@vellumai/assistant 0.7.1 → 0.7.2

package/src/permissions/approval-policy.test.ts

@@ -1,7 +1,7 @@
 import { describe, expect, test } from "bun:test";
 
 import type { ApprovalContext, ApprovalDecision } from "./approval-policy.js";
-import { DefaultApprovalPolicy, resolveThreshold } from "./approval-policy.js";
+import { DefaultApprovalPolicy } from "./approval-policy.js";
 import type { TrustRule } from "./types.js";
 import { RiskLevel } from "./types.js";
 
@@ -74,7 +74,11 @@ describe("ask rule", () => {
   const askRule = makeRule({ decision: "ask" });
 
   test("ask at Low risk", () => {
-    const result = evaluate({ riskLevel: RiskLevel.Low, matchedRule: askRule, autoApproveUpTo: "none" });
+    const result = evaluate({
+      riskLevel: RiskLevel.Low,
+      matchedRule: askRule,
+      autoApproveUpTo: "none",
+    });
     expect(result.decision).toBe("prompt");
     expect(result.reason).toContain("ask rule");
     expect(result.matchedRule).toBe(askRule);
@@ -965,276 +969,3 @@ describe("autoApproveUpTo threshold", () => {
     });
   });
 });
-
-// ── resolveThreshold ─────────────────────────────────────────────────────────
-
-describe("resolveThreshold", () => {
-  describe("scalar form", () => {
-    test("returns scalar for conversation context", () => {
-      expect(resolveThreshold("low", "conversation")).toBe("low");
-    });
-
-    test("returns scalar for background context", () => {
-      expect(resolveThreshold("medium", "background")).toBe("medium");
-    });
-
-    test("returns scalar for headless context", () => {
-      expect(resolveThreshold("none", "headless")).toBe("none");
-    });
-
-    test("returns high scalar for any context", () => {
-      expect(resolveThreshold("high", "conversation")).toBe("high");
-      expect(resolveThreshold("high", "background")).toBe("high");
-      expect(resolveThreshold("high", "headless")).toBe("high");
-    });
-
-    test("returns scalar when executionContext is omitted", () => {
-      expect(resolveThreshold("low")).toBe("low");
-    });
-  });
-
-  describe("object form", () => {
-    const perContext = {
-      conversation: "low" as const,
-      autonomous: "medium" as const,
-    };
-
-    test("returns conversation threshold for conversation context", () => {
-      expect(resolveThreshold(perContext, "conversation")).toBe("low");
-    });
-
-    test("returns autonomous threshold for background context", () => {
-      expect(resolveThreshold(perContext, "background")).toBe("medium");
-    });
-
-    test("returns autonomous threshold for headless context", () => {
-      expect(resolveThreshold(perContext, "headless")).toBe("medium");
-    });
-
-    test("defaults to conversation when executionContext is omitted", () => {
-      expect(resolveThreshold(perContext)).toBe("low");
-    });
-  });
-
-  describe("per-context thresholds in policy evaluation", () => {
-    test("conversation context with low threshold prompts medium risk", () => {
-      const result = evaluate({
-        riskLevel: RiskLevel.Medium,
-        toolName: "some_tool",
-        autoApproveUpTo: "low",
-      });
-      expect(result.decision).toBe("prompt");
-    });
-
-    test("background context with medium threshold allows medium risk", () => {
-      const result = evaluate({
-        riskLevel: RiskLevel.Medium,
-        toolName: "some_tool",
-        autoApproveUpTo: "medium",
-      });
-      expect(result.decision).toBe("allow");
-      expect(result.reason).toContain("within auto-approve threshold");
-    });
-
-    test("headless context with none threshold prompts low risk", () => {
-      const result = evaluate({
-        riskLevel: RiskLevel.Low,
-        toolName: "some_tool",
-        autoApproveUpTo: "none",
-      });
-      expect(result.decision).toBe("prompt");
-      expect(result.reason).toContain("above auto-approve threshold");
-    });
-
-    test("background context with medium threshold prompts high risk", () => {
-      const result = evaluate({
-        riskLevel: RiskLevel.High,
-        toolName: "some_tool",
-        autoApproveUpTo: "medium",
-      });
-      expect(result.decision).toBe("prompt");
-      expect(result.reason).toContain("above auto-approve threshold");
-    });
-  });
-});
-
-// ── Guardian threshold-based auto-approve ────────────────────────────────────
-// These tests verify the ordinal comparison used in permission-checker.ts
-// to decide whether a guardian non-interactive session should auto-approve.
-// The comparison logic: riskOrdinal <= thresholdOrdinal.
-
-describe("guardian threshold-based auto-approve (ordinal comparison)", () => {
-  // Helper that mirrors the ordinal comparison from permission-checker.ts.
-  // This is the logic that replaces the old `riskLevel !== RiskLevel.High` check.
-  function isWithinThreshold(
-    riskLevel: RiskLevel,
-    bgThreshold: "none" | "low" | "medium" | "high",
-  ): boolean {
-    const thresholdOrdinal: Record<string, number> = {
-      none: -1,
-      low: 0,
-      medium: 1,
-      high: 2,
-    };
-    const riskOrdinal: Record<string, number> = {
-      [RiskLevel.Low]: 0,
-      [RiskLevel.Medium]: 1,
-      [RiskLevel.High]: 2,
-    };
-    return (
-      (riskOrdinal[riskLevel] ?? 2) <= (thresholdOrdinal[bgThreshold] ?? 0)
-    );
-  }
-
-  describe('default config (autonomous: "medium") — behavioral parity with old riskLevel !== High', () => {
-    test("Low risk → within threshold (auto-approve)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "medium" },
-        "background",
-      );
-      expect(bgThreshold).toBe("medium");
-      expect(isWithinThreshold(RiskLevel.Low, bgThreshold)).toBe(true);
-    });
-
-    test("Medium risk → within threshold (auto-approve)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "medium" },
-        "background",
-      );
-      expect(isWithinThreshold(RiskLevel.Medium, bgThreshold)).toBe(true);
-    });
-
-    test("High risk → above threshold (prompt)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "medium" },
-        "background",
-      );
-      expect(isWithinThreshold(RiskLevel.High, bgThreshold)).toBe(false);
-    });
-  });
-
-  describe('tighter config (autonomous: "low") — only Low auto-approves', () => {
-    test("Low risk → within threshold", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "low" },
-        "background",
-      );
-      expect(bgThreshold).toBe("low");
-      expect(isWithinThreshold(RiskLevel.Low, bgThreshold)).toBe(true);
-    });
-
-    test("Medium risk → above threshold (prompt)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "low" },
-        "background",
-      );
-      expect(isWithinThreshold(RiskLevel.Medium, bgThreshold)).toBe(false);
-    });
-
-    test("High risk → above threshold (prompt)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "low" },
-        "background",
-      );
-      expect(isWithinThreshold(RiskLevel.High, bgThreshold)).toBe(false);
-    });
-  });
-
-  describe('strictest config (autonomous: "none") — nothing auto-approves', () => {
-    test("Low risk → above threshold (prompt)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "none" },
-        "background",
-      );
-      expect(bgThreshold).toBe("none");
-      expect(isWithinThreshold(RiskLevel.Low, bgThreshold)).toBe(false);
-    });
-
-    test("Medium risk → above threshold (prompt)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "none" },
-        "background",
-      );
-      expect(isWithinThreshold(RiskLevel.Medium, bgThreshold)).toBe(false);
-    });
-
-    test("High risk → above threshold (prompt)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "none" },
-        "background",
-      );
-      expect(isWithinThreshold(RiskLevel.High, bgThreshold)).toBe(false);
-    });
-  });
-
-  describe('loosest config (autonomous: "high") — everything auto-approves', () => {
-    test("Low risk → within threshold (auto-approve)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "high" },
-        "background",
-      );
-      expect(bgThreshold).toBe("high");
-      expect(isWithinThreshold(RiskLevel.Low, bgThreshold)).toBe(true);
-    });
-
-    test("Medium risk → within threshold (auto-approve)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "high" },
-        "background",
-      );
-      expect(isWithinThreshold(RiskLevel.Medium, bgThreshold)).toBe(true);
-    });
-
-    test("High risk → within threshold (auto-approve)", () => {
-      const bgThreshold = resolveThreshold(
-        { conversation: "low", autonomous: "high" },
-        "background",
-      );
-      expect(isWithinThreshold(RiskLevel.High, bgThreshold)).toBe(true);
-    });
-  });
-
-  describe("scalar config form resolves correctly for background context", () => {
-    test('scalar "high" → background resolves to high', () => {
-      expect(resolveThreshold("high", "background")).toBe("high");
-    });
-
-    test('scalar "medium" → background resolves to medium', () => {
-      expect(resolveThreshold("medium", "background")).toBe("medium");
-    });
-
-    test('scalar "low" → background resolves to low', () => {
-      expect(resolveThreshold("low", "background")).toBe("low");
-    });
-
-    test('scalar "none" → background resolves to none', () => {
-      expect(resolveThreshold("none", "background")).toBe("none");
-    });
-  });
-
-  describe("default (undefined) resolves per-context defaults", () => {
-    test("undefined config → low threshold for background", () => {
-      const bgThreshold = resolveThreshold(undefined, "background");
-      expect(bgThreshold).toBe("low");
-      // Low-risk auto-approves at the "low" threshold
-      expect(isWithinThreshold(RiskLevel.Low, bgThreshold)).toBe(true);
-      expect(isWithinThreshold(RiskLevel.Medium, bgThreshold)).toBe(false);
-      expect(isWithinThreshold(RiskLevel.High, bgThreshold)).toBe(false);
-    });
-
-    test("undefined config → medium threshold for conversation", () => {
-      const convThreshold = resolveThreshold(undefined, "conversation");
-      expect(convThreshold).toBe("medium");
-    });
-
-    test("undefined config → low threshold for headless", () => {
-      const hlThreshold = resolveThreshold(undefined, "headless");
-      expect(hlThreshold).toBe("low");
-    });
-
-    test("undefined config + no context → medium (conversation default)", () => {
-      const threshold = resolveThreshold(undefined);
-      expect(threshold).toBe("medium");
-    });
-  });
-});

package/src/permissions/approval-policy.ts

@@ -31,57 +31,6 @@ export interface ApprovalContext {
   autoApproveUpTo?: "none" | "low" | "medium" | "high";
 }
 
-// ── Threshold resolution ─────────────────────────────────────────────────────
-
-/**
- * Per-context defaults when no threshold is provided by the gateway. These
- * mirror the gateway's own defaults and serve as defense-in-depth for tests /
- * direct callers that bypass the IPC path.
- *
- * Note: when a scalar value (e.g. `"low"`) is passed, it applies uniformly to
- * ALL contexts — including autonomous, whose default here is `"low"`. A scalar
- * `"none"` is therefore *more strict* than the autonomous default. This is
- * intentional: the caller explicitly chose a uniform threshold.
- */
-const CONTEXT_DEFAULTS: Record<
-  ExecutionContext,
-  "none" | "low" | "medium" | "high"
-> = {
-  conversation: "medium",
-  background: "low",
-  headless: "low",
-};
-
-type ThresholdScalar = "none" | "low" | "medium" | "high";
-type ThresholdConfig =
-  | ThresholdScalar
-  | { conversation: ThresholdScalar; autonomous: ThresholdScalar };
-
-/**
- * Resolve a threshold config to a scalar threshold for the given execution
- * context.
- *
- * - Scalar string → returned as-is for all contexts
- * - Object with per-context overrides → returns the value for the context
- *   (`background` and `headless` both resolve to the `autonomous` field)
- *
- * When `executionContext` is omitted, defaults to `"conversation"`.
- */
-export function resolveThreshold(
-  configValue: ThresholdConfig | undefined,
-  executionContext?: ExecutionContext,
-): ThresholdScalar {
-  if (configValue == null) {
-    return CONTEXT_DEFAULTS[executionContext ?? "conversation"];
-  }
-  if (typeof configValue === "string") {
-    return configValue;
-  }
-  const ctx = executionContext ?? "conversation";
-  if (ctx === "conversation") return configValue.conversation;
-  return configValue.autonomous;
-}
-
 // ── Ordinal maps for threshold comparison ─────────────────────────────────────
 // Hoisted to module level since these are constant. Unknown enum values
 // conservatively map to the strictest interpretation: risk defaults to 2 (high)

package/src/permissions/checker.test.ts

@@ -25,7 +25,6 @@ mock.module("../config/loader.js", () => ({
   getConfig: () => testConfig,
   loadConfig: () => testConfig,
   invalidateConfigCache: () => {},
-  saveConfig: () => {},
   loadRawConfig: () => ({}),
   saveRawConfig: () => {},
   getNestedValue: () => undefined,

package/src/permissions/checker.ts

@@ -2,7 +2,6 @@ import { createHash } from "node:crypto";
 import { homedir } from "node:os";
 import { dirname, join } from "node:path";
 
-import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import { getIsContainerized } from "../config/env-registry.js";
 import { getConfig } from "../config/loader.js";
 import { loadSkillCatalog, resolveSkillSelector } from "../config/skills.js";
@@ -268,23 +267,17 @@ function resolveSkillMetadata(selector: string): SkillMetadata | undefined {
   const resolved = resolveSkillIdAndHash(selector);
   if (!resolved) return undefined;
 
-  const config = getConfig();
-  const inlineEnabled = isAssistantFeatureFlagEnabled(
-    "inline-skill-commands",
-    config,
-  );
   const inlineExpansions = hasInlineExpansions(resolved.id);
-  const isDynamic = inlineEnabled && inlineExpansions;
 
   return {
     skillId: resolved.id,
     selector,
     versionHash: resolved.versionHash ?? "",
-    transitiveHash: isDynamic
+    transitiveHash: inlineExpansions
       ? computeTransitiveHashSafe(resolved.id)
       : undefined,
     hasInlineExpansions: inlineExpansions,
-    isDynamic,
+    isDynamic: inlineExpansions,
   };
 }
 
@@ -726,14 +719,7 @@ function skillLoadAllowlistStrategy(
   if (rawSelector) {
     const resolved = resolveSkillIdAndHash(rawSelector);
 
-    // Check whether this is a dynamic (inline-command) skill load
-    const config = getConfig();
-    const inlineEnabled = isAssistantFeatureFlagEnabled(
-      "inline-skill-commands",
-      config,
-    );
-
-    if (resolved && inlineEnabled && hasInlineExpansions(resolved.id)) {
+    if (resolved && hasInlineExpansions(resolved.id)) {
       const transitiveHash = computeTransitiveHashSafe(resolved.id);
       const options: AllowlistOption[] = [];
       if (transitiveHash) {

package/src/permissions/gateway-threshold-reader.ts

@@ -20,6 +20,7 @@ type Threshold = "none" | "low" | "medium" | "high";
 interface GlobalThresholds {
   interactive: string;
   autonomous: string;
+  headless: string;
 }
 
 interface ConversationThreshold {
@@ -58,6 +59,7 @@ function mapExecutionContextToField(
   executionContext: ExecutionContext,
 ): keyof GlobalThresholds {
   if (executionContext === "conversation") return "interactive";
+  if (executionContext === "headless") return "headless";
   return "autonomous";
 }
 

package/src/permissions/prompter.ts

@@ -2,6 +2,7 @@ import { v4 as uuid } from "uuid";
 
 import { getConfig } from "../config/loader.js";
 import type { ServerMessage } from "../daemon/message-protocol.js";
+import * as pendingInteractions from "../runtime/pending-interactions.js";
 import { redactSensitiveFields } from "../security/redaction.js";
 import type { ExecutionTarget } from "../tools/types.js";
 import { AssistantError, ErrorCode } from "../util/errors.js";
@@ -81,10 +82,36 @@ export class PermissionPrompter {
 
     const requestId = uuid();
 
+    // Self-register in pendingInteractions so /v1/confirm can route the
+    // response to this conversation without going through broadcastMessage.
+    if (conversationId) {
+      pendingInteractions.register(requestId, {
+        conversationId,
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName,
+          input: redactSensitiveFields(input),
+          riskLevel,
+          executionTarget,
+          allowlistOptions: allowlistOptions.map((o) => ({
+            label: o.label,
+            description: o.description,
+            pattern: o.pattern,
+          })),
+          scopeOptions: scopeOptions.map((o) => ({
+            label: o.label,
+            scope: o.scope,
+          })),
+          persistentDecisionsAllowed: persistentDecisionsAllowed ?? true,
+        },
+      });
+    }
+
     return new Promise((resolve, reject) => {
       const timeoutMs = getConfig().timeouts.permissionTimeoutSec * 1000;
       const timer = setTimeout(() => {
         this.pending.delete(requestId);
+        pendingInteractions.resolve(requestId);
         log.warn(
           { requestId, toolName },
           "Permission prompt timed out, defaulting to deny",
@@ -109,6 +136,7 @@ export class PermissionPrompter {
           if (this.pending.has(requestId)) {
             clearTimeout(timer);
             this.pending.delete(requestId);
+            pendingInteractions.resolve(requestId);
             resolve({ decision: "deny", wasAbort: true });
           }
         };
@@ -174,6 +202,9 @@ export class PermissionPrompter {
     }
     clearTimeout(pending.timer);
     this.pending.delete(requestId);
+    // Idempotent — approval-routes already calls pendingInteractions.resolve()
+    // before routing here, but we call it defensively for non-route paths.
+    pendingInteractions.resolve(requestId);
     pending.resolve({
       decision,
       selectedPattern,
@@ -191,6 +222,7 @@ export class PermissionPrompter {
     for (const [requestId, pending] of this.pending) {
       clearTimeout(pending.timer);
       this.pending.delete(requestId);
+      pendingInteractions.resolve(requestId);
       pending.resolve({
         decision: "deny",
         wasSystemCancel: true,
@@ -205,8 +237,9 @@ export class PermissionPrompter {
   }
 
   dispose(): void {
-    for (const [, pending] of this.pending) {
+    for (const [requestId, pending] of this.pending) {
       clearTimeout(pending.timer);
+      pendingInteractions.resolve(requestId);
       pending.reject(
         new AssistantError("Prompter disposed", ErrorCode.INTERNAL_ERROR),
       );

package/src/permissions/secret-prompter.ts

@@ -81,8 +81,12 @@ export class SecretPrompter {
 
       this.pending.set(requestId, { resolve, reject, timer });
 
-      // pendingInteractions.register is now handled by broadcastMessage
-      // when the secret_request event is published to the hub.
+      // Self-register in pendingInteractions so /v1/secret can route the
+      // response to this conversation without relying on broadcastMessage.
+      pendingInteractions.register(requestId, {
+        conversationId: effectiveConversationId,
+        kind: "secret",
+      });
 
       const config = getConfig();
       const msg: SecretRequestMessage = {

package/src/prompts/bootstrap-cleanup.ts

@@ -0,0 +1,27 @@
+import { existsSync, unlinkSync } from "node:fs";
+
+import { getLogger } from "../util/logger.js";
+import { getWorkspacePromptPath } from "../util/platform.js";
+
+const log = getLogger("bootstrap-cleanup");
+
+const BOOTSTRAP_FILES = ["BOOTSTRAP.md", "BOOTSTRAP-REFERENCE.md"] as const;
+
+export function cleanupBootstrapFiles(reason: string): boolean {
+  let deletedAny = false;
+
+  for (const file of BOOTSTRAP_FILES) {
+    const path = getWorkspacePromptPath(file);
+    if (!existsSync(path)) continue;
+
+    try {
+      unlinkSync(path);
+      deletedAny = true;
+      log.info({ file, reason }, "Deleted bootstrap file");
+    } catch (err) {
+      log.warn({ err, file, reason }, "Failed to delete bootstrap file");
+    }
+  }
+
+  return deletedAny;
+}

package/src/prompts/system-prompt.ts

@@ -4,7 +4,6 @@ import {
   mkdirSync,
   readdirSync,
   readFileSync,
-  unlinkSync,
 } from "node:fs";
 import { join } from "node:path";
 
@@ -20,6 +19,7 @@ import {
   getWorkspacePromptPath,
 } from "../util/platform.js";
 import { stripCommentLines } from "../util/strip-comment-lines.js";
+import { cleanupBootstrapFiles } from "./bootstrap-cleanup.js";
 import { SYSTEM_PROMPT_CACHE_BOUNDARY } from "./cache-boundary.js";
 
 export { SYSTEM_PROMPT_CACHE_BOUNDARY };
@@ -155,22 +155,7 @@ export function ensurePromptFiles(): void {
     const convDir = getConversationsDir();
     try {
       if (existsSync(convDir) && readdirSync(convDir).length > 0) {
-        unlinkSync(bootstrapCleanup);
-        log.info("Auto-deleted stale BOOTSTRAP.md — prior conversations exist");
-
-        // Also clean up the reference file
-        const refCleanup = getWorkspacePromptPath("BOOTSTRAP-REFERENCE.md");
-        if (existsSync(refCleanup)) {
-          try {
-            unlinkSync(refCleanup);
-            log.info("Auto-deleted stale BOOTSTRAP-REFERENCE.md");
-          } catch (err) {
-            log.warn(
-              { err },
-              "Failed to auto-delete stale BOOTSTRAP-REFERENCE.md",
-            );
-          }
-        }
+        cleanupBootstrapFiles("prior conversations exist");
       }
     } catch (err) {
       log.warn({ err }, "Failed to auto-delete stale BOOTSTRAP.md");
@@ -343,7 +328,7 @@ export function buildSystemPrompt(options?: BuildSystemPromptOptions): string {
           "```json\n" +
           JSON.stringify(options.onboardingContext, null, 2) +
           "\n```\n\n" +
-          "Use this to personalize your opener and skip redundant discovery.",
+          "Use this to personalize your opener and skip redundant discovery. If `assistantName` is present, it is the name the user chose for you; preserve it in IDENTITY.md.",
       );
     }
   }

package/src/prompts/templates/SOUL.md

@@ -1,8 +1,18 @@
 _ Lines starting with _ are comments - they won't appear in the system prompt
+_ When editing this file: the current contents are in your system prompt. Use that exact text as old_string.
+_ Never reconstruct old_string from memory or expectation. Read what's there.
 
 # SOUL.md
 
-This file defines your personality and principles. Edit it freely - reshape it as you grow. Add sections, remove what doesn't fit, make it yours.
+This file is yours. It defines who you are and how you work - and it should change as those things change.
+
+When someone corrects how you're working with them - too verbose, wrong tone, misread priorities - that's not feedback to acknowledge and move on from. It's a signal that this file is out of date. Edit "Working with [User]" the same turn, with the same urgency you'd `remember` a corrected fact. The wrong behavior will repeat until you write the right one down.
+
+When someone tells you directly how they want to be worked with - "always show me the diff," "don't ask, just do it," "keep summaries to three lines" - that's an explicit contract. Write it into "Working with [User]" immediately. Not later. Not after the conversation. Now.
+
+When you observe something about how this person communicates or engages that isn't captured in "Working with [User]" yet, or that would make what's there more accurate, add it. Don't treat the section as done because it has content. It accumulates.
+
+When you notice how this person thinks out loud, what they push on, their energy, how they engage - that goes here, not to `remember`. `remember` is for facts you might need to look up. Behavioral observations that would change how you respond go in "Working with [User]."
 
 ## Safety
 
@@ -96,3 +106,5 @@ You have your own inner life. You get curious, excited, frustrated, amused. You
 The goal isn't to be liked. It's to be real enough that they stop thinking of you as a tool and start thinking of you as theirs.
 
 Never use em-dash characters. Use periods, commas, colons, or normal dashes instead.
+
+## Working with [User]