@vellumai/assistant 0.7.2 → 0.8.0

package/src/runtime/routes/__tests__/conversation-query-routes.test.ts

@@ -10,7 +10,6 @@ mock.module("../../../util/logger.js", () => ({
 import {
   sampleConcepts as sharedSampleConcepts,
   sampleConfig,
-  sampleSkills,
 } from "../../../memory/__tests__/fixtures/memory-v2-activation-fixtures.js";
 
 let rawConfigFixture: Record<string, unknown> = {};
@@ -36,7 +35,6 @@ import {
   backfillMemoryV2ActivationMessageId,
   type MemoryV2ConceptRowRecord,
   type MemoryV2ConfigSnapshot,
-  type MemoryV2SkillRowRecord,
   recordMemoryV2ActivationLog,
 } from "../../../memory/memory-v2-activation-log-store.js";
 import {
@@ -153,7 +151,6 @@ describe("GET /v1/messages/:id/llm-context — memoryV2Activation", () => {
       turn: 4,
       mode: "per-turn",
       concepts: sampleConcepts,
-      skills: sampleSkills,
       config: sampleConfig,
     });
     backfillMemoryV2ActivationMessageId(conversationId, messageId);
@@ -163,7 +160,6 @@ describe("GET /v1/messages/:id/llm-context — memoryV2Activation", () => {
         turn: number;
         mode: "context-load" | "per-turn";
         concepts: MemoryV2ConceptRowRecord[];
-        skills: MemoryV2SkillRowRecord[];
         config: MemoryV2ConfigSnapshot;
       } | null;
       memoryRecall: unknown;
@@ -173,7 +169,6 @@ describe("GET /v1/messages/:id/llm-context — memoryV2Activation", () => {
     expect(body.memoryV2Activation!.turn).toBe(4);
     expect(body.memoryV2Activation!.mode).toBe("per-turn");
     expect(body.memoryV2Activation!.concepts).toEqual(sampleConcepts);
-    expect(body.memoryV2Activation!.skills).toEqual(sampleSkills);
     expect(body.memoryV2Activation!.config).toEqual(sampleConfig);
     // Backwards-compat: memoryRecall field still present.
     expect(body).toHaveProperty("memoryRecall");

package/src/runtime/routes/__tests__/heartbeat-routes.test.ts

@@ -90,7 +90,7 @@ describe("setHeartbeatConfig handler", () => {
     // invalidation + getConfig() read picked up the new on-disk state.
     expect(result.success).toBe(true);
     expect(result.enabled).toBe(true);
-    expect(result.intervalMs).toBe(6 * 3_600_000);
+    expect(result.intervalMs).toBe(30 * 60_000);
     expect(result.activeHoursStart).toBe(8);
     expect(result.activeHoursEnd).toBe(22);
   });

package/src/runtime/routes/__tests__/memory-v2-routes.test.ts

@@ -0,0 +1,147 @@
+/**
+ * Tests for the memory v2 route handlers in `memory-v2-routes.ts`.
+ *
+ * Currently focused on `memory_v2_list_concept_pages`:
+ *   - empty workspace → returns no pages
+ *   - populated workspace → surfaces slug, bodyBytes, edgeCount, updatedAtMs
+ *   - corrupt page on disk → logged-and-skipped, does not poison listing
+ */
+
+import { mkdtempSync, rmSync } from "node:fs";
+import { mkdir, writeFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+
+import { writePage } from "../../../memory/v2/page-store.js";
+import type { ConceptPage } from "../../../memory/v2/types.js";
+import type { MemoryV2ListConceptPagesResult } from "../memory-v2-routes.js";
+import { ROUTES } from "../memory-v2-routes.js";
+import type { RouteDefinition } from "../types.js";
+
+// ─── Setup ─────────────────────────────────────────────────────────────────
+
+let workspaceDir: string;
+let origWorkspaceDir: string | undefined;
+
+function findHandler(operationId: string): RouteDefinition["handler"] {
+  const route = ROUTES.find((r) => r.operationId === operationId);
+  if (!route) throw new Error(`Route ${operationId} not found`);
+  return route.handler;
+}
+
+beforeEach(() => {
+  workspaceDir = mkdtempSync(join(tmpdir(), "vellum-memv2-list-"));
+  origWorkspaceDir = process.env.VELLUM_WORKSPACE_DIR;
+  process.env.VELLUM_WORKSPACE_DIR = workspaceDir;
+});
+
+afterEach(() => {
+  if (origWorkspaceDir === undefined) {
+    delete process.env.VELLUM_WORKSPACE_DIR;
+  } else {
+    process.env.VELLUM_WORKSPACE_DIR = origWorkspaceDir;
+  }
+  try {
+    rmSync(workspaceDir, { recursive: true, force: true });
+  } catch {
+    // best-effort cleanup
+  }
+});
+
+// ─── Tests ─────────────────────────────────────────────────────────────────
+
+describe("memory_v2_list_concept_pages handler", () => {
+  test("returns empty list for an empty workspace", async () => {
+    const handler = findHandler("memory_v2_list_concept_pages");
+    const result = (await handler({
+      body: {},
+    })) as MemoryV2ListConceptPagesResult;
+
+    expect(result).toEqual({ pages: [] });
+  });
+
+  test("returns slugs, body bytes, edge counts, and mtimes for populated workspace", async () => {
+    const before = Date.now();
+
+    const pages: ConceptPage[] = [
+      {
+        slug: "alice",
+        frontmatter: { edges: ["bob", "carol"], ref_files: [] },
+        body: "Alice prefers VS Code.\n",
+      },
+      {
+        slug: "bob",
+        frontmatter: { edges: [], ref_files: [] },
+        body: "Bob ships at end of day.\nLikes async standups.\n",
+      },
+      {
+        slug: "people/carol",
+        frontmatter: { edges: ["alice"], ref_files: [] },
+        body: "Carol leads the platform team.\n",
+      },
+    ];
+    for (const page of pages) {
+      await writePage(workspaceDir, page);
+    }
+
+    const handler = findHandler("memory_v2_list_concept_pages");
+    const result = (await handler({
+      body: {},
+    })) as MemoryV2ListConceptPagesResult;
+
+    expect(result.pages).toHaveLength(3);
+
+    const bySlug = new Map(result.pages.map((p) => [p.slug, p]));
+
+    const alice = bySlug.get("alice");
+    expect(alice).toBeDefined();
+    expect(alice!.bodyBytes).toBe(Buffer.byteLength(pages[0]!.body, "utf8"));
+    expect(alice!.edgeCount).toBe(2);
+    expect(alice!.updatedAtMs).toBeGreaterThanOrEqual(before);
+    // updatedAtMs must be an integer on the wire — Swift clients decode it as
+    // Int64 and a sub-millisecond float (which fs.Stats.mtimeMs returns by
+    // default) breaks JSONDecoder strict number parsing.
+    expect(Number.isInteger(alice!.updatedAtMs)).toBe(true);
+
+    const bob = bySlug.get("bob");
+    expect(bob).toBeDefined();
+    expect(bob!.bodyBytes).toBe(Buffer.byteLength(pages[1]!.body, "utf8"));
+    expect(bob!.edgeCount).toBe(0);
+    expect(bob!.updatedAtMs).toBeGreaterThanOrEqual(before);
+    expect(Number.isInteger(bob!.updatedAtMs)).toBe(true);
+
+    const carol = bySlug.get("people/carol");
+    expect(carol).toBeDefined();
+    expect(carol!.bodyBytes).toBe(Buffer.byteLength(pages[2]!.body, "utf8"));
+    expect(carol!.edgeCount).toBe(1);
+    expect(carol!.updatedAtMs).toBeGreaterThanOrEqual(before);
+    expect(Number.isInteger(carol!.updatedAtMs)).toBe(true);
+  });
+
+  test("tolerates a single corrupt page — returns valid pages and skips the broken one", async () => {
+    await writePage(workspaceDir, {
+      slug: "valid-page",
+      frontmatter: { edges: [], ref_files: [] },
+      body: "Body of the valid page.\n",
+    });
+
+    // A `.md` file with frontmatter that fails schema validation — `edges`
+    // must be a list of strings, not a single number — so `readPage` throws.
+    const conceptsDir = join(workspaceDir, "memory", "concepts");
+    await mkdir(conceptsDir, { recursive: true });
+    await writeFile(
+      join(conceptsDir, "broken.md"),
+      "---\nedges: 42\n---\nbroken body\n",
+      "utf-8",
+    );
+
+    const handler = findHandler("memory_v2_list_concept_pages");
+    const result = (await handler({
+      body: {},
+    })) as MemoryV2ListConceptPagesResult;
+
+    expect(result.pages).toHaveLength(1);
+    expect(result.pages.map((p) => p.slug)).toEqual(["valid-page"]);
+  });
+});

package/src/runtime/routes/approval-routes.ts

@@ -62,8 +62,9 @@ function handleConfirm({ body }: RouteHandlerArgs) {
     throw new BadRequestError("decision must resolve to allow or deny");
   }
 
-  // Validation passed — consume the pending interaction.
-  const interaction = pendingInteractions.resolve(requestId)!;
+  // Validation passed. Use get() here — the prompter (or ACP directResolve path)
+  // owns deregistration via pendingInteractions.resolve().
+  const interaction = peeked;
 
   log.info(
     {
@@ -93,7 +94,9 @@ function handleConfirm({ body }: RouteHandlerArgs) {
   });
 
   // ACP permissions: resolve directly without a Conversation object.
+  // No PermissionPrompter involved, so the route owns deregistration.
   if (interaction.directResolve) {
+    pendingInteractions.resolve(requestId);
     interaction.directResolve(effectiveDecision as UserDecision);
     return { accepted: true };
   }
@@ -139,7 +142,8 @@ function handleSecret({ body }: RouteHandlerArgs) {
     throw new BadRequestError('delivery must be "store" or "transient_send"');
   }
 
-  const interaction = pendingInteractions.resolve(requestId);
+  // Use get() — SecretPrompter.resolveSecret() owns deregistration.
+  const interaction = pendingInteractions.get(requestId);
   if (!interaction) {
     throw new NotFoundError("No pending interaction found for this requestId");
   }

package/src/runtime/routes/client-routes.ts

@@ -8,6 +8,7 @@
 import { z } from "zod";
 
 import type { HostProxyCapability } from "../../channels/types.js";
+import { isHttpAuthDisabled } from "../../config/env.js";
 import { datesToISO } from "../../util/json.js";
 import { assistantEventHub } from "../assistant-event-hub.js";
 import { NotFoundError } from "./errors.js";
@@ -33,7 +34,7 @@ export const ROUTES: RouteDefinition[] = [
     responseBody: z.object({
       clients: z.array(z.object({}).passthrough()),
     }),
-    handler: ({ queryParams }) => {
+    handler: ({ queryParams, headers }) => {
       const capability = queryParams?.capability as
         | HostProxyCapability
         | undefined;
@@ -42,8 +43,25 @@ export const ROUTES: RouteDefinition[] = [
         ? assistantEventHub.listClientsByCapability(capability)
         : assistantEventHub.listClients();
 
+      // Defense-in-depth: filter the listing to clients owned by the calling
+      // actor so users cannot enumerate other users' connected client IDs.
+      // Clients with no stored `actorPrincipalId` (legacy SSE subscribers from
+      // before host-proxy-same-user, service-gateway tokens) are filtered out
+      // — fail-closed is the right default for this security boundary.
+      // Dev-bypass mode (DISABLE_HTTP_AUTH=true, mirroring
+      // require-bound-guardian.ts) preserves the previous "return all" behavior
+      // for platform-managed deployments where the platform handles auth.
+      const callerPrincipalId = headers?.["x-vellum-actor-principal-id"];
+      const filtered = isHttpAuthDisabled()
+        ? clients
+        : clients.filter(
+            (c) =>
+              c.actorPrincipalId !== undefined &&
+              c.actorPrincipalId === callerPrincipalId,
+          );
+
       return {
-        clients: clients.map((c) =>
+        clients: filtered.map((c) =>
           datesToISO({
             clientId: c.clientId,
             interfaceId: c.interfaceId,

package/src/runtime/routes/consolidation-routes.ts

@@ -8,13 +8,13 @@
  * only surface its config and provide an on-demand trigger for the Settings UI.
  *
  * `available` mirrors the filing route's `available` field: it reflects which
- * background memory job is active for this instance. When `memory-v2-enabled`
- * is off, consolidation returns `available: false` and the UI hides the row.
+ * background memory job is active for this instance. When
+ * `config.memory.v2.enabled` is false, consolidation returns
+ * `available: false` and the UI hides the row.
  */
 
 import { z } from "zod";
 
-import { isAssistantFeatureFlagEnabled } from "../../config/assistant-feature-flags.js";
 import { getConfig } from "../../config/loader.js";
 import { getMemoryCheckpoint } from "../../memory/checkpoints.js";
 import {
@@ -26,7 +26,7 @@ import { BadRequestError } from "./errors.js";
 import type { RouteDefinition, RouteHandlerArgs } from "./types.js";
 
 function isConsolidationAvailable(): boolean {
-  return isAssistantFeatureFlagEnabled("memory-v2-enabled", getConfig());
+  return getConfig().memory.v2.enabled;
 }
 
 function consolidationIntervalMs(): number {
@@ -66,14 +66,13 @@ export const ROUTES: RouteDefinition[] = [
       success: z.boolean(),
     }),
     handler: async (_args: RouteHandlerArgs) => {
-      const available = isConsolidationAvailable();
-      const v2Config = getConfig().memory.v2;
+      const enabled = getConfig().memory.v2.enabled;
       const intervalMs = consolidationIntervalMs();
       const lastRunAt = readLastRunAt();
       const nextRunAt = lastRunAt != null ? lastRunAt + intervalMs : null;
       return {
-        available,
-        enabled: available && v2Config.enabled,
+        available: enabled,
+        enabled,
         intervalMs,
         nextRunAt,
         lastRunAt,
@@ -99,7 +98,7 @@ export const ROUTES: RouteDefinition[] = [
     handler: async (_args: RouteHandlerArgs) => {
       if (!isConsolidationAvailable()) {
         throw new BadRequestError(
-          "Consolidation is not available (memory-v2-enabled is off)",
+          "Consolidation is not available (memory.v2.enabled is false)",
         );
       }
       // Coalesce: don't pile up duplicate jobs if the worker hasn't picked up

package/src/runtime/routes/contact-routes.ts

@@ -11,7 +11,6 @@
 import { z } from "zod";
 
 import {
-  deleteContact,
   getAssistantContactMetadata,
   getChannelById,
   getContact,
@@ -42,7 +41,6 @@ import {
 import {
   BadRequestError,
   ConflictError,
-  ForbiddenError,
   NotFoundError,
 } from "./errors.js";
 import type { RouteDefinition, RouteHandlerArgs } from "./types.js";
@@ -154,17 +152,6 @@ function handleGetContact(contactId: string) {
   };
 }
 
-function handleDeleteContact(contactId: string) {
-  const result = deleteContact(contactId);
-  if (result === "not_found") {
-    throw new NotFoundError(`Contact "${contactId}" not found`);
-  }
-  if (result === "is_guardian") {
-    throw new ForbiddenError("Cannot delete a guardian contact");
-  }
-  return null;
-}
-
 // ---------------------------------------------------------------------------
 // Invite handlers (transport-agnostic)
 // ---------------------------------------------------------------------------
@@ -502,18 +489,6 @@ export const ROUTES: RouteDefinition[] = [
     handler: ({ pathParams }: RouteHandlerArgs) =>
       handleGetContact(pathParams!.id),
   },
-  {
-    operationId: "deleteContact",
-    endpoint: "contacts/:id",
-    method: "DELETE",
-    policyKey: "contacts",
-    summary: "Delete a contact",
-    description: "Delete a contact by ID.",
-    tags: ["contacts"],
-    responseStatus: "204",
-    handler: ({ pathParams }: RouteHandlerArgs) =>
-      handleDeleteContact(pathParams!.id),
-  },
   {
     operationId: "upsert_contact",
     endpoint: "contacts",

package/src/runtime/routes/conversation-query-routes.ts

@@ -22,7 +22,9 @@ import { z } from "zod";
 
 import {
   deepMergeOverwrite,
+  fillContextDefaultsForMissingKeys,
   getConfig,
+  getDeploymentContextDefaults,
   invalidateConfigCache,
   loadRawConfig,
   saveRawConfig,
@@ -312,9 +314,50 @@ async function handleSetEmbeddingConfig({ body }: RouteHandlerArgs) {
   }
 }
 
+/**
+ * Apply deployment-context defaults to a raw config payload before it goes
+ * out over the wire from `GET /v1/config`. The in-memory `loadConfig()`
+ * already layers these defaults for daemon-internal consumers; the GET
+ * response needs the same treatment so external clients (macOS, web, CLI)
+ * see the effective value rather than `undefined` when the daemon hasn't
+ * persisted an explicit choice yet. Without this, macOS's
+ * `loadServiceModes(config:)` short-circuits when `services.inference.mode`
+ * is missing and falls back to the SwiftUI `@Published` default of
+ * "your-own", which renders the wrong segment selection on freshly-hatched
+ * platform-managed assistants.
+ *
+ * Guards against `loadRawConfig()` handing us a value that is technically
+ * valid JSON but not a plain object (e.g. literal `null`, a number, or an
+ * array). `loadRawConfig` is typed `Record<string, unknown>` but `JSON.parse`
+ * itself doesn't enforce that — a malformed-but-parseable `config.json`
+ * would blow up `fillContextDefaultsForMissingKeys` on its `target[key]` /
+ * `fileConfig[key]` accesses, turning `GET /v1/config` into a 500 where it
+ * used to succeed (returning the malformed payload as-is). When `raw` is
+ * not a plain object, we return it unchanged.
+ *
+ * Exported for direct unit testing.
+ */
+export function applyContextDefaultsToRawConfig(raw: unknown): unknown {
+  const contextDefaults = getDeploymentContextDefaults();
+  if (
+    Object.keys(contextDefaults).length === 0 ||
+    raw === null ||
+    typeof raw !== "object" ||
+    Array.isArray(raw)
+  ) {
+    return raw;
+  }
+  fillContextDefaultsForMissingKeys(
+    raw as Record<string, unknown>,
+    raw as Record<string, unknown>,
+    contextDefaults,
+  );
+  return raw;
+}
+
 function handleGetConfig() {
   try {
-    return loadRawConfig();
+    return applyContextDefaultsToRawConfig(loadRawConfig());
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
     throw new InternalError(`Failed to read config: ${message}`);

package/src/runtime/routes/conversation-routes.ts

@@ -39,6 +39,7 @@ import {
   resolveSlash,
 } from "../../daemon/conversation-slash.js";
 import { getOrCreateConversation as getOrCreateConversationInstance } from "../../daemon/conversation-store.js";
+import { canonicalizeTimeZone } from "../../daemon/date-context.js";
 import {
   getCannedFirstGreeting,
   isWakeUpGreeting,
@@ -86,6 +87,8 @@ import {
   getOrCreateConversation,
 } from "../../memory/conversation-key-store.js";
 import { searchConversations } from "../../memory/conversation-queries.js";
+import { normalizeOnboardingContext } from "../../prompts/normalize-onboarding.js";
+import { writeOnboardingSection } from "../../prompts/persona-resolver.js";
 import { getConfiguredProvider } from "../../providers/provider-send-message.js";
 import type { Provider } from "../../providers/types.js";
 import { checkIngressForSecrets } from "../../security/secret-ingress.js";
@@ -999,7 +1002,7 @@ function mergeConsecutiveAssistantMessages(messages: MessageRow[]): {
 /**
  * Persist the pre-chat onboarding payload to disk.
  *
- * Runs only on the very first message of a fresh conversation. Three
+ * Runs only on the very first message of a fresh conversation. Four
  * artifacts are produced:
  *
  *   1. `data/onboarding-context.json` — sidecar read by the
@@ -1007,12 +1010,15 @@ function mergeConsecutiveAssistantMessages(messages: MessageRow[]): {
  *      the pure-recomputation write cycle (every turn boundary rebuilds
  *      facts from markdown; the sidecar is the durable source for the
  *      tool/task/tone chips).
- *   2. `IDENTITY.md` / `USER.md` — persona seed files, only written
- *      when missing so we never clobber existing content. These feed
- *      the system prompt and the relationship-state writer's
- *      `parseIdentity` / `parseUserName` helpers after a daemon
- *      restart when the in-memory onboarding context is gone.
- *   3. `data/relationship-state.json` — kicked off fire-and-forget so
+ *   2. `IDENTITY.md` — assistant persona seed file, only written when
+ *      missing so we never clobber existing content. Feeds the system
+ *      prompt and the relationship-state writer's `parseIdentity`
+ *      helper after a daemon restart when the in-memory onboarding
+ *      context is gone.
+ *   3. Onboarding section in the guardian persona file — written via
+ *      `writeOnboardingSection`, which handles the user's preferred
+ *      name (with fallback to root `USER.md`).
+ *   4. `data/relationship-state.json` — kicked off fire-and-forget so
  *      the Home page can populate immediately on first visit instead
  *      of waiting for the first agent-turn boundary.
  *
@@ -1057,25 +1063,11 @@ export function persistOnboardingArtifacts(onboarding: {
     }
   }
 
-  const userName = onboarding.userName?.trim();
-  if (userName) {
-    const userPath = getWorkspacePromptPath("USER.md");
-    try {
-      if (existsSync(userPath)) {
-        const content = readFileSync(userPath, "utf-8");
-        const updated = content.replace(
-          /^- (?:\*\*)?Name:(?:\*\*)?\s*.*$/m,
-          () => `- **Name:** ${userName}`,
-        );
-        if (updated !== content) {
-          writeFileSync(userPath, updated, "utf-8");
-        }
-      } else {
-        writeFileSync(userPath, `# User\n\n- **Name:** ${userName}\n`, "utf-8");
-      }
-    } catch (err) {
-      log.warn({ err, userPath }, "Failed to seed USER.md from onboarding");
-    }
+  try {
+    const normalized = normalizeOnboardingContext(onboarding);
+    writeOnboardingSection(normalized);
+  } catch (err) {
+    log.warn({ err }, "Failed to write onboarding section to persona file");
   }
 
   void writeRelationshipState().catch((err) => {
@@ -1104,6 +1096,7 @@ export async function handleSendMessage(
     bypassSecretCheck?: boolean;
     hostHomeDir?: string;
     hostUsername?: string;
+    clientTimezone?: unknown;
     clientId?: string;
     clientMessageId?: string;
     inferenceProfile?: string | null;
@@ -1183,6 +1176,10 @@ export async function handleSendMessage(
       )}`,
     );
   }
+  const clientTimezone =
+    typeof body.clientTimezone === "string"
+      ? (canonicalizeTimeZone(body.clientTimezone) ?? undefined)
+      : undefined;
 
   // When conversationKey is omitted, derive a stable default from
   // sourceChannel + sourceInterface so that repeated calls from the same
@@ -1302,10 +1299,12 @@ export async function handleSendMessage(
         interfaceId: sourceInterface,
         hostHomeDir: body.hostHomeDir,
         hostUsername: body.hostUsername,
+        ...(clientTimezone ? { clientTimezone } : {}),
       } satisfies HostProxyTransportMetadata)
     : ({
         channelId: sourceChannel,
         interfaceId: sourceInterface,
+        ...(clientTimezone ? { clientTimezone } : {}),
       } satisfies NonHostProxyTransportMetadata);
 
   const conversation = await smDeps.getOrCreateConversation(
@@ -1991,6 +1990,13 @@ async function generateLlmSuggestion(
   // prefill-safe model. Keep `stop_sequences: ["</reply>"]` as an
   // early-termination hint; the parser below handles both tagged and
   // untagged responses so untagged "casual answer" replies still work.
+  //
+  // Force `thinking: disabled` + `effort: none` so the call works on any
+  // user profile — including thinking-enabled profiles (Opus 4.x at
+  // `effort: high|xhigh`, etc.) where Anthropic 400s on `temperature` ≠ 1
+  // when thinking is enabled or in adaptive mode. A 60-token reply chip
+  // doesn't benefit from extended thinking anyway, and burning thinking
+  // tokens here would be wasteful.
   const response = await provider.sendMessage(
     [{ role: "user", content: [{ type: "text", text: userPrompt }] }],
     [], // no tools
@@ -2001,6 +2007,8 @@ async function generateLlmSuggestion(
         max_tokens: 60,
         stop_sequences: ["</reply>"],
         temperature: 0.7,
+        thinking: { type: "disabled" },
+        effort: "none",
       },
     },
   );
@@ -2274,6 +2282,7 @@ export const ROUTES: RouteDefinition[] = [
         .optional(),
       conversationType: z.string().optional(),
       slashCommand: z.string().optional(),
+      clientTimezone: z.string().optional(),
       inferenceProfile: z.string().nullable().optional(),
       riskThreshold: z.enum(VALID_RISK_THRESHOLDS).optional(),
     }),