npm - vellum - Versions diffs - 0.2.12 → 0.2.14 - Mend

vellum 0.2.12 → 0.2.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/README.md +32 -0
package/bun.lock +2 -2
package/docs/skills.md +4 -4
package/package.json +2 -2
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +213 -3
package/src/__tests__/app-git-history.test.ts +176 -0
package/src/__tests__/app-git-service.test.ts +169 -0
package/src/__tests__/assistant-events-sse-hardening.test.ts +315 -0
package/src/__tests__/browser-skill-baseline-tool-payload.test.ts +8 -8
package/src/__tests__/browser-skill-endstate.test.ts +6 -6
package/src/__tests__/call-bridge.test.ts +105 -13
package/src/__tests__/call-domain.test.ts +163 -0
package/src/__tests__/call-orchestrator.test.ts +171 -0
package/src/__tests__/call-routes-http.test.ts +246 -6
package/src/__tests__/channel-approval-routes.test.ts +438 -0
package/src/__tests__/channel-approval.test.ts +266 -0
package/src/__tests__/channel-approvals.test.ts +393 -0
package/src/__tests__/channel-delivery-store.test.ts +447 -0
package/src/__tests__/checker.test.ts +607 -1048
package/src/__tests__/cli.test.ts +1 -56
package/src/__tests__/config-schema.test.ts +402 -5
package/src/__tests__/conflict-intent-tokenization.test.ts +141 -0
package/src/__tests__/conflict-policy.test.ts +121 -0
package/src/__tests__/conflict-store.test.ts +2 -0
package/src/__tests__/contacts-tools.test.ts +3 -3
package/src/__tests__/contradiction-checker.test.ts +99 -1
package/src/__tests__/credential-security-invariants.test.ts +22 -6
package/src/__tests__/credential-vault-unit.test.ts +780 -0
package/src/__tests__/elevenlabs-client.test.ts +271 -0
package/src/__tests__/ephemeral-permissions.test.ts +73 -23
package/src/__tests__/filesystem-tools.test.ts +579 -0
package/src/__tests__/gateway-only-enforcement.test.ts +114 -4
package/src/__tests__/handlers-add-trust-rule-metadata.test.ts +202 -0
package/src/__tests__/handlers-cu-observation-blob.test.ts +2 -1
package/src/__tests__/handlers-ipc-blob-probe.test.ts +2 -1
package/src/__tests__/handlers-slack-config.test.ts +2 -1
package/src/__tests__/handlers-telegram-config.test.ts +855 -0
package/src/__tests__/handlers-twitter-config.test.ts +141 -1
package/src/__tests__/hooks-runner.test.ts +6 -2
package/src/__tests__/host-file-edit-tool.test.ts +124 -0
package/src/__tests__/host-file-read-tool.test.ts +62 -0
package/src/__tests__/host-file-write-tool.test.ts +59 -0
package/src/__tests__/host-shell-tool.test.ts +251 -0
package/src/__tests__/ingress-reconcile.test.ts +581 -0
package/src/__tests__/ipc-snapshot.test.ts +100 -41
package/src/__tests__/ipc-validate.test.ts +50 -0
package/src/__tests__/key-migration.test.ts +23 -0
package/src/__tests__/memory-regressions.test.ts +99 -0
package/src/__tests__/memory-retrieval.benchmark.test.ts +1 -1
package/src/__tests__/oauth-callback-registry.test.ts +11 -4
package/src/__tests__/playbook-execution.test.ts +502 -0
package/src/__tests__/playbook-tools.test.ts +4 -6
package/src/__tests__/public-ingress-urls.test.ts +34 -0
package/src/__tests__/qdrant-manager.test.ts +267 -0
package/src/__tests__/recurrence-engine-rruleset.test.ts +97 -0
package/src/__tests__/recurrence-engine.test.ts +9 -0
package/src/__tests__/recurrence-types.test.ts +8 -0
package/src/__tests__/registry.test.ts +1 -1
package/src/__tests__/runtime-runs.test.ts +1 -25
package/src/__tests__/schedule-store.test.ts +16 -14
package/src/__tests__/schedule-tools.test.ts +83 -0
package/src/__tests__/scheduler-recurrence.test.ts +111 -10
package/src/__tests__/secret-allowlist.test.ts +18 -17
package/src/__tests__/secret-ingress-handler.test.ts +11 -0
package/src/__tests__/secret-scanner.test.ts +43 -0
package/src/__tests__/session-conflict-gate.test.ts +442 -6
package/src/__tests__/session-init.benchmark.test.ts +3 -0
package/src/__tests__/session-process-bridge.test.ts +242 -0
package/src/__tests__/session-skill-tools.test.ts +1 -1
package/src/__tests__/shell-identity.test.ts +256 -0
package/src/__tests__/skill-projection.benchmark.test.ts +11 -1
package/src/__tests__/subagent-tools.test.ts +637 -54
package/src/__tests__/task-management-tools.test.ts +936 -0
package/src/__tests__/task-runner.test.ts +2 -2
package/src/__tests__/terminal-tools.test.ts +840 -0
package/src/__tests__/tool-executor-shell-integration.test.ts +301 -0
package/src/__tests__/tool-executor.test.ts +85 -151
package/src/__tests__/tool-permission-simulate-handler.test.ts +336 -0
package/src/__tests__/trust-store.test.ts +28 -453
package/src/__tests__/twilio-provider.test.ts +153 -3
package/src/__tests__/twilio-routes-elevenlabs.test.ts +375 -0
package/src/__tests__/twilio-routes-twiml.test.ts +127 -0
package/src/__tests__/twilio-routes.test.ts +17 -262
package/src/__tests__/twitter-auth-handler.test.ts +2 -1
package/src/__tests__/twitter-cli-error-shaping.test.ts +208 -0
package/src/__tests__/twitter-cli-routing.test.ts +252 -0
package/src/__tests__/twitter-oauth-client.test.ts +209 -0
package/src/__tests__/workspace-policy.test.ts +213 -0
package/src/calls/call-bridge.ts +92 -19
package/src/calls/call-domain.ts +157 -5
package/src/calls/call-orchestrator.ts +96 -8
package/src/calls/call-store.ts +6 -0
package/src/calls/elevenlabs-client.ts +97 -0
package/src/calls/elevenlabs-config.ts +31 -0
package/src/calls/twilio-provider.ts +91 -0
package/src/calls/twilio-routes.ts +50 -6
package/src/calls/types.ts +3 -1
package/src/calls/voice-quality.ts +114 -0
package/src/cli/twitter.ts +200 -21
package/src/cli.ts +1 -20
package/src/config/bundled-skills/contacts/tools/contact-merge.ts +52 -4
package/src/config/bundled-skills/contacts/tools/contact-search.ts +55 -4
package/src/config/bundled-skills/contacts/tools/contact-upsert.ts +61 -4
package/src/config/bundled-skills/messaging/SKILL.md +17 -2
package/src/config/bundled-skills/messaging/tools/messaging-reply.ts +4 -1
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +5 -1
package/src/config/bundled-skills/messaging/tools/shared.ts +5 -0
package/src/config/bundled-skills/phone-calls/SKILL.md +207 -19
package/src/config/bundled-skills/playbooks/tools/playbook-create.ts +95 -6
package/src/config/bundled-skills/playbooks/tools/playbook-delete.ts +51 -6
package/src/config/bundled-skills/playbooks/tools/playbook-list.ts +73 -6
package/src/config/bundled-skills/playbooks/tools/playbook-update.ts +110 -6
package/src/config/bundled-skills/public-ingress/SKILL.md +22 -5
package/src/config/bundled-skills/twitter/SKILL.md +103 -17
package/src/config/defaults.ts +26 -2
package/src/config/schema.ts +178 -9
package/src/config/types.ts +3 -0
package/src/config/vellum-skills/telegram-setup/SKILL.md +56 -61
package/src/daemon/assistant-attachments.ts +4 -2
package/src/daemon/handlers/apps.ts +69 -0
package/src/daemon/handlers/config.ts +543 -24
package/src/daemon/handlers/index.ts +1 -0
package/src/daemon/handlers/sessions.ts +22 -6
package/src/daemon/handlers/shared.ts +2 -1
package/src/daemon/handlers/skills.ts +5 -20
package/src/daemon/ipc-contract-inventory.json +28 -0
package/src/daemon/ipc-contract.ts +168 -10
package/src/daemon/ipc-validate.ts +17 -0
package/src/daemon/lifecycle.ts +2 -0
package/src/daemon/server.ts +78 -72
package/src/daemon/session-attachments.ts +1 -1
package/src/daemon/session-conflict-gate.ts +62 -6
package/src/daemon/session-notifiers.ts +1 -1
package/src/daemon/session-process.ts +62 -3
package/src/daemon/session-tool-setup.ts +1 -2
package/src/daemon/tls-certs.ts +189 -0
package/src/daemon/video-thumbnail.ts +5 -3
package/src/hooks/manager.ts +5 -9
package/src/memory/app-git-service.ts +295 -0
package/src/memory/app-store.ts +21 -0
package/src/memory/conflict-intent.ts +47 -4
package/src/memory/conflict-policy.ts +73 -0
package/src/memory/conflict-store.ts +9 -1
package/src/memory/contradiction-checker.ts +28 -0
package/src/memory/conversation-key-store.ts +15 -0
package/src/memory/db.ts +81 -0
package/src/memory/embedding-local.ts +3 -13
package/src/memory/external-conversation-store.ts +234 -0
package/src/memory/job-handlers/conflict.ts +22 -2
package/src/memory/jobs-worker.ts +67 -28
package/src/memory/runs-store.ts +54 -7
package/src/memory/schema.ts +20 -0
package/src/messaging/provider.ts +9 -0
package/src/messaging/providers/telegram-bot/adapter.ts +162 -0
package/src/messaging/providers/telegram-bot/client.ts +104 -0
package/src/messaging/providers/telegram-bot/types.ts +15 -0
package/src/messaging/registry.ts +1 -0
package/src/permissions/checker.ts +48 -44
package/src/permissions/defaults.ts +11 -0
package/src/permissions/prompter.ts +0 -4
package/src/permissions/shell-identity.ts +227 -0
package/src/permissions/trust-store.ts +76 -53
package/src/permissions/types.ts +0 -19
package/src/permissions/workspace-policy.ts +114 -0
package/src/providers/retry.ts +12 -37
package/src/runtime/assistant-event-hub.ts +41 -4
package/src/runtime/channel-approval-parser.ts +60 -0
package/src/runtime/channel-approval-types.ts +71 -0
package/src/runtime/channel-approvals.ts +145 -0
package/src/runtime/gateway-client.ts +16 -0
package/src/runtime/http-server.ts +29 -9
package/src/runtime/routes/call-routes.ts +52 -2
package/src/runtime/routes/channel-routes.ts +296 -16
package/src/runtime/routes/conversation-routes.ts +12 -5
package/src/runtime/routes/events-routes.ts +97 -28
package/src/runtime/routes/run-routes.ts +2 -7
package/src/runtime/run-orchestrator.ts +0 -3
package/src/schedule/recurrence-engine.ts +26 -2
package/src/schedule/recurrence-types.ts +1 -1
package/src/schedule/schedule-store.ts +12 -3
package/src/security/secret-scanner.ts +7 -0
package/src/tasks/ephemeral-permissions.ts +0 -2
package/src/tasks/task-scheduler.ts +2 -1
package/src/tools/calls/call-start.ts +8 -0
package/src/tools/execution-target.ts +21 -0
package/src/tools/execution-timeout.ts +49 -0
package/src/tools/executor.ts +6 -135
package/src/tools/network/web-search.ts +9 -32
package/src/tools/policy-context.ts +29 -0
package/src/tools/schedule/update.ts +8 -1
package/src/tools/terminal/parser.ts +16 -18
package/src/tools/types.ts +4 -11
package/src/twitter/oauth-client.ts +102 -0
package/src/twitter/router.ts +101 -0
package/src/util/debounce.ts +88 -0
package/src/util/network-info.ts +47 -0
package/src/util/platform.ts +29 -4
package/src/util/promise-guard.ts +37 -0
package/src/util/retry.ts +98 -0
package/src/util/truncate.ts +1 -1
package/src/workspace/git-service.ts +129 -112
package/src/tools/contacts/contact-merge.ts +0 -55
package/src/tools/contacts/contact-search.ts +0 -58
package/src/tools/contacts/contact-upsert.ts +0 -64
package/src/tools/playbooks/index.ts +0 -4
package/src/tools/playbooks/playbook-create.ts +0 -96
package/src/tools/playbooks/playbook-delete.ts +0 -52
package/src/tools/playbooks/playbook-list.ts +0 -74
package/src/tools/playbooks/playbook-update.ts +0 -111

package/src/daemon/handlers/config.ts CHANGED Viewed

@@ -2,12 +2,17 @@ import * as net from 'node:net';
 import { getConfig, loadRawConfig, saveRawConfig } from '../../config/loader.js';
 import { initializeProviders } from '../../providers/registry.js';
 import { addRule, removeRule, updateRule, getAllRules, acceptStarterBundle } from '../../permissions/trust-store.js';
+import { classifyRisk, check, generateAllowlistOptions, generateScopeOptions } from '../../permissions/checker.js';
+import { isSideEffectTool } from '../../tools/executor.js';
+import { resolveExecutionTarget } from '../../tools/execution-target.js';
+import { getAllTools, getTool } from '../../tools/registry.js';
 import { listSchedules, updateSchedule, deleteSchedule, describeCronExpression } from '../../schedule/schedule-store.js';
 import { listReminders, cancelReminder } from '../../tools/reminder/reminder-store.js';
 import { getSecureKey, setSecureKey, deleteSecureKey } from '../../security/secure-keys.js';
 import { upsertCredentialMetadata, deleteCredentialMetadata, getCredentialMetadata } from '../../tools/credentials/metadata-store.js';
 import { postToSlackWebhook } from '../../slack/slack-webhook.js';
 import { getApp } from '../../memory/app-store.js';
+import { readHttpToken } from '../../util/platform.js';
 import type {
   ModelSetRequest,
   ImageGenModelSetRequest,
@@ -22,13 +27,52 @@ import type {
   IngressConfigRequest,
   VercelApiConfigRequest,
   TwitterIntegrationConfigRequest,
+  TelegramConfigRequest,
+  ToolPermissionSimulateRequest,
 } from '../ipc-protocol.js';
 import { log, CONFIG_RELOAD_DEBOUNCE_MS, defineHandlers, type HandlerContext } from './shared.js';
 import { MODEL_TO_PROVIDER } from '../session-slash.js';
-// Snapshot the env-provided value at module load time so we can restore it
-// when the user clears a Settings-set override.
-const ORIGINAL_INGRESS_ENV = process.env.INGRESS_PUBLIC_BASE_URL;
+// Lazily capture the env-provided INGRESS_PUBLIC_BASE_URL on first access
+// rather than at module load time. The daemon loads ~/.vellum/.env inside
+// runDaemon() (see lifecycle.ts), which runs AFTER static ES module imports
+// resolve. A module-level snapshot would miss dotenv-provided values.
+let _originalIngressEnvCaptured = false;
+let _originalIngressEnv: string | undefined;
+function getOriginalIngressEnv(): string | undefined {
+  if (!_originalIngressEnvCaptured) {
+    _originalIngressEnv = process.env.INGRESS_PUBLIC_BASE_URL;
+    _originalIngressEnvCaptured = true;
+  }
+  return _originalIngressEnv;
+}
+const TELEGRAM_BOT_TOKEN_IN_URL_PATTERN = /\/bot\d{8,10}:[A-Za-z0-9_-]{30,120}\//g;
+const TELEGRAM_BOT_TOKEN_PATTERN = /(?<![A-Za-z0-9_-])\d{8,10}:[A-Za-z0-9_-]{30,120}(?![A-Za-z0-9_-])/g;
+function redactTelegramBotTokens(value: string): string {
+  return value
+    .replace(TELEGRAM_BOT_TOKEN_IN_URL_PATTERN, '/bot[REDACTED]/')
+    .replace(TELEGRAM_BOT_TOKEN_PATTERN, '[REDACTED]');
+}
+function summarizeTelegramError(err: unknown): string {
+  const parts: string[] = [];
+  if (err instanceof Error) {
+    parts.push(err.message);
+  } else {
+    parts.push(String(err));
+  }
+  const path = (err as { path?: unknown })?.path;
+  if (typeof path === 'string' && path.length > 0) {
+    parts.push(`path=${path}`);
+  }
+  const code = (err as { code?: unknown })?.code;
+  if (typeof code === 'string' && code.length > 0) {
+    parts.push(`code=${code}`);
+  }
+  return redactTelegramBotTokens(parts.join(' '));
+}
 export function handleModelGet(socket: net.Socket, ctx: HandlerContext): void {
   const config = getConfig();
@@ -101,10 +145,7 @@ export function handleModelSet(
       ctx.setSuppressConfigReload(wasSuppressed);
       throw err;
     }
-    const existingSuppressTimer = ctx.debounceTimers.get('__suppress_reset__');
-    if (existingSuppressTimer) clearTimeout(existingSuppressTimer);
-    const resetTimer = setTimeout(() => { ctx.setSuppressConfigReload(false); }, CONFIG_RELOAD_DEBOUNCE_MS);
-    ctx.debounceTimers.set('__suppress_reset__', resetTimer);
+    ctx.debounceTimers.schedule('__suppress_reset__', () => { ctx.setSuppressConfigReload(false); }, CONFIG_RELOAD_DEBOUNCE_MS);
     // Re-initialize provider with the new model so LLM calls use it
     const config = getConfig();
@@ -151,10 +192,7 @@ export function handleImageGenModelSet(
       ctx.setSuppressConfigReload(wasSuppressed);
       throw err;
     }
-    const existingSuppressTimer = ctx.debounceTimers.get('__suppress_reset__');
-    if (existingSuppressTimer) clearTimeout(existingSuppressTimer);
-    const resetTimer = setTimeout(() => { ctx.setSuppressConfigReload(false); }, CONFIG_RELOAD_DEBOUNCE_MS);
-    ctx.debounceTimers.set('__suppress_reset__', resetTimer);
+    ctx.debounceTimers.schedule('__suppress_reset__', () => { ctx.setSuppressConfigReload(false); }, CONFIG_RELOAD_DEBOUNCE_MS);
     ctx.updateConfigFingerprint();
     log.info({ model: msg.model }, 'Image generation model updated');
@@ -170,7 +208,22 @@ export function handleAddTrustRule(
   _ctx: HandlerContext,
 ): void {
   try {
-    addRule(msg.toolName, msg.pattern, msg.scope, msg.decision);
+    const hasMetadata = msg.allowHighRisk != null
+      || msg.executionTarget != null;
+    addRule(
+      msg.toolName,
+      msg.pattern,
+      msg.scope,
+      msg.decision,
+      undefined, // priority — use default
+      hasMetadata
+        ? {
+            allowHighRisk: msg.allowHighRisk,
+            executionTarget: msg.executionTarget,
+          }
+        : undefined,
+    );
     log.info({ toolName: msg.toolName, pattern: msg.pattern, scope: msg.scope, decision: msg.decision }, 'Trust rule added via client');
   } catch (err) {
     log.error({ err, toolName: msg.toolName, pattern: msg.pattern, scope: msg.scope }, 'Failed to add trust rule via client');
@@ -403,27 +456,70 @@ export function handleSlackWebhookConfig(
   }
 }
-function computeLocalGatewayTarget(): string {
+function computeGatewayTarget(): string {
+  if (process.env.GATEWAY_INTERNAL_BASE_URL) {
+    return process.env.GATEWAY_INTERNAL_BASE_URL.replace(/\/+$/, '');
+  }
   const portRaw = process.env.GATEWAY_PORT || '7830';
   const port = Number(portRaw) || 7830;
   return `http://127.0.0.1:${port}`;
 }
+/**
+ * Best-effort call to the gateway's internal reconcile endpoint so that
+ * Telegram webhook registration is updated immediately when the ingress
+ * URL changes, without requiring a gateway restart.
+ */
+function triggerGatewayReconcile(ingressPublicBaseUrl: string | undefined): void {
+  const gatewayBase = computeGatewayTarget();
+  const token = readHttpToken();
+  if (!token) {
+    log.debug('Skipping gateway reconcile trigger: no HTTP bearer token available');
+    return;
+  }
+  const url = `${gatewayBase}/internal/telegram/reconcile`;
+  const body = JSON.stringify({ ingressPublicBaseUrl: ingressPublicBaseUrl ?? '' });
+  fetch(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Authorization': `Bearer ${token}`,
+    },
+    body,
+    signal: AbortSignal.timeout(5_000),
+  }).then((res) => {
+    if (res.ok) {
+      log.info('Gateway Telegram webhook reconcile triggered successfully');
+    } else {
+      log.warn({ status: res.status }, 'Gateway Telegram webhook reconcile returned non-OK status');
+    }
+  }).catch((err) => {
+    log.debug({ err }, 'Gateway Telegram webhook reconcile failed (gateway may not be running)');
+  });
+}
 export function handleIngressConfig(
   msg: IngressConfigRequest,
   socket: net.Socket,
   ctx: HandlerContext,
 ): void {
-  const localGatewayTarget = computeLocalGatewayTarget();
+  const localGatewayTarget = computeGatewayTarget();
   try {
     if (msg.action === 'get') {
       const raw = loadRawConfig();
       const ingress = (raw?.ingress ?? {}) as Record<string, unknown>;
       const publicBaseUrl = (ingress.publicBaseUrl as string) ?? '';
-      const enabled = (ingress.enabled as boolean) ?? false;
+      // Backward compatibility: if `enabled` was never explicitly set,
+      // infer from whether a publicBaseUrl is configured so existing users
+      // who predate the toggle aren't silently disabled.
+      const enabled = (ingress.enabled as boolean | undefined) ?? (publicBaseUrl ? true : false);
       ctx.send(socket, { type: 'ingress_config_response', enabled, publicBaseUrl, localGatewayTarget, success: true });
     } else if (msg.action === 'set') {
       const value = (msg.publicBaseUrl ?? '').trim().replace(/\/+$/, '');
+      // Ensure we capture the original env value before any mutation below
+      getOriginalIngressEnv();
       const raw = loadRawConfig();
       // Update ingress.publicBaseUrl — this is the single source of truth for
@@ -445,10 +541,7 @@ export function handleIngressConfig(
         ctx.setSuppressConfigReload(wasSuppressed);
         throw err;
       }
-      const existingSuppressTimer = ctx.debounceTimers.get('__suppress_reset__');
-      if (existingSuppressTimer) clearTimeout(existingSuppressTimer);
-      const resetTimer = setTimeout(() => { ctx.setSuppressConfigReload(false); }, CONFIG_RELOAD_DEBOUNCE_MS);
-      ctx.debounceTimers.set('__suppress_reset__', resetTimer);
+      ctx.debounceTimers.schedule('__suppress_reset__', () => { ctx.setSuppressConfigReload(false); }, CONFIG_RELOAD_DEBOUNCE_MS);
       // Propagate to the gateway's process environment so it picks up the
       // new URL when it is restarted. For the local-deployment path the
@@ -456,16 +549,32 @@ export function handleIngressConfig(
       // so updating process.env here ensures the value is visible when the
       // gateway is restarted (e.g. by the self-upgrade skill or a manual
       // `pkill -f gateway`).
-      if (value) {
+      // Only export the URL when ingress is enabled; clearing it when
+      // disabled ensures the gateway stops accepting inbound webhooks.
+      const isEnabled = (ingress.enabled as boolean | undefined) ?? (value ? true : false);
+      if (value && isEnabled) {
         process.env.INGRESS_PUBLIC_BASE_URL = value;
-      } else if (ORIGINAL_INGRESS_ENV !== undefined) {
-        process.env.INGRESS_PUBLIC_BASE_URL = ORIGINAL_INGRESS_ENV;
+      } else if (isEnabled && getOriginalIngressEnv() !== undefined) {
+        // Ingress is enabled but the user cleared the URL — fall back to the
+        // env var that was present when the process started.
+        process.env.INGRESS_PUBLIC_BASE_URL = getOriginalIngressEnv()!;
       } else {
+        // Ingress is disabled or no URL is configured and no startup env var
+        // exists — remove the env var so the gateway stops accepting webhooks.
         delete process.env.INGRESS_PUBLIC_BASE_URL;
       }
-      const enabled = (ingress.enabled as boolean) ?? false;
-      ctx.send(socket, { type: 'ingress_config_response', enabled, publicBaseUrl: value, localGatewayTarget, success: true });
+      ctx.send(socket, { type: 'ingress_config_response', enabled: isEnabled, publicBaseUrl: value, localGatewayTarget, success: true });
+      // Trigger immediate Telegram webhook reconcile on the gateway so
+      // that changing the ingress URL takes effect without a restart.
+      // Called unconditionally so the gateway clears its in-memory URL
+      // when ingress is disabled, preventing stale re-registration on
+      // credential rotation.
+      // Use the effective URL from process.env (which accounts for the
+      // fallback branch above) rather than the raw `value` from the UI.
+      const effectiveUrl = isEnabled ? process.env.INGRESS_PUBLIC_BASE_URL : undefined;
+      triggerGatewayReconcile(effectiveUrl);
     } else {
       ctx.send(socket, { type: 'ingress_config_response', enabled: false, publicBaseUrl: '', localGatewayTarget, success: false, error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}` });
     }
@@ -546,6 +655,8 @@ export function handleTwitterIntegrationConfig(
     if (msg.action === 'get') {
       const raw = loadRawConfig();
       const mode = (raw.twitterIntegrationMode as 'local_byo' | 'managed' | undefined) ?? 'local_byo';
+      const strategy = (raw.twitterOperationStrategy as 'oauth' | 'browser' | 'auto' | undefined) ?? 'auto';
+      const strategyConfigured = Object.prototype.hasOwnProperty.call(raw, 'twitterOperationStrategy');
       const localClientConfigured = !!getSecureKey('credential:integration:twitter:oauth_client_id');
       const connected = !!getSecureKey('credential:integration:twitter:access_token');
       const meta = getCredentialMetadata('integration:twitter', 'access_token');
@@ -557,6 +668,47 @@ export function handleTwitterIntegrationConfig(
         localClientConfigured,
         connected,
         accountInfo: meta?.accountInfo ?? undefined,
+        strategy,
+        strategyConfigured,
+      });
+    } else if (msg.action === 'get_strategy') {
+      const raw = loadRawConfig();
+      const strategy = (raw.twitterOperationStrategy as 'oauth' | 'browser' | 'auto' | undefined) ?? 'auto';
+      const strategyConfigured = Object.prototype.hasOwnProperty.call(raw, 'twitterOperationStrategy');
+      ctx.send(socket, {
+        type: 'twitter_integration_config_response',
+        success: true,
+        managedAvailable: false,
+        localClientConfigured: !!getSecureKey('credential:integration:twitter:oauth_client_id'),
+        connected: !!getSecureKey('credential:integration:twitter:access_token'),
+        strategy,
+        strategyConfigured,
+      });
+    } else if (msg.action === 'set_strategy') {
+      const valid = ['oauth', 'browser', 'auto'];
+      const value = msg.strategy;
+      if (!value || !valid.includes(value)) {
+        ctx.send(socket, {
+          type: 'twitter_integration_config_response',
+          success: false,
+          managedAvailable: false,
+          localClientConfigured: false,
+          connected: false,
+          error: `Invalid strategy value: ${String(value)}. Must be one of: ${valid.join(', ')}`,
+        });
+        return;
+      }
+      const raw = loadRawConfig();
+      raw.twitterOperationStrategy = value;
+      saveRawConfig(raw);
+      ctx.send(socket, {
+        type: 'twitter_integration_config_response',
+        success: true,
+        managedAvailable: false,
+        localClientConfigured: !!getSecureKey('credential:integration:twitter:oauth_client_id'),
+        connected: !!getSecureKey('credential:integration:twitter:access_token'),
+        strategy: value as 'oauth' | 'browser' | 'auto',
+        strategyConfigured: true,
       });
     } else if (msg.action === 'set_mode') {
       const raw = loadRawConfig();
@@ -676,6 +828,267 @@ export function handleTwitterIntegrationConfig(
   }
 }
+export async function handleTelegramConfig(
+  msg: TelegramConfigRequest,
+  socket: net.Socket,
+  ctx: HandlerContext,
+): Promise<void> {
+  try {
+    if (msg.action === 'get') {
+      const hasBotToken = !!getSecureKey('credential:telegram:bot_token');
+      const hasWebhookSecret = !!getSecureKey('credential:telegram:webhook_secret');
+      const meta = getCredentialMetadata('telegram', 'bot_token');
+      const botUsername = meta?.accountInfo ?? undefined;
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: true,
+        hasBotToken,
+        botUsername,
+        connected: hasBotToken && hasWebhookSecret,
+        hasWebhookSecret,
+      });
+    } else if (msg.action === 'set') {
+      // Resolve token: prefer explicit msg.botToken, fall back to secure storage.
+      // Track provenance so we only rollback tokens that were freshly provided.
+      const isNewToken = !!msg.botToken;
+      const botToken = msg.botToken || getSecureKey('credential:telegram:bot_token');
+      if (!botToken) {
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: false,
+          connected: false,
+          hasWebhookSecret: false,
+          error: 'botToken is required for set action',
+        });
+        return;
+      }
+      // Validate token via Telegram getMe API
+      let botUsername: string;
+      try {
+        const res = await fetch(`https://api.telegram.org/bot${botToken}/getMe`);
+        if (!res.ok) {
+          const body = await res.text();
+          ctx.send(socket, {
+            type: 'telegram_config_response',
+            success: false,
+            hasBotToken: false,
+            connected: false,
+            hasWebhookSecret: false,
+            error: `Telegram API validation failed: ${body}`,
+          });
+          return;
+        }
+        const data = await res.json() as { ok: boolean; result?: { username?: string } };
+        if (!data.ok || !data.result?.username) {
+          ctx.send(socket, {
+            type: 'telegram_config_response',
+            success: false,
+            hasBotToken: false,
+            connected: false,
+            hasWebhookSecret: false,
+            error: 'Telegram API returned unexpected response',
+          });
+          return;
+        }
+        botUsername = data.result.username;
+      } catch (err) {
+        const message = summarizeTelegramError(err);
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: false,
+          connected: false,
+          hasWebhookSecret: false,
+          error: `Failed to validate bot token: ${message}`,
+        });
+        return;
+      }
+      // Store bot token securely
+      const stored = setSecureKey('credential:telegram:bot_token', botToken);
+      if (!stored) {
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: false,
+          connected: false,
+          hasWebhookSecret: false,
+          error: 'Failed to store bot token in secure storage',
+        });
+        return;
+      }
+      // Store metadata with bot username
+      upsertCredentialMetadata('telegram', 'bot_token', {
+        accountInfo: botUsername,
+      });
+      // Ensure webhook secret exists (generate if missing)
+      let hasWebhookSecret = !!getSecureKey('credential:telegram:webhook_secret');
+      if (!hasWebhookSecret) {
+        const { randomUUID } = await import('node:crypto');
+        const webhookSecret = randomUUID();
+        const secretStored = setSecureKey('credential:telegram:webhook_secret', webhookSecret);
+        if (secretStored) {
+          upsertCredentialMetadata('telegram', 'webhook_secret', {});
+          hasWebhookSecret = true;
+        } else {
+          // Only roll back the bot token if it was freshly provided.
+          // When the token came from secure storage it was already valid
+          // configuration; deleting it would destroy working state.
+          if (isNewToken) {
+            deleteSecureKey('credential:telegram:bot_token');
+            deleteCredentialMetadata('telegram', 'bot_token');
+          }
+          ctx.send(socket, {
+            type: 'telegram_config_response',
+            success: false,
+            hasBotToken: !isNewToken,
+            connected: false,
+            hasWebhookSecret: false,
+            error: 'Failed to store webhook secret',
+          });
+          return;
+        }
+      } else {
+        // Self-heal: ensure metadata exists even when the secret was
+        // already present (covers previously lost/corrupted metadata).
+        upsertCredentialMetadata('telegram', 'webhook_secret', {});
+      }
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: true,
+        hasBotToken: true,
+        botUsername,
+        connected: true,
+        hasWebhookSecret,
+      });
+      // Trigger gateway reconcile so the webhook registration updates immediately
+      const effectiveUrl = process.env.INGRESS_PUBLIC_BASE_URL;
+      if (effectiveUrl) {
+        triggerGatewayReconcile(effectiveUrl);
+      }
+    } else if (msg.action === 'clear') {
+      // Deregister the Telegram webhook before deleting credentials.
+      // The gateway reconcile short-circuits when credentials are absent,
+      // so we must call the Telegram API directly while the token is still
+      // available.
+      const botToken = getSecureKey('credential:telegram:bot_token');
+      if (botToken) {
+        try {
+          await fetch(`https://api.telegram.org/bot${botToken}/deleteWebhook`);
+        } catch (err) {
+          log.warn(
+            { error: summarizeTelegramError(err) },
+            'Failed to deregister Telegram webhook (proceeding with credential cleanup)',
+          );
+        }
+      }
+      deleteSecureKey('credential:telegram:bot_token');
+      deleteCredentialMetadata('telegram', 'bot_token');
+      deleteSecureKey('credential:telegram:webhook_secret');
+      deleteCredentialMetadata('telegram', 'webhook_secret');
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: true,
+        hasBotToken: false,
+        connected: false,
+        hasWebhookSecret: false,
+      });
+      // Trigger reconcile to deregister webhook
+      const effectiveUrl = process.env.INGRESS_PUBLIC_BASE_URL;
+      if (effectiveUrl) {
+        triggerGatewayReconcile(effectiveUrl);
+      }
+    } else if (msg.action === 'set_commands') {
+      const storedToken = getSecureKey('credential:telegram:bot_token');
+      if (!storedToken) {
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: false,
+          connected: false,
+          hasWebhookSecret: false,
+          error: 'Bot token not configured. Run set action first.',
+        });
+        return;
+      }
+      const commands = msg.commands ?? [
+        { command: 'new', description: 'Start a new conversation' },
+      ];
+      try {
+        const res = await fetch(`https://api.telegram.org/bot${storedToken}/setMyCommands`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ commands }),
+        });
+        if (!res.ok) {
+          const body = await res.text();
+          ctx.send(socket, {
+            type: 'telegram_config_response',
+            success: false,
+            hasBotToken: true,
+            connected: !!getSecureKey('credential:telegram:webhook_secret'),
+            hasWebhookSecret: !!getSecureKey('credential:telegram:webhook_secret'),
+            error: `Failed to set bot commands: ${body}`,
+          });
+          return;
+        }
+      } catch (err) {
+        const message = summarizeTelegramError(err);
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: true,
+          connected: !!getSecureKey('credential:telegram:webhook_secret'),
+          hasWebhookSecret: !!getSecureKey('credential:telegram:webhook_secret'),
+          error: `Failed to set bot commands: ${message}`,
+        });
+        return;
+      }
+      const hasBotToken = !!getSecureKey('credential:telegram:bot_token');
+      const hasWebhookSecret = !!getSecureKey('credential:telegram:webhook_secret');
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: true,
+        hasBotToken,
+        connected: hasBotToken && hasWebhookSecret,
+        hasWebhookSecret,
+      });
+    } else {
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: false,
+        hasBotToken: false,
+        connected: false,
+        hasWebhookSecret: false,
+        error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}`,
+      });
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    log.error({ err }, 'Failed to handle Telegram config');
+    ctx.send(socket, {
+      type: 'telegram_config_response',
+      success: false,
+      hasBotToken: false,
+      connected: false,
+      hasWebhookSecret: false,
+      error: message,
+    });
+  }
+}
 export function handleEnvVarsRequest(socket: net.Socket, ctx: HandlerContext): void {
   const vars: Record<string, string> = {};
   for (const [key, value] of Object.entries(process.env)) {
@@ -684,6 +1097,109 @@ export function handleEnvVarsRequest(socket: net.Socket, ctx: HandlerContext): v
   ctx.send(socket, { type: 'env_vars_response', vars });
 }
+export async function handleToolPermissionSimulate(
+  msg: ToolPermissionSimulateRequest,
+  socket: net.Socket,
+  ctx: HandlerContext,
+): Promise<void> {
+  try {
+    if (!msg.toolName || typeof msg.toolName !== 'string') {
+      ctx.send(socket, {
+        type: 'tool_permission_simulate_response',
+        success: false,
+        error: 'toolName is required',
+      });
+      return;
+    }
+    if (!msg.input || typeof msg.input !== 'object') {
+      ctx.send(socket, {
+        type: 'tool_permission_simulate_response',
+        success: false,
+        error: 'input is required and must be an object',
+      });
+      return;
+    }
+    const workingDir = msg.workingDir ?? process.cwd();
+    // Only infer execution target when the tool is actually registered;
+    // for unresolved tools, leave it undefined so trust rules are unscoped.
+    const isRegistered = getTool(msg.toolName) !== undefined;
+    const executionTarget = isRegistered ? resolveExecutionTarget(msg.toolName) : undefined;
+    const policyContext = executionTarget ? { executionTarget } : undefined;
+    const riskLevel = await classifyRisk(msg.toolName, msg.input, workingDir);
+    const result = await check(msg.toolName, msg.input, workingDir, policyContext);
+    // Private-thread override: promote allow → prompt for side-effect tools
+    if (
+      msg.forcePromptSideEffects
+      && result.decision === 'allow'
+      && isSideEffectTool(msg.toolName, msg.input)
+    ) {
+      result.decision = 'prompt';
+      result.reason = 'Private thread: side-effect tools require explicit approval';
+    }
+    // Non-interactive override: convert prompt → deny
+    if (msg.isInteractive === false && result.decision === 'prompt') {
+      result.decision = 'deny';
+      result.reason = 'Non-interactive session: no client to approve prompt';
+    }
+    // When decision is prompt, generate the full payload the UI needs
+    let promptPayload: {
+      allowlistOptions: Array<{ label: string; description: string; pattern: string }>;
+      scopeOptions: Array<{ label: string; scope: string }>;
+      persistentDecisionsAllowed: boolean;
+    } | undefined;
+    if (result.decision === 'prompt') {
+      const allowlistOptions = await generateAllowlistOptions(msg.toolName, msg.input);
+      const scopeOptions = generateScopeOptions(workingDir, msg.toolName);
+      const persistentDecisionsAllowed = !(
+        msg.toolName === 'bash'
+        && msg.input.network_mode === 'proxied'
+      );
+      promptPayload = { allowlistOptions, scopeOptions, persistentDecisionsAllowed };
+    }
+    ctx.send(socket, {
+      type: 'tool_permission_simulate_response',
+      success: true,
+      decision: result.decision,
+      riskLevel,
+      reason: result.reason,
+      executionTarget,
+      matchedRuleId: result.matchedRule?.id,
+      promptPayload,
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    log.error({ err }, 'Failed to simulate tool permission');
+    ctx.send(socket, {
+      type: 'tool_permission_simulate_response',
+      success: false,
+      error: message,
+    });
+  }
+}
+export function handleToolNamesList(socket: net.Socket, ctx: HandlerContext): void {
+  const tools = getAllTools();
+  const names = tools.map((t) => t.name).sort((a, b) => a.localeCompare(b));
+  const schemas: Record<string, import('../ipc-contract.js').ToolInputSchema> = {};
+  for (const tool of tools) {
+    try {
+      const def = tool.getDefinition();
+      schemas[tool.name] = def.input_schema as import('../ipc-contract.js').ToolInputSchema;
+    } catch {
+      // Skip tools whose definitions can't be resolved
+    }
+  }
+  ctx.send(socket, { type: 'tool_names_list_response', names, schemas });
+}
 export const configHandlers = defineHandlers({
   model_get: (_msg, socket, ctx) => handleModelGet(socket, ctx),
   model_set: handleModelSet,
@@ -703,5 +1219,8 @@ export const configHandlers = defineHandlers({
   ingress_config: handleIngressConfig,
   vercel_api_config: handleVercelApiConfig,
   twitter_integration_config: handleTwitterIntegrationConfig,
+  telegram_config: handleTelegramConfig,
   env_vars_request: (_msg, socket, ctx) => handleEnvVarsRequest(socket, ctx),
+  tool_permission_simulate: handleToolPermissionSimulate,
+  tool_names_list: (_msg, socket, ctx) => handleToolNamesList(socket, ctx),
 });