@vellumai/assistant 0.7.1 → 0.7.2

package/src/tools/computer-use/definitions.ts

@@ -21,12 +21,6 @@ function proxyExecute(): Promise<ToolExecutionResult> {
   );
 }
 
-const activityProperty = {
-  type: "string" as const,
-  description:
-    "Brief non-technical explanation of why this tool is being called",
-};
-
 // ---------------------------------------------------------------------------
 // click (unified - click_type selects single / double / right)
 // ---------------------------------------------------------------------------
@@ -69,7 +63,11 @@ export const computerUseClickTool: Tool = {
             description:
               "Explanation of what you see and why you are clicking here",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["reasoning"],
       },
@@ -106,7 +104,11 @@ export const computerUseTypeTextTool: Tool = {
             type: "string",
             description: "Explanation of what you are typing and why",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["text", "reasoning"],
       },
@@ -144,7 +146,11 @@ export const computerUseKeyTool: Tool = {
             type: "string",
             description: "Explanation of why you are pressing this key",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["key", "reasoning"],
       },
@@ -199,7 +205,11 @@ export const computerUseScrollTool: Tool = {
             type: "string",
             description: "Explanation of why you are scrolling",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["direction", "amount", "reasoning"],
       },
@@ -260,7 +270,11 @@ export const computerUseDragTool: Tool = {
             type: "string",
             description: "Explanation of what you are dragging and why",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["reasoning"],
       },
@@ -296,7 +310,11 @@ export const computerUseWaitTool: Tool = {
             type: "string",
             description: "Explanation of what you are waiting for",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["duration_ms", "reasoning"],
       },
@@ -335,7 +353,11 @@ export const computerUseOpenAppTool: Tool = {
             description:
               "Explanation of why you need to open or switch to this app",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["app_name", "reasoning"],
       },
@@ -373,7 +395,11 @@ export const computerUseRunAppleScriptTool: Tool = {
             description:
               "Explanation of what this script does and why AppleScript is better than UI interaction for this step",
           },
-          activity: activityProperty,
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to target. Required when multiple clients support host_cu; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_cu`.",
+          },
         },
         required: ["script", "reasoning"],
       },
@@ -406,7 +432,6 @@ export const computerUseDoneTool: Tool = {
             type: "string",
             description: "Human-readable summary of what was accomplished",
           },
-          activity: activityProperty,
         },
         required: ["summary"],
       },
@@ -443,7 +468,6 @@ export const computerUseRespondTool: Tool = {
             type: "string",
             description: "Explanation of how you determined the answer",
           },
-          activity: activityProperty,
         },
         required: ["answer", "reasoning"],
       },
@@ -471,10 +495,8 @@ const computerUseObserveTool: Tool = {
       description: this.description,
       input_schema: {
         type: "object",
-        properties: {
-          activity: activityProperty,
-        },
-        required: ["activity"],
+        properties: {},
+        required: [],
       },
     };
   },

package/src/tools/executor.ts

@@ -406,6 +406,8 @@ export class ToolExecutor {
         requestId: context.requestId,
         riskLevel,
         matchedTrustRuleId: permMatchedTrustRuleId,
+        approvalMode: permApprovalMode,
+        approvalReason: permApprovalReason,
         decision,
         durationMs,
         result: safeResult,

package/src/tools/host-filesystem/edit.ts

@@ -1,6 +1,8 @@
+import { supportsHostProxy } from "../../channels/types.js";
 import { HostFileProxy } from "../../daemon/host-file-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
+import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { FileSystemOps } from "../shared/filesystem/file-ops-service.js";
 import { formatEditDiff } from "../shared/filesystem/format-diff.js";
 import { hostPolicy } from "../shared/filesystem/path-policy.js";
@@ -37,6 +39,11 @@ class HostFileEditTool implements Tool {
             description:
               "Replace all occurrences instead of requiring a unique match (default: false)",
           },
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to execute this on. Required when multiple clients support host_file; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_file`.",
+          },
         },
         required: ["path", "old_string", "new_string"],
       },
@@ -84,6 +91,24 @@ class HostFileEditTool implements Tool {
 
     const replaceAll = input.replace_all === true;
 
+    const targetClientId =
+      typeof input.target_client_id === "string" && input.target_client_id !== ""
+        ? input.target_client_id
+        : undefined;
+
+    const transportInterface = context.transportInterface;
+    if (
+      targetClientId == null &&
+      transportInterface != null &&
+      !supportsHostProxy(transportInterface) &&
+      assistantEventHub.listClientsByCapability("host_file").length > 1
+    ) {
+      return {
+        content: `Error: multiple clients support host_file. Specify which client to use with \`target_client_id\`. Run \`assistant clients list --capability host_file\` to see client IDs and labels.`,
+        isError: true,
+      };
+    }
+
     // Proxy to connected client for execution on the user's machine
     // when a capable client is available (managed/cloud-hosted mode).
     if (HostFileProxy.instance.isAvailable()) {
@@ -94,6 +119,7 @@ class HostFileEditTool implements Tool {
           old_string: oldString as string,
           new_string: newString as string,
           replace_all: replaceAll,
+          targetClientId,
         },
         context.conversationId,
         context.signal,

package/src/tools/host-filesystem/read.ts

@@ -1,8 +1,10 @@
 import { extname } from "node:path";
 
+import { supportsHostProxy } from "../../channels/types.js";
 import { HostFileProxy } from "../../daemon/host-file-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
+import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { FileSystemOps } from "../shared/filesystem/file-ops-service.js";
 import {
   IMAGE_EXTENSIONS,
@@ -37,6 +39,11 @@ class HostFileReadTool implements Tool {
             type: "number",
             description: "Maximum number of lines to read",
           },
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to execute this on. Required when multiple clients support host_file; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_file`.",
+          },
         },
         required: ["path"],
       },
@@ -55,6 +62,24 @@ class HostFileReadTool implements Tool {
       };
     }
 
+    const targetClientId =
+      typeof input.target_client_id === "string" && input.target_client_id !== ""
+        ? input.target_client_id
+        : undefined;
+
+    const transportInterface = context.transportInterface;
+    if (
+      targetClientId == null &&
+      transportInterface != null &&
+      !supportsHostProxy(transportInterface) &&
+      assistantEventHub.listClientsByCapability("host_file").length > 1
+    ) {
+      return {
+        content: `Error: multiple clients support host_file. Specify which client to use with \`target_client_id\`. Run \`assistant clients list --capability host_file\` to see client IDs and labels.`,
+        isError: true,
+      };
+    }
+
     // Proxy to connected client for execution on the user's machine
     // when a capable client is available (managed/cloud-hosted mode),
     // including image reads that need the host filesystem view.
@@ -65,6 +90,7 @@ class HostFileReadTool implements Tool {
           path: rawPath,
           offset: typeof input.offset === "number" ? input.offset : undefined,
           limit: typeof input.limit === "number" ? input.limit : undefined,
+          targetClientId,
         },
         context.conversationId,
         context.signal,

package/src/tools/host-filesystem/transfer.ts

@@ -2,16 +2,18 @@ import { constants } from "node:fs";
 import { copyFile, lstat, mkdir, realpath } from "node:fs/promises";
 import { dirname, isAbsolute } from "node:path";
 
+import { supportsHostProxy } from "../../channels/types.js";
 import { HostTransferProxy } from "../../daemon/host-transfer-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
+import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { sandboxPolicy } from "../shared/filesystem/path-policy.js";
 import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 
 class HostFileTransferTool implements Tool {
   name = "host_file_transfer";
   description =
-    "Copy a file between the assistant's workspace and the user's host machine. Set direction to 'to_host' to send a workspace file to the host, or 'to_sandbox' to pull a host file into the workspace.";
+    "Copy a file between the assistant's workspace and the user's host machine. Set direction to 'to_host' to send a workspace file to the host, or 'to_sandbox' to pull a host file into the workspace. When multiple clients support host_file, specify which one to use with target_client_id.";
   category = "host-filesystem";
   defaultRiskLevel = RiskLevel.Medium;
 
@@ -48,6 +50,11 @@ class HostFileTransferTool implements Tool {
             description:
               "Brief description of why the file is being transferred (for audit logging)",
           },
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to transfer files to/from. Required when multiple clients support host_file; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_file`.",
+          },
         },
         required: ["source_path", "dest_path", "direction"],
       },
@@ -85,6 +92,20 @@ class HostFileTransferTool implements Tool {
 
     const overwrite = input.overwrite === true;
 
+    const targetClientId =
+      typeof input.target_client_id === "string" && input.target_client_id !== ""
+        ? input.target_client_id
+        : undefined;
+
+    if (
+      targetClientId == null &&
+      context.transportInterface != null &&
+      !supportsHostProxy(context.transportInterface) &&
+      assistantEventHub.listClientsByCapability("host_file").length > 1
+    ) {
+      return { content: `Error: multiple clients support host_file. Specify which client to use with \`target_client_id\`. Run \`assistant clients list --capability host_file\` to see client IDs and labels.`, isError: true };
+    }
+
     // Validate that host-side paths are absolute.
     if (direction === "to_host" && !isAbsolute(destPath)) {
       return {
@@ -134,6 +155,7 @@ class HostFileTransferTool implements Tool {
             destPath,
             overwrite,
             conversationId: context.conversationId,
+            targetClientId,
           },
           context.signal,
         );
@@ -144,11 +166,19 @@ class HostFileTransferTool implements Tool {
           destPath: resolvedDestPath,
           overwrite,
           conversationId: context.conversationId,
+          targetClientId,
         },
         context.signal,
       );
     }
 
+    if (targetClientId != null) {
+      return {
+        content: `Error: target_client_id '${targetClientId}' was specified but no host client is available. Ensure the client is connected.`,
+        isError: true,
+      };
+    }
+
     // Local mode: direct filesystem copy.
     return this.executeLocal(resolvedSourcePath, resolvedDestPath, overwrite);
   }

package/src/tools/host-filesystem/write.ts

@@ -1,6 +1,8 @@
+import { supportsHostProxy } from "../../channels/types.js";
 import { HostFileProxy } from "../../daemon/host-file-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
+import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { FileSystemOps } from "../shared/filesystem/file-ops-service.js";
 import { formatWriteSummary } from "../shared/filesystem/format-diff.js";
 import { hostPolicy } from "../shared/filesystem/path-policy.js";
@@ -28,6 +30,11 @@ class HostFileWriteTool implements Tool {
             type: "string",
             description: "The content to write to the file",
           },
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to execute this on. Required when multiple clients support host_file; omit when only one is connected. Obtain IDs from `assistant clients list --capability host_file`.",
+          },
         },
         required: ["path", "content"],
       },
@@ -54,6 +61,24 @@ class HostFileWriteTool implements Tool {
       };
     }
 
+    const targetClientId =
+      typeof input.target_client_id === "string" && input.target_client_id !== ""
+        ? input.target_client_id
+        : undefined;
+
+    const transportInterface = context.transportInterface;
+    if (
+      targetClientId == null &&
+      transportInterface != null &&
+      !supportsHostProxy(transportInterface) &&
+      assistantEventHub.listClientsByCapability("host_file").length > 1
+    ) {
+      return {
+        content: `Error: multiple clients support host_file. Specify which client to use with \`target_client_id\`. Run \`assistant clients list --capability host_file\` to see client IDs and labels.`,
+        isError: true,
+      };
+    }
+
     // Proxy to connected client for execution on the user's machine
     // when a capable client is available (managed/cloud-hosted mode).
     if (HostFileProxy.instance.isAvailable()) {
@@ -62,6 +87,7 @@ class HostFileWriteTool implements Tool {
           operation: "write",
           path: rawPath,
           content: fileContent,
+          targetClientId,
         },
         context.conversationId,
         context.signal,

package/src/tools/host-terminal/host-shell.ts

@@ -18,6 +18,7 @@ import { existsSync } from "node:fs";
 import { homedir } from "node:os";
 import { isAbsolute } from "node:path";
 
+import { supportsHostProxy } from "../../channels/types.js";
 import { getConfig } from "../../config/loader.js";
 import { isCesShellLockdownEnabled } from "../../credential-execution/feature-gates.js";
 import { HostBashProxy } from "../../daemon/host-bash-proxy.js";
@@ -25,6 +26,7 @@ import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
 import { isUntrustedTrustClass } from "../../runtime/actor-trust-resolver.js";
 import { wakeAgentForOpportunity } from "../../runtime/agent-wake.js";
+import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { redactSecrets } from "../../security/secret-scanner.js";
 import { getLogger } from "../../util/logger.js";
 import {
@@ -131,6 +133,11 @@ class HostShellTool implements Tool {
             description:
               "Run the command in the background on the host machine. The tool returns immediately with a background tool ID. When the process exits, its output is delivered to the conversation as a wake.",
           },
+          target_client_id: {
+            type: "string",
+            description:
+              "ID of the specific client to execute this command on. Required when multiple clients support host_bash; omit when only one client is connected. Obtain IDs from `assistant clients list --capability host_bash`.",
+          },
         },
         required: ["command", "activity"],
       },
@@ -173,6 +180,11 @@ class HostShellTool implements Tool {
     }
     const background = input.background === true;
 
+    const targetClientId =
+      typeof input.target_client_id === "string" && input.target_client_id !== ""
+        ? input.target_client_id
+        : undefined;
+
     const config = getConfig();
     const { shellDefaultTimeoutSec, shellMaxTimeoutSec } = config.timeouts;
 
@@ -190,6 +202,50 @@ class HostShellTool implements Tool {
       isCesShellLockdownEnabled(config) &&
       isUntrustedTrustClass(context.trustClass);
 
+    // Guard: non-host-proxy interfaces need an explicit target when multiple
+    // capable clients are connected to avoid ambiguous untargeted broadcasts.
+    const transportInterface = context.transportInterface;
+    if (
+      targetClientId == null &&
+      transportInterface != null &&
+      !supportsHostProxy(transportInterface) &&
+      assistantEventHub.listClientsByCapability("host_bash").length > 1
+    ) {
+      return {
+        content: `Error: multiple clients support host_bash. Specify which client to use with \`target_client_id\`. Run \`assistant clients list --capability host_bash\` to see client IDs and labels.`,
+        isError: true,
+      };
+    }
+
+    // Guard: non-host-proxy interfaces with no capable clients connected.
+    if (
+      targetClientId == null &&
+      transportInterface != null &&
+      !supportsHostProxy(transportInterface) &&
+      !HostBashProxy.instance.isAvailable()
+    ) {
+      return {
+        content:
+          "Error: no client with host_bash capability is connected. Connect a macOS client to use host_bash from a non-desktop interface.",
+        isError: true,
+      };
+    }
+
+    // Guard: explicit targetClientId provided but proxy is unavailable (client
+    // disconnected between tool-definition and tool-execution). Without this
+    // guard both targetClientId != null guards above are bypassed, and the
+    // code falls through to local daemon execution — silently running commands
+    // inside the Docker container instead of on the intended host machine.
+    if (
+      targetClientId != null &&
+      !HostBashProxy.instance.isAvailable()
+    ) {
+      return {
+        content: `Error: target client "${targetClientId}" is no longer connected. The specified client may have disconnected since the tool was called. Run \`assistant clients list --capability host_bash\` to see currently connected clients.`,
+        isError: true,
+      };
+    }
+
     // Proxy to connected client for execution on the user's machine
     // when a capable client is available (managed/cloud-hosted mode).
     if (HostBashProxy.instance.isAvailable()) {
@@ -227,6 +283,7 @@ class HostShellTool implements Tool {
             working_dir: rawWorkingDir as string | undefined,
             timeout_seconds: normalizedTimeout,
             env: proxyEnv,
+            targetClientId,
           },
           context.conversationId,
           abortController.signal,
@@ -273,6 +330,7 @@ class HostShellTool implements Tool {
           working_dir: rawWorkingDir as string | undefined,
           timeout_seconds: normalizedTimeout,
           env: proxyEnv,
+          targetClientId,
         },
         context.conversationId,
         context.signal,

package/src/tools/schedule/create.ts

@@ -44,6 +44,8 @@ export async function executeScheduleCreate(
     | undefined;
   const quiet = (input.quiet as boolean) ?? false;
   const reuseConversation = (input.reuse_conversation as boolean) ?? false;
+  const maxRetries = input.max_retries as number | undefined;
+  const retryBackoffMs = input.retry_backoff_ms as number | undefined;
 
   if (!name || typeof name !== "string") {
     return {
@@ -130,6 +132,8 @@ export async function executeScheduleCreate(
         routingHints,
         quiet,
         reuseConversation,
+        maxRetries,
+        retryBackoffMs,
       });
 
       const fireDate = formatLocalDate(job.nextRunAt);
@@ -208,6 +212,8 @@ export async function executeScheduleCreate(
       routingHints,
       quiet,
       reuseConversation,
+      maxRetries,
+      retryBackoffMs,
     });
 
     const scheduleDescription =

package/src/tools/schedule/list.ts

@@ -77,6 +77,8 @@ export async function executeScheduleList(
       `  Last run: ${job.lastRunAt ? formatLocalDate(job.lastRunAt) : "never"}`,
       `  Last status: ${job.lastStatus ?? "n/a"}`,
       `  Retry count: ${job.retryCount}`,
+      `  Max retries: ${job.maxRetries}`,
+      `  Retry backoff: ${job.retryBackoffMs}ms`,
       `  Created: ${formatLocalDate(job.createdAt)}`,
     );
 

package/src/tools/schedule/update.ts

@@ -108,6 +108,14 @@ export async function executeScheduleUpdate(
     updates.reuseConversation = input.reuse_conversation;
   }
 
+  // Retry policy
+  if (input.max_retries !== undefined) {
+    updates.maxRetries = input.max_retries;
+  }
+  if (input.retry_backoff_ms !== undefined) {
+    updates.retryBackoffMs = input.retry_backoff_ms;
+  }
+
   // Auto-detect syntax when expression changes without explicit syntax
   if (input.expression !== undefined || input.syntax !== undefined) {
     const resolved = normalizeScheduleSyntax({
@@ -173,6 +181,8 @@ export async function executeScheduleUpdate(
         routingHints?: Record<string, unknown>;
         quiet?: boolean;
         reuseConversation?: boolean;
+        maxRetries?: number;
+        retryBackoffMs?: number;
       },
     );
 

package/src/tools/shared/filesystem/file-ops-service.ts

@@ -52,6 +52,8 @@ function pathError(
       return Err.pathNotAbsolute(path);
     case "out_of_bounds":
       return { code: "PATH_OUT_OF_BOUNDS", message: detail, path };
+    case "denied":
+      return { code: "PATH_OUT_OF_BOUNDS", message: detail, path };
   }
 }
 

package/src/tools/shared/filesystem/path-policy.ts

@@ -11,7 +11,14 @@ import {
 /**
  * Result type shared by both sandbox and host path policies.
  */
-export type PathFailureReason = "not_absolute" | "out_of_bounds";
+export type PathFailureReason = "not_absolute" | "out_of_bounds" | "denied";
+
+/**
+ * Basenames that must never be read or written by the assistant, regardless
+ * of where they resolve. Defense-in-depth: even if a key file is accidentally
+ * placed inside the workspace boundary, the assistant cannot access it.
+ */
+const DENIED_BASENAMES = new Set([".backup.key", "backup.key"]);
 
 export type PathResult =
   | { ok: true; resolved: string }
@@ -106,6 +113,16 @@ export function sandboxPolicy(
     };
   }
 
+  // Check both the logical path and the symlink-resolved path so a symlink
+  // with a non-denied name pointing at a denied file is still caught.
+  if (DENIED_BASENAMES.has(basename(resolved)) || DENIED_BASENAMES.has(basename(realResolved))) {
+    return {
+      ok: false,
+      reason: "denied",
+      error: `Access to "${basename(resolved)}" is denied`,
+    };
+  }
+
   return { ok: true, resolved };
 }
 
@@ -125,5 +142,12 @@ export function hostPolicy(rawPath: string): PathResult {
       error: `path must be absolute for host file access: ${rawPath}`,
     };
   }
+  if (DENIED_BASENAMES.has(basename(rawPath))) {
+    return {
+      ok: false,
+      reason: "denied",
+      error: `Access to "${basename(rawPath)}" is denied`,
+    };
+  }
   return { ok: true, resolved: rawPath };
 }

package/src/tools/skills/load.ts

@@ -29,9 +29,6 @@ import { getWorkspaceDirDisplay } from "../../util/platform.js";
 import { registerTool } from "../registry.js";
 import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 
-/** Canonical feature flag key for inline skill command expansion. */
-const INLINE_COMMANDS_FLAG_KEY = "inline-skill-commands";
-
 /** Skill sources eligible for inline command expansion in v1. */
 const INLINE_COMMAND_ELIGIBLE_SOURCES = new Set([
   "bundled",
@@ -300,20 +297,6 @@ export class SkillLoadTool implements Tool {
       skill.inlineCommandExpansions && skill.inlineCommandExpansions.length > 0;
 
     if (hasInlineCommands) {
-      const inlineFlagEnabled = isAssistantFeatureFlagEnabled(
-        INLINE_COMMANDS_FLAG_KEY,
-        config,
-      );
-
-      if (!inlineFlagEnabled) {
-        // Feature flag is off: fail closed instead of leaving live tokens in
-        // the prompt that the LLM might try to interpret.
-        return {
-          content: `Error: skill "${skill.id}" contains inline command expansions but the inline-skill-commands feature flag is disabled. Enable the flag to use this skill.`,
-          isError: true,
-        };
-      }
-
       if (skill.source === "extra") {
         // Third-party extra roots are out of scope for inline command
         // expansion in v1. Reject explicitly so the failure is clear.
@@ -391,21 +374,6 @@ export class SkillLoadTool implements Tool {
             childLoaded.skill.inlineCommandExpansions.length > 0;
 
           if (childHasInlineCommands) {
-            const childInlineFlagEnabled = isAssistantFeatureFlagEnabled(
-              INLINE_COMMANDS_FLAG_KEY,
-              config,
-            );
-
-            // Fail closed: if the flag is off, reject the entire skill_load
-            // just like we do for root skills. Leaving raw !`...` tokens in
-            // the prompt would violate the documented fail-closed contract.
-            if (!childInlineFlagEnabled) {
-              return {
-                content: `Error: included skill "${childId}" contains inline command expansions but the inline-skill-commands feature flag is disabled. Enable the flag to use skill "${skill.id}".`,
-                isError: true,
-              };
-            }
-
             if (childLoaded.skill.source === "extra") {
               return {
                 content: `Error: included skill "${childId}" contains inline command expansions but inline commands are not supported for third-party (extra) skill sources.`,