@vellumai/assistant 0.7.2 → 0.7.3

package/src/daemon/conversation-error.ts

@@ -36,6 +36,23 @@ const NETWORK_PATTERNS = [
 // Rate limit patterns (HTTP 429 or explicit rate limit messages)
 const RATE_LIMIT_PATTERNS = [/429/, /rate.?limit/i, /too many requests/i];
 
+// Managed usage-limit responses are generated by Vellum, even though they can
+// travel through provider SDKs and get wrapped as ProviderError.
+const MANAGED_USAGE_LIMIT_PATTERNS = [
+  /"code"\s*:\s*"daily_quota_exceeded"/i,
+  /"code"\s*:\s*"rate_limit_exceeded"/i,
+  /system credential proxy rate limit/i,
+  /you've reached your usage limit for today/i,
+  /current plan allows/i,
+];
+
+const PROVIDER_BILLING_PATTERNS = [
+  /credit balance is too low/i,
+  /insufficient.*credits?/i,
+  /requires more credits/i,
+  /can only afford/i,
+];
+
 // Overloaded patterns — provider is capacity-constrained (distinct from rate limiting)
 const OVERLOADED_PATTERNS = [/overloaded/i];
 
@@ -259,15 +276,21 @@ function classifyCore(
       };
     }
     if (error.statusCode === 402) {
-      return {
-        code: "PROVIDER_BILLING",
-        userMessage:
-          "You've run out of credits. Add funds to continue using the assistant.",
-        retryable: false,
-        errorCategory: "credits_exhausted",
-      };
+      if (isManagedBalanceError(error)) {
+        return managedBalanceClassification();
+      }
+      return providerBillingClassification();
     }
     if (error.statusCode === 429) {
+      if (isManagedUsageLimitError(error, message)) {
+        return {
+          code: "MANAGED_USAGE_LIMIT",
+          userMessage:
+            "Vellum managed inference is rate limited. This is a Vellum-side usage limit, not an AI provider outage.",
+          retryable: true,
+          errorCategory: "managed_usage_limit",
+        };
+      }
       return {
         code: "PROVIDER_RATE_LIMIT",
         userMessage:
@@ -331,13 +354,8 @@ function classifyCore(
           errorCategory: "tool_ordering",
         };
       }
-      if (/credit balance is too low|insufficient.*credits?/i.test(message)) {
-        return {
-          code: "PROVIDER_BILLING",
-          userMessage: "Your API key has insufficient credits.",
-          retryable: false,
-          errorCategory: "provider_billing",
-        };
+      if (isProviderBillingError(message)) {
+        return providerBillingClassification();
       }
       if (
         /invalid.*api.?key|invalid.*x-api-key|authentication.?error|invalid.authentication/i.test(
@@ -362,7 +380,7 @@ function classifyCore(
   }
 
   // Regex fallback for non-ProviderError or ProviderError without statusCode
-  return classifyByMessage(message);
+  return classifyByMessage(error, message);
 }
 
 /** Check whether an error message indicates a context-too-large failure. */
@@ -394,7 +412,52 @@ function isStreamingError(message: string): boolean {
   return STREAMING_ERROR_PATTERNS.some((p) => p.test(message));
 }
 
+function isManagedUsageLimitError(error: unknown, message: string): boolean {
+  if (
+    error instanceof ProviderError &&
+    getProviderRoutingSource(error.provider) === "managed-proxy"
+  ) {
+    return true;
+  }
+  return MANAGED_USAGE_LIMIT_PATTERNS.some((p) => p.test(message));
+}
+
+function isManagedBalanceError(error: ProviderError): boolean {
+  return getProviderRoutingSource(error.provider) === "managed-proxy";
+}
+
+function isProviderBillingError(message: string): boolean {
+  return PROVIDER_BILLING_PATTERNS.some((p) => p.test(message));
+}
+
+function managedBalanceClassification(): Omit<
+  ClassifiedConversationError,
+  "debugDetails"
+> {
+  return {
+    code: "PROVIDER_BILLING",
+    userMessage:
+      "You've run out of credits. Add funds to continue using the assistant.",
+    retryable: false,
+    errorCategory: "credits_exhausted",
+  };
+}
+
+function providerBillingClassification(): Omit<
+  ClassifiedConversationError,
+  "debugDetails"
+> {
+  return {
+    code: "PROVIDER_BILLING",
+    userMessage:
+      "Your API provider account or key needs credits. Add funds with the provider or update the key in Settings.",
+    retryable: false,
+    errorCategory: "provider_billing",
+  };
+}
+
 function classifyByMessage(
+  error: unknown,
   message: string,
 ): Omit<ClassifiedConversationError, "debugDetails"> {
   // Check context-too-large before other patterns
@@ -411,6 +474,15 @@ function classifyByMessage(
   // Check rate limit first (before network, since 429 could match both)
   for (const pattern of RATE_LIMIT_PATTERNS) {
     if (pattern.test(message)) {
+      if (isManagedUsageLimitError(error, message)) {
+        return {
+          code: "MANAGED_USAGE_LIMIT",
+          userMessage:
+            "Vellum managed inference is rate limited. This is a Vellum-side usage limit, not an AI provider outage.",
+          retryable: true,
+          errorCategory: "managed_usage_limit",
+        };
+      }
       return {
         code: "PROVIDER_RATE_LIMIT",
         userMessage:

package/src/daemon/conversation-lifecycle.ts

@@ -153,8 +153,6 @@ export interface DisposeContext extends AbortContext {
   trustContext?: { trustClass: TrustClass };
   /** Active memory node IDs snapshotted from the conversation's InContextTracker before disposal. */
   activeContextNodeIds?: string[];
-  /** Memory scope for extraction — defaults to "default" if omitted. */
-  memoryScopeId?: string;
   abort(): void;
 }
 
@@ -378,7 +376,7 @@ export function disposeConversation(ctx: DisposeContext): void {
       try {
         enqueueMemoryJob("graph_extract", {
           conversationId: ctx.conversationId,
-          scopeId: ctx.memoryScopeId ?? "default",
+          scopeId: "default",
           ...(ctx.activeContextNodeIds?.length
             ? { activeContextNodeIds: ctx.activeContextNodeIds }
             : {}),

package/src/daemon/conversation-process.ts

@@ -182,6 +182,8 @@ export interface ProcessConversationContext {
   forceCompact(): Promise<ContextWindowResult>;
   /** Set transport-derived hints for the conversation. */
   setTransportHints(hints: string[] | undefined): void;
+  /** IANA timezone reported by the active client for the current turn. */
+  clientTimezone?: string;
   /**
    * Apply client-reported host env (home dir, username) from transport
    * metadata, gating on `supportsHostProxy` so non-host-proxy interfaces
@@ -189,6 +191,10 @@ export interface ProcessConversationContext {
    * `DaemonServer.applyTransportMetadata` and the queue-drain path below.
    */
   applyHostEnvFromTransport(transport: ConversationTransportMetadata): void;
+  /** Apply the per-turn client timezone reported by transport metadata. */
+  applyClientTimezoneFromTransport(
+    transport: ConversationTransportMetadata,
+  ): void;
 }
 
 function resolveQueuedTurnContext(
@@ -423,6 +429,7 @@ async function drainSingleMessage(
     // setter used by DaemonServer.applyTransportMetadata so create/reuse
     // and queue-drain stay in sync without duplicating the gate logic.
     conversation.applyHostEnvFromTransport(next.transport);
+    conversation.applyClientTimezoneFromTransport(next.transport);
   }
 
   // Re-preactivate host-proxy skills for interactive desktop turns. The
@@ -865,6 +872,7 @@ async function drainBatch(
   if (head.transport) {
     conversation.setTransportHints(buildTransportHints(head.transport));
     conversation.applyHostEnvFromTransport(head.transport);
+    conversation.applyClientTimezoneFromTransport(head.transport);
   }
 
   // Re-preactivate host-proxy skills for interactive desktop turns.

package/src/daemon/conversation-runtime-assembly.ts

@@ -33,6 +33,7 @@ import {
 } from "../messaging/providers/slack/render-transcript.js";
 import { getInjectors } from "../plugins/registry.js";
 import type {
+  DiskPressureInjectionContext,
   InjectionBlock,
   InjectionPlacement,
   TurnContext,
@@ -788,6 +789,9 @@ export interface UnifiedTurnContextOptions {
   interfaceName?: string;
   channelName?: string;
   actorContext?: InboundActorContext | null;
+  configuredUserTimezone?: string | null;
+  clientTimezone?: string | null;
+  detectedTimezone?: string | null;
   /**
    * Human-readable duration since the previous user message (e.g. "14h ago",
    * "yesterday", "3d ago"). Only populated when the gap exceeds 12 hours so
@@ -830,6 +834,25 @@ export function buildUnifiedTurnContextBlock(
 
   const lines: string[] = ["<turn_context>"];
   lines.push(`current_time: ${options.timestamp}`);
+  const configuredUserTimezone = options.configuredUserTimezone ?? null;
+  const clientDeviceTimezone =
+    options.clientTimezone ?? options.detectedTimezone ?? null;
+  const hasTimezoneMismatch =
+    configuredUserTimezone !== null &&
+    clientDeviceTimezone !== null &&
+    configuredUserTimezone !== clientDeviceTimezone;
+  if (hasTimezoneMismatch) {
+    const sanitizedConfiguredTimezone = sanitizeInlineContextValue(
+      configuredUserTimezone,
+    );
+    const sanitizedClientDeviceTimezone =
+      sanitizeInlineContextValue(clientDeviceTimezone);
+    lines.push(`configured_user_timezone: ${sanitizedConfiguredTimezone}`);
+    lines.push(`client_device_timezone: ${sanitizedClientDeviceTimezone}`);
+    lines.push(
+      `timezone_update_available: after explicit user confirmation, persist client_device_timezone with \`assistant config set ui.userTimezone "${sanitizedClientDeviceTimezone}"\``,
+    );
+  }
   if (options.timeSinceLastMessage) {
     lines.push(`time_since_last_message: ${options.timeSinceLastMessage}`);
   }
@@ -1609,6 +1632,7 @@ export function loadSlackActiveThreadFocusBlock(
 const RUNTIME_INJECTION_PREFIXES = [
   "<channel_capabilities>",
   "<channel_command_context>",
+  "<disk_pressure_warning>",
   "<channel_turn_context>", // backward-compat: strip legacy separate channel blocks
   "<guardian_context>",
   "<inbound_actor_context>", // backward-compat: strip legacy separate actor blocks
@@ -1872,6 +1896,7 @@ function applyInjectionBlock(
  * plugin-overridable default injectors.
  */
 export interface RuntimeInjectionOptions {
+  diskPressureContext?: DiskPressureInjectionContext | null;
   /**
    * Active dashboard-surface context (read from `<active_workspace>`). Kept
    * on the options bag rather than an injector because it is a
@@ -1990,6 +2015,7 @@ function buildTurnInjectionInputs(
 ): TurnInjectionInputs {
   return {
     mode: options.mode,
+    diskPressureContext: options.diskPressureContext,
     workspaceTopLevelContext: options.workspaceTopLevelContext,
     unifiedTurnContext: options.unifiedTurnContext,
     pkbContext: options.pkbContext,

package/src/daemon/conversation-store.ts

@@ -22,7 +22,7 @@ import { RateLimitProvider } from "../providers/ratelimit.js";
 import { getProvider } from "../providers/registry.js";
 import { getSubagentManager } from "../subagent/index.js";
 import { getSandboxWorkingDir } from "../util/platform.js";
-import { Conversation, DEFAULT_MEMORY_POLICY } from "./conversation.js";
+import { Conversation } from "./conversation.js";
 import type { ConversationEvictor } from "./conversation-evictor.js";
 import type { ConversationCreateOptions } from "./handlers/shared.js";
 import { buildTransportHints } from "./transport-hints.js";
@@ -180,6 +180,7 @@ function applyTransportMetadata(
   if (!transport) return;
   conversation.setTransportHints(buildTransportHints(transport));
   conversation.applyHostEnvFromTransport(transport);
+  conversation.applyClientTimezoneFromTransport(transport);
 }
 
 /**
@@ -253,7 +254,6 @@ export async function getOrCreateConversation(
         maxTokens,
         sendToClient,
         workingDir,
-        DEFAULT_MEMORY_POLICY,
         sharedCesClient,
         storedOptions?.speed,
         undefined,

package/src/daemon/conversation-surfaces.ts

@@ -18,6 +18,7 @@ import {
   assistantEventHub,
   broadcastMessage,
 } from "../runtime/assistant-event-hub.js";
+import { enforceSameActorOrErrorResult } from "../runtime/auth/same-actor.js";
 import type {
   InteractiveUiRequest,
   InteractiveUiResult,
@@ -53,6 +54,148 @@ const log = getLogger("conversation-surfaces");
 
 const MAX_UNDO_DEPTH = 10;
 
+/**
+ * Debounce window for persisting `ui_surface_update` data back to the
+ * message row. Surfaces typically receive bursts of updates (e.g. a
+ * Workspace Health Check ticking off items rapidly) — collapsing them
+ * to a single DB write avoids hammering SQLite while still bounding the
+ * "lost work on crash" window to ~half a second.
+ */
+const SURFACE_PERSIST_DEBOUNCE_MS = 500;
+
+/**
+ * In-flight debounced persist timers keyed by `surfaceId`. Surface IDs
+ * are UUIDs and globally unique, so a module-level map is safe across
+ * conversations. Each entry holds the latest data snapshot — newer
+ * updates clobber older ones since the persisted row carries the full
+ * merged state, not a delta.
+ */
+const pendingSurfacePersists = new Map<
+  string,
+  {
+    timer: ReturnType<typeof setTimeout>;
+    conversationId: string;
+    data: SurfaceData;
+  }
+>();
+
+/**
+ * Persist the latest `data` for a `ui_surface` content block by
+ * scanning the conversation's messages for one containing the given
+ * `surfaceId` and patching its `data` field. Mirrors the scan-and-patch
+ * pattern in `markSurfaceCompleted`.
+ *
+ * Safe to call before the assistant message has been persisted (mid-stream):
+ * the scan simply finds nothing and bails. The next update after
+ * `handleMessageComplete` runs will pick up the now-persisted row.
+ */
+function persistSurfaceData(
+  conversationId: string,
+  surfaceId: string,
+  data: SurfaceData,
+): void {
+  try {
+    const rows = getMessages(conversationId);
+    for (let r = rows.length - 1; r >= 0; r--) {
+      let parsed: unknown[];
+      try {
+        const result = JSON.parse(rows[r].content);
+        if (!Array.isArray(result)) continue;
+        parsed = result;
+      } catch {
+        // Plain-text content rows — skip and keep scanning.
+        continue;
+      }
+      let found = false;
+      for (const pb of parsed) {
+        const rb = pb as Record<string, unknown>;
+        if (rb.type === "ui_surface" && rb.surfaceId === surfaceId) {
+          rb.data = data;
+          found = true;
+          break;
+        }
+      }
+      if (found) {
+        updateMessageContent(rows[r].id, JSON.stringify(parsed));
+        return;
+      }
+    }
+  } catch (err) {
+    log.debug(
+      { err, surfaceId, conversationId },
+      "Failed to persist surface data update",
+    );
+  }
+}
+
+/**
+ * Schedule a debounced write of the merged surface data back to the
+ * persisted message row. Repeated calls within the debounce window
+ * collapse to a single write carrying the latest data.
+ */
+export function scheduleSurfaceDataPersist(
+  conversationId: string,
+  surfaceId: string,
+  data: SurfaceData,
+): void {
+  const existing = pendingSurfacePersists.get(surfaceId);
+  if (existing) {
+    clearTimeout(existing.timer);
+  }
+  const timer = setTimeout(() => {
+    pendingSurfacePersists.delete(surfaceId);
+    persistSurfaceData(conversationId, surfaceId, data);
+  }, SURFACE_PERSIST_DEBOUNCE_MS);
+  pendingSurfacePersists.set(surfaceId, { timer, conversationId, data });
+}
+
+/**
+ * Force-flush any pending debounced persist for `surfaceId`. Called on
+ * surface completion so the final state is durable before the surface
+ * record transitions to `completed`.
+ */
+export function flushSurfaceDataPersist(surfaceId: string): void {
+  const pending = pendingSurfacePersists.get(surfaceId);
+  if (!pending) return;
+  clearTimeout(pending.timer);
+  pendingSurfacePersists.delete(surfaceId);
+  persistSurfaceData(pending.conversationId, surfaceId, pending.data);
+}
+
+/**
+ * Cancel all pending debounced persists. Called on conversation
+ * teardown to avoid timers firing against torn-down state.
+ *
+ * Use `flushPendingSurfaceDataPersists` instead on a clean shutdown
+ * path where the latest in-flight surface state should still be
+ * written before teardown.
+ */
+export function cancelPendingSurfaceDataPersists(
+  conversationId?: string,
+): void {
+  for (const [surfaceId, pending] of pendingSurfacePersists) {
+    if (conversationId && pending.conversationId !== conversationId) continue;
+    clearTimeout(pending.timer);
+    pendingSurfacePersists.delete(surfaceId);
+  }
+}
+
+/**
+ * Synchronously flush all pending debounced persists, optionally scoped
+ * to a single conversation. Called on clean conversation teardown so an
+ * update that arrived inside the 500ms debounce window still lands in
+ * the DB before the conversation goes away. Each entry is removed from
+ * the pending map after its write fires.
+ */
+export function flushPendingSurfaceDataPersists(conversationId?: string): void {
+  for (const [surfaceId, pending] of pendingSurfacePersists) {
+    if (conversationId && pending.conversationId !== conversationId) continue;
+    clearTimeout(pending.timer);
+    pendingSurfacePersists.delete(surfaceId);
+    persistSurfaceData(pending.conversationId, surfaceId, pending.data);
+  }
+}
+
 /**
  * Mark a `ui_surface` content block as completed in the database so that
  * history reconstruction preserves the completion state.  Also updates
@@ -63,6 +206,10 @@ export function markSurfaceCompleted(
   surfaceId: string,
   summary: string,
 ): void {
+  // Force-flush any pending debounced data persist so the completion
+  // patch lands on top of the latest data instead of racing with it.
+  flushSurfaceDataPersist(surfaceId);
+
   // Update in-memory messages when available so subsequent reads within
   // this session see the change without waiting for DB.
   if (ctx.messages) {
@@ -1783,15 +1930,19 @@ export async function surfaceProxyResolver(
     // Record the action and proxy to the connected desktop client
     const reasoning =
       typeof input.reasoning === "string" ? input.reasoning : undefined;
-    const targetClientId =
-      typeof input.target_client_id === "string" && input.target_client_id !== ""
+    let targetClientId: string | undefined =
+      typeof input.target_client_id === "string" &&
+      input.target_client_id !== ""
         ? input.target_client_id
         : undefined;
 
-    // Validate targetClientId before recordAction so an invalid ID does not
-    // burn a step or pollute action history. (HostBashProxy / HostFileProxy
-    // both validate at the tool-resolution layer before incrementing any
-    // state; this mirrors that behaviour for CU.)
+    // Validate targetClientId existence, capability, and same-user binding
+    // before recordAction so an invalid or cross-user ID does not burn a
+    // step or pollute action history. HostBashProxy / HostFileProxy
+    // validate at the tool-resolution layer for the same reason. The proxy
+    // re-checks same-user (single authoritative gate); using the shared
+    // helper keeps log payload and error wording identical at both layers.
+    const sourceActorPrincipalId = ctx.trustContext?.guardianPrincipalId;
     if (targetClientId != null) {
       const client = assistantEventHub.getClientById(targetClientId);
       if (!client) {
@@ -1806,14 +1957,24 @@ export async function surfaceProxyResolver(
           isError: true,
         };
       }
+      const rejection = enforceSameActorOrErrorResult({
+        hub: assistantEventHub,
+        sourceActorPrincipalId,
+        targetClientId,
+        op: "host_cu",
+      });
+      if (rejection) return rejection;
     }
 
-    // Guard: require explicit targeting when multiple CU-capable clients are
-    // connected. The tool schemas document target_client_id as "required when
-    // multiple clients support host_cu" but nothing enforced it at runtime
-    // until now. Without this guard, the request would broadcast to all
-    // capable clients simultaneously, causing the same CU action to execute
-    // on multiple machines.
+    // Guard: require explicit targeting when multiple same-user CU-capable
+    // clients are connected. The tool schemas document target_client_id as
+    // "required when multiple clients support host_cu" but nothing enforced
+    // it at runtime until now. Without this guard, the request would
+    // broadcast to all capable clients simultaneously, causing the same CU
+    // action to execute on multiple machines. The filter mirrors
+    // HostFileProxy's auto-resolve: only same-user clients participate, so
+    // a cross-user client connected to the same daemon does not falsely
+    // trigger this ambiguity error.
     //
     // Asymmetry with host_bash / host_file (host-shell.ts): the bash/file
     // guard additionally checks `transportInterface != null &&
@@ -1824,13 +1985,25 @@ export async function surfaceProxyResolver(
     // host_cu-capable transport for which auto-routing-to-self would be
     // appropriate. We therefore fire whenever there is genuine ambiguity.
     if (targetClientId == null) {
-      const cuClients = assistantEventHub.listClientsByCapability("host_cu");
-      if (cuClients.length > 1) {
+      const allCuClients = assistantEventHub.listClientsByCapability("host_cu");
+      const sameUserCuClients = allCuClients.filter(
+        (c) => c.actorPrincipalId === sourceActorPrincipalId,
+      );
+      if (sameUserCuClients.length > 1) {
         return {
           content: `Error: multiple clients support host_cu. Specify which client to target with \`target_client_id\`. Run \`assistant clients list --capability host_cu\` to see client IDs and labels.`,
           isError: true,
         };
       }
+      // When cross-user host_cu clients are connected, we MUST auto-resolve
+      // to the unique same-user client (or fail explicitly) — otherwise the
+      // proxy would broadcast untargeted and the CU action would reach the
+      // cross-user client too. Setting targetClientId here forces the proxy
+      // to deliver only to that client, with the same-user check below as
+      // belt-and-suspenders.
+      if (sameUserCuClients.length === 1 && allCuClients.length > 1) {
+        targetClientId = sameUserCuClients[0].clientId;
+      }
     }
 
     ctx.hostCuProxy.recordAction(toolName, input, reasoning);
@@ -1842,6 +2015,7 @@ export async function surfaceProxyResolver(
       reasoning,
       signal,
       targetClientId,
+      sourceActorPrincipalId,
     );
   }
 
@@ -1876,7 +2050,7 @@ export async function surfaceProxyResolver(
     // union on `tool` ("start" | "observe" | "press" | …). The agent's raw
     // tool input only carries the action-specific payload (app, x/y, text,
     // …) — the discriminator is implied by `toolName` (`app_control_<tool>`).
-    // Inject it here so the proxy's singleton-lock guard (`input.tool ===
+    // Inject it here so the proxy's session-lock guard (`input.tool ===
     // "start"`) and the Swift client's discriminated-union decoder both see
     // the field they require.
     const tool = toolName.slice("app_control_".length);
@@ -2077,6 +2251,12 @@ export async function surfaceProxyResolver(
       ctx.currentTurnSurfaces[idx].data = mergedData;
     }
 
+    // Persist the merged data back to the assistant message's
+    // `ui_surface` content block so a refresh / restart shows the
+    // current state instead of the original creation-time snapshot.
+    // Debounced to coalesce bursts of rapid updates.
+    scheduleSurfaceDataPersist(ctx.conversationId, surfaceId, mergedData);
+
     return { content: "Surface updated", isError: false };
   }