@vellumai/assistant 0.4.46 → 0.4.49

package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts

@@ -3,8 +3,7 @@ import {
   listMessages,
 } from "../../../../messaging/providers/gmail/client.js";
 import type { GmailMessage } from "../../../../messaging/providers/gmail/types.js";
-import { getMessagingProvider } from "../../../../messaging/registry.js";
-import { withValidToken } from "../../../../security/token-manager.js";
+import { resolveOAuthConnection } from "../../../../oauth/connection-resolver.js";
 import type {
   ToolContext,
   ToolExecutionResult,
@@ -58,187 +57,190 @@ export async function run(
   const inputPageToken = input.page_token as string | undefined;
 
   try {
-    const provider = getMessagingProvider("gmail");
-    return await withValidToken(provider.credentialService, async (token) => {
-      // Pipeline: fire metadata fetches for each page of IDs as they arrive,
-      // overlapping fetch latency with pagination latency
-      const allMessageIds: string[] = [];
-      const fetchPromises: Promise<GmailMessage[]>[] = [];
-      let pageToken: string | undefined = inputPageToken;
-      let truncated = false;
-      let timeBudgetExceeded = false;
-      const metadataHeaders = ["From", "List-Unsubscribe", "Subject", "Date"];
-      const startTime = Date.now();
-      const TIME_BUDGET_MS = 90_000;
-
-      while (allMessageIds.length < maxMessages) {
-        if (Date.now() - startTime > TIME_BUDGET_MS) {
-          timeBudgetExceeded = true;
-          truncated = true;
-          break;
-        }
-        const pageSize = Math.min(100, maxMessages - allMessageIds.length);
-        const listResp = await listMessages(token, query, pageSize, pageToken);
-        const ids = (listResp.messages ?? []).map((m) => m.id);
-        if (ids.length === 0) break;
-        allMessageIds.push(...ids);
-        fetchPromises.push(
-          batchGetMessages(
-            token,
-            ids,
-            "metadata",
-            metadataHeaders,
-            "id,internalDate,payload/headers",
-          ),
-        );
-        pageToken = listResp.nextPageToken ?? undefined;
-        if (!pageToken) break;
+    const connection = resolveOAuthConnection("integration:gmail");
+    // Pipeline: fire metadata fetches for each page of IDs as they arrive,
+    // overlapping fetch latency with pagination latency
+    const allMessageIds: string[] = [];
+    const fetchPromises: Promise<GmailMessage[]>[] = [];
+    let pageToken: string | undefined = inputPageToken;
+    let truncated = false;
+    let timeBudgetExceeded = false;
+    const metadataHeaders = ["From", "List-Unsubscribe", "Subject", "Date"];
+    const startTime = Date.now();
+    const TIME_BUDGET_MS = 90_000;
+
+    while (allMessageIds.length < maxMessages) {
+      if (Date.now() - startTime > TIME_BUDGET_MS) {
+        timeBudgetExceeded = true;
+        truncated = true;
+        break;
       }
+      const pageSize = Math.min(100, maxMessages - allMessageIds.length);
+      const listResp = await listMessages(
+        connection,
+        query,
+        pageSize,
+        pageToken,
+      );
+      const ids = (listResp.messages ?? []).map((m) => m.id);
+      if (ids.length === 0) break;
+      allMessageIds.push(...ids);
+      fetchPromises.push(
+        batchGetMessages(
+          connection,
+          ids,
+          "metadata",
+          metadataHeaders,
+          "id,internalDate,payload/headers",
+        ),
+      );
+      pageToken = listResp.nextPageToken ?? undefined;
+      if (!pageToken) break;
+    }
 
-      // If we stopped because we hit the cap but there were still more pages, flag truncation
-      if (allMessageIds.length >= maxMessages && pageToken) {
-        truncated = true;
+    // If we stopped because we hit the cap but there were still more pages, flag truncation
+    if (allMessageIds.length >= maxMessages && pageToken) {
+      truncated = true;
+    }
+
+    if (allMessageIds.length === 0) {
+      return ok(
+        JSON.stringify({
+          senders: [],
+          total_scanned: 0,
+          message:
+            "No emails found matching the query. Try broadening the search (e.g. remove category filter or extend date range).",
+        }),
+      );
+    }
+
+    const messages = (await Promise.all(fetchPromises)).flat();
+
+    // Group by sender email
+    const senderMap = new Map<string, SenderAggregation>();
+
+    for (const msg of messages) {
+      const headers = msg.payload?.headers ?? [];
+      const fromHeader =
+        headers.find((h) => h.name.toLowerCase() === "from")?.value ?? "";
+      const subject =
+        headers.find((h) => h.name.toLowerCase() === "subject")?.value ?? "";
+      const dateStr =
+        headers.find((h) => h.name.toLowerCase() === "date")?.value ?? "";
+      const listUnsub = headers.find(
+        (h) => h.name.toLowerCase() === "list-unsubscribe",
+      )?.value;
+
+      const { displayName, email } = parseFrom(fromHeader);
+      if (!email) continue;
+
+      let agg = senderMap.get(email);
+      if (!agg) {
+        agg = {
+          displayName,
+          email,
+          messageCount: 0,
+          hasUnsubscribe: false,
+          newestMessageId: msg.id,
+          newestUnsubscribableMessageId: null,
+          newestUnsubscribableEpoch: 0,
+          oldestDate: dateStr,
+          newestDate: dateStr,
+          messageIds: [],
+          hasMore: false,
+          sampleSubjects: [],
+        };
+        senderMap.set(email, agg);
       }
 
-      if (allMessageIds.length === 0) {
-        return ok(
-          JSON.stringify({
-            senders: [],
-            total_scanned: 0,
-            message:
-              "No emails found matching the query. Try broadening the search (e.g. remove category filter or extend date range).",
-          }),
-        );
+      agg.messageCount++;
+
+      if (listUnsub) agg.hasUnsubscribe = true;
+
+      // Use displayName from earliest message that has one
+      if (!agg.displayName && displayName) agg.displayName = displayName;
+
+      // Track message IDs (cap at MAX_IDS_PER_SENDER)
+      if (agg.messageIds.length < MAX_IDS_PER_SENDER) {
+        agg.messageIds.push(msg.id);
+      } else {
+        agg.hasMore = true;
       }
 
-      const messages = (await Promise.all(fetchPromises)).flat();
-
-      // Group by sender email
-      const senderMap = new Map<string, SenderAggregation>();
-
-      for (const msg of messages) {
-        const headers = msg.payload?.headers ?? [];
-        const fromHeader =
-          headers.find((h) => h.name.toLowerCase() === "from")?.value ?? "";
-        const subject =
-          headers.find((h) => h.name.toLowerCase() === "subject")?.value ?? "";
-        const dateStr =
-          headers.find((h) => h.name.toLowerCase() === "date")?.value ?? "";
-        const listUnsub = headers.find(
-          (h) => h.name.toLowerCase() === "list-unsubscribe",
-        )?.value;
-
-        const { displayName, email } = parseFrom(fromHeader);
-        if (!email) continue;
-
-        let agg = senderMap.get(email);
-        if (!agg) {
-          agg = {
-            displayName,
-            email,
-            messageCount: 0,
-            hasUnsubscribe: false,
-            newestMessageId: msg.id,
-            newestUnsubscribableMessageId: null,
-            newestUnsubscribableEpoch: 0,
-            oldestDate: dateStr,
-            newestDate: dateStr,
-            messageIds: [],
-            hasMore: false,
-            sampleSubjects: [],
-          };
-          senderMap.set(email, agg);
-        }
-
-        agg.messageCount++;
-
-        if (listUnsub) agg.hasUnsubscribe = true;
-
-        // Use displayName from earliest message that has one
-        if (!agg.displayName && displayName) agg.displayName = displayName;
-
-        // Track message IDs (cap at MAX_IDS_PER_SENDER)
-        if (agg.messageIds.length < MAX_IDS_PER_SENDER) {
-          agg.messageIds.push(msg.id);
-        } else {
-          agg.hasMore = true;
-        }
-
-        // Track date range — compare using internalDate (epoch ms) for reliability
-        const msgEpoch = msg.internalDate ? Number(msg.internalDate) : 0;
-        const oldestEpoch = agg.oldestDate
-          ? new Date(agg.oldestDate).getTime()
-          : Infinity;
-        const newestEpoch = agg.newestDate
-          ? new Date(agg.newestDate).getTime()
-          : 0;
-
-        if (msgEpoch > 0 && msgEpoch < oldestEpoch) {
-          agg.oldestDate = dateStr || agg.oldestDate;
-        }
-        if (msgEpoch > newestEpoch) {
-          agg.newestDate = dateStr || agg.newestDate;
-          agg.newestMessageId = msg.id;
-        }
-
-        // Track the newest message that actually has List-Unsubscribe so
-        // gmail_unsubscribe() is called with a message that carries the header
-        if (listUnsub && msgEpoch >= agg.newestUnsubscribableEpoch) {
-          agg.newestUnsubscribableMessageId = msg.id;
-          agg.newestUnsubscribableEpoch = msgEpoch;
-        }
-
-        // Collect sample subjects
-        if (subject && agg.sampleSubjects.length < MAX_SAMPLE_SUBJECTS) {
-          agg.sampleSubjects.push(subject);
-        }
+      // Track date range — compare using internalDate (epoch ms) for reliability
+      const msgEpoch = msg.internalDate ? Number(msg.internalDate) : 0;
+      const oldestEpoch = agg.oldestDate
+        ? new Date(agg.oldestDate).getTime()
+        : Infinity;
+      const newestEpoch = agg.newestDate
+        ? new Date(agg.newestDate).getTime()
+        : 0;
+
+      if (msgEpoch > 0 && msgEpoch < oldestEpoch) {
+        agg.oldestDate = dateStr || agg.oldestDate;
+      }
+      if (msgEpoch > newestEpoch) {
+        agg.newestDate = dateStr || agg.newestDate;
+        agg.newestMessageId = msg.id;
       }
 
-      // Sort by message count descending, take top N
-      const sorted = [...senderMap.values()]
-        .sort((a, b) => b.messageCount - a.messageCount)
-        .slice(0, maxSenders);
+      // Track the newest message that actually has List-Unsubscribe so
+      // gmail_unsubscribe() is called with a message that carries the header
+      if (listUnsub && msgEpoch >= agg.newestUnsubscribableEpoch) {
+        agg.newestUnsubscribableMessageId = msg.id;
+        agg.newestUnsubscribableEpoch = msgEpoch;
+      }
 
-      const resultSenders = sorted.map((s) => ({
+      // Collect sample subjects
+      if (subject && agg.sampleSubjects.length < MAX_SAMPLE_SUBJECTS) {
+        agg.sampleSubjects.push(subject);
+      }
+    }
+
+    // Sort by message count descending, take top N
+    const sorted = [...senderMap.values()]
+      .sort((a, b) => b.messageCount - a.messageCount)
+      .slice(0, maxSenders);
+
+    const resultSenders = sorted.map((s) => ({
+      id: Buffer.from(s.email).toString("base64url"),
+      display_name: s.displayName || s.email.split("@")[0],
+      email: s.email,
+      message_count: s.messageCount,
+      has_unsubscribe: s.hasUnsubscribe,
+      // When unsubscribe is available, point to a message that carries the header
+      newest_message_id:
+        s.hasUnsubscribe && s.newestUnsubscribableMessageId
+          ? s.newestUnsubscribableMessageId
+          : s.newestMessageId,
+      oldest_date: s.oldestDate,
+      newest_date: s.newestDate,
+      // Preserve original query filters so follow-up searches stay scoped
+      search_query: `from:${s.email} ${query}`,
+      sample_subjects: s.sampleSubjects,
+    }));
+
+    // Store message IDs server-side to keep them out of LLM context
+    const scanId = storeScanResult(
+      sorted.map((s) => ({
         id: Buffer.from(s.email).toString("base64url"),
-        display_name: s.displayName || s.email.split("@")[0],
-        email: s.email,
-        message_count: s.messageCount,
-        has_unsubscribe: s.hasUnsubscribe,
-        // When unsubscribe is available, point to a message that carries the header
-        newest_message_id:
-          s.hasUnsubscribe && s.newestUnsubscribableMessageId
-            ? s.newestUnsubscribableMessageId
-            : s.newestMessageId,
-        oldest_date: s.oldestDate,
-        newest_date: s.newestDate,
-        // Preserve original query filters so follow-up searches stay scoped
-        search_query: `from:${s.email} ${query}`,
-        sample_subjects: s.sampleSubjects,
-      }));
-
-      // Store message IDs server-side to keep them out of LLM context
-      const scanId = storeScanResult(
-        sorted.map((s) => ({
-          id: Buffer.from(s.email).toString("base64url"),
-          messageIds: s.messageIds,
-          newestMessageId: s.newestMessageId,
-          newestUnsubscribableMessageId: s.newestUnsubscribableMessageId,
-        })),
-      );
-
-      return ok(
-        JSON.stringify({
-          scan_id: scanId,
-          senders: resultSenders,
-          total_scanned: allMessageIds.length,
-          query_used: query,
-          ...(truncated ? { truncated: true } : {}),
-          ...(timeBudgetExceeded ? { time_budget_exceeded: true } : {}),
-          note: `message_count reflects emails found per sender within the ${allMessageIds.length} messages scanned. Use scan_id with gmail_archive to archive messages (pass scan_id + sender_ids instead of message_ids).`,
-        }),
-      );
-    });
+        messageIds: s.messageIds,
+        newestMessageId: s.newestMessageId,
+        newestUnsubscribableMessageId: s.newestUnsubscribableMessageId,
+      })),
+    );
+
+    return ok(
+      JSON.stringify({
+        scan_id: scanId,
+        senders: resultSenders,
+        total_scanned: allMessageIds.length,
+        query_used: query,
+        ...(truncated ? { truncated: true } : {}),
+        ...(timeBudgetExceeded ? { time_budget_exceeded: true } : {}),
+        note: `message_count reflects emails found per sender within the ${allMessageIds.length} messages scanned. Use scan_id with gmail_archive to archive messages (pass scan_id + sender_ids instead of message_ids).`,
+      }),
+    );
   } catch (e) {
     return err(e instanceof Error ? e.message : String(e));
   }

package/src/config/bundled-skills/gmail/tools/gmail-trash.ts

@@ -1,6 +1,5 @@
 import { trashMessage } from "../../../../messaging/providers/gmail/client.js";
-import { getMessagingProvider } from "../../../../messaging/registry.js";
-import { withValidToken } from "../../../../security/token-manager.js";
+import { resolveOAuthConnection } from "../../../../oauth/connection-resolver.js";
 import type {
   ToolContext,
   ToolExecutionResult,
@@ -18,11 +17,9 @@ export async function run(
   }
 
   try {
-    const provider = getMessagingProvider("gmail");
-    return await withValidToken(provider.credentialService, async (token) => {
-      await trashMessage(token, messageId);
-      return ok("Message moved to trash.");
-    });
+    const connection = resolveOAuthConnection("integration:gmail");
+    await trashMessage(connection, messageId);
+    return ok("Message moved to trash.");
   } catch (e) {
     return err(e instanceof Error ? e.message : String(e));
   }

package/src/config/bundled-skills/gmail/tools/gmail-unsubscribe.ts

@@ -2,8 +2,7 @@ import {
   getMessage,
   sendMessage,
 } from "../../../../messaging/providers/gmail/client.js";
-import { getMessagingProvider } from "../../../../messaging/registry.js";
-import { withValidToken } from "../../../../security/token-manager.js";
+import { resolveOAuthConnection } from "../../../../oauth/connection-resolver.js";
 import {
   isPrivateOrLocalHost,
   resolveHostAddresses,
@@ -32,92 +31,88 @@ export async function run(
   }
 
   try {
-    const provider = getMessagingProvider("gmail");
-    return await withValidToken(provider.credentialService, async (token) => {
-      const message = await getMessage(token, messageId, "metadata", [
-        "List-Unsubscribe",
-        "List-Unsubscribe-Post",
-      ]);
-      const headers = message.payload?.headers ?? [];
-      const unsubHeader = headers.find(
-        (h) => h.name.toLowerCase() === "list-unsubscribe",
-      )?.value;
+    const connection = resolveOAuthConnection("integration:gmail");
+    const message = await getMessage(connection, messageId, "metadata", [
+      "List-Unsubscribe",
+      "List-Unsubscribe-Post",
+    ]);
+    const headers = message.payload?.headers ?? [];
+    const unsubHeader = headers.find(
+      (h) => h.name.toLowerCase() === "list-unsubscribe",
+    )?.value;
 
-      if (!unsubHeader) {
-        return err(
-          "No List-Unsubscribe header found. Manual unsubscribe may be required.",
+    if (!unsubHeader) {
+      return err(
+        "No List-Unsubscribe header found. Manual unsubscribe may be required.",
+      );
+    }
+
+    const httpsMatch = unsubHeader.match(/<(https:\/\/[^>]+)>/);
+    const mailtoMatch = unsubHeader.match(/<mailto:([^>]+)>/);
+    const postHeader = headers.find(
+      (h) => h.name.toLowerCase() === "list-unsubscribe-post",
+    )?.value;
+
+    if (httpsMatch) {
+      const url = httpsMatch[1];
+      let parsed: URL;
+      let validatedAddresses: string[];
+      try {
+        parsed = new URL(url);
+        if (parsed.protocol !== "https:") {
+          return err("Unsubscribe URL must use HTTPS.");
+        }
+        if (isPrivateOrLocalHost(parsed.hostname)) {
+          return err("Unsubscribe URL points to a private or local address.");
+        }
+        const { addresses, blockedAddress } = await resolveRequestAddress(
+          parsed.hostname,
+          resolveHostAddresses,
+          false,
         );
+        if (blockedAddress) {
+          return err("Unsubscribe URL resolves to a private or local address.");
+        }
+        if (addresses.length === 0) {
+          return err("Unable to resolve unsubscribe URL hostname.");
+        }
+        validatedAddresses = addresses;
+      } catch {
+        return err("Invalid unsubscribe URL.");
       }
 
-      const httpsMatch = unsubHeader.match(/<(https:\/\/[^>]+)>/);
-      const mailtoMatch = unsubHeader.match(/<mailto:([^>]+)>/);
-      const postHeader = headers.find(
-        (h) => h.name.toLowerCase() === "list-unsubscribe-post",
-      )?.value;
+      const method = postHeader ? "POST" : "GET";
+      const reqOpts = postHeader
+        ? {
+            method: "POST" as const,
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: postHeader,
+          }
+        : undefined;
 
-      if (httpsMatch) {
-        const url = httpsMatch[1];
-        let parsed: URL;
-        let validatedAddresses: string[];
+      let lastStatus = 0;
+      for (const address of validatedAddresses) {
         try {
-          parsed = new URL(url);
-          if (parsed.protocol !== "https:") {
-            return err("Unsubscribe URL must use HTTPS.");
-          }
-          if (isPrivateOrLocalHost(parsed.hostname)) {
-            return err("Unsubscribe URL points to a private or local address.");
-          }
-          const { addresses, blockedAddress } = await resolveRequestAddress(
-            parsed.hostname,
-            resolveHostAddresses,
-            false,
-          );
-          if (blockedAddress) {
-            return err(
-              "Unsubscribe URL resolves to a private or local address.",
-            );
+          lastStatus = await pinnedHttpsRequest(parsed, address, reqOpts);
+          if (lastStatus >= 200 && lastStatus < 400) {
+            return ok(`Successfully unsubscribed via HTTPS ${method}.`);
           }
-          if (addresses.length === 0) {
-            return err("Unable to resolve unsubscribe URL hostname.");
-          }
-          validatedAddresses = addresses;
         } catch {
-          return err("Invalid unsubscribe URL.");
-        }
-
-        const method = postHeader ? "POST" : "GET";
-        const reqOpts = postHeader
-          ? {
-              method: "POST" as const,
-              headers: { "Content-Type": "application/x-www-form-urlencoded" },
-              body: postHeader,
-            }
-          : undefined;
-
-        let lastStatus = 0;
-        for (const address of validatedAddresses) {
-          try {
-            lastStatus = await pinnedHttpsRequest(parsed, address, reqOpts);
-            if (lastStatus >= 200 && lastStatus < 400) {
-              return ok(`Successfully unsubscribed via HTTPS ${method}.`);
-            }
-          } catch {
-            continue;
-          }
+          continue;
         }
-        return err(`Unsubscribe request failed: ${lastStatus}`);
       }
+      return err(`Unsubscribe request failed: ${lastStatus}`);
+    }
 
-      if (mailtoMatch) {
-        const mailtoAddr = mailtoMatch[1].split("?")[0];
-        await sendMessage(token, mailtoAddr, "Unsubscribe", "Unsubscribe");
-        return ok(`Unsubscribe email sent to ${mailtoAddr}.`);
-      }
+    if (mailtoMatch) {
+      const mailtoAddr = mailtoMatch[1].split("?")[0];
+      await sendMessage(connection, mailtoAddr, "Unsubscribe", "Unsubscribe");
+      return ok(`Unsubscribe email sent to ${mailtoAddr}.`);
+    }
 
-      return err(
-        "No supported unsubscribe method found (requires https: or mailto: URL).",
-      );
-    });
+    return err(
+      "No supported unsubscribe method found (requires https: or mailto: URL).",
+    );
   } catch (e) {
     return err(e instanceof Error ? e.message : String(e));
   }

package/src/config/bundled-skills/gmail/tools/gmail-vacation.ts

@@ -3,8 +3,7 @@ import {
   updateVacation,
 } from "../../../../messaging/providers/gmail/client.js";
 import type { GmailVacationSettings } from "../../../../messaging/providers/gmail/types.js";
-import { getMessagingProvider } from "../../../../messaging/registry.js";
-import { withValidToken } from "../../../../security/token-manager.js";
+import { resolveOAuthConnection } from "../../../../oauth/connection-resolver.js";
 import type {
   ToolContext,
   ToolExecutionResult,
@@ -22,48 +21,43 @@ export async function run(
   }
 
   try {
-    const provider = getMessagingProvider("gmail");
-    return await withValidToken(provider.credentialService, async (token) => {
-      switch (action) {
-        case "get": {
-          const settings = await getVacation(token);
-          return ok(JSON.stringify(settings, null, 2));
-        }
-
-        case "enable": {
-          const message = input.message as string;
-          if (!message)
-            return err("message is required when enabling vacation responder.");
+    const connection = resolveOAuthConnection("integration:gmail");
+    switch (action) {
+      case "get": {
+        const settings = await getVacation(connection);
+        return ok(JSON.stringify(settings, null, 2));
+      }
 
-          const settings: GmailVacationSettings = {
-            enableAutoReply: true,
-            responseSubject: (input.subject as string) ?? "Out of Office",
-            responseBodyPlainText: message,
-            restrictToContacts:
-              (input.restrict_to_contacts as boolean) ?? false,
-            restrictToDomain: (input.restrict_to_domain as boolean) ?? false,
-          };
+      case "enable": {
+        const message = input.message as string;
+        if (!message)
+          return err("message is required when enabling vacation responder.");
 
-          if (input.start_time) settings.startTime = String(input.start_time);
-          if (input.end_time) settings.endTime = String(input.end_time);
+        const settings: GmailVacationSettings = {
+          enableAutoReply: true,
+          responseSubject: (input.subject as string) ?? "Out of Office",
+          responseBodyPlainText: message,
+          restrictToContacts: (input.restrict_to_contacts as boolean) ?? false,
+          restrictToDomain: (input.restrict_to_domain as boolean) ?? false,
+        };
 
-          const updated = await updateVacation(token, settings);
-          return ok(
-            `Vacation responder enabled.\n${JSON.stringify(updated, null, 2)}`,
-          );
-        }
+        if (input.start_time) settings.startTime = String(input.start_time);
+        if (input.end_time) settings.endTime = String(input.end_time);
 
-        case "disable": {
-          await updateVacation(token, { enableAutoReply: false });
-          return ok("Vacation responder disabled.");
-        }
+        const updated = await updateVacation(connection, settings);
+        return ok(
+          `Vacation responder enabled.\n${JSON.stringify(updated, null, 2)}`,
+        );
+      }
 
-        default:
-          return err(
-            `Unknown action "${action}". Use get, enable, or disable.`,
-          );
+      case "disable": {
+        await updateVacation(connection, { enableAutoReply: false });
+        return ok("Vacation responder disabled.");
       }
-    });
+
+      default:
+        return err(`Unknown action "${action}". Use get, enable, or disable.`);
+    }
   } catch (e) {
     return err(e instanceof Error ? e.message : String(e));
   }