@vellumai/assistant 0.9.0 → 0.10.0-staging.2

package/src/runtime/routes/credential-routes.ts

@@ -141,7 +141,9 @@ interface CredentialLookup {
  * Resolve a credential lookup from service+field or UUID.
  * Throws BadRequestError when neither is provided or the UUID is not found.
  */
-function resolveCredentialLookup(body: Record<string, unknown>): CredentialLookup {
+function resolveCredentialLookup(
+  body: Record<string, unknown>,
+): CredentialLookup {
   const { service, field, id } = body as {
     service?: string;
     field?: string;
@@ -243,8 +245,9 @@ async function handleCredentialsInspect({ body }: RouteHandlerArgs) {
   }
 
   const lookup = resolveCredentialLookup(body);
-  const { value: secret, unreachable } =
-    await getSecureKeyResultAsync(lookup.storageKey);
+  const { value: secret, unreachable } = await getSecureKeyResultAsync(
+    lookup.storageKey,
+  );
 
   if (!lookup.metadata && (secret == null || secret.length === 0)) {
     if (unreachable) {
@@ -290,8 +293,9 @@ async function handleCredentialsReveal({ body }: RouteHandlerArgs) {
   }
 
   const lookup = resolveCredentialLookup(body);
-  const { value: secret, unreachable } =
-    await getSecureKeyResultAsync(lookup.storageKey);
+  const { value: secret, unreachable } = await getSecureKeyResultAsync(
+    lookup.storageKey,
+  );
 
   if (secret == null || secret.length === 0) {
     if (unreachable) {
@@ -372,11 +376,19 @@ async function handleCredentialsDelete({ body }: RouteHandlerArgs) {
 
   assertMetadataWritable();
 
+  // The Slack user_token only grants read access to channels the bot isn't a
+  // member of; Socket Mode itself runs on the bot + app tokens. Deleting just
+  // the user_token must leave the oauth_connection intact — disconnecting the
+  // provider would flap the integration's connected state until the next sync.
+  // Every other step (secret + metadata removal, not-found handling) is the
+  // same as a normal credential delete.
+  const preserveOAuthConnection =
+    service === "slack_channel" && field === "user_token";
+
   const key = credentialKey(service, field);
   const existing = await getSecureKeyAsync(key);
-  const deleteResult = existing != null
-    ? await deleteSecureKeyAsync(key)
-    : "not-found";
+  const deleteResult =
+    existing != null ? await deleteSecureKeyAsync(key) : "not-found";
 
   if (deleteResult === "error") {
     throw new InternalError(
@@ -388,10 +400,12 @@ async function handleCredentialsDelete({ body }: RouteHandlerArgs) {
 
   // Clean up OAuth connection (best-effort).
   let oauthResult: "disconnected" | "not-found" | "error" = "not-found";
-  try {
-    oauthResult = await disconnectOAuthProvider(service);
-  } catch {
-    // Best-effort — OAuth tables may not exist yet
+  if (!preserveOAuthConnection) {
+    try {
+      oauthResult = await disconnectOAuthProvider(service);
+    } catch {
+      // Best-effort — OAuth tables may not exist yet
+    }
   }
 
   if (oauthResult === "error") {
@@ -437,8 +451,12 @@ export const ROUTES: RouteDefinition[] = [
       search: z.string().optional().describe("Filter by substring match"),
     }),
     responseBody: z.object({
-      credentials: z.array(z.unknown()).describe("Local credentials with metadata"),
-      managedCredentials: z.array(z.unknown()).describe("Platform-managed credentials"),
+      credentials: z
+        .array(z.unknown())
+        .describe("Local credentials with metadata"),
+      managedCredentials: z
+        .array(z.unknown())
+        .describe("Platform-managed credentials"),
     }),
     handler: handleCredentialsList,
   },
@@ -507,8 +525,14 @@ export const ROUTES: RouteDefinition[] = [
       field: z.string().describe("Field name (e.g. client_secret)"),
       value: z.string().describe("Secret value to store"),
       label: z.string().optional().describe("Human-friendly label"),
-      description: z.string().optional().describe("What this credential is used for"),
-      allowedTools: z.array(z.string()).optional().describe("Tool names that may use this credential"),
+      description: z
+        .string()
+        .optional()
+        .describe("What this credential is used for"),
+      allowedTools: z
+        .array(z.string())
+        .optional()
+        .describe("Tool names that may use this credential"),
     }),
     responseBody: z.object({
       credentialId: z.string(),

package/src/runtime/routes/empty-state-greeting-cache.ts

@@ -8,8 +8,7 @@
  * the greeting regenerates on every request. This is the knob a workspace
  * sets to always receive a fresh greeting.
  *
- * Storage uses the existing `memory_checkpoints` table (simple key-value
- * store), mirroring {@link ./identity-intro-cache.ts}.
+ * Storage uses the existing `memory_checkpoints` table.
  */
 
 import { getConfig } from "../../config/loader.js";

package/src/runtime/routes/events-routes.ts

@@ -42,6 +42,7 @@ import {
 import type { ReplaySubscriber } from "../assistant-stream-state.js";
 import { getReplayWindow } from "../assistant-stream-state.js";
 import { ACTOR_PRINCIPALS, GATEWAY_PRINCIPALS } from "../auth/route-policy.js";
+import { DEFAULT_HEARTBEAT_INTERVAL_MS } from "../client-health.js";
 import { resolveActorPrincipalIdForLocalGuardian } from "../local-actor-identity.js";
 import {
   BadRequestError,
@@ -52,9 +53,6 @@ import type { RouteDefinition, RouteHandlerArgs } from "./types.js";
 
 const log = getLogger("events-routes");
 
-/** Keep-alive comment sent to idle clients every 7 s by default. */
-const DEFAULT_HEARTBEAT_INTERVAL_MS = 7_000;
-
 /**
  * Resolution of the event-loop delay histogram, per
  * https://nodejs.org/api/perf_hooks.html#perf_hooksmonitoreventloopdelayoptions.

package/src/runtime/routes/guardian-approval-interception.ts

@@ -10,7 +10,6 @@ import { applyGuardianDecision } from "../../approvals/guardian-decision-primiti
 import type { ChannelId } from "../../channels/types.js";
 import type { TrustContext } from "../../daemon/trust-context.js";
 import {
-  getAllPendingApprovalsByGuardianChat,
   getPendingApprovalForRequest,
   getUnresolvedApprovalForRequest,
   updateApprovalDecision,
@@ -18,6 +17,7 @@ import {
 import { getLogger } from "../../util/logger.js";
 import { runApprovalConversationTurn } from "../approval-conversation-turn.js";
 import { composeApprovalMessageGenerative } from "../approval-message-composer.js";
+import { resolveCapabilities } from "../capabilities.js";
 import type { ApprovalDecisionResult } from "../channel-approval-types.js";
 import {
   getApprovalInfoByConversation,
@@ -31,13 +31,11 @@ import type {
   ApprovalCopyGenerator,
 } from "../http-types.js";
 import { parseApprovalIntent } from "../nl-approval-parser.js";
-import { isTrackedApprovalPromptTs } from "./approval-prompt-ts-tracker.js";
 import { handleGuardianCallbackDecision } from "./approval-strategies/guardian-callback-strategy.js";
 import { handleGuardianTextEngineDecision } from "./approval-strategies/guardian-text-engine-strategy.js";
 import {
   buildGuardianDenyContext,
   parseCallbackData,
-  parseReactionCallbackData,
 } from "./channel-route-shared.js";
 import { deliverStaleApprovalReply } from "./guardian-approval-reply-helpers.js";
 
@@ -106,7 +104,10 @@ export async function handleApprovalInterception(
   // When the sender is the guardian and there's a pending guardian approval
   // request targeting this chat, the message might be a decision on behalf
   // of a non-guardian requester. Delegated to the guardian callback strategy.
-  if (trustCtx.trustClass === "guardian" && actorExternalId) {
+  if (
+    resolveCapabilities(trustCtx.trustClass).canSelfApproveTools &&
+    actorExternalId
+  ) {
     const guardianResult = await handleGuardianCallbackDecision({
       content,
       callbackData,
@@ -124,71 +125,10 @@ export async function handleApprovalInterception(
     }
   }
 
-  // ── Slack reaction path ──
-  // Reactions produce `callbackData` of the form `reaction:<emoji_name>`.
-  // Handled before the pendingPrompt guard because guardian reactions arrive
-  // on the guardian's chat (guardianChatId), not the requester's conversation,
-  // so getChannelApprovalPrompt(conversationId) would return null.
-  // Only guardians can approve via reaction — non-guardian reactions are
-  // silently ignored to prevent self-approval.
-  //
-  // `reaction_removed:` callbackData never expresses an approval intent, and
-  // `isSlackReactionEvent` short-circuits before reaching here for removals,
-  // but guard explicitly so a future refactor can't turn an un-react into an
-  // unintended approval.
-  if (
-    callbackData?.startsWith("reaction:") &&
-    !callbackData.startsWith("reaction_removed:")
-  ) {
-    if (trustCtx.trustClass !== "guardian" || !actorExternalId) {
-      return { handled: true, type: "stale_ignored" };
-    }
-    const reactionDecision = parseReactionCallbackData(callbackData);
-    if (!reactionDecision) {
-      // Unknown emoji — ignore silently
-      return { handled: true, type: "stale_ignored" };
-    }
-
-    // Require the reacted-to message to be a tracked approval prompt. Without
-    // this check, any unrelated 👍 reaction from the guardian in a subscribed
-    // channel would approve the outstanding pending request (now that
-    // reactions are admitted from any subscribed channel, not just tracked
-    // bot threads). `approvalMessageTs` is `item.ts` of the reacted-to
-    // Slack message, propagated from `sourceMetadata.messageId`.
-    if (
-      !approvalMessageTs ||
-      !isTrackedApprovalPromptTs(
-        sourceChannel,
-        conversationExternalId,
-        approvalMessageTs,
-      )
-    ) {
-      return { handled: true, type: "stale_ignored" };
-    }
-
-    const allPending = getAllPendingApprovalsByGuardianChat(
-      sourceChannel,
-      conversationExternalId,
-    );
-    const guardianPending = allPending.filter(
-      (approval) => approval.guardianExternalUserId === actorExternalId,
-    );
-    if (guardianPending.length !== 1) {
-      return { handled: true, type: "stale_ignored" };
-    }
-
-    const result = await applyGuardianDecision({
-      approval: guardianPending[0],
-      decision: reactionDecision,
-      actorPrincipalId: undefined,
-      actorExternalUserId: actorExternalId,
-      actorChannel: sourceChannel,
-    });
-    if (result.applied) {
-      return { handled: true, type: "guardian_decision_applied" };
-    }
-    return { handled: true, type: "stale_ignored" };
-  }
+  // Slack emoji reactions are handled by the canonical guardian decision
+  // pipeline (`routeGuardianReply`), invoked from the inbound reaction stage:
+  // it resolves the target request from the reacted card's delivery record.
+  // See `guardian-reply-router.ts`.
 
   // ── Standard approval interception (existing flow) ──
   const pendingPrompt = getChannelApprovalPrompt(conversationId);
@@ -220,10 +160,11 @@ export async function handleApprovalInterception(
 
   // When the sender is a non-guardian with established identity and a guardian
   // binding, block self-approval. The non-guardian must wait for the guardian
-  // to decide. This covers trusted contacts and identity-known non-member
-  // senders in shared channels.
+  // to decide. This covers trusted contacts, unverified contacts, and
+  // identity-known non-member senders in shared channels.
   const isIdentityKnownNonGuardian =
-    trustCtx.trustClass === "trusted_contact" ||
+    resolveCapabilities(trustCtx.trustClass).sensitiveToolApproval ===
+      "escalate-and-wait" ||
     (trustCtx.trustClass === "unknown" &&
       !!trustCtx.requesterExternalUserId &&
       !!trustCtx.guardianExternalUserId);
@@ -465,7 +406,7 @@ export async function handleApprovalInterception(
       // standard conversational engine / legacy parser and resolve their own
       // pending request via handleChannelDecision.
       if (
-        trustCtx.trustClass !== "guardian" &&
+        !resolveCapabilities(trustCtx.trustClass).canSelfApproveTools &&
         trustCtx.guardianExternalUserId
       ) {
         log.info(

package/src/runtime/routes/guardian-approval-prompt.ts

@@ -2,6 +2,7 @@
  * Approval prompt delivery: rich UI (buttons) with plain-text fallback.
  */
 import type { ChannelId } from "../../channels/types.js";
+import { recordApprovalCardDelivery } from "../../notifications/canonical-delivery-recorder.js";
 import { redactSecrets } from "../../security/secret-scanner.js";
 import { getLogger } from "../../util/logger.js";
 import type { ApprovalMessageContext } from "../approval-message-composer.js";
@@ -17,7 +18,6 @@ import {
 } from "../gateway-client.js";
 import { buildActionLegend } from "../guardian-decision-types.js";
 import type { ApprovalCopyGenerator } from "../http-types.js";
-import { trackApprovalPromptTs } from "./approval-prompt-ts-tracker.js";
 import { requiredDecisionKeywords } from "./channel-route-shared.js";
 
 const log = getLogger("runtime-http");
@@ -148,7 +148,13 @@ export async function deliverGeneratedApprovalPrompt(
         assistantId,
       );
       if (deliveryResult.ts) {
-        trackApprovalPromptTs(sourceChannel, chatId, deliveryResult.ts);
+        recordApprovalCardDelivery({
+          requestId: uiMetadata.requestId,
+          channel: sourceChannel,
+          chatId,
+          messageId: deliveryResult.ts,
+          status: "sent",
+        });
       }
       return true;
     } catch (err) {
@@ -175,7 +181,13 @@ export async function deliverGeneratedApprovalPrompt(
         assistantId,
       });
       if (fallbackResult.ts) {
-        trackApprovalPromptTs(sourceChannel, chatId, fallbackResult.ts);
+        recordApprovalCardDelivery({
+          requestId: uiMetadata.requestId,
+          channel: sourceChannel,
+          chatId,
+          messageId: fallbackResult.ts,
+          status: "sent",
+        });
       }
       return true;
     } catch (err) {
@@ -203,7 +215,13 @@ export async function deliverGeneratedApprovalPrompt(
       assistantId,
     });
     if (plainResult.ts) {
-      trackApprovalPromptTs(sourceChannel, chatId, plainResult.ts);
+      recordApprovalCardDelivery({
+        requestId: uiMetadata.requestId,
+        channel: sourceChannel,
+        chatId,
+        messageId: plainResult.ts,
+        status: "sent",
+      });
     }
     return true;
   } catch (err) {

package/src/runtime/routes/home-feed-routes.ts

@@ -28,6 +28,7 @@ import {
   type FeedItemStatus,
   HomeFeedResponseSchema,
 } from "../../api/responses/home.js";
+import { enrichFeedItemsWithSource } from "../../home/feed-source-enrichment.js";
 import { patchFeedItemStatus, readHomeFeed } from "../../home/feed-writer.js";
 import { revalidateHomeContentInBackground } from "../../home/home-content-refresh.js";
 import { getPersonalizedGreeting } from "../../home/home-greeting.js";
@@ -135,8 +136,10 @@ export async function handleGetHomeFeed({
   // v2 schema dropped per-item `minTimeAway` gating; surface every item
   // and let the client decide what to render based on its own
   // session state. `timeAwaySeconds` survives only to feed the
-  // context-banner relative-time label.
-  const filtered = feed.items;
+  // context-banner relative-time label. Each item is enriched with its
+  // source-conversation classification (`sourceType`/`sourceKey`/
+  // `sourceLabel`) so clients can filter the feed by what produced it.
+  const filtered = enrichFeedItemsWithSource(feed.items);
 
   const now = new Date();
 
@@ -287,7 +290,9 @@ export function handleListHomeFeed({
   const total = filtered.length;
   const offset = params.offset ?? 0;
   const limit = params.limit ?? 20;
-  const items = filtered.slice(offset, offset + limit);
+  const items = enrichFeedItemsWithSource(
+    filtered.slice(offset, offset + limit),
+  );
 
   return {
     items,