@vellumai/assistant 0.3.16 → 0.3.19

package/src/memory/migrations/032-guardian-delivery-conversation-index.ts

@@ -0,0 +1,15 @@
+import type { DrizzleDb } from '../db-connection.js';
+
+/**
+ * Add index on guardian_action_deliveries.destination_conversation_id.
+ *
+ * Several lookup paths (getPendingDeliveryByConversation,
+ * getExpiredDeliveryByConversation, getFollowupDeliveryByConversation)
+ * filter deliveries by destination_conversation_id. Without an index
+ * these degrade to full table scans as delivery history grows.
+ */
+export function migrateGuardianDeliveryConversationIndex(database: DrizzleDb): void {
+  database.run(
+    /*sql*/ `CREATE INDEX IF NOT EXISTS idx_guardian_action_deliveries_dest_conversation ON guardian_action_deliveries(destination_conversation_id)`,
+  );
+}

package/src/memory/migrations/032-notification-delivery-thread-decision.ts

@@ -0,0 +1,20 @@
+import type { DrizzleDb } from '../db-connection.js';
+
+/**
+ * Add thread decision audit columns to notification_deliveries.
+ *
+ * These columns record the model's per-channel thread action (start_new
+ * or reuse_existing), the target conversation ID for reuse, and whether
+ * a fallback to start_new was needed due to an invalid/stale target.
+ */
+export function migrateNotificationDeliveryThreadDecision(database: DrizzleDb): void {
+  try {
+    database.run(/*sql*/ `ALTER TABLE notification_deliveries ADD COLUMN thread_action TEXT`);
+  } catch { /* Column already exists */ }
+  try {
+    database.run(/*sql*/ `ALTER TABLE notification_deliveries ADD COLUMN thread_target_conversation_id TEXT`);
+  } catch { /* Column already exists */ }
+  try {
+    database.run(/*sql*/ `ALTER TABLE notification_deliveries ADD COLUMN thread_decision_fallback_used INTEGER`);
+  } catch { /* Column already exists */ }
+}

package/src/memory/migrations/033-scoped-approval-grants.ts

@@ -0,0 +1,51 @@
+import type { DrizzleDb } from '../db-connection.js';
+
+/**
+ * Create the scoped_approval_grants table for channel-agnostic scoped
+ * approval grants.  Supports two scope modes:
+ *   - request_id: grant is scoped to a specific request
+ *   - tool_signature: grant is scoped to a tool name + input digest
+ *
+ * Grants are one-time-use (active -> consumed via CAS) and carry a
+ * mandatory TTL (expires_at).
+ */
+export function createScopedApprovalGrantsTable(database: DrizzleDb): void {
+  database.run(/*sql*/ `
+    CREATE TABLE IF NOT EXISTS scoped_approval_grants (
+      id TEXT PRIMARY KEY,
+      assistant_id TEXT NOT NULL,
+      scope_mode TEXT NOT NULL,
+      request_id TEXT,
+      tool_name TEXT,
+      input_digest TEXT,
+      request_channel TEXT NOT NULL,
+      decision_channel TEXT NOT NULL,
+      execution_channel TEXT,
+      conversation_id TEXT,
+      call_session_id TEXT,
+      requester_external_user_id TEXT,
+      guardian_external_user_id TEXT,
+      status TEXT NOT NULL,
+      expires_at TEXT NOT NULL,
+      consumed_at TEXT,
+      consumed_by_request_id TEXT,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    )
+  `);
+
+  // Index for request_id-based lookups (scope_mode = 'request_id')
+  database.run(
+    /*sql*/ `CREATE INDEX IF NOT EXISTS idx_scoped_grants_request_id ON scoped_approval_grants(request_id) WHERE request_id IS NOT NULL`,
+  );
+
+  // Index for tool_signature-based lookups (scope_mode = 'tool_signature')
+  database.run(
+    /*sql*/ `CREATE INDEX IF NOT EXISTS idx_scoped_grants_tool_sig ON scoped_approval_grants(tool_name, input_digest) WHERE tool_name IS NOT NULL`,
+  );
+
+  // Index for expiry sweeps
+  database.run(
+    /*sql*/ `CREATE INDEX IF NOT EXISTS idx_scoped_grants_status_expires ON scoped_approval_grants(status, expires_at)`,
+  );
+}

package/src/memory/migrations/034-guardian-action-tool-metadata.ts

@@ -0,0 +1,12 @@
+import type { DrizzleDb } from '../db-connection.js';
+
+/**
+ * Add tool_name and input_digest columns to guardian_action_requests for
+ * structured tool-approval tracking. These are nullable — informational
+ * ASK_GUARDIAN requests leave them NULL while tool-approval requests
+ * carry the tool identity and canonical input digest.
+ */
+export function migrateGuardianActionToolMetadata(database: DrizzleDb): void {
+  try { database.run(/*sql*/ `ALTER TABLE guardian_action_requests ADD COLUMN tool_name TEXT`); } catch { /* already exists */ }
+  try { database.run(/*sql*/ `ALTER TABLE guardian_action_requests ADD COLUMN input_digest TEXT`); } catch { /* already exists */ }
+}

package/src/memory/migrations/index.ts

@@ -23,15 +23,19 @@ export { migrateAddOriginInterface } from './022-add-origin-interface.js';
 export { migrateMemoryItemSourcesIndexes } from './023-memory-item-sources-indexes.js';
 export { migrateEmbeddingVectorBlob } from './024-embedding-vector-blob.js';
 export { migrateMessagesFtsBackfill } from './025-messages-fts-backfill.js';
-export { migrateEmbeddingsNullableVectorJson } from './026a-embeddings-nullable-vector-json.js';
 export { migrateGuardianVerificationSessions } from './026-guardian-verification-sessions.js';
-export { migrateGuardianBootstrapToken } from './027a-guardian-bootstrap-token.js';
+export { migrateEmbeddingsNullableVectorJson } from './026a-embeddings-nullable-vector-json.js';
 export { migrateNotificationDeliveryPairingColumns } from './027-notification-delivery-pairing-columns.js';
+export { migrateGuardianBootstrapToken } from './027a-guardian-bootstrap-token.js';
 export { migrateCallSessionMode } from './028-call-session-mode.js';
 export { migrateChannelInboundDeliveredSegments } from './029-channel-inbound-delivered-segments.js';
 export { migrateGuardianActionFollowup } from './030-guardian-action-followup.js';
 export { migrateGuardianVerificationPurpose } from './030-guardian-verification-purpose.js';
 export { migrateConversationsThreadTypeIndex } from './031-conversations-thread-type-index.js';
+export { migrateGuardianDeliveryConversationIndex } from './032-guardian-delivery-conversation-index.js';
+export { createScopedApprovalGrantsTable } from './033-scoped-approval-grants.js';
+export { migrateGuardianActionToolMetadata } from './034-guardian-action-tool-metadata.js';
+export { migrateNotificationDeliveryThreadDecision } from './032-notification-delivery-thread-decision.js';
 export { createCoreTables } from './100-core-tables.js';
 export { createWatchersAndLogsTables } from './101-watchers-and-logs.js';
 export { addCoreColumns } from './102-alter-table-columns.js';

package/src/memory/schema-migration.ts

@@ -20,6 +20,7 @@ export {
   migrateMemorySegmentsIndexes,
   migrateMessagesFtsBackfill,
   migrateNotificationDeliveryPairingColumns,
+  migrateNotificationDeliveryThreadDecision,
   migrateNotificationTablesSchema,
   migrateRemainingTableIndexes,
   migrateReminderRoutingIntent,

package/src/memory/schema.ts

@@ -843,6 +843,8 @@ export const guardianActionRequests = sqliteTable('guardian_action_requests', {
   lateAnsweredAt: integer('late_answered_at'),
   followupAction: text('followup_action'),                          // call_back | message_back | decline
   followupCompletedAt: integer('followup_completed_at'),
+  toolName: text('tool_name'),                                        // tool identity for tool-approval requests
+  inputDigest: text('input_digest'),                                  // canonical SHA-256 digest of tool input
   createdAt: integer('created_at').notNull(),
   updatedAt: integer('updated_at').notNull(),
 });
@@ -864,7 +866,9 @@ export const guardianActionDeliveries = sqliteTable('guardian_action_deliveries'
   lastError: text('last_error'),
   createdAt: integer('created_at').notNull(),
   updatedAt: integer('updated_at').notNull(),
-});
+}, (table) => [
+  index('idx_guardian_action_deliveries_dest_conversation').on(table.destinationConversationId),
+]);
 
 // ── Assistant Inbox ──────────────────────────────────────────────────
 
@@ -1018,6 +1022,9 @@ export const notificationDeliveries = sqliteTable('notification_deliveries', {
   conversationId: text('conversation_id'),
   messageId: text('message_id'),
   conversationStrategy: text('conversation_strategy'),
+  threadAction: text('thread_action'),
+  threadTargetConversationId: text('thread_target_conversation_id'),
+  threadDecisionFallbackUsed: integer('thread_decision_fallback_used'),
   clientDeliveryStatus: text('client_delivery_status'),
   clientDeliveryError: text('client_delivery_error'),
   clientDeliveryAt: integer('client_delivery_at'),
@@ -1070,3 +1077,31 @@ export const conversationAssistantAttentionState = sqliteTable('conversation_ass
   index('idx_conv_attn_state_assistant_latest_msg').on(table.assistantId, table.latestAssistantMessageAt),
   index('idx_conv_attn_state_assistant_last_seen').on(table.assistantId, table.lastSeenAssistantMessageAt),
 ]);
+
+// ── Scoped Approval Grants ──────────────────────────────────────────
+
+export const scopedApprovalGrants = sqliteTable('scoped_approval_grants', {
+  id: text('id').primaryKey(),
+  assistantId: text('assistant_id').notNull(),
+  scopeMode: text('scope_mode').notNull(),           // 'request_id' | 'tool_signature'
+  requestId: text('request_id'),
+  toolName: text('tool_name'),
+  inputDigest: text('input_digest'),
+  requestChannel: text('request_channel').notNull(),
+  decisionChannel: text('decision_channel').notNull(),
+  executionChannel: text('execution_channel'),        // null = any channel
+  conversationId: text('conversation_id'),
+  callSessionId: text('call_session_id'),
+  requesterExternalUserId: text('requester_external_user_id'),
+  guardianExternalUserId: text('guardian_external_user_id'),
+  status: text('status').notNull(),                   // 'active' | 'consumed' | 'expired' | 'revoked'
+  expiresAt: text('expires_at').notNull(),
+  consumedAt: text('consumed_at'),
+  consumedByRequestId: text('consumed_by_request_id'),
+  createdAt: text('created_at').notNull(),
+  updatedAt: text('updated_at').notNull(),
+}, (table) => [
+  index('idx_scoped_grants_request_id').on(table.requestId),
+  index('idx_scoped_grants_tool_sig').on(table.toolName, table.inputDigest),
+  index('idx_scoped_grants_status_expires').on(table.status, table.expiresAt),
+]);