if (overrideProfile) {
+        providerConfig.overrideProfile = overrideProfile;
+      }
       const response = await this.provider.sendMessage(
         [summaryMessage],
         undefined,
         SUMMARY_SYSTEM_PROMPT,
         {
-          config: {
-            callSite: "conversationSummarization" as const,
-            max_tokens: this.summaryMaxTokens,
-          },
+          config: providerConfig,
           signal,
         },
       );

package/src/credential-execution/process-manager.ts

@@ -241,11 +241,7 @@ export function createCesProcessManager(
       stdin: "pipe",
       stdout: "pipe",
       stderr: "pipe",
-      env: {
-        ...process.env,
-        // Signal to CES that it was launched by the assistant
-        CES_LAUNCHED_BY: "assistant",
-      },
+      env: buildLocalCesEnv(),
     });
 
     childProcess = proc;
@@ -274,11 +270,7 @@ export function createCesProcessManager(
       stdin: "pipe",
       stdout: "pipe",
       stderr: "pipe",
-      env: {
-        ...process.env,
-        // Signal to CES that it was launched by the assistant
-        CES_LAUNCHED_BY: "assistant",
-      },
+      env: buildLocalCesEnv(),
     });
 
     childProcess = proc;
@@ -313,6 +305,38 @@ export function createCesProcessManager(
   }
 }
 
+// ---------------------------------------------------------------------------
+// Local CES env
+// ---------------------------------------------------------------------------
+
+/**
+ * Build the environment for a locally-spawned CES child process.
+ *
+ * Inherits the daemon's process env (which already has VELLUM_WORKSPACE_DIR
+ * and GATEWAY_SECURITY_DIR from the CLI) and adds CES-specific env vars:
+ *
+ * - `CREDENTIAL_SECURITY_DIR`: CES reads this to find its key store and
+ *   encryption data. In local mode this is the same directory as the
+ *   gateway security dir (both point to `<instance>/.vellum/protected`).
+ *
+ * - `VELLUM_WORKSPACE_DIR`: Forwarded so CES can locate the assistant
+ *   workspace (credential metadata, OAuth DB, token refresh).
+ */
+function buildLocalCesEnv(): Record<string, string | undefined> {
+  return {
+    ...process.env,
+    CES_LAUNCHED_BY: "assistant",
+    // Map the daemon's GATEWAY_SECURITY_DIR to CES's own env var.
+    // In local mode, both services share the same protected/ directory.
+    CREDENTIAL_SECURITY_DIR:
+      process.env["CREDENTIAL_SECURITY_DIR"] ||
+      process.env["GATEWAY_SECURITY_DIR"],
+    // VELLUM_WORKSPACE_DIR is already in process.env from the CLI,
+    // but be explicit for clarity.
+    VELLUM_WORKSPACE_DIR: process.env["VELLUM_WORKSPACE_DIR"],
+  };
+}
+
 // ---------------------------------------------------------------------------
 // Stdio transport (local mode)
 // ---------------------------------------------------------------------------