@vellumai/assistant 0.8.4 → 0.8.5

package/src/tools/host-filesystem/edit.ts

@@ -1,7 +1,6 @@
 import { supportsHostProxy } from "../../channels/types.js";
 import { HostFileProxy } from "../../daemon/host-file-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { FileSystemOps } from "../shared/filesystem/file-ops-service.js";
 import { formatEditDiff } from "../shared/filesystem/format-diff.js";
@@ -13,13 +12,10 @@ class HostFileEditTool implements Tool {
   description =
     "Replace exact text in a file on your guardian's device with new text. For files on your own machine, use file_edit instead.";
   category = "host-filesystem";
+  executionTarget = "host" as const;
   defaultRiskLevel = RiskLevel.Medium;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           path: {
@@ -46,9 +42,7 @@ class HostFileEditTool implements Tool {
           },
         },
         required: ["path", "old_string", "new_string"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/host-filesystem/read.ts

@@ -3,7 +3,6 @@ import { extname } from "node:path";
 import { supportsHostProxy } from "../../channels/types.js";
 import { HostFileProxy } from "../../daemon/host-file-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { FileSystemOps } from "../shared/filesystem/file-ops-service.js";
 import {
@@ -18,13 +17,10 @@ class HostFileReadTool implements Tool {
   description =
     "Read the contents of a file on your guardian's device, including images (JPEG, PNG, GIF, WebP). For files on your own machine, use file_read instead.";
   category = "host-filesystem";
+  executionTarget = "host" as const;
   defaultRiskLevel = RiskLevel.Medium;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           path: {
@@ -46,9 +42,7 @@ class HostFileReadTool implements Tool {
           },
         },
         required: ["path"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/host-filesystem/transfer.ts

@@ -5,7 +5,6 @@ import { dirname, isAbsolute } from "node:path";
 import { supportsHostProxy } from "../../channels/types.js";
 import { HostTransferProxy } from "../../daemon/host-transfer-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { sandboxPolicy } from "../shared/filesystem/path-policy.js";
 import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
@@ -15,13 +14,10 @@ class HostFileTransferTool implements Tool {
   description =
     "Copy a file between the assistant's workspace and the host machine. Set direction to 'to_host' to send a workspace file to the host, or 'to_sandbox' to pull a host file into the workspace. When multiple clients support host_file, specify which one to use with target_client_id.";
   category = "host-filesystem";
+  executionTarget = "host" as const;
   defaultRiskLevel = RiskLevel.Medium;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           source_path: {
@@ -57,9 +53,7 @@ class HostFileTransferTool implements Tool {
           },
         },
         required: ["source_path", "dest_path", "direction"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/host-filesystem/write.ts

@@ -1,7 +1,6 @@
 import { supportsHostProxy } from "../../channels/types.js";
 import { HostFileProxy } from "../../daemon/host-file-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { FileSystemOps } from "../shared/filesystem/file-ops-service.js";
 import { formatWriteSummary } from "../shared/filesystem/format-diff.js";
@@ -13,13 +12,10 @@ class HostFileWriteTool implements Tool {
   description =
     "Write content to a file on your guardian's device, creating it if it does not exist. For files on your own machine, use file_write instead.";
   category = "host-filesystem";
+  executionTarget = "host" as const;
   defaultRiskLevel = RiskLevel.Medium;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           path: {
@@ -37,9 +33,7 @@ class HostFileWriteTool implements Tool {
           },
         },
         required: ["path", "content"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/host-terminal/host-shell.ts

@@ -23,7 +23,6 @@ import { getConfig } from "../../config/loader.js";
 import { isCesShellLockdownEnabled } from "../../credential-execution/feature-gates.js";
 import { HostBashProxy } from "../../daemon/host-bash-proxy.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { isUntrustedTrustClass } from "../../runtime/actor-trust-resolver.js";
 import { wakeAgentForOpportunity } from "../../runtime/agent-wake.js";
 import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
@@ -97,16 +96,13 @@ class HostShellTool implements Tool {
   description =
     "LAST RESORT — Execute a shell command directly on the host machine. You MUST strongly prefer the regular `bash` tool for all commands. Only use `host_bash` when you are absolutely certain the command MUST run on the host machine and CANNOT run in the workspace (e.g., managing host-level system services, accessing host-only peripherals, or interacting with host paths outside the workspace). If in doubt, use `bash` instead. Approval-gated: each invocation must be explicitly approved. Do not use for commands that require injected credentials or secrets.";
   category = "host-terminal";
+  executionTarget = "host" as const;
   // host_bash is a weaker-tier escape hatch under CES lockdown. It remains
   // Medium risk by default but persistent approvals are disabled for
   // untrusted sessions (see execute()).
   defaultRiskLevel = RiskLevel.Medium;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           command: {
@@ -140,9 +136,7 @@ class HostShellTool implements Tool {
           },
         },
         required: ["command", "activity"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/mcp/mcp-tool-factory.ts

@@ -1,7 +1,6 @@
 import type { McpServerConfig } from "../../config/schemas/mcp.js";
 import type { McpServerManager } from "../../mcp/manager.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { toProviderSafeToolName } from "../provider-tool-name.js";
 import { schemaDefinesProperty } from "../schema-transforms.js";
 import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
@@ -53,13 +52,7 @@ export function createMcpTool(
     ownerMcpServerId: serverId,
     executionTarget: "host",
 
-    getDefinition(): ToolDefinition {
-      return {
-        name: namespacedName,
-        description: metadata.description,
-        input_schema: metadata.inputSchema as ToolDefinition["input_schema"],
-      };
-    },
+    input_schema: metadata.inputSchema as object,
 
     async execute(
       input: Record<string, unknown>,

package/src/tools/memory/register.test.ts

@@ -100,7 +100,7 @@ function makeContext(overrides: Partial<ToolContext> = {}): ToolContext {
 
 describe("recallTool definition", () => {
   test("exposes the agentic local search schema", () => {
-    const definition = recallTool.getDefinition();
+    const definition = recallTool;
 
     expect(definition.name).toBe("recall");
     expect(definition.description).toContain("Search local information");

package/src/tools/memory/register.ts

@@ -10,7 +10,6 @@ import {
   graphRememberDefinition,
 } from "../../memory/graph/tools.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { isUntrustedTrustClass } from "../../runtime/actor-trust-resolver.js";
 import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 
@@ -20,11 +19,9 @@ class RememberTool implements Tool {
   name = "remember";
   description = graphRememberDefinition.description;
   category = "memory";
+  executionTarget = "sandbox" as const;
   defaultRiskLevel = RiskLevel.Low;
-
-  getDefinition(): ToolDefinition {
-    return graphRememberDefinition;
-  }
+  input_schema = graphRememberDefinition.input_schema;
 
   async execute(
     input: Record<string, unknown>,
@@ -51,11 +48,9 @@ class RecallTool implements Tool {
   name = "recall";
   description = graphRecallDefinition.description;
   category = "memory";
+  executionTarget = "sandbox" as const;
   defaultRiskLevel = RiskLevel.Low;
-
-  getDefinition(): ToolDefinition {
-    return graphRecallDefinition;
-  }
+  input_schema = graphRecallDefinition.input_schema;
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/network/web-fetch.ts

@@ -7,7 +7,6 @@ import { Readable } from "node:stream";
 
 import type { WebFetchMetadata } from "../../daemon/message-types/web-activity.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { wrapUntrustedContent } from "../../security/untrusted-content.js";
 import { faviconUrlForDomain } from "../../util/favicon.js";
 import { getLogger } from "../../util/logger.js";
@@ -990,13 +989,10 @@ class WebFetchTool implements Tool {
   description =
     "Fetch a webpage and return LLM-friendly extracted text with metadata. Use this after web_search when you need to read a specific result. To find pages on a site without guessing slugs, fetch /sitemap.xml first — it has ground-truth paths and works even when pages are JS-rendered.";
   category = "network";
+  executionTarget = "sandbox" as const;
   defaultRiskLevel = RiskLevel.Low;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           url: {
@@ -1029,9 +1025,7 @@ class WebFetchTool implements Tool {
           },
         },
         required: ["url"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/network/web-search.ts

@@ -4,7 +4,6 @@ import type {
   WebSearchResultItem,
 } from "../../daemon/message-types/web-activity.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { getProviderKeyAsync } from "../../security/secure-keys.js";
 import { wrapUntrustedContent } from "../../security/untrusted-content.js";
 import { faviconUrlForDomain } from "../../util/favicon.js";
@@ -650,39 +649,33 @@ class WebSearchTool implements Tool {
   description =
     "Search the web and return results. Useful for looking up current information, documentation, or anything the assistant doesn't know.";
   category = "network";
+  executionTarget = "sandbox" as const;
   defaultRiskLevel = RiskLevel.Low;
-
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
-        type: "object",
-        properties: {
-          query: {
-            type: "string",
-            description: "The search query string",
-          },
-          count: {
-            type: "number",
-            description:
-              "Number of results to return (1-20, default 10). Used with Brave and Tavily providers.",
-          },
-          offset: {
-            type: "number",
-            description:
-              "Pagination offset (0-9, default 0). Only used with Brave provider.",
-          },
-          freshness: {
-            type: "string",
-            description:
-              'Filter by recency: "pd" (past day), "pw" (past week), "pm" (past month), "py" (past year). Used with Brave and Tavily providers.',
-          },
-        },
-        required: ["query"],
+  input_schema = {
+    type: "object",
+    properties: {
+      query: {
+        type: "string",
+        description: "The search query string",
       },
-    };
-  }
+      count: {
+        type: "number",
+        description:
+          "Number of results to return (1-20, default 10). Used with Brave and Tavily providers.",
+      },
+      offset: {
+        type: "number",
+        description:
+          "Pagination offset (0-9, default 0). Only used with Brave provider.",
+      },
+      freshness: {
+        type: "string",
+        description:
+          'Filter by recency: "pd" (past day), "pw" (past week), "pm" (past month), "py" (past year). Used with Brave and Tavily providers.',
+      },
+    },
+    required: ["query"],
+  };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/registry.ts

@@ -10,7 +10,7 @@ import { hostFileWriteTool } from "./host-filesystem/write.js";
 import { hostShellTool } from "./host-terminal/host-shell.js";
 import { toProviderSafeToolName } from "./provider-tool-name.js";
 import { registerSystemTools } from "./system/register.js";
-import type { LoadedPluginTool, Tool } from "./types.js";
+import type { LoadedTool, Tool } from "./types.js";
 import { allUiSurfaceTools } from "./ui-surface/definitions.js";
 import { registerUiSurfaceTools } from "./ui-surface/registry.js";
 
@@ -85,12 +85,6 @@ function withProviderSafeToolName(tool: Tool): Tool {
   return {
     ...tool,
     name: safeName,
-    getDefinition(): ToolDefinition {
-      return {
-        ...tool.getDefinition(),
-        name: safeName,
-      };
-    },
   };
 }
 
@@ -193,12 +187,11 @@ export function registerSkillTools(newTools: Tool[]): Tool[] {
  */
 export function registerPluginTools(
   pluginName: string,
-  newTools: LoadedPluginTool[],
+  newTools: LoadedTool[],
 ): Tool[] {
   const stamped: Tool[] = newTools.map((pluginTool) => {
-    const { input_schema, ...rest } = pluginTool;
     const tool: Tool = {
-      ...rest,
+      ...pluginTool,
       category: "plugin",
       origin: "plugin" as const,
       ownerPluginId: pluginName,
@@ -206,13 +199,6 @@ export function registerPluginTools(
       ownerMcpServerId: undefined,
       ownerSkillBundled: undefined,
       ownerSkillVersionHash: undefined,
-      getDefinition(): ToolDefinition {
-        return {
-          name: pluginTool.name,
-          description: pluginTool.description,
-          input_schema,
-        };
-      },
     };
     return withProviderSafeToolName(tool);
   });
@@ -399,9 +385,7 @@ export function unregisterAllMcpTools(): void {
  * were registered after session creation (e.g. via `vellum mcp reload`).
  */
 export function getMcpToolDefinitions(): ToolDefinition[] {
-  return Array.from(tools.values())
-    .filter((t) => t.origin === "mcp")
-    .map((t) => t.getDefinition());
+  return Array.from(tools.values()).filter((t) => t.origin === "mcp");
 }
 
 /**
@@ -428,9 +412,9 @@ export function getAllToolDefinitions(): ToolDefinition[] {
   // the base tool list, which is shared across sessions via the global
   // registry.  Including them here causes "Tool names must be unique"
   // errors when the projection appends the same tools a second time.
-  return getAllTools()
-    .filter((t) => t.executionMode !== "proxy" && t.origin !== "skill")
-    .map((t) => t.getDefinition());
+  return getAllTools().filter(
+    (t) => t.executionMode !== "proxy" && t.origin !== "skill",
+  );
 }
 
 export async function initializeTools(): Promise<void> {

package/src/tools/schema-transforms.ts

@@ -12,7 +12,7 @@ export const ACTIVITY_SKIP_SET = new Set<string>();
  * or has a non-object schema.
  *
  * CRITICAL: Never mutates the input definitions - always returns deep clones
- * for any modified definition, since `getDefinition()` returns shared refs.
+ * for any modified definition, since `Tool.input_schema` is a shared ref.
  */
 export function injectActivityField(
   definitions: ToolDefinition[],

package/src/tools/skills/execute.ts

@@ -1,5 +1,4 @@
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { registerTool } from "../registry.js";
 import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 
@@ -8,13 +7,10 @@ class SkillExecuteTool implements Tool {
   description =
     "Execute a tool provided by a loaded skill. Use this instead of calling skill tools directly. The skill's instructions (from skill_load) describe available tools and their parameters. For browser automation, use the `assistant browser` CLI commands instead.";
   category = "skills";
+  executionTarget = "sandbox" as const;
   defaultRiskLevel = RiskLevel.Low;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           tool: {
@@ -34,9 +30,7 @@ class SkillExecuteTool implements Tool {
           },
         },
         required: ["tool", "input", "activity"],
-      },
-    };
-  }
+      };
 
   async execute(
     _input: Record<string, unknown>,

package/src/tools/skills/load.ts

@@ -11,7 +11,6 @@ import {
   loadSkillCatalog,
 } from "../../config/skills.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import {
   autoInstallFromCatalog,
   resolveCatalog,
@@ -126,13 +125,10 @@ export class SkillLoadTool implements Tool {
   description =
     "Load full instructions for a skill. Works for both bundled skills (listed in the catalog) and custom workspace skills.";
   category = "skills";
+  executionTarget = "sandbox" as const;
   defaultRiskLevel = RiskLevel.Low;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           skill: {
@@ -141,9 +137,7 @@ export class SkillLoadTool implements Tool {
           },
         },
         required: ["skill"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/skills/skill-tool-factory.ts

@@ -1,6 +1,5 @@
 import type { SkillToolEntry } from "../../config/skills.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import type {
   ExecutionTarget,
   Tool,
@@ -63,13 +62,7 @@ export function createSkillTool(
     ownerSkillVersionHash: versionHash,
     ownerSkillBundled: bundled,
 
-    getDefinition(): ToolDefinition {
-      return {
-        name: entry.name,
-        description: entry.description,
-        input_schema: entry.input_schema as ToolDefinition["input_schema"],
-      };
-    },
+    input_schema: entry.input_schema as object,
 
     async execute(
       input: Record<string, unknown>,

package/src/tools/subagent/notify-parent.ts

@@ -1,5 +1,4 @@
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { getSubagentManager } from "../../subagent/index.js";
 import { registerTool } from "../registry.js";
 import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
@@ -37,13 +36,10 @@ class NotifyParentTool implements Tool {
   description =
     "Send a notification to the parent conversation. Use this for important findings, when you're blocked, or when you have preliminary results the parent should know about. Do not overuse — notify for significant findings, not after every tool call.";
   category = "orchestration";
+  executionTarget = "sandbox" as const;
   defaultRiskLevel = RiskLevel.Low;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           message: {
@@ -63,9 +59,7 @@ class NotifyParentTool implements Tool {
           },
         },
         required: ["message", "activity"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/system/request-permission.ts

@@ -1,5 +1,4 @@
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { registerTool } from "../registry.js";
 import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 
@@ -57,13 +56,10 @@ class RequestSystemPermissionTool implements Tool {
     "Use when a tool fails with a permission/access error (e.g. 'Operation not permitted', 'EACCES', sandbox denial). " +
     "Do not explain how to open System Settings manually - this tool handles it with a clickable button.";
   category = "system";
+  executionTarget = "sandbox" as const;
   defaultRiskLevel = RiskLevel.High;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           permission_type: {
@@ -78,9 +74,7 @@ class RequestSystemPermissionTool implements Tool {
           },
         },
         required: ["permission_type", "activity"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,

package/src/tools/terminal/shell.ts

@@ -4,7 +4,6 @@ import { spawn } from "node:child_process";
 import { getConfig } from "../../config/loader.js";
 import { isCesShellLockdownEnabled } from "../../credential-execution/feature-gates.js";
 import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
 import { isUntrustedTrustClass } from "../../runtime/actor-trust-resolver.js";
 import { wakeAgentForOpportunity } from "../../runtime/agent-wake.js";
 import { redactSecrets } from "../../security/secret-scanner.js";
@@ -49,13 +48,10 @@ class ShellTool implements Tool {
   name = "bash";
   description = "Execute a shell command on the local machine";
   category = "terminal";
+  executionTarget = "sandbox" as const;
   defaultRiskLevel = RiskLevel.Medium;
 
-  getDefinition(): ToolDefinition {
-    return {
-      name: this.name,
-      description: this.description,
-      input_schema: {
+  input_schema = {
         type: "object",
         properties: {
           command: {
@@ -91,9 +87,7 @@ class ShellTool implements Tool {
           },
         },
         required: ["command", "activity"],
-      },
-    };
-  }
+      };
 
   async execute(
     input: Record<string, unknown>,