@vellumai/assistant 0.8.5 → 0.8.6

package/src/config/schemas/services.ts

@@ -46,13 +46,17 @@ const ImageGenerationServiceSchema = BaseServiceSchema.extend({
 });
 
 const WebSearchServiceSchema = BaseServiceSchema.extend({
+  // Provider choice for app-executed search in Your Own mode, or the native
+  // hosted-search preference when set to `inference-provider-native`. In
+  // Managed mode, non-native inference providers can still use the platform
+  // managed search proxy through the app-executed `web_search` tool.
   provider: z
     .enum(VALID_WEB_SEARCH_PROVIDERS)
     .default("inference-provider-native"),
 });
 
 const GoogleOAuthServiceSchema = BaseServiceSchema.extend({
-  mode: ServiceModeSchema.default("your-own"),
+  mode: ServiceModeSchema.default("managed"),
 });
 
 const OutlookOAuthServiceSchema = BaseServiceSchema.extend({
@@ -68,7 +72,7 @@ const GitHubOAuthServiceSchema = BaseServiceSchema.extend({
 });
 
 const NotionOAuthServiceSchema = BaseServiceSchema.extend({
-  mode: ServiceModeSchema.default("your-own"),
+  mode: ServiceModeSchema.default("managed"),
 });
 
 const TwitterOAuthServiceSchema = BaseServiceSchema.extend({

package/src/config/seed-inference-profiles.ts

@@ -1,7 +1,6 @@
 import type { DrizzleDb } from "../memory/db-connection.js";
 import {
   createConnection,
-  disableManagedConnectionsForByokHatch,
   getConnection,
   MANAGED_CONNECTION_NAMES,
   PROVIDERS_REQUIRING_BASE_URL_AND_MODELS,
@@ -123,9 +122,18 @@ const USER_PROFILE_TEMPLATES: Record<string, ManagedProfileTemplate> = {
   },
 };
 
-export const MANAGED_PROFILE_NAMES = new Set(
-  Object.keys(MANAGED_PROFILE_TEMPLATES),
-);
+/**
+ * The "auto" profile key. When active, the daemon injects the
+ * `switch_inference_profile` tool and lets the model self-select a profile
+ * per query. No provider/model — the resolver falls through to the call-site
+ * default (balanced or custom-balanced for BYOK).
+ */
+export const AUTO_PROFILE_KEY = "auto";
+
+export const MANAGED_PROFILE_NAMES = new Set([
+  ...Object.keys(MANAGED_PROFILE_TEMPLATES),
+  AUTO_PROFILE_KEY,
+]);
 
 export type SeedInferenceProfilesOptions = {
   /**
@@ -263,21 +271,28 @@ export function seedInferenceProfiles(
     profiles[name] = next as ProfileEntry;
   }
 
+  // 1b. Auto profile — a metadata-only profile with no provider/model. When
+  //     the user selects "Auto", the resolver falls through to the call-site
+  //     default (balanced or custom-balanced), and the agent loop injects the
+  //     switch_inference_profile tool so the model can self-select per query.
+  if (!preservedProfileNames.has(AUTO_PROFILE_KEY)) {
+    const previousAuto = readObject(profiles[AUTO_PROFILE_KEY]);
+    const autoEntry: Record<string, unknown> = {
+      source: "managed",
+      label: "Auto",
+      description:
+        "Automatically routes each query to the best profile — fast for simple questions, capable for complex ones",
+    };
+    if (previousAuto) {
+      if ("label" in previousAuto) autoEntry.label = previousAuto.label;
+      if ("status" in previousAuto) autoEntry.status = previousAuto.status;
+    }
+    profiles[AUTO_PROFILE_KEY] = autoEntry as ProfileEntry;
+  }
+
   // 2. User profiles — only at hatch time for off-platform installations.
   let userConnectionName: string | undefined;
   if (options.isHatch && !isPlatform) {
-    // BYOK hatch: disable canonical managed connections so the picker doesn't
-    // surface unusable platform-auth options on day one. If the hatch overlay
-    // selected a managed profile, leave that connection active; the user has
-    // already chosen managed inference. Runs only here, only at hatch —
-    // `seedCanonicalConnections` leaves `status` alone on subsequent boots so
-    // a post-hatch user re-enable persists.
-    if (options.db) {
-      disableManagedConnectionsForByokHatch(options.db, {
-        excludeConnection: hatchSelectedManagedConnection,
-      });
-    }
-
     const hatchProvider = readString(readObject(llm.default)?.provider);
     if (
       hatchProvider &&
@@ -336,10 +351,15 @@ export function seedInferenceProfiles(
   }
 
   // Profile ordering — ensure all seeded profiles appear in the order array.
+  // "auto" is prepended so it appears first in the picker.
   const profileOrder = Array.isArray(llm.profileOrder)
     ? (llm.profileOrder as string[])
     : [];
   const orderSet = new Set(profileOrder);
+  if (!orderSet.has(AUTO_PROFILE_KEY)) {
+    profileOrder.unshift(AUTO_PROFILE_KEY);
+    orderSet.add(AUTO_PROFILE_KEY);
+  }
   for (const name of Object.keys(MANAGED_PROFILE_TEMPLATES)) {
     if (!orderSet.has(name)) {
       profileOrder.push(name);

package/src/context/token-estimator.ts

@@ -154,11 +154,16 @@ function estimateGeminiImageTokens(width: number, height: number): number {
   ) {
     return GEMINI_IMAGE_TOKENS_PER_TILE;
   }
-  // Gemini resizes images so the longest side is ≤3072px before tiling.
-  const clampedWidth = Math.min(width, GEMINI_IMAGE_MAX_DIMENSION);
-  const clampedHeight = Math.min(height, GEMINI_IMAGE_MAX_DIMENSION);
-  const tilesWide = Math.ceil(clampedWidth / GEMINI_IMAGE_TILE_SIZE);
-  const tilesHigh = Math.ceil(clampedHeight / GEMINI_IMAGE_TILE_SIZE);
+  // Gemini rescales both dimensions by a single aspect-preserving factor so
+  // the longest side is ≤3072px before tiling. Clamping each side
+  // independently would over-count tiles for extreme aspect ratios
+  // (e.g. 10000×1000 → 3072×307, not 3072×1000).
+  const scale = Math.min(
+    1,
+    GEMINI_IMAGE_MAX_DIMENSION / Math.max(width, height),
+  );
+  const tilesWide = Math.ceil((width * scale) / GEMINI_IMAGE_TILE_SIZE);
+  const tilesHigh = Math.ceil((height * scale) / GEMINI_IMAGE_TILE_SIZE);
   return tilesWide * tilesHigh * GEMINI_IMAGE_TOKENS_PER_TILE;
 }
 

package/src/credential-execution/executable-discovery.ts

@@ -212,3 +212,43 @@ export function discoverCes(): DiscoveryResult {
   }
   return discoverLocalCes();
 }
+
+/** How long to poll for the managed bootstrap socket before giving up. */
+const MANAGED_DISCOVERY_TIMEOUT_MS = 3_000;
+
+/** Delay between managed bootstrap-socket discovery attempts. */
+const MANAGED_DISCOVERY_INTERVAL_MS = 100;
+
+/**
+ * Discover CES, polling for the managed bootstrap socket with a short
+ * backoff before failing.
+ *
+ * The managed CES sidecar re-binds its bootstrap socket after each assistant
+ * session ends — it outlives any single assistant and accepts the next
+ * connection (see `credential-executor/src/managed-main.ts`). A reconnecting
+ * assistant (e.g. after a container restart) can therefore probe during the
+ * brief window before the socket is re-bound. A single existence check would
+ * race that window and incorrectly report the sidecar as unavailable; polling
+ * absorbs the gap.
+ *
+ * Local discovery is returned immediately — a missing binary will not appear
+ * by waiting, so there is nothing to poll for.
+ */
+export async function discoverCesWithRetry({
+  timeoutMs = MANAGED_DISCOVERY_TIMEOUT_MS,
+  intervalMs = MANAGED_DISCOVERY_INTERVAL_MS,
+}: { timeoutMs?: number; intervalMs?: number } = {}): Promise<DiscoveryResult> {
+  // Only the managed bootstrap socket is worth polling for; a missing local
+  // binary will not appear by waiting.
+  if (!getIsContainerized()) {
+    return discoverCes();
+  }
+
+  const deadline = Date.now() + timeoutMs;
+  let result = discoverCes();
+  while (result.mode === "unavailable" && Date.now() < deadline) {
+    await new Promise((resolve) => setTimeout(resolve, intervalMs));
+    result = discoverCes();
+  }
+  return result;
+}

package/src/credential-execution/process-manager.ts

@@ -29,7 +29,7 @@ import { ensureBun } from "../util/bun-runtime.js";
 import { getLogger } from "../util/logger.js";
 import type { CesTransport } from "./client.js";
 import {
-  discoverCes,
+  discoverCesWithRetry,
   discoverLocalCes,
   type DiscoveryResult,
   type LocalDiscoverySuccess,
@@ -118,7 +118,11 @@ export function createCesProcessManager(
         throw new Error("CES process manager is already running");
       }
 
-      discoveryResult = await discoverCes();
+      // Poll for the managed bootstrap socket with a short backoff. The CES
+      // sidecar re-binds its socket after each assistant session ends, so a
+      // reconnecting assistant can briefly race the re-bind; a single probe
+      // would otherwise fall back to local discovery and fail in managed mode.
+      discoveryResult = await discoverCesWithRetry();
       if (discoveryResult.mode === "unavailable") {
         // The managed sidecar bootstrap socket is not present — this happens
         // when the instance pre-dates the socket volume mount (e.g. existing

package/src/credential-health/credential-health-service.ts

@@ -7,8 +7,10 @@
  * - Scope coverage (grantedScopes vs provider defaultScopes)
  * - Liveness ping (for providers with a pingUrl)
  *
- * Designed to run during the heartbeat cycle. All checks are diagnostic —
- * no token refresh or recovery is attempted.
+ * Designed to run during the heartbeat cycle. The BYO liveness ping is
+ * routed through `withValidToken`, so a stale-but-refreshable access token
+ * is refreshed transparently before the ping fires — this prevents the
+ * heartbeat from misreporting a refreshable connection as `"revoked"`.
  */
 
 import { isTokenExpired } from "@vellumai/credential-storage";
@@ -22,6 +24,10 @@ import {
   type OAuthConnectionRow,
   type OAuthProviderRow,
 } from "../oauth/oauth-store.js";
+import {
+  TokenExpiredError,
+  withValidToken,
+} from "../security/token-manager.js";
 import { getLogger } from "../util/logger.js";
 
 const log = getLogger("credential-health");
@@ -125,6 +131,45 @@ async function pingProvider(
   }
 }
 
+/**
+ * Map a pingProvider result onto a CredentialHealthResult, or null when the
+ * ping succeeded. `authErrorContext` distinguishes whether a 401/403 came
+ * after a refresh attempt (refreshable connection) or directly from the
+ * stored token (manual-token / no-refresh connection) — the latter is the
+ * historical message wording.
+ */
+type PingFailureContext = "after_refresh" | "no_refresh";
+
+function pingResultToHealthFailure(
+  base: Omit<CredentialHealthResult, "status" | "details" | "canAutoRecover">,
+  provider: string,
+  connectionId: string,
+  pingResult: { ok: boolean; authError: boolean },
+  authErrorContext: PingFailureContext,
+): CredentialHealthResult | null {
+  if (pingResult.ok) return null;
+  if (pingResult.authError) {
+    const suffix =
+      authErrorContext === "after_refresh" ? " after a refresh attempt" : "";
+    return {
+      ...base,
+      status: "revoked",
+      details: `${provider} token was rejected (401/403)${suffix}. The token may have been revoked. Re-authorization required.`,
+      canAutoRecover: false,
+    };
+  }
+  log.debug(
+    { provider, connectionId },
+    "Credential ping failed with non-auth error",
+  );
+  return {
+    ...base,
+    status: "ping_failed",
+    details: `${provider} liveness check failed (non-auth error). This may be transient.`,
+    canAutoRecover: false,
+  };
+}
+
 // ── Core check ────────────────────────────────────────────────────────
 
 interface CheckConnectionOpts {
@@ -192,14 +237,18 @@ async function checkConnection(
   const token = tokenResult.value;
 
   // 2. Check token expiry
-  if (isTokenExpired(expiresAt)) {
+  //
+  // When the token is expired AND there is no refresh token, we have no path
+  // to recovery — short-circuit to "expired". When there IS a refresh token,
+  // we fall through so the ping (via withValidToken) can attempt a refresh
+  // and confirm whether the refresh token still works. Without that, we'd
+  // return "expiring" speculatively even when the refresh token was revoked.
+  if (isTokenExpired(expiresAt) && !hasRefreshToken) {
     return {
       ...base,
-      status: hasRefreshToken ? "expiring" : "expired",
-      details: hasRefreshToken
-        ? `Token for ${provider} is expired but has a refresh token — auto-recovery may work.`
-        : `Token for ${provider} is expired with no refresh token. Re-authorization required.`,
-      canAutoRecover: hasRefreshToken,
+      status: "expired",
+      details: `Token for ${provider} is expired with no refresh token. Re-authorization required.`,
+      canAutoRecover: false,
     };
   }
 
@@ -234,36 +283,51 @@ async function checkConnection(
   }
 
   // 4. Liveness ping
+  //
+  // For refreshable connections we route through withValidToken so an
+  // expired-but-refreshable token gets refreshed before the ping fires.
+  // Without this wrapping, the ping would hit 401 on a stale token and the
+  // connection would be misreported as "revoked" — even though the next real
+  // API call (which goes through BYOOAuthConnection.request → withValidToken)
+  // would have refreshed and succeeded.
   if (pingUrl) {
-    const pingResult = await pingProvider(
-      token,
-      pingUrl,
-      pingMethod,
-      pingHeaders,
-      pingBody,
-    );
-    if (!pingResult.ok) {
-      if (pingResult.authError) {
-        return {
-          ...base,
-          status: "revoked",
-          details: `${provider} token was rejected (401/403). The token may have been revoked. Re-authorization required.`,
-          canAutoRecover: false,
-        };
+    const runPing = (t: string) =>
+      pingProvider(t, pingUrl, pingMethod, pingHeaders, pingBody);
+
+    let pingResult: { ok: boolean; authError: boolean };
+    let authContext: PingFailureContext;
+
+    if (hasRefreshToken) {
+      try {
+        pingResult = await withValidToken(provider, runPing, { connectionId });
+      } catch (err) {
+        if (err instanceof TokenExpiredError) {
+          // Refresh itself failed (revoked refresh token, invalid_grant, etc.)
+          return {
+            ...base,
+            status: "revoked",
+            details: `${provider} token refresh failed. The refresh token may have been revoked. Re-authorization required.`,
+            canAutoRecover: false,
+          };
+        }
+        throw err;
       }
-      // Non-auth ping failure — log but don't mark as critical.
-      // Could be a transient API issue.
-      log.debug(
-        { provider, connectionId },
-        "Credential ping failed with non-auth error",
-      );
-      return {
-        ...base,
-        status: "ping_failed",
-        details: `${provider} liveness check failed (non-auth error). This may be transient.`,
-        canAutoRecover: false,
-      };
+      authContext = "after_refresh";
+    } else {
+      // Manual-token provider or an OAuth provider whose initial flow
+      // didn't return a refresh_token — nothing to refresh, ping directly.
+      pingResult = await runPing(token);
+      authContext = "no_refresh";
     }
+
+    const failure = pingResultToHealthFailure(
+      base,
+      provider,
+      connectionId,
+      pingResult,
+      authContext,
+    );
+    if (failure) return failure;
   }
 
   return {
@@ -434,10 +498,28 @@ async function checkManagedProvider(
             canAutoRecover: true,
           });
         } else if (pingResp.status === 401 || pingResp.status === 403) {
+          // 401/403 from the upstream provider after the platform proxy
+          // forwarded the request. From the daemon side we can't tell
+          // whether the proxy attempted (and failed) a refresh-before-
+          // forward or skipped refresh entirely and forwarded a stale token.
+          // Either way it's not definitively unrecoverable — the next ping
+          // cycle may succeed if the platform re-refreshes. Demote to
+          // ping_failed so we don't fire a user-facing reconnect alert on
+          // what may be a transient platform-side miss. Only platform-
+          // attested 424 (CredentialRequiredError below) signals genuine
+          // unrecoverable failure.
+          log.debug(
+            {
+              provider: providerRow.provider,
+              connectionId: conn.id,
+              status: pingResp.status,
+            },
+            "Managed credential ping returned 401/403 — treating as potentially transient",
+          );
           results.push({
             ...base,
-            status: "revoked",
-            details: `${providerRow.provider} managed token was rejected (${pingResp.status}). Reconnect on the Vellum platform.`,
+            status: "ping_failed",
+            details: `${providerRow.provider} managed liveness check returned ${pingResp.status} from the upstream provider. The Vellum platform may not have refreshed the token before forwarding; will retry next cycle.`,
             canAutoRecover: false,
           });
         } else {
@@ -450,8 +532,11 @@ async function checkManagedProvider(
         }
       } catch (err) {
         const msg = err instanceof Error ? err.message : String(err);
-        // CredentialRequiredError means the platform can't materialize
-        // the token — treat as revoked.
+        // CredentialRequiredError corresponds to a 424 from the platform
+        // proxy — the platform attempted (and gave up on) refresh and is
+        // telling us the credential is genuinely unrecoverable. This is
+        // the only managed-path signal we trust enough to fire a user-
+        // facing reconnect alert.
         if (
           err &&
           typeof err === "object" &&
@@ -461,7 +546,7 @@ async function checkManagedProvider(
           results.push({
             ...base,
             status: "revoked",
-            details: `${providerRow.provider} managed connection is no longer valid. Reconnect on the Vellum platform.`,
+            details: `${providerRow.provider} managed connection cannot be refreshed by the Vellum platform. Reconnect on the Vellum platform.`,
             canAutoRecover: false,
           });
         } else {

package/src/daemon/__tests__/conversation-lifecycle-auto-analyze.test.ts

@@ -26,12 +26,9 @@
 
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
-mock.module("../../util/logger.js", () => ({
-  getLogger: () =>
-    new Proxy({} as Record<string, unknown>, {
-      get: () => () => {},
-    }),
-}));
+import { createMockLoggerModule } from "../../__tests__/helpers/mock-logger.js";
+
+mock.module("../../util/logger.js", () => createMockLoggerModule());
 
 // ---------------------------------------------------------------------------
 // Mock state — reset between tests.

package/src/daemon/__tests__/conversation-surfaces-launch.test.ts

@@ -44,10 +44,10 @@ mock.module("../../runtime/assistant-event.js", () => ({
   ...realEvent,
   // Pass-through so `focus` / `conversationId` can be asserted directly
   // on the captured event's `message` payload.
-  buildAssistantEvent: (
-    message: unknown,
-    conversationId?: string,
-  ) => ({ message, conversationId }),
+  buildAssistantEvent: (message: unknown, conversationId?: string) => ({
+    message,
+    conversationId,
+  }),
 }));
 
 // Stub DB helpers so the real `launchConversation` can run without a DB.
@@ -73,6 +73,7 @@ mock.module("../../memory/conversation-crud.js", () => ({
   ) => {
     updateTitleCalls.push({ conversationId, title });
   },
+  reserveMessage: mock(async () => ({ id: "msg-reserve" })),
 }));
 
 // Stub conversation-store so the real `launchConversation` can hydrate
@@ -107,10 +108,7 @@ let processStartedPromise = new Promise<void>((resolve) => {
 const realProcessMessage = await import("../process-message.js");
 mock.module("../process-message.js", () => ({
   ...realProcessMessage,
-  processMessageInBackground: (
-    conversationId: string,
-    content: string,
-  ) => {
+  processMessageInBackground: (conversationId: string, content: string) => {
     processMessageCalls.push({ conversationId, content });
     markProcessStarted();
     return new Promise((resolve, reject) => {
@@ -177,8 +175,8 @@ function makeContext(
     surfaceActionRequestIds: new Set<string>(),
     currentTurnSurfaces: [],
     isProcessing: () => false,
-    enqueueMessage: (content: string) => {
-      enqueueCalls.push({ content });
+    enqueueMessage: (options) => {
+      enqueueCalls.push({ content: options.content });
       return { queued: false, requestId: "enq-req" };
     },
     getQueueDepth: () => 0,
@@ -256,7 +254,7 @@ describe("handleSurfaceAction — launch_conversation dispatch", () => {
 
   test("launches new conversation with inherited trust context and no chat message", async () => {
     nextKeyStoreResult = { conversationId: "conv-launched-1" };
-    
+
     const originTrustContext: TrustContext = {
       sourceChannel: "vellum",
       trustClass: "guardian",
@@ -351,7 +349,7 @@ describe("handleSurfaceAction — launch_conversation dispatch", () => {
 
   test("omits originTrustContext when origin conversation has none", async () => {
     nextKeyStoreResult = { conversationId: "conv-launched-3" };
-    
+
     // No `trustContext` on the origin context — simulating the
     // no-inherited-guardian path.
     const ctx = makeContext();
@@ -382,7 +380,7 @@ describe("handleSurfaceAction — launch_conversation dispatch", () => {
 
   test("handler returns before the seed turn resolves (fire-and-forget)", async () => {
     nextKeyStoreResult = { conversationId: "conv-nonblocking" };
-    
+
     const ctx = makeContext();
     registerCardSurface(ctx, "surface-4");
 
@@ -413,7 +411,7 @@ describe("handleSurfaceAction — launch_conversation dispatch", () => {
 
   test("seed turn rejection is swallowed by the helper's .catch()", async () => {
     nextKeyStoreResult = { conversationId: "conv-seed-fails" };
-    
+
     const ctx = makeContext();
     registerCardSurface(ctx, "surface-5");
 
@@ -449,7 +447,7 @@ describe("handleSurfaceAction — launch_conversation dispatch", () => {
     // message and triggering a full LLM round-trip on every click. The plan
     // claimed to eliminate that round-trip; this test enforces it.
     nextKeyStoreResult = { conversationId: "conv-pending-set" };
-    
+
     const ctx = makeContext();
     registerCardSurface(ctx, "surface-pending");
     // Simulate `ui_show` having stamped a pending entry for this surface

package/src/daemon/__tests__/conversation-tool-setup-exclude.test.ts

@@ -29,7 +29,6 @@ function mcpTool(name: string): Tool {
   return {
     name,
     description: name,
-    origin: "mcp",
     input_schema: def(name).input_schema,
   } as unknown as Tool;
 }
@@ -89,7 +88,7 @@ describe("createResolveToolsCallback — config.tools.exclude", () => {
   });
 
   test("excluded MCP tool is omitted from the resolved tool list", () => {
-    registerMcpTools([
+    registerMcpTools("test-server", [
       mcpTool("mcp__server__navigate"),
       mcpTool("mcp__server__click"),
     ]);

package/src/daemon/__tests__/daemon-skill-host.test.ts

@@ -95,6 +95,7 @@ mock.module("../../security/secure-keys.js", () => ({
 
 mock.module("../../memory/conversation-crud.js", () => ({
   addMessage: async () => ({ id: "msg-123" }),
+  reserveMessage: mock(async () => ({ id: "msg-reserve" })),
 }));
 
 mock.module("../../runtime/agent-wake.js", () => ({
@@ -108,6 +109,7 @@ mock.module("../../runtime/assistant-event-hub.js", () => ({
     publish: publishSpy,
     subscribe: subscribeSpy,
   },
+  broadcastMessage: async () => {},
 }));
 
 mock.module("../../runtime/assistant-event.js", () => ({

package/src/daemon/__tests__/meet-manifest-loader.test.ts

@@ -163,14 +163,23 @@ describe("loadMeetManifestProxies", () => {
     const capturedRoutes: SkillRoute[] = [];
     const capturedHooks: string[] = [];
 
+    // Capture both the owner (first arg) and the provider (second arg) so
+    // we can assert the meet-join skill id flows through to the registry
+    // call. Ownership lives on the registry, not on the `Tool` object,
+    // so the only place to check it is on this argument.
+    const capturedOwners: Array<{ kind: string; id: string }> = [];
     await loadMeetManifestProxies(supervisor, {
       manifestPath,
-      registerTools: (p) => capturedProviders.push(p),
+      registerTools: (owner, p) => {
+        capturedOwners.push(owner);
+        capturedProviders.push(p);
+      },
       registerRoute: (r) => capturedRoutes.push(r),
       registerShutdown: (name) => capturedHooks.push(name),
     });
 
     expect(capturedProviders).toHaveLength(1);
+    expect(capturedOwners).toEqual([{ kind: "skill", id: "meet-join" }]);
     const tools = capturedProviders[0]!();
     expect(tools).toHaveLength(1);
     const t = tools[0]!;
@@ -178,14 +187,10 @@ describe("loadMeetManifestProxies", () => {
     expect(t.description).toBe("Fixture demo tool");
     expect(t.category).toBe("meet");
     expect(t.defaultRiskLevel).toBe(RiskLevel.Medium);
-    expect(t.executionMode).toBe("proxy");
-    expect(t.origin).toBe("skill");
-    expect(t.ownerSkillId).toBe("meet-join");
-    expect(t.ownerSkillBundled).toBe(true);
-    expect(t.ownerSkillVersionHash).toBe(FIXTURE_MANIFEST.sourceHash);
-    expect(t.input_schema).toEqual(
-      FIXTURE_MANIFEST.tools[0]!.input_schema,
-    );
+    // Ownership now lives on the assistant-side registry's ownersByName map
+    // (recorded by registerSkillTools at the IPC boundary), not on the Tool
+    // object — the daemon-side projection doesn't carry the kind.
+    expect(t.input_schema).toEqual(FIXTURE_MANIFEST.tools[0]!.input_schema);
   });
 
   test("proxy tool execute dispatches through supervisor.dispatchTool and returns the result", async () => {
@@ -196,7 +201,11 @@ describe("loadMeetManifestProxies", () => {
 
     await loadMeetManifestProxies(stub.supervisor, {
       manifestPath,
-      registerTools: (p) => captured.push(p),
+      // Mock signature mirrors `registerExternalTools(owner, provider)` —
+      // ownership is recorded by the registry-side argument, not by the
+      // `Tool` object. This test doesn't care which owner flows through;
+      // the round-trip dispatch behavior is what's under test.
+      registerTools: (_owner, p) => captured.push(p),
       registerRoute: () => undefined,
       registerShutdown: () => undefined,
     });
@@ -238,7 +247,11 @@ describe("loadMeetManifestProxies", () => {
 
     await loadMeetManifestProxies(stub.supervisor, {
       manifestPath,
-      registerTools: (p) => captured.push(p),
+      // Mock signature mirrors `registerExternalTools(owner, provider)` —
+      // ownership is recorded by the registry-side argument, not by the
+      // `Tool` object. This test doesn't care which owner flows through;
+      // the round-trip dispatch behavior is what's under test.
+      registerTools: (_owner, p) => captured.push(p),
       registerRoute: () => undefined,
       registerShutdown: () => undefined,
     });
@@ -415,7 +428,7 @@ describe("loadMeetManifestProxies", () => {
     await expect(
       loadMeetManifestProxies(stub.supervisor, {
         manifestPath,
-        registerTools: (p) => {
+        registerTools: (_owner, p) => {
           providerInvoked = true;
           p();
         },

package/src/daemon/__tests__/native-web-search-metadata.test.ts

@@ -42,6 +42,7 @@ mock.module("../../memory/conversation-crud.js", () => ({
   getMessageById: () => null,
   updateMessageContent: () => {},
   provenanceFromTrustContext: () => ({}),
+  reserveMessage: mock(async () => ({ id: "msg-reserve" })),
 }));
 
 mock.module("../../memory/llm-request-log-store.js", () => ({