@vellumai/assistant 0.7.1 → 0.7.2

package/src/daemon/lifecycle.ts

@@ -2,8 +2,6 @@ import { join } from "node:path";
 
 import { config as dotenvConfig } from "dotenv";
 
-import type { BackupWorkerHandle } from "../backup/backup-worker.js";
-import { startBackupWorker } from "../backup/backup-worker.js";
 import { setPointerMessageProcessor } from "../calls/call-pointer-messages.js";
 import { reconcileCallsOnStartup } from "../calls/call-recovery.js";
 import { setRelayBroadcast } from "../calls/relay-server.js";
@@ -25,10 +23,6 @@ import type { AssistantConfig } from "../config/schema.js";
 import { seedInferenceProfiles } from "../config/seed-inference-profiles.js";
 import type { CesClient } from "../credential-execution/client.js";
 import { createCesClient } from "../credential-execution/client.js";
-import {
-  isCesCredentialBackendEnabled,
-  isCesToolsEnabled,
-} from "../credential-execution/feature-gates.js";
 import {
   type CesProcessManager,
   CesUnavailableError,
@@ -54,10 +48,7 @@ import {
 import { expireAllPendingCanonicalRequests } from "../memory/canonical-guardian-store.js";
 import { deleteMessageById, getMessages } from "../memory/conversation-crud.js";
 import { initializeDb } from "../memory/db-init.js";
-import {
-  selectEmbeddingBackend,
-  SPARSE_EMBEDDING_VERSION,
-} from "../memory/embedding-backend.js";
+import { selectEmbeddingBackend } from "../memory/embedding-backend.js";
 import { enqueueMemoryJob } from "../memory/jobs-store.js";
 import { startMemoryJobsWorker } from "../memory/jobs-worker.js";
 import { initQdrantClient, resolveQdrantUrl } from "../memory/qdrant-client.js";
@@ -81,6 +72,7 @@ import {
 import { RuntimeHttpServer } from "../runtime/http-server.js";
 import { recoverInterruptedImport } from "../runtime/migrations/vbundle-streaming-importer.js";
 import { registerSecretsDeps } from "../runtime/routes/secrets-deps.js";
+import { recoverStaleSchedules } from "../schedule/schedule-recovery.js";
 import { startScheduler } from "../schedule/scheduler.js";
 import {
   onCesClientChanged,
@@ -157,17 +149,6 @@ export interface CesStartupResult {
 async function startCesProcess(
   config: AssistantConfig,
 ): Promise<CesStartupResult> {
-  const shouldStartCes =
-    isCesToolsEnabled(config) || isCesCredentialBackendEnabled(config);
-  if (!shouldStartCes) {
-    return {
-      client: undefined,
-      processManager: undefined,
-      clientPromise: undefined,
-      abortController: undefined,
-    };
-  }
-
   const pm = createCesProcessManager({ assistantConfig: config });
   const abortController = new AbortController();
   let clientRef: CesClient | undefined;
@@ -291,9 +272,16 @@ export async function runDaemon(): Promise<void> {
     // Fired non-blocking so a slow or unreachable gateway doesn't delay
     // daemon startup (the IPC call has a 3s connect + 5s call timeout
     // that would otherwise stall the critical path).
-    void initFeatureFlagOverrides().catch((err) =>
-      log.warn({ err }, "Background feature flag init failed"),
-    );
+    //
+    // On resolve, retry the v2 skill seed: the synchronous gate at the
+    // skill-seed call site below evaluates the memory-v2-enabled flag
+    // before the gateway has populated overrides, so a cold-boot race
+    // can leave the v2 skill collection unseeded for the lifetime of
+    // the daemon. seedV2SkillEntries is idempotent, so re-running after
+    // overrides land is safe.
+    void initFeatureFlagOverrides()
+      .then(() => maybeSeedMemoryV2Skills(loadConfig()))
+      .catch((err) => log.warn({ err }, "Background feature flag init failed"));
 
     seedInterfaceFiles();
 
@@ -524,89 +512,81 @@ export async function runDaemon(): Promise<void> {
     // bootstrap connection, so startup must happen at the process level.
     const cesStartupPromise = startCesProcess(config);
 
-    // When the credential backend flag is enabled, CES startup must complete
-    // BEFORE provider initialization so credential reads can go through CES.
-    // Block with a 20-second timeout — fall back to direct credential store
-    // on timeout.
-    if (isCesCredentialBackendEnabled(config)) {
-      const cesResult = await cesStartupPromise;
-      // startCesProcess() returns immediately — the actual handshake runs
-      // inside clientPromise. Await it (with a 20s timeout) so the CES client
-      // is available before provider initialization.
-      if (cesResult.clientPromise) {
-        const client = await awaitCesClientWithTimeout(
-          cesResult.clientPromise,
-          {
-            timeoutMs: DEFAULT_CES_STARTUP_TIMEOUT_MS,
-            onTimeout: () => {
-              log.warn(
-                "CES handshake timed out after 20s — falling back to direct credential store",
-              );
-            },
-          },
-        );
-        if (client) {
-          setCesClient(client);
-        }
+    // CES startup must complete BEFORE provider initialization so credential
+    // reads can go through CES. Block with a 20-second timeout — fall back to
+    // direct credential store on timeout.
+    const cesResult = await cesStartupPromise;
+    // startCesProcess() returns immediately — the actual handshake runs
+    // inside clientPromise. Await it (with a 20s timeout) so the CES client
+    // is available before provider initialization.
+    if (cesResult.clientPromise) {
+      const client = await awaitCesClientWithTimeout(cesResult.clientPromise, {
+        timeoutMs: DEFAULT_CES_STARTUP_TIMEOUT_MS,
+        onTimeout: () => {
+          log.warn(
+            "CES handshake timed out after 20s — falling back to direct credential store",
+          );
+        },
+      });
+      if (client) {
+        setCesClient(client);
       }
+    }
 
-      // Register CES reconnection callback so the credential layer can
-      // re-establish the connection when the transport dies, instead of
-      // falling back to the encrypted file store.
-      if (cesResult.processManager) {
-        const pm = cesResult.processManager;
-
-        // Snapshot the managed-proxy context and assistant ID at CES startup
-        // so the reconnect closure below never calls back into
-        // `resolveManagedProxyContext()`. That function reads the assistant
-        // API key via `getSecureKeyAsync()`, which — once `setCesClient()`
-        // has resolved the backend to CES RPC — routes the read through CES
-        // itself. During a reconnect the old transport is dead and a new
-        // one is being set up by this very closure, so the nested credential
-        // read recursively awaits its own in-flight reconnection and
-        // deadlocks until `CREDENTIAL_OP_TIMEOUT_MS` (45s) fires. That
-        // 45-second stall delays every CES restart and causes dependent
-        // credential reads (e.g. Meet's STT provider resolution) to return
-        // `undefined` during the window. API key rotation uses the
-        // `updateAssistantApiKey` RPC on the live client, not a reconnect,
-        // so caching at startup is safe.
-        const startupProxyCtx = await resolveManagedProxyContext();
-        const startupAssistantId = getPlatformAssistantId();
-
-        setCesReconnect(async () => {
-          try {
-            await pm.stop();
-            const transport = await pm.start();
-            const newClient = createCesClient(transport);
-            const { accepted, reason } = await newClient.handshake({
-              ...(startupProxyCtx.assistantApiKey
-                ? { assistantApiKey: startupProxyCtx.assistantApiKey }
-                : {}),
-              ...(startupAssistantId
-                ? { assistantId: startupAssistantId }
-                : {}),
-            });
-            if (accepted) {
-              log.info("CES reconnection handshake accepted");
-              return newClient;
-            }
-            log.warn({ reason }, "CES reconnection handshake rejected");
-            newClient.close();
-            await pm.stop().catch(() => {});
-            return undefined;
-          } catch (err) {
-            log.warn(
-              { error: err instanceof Error ? err.message : String(err) },
-              "CES reconnection attempt failed",
-            );
-            await pm.stop().catch(() => {});
-            return undefined;
+    // Register CES reconnection callback so the credential layer can
+    // re-establish the connection when the transport dies, instead of
+    // falling back to the encrypted file store.
+    if (cesResult.processManager) {
+      const pm = cesResult.processManager;
+
+      // Snapshot the managed-proxy context and assistant ID at CES startup
+      // so the reconnect closure below never calls back into
+      // `resolveManagedProxyContext()`. That function reads the assistant
+      // API key via `getSecureKeyAsync()`, which — once `setCesClient()`
+      // has resolved the backend to CES RPC — routes the read through CES
+      // itself. During a reconnect the old transport is dead and a new
+      // one is being set up by this very closure, so the nested credential
+      // read recursively awaits its own in-flight reconnection and
+      // deadlocks until `CREDENTIAL_OP_TIMEOUT_MS` (45s) fires. That
+      // 45-second stall delays every CES restart and causes dependent
+      // credential reads (e.g. Meet's STT provider resolution) to return
+      // `undefined` during the window. API key rotation uses the
+      // `updateAssistantApiKey` RPC on the live client, not a reconnect,
+      // so caching at startup is safe.
+      const startupProxyCtx = await resolveManagedProxyContext();
+      const startupAssistantId = getPlatformAssistantId();
+
+      setCesReconnect(async () => {
+        try {
+          await pm.stop();
+          const transport = await pm.start();
+          const newClient = createCesClient(transport);
+          const { accepted, reason } = await newClient.handshake({
+            ...(startupProxyCtx.assistantApiKey
+              ? { assistantApiKey: startupProxyCtx.assistantApiKey }
+              : {}),
+            ...(startupAssistantId ? { assistantId: startupAssistantId } : {}),
+          });
+          if (accepted) {
+            log.info("CES reconnection handshake accepted");
+            return newClient;
           }
-        });
-      }
+          log.warn({ reason }, "CES reconnection handshake rejected");
+          newClient.close();
+          await pm.stop().catch(() => {});
+          return undefined;
+        } catch (err) {
+          log.warn(
+            { error: err instanceof Error ? err.message : String(err) },
+            "CES reconnection attempt failed",
+          );
+          await pm.stop().catch(() => {});
+          return undefined;
+        }
+      });
     }
 
-    // Populate the registry with user plugins from `~/.vellum/plugins/*`
+    // Populate the registry with user plugins from `<workspaceDir>/plugins/*`
     // AFTER first-party plugins have already registered via their static
     // side-effect imports. User plugins may fail to load individually; a
     // failing user plugin is logged and skipped so one bad install can't
@@ -660,13 +640,12 @@ export async function runDaemon(): Promise<void> {
         );
     }
 
-    // Mutable refs for Qdrant, memory worker, and backup worker so background
+    // Mutable refs for Qdrant and memory worker so background
     // init can assign them and the shutdown handler always sees the latest value.
     const bgRefs: {
       qdrantManager: QdrantManager | null;
       memoryWorker: { stop(): void } | null;
-      backupWorker: BackupWorkerHandle | null;
-    } = { qdrantManager: null, memoryWorker: null, backupWorker: null };
+    } = { qdrantManager: null, memoryWorker: null };
 
     // Initialize Qdrant vector store and memory worker in the background so the
     // RuntimeHttpServer can start accepting requests without waiting for Qdrant.
@@ -707,8 +686,11 @@ export async function runDaemon(): Promise<void> {
       if (qdrantStarted) {
         try {
           const embeddingSelection = await selectEmbeddingBackend(config);
+          // Sentinel only encodes the dense provider+model identity; sparse
+          // encoder changes never require collection recreation, so they
+          // intentionally do not contribute to the v1 collection identity.
           const embeddingModel = embeddingSelection.backend
-            ? `${embeddingSelection.backend.provider}:${embeddingSelection.backend.model}:sparse-v${SPARSE_EMBEDDING_VERSION}`
+            ? `${embeddingSelection.backend.provider}:${embeddingSelection.backend.model}`
             : undefined;
           const qdrantClient = initQdrantClient({
             url: qdrantUrl,
@@ -760,21 +742,32 @@ export async function runDaemon(): Promise<void> {
             );
           }
         })();
+
+        // Build the BM25 corpus stats (per-token document frequencies and
+        // average document length) used by the v2 sparse channel. Without
+        // this, document-side sparse embeddings fall back to legacy TF-only
+        // weighting via the chicken-and-egg guard in
+        // `embed-concept-page.ts`. Fire-and-forget for the same reason as
+        // PKB reconcile — the stats are an optional optimization, never a
+        // boot-blocking dependency.
+        void (async () => {
+          try {
+            const { rebuildConceptPageCorpusStats } =
+              await import("../memory/v2/sparse-bm25.js");
+            await rebuildConceptPageCorpusStats(getWorkspaceDir());
+            log.info("Memory v2 BM25 corpus stats built");
+          } catch (err) {
+            log.warn(
+              { err },
+              "BM25 corpus-stats rebuild failed — sparse channel will fall back to TF-only until next rebuild",
+            );
+          }
+        })();
       }
 
       log.info("Daemon startup: starting memory worker");
       bgRefs.memoryWorker = startMemoryJobsWorker();
 
-      log.info("Daemon startup: starting backup worker");
-      try {
-        bgRefs.backupWorker = startBackupWorker();
-      } catch (err) {
-        log.warn(
-          { err },
-          "Backup worker failed to start — continuing without backups",
-        );
-      }
-
       // Seed capability graph nodes (new memory graph system)
       try {
         const {
@@ -818,6 +811,12 @@ export async function runDaemon(): Promise<void> {
     // macOS adapter so it can deliver notification_intent messages to clients.
     registerBroadcastFn((msg) => broadcastMessage(msg));
 
+    try {
+      recoverStaleSchedules();
+    } catch (err) {
+      log.error({ err }, "Schedule recovery failed — continuing startup");
+    }
+
     const scheduler = startScheduler(
       async (conversationId, message, options) => {
         await processMessage(
@@ -1279,7 +1278,6 @@ export async function runDaemon(): Promise<void> {
       scheduler,
       feedScheduler,
       getMemoryWorker: () => bgRefs.memoryWorker,
-      getBackupWorker: () => bgRefs.backupWorker,
       getQdrantManager: () => bgRefs.qdrantManager,
       mcpManager,
       telemetryReporter,

package/src/daemon/message-protocol.ts

@@ -23,6 +23,7 @@ export * from "./message-types/diagnostics.js";
 export * from "./message-types/documents.js";
 export * from "./message-types/guardian-actions.js";
 export * from "./message-types/home.js";
+export * from "./message-types/host-app-control.js";
 export * from "./message-types/host-bash.js";
 export * from "./message-types/host-browser.js";
 export * from "./message-types/host-cu.js";
@@ -34,7 +35,6 @@ export * from "./message-types/meet.js";
 export * from "./message-types/memory.js";
 export * from "./message-types/messages.js";
 export * from "./message-types/notifications.js";
-export * from "./message-types/pairing.js";
 export * from "./message-types/schedules.js";
 export * from "./message-types/settings.js";
 export * from "./message-types/shared.js";
@@ -80,6 +80,7 @@ import type {
   _GuardianActionsServerMessages,
 } from "./message-types/guardian-actions.js";
 import type { _HomeServerMessages } from "./message-types/home.js";
+import type { _HostAppControlServerMessages } from "./message-types/host-app-control.js";
 import type { _HostBashServerMessages } from "./message-types/host-bash.js";
 import type {
   _HostBrowserClientMessages,
@@ -106,10 +107,6 @@ import type {
   _NotificationsClientMessages,
   _NotificationsServerMessages,
 } from "./message-types/notifications.js";
-import type {
-  _PairingClientMessages,
-  _PairingServerMessages,
-} from "./message-types/pairing.js";
 import type {
   _SchedulesClientMessages,
   _SchedulesServerMessages,
@@ -170,7 +167,6 @@ export type ClientMessage =
   | _SchedulesClientMessages
   | _DiagnosticsClientMessages
   | _InboxClientMessages
-  | _PairingClientMessages
   | _NotificationsClientMessages
   | _SettingsClientMessages;
 
@@ -191,6 +187,7 @@ export type ServerMessage =
   | _DocumentsServerMessages
   | _GuardianActionsServerMessages
   | _HomeServerMessages
+  | _HostAppControlServerMessages
   | _HostBashServerMessages
   | _HostBrowserServerMessages
   | _HostCuServerMessages
@@ -203,7 +200,6 @@ export type ServerMessage =
   | _SettingsServerMessages
   | _DiagnosticsServerMessages
   | _InboxServerMessages
-  | _PairingServerMessages
   | _NotificationsServerMessages
   | _UpgradesServerMessages
   | _AcpServerMessages
@@ -215,4 +211,3 @@ export interface ContractSchema {
   client: ClientMessage;
   server: ServerMessage;
 }
-

package/src/daemon/message-types/contacts.ts

@@ -36,6 +36,25 @@ export interface ContactsChanged {
   type: "contacts_changed";
 }
 
+/**
+ * Server → Client prompt requesting the user to enter a contact channel address.
+ * Emitted by the `contacts/prompt` IPC route.
+ */
+export interface ContactRequest {
+  type: "contact_request";
+  requestId: string;
+  /** Suggested channel type (e.g. "phone", "email") — used as a hint, not enforced. */
+  channel?: string;
+  /** Placeholder text for the address input field. */
+  placeholder?: string;
+  /** Display label shown above the input field. */
+  label?: string;
+  /** Longer description shown below the label. */
+  description?: string;
+  /** Suggested role for the new contact (guardian / trusted-contact / unknown). */
+  role?: string;
+}
+
 export interface ContactPayload {
   id: string;
   displayName: string;
@@ -68,4 +87,7 @@ export interface ContactChannelPayload {
 
 export type _ContactsClientMessages = ContactsRequest;
 
-export type _ContactsServerMessages = ContactsResponse | ContactsChanged;
+export type _ContactsServerMessages =
+  | ContactsResponse
+  | ContactsChanged
+  | ContactRequest;

package/src/daemon/message-types/conversations.ts

@@ -184,7 +184,7 @@ export interface ReorderConversationsRequest {
 
 // === Server → Client ===
 
-export interface ConversationSearchMatchingMessage {
+interface ConversationSearchMatchingMessage {
   messageId: string;
   role: string;
   /** Plain-text excerpt around the match, truncated to ~200 chars. */
@@ -192,7 +192,7 @@ export interface ConversationSearchMatchingMessage {
   createdAt: number;
 }
 
-export interface ConversationSearchResultItem {
+interface ConversationSearchResultItem {
   conversationId: string;
   conversationTitle: string | null;
   conversationUpdatedAt: number;
@@ -225,7 +225,7 @@ export interface ConversationTitleUpdated {
 }
 
 /** Channel binding metadata exposed in conversation list APIs. */
-export interface ChannelBinding {
+interface ChannelBinding {
   sourceChannel: ChannelId;
   externalChatId: string;
   externalUserId?: string | null;
@@ -234,7 +234,7 @@ export interface ChannelBinding {
 }
 
 /** Attention state metadata for a conversation's latest assistant message. */
-export interface AssistantAttention {
+interface AssistantAttention {
   hasUnseenLatestAssistantMessage: boolean;
   latestAssistantMessageAt?: number;
   lastSeenAssistantMessageAt?: number;
@@ -242,7 +242,7 @@ export interface AssistantAttention {
   lastSeenSignalType?: string;
 }
 
-export interface ConversationForkParent {
+interface ConversationForkParent {
   conversationId: string;
   messageId: string;
   title: string;
@@ -329,7 +329,7 @@ export interface ModelInfo {
   }>;
 }
 
-export interface HistoryResponseToolCall {
+interface HistoryResponseToolCall {
   name: string;
   input: Record<string, unknown>;
   result?: string;
@@ -350,7 +350,10 @@ export interface HistoryResponseToolCall {
   riskLevel?: string;
   /** Human-readable reason for the risk classification. */
   riskReason?: string;
-  /** Whether the tool was auto-approved (true) or required explicit user input (false). */
+  /**
+   * @deprecated Use `approvalMode` and `approvalReason` instead.
+   * Kept for backward compatibility during the migration window.
+   */
   autoApproved?: boolean;
   /** How the approval decision was reached: prompted, auto, blocked, or unknown (legacy). */
   approvalMode?: string;
@@ -360,7 +363,7 @@ export interface HistoryResponseToolCall {
   riskThreshold?: string;
 }
 
-export interface HistoryResponseSurface {
+interface HistoryResponseSurface {
   surfaceId: string;
   surfaceType: string;
   title?: string;

package/src/daemon/message-types/host-app-control.ts

@@ -0,0 +1,150 @@
+// Host app-control proxy types.
+// Enables proxying app-control actions (start, observe, press, combo, type,
+// click, drag, stop) to the desktop client (host machine) when running as a
+// managed assistant. Targets a specific application by bundle ID or process
+// name — distinct from the system-wide computer-use proxy in host-cu.ts.
+
+// === Tool input discriminated union ===
+
+/** Inputs accepted by the nine app-control tool variants. */
+export type HostAppControlInput =
+  | HostAppControlStartInput
+  | HostAppControlObserveInput
+  | HostAppControlPressInput
+  | HostAppControlComboInput
+  | HostAppControlSequenceInput
+  | HostAppControlTypeInput
+  | HostAppControlClickInput
+  | HostAppControlDragInput
+  | HostAppControlStopInput;
+
+export interface HostAppControlStartInput {
+  tool: "start";
+  /** Bundle ID (preferred) or process name. */
+  app: string;
+  /** Optional command-line arguments to launch the app with. */
+  args?: string[];
+}
+
+export interface HostAppControlObserveInput {
+  tool: "observe";
+  app: string;
+  /**
+   * Milliseconds to wait between receiving the request and capturing the
+   * window. Lets the target app process pending input and the WindowServer
+   * composite a fresh frame. When omitted, the client uses its default
+   * (~200ms, sized for emulator-class apps at 60fps). Pass `0` for static
+   * UIs to make `observe` snappier; raise it for slow-feedback apps.
+   */
+  settle_ms?: number;
+}
+
+export interface HostAppControlPressInput {
+  tool: "press";
+  app: string;
+  /** Single key identifier, e.g. "return", "a", "f12". */
+  key: string;
+  /** Modifier list, e.g. ["cmd", "shift"]. */
+  modifiers?: string[];
+  /** Hold duration in milliseconds. */
+  duration_ms?: number;
+}
+
+export interface HostAppControlComboInput {
+  tool: "combo";
+  app: string;
+  /** Sequence of keys pressed simultaneously, e.g. ["cmd", "shift", "4"]. */
+  keys: string[];
+  /** Hold duration in milliseconds. */
+  duration_ms?: number;
+}
+
+/** A single step inside a sequence: one key press with optional modifiers, hold duration, and post-press gap. */
+export interface HostAppControlSequenceStep {
+  /** Single key identifier, e.g. "right", "a", "return". */
+  key: string;
+  /** Modifier list, e.g. ["cmd", "shift"]. Omit for no modifiers. */
+  modifiers?: string[];
+  /** Hold duration for this key in milliseconds. */
+  duration_ms?: number;
+  /** Pause after this step before starting the next, in milliseconds. */
+  gap_ms?: number;
+}
+
+export interface HostAppControlSequenceInput {
+  tool: "sequence";
+  app: string;
+  /** Ordered list of single-key presses to execute serially. */
+  steps: HostAppControlSequenceStep[];
+}
+
+export interface HostAppControlTypeInput {
+  tool: "type";
+  app: string;
+  text: string;
+}
+
+export interface HostAppControlClickInput {
+  tool: "click";
+  app: string;
+  x: number;
+  y: number;
+  button?: "left" | "right" | "middle";
+  double?: boolean;
+}
+
+export interface HostAppControlDragInput {
+  tool: "drag";
+  app: string;
+  from_x: number;
+  from_y: number;
+  to_x: number;
+  to_y: number;
+  button?: "left" | "right" | "middle";
+}
+
+export interface HostAppControlStopInput {
+  tool: "stop";
+  /** Optional — when omitted the proxy stops whichever app currently holds the session. */
+  app?: string;
+  /** Free-form reason, surfaced for logging. */
+  reason?: string;
+}
+
+// === Server → Client ===
+
+export interface HostAppControlRequest {
+  type: "host_app_control_request";
+  requestId: string;
+  conversationId: string;
+  toolName: string; // "app_control_start", "app_control_observe", etc.
+  input: HostAppControlInput;
+}
+
+export interface HostAppControlCancel {
+  type: "host_app_control_cancel";
+  requestId: string;
+  conversationId: string;
+}
+
+// === Result payload (HTTP /v1/host-app-control-result body) ===
+
+/** Lifecycle state of the targeted application as seen by the client. */
+export type HostAppControlState = "running" | "missing" | "minimized";
+
+export interface HostAppControlResultPayload {
+  requestId: string;
+  state: HostAppControlState;
+  /** Base64-encoded PNG screenshot of the targeted app window, when available. */
+  pngBase64?: string;
+  /** Window bounds in screen-space points. */
+  windowBounds?: { x: number; y: number; width: number; height: number };
+  executionResult?: string;
+  executionError?: string;
+}
+
+// --- Domain-level union aliases (consumed by the barrel file) ---
+
+export type _HostAppControlServerMessages =
+  | HostAppControlRequest
+  | HostAppControlCancel;

package/src/daemon/message-types/host-bash.ts

@@ -13,12 +13,16 @@ export interface HostBashRequest {
   timeout_seconds?: number;
   /** Extra environment variables to inject into the subprocess (e.g. VELLUM_UNTRUSTED_SHELL). */
   env?: Record<string, string>;
+  /** When set, route this request only to the client with this ID. */
+  targetClientId?: string;
 }
 
 export interface HostBashCancelRequest {
   type: "host_bash_cancel";
   requestId: string;
   conversationId: string;
+  /** When set, route this cancel only to the client that owns the request. */
+  targetClientId?: string;
 }
 
 // --- Domain-level union aliases (consumed by the barrel file) ---