npm - @vellumai/assistant - Versions diffs - 0.7.3 → 0.8.0 - Mend

@vellumai/assistant 0.7.3 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/ARCHITECTURE.md +29 -28
package/Dockerfile +1 -0
package/__tests__/permissions/gateway-threshold-reader.test.ts +236 -9
package/bun.lock +3 -0
package/knip.json +1 -0
package/node_modules/@vellumai/ipc-server-utils/bun.lock +24 -0
package/node_modules/@vellumai/ipc-server-utils/package.json +18 -0
package/node_modules/@vellumai/ipc-server-utils/src/index.ts +6 -0
package/node_modules/@vellumai/ipc-server-utils/src/socket-watchdog.test.ts +430 -0
package/node_modules/@vellumai/ipc-server-utils/src/socket-watchdog.ts +221 -0
package/node_modules/@vellumai/ipc-server-utils/tsconfig.json +20 -0
package/openapi.yaml +22 -4
package/package.json +3 -1
package/src/__tests__/annotate-risk-options.test.ts +291 -0
package/src/__tests__/approval-cascade.test.ts +8 -16
package/src/__tests__/approval-routes-http.test.ts +6 -0
package/src/__tests__/auto-analysis-end-to-end.test.ts +12 -25
package/src/__tests__/call-constants.test.ts +10 -1
package/src/__tests__/call-controller.test.ts +127 -0
package/src/__tests__/cli-memory-v2-reembed-skills.test.ts +58 -28
package/src/__tests__/config-loader-platform-defaults.test.ts +284 -1
package/src/__tests__/context-search-memory-source.test.ts +3 -26
package/src/__tests__/context-search-pkb-source.test.ts +12 -6
package/src/__tests__/conversation-abort-tool-results.test.ts +1 -6
package/src/__tests__/conversation-agent-loop-inference-profile.test.ts +1 -1
package/src/__tests__/conversation-agent-loop-overflow.test.ts +1 -1
package/src/__tests__/conversation-agent-loop.test.ts +3 -3
package/src/__tests__/conversation-confirmation-signals.test.ts +5 -13
package/src/__tests__/conversation-init.benchmark.test.ts +1 -1
package/src/__tests__/conversation-process-callsite.test.ts +1 -6
package/src/__tests__/conversation-provider-retry-repair.test.ts +1 -6
package/src/__tests__/conversation-runtime-assembly.test.ts +15 -6
package/src/__tests__/conversation-slash-unknown.test.ts +1 -6
package/src/__tests__/conversation-surfaces-action-delivery.test.ts +170 -9
package/src/__tests__/conversation-surfaces-data-persist.test.ts +73 -1
package/src/__tests__/conversation-tool-setup-app-refresh.test.ts +59 -0
package/src/__tests__/conversation-workspace-injection.test.ts +1 -7
package/src/__tests__/conversation-workspace-tool-tracking.test.ts +1 -7
package/src/__tests__/filing-service.test.ts +2 -19
package/src/__tests__/handlers-skills-memory-v2-reseed.test.ts +10 -26
package/src/__tests__/injector-chain.test.ts +24 -16
package/src/__tests__/injector-pkb-v2-silenced.test.ts +10 -7
package/src/__tests__/lifecycle-memory-v2-seed.test.ts +154 -67
package/src/__tests__/notification-decision-fallback.test.ts +91 -0
package/src/__tests__/notification-decision-strategy.test.ts +22 -0
package/src/__tests__/oauth-cli.test.ts +121 -0
package/src/__tests__/relay-server.test.ts +46 -2
package/src/__tests__/secret-prompt-log-hygiene.test.ts +7 -5
package/src/__tests__/secret-prompter-channel-fallback.test.ts +7 -5
package/src/__tests__/secret-response-routing.test.ts +7 -5
package/src/__tests__/server-history-render.test.ts +82 -0
package/src/__tests__/skill-include-graph.test.ts +31 -0
package/src/__tests__/skill-load-tool.test.ts +44 -16
package/src/__tests__/skills.test.ts +39 -0
package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +0 -42
package/src/__tests__/tool-executor.test.ts +155 -0
package/src/__tests__/voice-session-bridge.test.ts +3 -0
package/src/__tests__/workspace-migration-069-seed-onboarding-threads.test.ts +120 -0
package/src/__tests__/workspace-migration-071-remove-safe-storage-release-note.test.ts +206 -0
package/src/__tests__/workspace-migration-safe-storage-limits-release.test.ts +15 -27
package/src/agent/loop.ts +11 -0
package/src/approvals/guardian-decision-primitive.ts +0 -13
package/src/approvals/guardian-request-resolvers.ts +4 -32
package/src/calls/call-constants.ts +5 -8
package/src/calls/call-controller.ts +130 -67
package/src/calls/relay-server.ts +7 -1
package/src/calls/voice-session-bridge.ts +1 -1
package/src/cli/commands/memory-v2.ts +7 -7
package/src/cli/commands/oauth/__tests__/connect.test.ts +0 -254
package/src/cli/commands/oauth/connect.ts +10 -52
package/src/config/bundled-skills/app-builder/SKILL.md +1 -3
package/src/config/feature-flag-registry.json +1 -17
package/src/config/loader.ts +72 -19
package/src/config/schemas/memory-v2.ts +1 -1
package/src/daemon/__tests__/conversation-lifecycle-auto-analyze.test.ts +32 -0
package/src/daemon/conversation-agent-loop-handlers.ts +32 -0
package/src/daemon/conversation-agent-loop.ts +13 -10
package/src/daemon/conversation-lifecycle.ts +22 -8
package/src/daemon/conversation-surfaces.ts +16 -14
package/src/daemon/conversation-tool-setup.ts +9 -5
package/src/daemon/conversation.ts +1 -1
package/src/daemon/handlers/shared.ts +26 -0
package/src/daemon/host-bash-proxy.ts +1 -1
package/src/daemon/host-browser-proxy.ts +1 -1
package/src/daemon/host-cu-proxy.ts +1 -1
package/src/daemon/host-file-proxy.ts +1 -1
package/src/daemon/host-transfer-proxy.ts +2 -2
package/src/daemon/lifecycle.ts +88 -73
package/src/daemon/memory-v2-startup.ts +55 -14
package/src/daemon/message-types/messages.ts +19 -1
package/src/documents/document-store.ts +35 -1
package/src/filing/filing-service.ts +2 -3
package/src/heartbeat/heartbeat-service.ts +1 -1
package/src/ipc/assistant-server.ts +93 -36
package/src/ipc/skill-server.ts +99 -42
package/src/memory/__tests__/jobs-worker-v2-schedule.test.ts +10 -57
package/src/memory/context-search/sources/memory-v2.ts +1 -17
package/src/memory/context-search/sources/memory.ts +2 -2
package/src/memory/context-search/sources/pkb.ts +2 -3
package/src/memory/graph/__tests__/conversation-graph-memory-v2-routing.test.ts +104 -61
package/src/memory/graph/__tests__/handle-remember-v2.test.ts +11 -26
package/src/memory/graph/conversation-graph-memory.ts +32 -9
package/src/memory/graph/graph-search.test.ts +6 -5
package/src/memory/graph/graph-search.ts +3 -4
package/src/memory/graph/retriever.test.ts +12 -7
package/src/memory/graph/retriever.ts +4 -5
package/src/memory/graph/tool-handlers.ts +3 -4
package/src/memory/graph/tools.ts +4 -4
package/src/memory/indexer.ts +1 -2
package/src/memory/jobs/__tests__/embed-concept-page.test.ts +116 -0
package/src/memory/jobs/embed-concept-page.ts +223 -87
package/src/memory/jobs-worker.ts +8 -4
package/src/memory/pkb/pkb-search.test.ts +6 -5
package/src/memory/pkb/pkb-search.ts +4 -5
package/src/memory/qdrant-client.ts +3 -0
package/src/memory/search/semantic.ts +4 -5
package/src/memory/v2/__tests__/activation.test.ts +35 -5
package/src/memory/v2/__tests__/consolidation-job.test.ts +21 -32
package/src/memory/v2/__tests__/injection.test.ts +140 -23
package/src/memory/v2/__tests__/qdrant.test.ts +310 -9
package/src/memory/v2/__tests__/sim.test.ts +118 -7
package/src/memory/v2/__tests__/static-context.test.ts +1 -13
package/src/memory/v2/__tests__/sweep-job.test.ts +19 -33
package/src/memory/v2/consolidation-job.ts +7 -8
package/src/memory/v2/injection.ts +32 -12
package/src/memory/v2/page-store.ts +39 -0
package/src/memory/v2/prompts/consolidation.ts +5 -0
package/src/memory/v2/qdrant.ts +209 -48
package/src/memory/v2/sim.ts +67 -26
package/src/memory/v2/static-context.ts +4 -8
package/src/memory/v2/sweep-job.ts +5 -6
package/src/memory/v2/types.ts +7 -0
package/src/notifications/copy-composer.ts +46 -12
package/src/notifications/decision-engine.ts +46 -0
package/src/permissions/gateway-threshold-reader.ts +116 -8
package/src/permissions/prompter.ts +86 -96
package/src/permissions/secret-prompter.ts +31 -31
package/src/plugins/defaults/injectors.ts +1 -2
package/src/proactive-artifact/job.test.ts +51 -4
package/src/proactive-artifact/job.ts +16 -2
package/src/proactive-artifact/message-copy.ts +18 -1
package/src/prompts/templates/SOUL.md +13 -28
package/src/runtime/auth/route-policy.ts +1 -0
package/src/runtime/channel-approvals.ts +3 -2
package/src/runtime/guardian-reply-router.ts +0 -10
package/src/runtime/pending-interactions.ts +19 -15
package/src/runtime/routes/__tests__/memory-v2-routes.test.ts +147 -0
package/src/runtime/routes/approval-routes.ts +7 -3
package/src/runtime/routes/consolidation-routes.ts +8 -9
package/src/runtime/routes/conversation-query-routes.ts +44 -1
package/src/runtime/routes/debug-bash-routes.ts +2 -0
package/src/runtime/routes/filing-routes.ts +2 -3
package/src/runtime/routes/inbound-stages/guardian-reply-intercept.ts +0 -3
package/src/runtime/routes/memory-item-routes.test.ts +3 -9
package/src/runtime/routes/memory-item-routes.ts +5 -6
package/src/runtime/routes/memory-v2-routes.ts +103 -17
package/src/skills/include-graph.ts +35 -13
package/src/tools/document/document-tool.ts +20 -0
package/src/tools/executor.ts +18 -2
package/src/tools/memory/register.test.ts +7 -5
package/src/tools/permission-checker.ts +15 -0
package/src/tools/skills/load.ts +24 -20
package/src/tools/tool-name-aliases.ts +19 -0
package/src/tools/types.ts +19 -1
package/src/workspace/migrations/067-release-notes-safe-storage-limits.ts +4 -62
package/src/workspace/migrations/069-seed-onboarding-threads.ts +28 -0
package/src/workspace/migrations/070-memory-v2-summary-schema-rebuild.ts +31 -0
package/src/workspace/migrations/071-remove-safe-storage-release-note.ts +111 -0
package/src/workspace/migrations/registry.ts +6 -0

package/src/daemon/lifecycle.ts CHANGED Viewed

@@ -7,10 +7,7 @@ import { reconcileCallsOnStartup } from "../calls/call-recovery.js";
 import { setRelayBroadcast } from "../calls/relay-server.js";
 import { TwilioConversationRelayProvider } from "../calls/twilio-provider.js";
 import { setVoiceBridgeDeps } from "../calls/voice-session-bridge.js";
-import {
-  initFeatureFlagOverrides,
-  isAssistantFeatureFlagEnabled,
-} from "../config/assistant-feature-flags.js";
+import { initFeatureFlagOverrides } from "../config/assistant-feature-flags.js";
 import {
   getPlatformAssistantId,
   getRuntimeHttpHost,
@@ -117,7 +114,10 @@ import {
 } from "./guardian-action-generators.js";
 import { backfillSlackInjectionTemplates } from "./handlers/config-slack-channel.js";
 import { installAssistantSymlink } from "./install-symlink.js";
-import { maybeSeedMemoryV2Skills } from "./memory-v2-startup.js";
+import {
+  maybeRebuildMemoryV2Concepts,
+  maybeSeedMemoryV2Skills,
+} from "./memory-v2-startup.js";
 import { processMessage } from "./process-message.js";
 import { runProfilerSweep } from "./profiler-run-store.js";
 import {
@@ -318,21 +318,16 @@ export async function runDaemon(): Promise<void> {
     const signingKey = resolveSigningKey();
     initAuthSigningKey(signingKey);
-    // Pre-populate
-    // subsequent sync isAssistantFeatureFlagEnabled() calls have data.
-    // Fired non-blocking so a slow or unreachable gateway doesn't delay
-    // daemon startup (the IPC call has a 3s connect + 5s call timeout
-    // that would otherwise stall the critical path).
-    //
-    // On resolve, retry the v2 skill seed: the synchronous gate at the
-    // skill-seed call site below evaluates the memory-v2-enabled flag
-    // before the gateway has populated overrides, so a cold-boot race
-    // can leave the v2 skill collection unseeded for the lifetime of
-    // the daemon. seedV2SkillEntries is idempotent, so re-running after
-    // overrides land is safe.
-    void initFeatureFlagOverrides()
-      .then(() => maybeSeedMemoryV2Skills(loadConfig()))
-      .catch((err) => log.warn({ err }, "Background feature flag init failed"));
+    // Pre-populate feature flag overrides so subsequent sync
+    // isAssistantFeatureFlagEnabled() calls have data. Fired non-blocking
+    // so a slow or unreachable gateway doesn't delay daemon startup (the
+    // IPC call has a 3s connect + 5s call timeout that would otherwise
+    // stall the critical path).
+    void initFeatureFlagOverrides().catch((err) =>
+      log.warn({ err }, "Background feature flag init failed"),
+    );
+    maybeSeedMemoryV2Skills(loadConfig());
     seedInterfaceFiles();
@@ -741,64 +736,87 @@ export async function runDaemon(): Promise<void> {
       }
       if (qdrantStarted) {
-        try {
-          const embeddingSelection = await selectEmbeddingBackend(config);
-          // Sentinel only encodes the dense provider+model identity; sparse
-          // encoder changes never require collection recreation, so they
-          // intentionally do not contribute to the v1 collection identity.
-          const embeddingModel = embeddingSelection.backend
-            ? `${embeddingSelection.backend.provider}:${embeddingSelection.backend.model}`
-            : undefined;
-          const qdrantClient = initQdrantClient({
-            url: qdrantUrl,
-            collection: config.memory.qdrant.collection,
-            vectorSize: config.memory.qdrant.vectorSize,
-            onDisk: config.memory.qdrant.onDisk,
-            quantization: config.memory.qdrant.quantization,
-            embeddingModel,
-          });
+        // Skip the v1 Qdrant collection lifecycle when memory v2 is active —
+        // the v1 collection has no writers (handleRemember returns early) or
+        // readers (graph search is bypassed) under v2, so ensuring/migrating
+        // it just maintains a dead-on-arrival collection. Existing on-disk
+        // collections are left intact so flipping v2 off restores v1 cleanly.
+        if (!config.memory.v2.enabled) {
+          try {
+            const embeddingSelection = await selectEmbeddingBackend(config);
+            // Sentinel only encodes the dense provider+model identity; sparse
+            // encoder changes never require collection recreation, so they
+            // intentionally do not contribute to the v1 collection identity.
+            const embeddingModel = embeddingSelection.backend
+              ? `${embeddingSelection.backend.provider}:${embeddingSelection.backend.model}`
+              : undefined;
+            const qdrantClient = initQdrantClient({
+              url: qdrantUrl,
+              collection: config.memory.qdrant.collection,
+              vectorSize: config.memory.qdrant.vectorSize,
+              onDisk: config.memory.qdrant.onDisk,
+              quantization: config.memory.qdrant.quantization,
+              embeddingModel,
+            });
+            // Eagerly ensure the collection exists so we detect migrations
+            // (unnamed→named vectors, dimension/model changes) at startup.
+            // If a destructive migration occurred, enqueue a rebuild_index job
+            // to re-embed all memory items from the SQLite cache.
+            const { migrated } = await qdrantClient.ensureCollection();
+            if (migrated) {
+              enqueueMemoryJob("rebuild_index", {});
+              log.info(
+                "Qdrant collection was migrated — enqueued rebuild_index job",
+              );
+            }
-          // Eagerly ensure the collection exists so we detect migrations
-          // (unnamed→named vectors, dimension/model changes) at startup.
-          // If a destructive migration occurred, enqueue a rebuild_index job
-          // to re-embed all memory items from the SQLite cache.
-          const { migrated } = await qdrantClient.ensureCollection();
-          if (migrated) {
-            enqueueMemoryJob("rebuild_index", {});
-            log.info(
-              "Qdrant collection was migrated — enqueued rebuild_index job",
+            log.info("Qdrant vector store initialized");
+          } catch (err) {
+            log.warn(
+              { err },
+              "Qdrant client initialization failed — memory features will be degraded",
             );
           }
+        }
-          log.info("Qdrant vector store initialized");
+        // Detect schema drift on the v2 concept-page collection (e.g.
+        // pre-#29823 collections lacking summary_dense / summary_sparse) and
+        // recreate + enqueue a reembed when needed. Awaited inline so the
+        // reembed enqueue happens before the memory worker drains its first
+        // batch; the call's own try/catch keeps any v2-side failure from
+        // blocking the v1 PKB reconcile or BM25 build below.
+        try {
+          await maybeRebuildMemoryV2Concepts(config);
         } catch (err) {
           log.warn(
             { err },
-            "Qdrant client initialization failed — memory features will be degraded",
+            "Memory v2 collection schema check threw — continuing startup",
           );
         }
-        // Reconcile the PKB Qdrant index against the on-disk tree. Kept
-        // inside the `qdrantStarted` guard so we don't call
-        // `getQdrantClient()` (which throws "not initialized") on every
-        // startup when Qdrant is unavailable. Fire-and-forget so enqueued
-        // re-index jobs drain in the background and first-turn latency
-        // stays unaffected.
-        void (async () => {
-          try {
-            const { reconcilePkbIndex } =
-              await import("../memory/pkb/pkb-reconcile.js");
-            const { PKB_WORKSPACE_SCOPE } =
-              await import("../memory/pkb/types.js");
-            const pkbRoot = join(getWorkspaceDir(), "pkb");
-            await reconcilePkbIndex(pkbRoot, PKB_WORKSPACE_SCOPE);
-          } catch (err) {
-            log.warn(
-              { err },
-              "PKB index reconciliation failed — continuing startup",
-            );
-          }
-        })();
+        // Reconcile the PKB Qdrant index against the on-disk tree. Gated on
+        // !v2 because PKB is the v1 storage layer; under v2 the v1 collection
+        // is not initialized, so calling `getQdrantClient()` here would throw.
+        // Fire-and-forget so enqueued re-index jobs drain in the background
+        // and first-turn latency stays unaffected.
+        if (!config.memory.v2.enabled) {
+          void (async () => {
+            try {
+              const { reconcilePkbIndex } =
+                await import("../memory/pkb/pkb-reconcile.js");
+              const { PKB_WORKSPACE_SCOPE } =
+                await import("../memory/pkb/types.js");
+              const pkbRoot = join(getWorkspaceDir(), "pkb");
+              await reconcilePkbIndex(pkbRoot, PKB_WORKSPACE_SCOPE);
+            } catch (err) {
+              log.warn(
+                { err },
+                "PKB index reconciliation failed — continuing startup",
+              );
+            }
+          })();
+        }
         // Build the BM25 corpus stats (per-token document frequencies and
         // average document length) used by the v2 sparse channel. Without
@@ -1283,14 +1301,11 @@ export async function runDaemon(): Promise<void> {
       log.warn({ err }, "Proactive artifact backfill failed");
     }
-    // Filing yields to the memory v2 consolidation job when the flag is on —
+    // Filing yields to the memory v2 consolidation job when v2 is enabled —
     // both serve the same role (periodic background memory processing) and
     // running both is redundant. The consolidation job runs through the
     // memory jobs worker (see `maybeEnqueueGraphMaintenanceJobs`).
-    const memoryV2Enabled = isAssistantFeatureFlagEnabled(
-      "memory-v2-enabled",
-      config,
-    );
+    const memoryV2Enabled = config.memory.v2.enabled;
     let filing: FilingService | null = null;
     if (!memoryV2Enabled) {
       const filingConfig = config.filing;

package/src/daemon/memory-v2-startup.ts CHANGED Viewed

@@ -6,9 +6,9 @@
 // startup work invoked from `lifecycle.ts`. Lives in its own file so the unit
 // test for the gate does not have to mount the entire lifecycle import graph.
-import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import type { AssistantConfig } from "../config/schema.js";
 import { getLogger } from "../util/logger.js";
+import { getWorkspaceDir } from "../util/platform.js";
 const log = getLogger("memory-v2-startup");
@@ -16,21 +16,12 @@ const log = getLogger("memory-v2-startup");
  * Fire-and-forget seed of the v2 skill entries (now indexed alongside concept
  * pages in `memory_v2_concept_pages` under the `skills/<id>` slug prefix), and
  * a one-shot best-effort cleanup of the legacy `memory_v2_skills` Qdrant
- * collection. Gated on both the `memory-v2-enabled` feature flag and the
- * workspace-level `config.memory.v2.enabled` switch so v2 modules stay out of
- * the v1 startup path when v2 is off.
- *
- * Uses a dynamic import so v2 code does not load unless the gate passes.
- * Never awaits — startup must not block on this (see `assistant/CLAUDE.md`
- * daemon startup philosophy).
+ * collection. Uses a dynamic import so v2 code does not load unless the gate
+ * passes. Never awaits — startup must not block on this (see
+ * `assistant/CLAUDE.md` daemon startup philosophy).
  */
 export function maybeSeedMemoryV2Skills(config: AssistantConfig): void {
-  if (
-    !isAssistantFeatureFlagEnabled("memory-v2-enabled", config) ||
-    !config.memory.v2.enabled
-  ) {
-    return;
-  }
+  if (!config.memory.v2.enabled) return;
   void import("../memory/v2/skill-store.js")
     .then(({ seedV2SkillEntries }) => seedV2SkillEntries())
     .catch((err) => log.warn({ err }, "Failed to seed v2 skill entries"));
@@ -43,3 +34,53 @@ export function maybeSeedMemoryV2Skills(config: AssistantConfig): void {
       ),
     );
 }
+/**
+ * Reconcile the v2 concept-page Qdrant collection with the expected schema
+ * and enqueue `memory_v2_reembed` when the collection is missing data.
+ * Triggers reembed in two cases:
+ *  - Drift: `ensureConceptPageCollection` returned `{ migrated: true }`
+ *    after destructively recreating the collection (e.g. pre-#29823
+ *    schemas lacking `summary_*` named vectors).
+ *  - Empty-after-create: the collection has zero points but pages exist on
+ *    disk — covers crash-mid-rebuild and external Qdrant wipes.
+ *
+ * Awaited inline by `lifecycle.ts` so the enqueue happens before the memory
+ * worker drains its first batch; the body is wrapped in try/catch so a v2
+ * failure never blocks startup.
+ */
+export async function maybeRebuildMemoryV2Concepts(
+  config: AssistantConfig,
+): Promise<void> {
+  if (!config.memory.v2.enabled) return;
+  try {
+    const { ensureConceptPageCollection, countConceptPagePoints } =
+      await import("../memory/v2/qdrant.js");
+    const { hasConceptPages } = await import("../memory/v2/page-store.js");
+    const { enqueueMemoryJob } = await import("../memory/jobs-store.js");
+    const { migrated } = await ensureConceptPageCollection();
+    let shouldReembed = migrated;
+    if (!shouldReembed) {
+      const points = await countConceptPagePoints();
+      if (points === 0 && (await hasConceptPages(getWorkspaceDir()))) {
+        shouldReembed = true;
+      }
+    }
+    if (shouldReembed) {
+      const jobId = enqueueMemoryJob("memory_v2_reembed", {});
+      log.info(
+        { jobId, collectionMigrated: migrated },
+        "Memory v2 collection rebuild required — enqueued reembed job",
+      );
+    }
+  } catch (err) {
+    log.warn(
+      { err },
+      "Memory v2 collection schema check failed — continuing startup; v2 retrieval may be degraded",
+    );
+  }
+}

package/src/daemon/message-types/messages.ts CHANGED Viewed

@@ -147,8 +147,26 @@ export interface ToolResult {
   matchedTrustRuleId?: string;
   /** Whether the daemon is running in a containerized (Docker) environment. */
   isContainerized?: boolean;
-  /** Scope options ladder for the rule editor modal (narrowest to broadest). */
+  /**
+   * Display-only ladder of scope option labels for the rule editor
+   * (narrowest to broadest). The `pattern` here is regex-style and is
+   * NOT a valid trust rule pattern. Clients must use
+   * `riskAllowlistOptions` for the pattern that gets saved.
+   */
   riskScopeOptions?: Array<{ pattern: string; label: string }>;
+  /**
+   * Allowlist options for the rule editor save path (narrowest to
+   * broadest). Each `pattern` is a Minimatch-glob compatible string —
+   * what the gateway actually matches against. Mirrors the
+   * `allowlistOptions` field on `ConfirmationRequest`. May be absent
+   * for tools whose classifier does not produce an allowlist (e.g.
+   * web-risk classifier, MCP tools without classifier coverage).
+   */
+  riskAllowlistOptions?: Array<{
+    label: string;
+    description: string;
+    pattern: string;
+  }>;
   /** Directory scope ladder for the rule editor modal (narrowest to broadest). */
   riskDirectoryScopeOptions?: Array<{ scope: string; label: string }>;
   /** How the approval decision was reached: prompted, auto, blocked, or unknown (legacy). */

package/src/documents/document-store.ts CHANGED Viewed

@@ -5,7 +5,7 @@
  * background jobs (e.g. proactive artifact generation) can persist documents
  * without going through the HTTP layer.
  */
-import { rawRun } from "../memory/raw-query.js";
+import { rawGet, rawRun } from "../memory/raw-query.js";
 import { getLogger } from "../util/logger.js";
 const log = getLogger("document-store");
@@ -83,3 +83,37 @@ export function saveDocument(params: {
     };
   }
 }
+/** Update persisted document content (append or replace). */
+export function updateDocumentContent(
+  surfaceId: string,
+  markdown: string,
+  mode: string,
+): void {
+  try {
+    const existing = rawGet<{ content: string }>(
+      /*sql*/ `SELECT content FROM documents WHERE surface_id = ?`,
+      surfaceId,
+    );
+    if (!existing) {
+      log.info({ surfaceId }, "No persisted document to update");
+      return;
+    }
+    const sep = mode === "append" && existing.content.length > 0 ? "\n\n" : "";
+    const newContent =
+      mode === "append" ? existing.content + sep + markdown : markdown;
+    const wordCount = newContent
+      .split(/\s+/)
+      .filter((w) => w.length > 0).length;
+    rawRun(
+      /*sql*/ `UPDATE documents SET content = ?, word_count = ?, updated_at = ? WHERE surface_id = ?`,
+      newContent,
+      wordCount,
+      Date.now(),
+      surfaceId,
+    );
+    log.info({ surfaceId, mode }, "Updated document content");
+  } catch (error) {
+    log.error({ err: error, surfaceId }, "Document content update error");
+  }
+}

package/src/filing/filing-service.ts CHANGED Viewed

@@ -1,7 +1,6 @@
 import { existsSync, readFileSync } from "node:fs";
 import { join } from "node:path";
-import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import { getConfig } from "../config/loader.js";
 import type { LLMCallSite } from "../config/schemas/llm.js";
 import {
@@ -115,8 +114,8 @@ export class FilingService {
   start(): void {
     const fullConfig = getConfig();
-    if (isAssistantFeatureFlagEnabled("memory-v2-enabled", fullConfig)) {
-      log.info("Filing service disabled — memory v2 flag is set");
+    if (fullConfig.memory.v2.enabled) {
+      log.info("Filing service disabled — memory v2 is active");
       this._nextRunAt = null;
       this._nextCompactionAt = null;
       return;

package/src/heartbeat/heartbeat-service.ts CHANGED Viewed

@@ -882,7 +882,7 @@ Do NOT attempt to use tools for these providers — they will fail. Skip any che
     prompt += `\n\n<heartbeat-disposition>
 This heartbeat runs frequently. Do not manufacture a report just because it ran.
 If there is nothing genuinely useful, actionable, or interesting to surface, keep the response brief and end with HEARTBEAT_OK.
-If there is something worth interrupting the guardian for, write a concise guardian-facing note first: what happened, why it matters, and the recommended next step. Then end with HEARTBEAT_ALERT. That note may be used as notification copy.
+If there is something worth interrupting the guardian for, write a concise guardian-facing note first: what happened, why it matters, and the recommended next step. Address the guardian directly as "you"; do not write instructions to yourself or another intermediary. Then end with HEARTBEAT_ALERT. That note may be used as notification copy.
 After completing your review, end your response with one of:
 - HEARTBEAT_OK — if everything looks good, no action needed
 - HEARTBEAT_ALERT — if you found issues that need attention (describe them before this marker)

package/src/ipc/assistant-server.ts CHANGED Viewed

@@ -28,9 +28,13 @@
  * back to a shorter deterministic path so CLI commands can still connect.
  */
-import { existsSync, mkdirSync, unlinkSync } from "node:fs";
+import { existsSync, unlinkSync } from "node:fs";
 import { createServer, type Server, type Socket } from "node:net";
-import { dirname } from "node:path";
+import {
+  ensureSocketDir,
+  SocketWatchdog,
+} from "@vellumai/ipc-server-utils";
 import { findLocalGuardianPrincipalId } from "../runtime/local-actor-identity.js";
 import { RouteError } from "../runtime/routes/errors.js";
@@ -130,13 +134,29 @@ function isIpcBinaryResponse(value: unknown): value is IpcBinaryResponse {
 // Server
 // ---------------------------------------------------------------------------
+/** Optional configuration for {@link AssistantIpcServer}. */
+export interface AssistantIpcServerOptions {
+  /**
+   * How often the socket-file watchdog stats the listening socket path.
+   * Set to `0` to disable. Defaults to {@link SocketWatchdog}'s 5000ms.
+   */
+  watchdogIntervalMs?: number;
+}
 export class AssistantIpcServer {
   private server: Server | null = null;
   private clients = new Set<Socket>();
   private methods = new Map<string, RouteDefinition["handler"]>();
   private socketPath: string;
+  private watchdog: SocketWatchdog;
+  /**
+   * Servers whose listener path has been replaced by a re-bind. Kept around
+   * so already-connected sockets continue to work; closed gracefully once
+   * their accept loops drain.
+   */
+  private legacyServers = new Set<Server>();
-  constructor() {
+  constructor(options?: AssistantIpcServerOptions) {
     const resolution = resolveIpcSocketPath("assistant");
     this.socketPath = resolution.path;
     log.info(
@@ -154,62 +174,55 @@ export class AssistantIpcServer {
     this.methods.set("db_proxy", (params) =>
       handleDbProxy(params as unknown as DbProxyParams),
     );
+    this.watchdog = new SocketWatchdog({
+      socketPath: this.socketPath,
+      intervalMs: options?.watchdogIntervalMs,
+      getServer: () => this.server,
+      createServer: () => this.createListeningServer(),
+      onRebind: (newServer, oldServer) => {
+        this.server = newServer;
+        this.legacyServers.add(oldServer);
+        oldServer.close(() => {
+          this.legacyServers.delete(oldServer);
+        });
+      },
+      log,
+    });
   }
   /** Start listening on the Unix domain socket. */
   async start(): Promise<void> {
     // Ensure the parent directory exists before listening.
-    const socketDir = dirname(this.socketPath);
-    if (!existsSync(socketDir)) {
-      mkdirSync(socketDir, { recursive: true, mode: 0o700 });
-    }
+    ensureSocketDir(this.socketPath);
     // Probe before unlink so a second daemon can't silently orphan an active
     // listener (Unix lets you unlink a still-bound socket file). See
     // `ensureSocketPathFree` for the behavior matrix.
     await ensureSocketPathFree(this.socketPath);
-    this.server = createServer((socket) => {
-      this.clients.add(socket);
-      log.debug("IPC client connected");
-      const reader = new IpcFrameReader(
-        (envelope, binary) =>
-          this.handleEnvelope(socket, reader, envelope, binary),
-        (err) => log.warn({ err }, "IPC frame read error"),
-      );
-      socket.on("data", (chunk) => {
-        reader.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
-      });
-      socket.on("close", () => {
-        this.clients.delete(socket);
-        log.debug("IPC client disconnected");
-      });
-      socket.on("error", (err) => {
-        log.warn({ err }, "IPC client socket error");
-        this.clients.delete(socket);
-      });
-    });
-    this.server.on("error", (err) => {
-      log.error({ err }, "Assistant IPC server error");
-    });
+    this.server = this.createListeningServer();
     this.server.listen(this.socketPath, () => {
       log.info({ path: this.socketPath }, "Assistant IPC server listening");
     });
+    this.watchdog.start();
   }
   /** Stop the server and disconnect all clients. */
   stop(): void {
+    this.watchdog.stop();
     for (const client of this.clients) {
       if (!client.destroyed) client.destroy();
     }
     this.clients.clear();
+    for (const legacy of this.legacyServers) {
+      legacy.close();
+    }
+    this.legacyServers.clear();
     if (this.server) {
       this.server.close();
       this.server = null;
@@ -229,8 +242,52 @@ export class AssistantIpcServer {
     return this.socketPath;
   }
+  /**
+   * Re-bind the listening socket if its path entry is missing on disk.
+   *
+   * Public for tests so the watchdog can be exercised deterministically
+   * without waiting for the interval. Returns `true` when a re-bind was
+   * performed, `false` otherwise.
+   */
+  async rebindIfMissing(): Promise<boolean> {
+    return this.watchdog.rebindIfMissing();
+  }
   // ── Internal ──────────────────────────────────────────────────────────
+  private createListeningServer(): Server {
+    const server = createServer((socket) => {
+      this.clients.add(socket);
+      log.debug("IPC client connected");
+      const reader = new IpcFrameReader(
+        (envelope, binary) =>
+          this.handleEnvelope(socket, reader, envelope, binary),
+        (err) => log.warn({ err }, "IPC frame read error"),
+      );
+      socket.on("data", (chunk) => {
+        reader.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+      });
+      socket.on("close", () => {
+        this.clients.delete(socket);
+        log.debug("IPC client disconnected");
+      });
+      socket.on("error", (err) => {
+        log.warn({ err }, "IPC client socket error");
+        this.clients.delete(socket);
+      });
+    });
+    server.on("error", (err) => {
+      log.error({ err }, "Assistant IPC server error");
+    });
+    return server;
+  }
   private handleEnvelope(
     socket: Socket,
     reader: IpcFrameReader,