vellum 0.2.7 → 0.2.9

package/src/runtime/run-orchestrator.ts

@@ -3,11 +3,14 @@
  *
  * A "run" wraps a single agent-loop execution, tracking its state through:
  *   running → needs_confirmation → running → completed | failed
+ *   running → needs_secret       → running → completed | failed
  *
  * When a tool needs permission, the orchestrator intercepts the
  * confirmation_request from the session's prompter and records it in
- * the run store.  The web UI can then poll the run status and submit
- * a decision via the /decision endpoint.
+ * the run store.  Similarly, when a tool needs a secret (e.g.
+ * credential_store prompt), the orchestrator intercepts the
+ * secret_request and records it.  The client can then poll the run
+ * status and submit a decision or secret via the respective endpoints.
  */
 
 import * as runsStore from '../memory/runs-store.js';
@@ -113,11 +116,10 @@ export class RunOrchestrator {
     };
 
 
-    // Hook into session to intercept confirmation_request events.
-    // When the prompter sends a confirmation_request, we record it in the
-    // run store so the web UI can poll and submit a decision.
-    // Do NOT set hasNoClient — run sessions have a client (the HTTP caller)
-    // and confirmations are handled via the /runs/:id/decision endpoint.
+    // Hook into session to intercept confirmation_request and secret_request events.
+    // When the prompter sends one of these, we record it in the run store so
+    // the client can poll and submit a decision/secret via the respective endpoint.
+    // Do NOT set hasNoClient — run sessions have a client (the HTTP caller).
     let lastError: string | null = null;
     session.updateClient((msg: ServerMessage) => {
       if (msg.type === 'confirmation_request') {
@@ -138,6 +140,21 @@ export class RunOrchestrator {
           prompterRequestId: msg.requestId,
           session,
         });
+      } else if (msg.type === 'secret_request') {
+        runsStore.setRunSecret(run.id, {
+          requestId: msg.requestId,
+          service: msg.service,
+          field: msg.field,
+          label: msg.label,
+          description: msg.description,
+          placeholder: msg.placeholder,
+          purpose: msg.purpose,
+          allowOneTimeSend: msg.allowOneTimeSend,
+        });
+        this.pending.set(run.id, {
+          prompterRequestId: msg.requestId,
+          session,
+        });
       }
       // Mirror every outbound message to the assistant-events hub so SSE
       // subscribers receive the same payload parity as IPC clients.
@@ -236,4 +253,44 @@ export class RunOrchestrator {
     // the client doesn't mistakenly treat the decision as accepted.
     return 'no_pending_decision';
   }
+
+  /**
+   * Submit a secret value for a pending secret request.
+   *
+   * Returns:
+   * - `'applied'`           – secret was forwarded to the session
+   * - `'run_not_found'`     – no run exists with the given ID
+   * - `'no_pending_secret'` – run exists but is not awaiting a secret
+   */
+  submitSecret(
+    runId: string,
+    value?: string,
+    delivery?: 'store' | 'transient_send',
+  ): 'applied' | 'run_not_found' | 'no_pending_secret' {
+    const pendingState = this.pending.get(runId);
+    if (pendingState) {
+      runsStore.clearRunSecret(runId);
+      pendingState.session.handleSecretResponse(
+        pendingState.prompterRequestId,
+        value,
+        delivery,
+      );
+      this.pending.delete(runId);
+      return 'applied';
+    }
+
+    const run = runsStore.getRun(runId);
+    if (!run) return 'run_not_found';
+
+    if (run.status === 'needs_secret') {
+      runsStore.failRun(runId, 'Secret prompter timed out (no active handler)');
+      return 'applied';
+    }
+
+    if (run.status === 'completed' || run.status === 'failed') {
+      return 'applied';
+    }
+
+    return 'no_pending_secret';
+  }
 }

package/src/security/oauth-callback-registry.ts

@@ -0,0 +1,66 @@
+/**
+ * In-memory registry for pending OAuth callback states.
+ * Used by the gateway-routed OAuth flow to resolve authorization codes
+ * back to the runtime code that initiated the OAuth handshake.
+ */
+
+interface PendingCallback {
+  resolve: (code: string) => void;
+  reject: (error: Error) => void;
+  timer: ReturnType<typeof setTimeout>;
+}
+
+const pendingCallbacks = new Map<string, PendingCallback>();
+const DEFAULT_TTL_MS = 5 * 60 * 1000; // 5 minutes
+
+export function registerPendingCallback(
+  state: string,
+  resolve: (code: string) => void,
+  reject: (error: Error) => void,
+  ttlMs = DEFAULT_TTL_MS,
+): void {
+  // Clear any existing entry for this state to prevent timer leaks and
+  // cross-callback timeouts when the same state is registered twice.
+  const existing = pendingCallbacks.get(state);
+  if (existing) {
+    clearTimeout(existing.timer);
+    existing.reject(new Error('OAuth callback superseded by new registration'));
+    pendingCallbacks.delete(state);
+  }
+
+  const timer = setTimeout(() => {
+    const entry = pendingCallbacks.get(state);
+    if (entry) {
+      pendingCallbacks.delete(state);
+      entry.reject(new Error('OAuth callback timed out'));
+    }
+  }, ttlMs);
+
+  pendingCallbacks.set(state, { resolve, reject, timer });
+}
+
+export function consumeCallback(state: string, code: string): boolean {
+  const entry = pendingCallbacks.get(state);
+  if (!entry) return false;
+  clearTimeout(entry.timer);
+  pendingCallbacks.delete(state);
+  entry.resolve(code);
+  return true;
+}
+
+export function consumeCallbackError(state: string, error: string): boolean {
+  const entry = pendingCallbacks.get(state);
+  if (!entry) return false;
+  clearTimeout(entry.timer);
+  pendingCallbacks.delete(state);
+  entry.reject(new Error(error));
+  return true;
+}
+
+export function clearAllCallbacks(): void {
+  for (const entry of pendingCallbacks.values()) {
+    clearTimeout(entry.timer);
+    entry.reject(new Error('OAuth callback registry cleared'));
+  }
+  pendingCallbacks.clear();
+}

package/src/security/oauth2.ts

@@ -1,6 +1,10 @@
 /**
  * General-purpose OAuth2 Authorization Code flow with PKCE.
  *
+ * Supports two callback transports:
+ *   - loopback: spins up a local HTTP server on 127.0.0.1 (default when no public URL configured)
+ *   - gateway:  uses the gateway's OAuth callback route + in-memory registry (when ingress.publicBaseUrl is set)
+ *
  * Moved from integrations/oauth2.ts. Types that were in integrations/types.ts
  * are now inlined here since the integration framework is removed.
  */
@@ -39,6 +43,11 @@ export interface OAuth2FlowCallbacks {
   openUrl: (url: string) => void;
 }
 
+export interface OAuth2FlowOptions {
+  /** Which callback transport to use. When omitted, auto-detected from config. */
+  callbackTransport?: 'loopback' | 'gateway';
+}
+
 export interface OAuth2FlowResult {
   tokens: OAuth2TokenResult;
   grantedScopes: string[];
@@ -62,20 +71,106 @@ function generateState(): string {
 }
 
 // ---------------------------------------------------------------------------
-// Public API
+// Token exchange (shared between transports)
+// ---------------------------------------------------------------------------
+
+async function exchangeCodeForTokens(
+  config: OAuth2Config,
+  code: string,
+  redirectUri: string,
+  codeVerifier: string,
+): Promise<OAuth2FlowResult> {
+  const usePKCE = !config.clientSecret;
+
+  const tokenBody: Record<string, string> = {
+    grant_type: 'authorization_code',
+    code,
+    redirect_uri: redirectUri,
+    client_id: config.clientId,
+  };
+  if (usePKCE) {
+    tokenBody.code_verifier = codeVerifier;
+  }
+  if (config.clientSecret) {
+    tokenBody.client_secret = config.clientSecret;
+  }
+
+  const tokenResp = await fetch(config.tokenUrl, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: new URLSearchParams(tokenBody),
+  });
+
+  if (!tokenResp.ok) {
+    const rawBody = await tokenResp.text().catch(() => '');
+    let safeDetail: Record<string, unknown> = {};
+    let errorCode = '';
+    try {
+      const parsed = JSON.parse(rawBody) as Record<string, unknown>;
+      if (parsed.error) { safeDetail.error = String(parsed.error); errorCode = String(parsed.error); }
+      if (parsed.error_description) safeDetail.error_description = String(parsed.error_description);
+    } catch {
+      safeDetail.error = '[non-JSON response]';
+    }
+    log.error({ status: tokenResp.status, ...safeDetail }, 'OAuth2 token exchange failed');
+    const detail = errorCode ? `HTTP ${tokenResp.status}: ${errorCode}` : `HTTP ${tokenResp.status}`;
+    throw new Error(`OAuth2 token exchange failed (${detail})`);
+  }
+
+  const tokenData = await tokenResp.json() as Record<string, unknown>;
+
+  // Slack V2 OAuth returns user tokens nested under `authed_user`
+  const authedUser = tokenData.authed_user as Record<string, unknown> | undefined;
+  const tokenSource = authedUser?.access_token ? authedUser : tokenData;
+
+  const tokens: OAuth2TokenResult = {
+    accessToken: (tokenSource.access_token as string) ?? (tokenData.access_token as string),
+    refreshToken: (tokenSource.refresh_token as string | undefined) ?? (tokenData.refresh_token as string | undefined),
+    expiresIn: (tokenSource.expires_in as number | undefined) ?? (tokenData.expires_in as number | undefined),
+    scope: (tokenSource.scope as string | undefined) ?? (tokenData.scope as string | undefined),
+    tokenType: (tokenSource.token_type as string | undefined) ?? (tokenData.token_type as string | undefined),
+  };
+
+  const grantedScopes = typeof tokens.scope === 'string'
+    ? tokens.scope.split(/[ ,]/).filter(Boolean)
+    : [...config.scopes];
+
+  return { tokens, grantedScopes, rawTokenResponse: tokenData };
+}
+
+// ---------------------------------------------------------------------------
+// Transport auto-detection
 // ---------------------------------------------------------------------------
 
 /**
- * Run a full OAuth2 PKCE authorization code flow using a loopback redirect.
+ * Determine which callback transport to use when not explicitly specified.
+ * Uses gateway if a public base URL is configured (ingress.publicBaseUrl or
+ * INGRESS_PUBLIC_BASE_URL), otherwise loopback.
  */
-export async function startOAuth2Flow(
+function detectTransport(): 'loopback' | 'gateway' {
+  try {
+    const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
+    const { getPublicBaseUrl } = require('../inbound/public-ingress-urls.js') as typeof import('../inbound/public-ingress-urls.js');
+    const appConfig = loadConfig();
+    getPublicBaseUrl(appConfig); // throws if no public URL configured
+    return 'gateway';
+  } catch {
+    log.debug('No public base URL configured for transport auto-detection, defaulting to loopback');
+  }
+  return 'loopback';
+}
+
+// ---------------------------------------------------------------------------
+// Loopback transport
+// ---------------------------------------------------------------------------
+
+async function runLoopbackFlow(
   config: OAuth2Config,
   callbacks: OAuth2FlowCallbacks,
+  codeVerifier: string,
+  codeChallenge: string,
+  state: string,
 ): Promise<OAuth2FlowResult> {
-  const codeVerifier = generateCodeVerifier();
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  const state = generateState();
-
   let resolveCode: (value: { code: string; returnedState: string }) => void;
   let rejectCode: (reason: Error) => void;
 
@@ -84,7 +179,6 @@ export async function startOAuth2Flow(
     rejectCode = reject;
   });
 
-  /** How long to wait for the user to complete the OAuth consent flow. */
   const FLOW_TIMEOUT_MS = 120_000;
 
   const timeout = setTimeout(() => {
@@ -153,64 +247,120 @@ export async function startOAuth2Flow(
       throw new Error('OAuth2 state mismatch — possible CSRF attack');
     }
 
-    const tokenBody: Record<string, string> = {
-      grant_type: 'authorization_code',
-      code,
-      redirect_uri: redirectUri,
-      client_id: config.clientId,
-    };
-    if (usePKCE) {
-      tokenBody.code_verifier = codeVerifier;
-    }
-    if (config.clientSecret) {
-      tokenBody.client_secret = config.clientSecret;
-    }
+    return await exchangeCodeForTokens(config, code, redirectUri, codeVerifier);
+  } finally {
+    clearTimeout(timeout);
+    server.stop(true);
+  }
+}
 
-    const tokenResp = await fetch(config.tokenUrl, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-      body: new URLSearchParams(tokenBody),
-    });
+// ---------------------------------------------------------------------------
+// Gateway transport
+// ---------------------------------------------------------------------------
 
-    if (!tokenResp.ok) {
-      const rawBody = await tokenResp.text().catch(() => '');
-      let safeDetail: Record<string, unknown> = {};
-      let errorCode = '';
-      try {
-        const parsed = JSON.parse(rawBody) as Record<string, unknown>;
-        if (parsed.error) { safeDetail.error = String(parsed.error); errorCode = String(parsed.error); }
-        if (parsed.error_description) safeDetail.error_description = String(parsed.error_description);
-      } catch {
-        safeDetail.error = '[non-JSON response]';
-      }
-      log.error({ status: tokenResp.status, ...safeDetail }, 'OAuth2 token exchange failed');
-      const detail = errorCode ? `HTTP ${tokenResp.status}: ${errorCode}` : `HTTP ${tokenResp.status}`;
-      throw new Error(`OAuth2 token exchange failed (${detail})`);
-    }
+async function runGatewayFlow(
+  config: OAuth2Config,
+  callbacks: OAuth2FlowCallbacks,
+  codeVerifier: string,
+  codeChallenge: string,
+  state: string,
+): Promise<OAuth2FlowResult> {
+  const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
+  const { getOAuthCallbackUrl } = require('../inbound/public-ingress-urls.js') as typeof import('../inbound/public-ingress-urls.js');
+  const { registerPendingCallback } = require('./oauth-callback-registry.js') as typeof import('./oauth-callback-registry.js');
 
-    const tokenData = await tokenResp.json() as Record<string, unknown>;
+  const appConfig = loadConfig();
+  const redirectUri = getOAuthCallbackUrl(appConfig);
 
-    // Slack V2 OAuth returns user tokens nested under `authed_user`
-    const authedUser = tokenData.authed_user as Record<string, unknown> | undefined;
-    const tokenSource = authedUser?.access_token ? authedUser : tokenData;
+  const codePromise = new Promise<string>((resolve, reject) => {
+    registerPendingCallback(state, resolve, reject);
+  });
 
-    const tokens: OAuth2TokenResult = {
-      accessToken: (tokenSource.access_token as string) ?? (tokenData.access_token as string),
-      refreshToken: (tokenSource.refresh_token as string | undefined) ?? (tokenData.refresh_token as string | undefined),
-      expiresIn: (tokenSource.expires_in as number | undefined) ?? (tokenData.expires_in as number | undefined),
-      scope: (tokenSource.scope as string | undefined) ?? (tokenData.scope as string | undefined),
-      tokenType: (tokenSource.token_type as string | undefined) ?? (tokenData.token_type as string | undefined),
-    };
+  const usePKCE = !config.clientSecret;
+  const authParams = new URLSearchParams({
+    ...config.extraParams,
+    client_id: config.clientId,
+    redirect_uri: redirectUri,
+    response_type: 'code',
+    scope: config.scopes.join(' '),
+    state,
+    ...(usePKCE ? { code_challenge: codeChallenge, code_challenge_method: 'S256' } : {}),
+  });
 
-    const grantedScopes = typeof tokens.scope === 'string'
-      ? tokens.scope.split(/[ ,]/).filter(Boolean)
-      : [...config.scopes];
+  const authUrl = `${config.authUrl}?${authParams}`;
+  callbacks.openUrl(authUrl);
 
-    return { tokens, grantedScopes, rawTokenResponse: tokenData };
-  } finally {
-    clearTimeout(timeout);
-    server.stop(true);
+  const code = await codePromise;
+
+  return await exchangeCodeForTokens(config, code, redirectUri, codeVerifier);
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Run a full OAuth2 authorization code flow with PKCE support.
+ *
+ * Supports two callback transports:
+ *   - loopback (default): local HTTP server on 127.0.0.1
+ *   - gateway: callback via the gateway's OAuth route + in-memory registry
+ *
+ * Transport is auto-detected based on ingress.publicBaseUrl config unless
+ * explicitly specified via options.callbackTransport.
+ */
+export async function startOAuth2Flow(
+  config: OAuth2Config,
+  callbacks: OAuth2FlowCallbacks,
+  options?: OAuth2FlowOptions,
+): Promise<OAuth2FlowResult> {
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = generateCodeChallenge(codeVerifier);
+  const state = generateState();
+
+  // In gateway_only mode, enforce gateway transport and require a public ingress URL
+  let ingressMode: string | undefined;
+  try {
+    const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
+    ingressMode = loadConfig().ingress.mode;
+  } catch {
+    // Fail closed: if config can't be loaded (e.g., malformed config.json), default to the
+    // most restrictive mode to prevent loopback fallback from creating a fail-open path.
+    log.warn('Failed to load config for OAuth ingress mode detection; defaulting to gateway_only (fail closed)');
+    ingressMode = 'gateway_only';
   }
+
+  if (ingressMode === 'gateway_only') {
+    // Verify a public ingress URL is configured; fail fast with actionable error if not
+    let hasPublicUrl = false;
+    try {
+      const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
+      const { getPublicBaseUrl } = require('../inbound/public-ingress-urls.js') as typeof import('../inbound/public-ingress-urls.js');
+      getPublicBaseUrl(loadConfig());
+      hasPublicUrl = true;
+    } catch {
+      // No public URL configured
+    }
+
+    if (!hasPublicUrl) {
+      throw new Error(
+        'OAuth requires a public ingress URL in gateway-only mode. Set ingress.publicBaseUrl or INGRESS_PUBLIC_BASE_URL so OAuth callbacks can route through the gateway.',
+      );
+    }
+
+    // In gateway_only mode, always use gateway transport — never fall back to loopback
+    log.debug({ transport: 'gateway' }, 'OAuth2 flow starting (gateway_only mode)');
+    return runGatewayFlow(config, callbacks, codeVerifier, codeChallenge, state);
+  }
+
+  const transport = options?.callbackTransport ?? detectTransport();
+  log.debug({ transport }, 'OAuth2 flow starting');
+
+  if (transport === 'gateway') {
+    return runGatewayFlow(config, callbacks, codeVerifier, codeChallenge, state);
+  }
+
+  return runLoopbackFlow(config, callbacks, codeVerifier, codeChallenge, state);
 }
 
 /**

package/src/subagent/manager.ts

@@ -57,6 +57,7 @@ export interface SubagentNotificationInfo {
   label: string;
   status: 'completed' | 'failed' | 'aborted';
   error?: string;
+  conversationId?: string;
 }
 
 export type ParentNotifyCallback = (
@@ -299,7 +300,7 @@ export class SubagentManager {
             managed.state.config.parentSessionId,
             message,
             managed.parentSendToClient,
-            { subagentId, label, status: 'aborted' },
+            { subagentId, label, status: 'aborted', conversationId: managed.state.conversationId },
           );
         } catch (err) {
           log.error({ subagentId, err }, 'Failed to notify parent about abort');
@@ -497,6 +498,7 @@ export class SubagentManager {
       subagentId: config.id,
       label: config.label,
       status: outcome,
+      conversationId: managed.state.conversationId,
       ...(outcome === 'failed' ? { error: managed.state.error ?? 'Unknown error' } : {}),
     };
 

package/src/swarm/backend-claude-code.ts

@@ -117,7 +117,7 @@ export function createClaudeCodeBackend(): SwarmWorkerBackend {
 
               const parts: string[] = [`[${message.subtype}] (${message.num_turns} turns, ${(message.duration_ms / 1000).toFixed(1)}s)`];
               if (errors.length > 0) parts.push(`Errors: ${errors.join('; ')}`);
-              if (denials.length > 0) parts.push(`Permission denied: ${denials.map(d => d.tool_name).join(', ')}`);
+              if (denials.length > 0) parts.push(`Permission denied: ${denials.map((d: { tool_name: string }) => d.tool_name).join(', ')}`);
               resultText += `\n${parts.join('\n')}`;
             }
           }

package/src/tools/assets/search.ts

@@ -13,7 +13,7 @@ import type { Tool, ToolContext, ToolExecutionResult } from '../types.js';
 import type { ToolDefinition } from '../../providers/types.js';
 import { registerTool } from '../registry.js';
 import { getDb } from '../../memory/db.js';
-import { attachments, messageAttachments, messages, conversations, conversationKeys } from '../../memory/schema.js';
+import { attachments, messageAttachments, messages, conversations } from '../../memory/schema.js';
 import type { StoredAttachment } from '../../memory/attachments-store.js';
 import { isAttachmentVisible, type AttachmentContext } from '../../daemon/media-visibility-policy.js';
 import { getConversationThreadType } from '../../memory/conversation-store.js';
@@ -103,25 +103,6 @@ function isAttachmentVisibleFromContext(attachmentId: string, currentContext: At
   );
 }
 
-// ---------------------------------------------------------------------------
-// Assistant ID lookup
-// ---------------------------------------------------------------------------
-
-/**
- * Derive the assistant ID that owns a conversation via the conversation_keys
- * table. Returns null when no mapping exists (e.g. native macOS app sessions
- * that use the implicit 'local-assistant' identity).
- */
-function getAssistantIdForConversation(conversationId: string): string | null {
-  const db = getDb();
-  const row = db
-    .select({ assistantId: conversationKeys.assistantId })
-    .from(conversationKeys)
-    .where(eq(conversationKeys.conversationId, conversationId))
-    .get();
-  return row?.assistantId ?? null;
-}
-
 // ---------------------------------------------------------------------------
 // Search logic
 // ---------------------------------------------------------------------------
@@ -131,8 +112,6 @@ export interface AssetSearchParams {
   filename?: string;
   recency?: string;
   conversation_id?: string;
-  /** Tenant boundary — when set, only attachments belonging to this assistant are returned. */
-  assistant_id?: string;
   limit?: number;
 }
 
@@ -163,11 +142,6 @@ export function searchAttachments(params: AssetSearchParams): StoredAttachment[]
     }
   }
 
-  // Tenant boundary — restrict to the active assistant's attachments
-  if (params.assistant_id) {
-    conditions.push(eq(attachments.assistantId, params.assistant_id));
-  }
-
   // Conversation scope — join through message_attachments + messages
   if (params.conversation_id) {
     const linkedIds = db
@@ -207,11 +181,6 @@ export function searchAttachments(params: AssetSearchParams): StoredAttachment[]
         bindValues.push(Date.now() - offsetMs);
       }
     }
-    if (params.assistant_id) {
-      whereParts.push(`a.assistant_id = ?`);
-      bindValues.push(params.assistant_id);
-    }
-
     const limit = Math.min(params.limit ?? DEFAULT_LIMIT, MAX_RESULTS);
     const stmt = raw.prepare(
       `SELECT a.id, a.original_filename, a.mime_type, a.size_bytes, a.kind, a.thumbnail_base64, a.created_at
@@ -347,9 +316,6 @@ class AssetSearchTool implements Tool {
     }
 
     try {
-      // Scope results to the active assistant to prevent cross-tenant leaks
-      const assistantId = getAssistantIdForConversation(context.conversationId) ?? undefined;
-
       // Over-fetch with MAX_RESULTS so visibility filtering doesn't
       // under-fill the caller's requested limit.
       const results = searchAttachments({
@@ -357,7 +323,6 @@ class AssetSearchTool implements Tool {
         filename,
         recency,
         conversation_id: conversationId,
-        assistant_id: assistantId,
         limit: MAX_RESULTS,
       });
 

package/src/tools/claude-code/claude-code.ts

@@ -224,6 +224,7 @@ export const claudeCodeTool: Tool = {
 
     // Declared outside try so the catch block can emit a final tool_complete on error.
     let lastSubToolName: string | null = null;
+    let activeToolUseId: string | null = null;
 
     try {
       const conversation = query({ prompt, options: queryOptions });
@@ -235,8 +236,6 @@ export const claudeCodeTool: Tool = {
       const toolUseIdInfo = new Map<string, { name: string; inputSummary: string }>();
       // Track tool_use_ids that we've already emitted tool_start for (to avoid duplicates).
       const emittedToolUseIds = new Set<string>();
-      // Track the currently active tool_use_id from tool_progress events.
-      let activeToolUseId: string | null = null;
 
       for await (const message of conversation) {
         switch (message.type) {
@@ -379,7 +378,7 @@ export const claudeCodeTool: Tool = {
                 parts.push(`Errors: ${errors.join('; ')}`);
               }
               if (denials.length > 0) {
-                const denialSummary = denials.map(d => `${d.tool_name}`).join(', ');
+                const denialSummary = denials.map((d: { tool_name: string }) => `${d.tool_name}`).join(', ');
                 parts.push(`Permission denied: ${denialSummary}`);
               }
               resultText += `\n\n${parts.join('\n')}`;
@@ -406,6 +405,7 @@ export const claudeCodeTool: Tool = {
         context.onOutput?.(JSON.stringify({
           subType: 'tool_complete',
           subToolName: lastSubToolName,
+          subToolId: activeToolUseId,
           subToolIsError: true,
         }));
         lastSubToolName = null;

package/src/tools/tasks/work-item-list.ts

@@ -1,5 +1,17 @@
 import type { ToolContext, ToolExecutionResult } from '../types.js';
-import { listWorkItems, type WorkItemStatus } from '../../work-items/work-item-store.js';
+import { listWorkItems, type WorkItem, type WorkItemStatus } from '../../work-items/work-item-store.js';
+
+const PRIORITY_LABELS: Record<number, string> = { 0: 'High', 1: 'Medium', 2: 'Low' };
+
+function formatTaskList(items: WorkItem[]): string {
+  const lines: string[] = [];
+  for (const item of items) {
+    const priority = PRIORITY_LABELS[item.priorityTier] ?? 'Medium';
+    const status = item.status.replace(/_/g, ' ');
+    lines.push(`- [${priority}] ${item.title} (${status})`);
+  }
+  return lines.join('\n');
+}
 
 export async function executeTaskListShow(
   input: Record<string, unknown>,
@@ -33,7 +45,9 @@ export async function executeTaskListShow(
       ? `${count} ${Array.isArray(statusFilter) ? 'matching' : statusFilter} item${count === 1 ? '' : 's'}`
       : `${count} item${count === 1 ? '' : 's'}`;
 
-    return { content: `Opened Tasks window (${label}).`, isError: false };
+    const taskList = formatTaskList(items);
+
+    return { content: `Opened Tasks window (${label}).\n\nCurrent tasks:\n${taskList}`, isError: false };
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     return { content: `Error: ${msg}`, isError: true };