@vellumai/assistant 0.7.3 → 0.8.0

package/src/calls/call-controller.ts

@@ -26,6 +26,7 @@ import type { TtsProvider, TtsProviderId } from "../tts/types.js";
 import { getLogger } from "../util/logger.js";
 import { createStreamingEntry } from "./audio-store.js";
 import {
+  getEndCallListenWindowMs,
   getMaxCallDurationMs,
   getSilenceTimeoutMs,
   getUserConsultationTimeoutMs,
@@ -37,6 +38,7 @@ import {
   registerCallController,
   unregisterCallController,
 } from "./call-state.js";
+import { isTerminalState } from "./call-state-machine.js";
 import {
   createPendingQuestion,
   expirePendingQuestions,
@@ -93,6 +95,7 @@ export class CallController {
   private currentTurnPromise: Promise<void> | null = null;
   private destroyed = false;
   private silenceTimer: ReturnType<typeof setTimeout> | null = null;
+  private endCallListenTimer: ReturnType<typeof setTimeout> | null = null;
   private durationTimer: ReturnType<typeof setTimeout> | null = null;
   private durationWarningTimer: ReturnType<typeof setTimeout> | null = null;
   /**
@@ -244,6 +247,8 @@ export class CallController {
     transcript: string,
     speaker?: PromptSpeakerContext,
   ): Promise<void> {
+    this.cancelPendingEndCall();
+
     const interruptedInFlight =
       this.state === "processing" || this.state === "speaking";
     // If we're already processing or speaking, abort the in-flight generation
@@ -295,6 +300,8 @@ export class CallController {
       return false;
     }
 
+    this.cancelPendingEndCall();
+
     // Clear the consultation timeout and record
     clearTimeout(this.pendingGuardianInput.timer);
     this.pendingGuardianInput = null;
@@ -326,6 +333,8 @@ export class CallController {
    * position once the current turn completes.
    */
   async handleUserInstruction(instructionText: string): Promise<void> {
+    this.cancelPendingEndCall();
+
     recordCallEvent(this.callSessionId, "user_instruction_relayed", {
       instruction: instructionText,
     });
@@ -408,6 +417,7 @@ export class CallController {
   destroy(): void {
     this.destroyed = true;
     if (this.silenceTimer) clearTimeout(this.silenceTimer);
+    if (this.endCallListenTimer) clearTimeout(this.endCallListenTimer);
     if (this.durationTimer) clearTimeout(this.durationTimer);
     if (this.durationWarningTimer) clearTimeout(this.durationWarningTimer);
     if (this.pendingGuardianInput) {
@@ -419,6 +429,7 @@ export class CallController {
       this.durationEndTimer = null;
     }
     this.pendingInstructions = [];
+    this.endCallListenTimer = null;
     this.llmRunVersion++;
     this.abortCurrentTurn();
     if (this.activeSynthesisAbort) {
@@ -1075,73 +1086,7 @@ export class CallController {
 
     // Check for END_CALL marker
     if (responseText.includes(END_CALL_MARKER)) {
-      // Clear any pending consultation before completing the call.
-      // Without this, the consultation timeout can fire on an already-ended
-      // call, overwriting 'completed' status back to 'in_progress' and
-      // starting a new LLM turn on a dead conversation. Similarly, a late
-      // handleUserAnswer could be accepted since pendingGuardianInput is
-      // still non-null.
-      if (this.pendingGuardianInput) {
-        clearTimeout(this.pendingGuardianInput.timer);
-
-        // Expire store-side consultation records so clients don't observe
-        // a completed call with a dangling pendingQuestion, and guardian
-        // replies are cleanly rejected instead of hitting answerCall failures.
-        expirePendingQuestions(this.callSessionId);
-        const previousRequest = getPendingCanonicalRequestByCallSessionId(
-          this.callSessionId,
-        );
-        if (previousRequest) {
-          expireCanonicalGuardianRequest(previousRequest.id);
-        }
-
-        this.pendingGuardianInput = null;
-      }
-
-      const currentSession = getCallSession(this.callSessionId);
-      const shouldNotifyCompletion = currentSession
-        ? currentSession.status !== "completed" &&
-          currentSession.status !== "failed" &&
-          currentSession.status !== "cancelled"
-        : false;
-
-      this.transport.endSession("Call completed");
-      updateCallSession(this.callSessionId, {
-        status: "completed",
-        endedAt: Date.now(),
-      });
-      recordCallEvent(this.callSessionId, "call_ended", {
-        reason: "completed",
-      });
-
-      // Notify the voice conversation
-      if (shouldNotifyCompletion && currentSession) {
-        finalizeCall(this.callSessionId, currentSession.conversationId);
-      }
-
-      // Post a pointer message in the initiating conversation
-      if (currentSession?.initiatedFromConversationId) {
-        const durationMs = currentSession.startedAt
-          ? Date.now() - currentSession.startedAt
-          : 0;
-        addPointerMessage(
-          currentSession.initiatedFromConversationId,
-          "completed",
-          currentSession.toNumber,
-          {
-            duration: durationMs > 0 ? formatDuration(durationMs) : undefined,
-          },
-        ).catch((err) => {
-          log.warn(
-            {
-              conversationId: currentSession.initiatedFromConversationId,
-              err,
-            },
-            "Skipping pointer write — origin conversation may no longer exist",
-          );
-        });
-      }
-      this.state = "idle";
+      this.scheduleEndCallAfterListenWindow();
       return;
     }
 
@@ -1153,6 +1098,124 @@ export class CallController {
     this.flushPendingInstructions();
   }
 
+  private scheduleEndCallAfterListenWindow(): void {
+    const currentSession = getCallSession(this.callSessionId);
+    if (currentSession && isTerminalState(currentSession.status)) {
+      this.state = "idle";
+      this.currentTurnHandle = null;
+      return;
+    }
+
+    const clearedPendingGuardianInput =
+      this.clearPendingGuardianInputForCallEnd();
+    this.state = "idle";
+    this.currentTurnHandle = null;
+
+    if (this.endCallListenTimer) {
+      clearTimeout(this.endCallListenTimer);
+      this.endCallListenTimer = null;
+    }
+
+    const listenWindowMs = getEndCallListenWindowMs();
+    const callContinues =
+      this.pendingInstructions.length > 0 || listenWindowMs > 0;
+    if (clearedPendingGuardianInput && callContinues) {
+      updateCallSession(this.callSessionId, { status: "in_progress" });
+    }
+
+    if (this.pendingInstructions.length > 0) {
+      this.flushPendingInstructions();
+      return;
+    }
+
+    if (listenWindowMs <= 0) {
+      this.completeCallFromEndMarker();
+      return;
+    }
+
+    this.resetSilenceTimer();
+    this.endCallListenTimer = setTimeout(() => {
+      this.endCallListenTimer = null;
+      this.completeCallFromEndMarker();
+    }, listenWindowMs);
+  }
+
+  private cancelPendingEndCall(): void {
+    if (!this.endCallListenTimer) return;
+    clearTimeout(this.endCallListenTimer);
+    this.endCallListenTimer = null;
+  }
+
+  private clearPendingGuardianInputForCallEnd(): boolean {
+    if (!this.pendingGuardianInput) return false;
+
+    clearTimeout(this.pendingGuardianInput.timer);
+
+    // Expire store-side consultation records so clients don't observe
+    // a completed call with a dangling pendingQuestion, and guardian
+    // replies are cleanly rejected instead of hitting answerCall failures.
+    expirePendingQuestions(this.callSessionId);
+    const previousRequest = getPendingCanonicalRequestByCallSessionId(
+      this.callSessionId,
+    );
+    if (previousRequest) {
+      expireCanonicalGuardianRequest(previousRequest.id);
+    }
+
+    this.pendingGuardianInput = null;
+    return true;
+  }
+
+  private completeCallFromEndMarker(): void {
+    if (this.destroyed) return;
+
+    const currentSession = getCallSession(this.callSessionId);
+    if (currentSession && isTerminalState(currentSession.status)) {
+      this.state = "idle";
+      return;
+    }
+
+    const shouldNotifyCompletion = !!currentSession;
+
+    this.transport.endSession("Call completed");
+    updateCallSession(this.callSessionId, {
+      status: "completed",
+      endedAt: Date.now(),
+    });
+    recordCallEvent(this.callSessionId, "call_ended", {
+      reason: "completed",
+    });
+
+    // Notify the voice conversation
+    if (shouldNotifyCompletion && currentSession) {
+      finalizeCall(this.callSessionId, currentSession.conversationId);
+    }
+
+    // Post a pointer message in the initiating conversation
+    if (currentSession?.initiatedFromConversationId) {
+      const durationMs = currentSession.startedAt
+        ? Date.now() - currentSession.startedAt
+        : 0;
+      addPointerMessage(
+        currentSession.initiatedFromConversationId,
+        "completed",
+        currentSession.toNumber,
+        {
+          duration: durationMs > 0 ? formatDuration(durationMs) : undefined,
+        },
+      ).catch((err) => {
+        log.warn(
+          {
+            conversationId: currentSession.initiatedFromConversationId,
+            err,
+          },
+          "Skipping pointer write — origin conversation may no longer exist",
+        );
+      });
+    }
+    this.state = "idle";
+  }
+
   private isExpectedAbortError(err: unknown): boolean {
     if (!(err instanceof Error)) return false;
     return err.name === "AbortError" || err.name === "APIUserAbortError";

package/src/calls/relay-server.ts

@@ -66,6 +66,8 @@ import {
 } from "./speaker-identification.js";
 
 const log = getLogger("relay-server");
+const UUID_SHAPED_NAME =
+  /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
 
 // ── ConversationRelay message types ──────────────────────────────────
 
@@ -1615,7 +1617,11 @@ export class RelayConnection {
   private resolveAssistantLabel(): string | null {
     try {
       const name = getAssistantName();
-      return name?.trim() || null;
+      const trimmedName = name?.trim();
+      if (!trimmedName || UUID_SHAPED_NAME.test(trimmedName)) {
+        return null;
+      }
+      return trimmedName;
     } catch {
       return null;
     }

package/src/calls/voice-session-bridge.ts

@@ -233,7 +233,7 @@ function buildVoiceCallControlPrompt(opts: {
       );
     } else {
       lines.push(
-        '7. If the latest user turn is "(call connected — deliver opening greeting)", this is an inbound call you are answering (not a call you initiated). Greet the caller warmly and ask how you can help. Introduce yourself once at the start using your assistant name if you know it (for example: "Hey there, this is Ava, Sam\'s assistant. How can I help?"). If your assistant name is not known, skip the name and just identify yourself as the guardian\'s assistant. Do NOT say "I\'m calling" or "I\'m calling on behalf of". Vary the wording; do not use a fixed template.',
+        '7. If the latest user turn is "(call connected — deliver opening greeting)", this is an inbound call you are answering (not a call you initiated). Greet the caller warmly and ask how you can help. Introduce yourself once at the start using your assistant name if you know it (for example: "Hey there, this is Ava, Sam\'s assistant. How can I help?"). If your assistant name is not known, skip the name and just identify yourself as the guardian\'s assistant. Never use a UUID-shaped internal assistant ID as your spoken name. Do NOT say "I\'m calling" or "I\'m calling on behalf of". Vary the wording; do not use a fixed template.',
       );
     }
     lines.push(

package/src/cli/commands/memory-v2.ts

@@ -25,9 +25,9 @@
  *     violation lists). Does not mutate the workspace.
  *
  * Lives alongside the existing v1 `memory` command rather than replacing it
- * so flipping `memory-v2-enabled` back to off fully re-engages the v1
- * pipeline. While the flag is on, v1 graph extraction/maintenance and PKB
- * filing are suppressed; v1 data stays in place but stops being updated.
+ * so flipping `memory.v2.enabled` back to false fully re-engages the v1
+ * pipeline. While v2 is on, v1 graph extraction/maintenance and PKB filing
+ * are suppressed; v1 data stays in place but stops being updated.
  */
 
 import type { Command } from "commander";
@@ -172,9 +172,9 @@ export function registerMemoryV2Command(program: Command): void {
     `
 The v2 subsystem replaces the v1 graph + PKB with prose concept pages,
 directed edges stored in each page's frontmatter, and activation-based
-retrieval. v2 stays gated behind the memory-v2-enabled feature flag —
+retrieval. v2 is gated behind the memory.v2.enabled config field —
 these subcommands remain useful operator tools regardless of whether
-the flag is on.
+v2 is currently active.
 
 Subcommands fall into three groups:
 
@@ -273,8 +273,8 @@ prefix). Useful after editing a skill's SKILL.md, after a feature-flag flip
 changes the enabled-skill set, or to recover corrupted skill embeddings.
 
 Unlike 'reembed' (concept pages), this runs synchronously inside the
-daemon — the command returns only once the seed completes. Requires both
-the memory-v2-enabled feature flag and memory.v2.enabled to be on.
+daemon — the command returns only once the seed completes. Requires
+memory.v2.enabled to be true.
 
 Examples:
   $ assistant memory v2 reembed-skills`,

package/src/cli/commands/oauth/__tests__/connect.test.ts

@@ -395,106 +395,6 @@ describe("assistant oauth connect", () => {
     );
   });
 
-  // -------------------------------------------------------------------------
-  // BYO mode with --no-browser: prints auth URL (deferred)
-  // -------------------------------------------------------------------------
-
-  test("BYO mode with --no-browser: prints auth URL", async () => {
-    mockGetProvider = () => ({
-      provider: "google",
-      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
-      tokenExchangeBodyFormat: "form",
-      managedServiceConfigKey: null,
-    });
-    mockIsManagedMode = () => false;
-
-    mockGetMostRecentAppByProvider = () => ({
-      id: "app-1",
-      clientId: "byo-client-id",
-      clientSecretCredentialPath: "oauth_app/app-1/client_secret",
-      provider: "google",
-      createdAt: 0,
-      updatedAt: 0,
-    });
-
-    mockOrchestrateOAuthConnect = async () => ({
-      success: true,
-      deferred: true,
-      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth?state=abc",
-      state: "abc",
-      service: "google",
-    });
-
-    const { exitCode, stdout } = await runCommand([
-      "connect",
-      "google",
-      "--no-browser",
-      "--json",
-    ]);
-    expect(exitCode).toBe(0);
-    const parsed = JSON.parse(stdout);
-    expect(parsed.ok).toBe(true);
-    expect(parsed.deferred).toBe(true);
-    expect(parsed.authUrl).toBe(
-      "https://accounts.google.com/o/oauth2/v2/auth?state=abc",
-    );
-    expect(parsed.service).toBe("google");
-  });
-
-  // -------------------------------------------------------------------------
-  // BYO mode default: orchestrator called with isInteractive true
-  // -------------------------------------------------------------------------
-
-  test("BYO mode default calls orchestrator with isInteractive: true", async () => {
-    mockGetProvider = () => ({
-      provider: "google",
-      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
-      tokenExchangeBodyFormat: "form",
-      managedServiceConfigKey: null,
-    });
-    mockIsManagedMode = () => false;
-
-    mockGetAppByProviderAndClientId = () => ({
-      id: "app-1",
-      clientId: "test-id",
-      clientSecretCredentialPath: "oauth_app/app-1/client_secret",
-      provider: "google",
-      createdAt: 0,
-      updatedAt: 0,
-    });
-
-    let capturedOpts: Record<string, unknown> | undefined;
-    mockOrchestrateOAuthConnect = async (opts) => {
-      capturedOpts = opts;
-      return {
-        success: true,
-        deferred: false,
-        grantedScopes: ["email"],
-        accountInfo: "user@example.com",
-      };
-    };
-
-    const { exitCode, stdout } = await runCommand([
-      "connect",
-      "google",
-      "--client-id",
-      "test-id",
-      "--json",
-    ]);
-    expect(exitCode).toBe(0);
-    expect(capturedOpts).toBeDefined();
-    expect(capturedOpts!.isInteractive).toBe(true);
-    // openUrl should be provided by default (browser opens automatically)
-    expect(typeof capturedOpts!.openUrl).toBe("function");
-
-    const parsed = JSON.parse(stdout);
-    expect(parsed.ok).toBe(true);
-    expect(parsed.grantedScopes).toEqual(["email"]);
-    expect(parsed.accountInfo).toBe("user@example.com");
-  });
-
   // -------------------------------------------------------------------------
   // BYO missing app: error with hint
   // -------------------------------------------------------------------------
@@ -590,96 +490,6 @@ describe("assistant oauth connect", () => {
     );
   });
 
-  // -------------------------------------------------------------------------
-  // JSON output format for deferred case (BYO)
-  // -------------------------------------------------------------------------
-
-  test("JSON output for deferred case includes ok, deferred, authUrl, service", async () => {
-    mockGetProvider = () => ({
-      provider: "slack",
-      authorizeUrl: "https://slack.com/oauth/v2/authorize",
-      tokenExchangeUrl: "https://slack.com/api/oauth.v2.access",
-      tokenExchangeBodyFormat: "form",
-      managedServiceConfigKey: null,
-    });
-    mockIsManagedMode = () => false;
-
-    mockGetMostRecentAppByProvider = () => ({
-      id: "app-slack",
-      clientId: "slack-client-id",
-      clientSecretCredentialPath: "oauth_app/app-slack/client_secret",
-      provider: "slack",
-      createdAt: 0,
-      updatedAt: 0,
-    });
-
-    mockOrchestrateOAuthConnect = async () => ({
-      success: true,
-      deferred: true,
-      authorizeUrl: "https://slack.com/oauth/v2/authorize?state=xyz",
-      state: "xyz",
-      service: "slack",
-    });
-
-    const { exitCode, stdout } = await runCommand([
-      "connect",
-      "slack",
-      "--no-browser",
-      "--json",
-    ]);
-    expect(exitCode).toBe(0);
-    const parsed = JSON.parse(stdout);
-    expect(parsed).toHaveProperty("ok", true);
-    expect(parsed).toHaveProperty("deferred", true);
-    expect(parsed).toHaveProperty("authUrl");
-    expect(parsed).toHaveProperty("service", "slack");
-  });
-
-  // -------------------------------------------------------------------------
-  // JSON output format for completed case (BYO)
-  // -------------------------------------------------------------------------
-
-  test("JSON output for completed case includes ok, grantedScopes, accountInfo", async () => {
-    mockGetProvider = () => ({
-      provider: "google",
-      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
-      tokenExchangeBodyFormat: "form",
-      managedServiceConfigKey: null,
-    });
-    mockIsManagedMode = () => false;
-
-    mockGetMostRecentAppByProvider = () => ({
-      id: "app-1",
-      clientId: "completed-client-id",
-      clientSecretCredentialPath: "oauth_app/app-1/client_secret",
-      provider: "google",
-      createdAt: 0,
-      updatedAt: 0,
-    });
-
-    mockOrchestrateOAuthConnect = async () => ({
-      success: true,
-      deferred: false,
-      grantedScopes: ["email", "profile"],
-      accountInfo: "test@gmail.com",
-    });
-
-    const { exitCode, stdout } = await runCommand([
-      "connect",
-      "google",
-      "--json",
-    ]);
-    expect(exitCode).toBe(0);
-    const parsed = JSON.parse(stdout);
-    expect(parsed).toHaveProperty("ok", true);
-    expect(parsed).toHaveProperty("grantedScopes");
-    expect(parsed.grantedScopes).toEqual(["email", "profile"]);
-    expect(parsed).toHaveProperty("accountInfo", "test@gmail.com");
-    // Should NOT have deferred
-    expect(parsed.deferred).toBeUndefined();
-  });
-
   // -------------------------------------------------------------------------
   // BYO mode: client_secret required but missing
   // -------------------------------------------------------------------------
@@ -911,31 +721,6 @@ describe("assistant oauth connect", () => {
       expect(mockOpenInBrowserCalls.length).toBe(0);
     });
 
-    test("IPC returns ok:false → falls back to in-process orchestrateOAuthConnect", async () => {
-      // Default mockCliIpcCallFn already returns ok: false
-      let orchestratorCalled = false;
-      mockOrchestrateOAuthConnect = async () => {
-        orchestratorCalled = true;
-        return {
-          success: true,
-          deferred: false,
-          grantedScopes: ["email"],
-          accountInfo: "fallback@example.com",
-        };
-      };
-
-      const { exitCode, stdout } = await runCommand([
-        "connect",
-        "google",
-        "--json",
-      ]);
-      expect(exitCode).toBe(0);
-      expect(orchestratorCalled).toBe(true);
-      const parsed = JSON.parse(stdout);
-      expect(parsed.ok).toBe(true);
-      expect(parsed.accountInfo).toBe("fallback@example.com");
-    });
-
     test("IPC returns ok:false with statusCode → surfaces daemon error, does NOT fall back", async () => {
       // Daemon was reachable but returned an error (e.g. 500)
       mockCliIpcCallFn = async (method) => {
@@ -1159,43 +944,4 @@ describe("assistant oauth connect", () => {
       expect(parsed.accountInfo).toBe("gw-user@example.com");
     });
   });
-
-  // -------------------------------------------------------------------------
-  // Orchestrator error propagation
-  // -------------------------------------------------------------------------
-
-  test("BYO mode: orchestrator error propagates correctly", async () => {
-    mockGetProvider = () => ({
-      provider: "google",
-      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
-      tokenExchangeBodyFormat: "form",
-      managedServiceConfigKey: null,
-    });
-    mockIsManagedMode = () => false;
-
-    mockGetMostRecentAppByProvider = () => ({
-      id: "app-1",
-      clientId: "client-id",
-      clientSecretCredentialPath: "oauth_app/app-1/client_secret",
-      provider: "google",
-      createdAt: 0,
-      updatedAt: 0,
-    });
-
-    mockOrchestrateOAuthConnect = async () => ({
-      success: false,
-      error: "Token exchange failed: invalid_grant",
-    });
-
-    const { exitCode, stdout } = await runCommand([
-      "connect",
-      "google",
-      "--json",
-    ]);
-    expect(exitCode).toBe(1);
-    const parsed = JSON.parse(stdout);
-    expect(parsed.ok).toBe(false);
-    expect(parsed.error).toBe("Token exchange failed: invalid_grant");
-  });
 });

package/src/cli/commands/oauth/connect.ts

@@ -4,7 +4,6 @@ import type { Command } from "commander";
 
 import { getIsContainerized } from "../../../config/env-registry.js";
 import { cliIpcCall } from "../../../ipc/cli-client.js";
-import { orchestrateOAuthConnect } from "../../../oauth/connect-orchestrator.js";
 import {
   getAppByProviderAndClientId,
   getMostRecentAppByProvider,
@@ -514,57 +513,16 @@ Examples:
               return;
             }
 
-            // IPC unavailable (daemon unreachable, older daemon without this route, socket missing).
-            // Fall through to the existing in-process flow. This still carries the heap-split bug
-            // for gateway transport, but if the daemon is unreachable we have a worse problem;
-            // the fallback preserves existing behavior as a regression guard.
-            // e. Call the orchestrator (in-process fallback)
-            const result = await orchestrateOAuthConnect({
-              service: provider,
-              clientId,
-              clientSecret,
-              callbackTransport: opts.callbackTransport,
-              isInteractive: opts.browser !== false,
-              openUrl: opts.browser !== false ? openInHostBrowser : undefined,
-              ...(opts.scopes ? { requestedScopes: opts.scopes } : {}),
-            });
-
-            // f. Handle results
-            if (!result.success) {
-              writeError(result.error ?? "OAuth connect failed");
-              return;
-            }
-
-            if (result.deferred) {
-              if (jsonMode) {
-                writeOutput(cmd, {
-                  ok: true,
-                  deferred: true,
-                  // Wire key stays `authUrl` for backward compatibility with
-                  // existing CLI script consumers; the internal field on
-                  // `result` is `authorizeUrl`.
-                  authUrl: result.authorizeUrl,
-                  service: result.service,
-                });
-              } else {
-                process.stdout.write(
-                  `\nAuthorize with ${provider}:\n\n${result.authorizeUrl}\n\nThe connection will complete automatically once you authorize.\n`,
-                );
-              }
-              return;
-            }
-
-            // Interactive mode completed
-            if (jsonMode) {
-              writeOutput(cmd, {
-                ok: true,
-                grantedScopes: result.grantedScopes,
-                accountInfo: result.accountInfo,
-              });
-            } else {
-              const msg = `Connected to ${provider}${result.accountInfo ? ` as ${result.accountInfo}` : ""}`;
-              process.stdout.write(msg + "\n");
-            }
+            // IPC unavailable: the assistant must be running for OAuth connect. The
+            // gateway-routed callback lands in the assistant's process, and any tokens
+            // acquired need the assistant to store and use them — so an unreachable
+            // assistant is a fatal precondition. Surface a clear error and exit 1.
+            writeError(
+              startResult.error
+                ? `Could not reach the assistant: ${startResult.error}. Is the assistant running?`
+                : "Could not reach the assistant. Is the assistant running?",
+            );
+            return;
           }
         } catch (err) {
           const message = err instanceof Error ? err.message : String(err);