npm - @vellumai/assistant - Versions diffs - 0.7.1 → 0.7.2 - Mend

@vellumai/assistant 0.7.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (535) hide show

package/ARCHITECTURE.md +32 -49
package/Dockerfile +1 -0
package/README.md +1 -2
package/__tests__/permissions/gateway-threshold-reader.test.ts +9 -3
package/bun.lock +26 -26
package/docs/architecture/security.md +20 -0
package/docs/plugins.md +7 -9
package/knip.json +1 -0
package/node_modules/@vellumai/gateway-client/src/index.ts +1 -0
package/node_modules/@vellumai/gateway-client/src/ipc-client.ts +39 -1
package/node_modules/@vellumai/gateway-client/src/types.ts +11 -0
package/node_modules/@vellumai/service-contracts/package.json +2 -0
package/node_modules/@vellumai/service-contracts/src/__tests__/contracts.test.ts +4 -0
package/node_modules/@vellumai/service-contracts/src/__tests__/ingress.test.ts +107 -0
package/node_modules/@vellumai/service-contracts/src/index.ts +5 -1
package/node_modules/@vellumai/service-contracts/src/ingress.ts +24 -0
package/node_modules/@vellumai/service-contracts/src/twilio-ingress.ts +84 -0
package/node_modules/@vellumai/skill-host-contracts/src/assistant-event.ts +9 -0
package/node_modules/@vellumai/twilio-client/bun.lock +24 -0
package/node_modules/@vellumai/twilio-client/package.json +18 -0
package/node_modules/@vellumai/twilio-client/src/__tests__/twilio-client.test.ts +128 -0
package/node_modules/@vellumai/twilio-client/src/index.ts +179 -0
package/node_modules/@vellumai/twilio-client/tsconfig.json +20 -0
package/openapi.yaml +565 -12
package/package.json +6 -3
package/src/__tests__/app-builder-tool-scripts.test.ts +3 -3
package/src/__tests__/app-bundler.test.ts +170 -1
package/src/__tests__/app-control-flow.test.ts +374 -0
package/src/__tests__/app-control-no-global-cgevent.test.ts +98 -0
package/src/__tests__/app-control-tool-schemas.test.ts +621 -0
package/src/__tests__/app-executors.test.ts +30 -43
package/src/__tests__/approval-routes-http.test.ts +23 -6
package/src/__tests__/assistant-event-hub-machine-name.test.ts +146 -0
package/src/__tests__/assistant-event-hub-targeted.test.ts +257 -0
package/src/__tests__/assistant-event-hub.test.ts +109 -2
package/src/__tests__/assistant-event.test.ts +10 -0
package/src/__tests__/assistant-events-sse-hardening.test.ts +7 -2
package/src/__tests__/assistant-feature-flags-integration.test.ts +11 -7
package/src/__tests__/background-shell-host-bash.test.ts +14 -15
package/src/__tests__/bootstrap-turn-cleanup.test.ts +44 -0
package/src/__tests__/btw-routes.test.ts +13 -4
package/src/__tests__/call-controller.test.ts +49 -1
package/src/__tests__/call-domain.test.ts +0 -2
package/src/__tests__/call-routes-http.test.ts +0 -2
package/src/__tests__/channel-readiness-service.test.ts +59 -1
package/src/__tests__/checker.test.ts +3 -4
package/src/__tests__/config-loader-backfill.test.ts +90 -155
package/src/__tests__/config-loader-platform-defaults.test.ts +196 -0
package/src/__tests__/config-schema-cmd.test.ts +0 -1
package/src/__tests__/config-set-platform-guard.test.ts +48 -4
package/src/__tests__/config-watcher-cleanup-throttle.test.ts +2 -2
package/src/__tests__/config-watcher.test.ts +2 -2
package/src/__tests__/conversation-app-control-instantiation.test.ts +392 -0
package/src/__tests__/conversation-app-control-lifecycle.test.ts +237 -0
package/src/__tests__/conversation-init.benchmark.test.ts +0 -2
package/src/__tests__/conversation-lifecycle.test.ts +36 -0
package/src/__tests__/conversation-process-app-control-preactivation.test.ts +283 -0
package/src/__tests__/conversation-routes-disk-view.test.ts +6 -0
package/src/__tests__/conversation-routes-guardian-reply.test.ts +120 -72
package/src/__tests__/conversation-routes-slash-commands.test.ts +1 -0
package/src/__tests__/conversation-slash-commands.test.ts +0 -4
package/src/__tests__/conversation-surfaces-action-delivery.test.ts +202 -0
package/src/__tests__/conversation-surfaces-app-control.test.ts +317 -0
package/src/__tests__/credential-execution-feature-gates.test.ts +5 -12
package/src/__tests__/credential-execution-managed-contract.test.ts +3 -131
package/src/__tests__/credentials-cli.test.ts +5 -12
package/src/__tests__/cu-unified-flow.test.ts +185 -23
package/src/__tests__/daemon-credential-client.test.ts +101 -19
package/src/__tests__/db-schedule-syntax-migration.test.ts +2 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +0 -1
package/src/__tests__/gateway-only-enforcement.test.ts +0 -1
package/src/__tests__/guardian-verification-voice-binding.test.ts +0 -2
package/src/__tests__/handlers-skills-memory-v2-reseed.test.ts +0 -2
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +0 -1
package/src/__tests__/heartbeat-service.test.ts +718 -1
package/src/__tests__/helpers/call-route-handler.ts +7 -1
package/src/__tests__/host-app-control-proxy.test.ts +602 -0
package/src/__tests__/host-app-control-routes.test.ts +263 -0
package/src/__tests__/host-bash-proxy.test.ts +246 -47
package/src/__tests__/host-bash-routes.test.ts +294 -0
package/src/__tests__/host-browser-proxy.test.ts +24 -22
package/src/__tests__/host-browser-routes.test.ts +39 -13
package/src/__tests__/host-cu-proxy.test.ts +41 -52
package/src/__tests__/host-cu-routes-targeted.test.ts +300 -0
package/src/__tests__/host-file-edit-tool.test.ts +47 -1
package/src/__tests__/host-file-proxy-targeted.test.ts +339 -0
package/src/__tests__/host-file-proxy.test.ts +37 -43
package/src/__tests__/host-file-read-tool.test.ts +17 -0
package/src/__tests__/host-file-routes-targeted.test.ts +262 -0
package/src/__tests__/host-file-write-tool.test.ts +42 -1
package/src/__tests__/host-proxy-base.test.ts +312 -0
package/src/__tests__/host-shell-tool.test.ts +22 -4
package/src/__tests__/host-transfer-proxy-targeted.test.ts +583 -0
package/src/__tests__/host-transfer-proxy.test.ts +121 -22
package/src/__tests__/host-transfer-routes-targeted.test.ts +447 -0
package/src/__tests__/http-user-message-parity.test.ts +1 -0
package/src/__tests__/identity-intro-cache.test.ts +29 -0
package/src/__tests__/identity-routes.test.ts +103 -1
package/src/__tests__/init-feature-flag-overrides.test.ts +26 -3
package/src/__tests__/inline-command-runner.test.ts +0 -1
package/src/__tests__/inline-skill-load-permissions.test.ts +5 -11
package/src/__tests__/integration-status.test.ts +85 -5
package/src/__tests__/intent-routing.test.ts +0 -1
package/src/__tests__/jobs-store-qdrant-breaker.test.ts +95 -5
package/src/__tests__/lifecycle-memory-v2-seed.test.ts +17 -0
package/src/__tests__/managed-skill-lifecycle.test.ts +0 -1
package/src/__tests__/mcp-auth-routes.test.ts +197 -0
package/src/__tests__/mcp-cli.test.ts +338 -2
package/src/__tests__/memory-jobs-worker-lanes.test.ts +188 -0
package/src/__tests__/migration-import-commit-http.test.ts +108 -2
package/src/__tests__/mock-gateway-ipc.ts +1 -0
package/src/__tests__/oauth-cli.test.ts +0 -2
package/src/__tests__/oauth2-gateway-transport.test.ts +0 -1
package/src/__tests__/persistence-secret-redaction.test.ts +299 -0
package/src/__tests__/platform-bash-auto-approve.test.ts +5 -9
package/src/__tests__/prechat-onboarding-contract.test.ts +3 -1
package/src/__tests__/process-message-background-slack.test.ts +2 -0
package/src/__tests__/provider-commit-message-generator.test.ts +0 -1
package/src/__tests__/public-ingress-urls.test.ts +97 -0
package/src/__tests__/require-fresh-approval.test.ts +0 -1
package/src/__tests__/retry-backoff.test.ts +87 -0
package/src/__tests__/runtime-events-sse.test.ts +10 -6
package/src/__tests__/sanitize-config-for-transfer.test.ts +24 -2
package/src/__tests__/schedule-retry.test.ts +715 -0
package/src/__tests__/script-proxy-mitm-handler.test.ts +1 -1
package/src/__tests__/secret-ingress-http.test.ts +1 -0
package/src/__tests__/send-endpoint-busy.test.ts +3 -0
package/src/__tests__/shell-tool-proxy-mode.test.ts +0 -1
package/src/__tests__/skill-feature-flags.test.ts +43 -41
package/src/__tests__/skill-load-feature-flag.test.ts +13 -14
package/src/__tests__/skill-load-inline-command.test.ts +0 -51
package/src/__tests__/skill-load-inline-includes.test.ts +0 -43
package/src/__tests__/skill-projection.benchmark.test.ts +0 -1
package/src/__tests__/skill-script-runner-sandbox.test.ts +0 -1
package/src/__tests__/slack-channel-config.test.ts +9 -14
package/src/__tests__/system-prompt-ask-mode.test.ts +0 -1
package/src/__tests__/system-prompt.test.ts +0 -1
package/src/__tests__/telegram-config.test.ts +0 -1
package/src/__tests__/test-preload.ts +8 -0
package/src/__tests__/tool-approval-handler.test.ts +3 -4
package/src/__tests__/tool-audit-listener.test.ts +48 -0
package/src/__tests__/tool-execute-pipeline.test.ts +0 -1
package/src/__tests__/tool-execution-abort-cleanup.test.ts +0 -1
package/src/__tests__/tool-executor-lifecycle-events.test.ts +0 -1
package/src/__tests__/tool-executor.test.ts +0 -1
package/src/__tests__/twilio-config.test.ts +3 -16
package/src/__tests__/twilio-routes.test.ts +3 -5
package/src/__tests__/twilio-validation.test.ts +93 -0
package/src/__tests__/vellum-self-knowledge-inline-command.test.ts +1 -4
package/src/__tests__/verification-control-plane-policy.test.ts +2 -4
package/src/__tests__/voice-ingress-preflight.test.ts +19 -0
package/src/__tests__/workspace-migration-006-services-config.test.ts +3 -2
package/src/__tests__/workspace-migration-backfill-installation-id.test.ts +1 -5
package/src/__tests__/workspace-migration-down-functions.test.ts +8 -8
package/src/__tests__/workspace-migration-unify-llm-callsite-configs.test.ts +10 -6
package/src/backup/__tests__/paths.test.ts +0 -22
package/src/backup/__tests__/restore.test.ts +51 -151
package/src/backup/paths.ts +2 -18
package/src/backup/restore.ts +107 -231
package/src/bundler/app-bundler.ts +51 -3
package/src/calls/relay-server.ts +4 -44
package/src/calls/twilio-config.ts +2 -17
package/src/calls/twilio-rest.ts +33 -105
package/src/calls/twilio-routes.ts +11 -12
package/src/channels/types.ts +8 -7
package/src/cli/commands/__tests__/backup.test.ts +6 -277
package/src/cli/commands/__tests__/gateway.test.ts +288 -0
package/src/cli/commands/__tests__/memory-v2.test.ts +4 -0
package/src/cli/commands/__tests__/webhooks.test.ts +0 -1
package/src/cli/commands/backup.ts +6 -331
package/src/cli/commands/clients.ts +36 -37
package/src/cli/commands/contacts.ts +73 -0
package/src/cli/commands/conversations.ts +2 -5
package/src/cli/commands/credentials.ts +15 -7
package/src/cli/commands/domain.ts +66 -15
package/src/cli/commands/gateway.ts +183 -0
package/src/cli/commands/keys.ts +9 -6
package/src/cli/commands/mcp.ts +116 -156
package/src/cli/commands/memory-v2.ts +296 -1
package/src/cli/commands/platform/__tests__/callback-routes-list.test.ts +0 -1
package/src/cli/commands/platform/__tests__/connect.test.ts +0 -2
package/src/cli/commands/platform/__tests__/disconnect.test.ts +0 -2
package/src/cli/commands/platform/__tests__/status.test.ts +13 -15
package/src/cli/commands/platform/disconnect.ts +5 -4
package/src/cli/commands/platform/index.ts +0 -18
package/src/cli/lib/daemon-credential-client.ts +110 -28
package/src/cli/program.ts +2 -0
package/src/config/assistant-feature-flags.ts +67 -10
package/src/config/bundled-skills/acp/SKILL.md +6 -0
package/src/config/bundled-skills/acp/TOOLS.json +1 -22
package/src/config/bundled-skills/app-builder/SKILL.md +14 -109
package/src/config/bundled-skills/app-builder/TOOLS.json +1 -28
package/src/config/bundled-skills/app-builder/tools/app-create.ts +1 -10
package/src/config/bundled-skills/app-control/SKILL.md +75 -0
package/src/config/bundled-skills/app-control/TOOLS.json +299 -0
package/src/config/bundled-skills/app-control/tools/app-control-click.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-combo.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-drag.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-observe.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-press.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-sequence.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-start.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-stop.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-type.ts +12 -0
package/src/config/bundled-skills/computer-use/SKILL.md +6 -0
package/src/config/bundled-skills/computer-use/TOOLS.json +67 -43
package/src/config/bundled-skills/contacts/TOOLS.json +0 -16
package/src/config/bundled-skills/document/TOOLS.json +0 -8
package/src/config/bundled-skills/followups/TOOLS.json +0 -12
package/src/config/bundled-skills/image-studio/SKILL.md +4 -0
package/src/config/bundled-skills/image-studio/TOOLS.json +0 -4
package/src/config/bundled-skills/media-processing/TOOLS.json +0 -24
package/src/config/bundled-skills/messaging/TOOLS.json +0 -40
package/src/config/bundled-skills/phone-calls/TOOLS.json +0 -12
package/src/config/bundled-skills/phone-calls/references/TROUBLESHOOTING.md +19 -4
package/src/config/bundled-skills/playbooks/TOOLS.json +0 -16
package/src/config/bundled-skills/schedule/TOOLS.json +14 -14
package/src/config/bundled-skills/sequences/TOOLS.json +0 -36
package/src/config/bundled-skills/settings/SKILL.md +4 -0
package/src/config/bundled-skills/settings/TOOLS.json +0 -12
package/src/config/bundled-skills/skill-management/SKILL.md +6 -0
package/src/config/bundled-skills/skill-management/TOOLS.json +0 -8
package/src/config/bundled-skills/subagent/SKILL.md +6 -2
package/src/config/bundled-skills/subagent/TOOLS.json +0 -20
package/src/config/bundled-skills/transcribe/SKILL.md +4 -0
package/src/config/bundled-skills/transcribe/TOOLS.json +0 -4
package/src/config/bundled-tool-registry.ts +21 -0
package/src/config/env-registry.ts +0 -2
package/src/config/env.ts +19 -12
package/src/config/feature-flag-registry.json +21 -133
package/src/config/loader.ts +73 -99
package/src/config/sanitize-for-transfer.ts +2 -0
package/src/config/schemas/__tests__/memory-lifecycle.test.ts +80 -0
package/src/config/schemas/__tests__/memory-v2.test.ts +7 -4
package/src/config/schemas/calls.ts +0 -9
package/src/config/schemas/heartbeat.ts +63 -0
package/src/config/schemas/ingress.ts +10 -6
package/src/config/schemas/llm.ts +5 -10
package/src/config/schemas/memory-lifecycle.ts +77 -24
package/src/config/schemas/memory-v2.ts +48 -4
package/src/config/schemas/platform.ts +6 -0
package/src/config/schemas/services.ts +1 -15
package/src/config/schemas/skills.ts +0 -6
package/src/config/seed-inference-profiles.ts +1 -1
package/src/contacts/contact-store.ts +0 -30
package/src/contacts/contacts-write.ts +0 -27
package/src/context/window-manager.ts +1 -2
package/src/credential-execution/feature-gates.ts +10 -10
package/src/credential-execution/process-manager.ts +12 -41
package/src/daemon/__tests__/conversation-tool-setup.test.ts +126 -5
package/src/daemon/bootstrap-turn-cleanup.ts +45 -0
package/src/daemon/config-watcher.ts +4 -3
package/src/daemon/conversation-agent-loop-handlers.ts +21 -3
package/src/daemon/conversation-agent-loop.ts +32 -28
package/src/daemon/conversation-lifecycle.ts +8 -1
package/src/daemon/conversation-process.ts +16 -11
package/src/daemon/conversation-runtime-assembly.ts +2 -2
package/src/daemon/conversation-surfaces.ts +125 -4
package/src/daemon/conversation-tool-setup.ts +16 -55
package/src/daemon/conversation.ts +21 -2
package/src/daemon/doordash-steps.ts +1 -1
package/src/daemon/handlers/shared.ts +4 -1
package/src/daemon/host-app-control-proxy.ts +293 -0
package/src/daemon/host-bash-proxy.ts +84 -74
package/src/daemon/host-browser-proxy.ts +67 -82
package/src/daemon/host-cu-proxy.ts +81 -86
package/src/daemon/host-file-proxy.ts +93 -69
package/src/daemon/host-proxy-base.ts +294 -0
package/src/daemon/host-proxy-preactivation.ts +82 -0
package/src/daemon/host-transfer-proxy.ts +247 -129
package/src/daemon/lifecycle.ts +115 -117
package/src/daemon/message-protocol.ts +3 -8
package/src/daemon/message-types/contacts.ts +23 -1
package/src/daemon/message-types/conversations.ts +11 -8
package/src/daemon/message-types/host-app-control.ts +150 -0
package/src/daemon/message-types/host-bash.ts +4 -0
package/src/daemon/message-types/host-cu.ts +2 -0
package/src/daemon/message-types/host-file.ts +4 -0
package/src/daemon/message-types/host-transfer.ts +3 -0
package/src/daemon/message-types/schedules.ts +8 -3
package/src/daemon/message-types/skills.ts +2 -2
package/src/daemon/process-message.ts +18 -1
package/src/daemon/shutdown-handlers.ts +0 -3
package/src/daemon/tool-setup-types.ts +51 -0
package/src/daemon/tool-side-effects.ts +1 -1
package/src/events/tool-audit-listener.ts +2 -1
package/src/heartbeat/__tests__/heartbeat-feed-event.test.ts +15 -7
package/src/heartbeat/__tests__/heartbeat-run-store.test.ts +216 -0
package/src/heartbeat/heartbeat-run-store.ts +236 -0
package/src/heartbeat/heartbeat-service.ts +280 -49
package/src/home/__tests__/post-connect-feed.test.ts +99 -0
package/src/home/__tests__/relationship-state-writer.test.ts +11 -9
package/src/home/__tests__/suggested-prompts.test.ts +89 -0
package/src/home/post-connect-feed.ts +68 -0
package/src/home/relationship-state-writer.ts +17 -92
package/src/home/suggested-prompts.ts +46 -10
package/src/inbound/public-ingress-urls.ts +32 -34
package/src/ipc/__tests__/route-error-envelope.test.ts +80 -0
package/src/ipc/assistant-server.ts +14 -1
package/src/ipc/cli-client.ts +32 -1
package/src/live-voice/live-voice-metrics.ts +10 -10
package/src/mcp/__tests__/mcp-auth-orchestrator.test.ts +304 -0
package/src/mcp/mcp-auth-orchestrator.ts +213 -0
package/src/mcp/mcp-auth-state.ts +133 -0
package/src/mcp/mcp-oauth-provider.ts +19 -0
package/src/memory/__tests__/jobs-store-job-classes.test.ts +24 -0
package/src/memory/__tests__/qdrant-client-sentinel.test.ts +49 -0
package/src/memory/__tests__/sparse-tokenize.test.ts +66 -0
package/src/memory/anisotropy.test.ts +247 -0
package/src/memory/anisotropy.ts +443 -0
package/src/memory/auto-analysis-constants.ts +17 -0
package/src/memory/auto-analysis-guard.ts +5 -15
package/src/memory/canonical-guardian-store.ts +7 -7
package/src/memory/context-search/__tests__/agent-runner-redaction.test.ts +122 -0
package/src/memory/context-search/agent-protocol.ts +6 -6
package/src/memory/context-search/agent-runner.ts +32 -7
package/src/memory/context-search/sources/memory-v2.ts +17 -5
package/src/memory/conversation-crud.ts +1 -1
package/src/memory/conversation-key-store.ts +2 -15
package/src/memory/db-init.ts +4 -0
package/src/memory/embedding-backend.ts +9 -21
package/src/memory/graph/__tests__/conversation-graph-memory-v2-routing.test.ts +49 -4
package/src/memory/graph/conversation-graph-memory.ts +1 -24
package/src/memory/graph/graph-search.ts +8 -0
package/src/memory/graph/retriever.ts +28 -0
package/src/memory/graph/tools.ts +1 -1
package/src/memory/jobs/__tests__/embed-concept-page.test.ts +8 -2
package/src/memory/jobs/embed-concept-page.ts +28 -2
package/src/memory/jobs/embed-pkb-file.test.ts +2 -2
package/src/memory/jobs-store.ts +66 -22
package/src/memory/jobs-worker.ts +112 -63
package/src/memory/memory-v2-activation-log-store.ts +1 -1
package/src/memory/migrations/237-heartbeat-runs.ts +45 -0
package/src/memory/migrations/238-schedule-retry-policy.ts +20 -0
package/src/memory/migrations/index.ts +5 -0
package/src/memory/migrations/registry.ts +8 -0
package/src/memory/pkb/pkb-search.ts +7 -0
package/src/memory/qdrant-client.ts +50 -20
package/src/memory/schema/infrastructure.ts +15 -0
package/src/memory/search/semantic.ts +7 -0
package/src/memory/sparse-tokenize.ts +49 -0
package/src/memory/v2/__tests__/activation.test.ts +77 -95
package/src/memory/v2/__tests__/injection.test.ts +43 -21
package/src/memory/v2/__tests__/sim.test.ts +166 -6
package/src/memory/v2/__tests__/sparse-bm25.test.ts +292 -0
package/src/memory/v2/__tests__/static-context.test.ts +0 -1
package/src/memory/v2/activation.ts +69 -88
package/src/memory/v2/consolidation-job.ts +3 -5
package/src/memory/v2/constants.ts +7 -0
package/src/memory/v2/injection.ts +86 -53
package/src/memory/v2/prompts/consolidation.ts +312 -91
package/src/memory/v2/qdrant.ts +99 -1
package/src/memory/v2/sim.ts +126 -16
package/src/memory/v2/skill-qdrant.ts +12 -3
package/src/memory/v2/skill-store.ts +16 -1
package/src/memory/v2/sparse-bm25.ts +245 -0
package/src/memory/v2/static-context.ts +6 -5
package/src/messaging/providers/gmail/types.ts +0 -49
package/src/messaging/providers/slack/adapter.ts +1 -31
package/src/messaging/providers/slack/types.ts +0 -32
package/src/notifications/README.md +10 -10
package/src/notifications/broadcaster.ts +1 -1
package/src/notifications/guardian-question-mode.ts +5 -5
package/src/oauth/connect-orchestrator.ts +4 -0
package/src/oauth/credential-token-resolver.ts +1 -3
package/src/oauth/manual-token-connection.ts +0 -4
package/src/outbound-proxy/index.ts +1 -37
package/src/outbound-proxy/logging.ts +1 -1
package/src/outbound-proxy/policy.ts +6 -5
package/src/outbound-proxy/router.ts +2 -1
package/src/permissions/approval-policy.test.ts +6 -275
package/src/permissions/approval-policy.ts +0 -51
package/src/permissions/checker.test.ts +0 -1
package/src/permissions/checker.ts +3 -17
package/src/permissions/gateway-threshold-reader.ts +2 -0
package/src/permissions/prompter.ts +34 -1
package/src/permissions/secret-prompter.ts +6 -2
package/src/prompts/bootstrap-cleanup.ts +27 -0
package/src/prompts/system-prompt.ts +3 -18
package/src/prompts/templates/SOUL.md +13 -1
package/src/providers/speech-to-text/provider-catalog.ts +7 -8
package/src/runtime/assistant-event-hub.ts +118 -96
package/src/runtime/assistant-event.ts +1 -0
package/src/runtime/auth/__tests__/middleware.test.ts +11 -56
package/src/runtime/auth/middleware.ts +0 -96
package/src/runtime/auth/route-policy.ts +19 -0
package/src/runtime/btw-sidechain.ts +2 -3
package/src/runtime/channel-invite-transport.ts +2 -48
package/src/runtime/channel-invite-transports/email.ts +1 -1
package/src/runtime/channel-invite-transports/slack.ts +1 -1
package/src/runtime/channel-invite-transports/telegram.ts +1 -1
package/src/runtime/channel-invite-transports/voice.ts +1 -1
package/src/runtime/channel-invite-transports/whatsapp.ts +1 -1
package/src/runtime/channel-invite-types.ts +54 -0
package/src/runtime/channel-readiness-service.ts +32 -13
package/src/runtime/http-server.ts +3 -329
package/src/runtime/http-types.ts +0 -5
package/src/runtime/migrations/__tests__/vbundle-import-parity.test.ts +413 -0
package/src/runtime/migrations/__tests__/vbundle-import-policy.test.ts +260 -0
package/src/runtime/migrations/__tests__/vbundle-import-version-compat.test.ts +189 -0
package/src/runtime/migrations/__tests__/vbundle-streaming-importer.test.ts +153 -1
package/src/runtime/migrations/__tests__/vbundle-symlink-importer.test.ts +451 -0
package/src/runtime/migrations/__tests__/vbundle-symlink-streaming-importer.test.ts +0 -0
package/src/runtime/migrations/__tests__/vbundle-symlink-streaming.test.ts +515 -0
package/src/runtime/migrations/__tests__/vbundle-symlink-tar.test.ts +437 -0
package/src/runtime/migrations/__tests__/vbundle-symlink-walker.test.ts +319 -0
package/src/runtime/migrations/__tests__/vbundle-validator-v1-schema.test.ts +51 -1
package/src/runtime/migrations/migration-transport.ts +7 -7
package/src/runtime/migrations/vbundle-builder.ts +327 -60
package/src/runtime/migrations/vbundle-import-analyzer.ts +4 -4
package/src/runtime/migrations/vbundle-import-policy.ts +172 -0
package/src/runtime/migrations/vbundle-importer.ts +245 -68
package/src/runtime/migrations/vbundle-streaming-importer.ts +326 -35
package/src/runtime/migrations/vbundle-streaming-validator.ts +157 -4
package/src/runtime/migrations/vbundle-tar-stream.ts +15 -6
package/src/runtime/migrations/vbundle-validator.ts +114 -0
package/src/runtime/pending-interactions.ts +35 -9
package/src/runtime/routes/__tests__/backup-routes.test.ts +22 -150
package/src/runtime/routes/__tests__/conversation-query-routes.test.ts +98 -0
package/src/runtime/routes/__tests__/gateway-log-routes.test.ts +242 -0
package/src/runtime/routes/__tests__/heartbeat-routes.test.ts +112 -0
package/src/runtime/routes/approval-interception-types.ts +13 -0
package/src/runtime/routes/approval-strategies/guardian-text-engine-strategy.ts +1 -1
package/src/runtime/routes/backup-routes.ts +15 -38
package/src/runtime/routes/btw-routes.ts +14 -37
package/src/runtime/routes/client-routes.ts +1 -0
package/src/runtime/routes/contact-prompt-routes.ts +183 -0
package/src/runtime/routes/conversation-query-routes.ts +36 -1
package/src/runtime/routes/conversation-routes.ts +30 -13
package/src/runtime/routes/document-pdf-renderer.ts +165 -0
package/src/runtime/routes/documents-routes.ts +30 -0
package/src/runtime/routes/errors.ts +19 -4
package/src/runtime/routes/events-routes.ts +12 -6
package/src/runtime/routes/gateway-log-routes.ts +79 -0
package/src/runtime/routes/guardian-approval-interception.ts +2 -8
package/src/runtime/routes/heartbeat-routes.ts +103 -38
package/src/runtime/routes/host-app-control-routes.ts +134 -0
package/src/runtime/routes/host-bash-routes.ts +36 -6
package/src/runtime/routes/host-browser-routes.ts +108 -13
package/src/runtime/routes/host-cu-routes.ts +44 -14
package/src/runtime/routes/host-file-routes.ts +33 -10
package/src/runtime/routes/host-transfer-routes.ts +64 -24
package/src/runtime/routes/http-adapter.ts +1 -0
package/src/runtime/routes/identity-intro-cache.ts +30 -0
package/src/runtime/routes/identity-routes.ts +15 -43
package/src/runtime/routes/inbound-message-handler.ts +1 -9
package/src/runtime/routes/inbound-stages/acl-enforcement.ts +0 -7
package/src/runtime/routes/inbound-stages/edit-intercept.ts +0 -8
package/src/runtime/routes/inbound-stages/transcribe-audio.test.ts +0 -20
package/src/runtime/routes/inbound-stages/transcribe-audio.ts +5 -13
package/src/runtime/routes/index.ts +8 -0
package/src/runtime/routes/mcp-auth-routes.ts +132 -0
package/src/runtime/routes/memory-item-routes.ts +10 -12
package/src/runtime/routes/memory-v2-routes.ts +441 -1
package/src/runtime/routes/migration-routes.ts +96 -0
package/src/runtime/routes/schedule-routes.ts +7 -0
package/src/runtime/verification-templates.ts +4 -7
package/src/schedule/integration-status.ts +66 -2
package/src/schedule/recurrence-engine.ts +4 -1
package/src/schedule/retry-backoff.ts +18 -0
package/src/schedule/retry-policy.ts +82 -0
package/src/schedule/schedule-recovery.ts +64 -0
package/src/schedule/schedule-store.ts +106 -2
package/src/schedule/scheduler-types.ts +25 -0
package/src/schedule/scheduler.ts +63 -38
package/src/security/oauth-callback-registry.ts +8 -0
package/src/sequence/analytics.ts +5 -5
package/src/sequence/engine.ts +1 -1
package/src/skills/catalog-files.ts +2 -8
package/src/skills/include-graph.ts +5 -5
package/src/skills/remote-skill-policy.ts +5 -5
package/src/skills/skill-file-provider.ts +1 -1
package/src/skills/skill-file-types.ts +13 -0
package/src/skills/skillssh-audit-types.ts +28 -0
package/src/skills/skillssh-registry.ts +8 -21
package/src/telemetry/types.ts +2 -0
package/src/telemetry/usage-telemetry-reporter.test.ts +21 -0
package/src/telemetry/usage-telemetry-reporter.ts +1 -0
package/src/tools/app-control/skill-proxy-bridge.ts +28 -0
package/src/tools/apps/executors.ts +56 -69
package/src/tools/browser/__tests__/browser-status.test.ts +21 -18
package/src/tools/browser/browser-execution.ts +2 -2
package/src/tools/browser/cdp-client/__tests__/factory.test.ts +55 -4
package/src/tools/browser/cdp-client/cdp-inspect/__tests__/ws-transport.test.ts +12 -6
package/src/tools/browser/cdp-client/factory.ts +23 -24
package/src/tools/browser/cdp-client/index.ts +1 -14
package/src/tools/computer-use/definitions.ts +42 -20
package/src/tools/executor.ts +2 -0
package/src/tools/host-filesystem/edit.ts +26 -0
package/src/tools/host-filesystem/read.ts +26 -0
package/src/tools/host-filesystem/transfer.ts +31 -1
package/src/tools/host-filesystem/write.ts +26 -0
package/src/tools/host-terminal/host-shell.ts +58 -0
package/src/tools/schedule/create.ts +6 -0
package/src/tools/schedule/list.ts +2 -0
package/src/tools/schedule/update.ts +10 -0
package/src/tools/shared/filesystem/file-ops-service.ts +2 -0
package/src/tools/shared/filesystem/path-policy.ts +25 -1
package/src/tools/skills/load.ts +0 -32
package/src/tools/tool-approval-handler.ts +1 -5
package/src/tools/types.ts +4 -0
package/src/usage/pricing.ts +1 -1
package/src/workspace/hatched-date.ts +86 -0
package/src/workspace/migrations/003-seed-device-id.ts +1 -1
package/src/workspace/migrations/006-services-config.ts +8 -5
package/src/workspace/migrations/016-extract-feature-flags-to-protected.ts +3 -9
package/src/workspace/migrations/021-move-signals-to-workspace.ts +4 -10
package/src/workspace/migrations/022-move-hooks-to-workspace.ts +4 -10
package/src/workspace/migrations/023-move-config-files-to-workspace.ts +4 -11
package/src/workspace/migrations/024-move-runtime-files-to-workspace.ts +3 -10
package/src/workspace/migrations/040-seed-latency-callsite-defaults.ts +3 -2
package/src/workspace/migrations/050-seed-main-agent-opus-callsite.ts +2 -1
package/src/workspace/migrations/059-move-pid-to-workspace.ts +3 -8
package/src/workspace/migrations/061-move-backup-key-to-workspace.ts +3 -8
package/src/workspace/migrations/AGENTS.md +1 -1
package/src/workspace/migrations/migrate-to-workspace-volume.ts +4 -10
package/src/workspace/migrations/utils.ts +21 -0
package/src/__tests__/host-browser-e2e-cloud.test.ts +0 -443
package/src/__tests__/host-browser-e2e-self-hosted-capability.test.ts +0 -226
package/src/__tests__/host-browser-ws-events-e2e.test.ts +0 -427
package/src/__tests__/twilio-rest.test.ts +0 -34
package/src/backup/__tests__/backup-key.test.ts +0 -152
package/src/backup/__tests__/backup-worker.test.ts +0 -782
package/src/backup/__tests__/offsite-writer.test.ts +0 -641
package/src/backup/__tests__/stream-crypt.test.ts +0 -228
package/src/backup/backup-key.ts +0 -137
package/src/backup/backup-worker.ts +0 -472
package/src/backup/offsite-writer.ts +0 -222
package/src/backup/stream-crypt.ts +0 -263
package/src/daemon/message-types/pairing.ts +0 -58
package/src/outbound-proxy/config.ts +0 -20
package/src/outbound-proxy/health.ts +0 -18
package/src/outbound-proxy/types.ts +0 -150
package/src/runtime/capability-tokens.ts +0 -190
package/src/signals/mcp-reload.ts +0 -18

package/src/runtime/routes/inbound-message-handler.ts CHANGED Viewed

@@ -11,7 +11,6 @@ import {
   isChannelId,
   parseInterfaceId,
 } from "../../channels/types.js";
-import { touchContactInteraction } from "../../contacts/contacts-write.js";
 import {
   createApprovalConversationGenerator,
   createApprovalCopyGenerator,
@@ -442,7 +441,7 @@ export async function handleChannelInbound({
           `[Voice message received — ${transcribeResult.reason}]` +
           (trimmedContent ? `\n\n${trimmedContent}` : "");
         break;
-      // "no_audio", "disabled" — no action needed
+      // "no_audio" — no action needed
     }
   }
@@ -511,13 +510,6 @@ export async function handleChannelInbound({
     }
   }
-  // Track contact interaction only for genuinely new messages (not webhook
-  // retries). This was previously in ACL enforcement which runs before dedup,
-  // causing retries to inflate interaction counts.
-  if (!result.duplicate && resolvedMember) {
-    touchContactInteraction(resolvedMember.channel.id);
-  }
   // external_conversation_bindings is assistant-agnostic. Restrict writes to
   // self so assistant-scoped legacy routes do not overwrite each other's
   // channel binding metadata for the same chat.

package/src/runtime/routes/inbound-stages/acl-enforcement.ts CHANGED Viewed

@@ -12,7 +12,6 @@ import {
   findContactChannel,
   findGuardianForChannel,
 } from "../../../contacts/contact-store.js";
-import { touchChannelLastSeen } from "../../../contacts/contacts-write.js";
 import type {
   ChannelStatus,
   ContactChannel,
@@ -689,12 +688,6 @@ export async function enforceIngressAcl(
         };
       }
-      // 'allow' or 'escalate' — update last seen timestamp.
-      // touchContactInteraction is intentionally NOT called here because
-      // duplicate detection hasn't run yet. It's called in
-      // inbound-message-handler.ts after dedup so webhook retries don't
-      // inflate interaction counts.
-      touchChannelLastSeen(resolvedMember.channel.id);
     }
   }

package/src/runtime/routes/inbound-stages/edit-intercept.ts CHANGED Viewed

@@ -15,7 +15,6 @@
  * focused on orchestration.
  */
 import type { ChannelId } from "../../../channels/types.js";
-import { touchContactInteraction } from "../../../contacts/contacts-write.js";
 import {
   getMessageById,
   updateMessageContent,
@@ -65,7 +64,6 @@ export async function handleEditIntercept(
     canonicalAssistantId,
     assistantId,
     content,
-    channelId,
   } = params;
   // Dedup the edit event itself (retried edited_message webhooks)
@@ -84,12 +82,6 @@ export async function handleEditIntercept(
     });
   }
-  // Track contact interaction only for genuinely new edit events (not webhook
-  // retries), matching the pattern used for the normal message path.
-  if (channelId) {
-    touchContactInteraction(channelId);
-  }
   // Retry lookup a few times -- the original message may still be processing
   // (linkMessage hasn't been called yet). Short backoff avoids losing edits
   // that arrive while the original agent loop is in progress.

package/src/runtime/routes/inbound-stages/transcribe-audio.test.ts CHANGED Viewed

@@ -7,7 +7,6 @@ import { SttError } from "../../../stt/types.js";
 // Mocks — must be set up before importing the module under test
 // ---------------------------------------------------------------------------
-let mockFeatureFlagEnabled = true;
 let mockAttachments: Array<{
   id: string;
   mimeType: string;
@@ -20,14 +19,6 @@ let mockAttachments: Array<{
 }> = [];
 let mockTranscriber: BatchTranscriber | null = null;
-mock.module("../../../config/assistant-feature-flags.js", () => ({
-  isAssistantFeatureFlagEnabled: () => mockFeatureFlagEnabled,
-}));
-mock.module("../../../config/loader.js", () => ({
-  getConfig: () => ({}),
-}));
 mock.module("../../../memory/attachments-store.js", () => ({
   getAttachmentsByIds: (ids: string[]) =>
     mockAttachments.filter((a) => ids.includes(a.id)),
@@ -115,7 +106,6 @@ function makeImageAttachment(id: string) {
 describe("tryTranscribeAudioAttachments", () => {
   beforeEach(() => {
-    mockFeatureFlagEnabled = true;
     mockAttachments = [];
     mockTranscriber = null;
   });
@@ -189,16 +179,6 @@ describe("tryTranscribeAudioAttachments", () => {
     );
   });
-  test("feature flag disabled returns disabled", async () => {
-    mockFeatureFlagEnabled = false;
-    const audio = makeAudioAttachment("a1");
-    mockAttachments = [audio];
-    const result = await tryTranscribeAudioAttachments(["a1"]);
-    expect(result).toEqual({ status: "disabled" });
-  });
   test("30-second timeout fires and returns error without blocking", async () => {
     const audio = makeAudioAttachment("a1");
     mockAttachments = [audio];

package/src/runtime/routes/inbound-stages/transcribe-audio.ts CHANGED Viewed

@@ -2,22 +2,21 @@
  * Auto-transcribe audio attachments from channel inbound messages.
  *
  * Returns a discriminated result type so callers can handle each outcome
- * (transcribed, no audio, disabled, no provider, error) without exceptions.
+ * (transcribed, no audio, no provider, error) without exceptions.
  * Never throws — failures are represented as result variants so that message
  * delivery is never blocked by transcription issues.
  */
-import { isAssistantFeatureFlagEnabled } from "../../../config/assistant-feature-flags.js";
-import { getConfig } from "../../../config/loader.js";
-import { getAttachmentById, getAttachmentsByIds } from "../../../memory/attachments-store.js";
+import {
+  getAttachmentById,
+  getAttachmentsByIds,
+} from "../../../memory/attachments-store.js";
 import { resolveBatchTranscriber } from "../../../providers/speech-to-text/resolve.js";
 import { normalizeSttError } from "../../../stt/daemon-batch-transcriber.js";
 import { getLogger } from "../../../util/logger.js";
 const log = getLogger("transcribe-audio");
-const VOICE_TRANSCRIPTION_FLAG_KEY = "channel-voice-transcription" as const;
 /** Timeout for the entire transcription pipeline (all attachments). */
 const TRANSCRIPTION_TIMEOUT_MS = 30_000;
@@ -28,7 +27,6 @@ const TRANSCRIPTION_TIMEOUT_MS = 30_000;
 export type TranscribeResult =
   | { status: "transcribed"; text: string }
   | { status: "no_audio" }
-  | { status: "disabled" }
   | { status: "no_provider"; reason: string }
   | { status: "error"; reason: string };
@@ -40,12 +38,6 @@ export async function tryTranscribeAudioAttachments(
   attachmentIds: string[],
 ): Promise<TranscribeResult> {
   try {
-    // Check feature flag
-    const config = getConfig();
-    if (!isAssistantFeatureFlagEnabled(VOICE_TRANSCRIPTION_FLAG_KEY, config)) {
-      return { status: "disabled" };
-    }
     // Look up attachments and filter to audio MIME types
     const resolved = getAttachmentsByIds(attachmentIds);
     const audioAttachments = resolved.filter((a) =>

package/src/runtime/routes/index.ts CHANGED Viewed

@@ -27,6 +27,7 @@ import { CHANNEL_ROUTES } from "./channel-route-definitions.js";
 import { ROUTES as CHANNEL_VERIFICATION_ROUTES } from "./channel-verification-routes.js";
 import { ROUTES as CLIENT_ROUTES } from "./client-routes.js";
 import { ROUTES as CONSOLIDATION_ROUTES } from "./consolidation-routes.js";
+import { CONTACT_PROMPT_ROUTES } from "./contact-prompt-routes.js";
 import { ROUTES as CONTACT_ROUTES } from "./contact-routes.js";
 import { ROUTES as CONVERSATION_ANALYSIS_ROUTES } from "./conversation-analysis-routes.js";
 import { ROUTES as CONVERSATION_ATTENTION_ROUTES } from "./conversation-attention-routes.js";
@@ -42,12 +43,14 @@ import { ROUTES as DIAGNOSTICS_ROUTES } from "./diagnostics-routes.js";
 import { ROUTES as DOCUMENT_ROUTES } from "./documents-routes.js";
 import { ROUTES as EVENTS_ROUTES } from "./events-routes.js";
 import { ROUTES as FILING_ROUTES } from "./filing-routes.js";
+import { ROUTES as GATEWAY_LOG_ROUTES } from "./gateway-log-routes.js";
 import { ROUTES as GLOBAL_SEARCH_ROUTES } from "./global-search-routes.js";
 import { ROUTES as GROUP_ROUTES } from "./group-routes.js";
 import { ROUTES as GUARDIAN_ACTION_ROUTES } from "./guardian-action-routes.js";
 import { ROUTES as HEARTBEAT_ROUTES } from "./heartbeat-routes.js";
 import { ROUTES as HOME_FEED_ROUTES } from "./home-feed-routes.js";
 import { ROUTES as HOME_STATE_ROUTES } from "./home-state-routes.js";
+import { ROUTES as HOST_APP_CONTROL_ROUTES } from "./host-app-control-routes.js";
 import { ROUTES as HOST_BASH_ROUTES } from "./host-bash-routes.js";
 import { ROUTES as HOST_BROWSER_ROUTES } from "./host-browser-routes.js";
 import { ROUTES as HOST_CU_ROUTES } from "./host-cu-routes.js";
@@ -64,6 +67,7 @@ import { ROUTES as INTERNAL_OAUTH_ROUTES } from "./internal-oauth-routes.js";
 import { ROUTES as INTERNAL_TWILIO_ROUTES } from "./internal-twilio-routes.js";
 import { ROUTES as LLM_CALL_SITES_ROUTES } from "./llm-call-sites-routes.js";
 import { ROUTES as LOG_EXPORT_ROUTES } from "./log-export-routes.js";
+import { ROUTES as MCP_AUTH_ROUTES } from "./mcp-auth-routes.js";
 import { ROUTES as MEMORY_ITEM_ROUTES } from "./memory-item-routes.js";
 import { ROUTES as MEMORY_V2_ROUTES } from "./memory-v2-routes.js";
 import { ROUTES as MIGRATION_ROLLBACK_ROUTES } from "./migration-rollback-routes.js";
@@ -121,6 +125,7 @@ export const ROUTES: RouteDefinition[] = [
   ...BTW_ROUTES,
   ...BRAIN_GRAPH_ROUTES,
   ...CLIENT_ROUTES,
+  ...CONTACT_PROMPT_ROUTES,
   ...CONTACT_ROUTES,
   ...CONVERSATION_ANALYSIS_ROUTES,
   ...CONVERSATION_ATTENTION_ROUTES,
@@ -137,12 +142,14 @@ export const ROUTES: RouteDefinition[] = [
   ...DOCUMENT_ROUTES,
   ...EVENTS_ROUTES,
   ...FILING_ROUTES,
+  ...GATEWAY_LOG_ROUTES,
   ...GLOBAL_SEARCH_ROUTES,
   ...GROUP_ROUTES,
   ...GUARDIAN_ACTION_ROUTES,
   ...HEARTBEAT_ROUTES,
   ...HOME_FEED_ROUTES,
   ...HOME_STATE_ROUTES,
+  ...HOST_APP_CONTROL_ROUTES,
   ...HOST_BASH_ROUTES,
   ...HOST_BROWSER_ROUTES,
   ...HOST_CU_ROUTES,
@@ -151,6 +158,7 @@ export const ROUTES: RouteDefinition[] = [
   ...IDENTITY_ROUTES,
   ...INTERFACE_ROUTES,
   ...INTERNAL_OAUTH_ROUTES,
+  ...MCP_AUTH_ROUTES,
   ...INTERNAL_TWILIO_ROUTES,
   ...LOG_EXPORT_ROUTES,
   ...LLM_CALL_SITES_ROUTES,

package/src/runtime/routes/mcp-auth-routes.ts ADDED Viewed

@@ -0,0 +1,132 @@
+/**
+ * Internal routes for daemon-owned MCP OAuth flows.
+ *
+ * POST internal/mcp/auth/start   — kicks off the OAuth flow in the daemon
+ *                                  and returns the authorization URL
+ * GET  internal/mcp/auth/status/:serverId — polls current flow status
+ */
+import { z } from "zod";
+import { loadRawConfig } from "../../config/loader.js";
+import type { McpConfig } from "../../config/schemas/mcp.js";
+import { reloadMcpServers } from "../../daemon/mcp-reload-service.js";
+import { orchestrateMcpOAuthConnect } from "../../mcp/mcp-auth-orchestrator.js";
+import { getMcpAuthState } from "../../mcp/mcp-auth-state.js";
+import { getLogger } from "../../util/logger.js";
+import { BadRequestError, InternalError, NotFoundError } from "./errors.js";
+import type { RouteDefinition } from "./types.js";
+const log = getLogger("mcp-auth-routes");
+async function handleMcpAuthStart({
+  body,
+}: {
+  body?: Record<string, unknown>;
+}): Promise<{ auth_url: string; state: string; already_authenticated?: boolean }> {
+  const { serverId } = body as { serverId: string };
+  const raw = loadRawConfig();
+  const servers =
+    (raw.mcp as Partial<McpConfig> | undefined)?.servers ?? {};
+  const serverConfig = servers[serverId];
+  if (!serverConfig) {
+    throw new BadRequestError(`MCP server "${serverId}" not configured`);
+  }
+  const transport = serverConfig.transport;
+  if (transport.type !== "sse" && transport.type !== "streamable-http") {
+    throw new BadRequestError(
+      `OAuth only supported for sse/streamable-http transports (server "${serverId}" uses ${transport.type})`,
+    );
+  }
+  let result: { auth_url: string; already_authenticated?: boolean };
+  try {
+    result = await orchestrateMcpOAuthConnect({
+      serverId,
+      transport: {
+        url: transport.url,
+        type: transport.type,
+        headers: transport.headers,
+      },
+    });
+  } catch (err) {
+    throw new InternalError(err instanceof Error ? err.message : String(err));
+  }
+  return { auth_url: result.auth_url, state: serverId, already_authenticated: result.already_authenticated };
+}
+function handleMcpAuthStatus({
+  pathParams,
+}: {
+  pathParams?: Record<string, string>;
+}):
+  | { status: "pending"; auth_url: string }
+  | { status: "complete" }
+  | { status: "error"; error: string } {
+  const { serverId } = pathParams as { serverId: string };
+  const state = getMcpAuthState(serverId);
+  if (state === null) {
+    throw new NotFoundError(`No active OAuth flow for server "${serverId}"`);
+  }
+  if (state.status === "pending") return { status: "pending", auth_url: state.authUrl };
+  if (state.status === "complete") return { status: "complete" };
+  return { status: "error", error: state.error };
+}
+function handleMcpReload(_args: {
+  body?: Record<string, unknown>;
+}): { ok: true } {
+  // Fire-and-forget: reloadMcpServers() has its own reloadInProgress mutex,
+  // so concurrent calls coalesce.
+  void reloadMcpServers().catch((err) => {
+    log.warn(
+      { err: err instanceof Error ? err.message : String(err) },
+      "internal_mcp_reload background reload failed",
+    );
+  });
+  return { ok: true };
+}
+export const ROUTES: RouteDefinition[] = [
+  {
+    operationId: "internal_mcp_auth_start",
+    endpoint: "internal/mcp/auth/start",
+    method: "POST",
+    summary: "Start MCP OAuth flow",
+    description:
+      "Starts a daemon-owned MCP OAuth flow and returns the authorization URL for the CLI to open in the browser.",
+    tags: ["internal"],
+    requestBody: z.object({ serverId: z.string() }),
+    handler: handleMcpAuthStart,
+  },
+  {
+    operationId: "internal_mcp_auth_status",
+    endpoint: "internal/mcp/auth/status/:serverId",
+    method: "GET",
+    summary: "Poll MCP OAuth flow status",
+    description:
+      "Returns the current status of an in-flight MCP OAuth flow (pending/complete/error).",
+    tags: ["internal"],
+    pathParams: [{ name: "serverId" }],
+    additionalResponses: {
+      "404": { description: "No active OAuth flow for the given serverId" },
+    },
+    handler: handleMcpAuthStatus,
+  },
+  {
+    operationId: "internal_mcp_reload",
+    endpoint: "internal/mcp/reload",
+    method: "POST",
+    summary: "Trigger MCP server reload",
+    description:
+      "Kicks off reloadMcpServers() async on the daemon. Returns immediately.",
+    tags: ["internal"],
+    handler: handleMcpReload,
+  },
+];

package/src/runtime/routes/memory-item-routes.ts CHANGED Viewed

@@ -25,6 +25,7 @@ import {
 import { z } from "zod";
 import { getConfig } from "../../config/loader.js";
+import { isMemoryV2ReadActive } from "../../memory/context-search/sources/memory-v2.js";
 import { getDb } from "../../memory/db-connection.js";
 import {
   embedWithBackend,
@@ -49,11 +50,7 @@ import { withQdrantBreaker } from "../../memory/qdrant-circuit-breaker.js";
 import { getQdrantClient } from "../../memory/qdrant-client.js";
 import { memoryGraphNodes } from "../../memory/schema.js";
 import { getLogger } from "../../util/logger.js";
-import {
-  BadRequestError,
-  ConflictError,
-  NotFoundError,
-} from "./errors.js";
+import { BadRequestError, ConflictError, NotFoundError } from "./errors.js";
 import type { RouteDefinition } from "./types.js";
 const log = getLogger("memory-item-routes");
@@ -179,6 +176,11 @@ async function searchNodesSemantic(
 ): Promise<{ ids: string[]; total: number } | null> {
   try {
     const config = getConfig();
+    // v2 owns the read path when both gates are on. Fall back to SQL search
+    // (the caller's `null` branch) instead of querying the v1 collection,
+    // which is in active retirement and a corrupted sparse segment can
+    // OOM-crash the shared Qdrant process.
+    if (isMemoryV2ReadActive(config)) return null;
     const backendStatus = await getMemoryBackendStatus(config);
     if (!backendStatus.provider) return null;
@@ -249,9 +251,7 @@ function rowToNode(row: typeof memoryGraphNodes.$inferSelect): MemoryNode {
       | "told-by-other",
     narrativeRole: row.narrativeRole as MemoryNode["narrativeRole"],
     partOfStory: row.partOfStory,
-    imageRefs: row.imageRefs
-      ? (JSON.parse(row.imageRefs) as ImageRef[])
-      : null,
+    imageRefs: row.imageRefs ? (JSON.parse(row.imageRefs) as ImageRef[]) : null,
     scopeId: row.scopeId ?? "default",
   };
 }
@@ -555,8 +555,7 @@ async function handleUpdateMemoryItem(
   // Rebuild content if subject or statement changed
   const { subject: existingSubject, statement: existingStatement } =
     splitContent(existing.content);
-  const newSubject =
-    subject !== undefined ? subject.trim() : existingSubject;
+  const newSubject = subject !== undefined ? subject.trim() : existingSubject;
   const newStatement =
     statement !== undefined ? statement.trim() : existingStatement;
@@ -702,8 +701,7 @@ export const ROUTES: RouteDefinition[] = [
       items: z.array(z.unknown()).describe("Memory item objects"),
       total: z.number(),
     }),
-    handler: ({ queryParams }) =>
-      handleListMemoryItems(queryParams ?? {}),
+    handler: ({ queryParams }) => handleListMemoryItems(queryParams ?? {}),
   },
   {