@vellumai/assistant 0.7.0 → 0.7.2

package/src/tools/browser/cdp-client/cdp-inspect/__tests__/ws-transport.test.ts

@@ -511,14 +511,19 @@ describe("connectCdpWsTransport", () => {
   });
 
   test("addEventListener returns an unsubscribe function", async () => {
+    // Use a sentinel request to gate event emission on the server: the
+    // listener is registered before send() runs, so by the time the server
+    // receives the sentinel and starts emitting events the client listener
+    // is guaranteed to be attached. A bare setTimeout-after-open race is
+    // tight enough to flake on busy CI runners.
     const server = startFakeWsServer({
-      onOpen(ws) {
+      onMessage(ws, frame) {
+        if (frame.method !== "Test.startEvents") return;
+        ws.send(JSON.stringify({ id: frame.id, result: {} }));
+        ws.send(JSON.stringify({ method: "Ev.first", params: {} }));
         setTimeout(() => {
-          ws.send(JSON.stringify({ method: "Ev.first", params: {} }));
-          setTimeout(() => {
-            ws.send(JSON.stringify({ method: "Ev.second", params: {} }));
-          }, 10);
-        }, 5);
+          ws.send(JSON.stringify({ method: "Ev.second", params: {} }));
+        }, 10);
       },
     });
     try {
@@ -528,6 +533,7 @@ describe("connectCdpWsTransport", () => {
           received.push(ev.method);
           if (ev.method === "Ev.first") unsub();
         });
+        await transport.send("Test.startEvents");
         await new Promise((r) => setTimeout(r, 60));
         expect(received).toEqual(["Ev.first"]);
       });

package/src/tools/browser/cdp-client/factory.ts

@@ -8,6 +8,7 @@ import {
   createLocalBackend,
 } from "../../../browser-session/index.js";
 import { getConfig } from "../../../config/loader.js";
+import { HostBrowserProxy } from "../../../daemon/host-browser-proxy.js";
 import { getLogger } from "../../../util/logger.js";
 import type { ToolContext } from "../../types.js";
 import { createCdpInspectClient } from "./cdp-inspect-client.js";
@@ -103,11 +104,10 @@ export interface GetCdpClientOptions {
  * invocation based on the ToolContext and config. Three backends are
  * considered in priority order:
  *
- *  1. **Extension** -- When `context.hostBrowserProxy` is set AND
- *     `hostBrowserProxy.isAvailable()` returns `true` (i.e. the
- *     proxy exists and the client is actually connected). This
- *     prevents selecting the extension transport when the proxy
- *     object exists but the underlying WebSocket is disconnected.
+ *  1. **Extension** -- When `HostBrowserProxy.instance` is available
+ *     and `isAvailable()` returns `true` (i.e. a chrome extension
+ *     connection exists in the registry). This prevents selecting
+ *     the extension transport when no extension is connected.
  *  2. **cdp-inspect** -- When `hostBrowser.cdpInspect.enabled` is
  *     `true` in config, construct a `CdpInspectClient` that attaches
  *     to an already-running Chrome via the DevTools JSON protocol.
@@ -183,31 +183,29 @@ export function buildPinnedCandidateList(
   context: ToolContext,
   mode: Exclude<BrowserMode, "auto">,
 ): BackendCandidate[] {
-  const { conversationId, hostBrowserProxy } = context;
+  const { conversationId } = context;
 
   switch (mode) {
     case "extension": {
-      if (!hostBrowserProxy || !hostBrowserProxy.isAvailable()) {
-        const reason = !hostBrowserProxy
-          ? "no host browser proxy provisioned for this conversation"
-          : "host browser proxy exists but is not connected";
-        throw new CdpError(
-          "transport_error",
-          `Pinned mode "extension" unavailable: ${reason}`,
-          {
-            attemptDiagnostics: [
-              {
-                candidateKind: "extension",
-                inclusionReason: `pinned mode: extension`,
-                stage: "candidate_selection",
-                errorCode: "transport_error",
-                errorMessage: reason,
-              },
-            ],
-          },
-        );
-      }
-      return [
+        const hostBrowserProxy = HostBrowserProxy.instance;
+        if (!hostBrowserProxy.hasExtensionClient()) {
+          throw new CdpError(
+            "transport_error",
+            `Pinned mode "extension" unavailable: no Chrome Extension connected`,
+            {
+              attemptDiagnostics: [
+                {
+                  candidateKind: "extension",
+                  inclusionReason: `pinned mode: extension`,
+                  stage: "candidate_selection",
+                  errorCode: "transport_error",
+                  errorMessage: "no Chrome Extension connected",
+                },
+              ],
+            },
+          );
+        }
+        return [
         {
           kind: "extension",
           reason: "pinned mode: extension",
@@ -289,18 +287,15 @@ export function buildPinnedCandidateList(
  * Exported for testing.
  */
 export function buildCandidateList(context: ToolContext): BackendCandidate[] {
-  const { conversationId, hostBrowserProxy } = context;
+  const { conversationId } = context;
   const candidates: BackendCandidate[] = [];
+  const hostBrowserProxy = HostBrowserProxy.instance;
 
-  // 1. Extension -- preferred when a chrome-extension is bound AND
-  //    the proxy reports it is connected. Checking isAvailable()
-  //    prevents selecting the extension transport when the proxy
-  //    object exists (e.g. it was provisioned at conversation start)
-  //    but the client has since disconnected.
-  if (hostBrowserProxy && hostBrowserProxy.isAvailable()) {
+  // 1. Extension -- preferred when a Chrome Extension client is connected.
+  if (hostBrowserProxy.hasExtensionClient()) {
     candidates.push({
       kind: "extension",
-      reason: "hostBrowserProxy present and available",
+      reason: "Chrome Extension connected via registry singleton",
       create() {
         const client = createExtensionCdpClient(
           hostBrowserProxy,
@@ -315,10 +310,10 @@ export function buildCandidateList(context: ToolContext): BackendCandidate[] {
         return { client, backend };
       },
     });
-  } else if (hostBrowserProxy) {
+  } else {
     log.debug(
       { conversationId },
-      "CDP factory: hostBrowserProxy present but not available, skipping extension candidate",
+      "CDP factory: no Chrome Extension connected, skipping extension candidate",
     );
   }
 
@@ -348,63 +343,39 @@ export function buildCandidateList(context: ToolContext): BackendCandidate[] {
     context.transportInterface === "macos" &&
     cdpInspectConfig.desktopAuto.enabled
   ) {
-    // macOS desktop-auto: include cdp-inspect as a candidate unless:
-    // (a) the hostBrowserProxy is registry-routed (extension-backed) and
-    //     temporarily unavailable — the extension transport was explicitly
-    //     expected and the disconnection is transient, so inserting
-    //     cdp-inspect would cause a silent takeover. Only applies when
-    //     `hostBrowserRegistryRouted` is true (set when
-    //     `hostBrowserSenderOverride` was wired at turn-start).
-    //     SSE-backed proxies (macOS without an extension connection) that
-    //     report unavailable (e.g. non-interactive turns where
-    //     clientConnected=false) should NOT suppress cdp-inspect — the
-    //     SSE proxy was never expected to service browser requests.
-    // (b) the cooldown from a recent failure is still active.
-    //
-    // When no hostBrowserProxy is present at all (extension not
-    // provisioned for this conversation), cdp-inspect remains available
-    // as a fallback per the desktop-auto contract.
-    if (
-      hostBrowserProxy &&
-      !hostBrowserProxy.isAvailable() &&
-      context.hostBrowserRegistryRouted
-    ) {
+    // macOS desktop-auto: include cdp-inspect as a candidate unless
+    // the cooldown from a recent failure is still active. The extension
+    // candidate is already first in the list, so it wins when connected.
+    const { cooldownMs } = cdpInspectConfig.desktopAuto;
+    if (isDesktopAutoCooldownActive(cooldownMs)) {
       log.debug(
-        { conversationId },
-        "CDP factory: desktop-auto cdp-inspect skipped (extension transport expected but temporarily unavailable)",
+        {
+          conversationId,
+          cooldownMs,
+          cooldownSince: _desktopAutoCooldownSince,
+        },
+        "CDP factory: desktop-auto cdp-inspect skipped (cooldown active)",
       );
     } else {
-      const { cooldownMs } = cdpInspectConfig.desktopAuto;
-      if (isDesktopAutoCooldownActive(cooldownMs)) {
-        log.debug(
-          {
-            conversationId,
-            cooldownMs,
-            cooldownSince: _desktopAutoCooldownSince,
-          },
-          "CDP factory: desktop-auto cdp-inspect skipped (cooldown active)",
-        );
-      } else {
-        candidates.push({
-          kind: "cdp-inspect",
-          reason: "desktopAuto: macOS turn, cdp-inspect auto-attempted",
-          create() {
-            const client = createCdpInspectClient(conversationId, {
-              host: cdpInspectConfig.host,
-              port: cdpInspectConfig.port,
-              discoveryTimeoutMs: cdpInspectConfig.probeTimeoutMs,
-              wsConnectTimeoutMs: cdpInspectConfig.probeTimeoutMs,
-            });
-            const backend = createCdpInspectBackend({
-              isAvailable: () => true,
-              sendCdp: (command, signal) =>
-                dispatchThroughClient(client, command, signal),
-              dispose: () => client.dispose(),
-            });
-            return { client, backend };
-          },
-        });
-      }
+      candidates.push({
+        kind: "cdp-inspect",
+        reason: "desktopAuto: macOS turn, cdp-inspect auto-attempted",
+        create() {
+          const client = createCdpInspectClient(conversationId, {
+            host: cdpInspectConfig.host,
+            port: cdpInspectConfig.port,
+            discoveryTimeoutMs: cdpInspectConfig.probeTimeoutMs,
+            wsConnectTimeoutMs: cdpInspectConfig.probeTimeoutMs,
+          });
+          const backend = createCdpInspectBackend({
+            isAvailable: () => true,
+            sendCdp: (command, signal) =>
+              dispatchThroughClient(client, command, signal),
+            dispose: () => client.dispose(),
+          });
+          return { client, backend };
+        },
+      });
     }
   }
 

package/src/tools/browser/cdp-client/index.ts

@@ -1,28 +1,2 @@
-export {
-  CdpInspectClient,
-  type CdpInspectClientOptions,
-  type CdpInspectHelpers,
-  createCdpInspectClient,
-} from "./cdp-inspect-client.js";
 export { CdpError, type CdpErrorCode } from "./errors.js";
-export {
-  createExtensionCdpClient,
-  ExtensionCdpClient,
-} from "./extension-cdp-client.js";
-export {
-  buildCandidateList,
-  buildChainedClient,
-  buildPinnedCandidateList,
-  getCdpClient,
-  type GetCdpClientOptions,
-} from "./factory.js";
-export { createLocalCdpClient, LocalCdpClient } from "./local-cdp-client.js";
-export type {
-  AttemptDiagnostic,
-  AttemptStage,
-  BackendCandidate,
-  BrowserMode,
-  CdpClient,
-  CdpClientKind,
-  ScopedCdpClient,
-} from "./types.js";
+export type { CdpClient, CdpClientKind, ScopedCdpClient } from "./types.js";

package/src/tools/computer-use/definitions.ts

@@ -21,12 +21,6 @@ function proxyExecute(): Promise<ToolExecutionResult> {
   );
 }
 
-const activityProperty = {
-  type: "string" as const,
-  description:
-    "Brief non-technical explanation of why this tool is being called",
-};
-
 // ---------------------------------------------------------------------------
 // click (unified - click_type selects single / double / right)
 // ---------------------------------------------------------------------------
@@ -69,7 +63,11 @@ export const computerUseClickTool: Tool = {
             description:
               "Explanation of what you see and why you are clicking here",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["reasoning"],
       },
@@ -106,7 +104,11 @@ export const computerUseTypeTextTool: Tool = {
             type: "string",
             description: "Explanation of what you are typing and why",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["text", "reasoning"],
       },
@@ -144,7 +146,11 @@ export const computerUseKeyTool: Tool = {
             type: "string",
             description: "Explanation of why you are pressing this key",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["key", "reasoning"],
       },
@@ -199,7 +205,11 @@ export const computerUseScrollTool: Tool = {
             type: "string",
             description: "Explanation of why you are scrolling",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["direction", "amount", "reasoning"],
       },
@@ -260,7 +270,11 @@ export const computerUseDragTool: Tool = {
             type: "string",
             description: "Explanation of what you are dragging and why",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["reasoning"],
       },
@@ -296,7 +310,11 @@ export const computerUseWaitTool: Tool = {
             type: "string",
             description: "Explanation of what you are waiting for",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["duration_ms", "reasoning"],
       },
@@ -335,7 +353,11 @@ export const computerUseOpenAppTool: Tool = {
             description:
               "Explanation of why you need to open or switch to this app",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["app_name", "reasoning"],
       },
@@ -373,7 +395,11 @@ export const computerUseRunAppleScriptTool: Tool = {
             description:
               "Explanation of what this script does and why AppleScript is better than UI interaction for this step",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["script", "reasoning"],
       },
@@ -406,7 +432,6 @@ export const computerUseDoneTool: Tool = {
             type: "string",
             description: "Human-readable summary of what was accomplished",
           },
-          activity: activityProperty,
         },
         required: ["summary"],
       },
@@ -443,7 +468,6 @@ export const computerUseRespondTool: Tool = {
             type: "string",
             description: "Explanation of how you determined the answer",
           },
-          activity: activityProperty,
         },
         required: ["answer", "reasoning"],
       },
@@ -471,10 +495,8 @@ const computerUseObserveTool: Tool = {
       description: this.description,
       input_schema: {
         type: "object",
-        properties: {
-          activity: activityProperty,
-        },
-        required: ["activity"],
+        properties: {},
+        required: [],
       },
     };
   },

package/src/tools/executor.ts

@@ -22,7 +22,6 @@ import { getLogger } from "../util/logger.js";
 import { resolveExecutionTarget } from "./execution-target.js";
 import { executeWithTimeout, safeTimeoutMs } from "./execution-timeout.js";
 import { PermissionChecker } from "./permission-checker.js";
-import { SecretDetectionHandler } from "./secret-detection-handler.js";
 import { extractAndSanitize } from "./sensitive-output-placeholders.js";
 import { applyEdit } from "./shared/filesystem/edit-engine.js";
 import { sandboxPolicy } from "./shared/filesystem/path-policy.js";
@@ -39,13 +38,11 @@ const log = getLogger("tool-executor");
 export class ToolExecutor {
   private prompter: PermissionPrompter;
   private permissionChecker: PermissionChecker;
-  private secretDetectionHandler: SecretDetectionHandler;
   private approvalHandler: ToolApprovalHandler;
 
   constructor(prompter: PermissionPrompter) {
     this.prompter = prompter;
     this.permissionChecker = new PermissionChecker(prompter);
-    this.secretDetectionHandler = new SecretDetectionHandler(prompter);
     this.approvalHandler = new ToolApprovalHandler();
   }
 
@@ -105,6 +102,19 @@ export class ToolExecutor {
     const startTime = Date.now();
     let decision = "allow";
     let riskLevel: string = RiskLevel.Low;
+    let permRiskMeta:
+      | {
+          riskLevel: string;
+          riskReason: string;
+          riskScopeOptions: Array<{ pattern: string; label: string }>;
+          riskDirectoryScopeOptions?: Array<{ scope: string; label: string }>;
+          isContainerized?: boolean;
+        }
+      | undefined;
+    let permMatchedTrustRuleId: string | undefined;
+    let permApprovalMode: string | undefined;
+    let permApprovalReason: string | undefined;
+    let permRiskThreshold: string | undefined;
     const executionTarget = resolveExecutionTarget(name);
 
     emitLifecycleEvent(context, {
@@ -167,15 +177,6 @@ export class ToolExecutor {
       // Exception: requireFreshApproval tools always go through the
       // permission check even when a grant was consumed - the grant does
       // not substitute for an interactive human review.
-      let permRiskMeta:
-        | {
-            riskLevel: string;
-            riskReason: string;
-            riskScopeOptions: Array<{ pattern: string; label: string }>;
-            riskDirectoryScopeOptions?: Array<{ scope: string; label: string }>;
-            isContainerized?: boolean;
-          }
-        | undefined;
       if (!gateResult.grantConsumed || context.requireFreshApproval) {
         // Check permissions via the extracted PermissionChecker
         const permResult = await this.permissionChecker.checkPermission(
@@ -192,6 +193,10 @@ export class ToolExecutor {
         riskLevel = permResult.riskLevel;
         decision = permResult.decision;
         permRiskMeta = permResult.riskMeta;
+        permMatchedTrustRuleId = permResult.matchedTrustRuleId;
+        permApprovalMode = permResult.approvalMode;
+        permApprovalReason = permResult.approvalReason;
+        permRiskThreshold = permResult.riskThreshold;
 
         if (!permResult.allowed) {
           return {
@@ -202,12 +207,21 @@ export class ToolExecutor {
             riskScopeOptions: permRiskMeta?.riskScopeOptions,
             riskDirectoryScopeOptions: permRiskMeta?.riskDirectoryScopeOptions,
             isContainerized: permRiskMeta?.isContainerized,
+            matchedTrustRuleId: permMatchedTrustRuleId,
+            approvalMode: permApprovalMode,
+            approvalReason: permApprovalReason,
+            riskThreshold: permRiskThreshold,
           };
         }
 
         if (permResult.wasPrompted) {
           context.approvedViaPrompt = true;
         }
+      } else {
+        // Grant consumed — permission check was skipped. Set provenance explicitly
+        // so the record shows how this execution was authorized.
+        permApprovalMode = "auto";
+        permApprovalReason = "grant_scoped_consumed";
       }
 
       // Execute the tool - proxy tools delegate to an external resolver.
@@ -231,6 +245,7 @@ export class ToolExecutor {
             conversationId: context.conversationId,
             requestId: context.requestId,
             riskLevel,
+            matchedTrustRuleId: permMatchedTrustRuleId,
             decision: "error",
             durationMs,
             errorMessage: msg,
@@ -268,6 +283,7 @@ export class ToolExecutor {
           conversationId: context.conversationId,
           requestId: context.requestId,
           riskLevel,
+          matchedTrustRuleId: permMatchedTrustRuleId,
           decision: "error",
           durationMs,
           errorMessage: msg,
@@ -334,6 +350,7 @@ export class ToolExecutor {
             conversationId: context.conversationId,
             requestId: context.requestId,
             riskLevel,
+            matchedTrustRuleId: permMatchedTrustRuleId,
             decision: "deny",
             reason: denialReason,
             durationMs,
@@ -352,6 +369,7 @@ export class ToolExecutor {
             conversationId: context.conversationId,
             requestId: context.requestId,
             riskLevel,
+            matchedTrustRuleId: permMatchedTrustRuleId,
             decision: "error",
             durationMs,
             errorMessage: errorMsg,
@@ -364,8 +382,6 @@ export class ToolExecutor {
 
       // Sensitive output extraction: strip directives, replace raw values
       // with placeholders, and attach bindings for agent-loop substitution.
-      // Runs before secret detection so that raw sensitive values are already
-      // replaced and won't trigger entropy-based redaction.
       const { sanitizedContent, bindings } = extractAndSanitize(
         execResult.content,
       );
@@ -377,23 +393,6 @@ export class ToolExecutor {
         };
       }
 
-      // Secret detection on tool output
-      const secretResult = await this.secretDetectionHandler.handle(
-        execResult,
-        name,
-        input,
-        context,
-        executionTarget,
-        riskLevel,
-        decision,
-        startTime,
-        emitLifecycleEvent,
-      );
-      if (secretResult.earlyReturn) {
-        return secretResult.result;
-      }
-      execResult = secretResult.result;
-
       const durationMs = Date.now() - startTime;
       // Strip sensitiveBindings from lifecycle event to prevent raw values leaking
       const { sensitiveBindings: _sb, ...safeResult } = execResult;
@@ -406,6 +405,9 @@ export class ToolExecutor {
         conversationId: context.conversationId,
         requestId: context.requestId,
         riskLevel,
+        matchedTrustRuleId: permMatchedTrustRuleId,
+        approvalMode: permApprovalMode,
+        approvalReason: permApprovalReason,
         decision,
         durationMs,
         result: safeResult,
@@ -424,6 +426,18 @@ export class ToolExecutor {
           isContainerized: permRiskMeta.isContainerized,
         };
       }
+      if (permMatchedTrustRuleId) {
+        execResult = { ...execResult, matchedTrustRuleId: permMatchedTrustRuleId };
+      }
+      if (permApprovalMode) {
+        execResult = { ...execResult, approvalMode: permApprovalMode };
+      }
+      if (permApprovalReason) {
+        execResult = { ...execResult, approvalReason: permApprovalReason };
+      }
+      if (permRiskThreshold) {
+        execResult = { ...execResult, riskThreshold: permRiskThreshold };
+      }
 
       return execResult;
     } catch (err) {
@@ -465,6 +479,7 @@ export class ToolExecutor {
         conversationId: context.conversationId,
         requestId: context.requestId,
         riskLevel,
+        matchedTrustRuleId: permMatchedTrustRuleId,
         decision: "error",
         durationMs,
         errorMessage: msg,

package/src/tools/host-filesystem/edit.ts

@@ -1,5 +1,8 @@
+import { supportsHostProxy } from "../../channels/types.js";
+import { HostFileProxy } from "../../daemon/host-file-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
+import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { FileSystemOps } from "../shared/filesystem/file-ops-service.js";
 import { formatEditDiff } from "../shared/filesystem/format-diff.js";
 import { hostPolicy } from "../shared/filesystem/path-policy.js";
@@ -36,6 +39,11 @@ class HostFileEditTool implements Tool {
             description:
               "Replace all occurrences instead of requiring a unique match (default: false)",
           },
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to execute this on. Required when multiple clients support host_file; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_file`.",
+          },
         },
         required: ["path", "old_string", "new_string"],
       },
@@ -83,16 +91,35 @@ class HostFileEditTool implements Tool {
 
     const replaceAll = input.replace_all === true;
 
+    const targetClientId =
+      typeof input.target_client_id === "string" && input.target_client_id !== ""
+        ? input.target_client_id
+        : undefined;
+
+    const transportInterface = context.transportInterface;
+    if (
+      targetClientId == null &&
+      transportInterface != null &&
+      !supportsHostProxy(transportInterface) &&
+      assistantEventHub.listClientsByCapability("host_file").length > 1
+    ) {
+      return {
+        content: `Error: multiple clients support host_file. Specify which client to use with \`target_client_id\`. Run \`assistant clients list --capability host_file\` to see client IDs and labels.`,
+        isError: true,
+      };
+    }
+
     // Proxy to connected client for execution on the user's machine
     // when a capable client is available (managed/cloud-hosted mode).
-    if (context.hostFileProxy?.isAvailable()) {
-      return context.hostFileProxy.request(
+    if (HostFileProxy.instance.isAvailable()) {
+      return HostFileProxy.instance.request(
         {
           operation: "edit",
           path: rawPath,
           old_string: oldString as string,
           new_string: newString as string,
           replace_all: replaceAll,
+          targetClientId,
         },
         context.conversationId,
         context.signal,