@vellumai/assistant 0.4.35 → 0.4.37

package/src/mcp/mcp-oauth-provider.ts

@@ -101,7 +101,17 @@ export class McpOAuthProvider implements OAuthClientProvider {
   }
 
   async saveTokens(tokens: OAuthTokens): Promise<void> {
-    await setSecureKeyAsync(tokensKey(this.serverId), JSON.stringify(tokens));
+    const ok = await setSecureKeyAsync(
+      tokensKey(this.serverId),
+      JSON.stringify(tokens),
+    );
+    if (!ok) {
+      log.warn(
+        { serverId: this.serverId },
+        "Failed to persist OAuth tokens to secure storage",
+      );
+      return;
+    }
     log.info({ serverId: this.serverId }, "OAuth tokens saved");
   }
 
@@ -124,7 +134,17 @@ export class McpOAuthProvider implements OAuthClientProvider {
   async saveClientInformation(
     info: OAuthClientInformationMixed,
   ): Promise<void> {
-    await setSecureKeyAsync(clientInfoKey(this.serverId), JSON.stringify(info));
+    const ok = await setSecureKeyAsync(
+      clientInfoKey(this.serverId),
+      JSON.stringify(info),
+    );
+    if (!ok) {
+      log.warn(
+        { serverId: this.serverId },
+        "Failed to persist OAuth client information to secure storage",
+      );
+      return;
+    }
     log.info({ serverId: this.serverId }, "OAuth client information saved");
   }
 
@@ -154,7 +174,16 @@ export class McpOAuthProvider implements OAuthClientProvider {
   }
 
   async saveDiscoveryState(state: OAuthDiscoveryState): Promise<void> {
-    await setSecureKeyAsync(discoveryKey(this.serverId), JSON.stringify(state));
+    const ok = await setSecureKeyAsync(
+      discoveryKey(this.serverId),
+      JSON.stringify(state),
+    );
+    if (!ok) {
+      log.warn(
+        { serverId: this.serverId },
+        "Failed to persist OAuth discovery state to secure storage",
+      );
+    }
   }
 
   // --- Redirect to Authorization ---
@@ -214,16 +243,49 @@ export class McpOAuthProvider implements OAuthClientProvider {
     );
 
     if (scope === "all" || scope === "tokens") {
-      await deleteSecureKeyAsync(tokensKey(this.serverId));
+      const result = await deleteSecureKeyAsync(tokensKey(this.serverId));
+      if (result === "error") {
+        log.warn(
+          { serverId: this.serverId },
+          "Failed to delete OAuth tokens from secure storage",
+        );
+      } else if (result === "not-found") {
+        log.debug(
+          { serverId: this.serverId },
+          "OAuth tokens key not found in secure storage (already removed)",
+        );
+      }
     }
     if (scope === "all" || scope === "client") {
-      await deleteSecureKeyAsync(clientInfoKey(this.serverId));
+      const result = await deleteSecureKeyAsync(clientInfoKey(this.serverId));
+      if (result === "error") {
+        log.warn(
+          { serverId: this.serverId },
+          "Failed to delete OAuth client information from secure storage",
+        );
+      } else if (result === "not-found") {
+        log.debug(
+          { serverId: this.serverId },
+          "OAuth client information key not found in secure storage (already removed)",
+        );
+      }
     }
     if (scope === "all" || scope === "verifier") {
       this._codeVerifier = undefined;
     }
     if (scope === "all" || scope === "discovery") {
-      await deleteSecureKeyAsync(discoveryKey(this.serverId));
+      const result = await deleteSecureKeyAsync(discoveryKey(this.serverId));
+      if (result === "error") {
+        log.warn(
+          { serverId: this.serverId },
+          "Failed to delete OAuth discovery state from secure storage",
+        );
+      } else if (result === "not-found") {
+        log.debug(
+          { serverId: this.serverId },
+          "OAuth discovery state key not found in secure storage (already removed)",
+        );
+      }
     }
   }
 
@@ -373,12 +435,32 @@ export class McpOAuthProvider implements OAuthClientProvider {
 export async function deleteMcpOAuthCredentials(
   serverId: string,
 ): Promise<void> {
-  await Promise.all([
+  const [tokensResult, clientResult, discoveryResult] = await Promise.all([
     deleteSecureKeyAsync(tokensKey(serverId)),
     deleteSecureKeyAsync(clientInfoKey(serverId)),
     deleteSecureKeyAsync(discoveryKey(serverId)),
   ]);
-  log.info({ serverId }, "OAuth credentials deleted");
+  const results = [
+    { key: "tokens", result: tokensResult },
+    { key: "client_info", result: clientResult },
+    { key: "discovery", result: discoveryResult },
+  ];
+  const errors = results
+    .filter((r) => r.result === "error")
+    .map((r) => r.key);
+  if (errors.length > 0) {
+    log.warn(
+      { serverId, failedKeys: errors },
+      "Some OAuth credentials could not be deleted from secure storage",
+    );
+  }
+  const hasErrors = errors.length > 0;
+  log.info(
+    { serverId },
+    hasErrors
+      ? "OAuth credential deletion completed with errors"
+      : "OAuth credentials deleted",
+  );
 }
 
 // --- HTML rendering ---

package/src/media/app-icon-generator.ts

@@ -0,0 +1,86 @@
+/**
+ * Generates app icons using the Gemini image generation service.
+ *
+ * Called as an async side-effect after app creation — never blocks
+ * the main app_create flow. Icons are saved to the app's directory
+ * as `icon.png` and included in .vellum bundles.
+ */
+
+import { existsSync, mkdirSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import { getConfig } from "../config/loader.js";
+import { getAppsDir } from "../memory/app-store.js";
+import { getLogger } from "../util/logger.js";
+import { generateImage, mapGeminiError } from "./gemini-image-service.js";
+
+const log = getLogger("app-icon-generator");
+
+/**
+ * Generate an app icon and save it to `~/.vellum/apps/{appId}/icon.png`.
+ *
+ * Uses Gemini image generation when an API key is available.
+ * Silently no-ops if no key is configured or generation fails.
+ */
+export async function generateAppIcon(
+  appId: string,
+  appName: string,
+  appDescription?: string,
+): Promise<void> {
+  const config = getConfig();
+  const apiKey = config.apiKeys.gemini ?? process.env.GEMINI_API_KEY;
+  if (!apiKey) {
+    log.debug("No Gemini API key — skipping app icon generation");
+    return;
+  }
+
+  const appDir = join(getAppsDir(), appId);
+  const iconPath = join(appDir, "icon.png");
+
+  // Don't regenerate if icon already exists
+  if (existsSync(iconPath)) {
+    return;
+  }
+
+  const descPart = appDescription ? ` Description: ${appDescription}.` : "";
+
+  const prompt =
+    `Design a beautiful, minimal app icon for "${appName}".${descPart}\n\n` +
+    "Style requirements:\n" +
+    "- Square app icon with rounded corners (like macOS/iOS app icons)\n" +
+    "- Clean, flat design with a single bold symbol or glyph in the center\n" +
+    "- Rich gradient background using 2-3 harmonious colors\n" +
+    "- The symbol should be white or very light colored for contrast\n" +
+    "- No text, no letters, no words — only a symbolic glyph\n" +
+    "- Professional quality, recognizable at small sizes (32px)\n" +
+    "- Modern aesthetic similar to Apple's design language";
+
+  try {
+    log.info({ appId, appName }, "Generating app icon via Gemini");
+
+    const result = await generateImage(apiKey, {
+      prompt,
+      mode: "generate",
+      model: config.imageGenModel,
+    });
+
+    if (result.images.length === 0) {
+      log.warn({ appId }, "Gemini returned no image for app icon");
+      return;
+    }
+
+    const image = result.images[0];
+    const pngBuffer = Buffer.from(image.dataBase64, "base64");
+
+    mkdirSync(appDir, { recursive: true });
+    writeFileSync(iconPath, pngBuffer);
+
+    log.info({ appId, iconPath }, "App icon saved");
+  } catch (error) {
+    const message = mapGeminiError(error);
+    log.warn(
+      { appId, error: message },
+      "App icon generation failed — skipping",
+    );
+  }
+}

package/src/memory/db-init.ts

@@ -47,6 +47,7 @@ import {
   migrateConversationsThreadTypeIndex,
   migrateDropAssistantIdColumns,
   migrateDropLegacyMemberGuardianTables,
+  migrateDropUsageCompositeIndexes,
   migrateFkCascadeRebuilds,
   migrateGuardianActionFollowup,
   migrateGuardianActionSupersession,
@@ -63,6 +64,7 @@ import {
   migrateNotificationDeliveryThreadDecision,
   migrateReminderRoutingIntent,
   migrateSchemaIndexesAndColumns,
+  migrateUsageDashboardIndexes,
   migrateVoiceInviteColumns,
   migrateVoiceInviteDisplayMetadata,
   recoverCrashedMigrations,
@@ -293,6 +295,15 @@ export function initializeDb(): void {
   // 40. Drop assistant_id columns from all 16 daemon tables
   migrateDropAssistantIdColumns(database);
 
+  // 41. Indexes on llm_usage_events for usage dashboard time-range and breakdown queries
+  migrateUsageDashboardIndexes(database);
+
+  // 42. (skipped) migrateReorderUsageDashboardIndexes — superseded by 43 which drops
+  // all composite indexes that 42 would create, so running it is wasted work.
+
+  // 43. Drop all composite usage indexes — they don't eliminate temp B-trees for GROUP BY
+  migrateDropUsageCompositeIndexes(database);
+
   validateMigrationState(database);
 
   if (process.env.BUN_TEST === "1") {

package/src/memory/llm-usage-store.ts

@@ -7,8 +7,13 @@ import type {
   UsageEventInput,
 } from "../usage/types.js";
 import { getDb } from "./db.js";
+import { rawAll } from "./raw-query.js";
 import { llmUsageEvents } from "./schema.js";
 
+// ---------------------------------------------------------------------------
+// Write
+// ---------------------------------------------------------------------------
+
 export function recordUsageEvent(
   input: UsageEventInput,
   pricing: PricingResult,
@@ -43,6 +48,10 @@ export function recordUsageEvent(
   return event;
 }
 
+// ---------------------------------------------------------------------------
+// Read — single-event listing
+// ---------------------------------------------------------------------------
+
 export function listUsageEvents(options?: { limit?: number }): UsageEvent[] {
   const db = getDb();
   const rows = db
@@ -68,3 +77,180 @@ export function listUsageEvents(options?: { limit?: number }): UsageEvent[] {
     pricingStatus: row.pricingStatus as "priced" | "unpriced",
   }));
 }
+
+// ---------------------------------------------------------------------------
+// Aggregation — time-range queries for the usage dashboard
+// ---------------------------------------------------------------------------
+
+/** Epoch-millis time range (inclusive on both ends). */
+export interface UsageTimeRange {
+  from: number;
+  to: number;
+}
+
+/** Aggregate totals across a time range. */
+export interface UsageTotals {
+  totalInputTokens: number;
+  totalOutputTokens: number;
+  totalCacheCreationTokens: number;
+  totalCacheReadTokens: number;
+  totalEstimatedCostUsd: number;
+  eventCount: number;
+  pricedEventCount: number;
+  unpricedEventCount: number;
+}
+
+/** A single day bucket with its aggregate totals. */
+export interface UsageDayBucket {
+  /** ISO date string (YYYY-MM-DD) in UTC. */
+  date: string;
+  totalInputTokens: number;
+  totalOutputTokens: number;
+  totalEstimatedCostUsd: number;
+  eventCount: number;
+}
+
+/** A grouped breakdown row (by actor, provider, or model). */
+export interface UsageGroupBreakdown {
+  group: string;
+  totalInputTokens: number;
+  totalOutputTokens: number;
+  totalEstimatedCostUsd: number;
+  eventCount: number;
+}
+
+// -- raw row shapes returned by SQLite aggregation queries --
+
+interface TotalsRow {
+  total_input_tokens: number;
+  total_output_tokens: number;
+  total_cache_creation_tokens: number;
+  total_cache_read_tokens: number;
+  total_estimated_cost_usd: number | null;
+  event_count: number;
+  priced_event_count: number;
+  unpriced_event_count: number;
+}
+
+interface DayBucketRow {
+  date: string;
+  total_input_tokens: number;
+  total_output_tokens: number;
+  total_estimated_cost_usd: number | null;
+  event_count: number;
+}
+
+interface GroupRow {
+  group_key: string;
+  total_input_tokens: number;
+  total_output_tokens: number;
+  total_estimated_cost_usd: number | null;
+  event_count: number;
+}
+
+/**
+ * Return aggregate totals for all usage events within the given time range.
+ */
+export function getUsageTotals(range: UsageTimeRange): UsageTotals {
+  const rows = rawAll<TotalsRow>(
+    /*sql*/ `
+    SELECT
+      COALESCE(SUM(input_tokens), 0)                              AS total_input_tokens,
+      COALESCE(SUM(output_tokens), 0)                             AS total_output_tokens,
+      COALESCE(SUM(cache_creation_input_tokens), 0)               AS total_cache_creation_tokens,
+      COALESCE(SUM(cache_read_input_tokens), 0)                   AS total_cache_read_tokens,
+      COALESCE(SUM(estimated_cost_usd), 0)                        AS total_estimated_cost_usd,
+      COUNT(*)                                                     AS event_count,
+      COUNT(CASE WHEN pricing_status = 'priced' THEN 1 END)       AS priced_event_count,
+      COUNT(CASE WHEN pricing_status = 'unpriced' THEN 1 END)     AS unpriced_event_count
+    FROM llm_usage_events
+    WHERE created_at >= ?1 AND created_at <= ?2
+    `,
+    range.from,
+    range.to,
+  );
+  const row = rows[0];
+  return {
+    totalInputTokens: row.total_input_tokens,
+    totalOutputTokens: row.total_output_tokens,
+    totalCacheCreationTokens: row.total_cache_creation_tokens,
+    totalCacheReadTokens: row.total_cache_read_tokens,
+    totalEstimatedCostUsd: row.total_estimated_cost_usd ?? 0,
+    eventCount: row.event_count,
+    pricedEventCount: row.priced_event_count,
+    unpricedEventCount: row.unpriced_event_count,
+  };
+}
+
+/**
+ * Return per-day aggregates (UTC) within the given time range, ordered by date ascending.
+ *
+ * Each bucket key is a YYYY-MM-DD string derived by dividing the epoch-millis
+ * timestamp by 86400000 and formatting as a date.
+ */
+export function getUsageDayBuckets(range: UsageTimeRange): UsageDayBucket[] {
+  const rows = rawAll<DayBucketRow>(
+    /*sql*/ `
+    SELECT
+      strftime('%Y-%m-%d', created_at / 1000, 'unixepoch')  AS date,
+      COALESCE(SUM(input_tokens), 0)                         AS total_input_tokens,
+      COALESCE(SUM(output_tokens), 0)                        AS total_output_tokens,
+      COALESCE(SUM(estimated_cost_usd), 0)                   AS total_estimated_cost_usd,
+      COUNT(*)                                                AS event_count
+    FROM llm_usage_events
+    WHERE created_at >= ?1 AND created_at <= ?2
+    GROUP BY date
+    ORDER BY date ASC
+    `,
+    range.from,
+    range.to,
+  );
+  return rows.map((r) => ({
+    date: r.date,
+    totalInputTokens: r.total_input_tokens,
+    totalOutputTokens: r.total_output_tokens,
+    totalEstimatedCostUsd: r.total_estimated_cost_usd ?? 0,
+    eventCount: r.event_count,
+  }));
+}
+
+type GroupByDimension = "actor" | "provider" | "model";
+
+/**
+ * Return grouped breakdowns across the given time range, ordered by total
+ * estimated cost descending (most expensive group first).
+ */
+export function getUsageGroupBreakdown(
+  range: UsageTimeRange,
+  groupBy: GroupByDimension,
+): UsageGroupBreakdown[] {
+  // Runtime allowlist — defense-in-depth against SQL injection via type assertions.
+  const ALLOWED_COLUMNS = new Set<string>(["actor", "provider", "model"]);
+  if (!ALLOWED_COLUMNS.has(groupBy)) {
+    throw new Error(`Invalid groupBy column: ${groupBy}`);
+  }
+  const column = groupBy;
+  const rows = rawAll<GroupRow>(
+    /*sql*/ `
+    SELECT
+      ${column}                                      AS group_key,
+      COALESCE(SUM(input_tokens), 0)                 AS total_input_tokens,
+      COALESCE(SUM(output_tokens), 0)                AS total_output_tokens,
+      COALESCE(SUM(estimated_cost_usd), 0)           AS total_estimated_cost_usd,
+      COUNT(*)                                        AS event_count
+    FROM llm_usage_events
+    WHERE created_at >= ?1 AND created_at <= ?2
+    GROUP BY ${column}
+    ORDER BY total_estimated_cost_usd DESC
+    `,
+    range.from,
+    range.to,
+  );
+  return rows.map((r) => ({
+    group: r.group_key,
+    totalInputTokens: r.total_input_tokens,
+    totalOutputTokens: r.total_output_tokens,
+    totalEstimatedCostUsd: r.total_estimated_cost_usd ?? 0,
+    eventCount: r.event_count,
+  }));
+}

package/src/memory/migrations/137-usage-dashboard-indexes.ts

@@ -0,0 +1,26 @@
+import type { DrizzleDb } from "../db-connection.js";
+
+/**
+ * Idempotent migration to add indexes on llm_usage_events for the
+ * time-range and breakdown queries the usage dashboard needs.
+ *
+ * - Covering index on (created_at) for efficient time-range scans.
+ * - Composite index on (actor, created_at) for per-actor breakdowns.
+ * - Composite index on (provider, model, created_at) for provider/model grouping.
+ *
+ * SUPERSEDED: The two composite indexes are dropped by migration 139.
+ * They don't accelerate grouped queries — SQLite still uses temp B-trees
+ * for GROUP BY regardless of index column order. Only the plain
+ * created_at index (kept) provides value for range scans.
+ */
+export function migrateUsageDashboardIndexes(database: DrizzleDb): void {
+  database.run(
+    /*sql*/ `CREATE INDEX IF NOT EXISTS idx_llm_usage_events_created_at ON llm_usage_events(created_at)`,
+  );
+  database.run(
+    /*sql*/ `CREATE INDEX IF NOT EXISTS idx_llm_usage_events_actor_created_at ON llm_usage_events(actor, created_at)`,
+  );
+  database.run(
+    /*sql*/ `CREATE INDEX IF NOT EXISTS idx_llm_usage_events_provider_model_created_at ON llm_usage_events(provider, model, created_at)`,
+  );
+}

package/src/memory/migrations/139-drop-usage-composite-indexes.ts

@@ -0,0 +1,30 @@
+import type { DrizzleDb } from "../db-connection.js";
+
+/**
+ * Drop all composite indexes on llm_usage_events added by migrations 137
+ * and 138. EXPLAIN QUERY PLAN shows they provide no benefit: SQLite uses
+ * the created_at prefix for the range scan but still needs a temp B-tree
+ * for GROUP BY because the grouping column isn't contiguous after a range
+ * filter. For a local SQLite DB with typical usage volumes, the plain
+ * created_at index is sufficient and the temp B-tree overhead is negligible.
+ *
+ * The plain idx_llm_usage_events_created_at index (from migration 137)
+ * is intentionally kept — it genuinely helps range scans.
+ */
+export function migrateDropUsageCompositeIndexes(database: DrizzleDb): void {
+  // Migration 137 composites (may already be dropped by 138, hence IF EXISTS)
+  database.run(
+    /*sql*/ `DROP INDEX IF EXISTS idx_llm_usage_events_actor_created_at`,
+  );
+  database.run(
+    /*sql*/ `DROP INDEX IF EXISTS idx_llm_usage_events_provider_model_created_at`,
+  );
+
+  // Migration 138 composites
+  database.run(
+    /*sql*/ `DROP INDEX IF EXISTS idx_llm_usage_events_created_at_actor`,
+  );
+  database.run(
+    /*sql*/ `DROP INDEX IF EXISTS idx_llm_usage_events_created_at_provider_model`,
+  );
+}

package/src/memory/migrations/index.ts

@@ -79,6 +79,8 @@ export { migrateAssistantContactMetadata } from "./133-assistant-contact-metadat
 export { migrateContactsNotesColumn } from "./134-contacts-notes-column.js";
 export { migrateBackfillContactInteractionStats } from "./135-backfill-contact-interaction-stats.js";
 export { migrateDropAssistantIdColumns } from "./136-drop-assistant-id-columns.js";
+export { migrateUsageDashboardIndexes } from "./137-usage-dashboard-indexes.js";
+export { migrateDropUsageCompositeIndexes } from "./139-drop-usage-composite-indexes.js";
 export {
   MIGRATION_REGISTRY,
   type MigrationRegistryEntry,

package/src/memory/schema-migration.ts

@@ -28,6 +28,7 @@ export {
   migrateRemoveAssistantIdColumns,
   migrateSchemaIndexesAndColumns,
   migrateToolInvocationsFk,
+  migrateUsageDashboardIndexes,
   MIGRATION_REGISTRY,
   type MigrationRegistryEntry,
   type MigrationValidationResult,

package/src/memory/shared-app-links-store.ts

@@ -1,7 +1,7 @@
 /**
  * Store for cloud-shared app link records.
  *
- * Each record holds a .vellumapp zip bundle keyed by a short, shareable token.
+ * Each record holds a .vellum zip bundle keyed by a short, shareable token.
  */
 
 import { randomBytes, randomUUID } from "node:crypto";

package/src/messaging/registry.ts

@@ -2,9 +2,21 @@
  * Messaging provider registry — register/lookup providers by platform ID.
  */
 
+import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
+import { getConfig } from "../config/loader.js";
 import { getSecureKey } from "../security/secure-keys.js";
 import type { MessagingProvider } from "./provider.js";
 
+/**
+ * Per-platform feature flag keys. Platforms not listed here are allowed
+ * by default (undeclared keys resolve to `true`).
+ */
+const PLATFORM_FLAG_KEYS: Record<string, string> = {
+  gmail: "feature_flags.messaging.gmail.enabled",
+  telegram: "feature_flags.messaging.telegram.enabled",
+  sms: "feature_flags.sms.enabled",
+};
+
 const providers = new Map<string, MessagingProvider>();
 
 export function registerMessagingProvider(provider: MessagingProvider): void {
@@ -19,9 +31,24 @@ export function getMessagingProvider(id: string): MessagingProvider {
       `Messaging provider "${id}" not found. Available: ${available}`,
     );
   }
+  assertPlatformEnabled(id);
   return provider;
 }
 
+export function isPlatformEnabled(platformId: string): boolean {
+  const flagKey = PLATFORM_FLAG_KEYS[platformId];
+  if (!flagKey) return true;
+  return isAssistantFeatureFlagEnabled(flagKey, getConfig());
+}
+
+function assertPlatformEnabled(platformId: string): void {
+  if (!isPlatformEnabled(platformId)) {
+    throw new Error(
+      `The ${platformId} platform is not enabled. Enable it in Settings > Features.`,
+    );
+  }
+}
+
 /** Return all registered providers that have stored credentials. */
 export function getConnectedProviders(): MessagingProvider[] {
   return Array.from(providers.values()).filter((p) => {