vellum 0.2.13 → 0.2.14

package/src/daemon/server.ts

@@ -1,8 +1,11 @@
 import * as net from 'node:net';
+import * as tls from 'node:tls';
 import { randomBytes } from 'node:crypto';
-import { existsSync, chmodSync, readFileSync, writeFileSync, unlinkSync, readdirSync, watch, type FSWatcher } from 'node:fs';
+import { existsSync, chmodSync, readFileSync, writeFileSync, readdirSync, watch, type FSWatcher } from 'node:fs';
 import { join } from 'node:path';
-import { getSocketPath, getSessionTokenPath, getRootDir, getWorkspaceDir, getWorkspaceSkillsDir, getSandboxWorkingDir, removeSocketFile, getTCPPort, getTCPHost, isTCPEnabled } from '../util/platform.js';
+import { getSocketPath, getSessionTokenPath, getRootDir, getWorkspaceDir, getWorkspaceSkillsDir, getSandboxWorkingDir, removeSocketFile, getTCPPort, getTCPHost, isTCPEnabled, isIOSPairingEnabled } from '../util/platform.js';
+import { ensureTlsCert } from './tls-certs.js';
+import { getLocalIPv4 } from '../util/network-info.js';
 import { hasNoAuthOverride } from './connection-policy.js';
 import { getLogger } from '../util/logger.js';
 import { getFailoverProvider, initializeProviders } from '../providers/registry.js';
@@ -36,10 +39,11 @@ import { assistantEventHub } from '../runtime/assistant-event-hub.js';
 import { buildAssistantEvent } from '../runtime/assistant-event.js';
 import { SessionEvictor } from './session-evictor.js';
 import { getSubagentManager } from '../subagent/index.js';
-import { tryHandlePendingCallAnswer } from '../calls/call-bridge.js';
+import { tryRouteCallMessage } from '../calls/call-bridge.js';
 import { resolveSlash } from './session-slash.js';
 import { createUserMessage, createAssistantMessage } from '../agent/message-types.js';
 import { registerDaemonCallbacks } from '../work-items/work-item-runner.js';
+import { DebouncerMap } from '../util/debounce.js';
 
 const log = getLogger('server');
 
@@ -57,7 +61,7 @@ const daemonVersion = readPackageVersion();
 
 export class DaemonServer {
   private server: net.Server | null = null;
-  private tcpServer: net.Server | null = null;
+  private tcpServer: tls.Server | null = null;
   private sessions = new Map<string, Session>();
   private socketToSession = new Map<net.Socket, string>();
   private cuSessions = new Map<string, ComputerUseSession>();
@@ -77,8 +81,11 @@ export class DaemonServer {
   private socketPath: string;
   private httpPort: number | undefined;
   private watchers: FSWatcher[] = [];
-  private debounceTimers = new Map<string, ReturnType<typeof setTimeout>>();
-  private static readonly MAX_DEBOUNCE_ENTRIES = 1000;
+  private debounceTimers = new DebouncerMap({
+    defaultDelayMs: 200,
+    maxEntries: 1000,
+    protectedKeyPrefix: '__',
+  });
   private suppressConfigReload = false;
   private lastConfigFingerprint = '';
   private lastConfigRefreshTime = 0;
@@ -200,15 +207,36 @@ export class DaemonServer {
 
     this.startFileWatchers();
 
-    // Generate a session token and write it to disk so clients can
-    // authenticate when connecting. Written before the socket starts
-    // listening to ensure the token is available by the time a client
-    // can connect.
-    this.sessionToken = randomBytes(32).toString('hex');
+    // Reuse existing session token from disk if present, so pairing
+    // (e.g. iOS QR code) survives daemon restarts. Only generate a
+    // new token when none exists on disk.
     const tokenPath = getSessionTokenPath();
-    writeFileSync(tokenPath, this.sessionToken, { mode: 0o600 });
-    chmodSync(tokenPath, 0o600);
-    log.info({ tokenPath }, 'Session token written');
+    let existingToken: string | null = null;
+    try {
+      const raw = readFileSync(tokenPath, 'utf-8').trim();
+      if (raw.length >= 32) existingToken = raw;
+    } catch { /* file doesn't exist yet */ }
+
+    if (existingToken) {
+      this.sessionToken = existingToken;
+      log.info({ tokenPath }, 'Reusing existing session token');
+    } else {
+      this.sessionToken = randomBytes(32).toString('hex');
+      writeFileSync(tokenPath, this.sessionToken, { mode: 0o600 });
+      chmodSync(tokenPath, 0o600);
+      log.info({ tokenPath }, 'New session token generated');
+    }
+
+    // Generate TLS certificate before starting listeners so it's
+    // available synchronously in the listen callback.
+    let tlsCreds: { cert: string; key: string; fingerprint: string } | null = null;
+    if (isTCPEnabled()) {
+      try {
+        tlsCreds = await ensureTlsCert();
+      } catch (err) {
+        log.error({ err }, 'Failed to generate TLS certificate — TCP listener will not start');
+      }
+    }
 
     return new Promise((resolve, reject) => {
       this.server = net.createServer((socket) => {
@@ -233,17 +261,31 @@ export class DaemonServer {
         chmodSync(this.socketPath, 0o600);
         log.info({ socketPath: this.socketPath }, 'Daemon server listening');
 
-        // Start TCP listener for iOS clients (alongside the Unix socket)
-        if (isTCPEnabled()) {
+        // Start TLS-encrypted TCP listener for iOS clients (alongside the Unix socket)
+        if (tlsCreds) {
           const tcpPort = getTCPPort();
-          this.tcpServer = net.createServer((socket) => {
-            this.handleConnection(socket);
-          });
+          const tcpHost = getTCPHost();
+          this.tcpServer = tls.createServer(
+            { cert: tlsCreds.cert, key: tlsCreds.key },
+            (socket) => { this.handleConnection(socket); },
+          );
           this.tcpServer.on('error', (err) => {
-            log.error({ err, tcpPort }, 'TCP server error');
+            log.error({ err, tcpPort }, 'TLS TCP server error');
           });
-          this.tcpServer.listen(tcpPort, getTCPHost(), () => {
-            log.info({ tcpPort, tcpHost: getTCPHost() }, 'TCP listener started');
+          const fingerprint = tlsCreds.fingerprint;
+          this.tcpServer.listen(tcpPort, tcpHost, () => {
+            const localIP = getLocalIPv4();
+            log.info(
+              { tcpPort, tcpHost, fingerprint, localIP, iosPairing: isIOSPairingEnabled() },
+              'TLS TCP listener started',
+            );
+            if (isIOSPairingEnabled() && localIP) {
+              log.warn(
+                { localIP, tcpPort },
+                'iOS pairing enabled — daemon is reachable on the local network at %s:%d',
+                localIP, tcpPort,
+              );
+            }
           });
         }
 
@@ -261,10 +303,9 @@ export class DaemonServer {
     }
     this.stopFileWatchers();
 
-    // Clean up session token
-    try {
-      unlinkSync(getSessionTokenPath());
-    } catch { /* ignore if already gone */ }
+    // Session token is intentionally kept on disk so pairing
+    // (e.g. iOS QR code) survives daemon restarts. To regenerate,
+    // delete ~/.vellum/session-token and restart the daemon.
 
     for (const timer of this.authTimeouts.values()) {
       clearTimeout(timer);
@@ -373,16 +414,10 @@ export class DaemonServer {
           if (!filename) return;
           const file = String(filename);
           if (!handlers[file]) return;
-          const key = `file:${file}`;
-          const existing = this.debounceTimers.get(key);
-          if (existing) clearTimeout(existing);
-          const timer = setTimeout(() => {
-            this.debounceTimers.delete(key);
+          this.debounceTimers.schedule(`file:${file}`, () => {
             log.info({ file }, 'File changed, reloading');
             handlers[file]();
-          }, 200);
-          this.debounceTimers.set(key, timer);
-          this.enforceDebounceLimit();
+          });
         });
         this.watchers.push(watcher);
         log.info({ dir }, `Watching ${label}`);
@@ -478,51 +513,22 @@ export class DaemonServer {
   }
 
   private stopFileWatchers(): void {
-    for (const timer of this.debounceTimers.values()) {
-      clearTimeout(timer);
-    }
-    this.debounceTimers.clear();
+    this.debounceTimers.cancelAll();
     for (const watcher of this.watchers) {
       watcher.close();
     }
     this.watchers = [];
   }
 
-  /**
-   * Evict the oldest file-watcher debounce entries when the map exceeds the safety cap.
-   * Map iteration order follows insertion order, so the first keys are oldest.
-   * Protects system timers (keys starting with '__') from eviction, so critical
-   * timers like '__suppress_reset__' are never cleared during bursts of file events.
-   */
-  private enforceDebounceLimit(): void {
-    if (this.debounceTimers.size <= DaemonServer.MAX_DEBOUNCE_ENTRIES) return;
-    const excess = this.debounceTimers.size - DaemonServer.MAX_DEBOUNCE_ENTRIES;
-    let removed = 0;
-    for (const [key, timer] of this.debounceTimers) {
-      if (removed >= excess) break;
-      // Skip system timers (those with keys starting with '__')
-      if (key.startsWith('__')) continue;
-      clearTimeout(timer);
-      this.debounceTimers.delete(key);
-      removed++;
-    }
-  }
-
   private startSkillsWatchers(evictSessions: () => void): void {
     const skillsDir = getWorkspaceSkillsDir();
     if (!existsSync(skillsDir)) return;
 
     const scheduleSkillsReload = (file: string): void => {
-      const key = `skills:${file}`;
-      const existing = this.debounceTimers.get(key);
-      if (existing) clearTimeout(existing);
-      const timer = setTimeout(() => {
-        this.debounceTimers.delete(key);
+      this.debounceTimers.schedule(`skills:${file}`, () => {
         log.info({ file }, 'Skill file changed, reloading');
         evictSessions();
-      }, 200);
-      this.debounceTimers.set(key, timer);
-      this.enforceDebounceLimit();
+      });
     };
 
     try {
@@ -1041,10 +1047,10 @@ export class DaemonServer {
     // Now that the processing lock is held, check the call-answer bridge.
     let bridgeHandled = false;
     try {
-      const bridgeResult = await tryHandlePendingCallAnswer(conversationId, content, messageId);
+      const bridgeResult = await tryRouteCallMessage(conversationId, content, messageId);
       bridgeHandled = bridgeResult.handled;
     } catch (err) {
-      log.warn({ err, conversationId }, 'Call-answer bridge check failed (non-fatal), proceeding with agent loop');
+      log.warn({ err, conversationId }, 'Call bridge check failed (non-fatal), proceeding with agent loop');
     }
 
     if (bridgeHandled) {
@@ -1052,7 +1058,7 @@ export class DaemonServer {
       resetSessionProcessingState(session);
       // Drain any queued messages that arrived while processing was true.
       session.drainQueue('loop_complete');
-      log.info({ conversationId, messageId }, 'User message consumed by call-answer bridge, skipping agent loop');
+      log.info({ conversationId, messageId }, 'User message consumed by call bridge, skipping agent loop');
       return { messageId };
     }
 
@@ -1150,10 +1156,10 @@ export class DaemonServer {
     // Now that the processing lock is held, check the call-answer bridge.
     let bridgeHandled = false;
     try {
-      const bridgeResult = await tryHandlePendingCallAnswer(conversationId, content, messageId);
+      const bridgeResult = await tryRouteCallMessage(conversationId, resolvedContent, messageId);
       bridgeHandled = bridgeResult.handled;
     } catch (err) {
-      log.warn({ err, conversationId }, 'Call-answer bridge check failed (non-fatal), proceeding with agent loop');
+      log.warn({ err, conversationId }, 'Call bridge check failed (non-fatal), proceeding with agent loop');
     }
 
     if (bridgeHandled) {
@@ -1162,7 +1168,7 @@ export class DaemonServer {
       resetSessionProcessingState(session);
       // Drain any queued messages that arrived while processing was true.
       session.drainQueue('loop_complete');
-      log.info({ conversationId, messageId }, 'User message consumed by call-answer bridge, skipping agent loop');
+      log.info({ conversationId, messageId }, 'User message consumed by call bridge, skipping agent loop');
       return { messageId };
     }
 

package/src/daemon/session-attachments.ts

@@ -51,7 +51,7 @@ export async function approveHostAttachmentRead(
     toolName,
     input,
     await classifyRisk(toolName, input, workingDir),
-    generateAllowlistOptions(toolName, input),
+    await generateAllowlistOptions(toolName, input),
     generateScopeOptions(workingDir, toolName),
     undefined,
     undefined,

package/src/daemon/session-conflict-gate.ts

@@ -9,14 +9,17 @@ import {
   applyConflictResolution,
   listPendingConflictDetails,
   markConflictAsked,
+  resolveConflict,
 } from '../memory/conflict-store.js';
 import type { PendingConflictDetail } from '../memory/conflict-store.js';
 import { resolveConflictClarification } from '../memory/clarification-resolver.js';
 import {
+  areStatementsCoherent,
   computeConflictRelevance,
   looksLikeClarificationReply,
   shouldAttemptConflictResolution,
 } from '../memory/conflict-intent.js';
+import { isConflictKindPairEligible, isStatementConflictEligible } from '../memory/conflict-policy.js';
 
 export interface ConflictGateDecision {
   question: string;
@@ -35,6 +38,8 @@ export class ConflictGate {
       relevanceThreshold: number;
       reaskCooldownTurns: number;
       resolverLlmTimeoutMs: number;
+      askOnIrrelevantTurns: boolean;
+      conflictableKinds: readonly string[];
     },
     scopeId = 'default',
   ): Promise<ConflictGateDecision | null> {
@@ -44,8 +49,23 @@ export class ConflictGate {
     const threshold = conflictConfig.relevanceThreshold;
     const cooldownTurns = Math.max(1, conflictConfig.reaskCooldownTurns);
     const pendingBeforeResolve = listPendingConflictDetails(scopeId, 50);
+
+    // Dismiss non-actionable conflicts (kind/statement policy or incoherent pair)
+    const dismissedIds = new Set<string>();
+    for (const conflict of pendingBeforeResolve) {
+      const dismissReason = this.getDismissReason(conflict, conflictConfig.conflictableKinds);
+      if (dismissReason) {
+        resolveConflict(conflict.id, {
+          status: 'dismissed',
+          resolutionNote: dismissReason,
+        });
+        dismissedIds.add(conflict.id);
+      }
+    }
+
+    const actionablePending = pendingBeforeResolve.filter((c) => !dismissedIds.has(c.id));
     const clarificationReply = looksLikeClarificationReply(userMessage);
-    const candidatesBeforeResolve = pendingBeforeResolve.filter((conflict) => {
+    const candidatesBeforeResolve = actionablePending.filter((conflict) => {
       const relevance = computeConflictRelevance(userMessage, conflict);
       return shouldAttemptConflictResolution({
         clarificationReply,
@@ -66,16 +86,29 @@ export class ConflictGate {
       conflict,
       relevance: computeConflictRelevance(userMessage, conflict),
     }));
+    // Try relevant conflicts first
     const askable = scored
       .filter((entry) => entry.relevance >= threshold)
       .find((entry) => this.shouldAsk(entry.conflict.id, cooldownTurns));
-    if (!askable) return null;
 
-    this.lastAskedTurn.set(askable.conflict.id, this.turnCounter);
-    markConflictAsked(askable.conflict.id);
+    // If no relevant conflict to ask and askOnIrrelevantTurns is enabled, try ones
+    // below the threshold (including zero-relevance). Zero-relevance conflicts are
+    // surfaced but not tracked as asked, preventing wasRecentlyAsked from triggering
+    // heuristic resolution on subsequent unrelated turns.
+    const candidateToAsk = askable
+      ?? (conflictConfig.askOnIrrelevantTurns
+        ? scored.find((entry) => entry.relevance < threshold && this.shouldAsk(entry.conflict.id, cooldownTurns))
+        : undefined);
+
+    if (!candidateToAsk) return null;
+
+    if (askable || candidateToAsk.relevance > 0) {
+      this.lastAskedTurn.set(candidateToAsk.conflict.id, this.turnCounter);
+      markConflictAsked(candidateToAsk.conflict.id);
+    }
     return {
-      question: askable.conflict.clarificationQuestion ?? buildFallbackConflictQuestion(askable.conflict),
-      relevant: true,
+      question: candidateToAsk.conflict.clarificationQuestion ?? buildFallbackConflictQuestion(candidateToAsk.conflict),
+      relevant: candidateToAsk.relevance >= threshold,
     };
   }
 
@@ -115,6 +148,29 @@ export class ConflictGate {
     if (lastAsked === undefined) return false;
     return this.turnCounter - lastAsked <= cooldownTurns;
   }
+
+  /**
+   * Returns a dismissal reason if the conflict should be dismissed, or null if actionable.
+   */
+  private getDismissReason(
+    conflict: PendingConflictDetail,
+    conflictableKinds: readonly string[],
+  ): string | null {
+    if (!isConflictKindPairEligible(conflict.existingKind, conflict.candidateKind, { conflictableKinds })) {
+      return 'Dismissed by conflict policy (kind not eligible).';
+    }
+    if (!isStatementConflictEligible(conflict.existingKind, conflict.existingStatement, { conflictableKinds })) {
+      return 'Dismissed by conflict policy (transient/non-durable).';
+    }
+    if (!isStatementConflictEligible(conflict.candidateKind, conflict.candidateStatement, { conflictableKinds })) {
+      return 'Dismissed by conflict policy (transient/non-durable).';
+    }
+    // Dismiss incoherent conflicts where the two statements have zero topical overlap
+    if (!areStatementsCoherent(conflict.existingStatement, conflict.candidateStatement)) {
+      return 'Dismissed by conflict policy (incoherent — zero statement overlap).';
+    }
+    return null;
+  }
 }
 
 export function buildFallbackConflictQuestion(conflict: PendingConflictDetail): string {

package/src/daemon/session-notifiers.ts

@@ -95,7 +95,7 @@ export function registerSessionNotifiers(
   registerCallQuestionNotifier(conversationId, (callSessionId: string, question: string) => {
     const callSession = getCallSession(callSessionId);
     const callee = callSession?.toNumber ?? 'the caller';
-    const questionText = `**Live call question** (to ${callee}):\n\n${question}\n\n_Reply in this thread to answer._`;
+    const questionText = `**Live call question** (to ${callee}):\n\n${question}\n\n_Reply in this thread to answer. Your next message will be treated as the answer to this question. Once answered, you can send messages to steer the conversation._`;
 
     conversationStore.addMessage(
       conversationId,

package/src/daemon/session-process.ts

@@ -16,6 +16,7 @@ import * as conversationStore from '../memory/conversation-store.js';
 import { resolveSlash } from './session-slash.js';
 import { getConfig } from '../config/loader.js';
 import { getLogger } from '../util/logger.js';
+import { tryRouteCallMessage } from '../calls/call-bridge.js';
 
 const log = getLogger('session-process');
 
@@ -49,6 +50,8 @@ export interface ProcessSessionContext {
   readonly conversationId: string;
   messages: Message[];
   processing: boolean;
+  abortController: AbortController | null;
+  currentRequestId?: string;
   readonly queue: MessageQueue;
   readonly traceEmitter: TraceEmitter;
   currentActiveSurfaceId?: string;
@@ -177,15 +180,49 @@ export function drainQueue(session: ProcessSessionContext, reason: QueueDrainRea
   session.currentPage = next.currentPage;
 
   // Fire-and-forget: persistUserMessage set session.processing = true
-  // so subsequent messages will still be enqueued. runAgentLoop's
-  // finally block will call drainQueue when this run completes.
-  session.runAgentLoop(resolvedContent, userMessageId, next.onEvent).catch((err) => {
+  // so subsequent messages will still be enqueued. Route through the call
+  // bridge first — if consumed, skip agent processing and continue draining.
+  // runAgentLoop's finally block will call drainQueue when this run completes.
+  routeOrProcess(session, resolvedContent, userMessageId, next).catch((err) => {
     const message = err instanceof Error ? err.message : String(err);
     log.error({ err, conversationId: session.conversationId, requestId: next.requestId }, 'Error processing queued message');
     next.onEvent({ type: 'error', message: `Failed to process queued message: ${message}` });
   });
 }
 
+/**
+ * Try the call bridge first; if not consumed, run the agent loop.
+ * Used by drainQueue to handle the async bridge check in fire-and-forget mode.
+ */
+async function routeOrProcess(
+  session: ProcessSessionContext,
+  content: string,
+  userMessageId: string,
+  next: { onEvent: (msg: ServerMessage) => void; requestId: string },
+): Promise<void> {
+  try {
+    const bridgeResult = await tryRouteCallMessage(session.conversationId, content, userMessageId);
+    if (bridgeResult.handled) {
+      session.preactivatedSkillIds = undefined;
+      session.processing = false;
+      session.abortController = null;
+      session.currentRequestId = undefined;
+      log.info({ conversationId: session.conversationId, userMessageId }, 'Queued message consumed by call bridge, skipping agent loop');
+      if (bridgeResult.userFacingText) {
+        next.onEvent({ type: 'assistant_text_delta', text: bridgeResult.userFacingText });
+      }
+      next.onEvent({ type: 'message_complete', sessionId: session.conversationId });
+      // runAgentLoop never ran so its finally block won't drain — continue manually
+      drainQueue(session);
+      return;
+    }
+  } catch (err) {
+    log.warn({ err, conversationId: session.conversationId }, 'Call bridge check failed (non-fatal), proceeding with agent loop');
+  }
+
+  await session.runAgentLoop(content, userMessageId, next.onEvent);
+}
+
 // ── processMessage ───────────────────────────────────────────────────
 
 /**
@@ -259,6 +296,28 @@ export async function processMessage(
     return '';
   }
 
+  // Route through the call bridge before the agent loop. When the bridge
+  // consumes the message (answer or instruction), skip agent processing.
+  try {
+    const bridgeResult = await tryRouteCallMessage(session.conversationId, resolvedContent, userMessageId);
+    if (bridgeResult.handled) {
+      session.preactivatedSkillIds = undefined;
+      session.processing = false;
+      session.abortController = null;
+      session.currentRequestId = undefined;
+      log.info({ conversationId: session.conversationId, userMessageId }, 'IPC message consumed by call bridge, skipping agent loop');
+      if (bridgeResult.userFacingText) {
+        onEvent({ type: 'assistant_text_delta', text: bridgeResult.userFacingText });
+      }
+      onEvent({ type: 'message_complete', sessionId: session.conversationId });
+      // runAgentLoop never ran so its finally block won't drain — continue manually
+      drainQueue(session);
+      return userMessageId;
+    }
+  } catch (err) {
+    log.warn({ err, conversationId: session.conversationId }, 'Call bridge check failed (non-fatal), proceeding with agent loop');
+  }
+
   await session.runAgentLoop(resolvedContent, userMessageId, onEvent);
   return userMessageId;
 }

package/src/daemon/session-tool-setup.ts

@@ -249,7 +249,6 @@ export function createToolExecutor(
           undefined, undefined,
           ctx.conversationId,
           req.executionTarget,
-          req.principal,
         );
         if ((response.decision === 'always_allow' || response.decision === 'always_allow_high_risk') && response.selectedPattern && response.selectedScope) {
           log.info({ toolName: 'cc:' + req.toolName, pattern: response.selectedPattern, scope: response.selectedScope, highRisk: response.decision === 'always_allow_high_risk' }, 'Persisting always-allow trust rule');
@@ -433,7 +432,7 @@ export function createProxyApprovalCallback(
     }
 
     // Use the checker's built-in allowlist generation for network_request
-    const allowlistOptions = generateAllowlistOptions('network_request', { url });
+    const allowlistOptions = await generateAllowlistOptions('network_request', { url });
 
     const scopeOptions = generateScopeOptions(ctx.workingDir);