npm - @vellumai/assistant - Versions diffs - 0.4.49 → 0.4.51 - Mend

@vellumai/assistant 0.4.49 → 0.4.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (353) hide show

package/ARCHITECTURE.md +24 -33
package/README.md +3 -3
package/docs/architecture/integrations.md +2 -2
package/docs/architecture/keychain-broker.md +6 -6
package/docs/architecture/memory.md +180 -119
package/knip.json +32 -0
package/package.json +3 -2
package/src/__tests__/agent-loop.test.ts +3 -1
package/src/__tests__/anthropic-provider.test.ts +114 -23
package/src/__tests__/approval-cascade.test.ts +1 -15
package/src/__tests__/approval-routes-http.test.ts +2 -0
package/src/__tests__/assistant-feature-flag-guard.test.ts +0 -23
package/src/__tests__/btw-routes.test.ts +61 -5
package/src/__tests__/canonical-guardian-store.test.ts +95 -0
package/src/__tests__/checker.test.ts +13 -0
package/src/__tests__/config-schema.test.ts +1 -68
package/src/__tests__/config-watcher.test.ts +8 -0
package/src/__tests__/context-memory-e2e.test.ts +11 -100
package/src/__tests__/conversation-routes-guardian-reply.test.ts +8 -0
package/src/__tests__/conversation-routes-slash-commands.test.ts +1 -0
package/src/__tests__/credential-security-e2e.test.ts +1 -0
package/src/__tests__/credential-security-invariants.test.ts +8 -7
package/src/__tests__/credential-vault-unit.test.ts +23 -18
package/src/__tests__/credential-vault.test.ts +30 -18
package/src/__tests__/credentials-cli.test.ts +257 -82
package/src/__tests__/cu-unified-flow.test.ts +532 -0
package/src/__tests__/date-context.test.ts +93 -77
package/src/__tests__/deterministic-verification-control-plane.test.ts +64 -0
package/src/__tests__/guardian-routing-invariants.test.ts +93 -0
package/src/__tests__/history-repair.test.ts +245 -0
package/src/__tests__/host-cu-proxy.test.ts +165 -3
package/src/__tests__/http-user-message-parity.test.ts +1 -0
package/src/__tests__/inbound-invite-redemption.test.ts +36 -7
package/src/__tests__/integration-status.test.ts +31 -30
package/src/__tests__/invite-redemption-service.test.ts +166 -13
package/src/__tests__/invite-routes-http.test.ts +166 -5
package/src/__tests__/keychain-broker-client.test.ts +4 -4
package/src/__tests__/list-messages-attachments.test.ts +193 -0
package/src/__tests__/memory-context-benchmark.benchmark.test.ts +56 -18
package/src/__tests__/memory-lifecycle-e2e.test.ts +244 -387
package/src/__tests__/memory-recall-quality.test.ts +244 -407
package/src/__tests__/memory-regressions.experimental.test.ts +126 -101
package/src/__tests__/memory-regressions.test.ts +477 -2841
package/src/__tests__/memory-retrieval.benchmark.test.ts +33 -150
package/src/__tests__/memory-upsert-concurrency.test.ts +5 -244
package/src/__tests__/mime-builder.test.ts +28 -0
package/src/__tests__/native-web-search.test.ts +1 -0
package/src/__tests__/oauth-cli.test.ts +824 -31
package/src/__tests__/oauth-provider-profiles.test.ts +1 -1
package/src/__tests__/oauth-store.test.ts +363 -17
package/src/__tests__/qdrant-collection-migration.test.ts +53 -8
package/src/__tests__/registry.test.ts +0 -1
package/src/__tests__/relay-server.test.ts +55 -1
package/src/__tests__/schedule-tools.test.ts +32 -0
package/src/__tests__/script-proxy-certs.test.ts +1 -1
package/src/__tests__/secret-onetime-send.test.ts +1 -0
package/src/__tests__/secret-routes-managed-proxy.test.ts +183 -0
package/src/__tests__/secure-keys.test.ts +78 -18
package/src/__tests__/send-endpoint-busy.test.ts +3 -0
package/src/__tests__/server-history-render.test.ts +2 -2
package/src/__tests__/session-abort-tool-results.test.ts +1 -14
package/src/__tests__/session-agent-loop-overflow.test.ts +1583 -0
package/src/__tests__/session-agent-loop.test.ts +19 -15
package/src/__tests__/session-confirmation-signals.test.ts +1 -15
package/src/__tests__/session-error.test.ts +124 -2
package/src/__tests__/session-history-web-search.test.ts +918 -0
package/src/__tests__/session-pre-run-repair.test.ts +1 -14
package/src/__tests__/session-provider-retry-repair.test.ts +25 -28
package/src/__tests__/session-queue.test.ts +37 -27
package/src/__tests__/session-runtime-assembly.test.ts +54 -0
package/src/__tests__/session-slash-known.test.ts +1 -15
package/src/__tests__/session-slash-queue.test.ts +1 -15
package/src/__tests__/session-slash-unknown.test.ts +1 -15
package/src/__tests__/session-workspace-cache-state.test.ts +3 -33
package/src/__tests__/session-workspace-injection.test.ts +3 -37
package/src/__tests__/session-workspace-tool-tracking.test.ts +3 -37
package/src/__tests__/skills-install-extract.test.ts +93 -0
package/src/__tests__/skills.test.ts +2 -2
package/src/__tests__/skillssh-registry.test.ts +451 -0
package/src/__tests__/slack-channel-config.test.ts +10 -8
package/src/__tests__/trust-store.test.ts +15 -0
package/src/__tests__/twilio-config.test.ts +11 -10
package/src/__tests__/twilio-provider.test.ts +9 -4
package/src/__tests__/voice-invite-redemption.test.ts +85 -5
package/src/agent/ax-tree-compaction.test.ts +51 -0
package/src/agent/loop.ts +39 -12
package/src/approvals/AGENTS.md +1 -1
package/src/approvals/guardian-request-resolvers.ts +14 -2
package/src/bundler/compiler-tools.ts +66 -2
package/src/calls/call-domain.ts +134 -3
package/src/calls/call-store.ts +6 -0
package/src/calls/relay-server.ts +44 -6
package/src/calls/relay-setup-router.ts +17 -1
package/src/calls/twilio-config.ts +5 -4
package/src/calls/twilio-provider.ts +14 -9
package/src/calls/twilio-rest.ts +10 -7
package/src/calls/types.ts +3 -1
package/src/cli/commands/config.ts +14 -9
package/src/cli/commands/contacts.ts +3 -0
package/src/cli/commands/credentials.ts +170 -174
package/src/cli/commands/doctor.ts +11 -8
package/src/cli/commands/keys.ts +9 -9
package/src/cli/commands/mcp.ts +46 -59
package/src/cli/commands/memory.ts +16 -165
package/src/cli/commands/oauth/apps.ts +68 -10
package/src/cli/commands/oauth/connections.ts +475 -105
package/src/cli/commands/oauth/index.ts +3 -3
package/src/cli/commands/oauth/providers.ts +18 -4
package/src/cli/commands/sessions.ts +5 -2
package/src/cli/commands/skills.ts +173 -1
package/src/cli/http-client.ts +0 -20
package/src/cli/main-screen.tsx +2 -2
package/src/cli/program.ts +5 -6
package/src/cli.ts +20 -22
package/src/config/__tests__/feature-flag-registry-bundled.test.ts +39 -0
package/src/config/bundled-skills/computer-use/TOOLS.json +1 -1
package/src/config/bundled-skills/computer-use/tools/computer-use-observe.ts +12 -0
package/src/config/bundled-skills/contacts/SKILL.md +35 -11
package/src/config/bundled-skills/contacts/tools/google-contacts.ts +1 -1
package/src/config/bundled-skills/gmail/SKILL.md +1 -1
package/src/config/bundled-skills/gmail/TOOLS.json +52 -0
package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +13 -3
package/src/config/bundled-skills/gmail/tools/gmail-attachments.ts +9 -2
package/src/config/bundled-skills/gmail/tools/gmail-draft.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-filters.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-follow-up.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-forward.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-label.ts +9 -2
package/src/config/bundled-skills/gmail/tools/gmail-outreach-scan.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-send-draft.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-trash.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-unsubscribe.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-vacation.ts +5 -1
package/src/config/bundled-skills/google-calendar/TOOLS.json +20 -0
package/src/config/bundled-skills/google-calendar/tools/calendar-check-availability.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/calendar-create-event.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/calendar-get-event.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/calendar-list-events.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/calendar-rsvp.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/shared.ts +8 -2
package/src/config/bundled-skills/messaging/SKILL.md +1 -1
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-archive-by-sender.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-auth-test.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-list-conversations.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-mark-read.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-read.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-search.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-sender-digest.ts +2 -2
package/src/config/bundled-skills/messaging/tools/shared.ts +7 -5
package/src/config/bundled-skills/slack/tools/shared.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-add-reaction.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-channel-details.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-delete-message.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-edit-message.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-leave-channel.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts +1 -1
package/src/config/bundled-tool-registry.ts +2 -5
package/src/config/loader.ts +6 -42
package/src/config/schema.ts +1 -12
package/src/config/schemas/memory-lifecycle.ts +0 -9
package/src/config/schemas/memory-processing.ts +0 -180
package/src/config/schemas/memory-retrieval.ts +32 -104
package/src/config/schemas/memory.ts +0 -10
package/src/config/types.ts +0 -4
package/src/contacts/contact-store.ts +39 -2
package/src/contacts/contacts-write.ts +9 -0
package/src/context/window-manager.ts +4 -1
package/src/daemon/config-watcher.ts +55 -2
package/src/daemon/daemon-control.ts +1 -1
package/src/daemon/date-context.ts +114 -31
package/src/daemon/handlers/config-ingress.ts +2 -2
package/src/daemon/handlers/config-slack-channel.ts +59 -39
package/src/daemon/handlers/config-telegram.ts +23 -14
package/src/daemon/handlers/session-history.ts +1 -358
package/src/daemon/handlers/sessions.ts +18 -13
package/src/daemon/handlers/shared.ts +3 -17
package/src/daemon/handlers/skills.ts +20 -1
package/src/daemon/history-repair.ts +72 -8
package/src/daemon/host-cu-proxy.ts +55 -26
package/src/daemon/lifecycle.ts +39 -4
package/src/daemon/mcp-reload-service.ts +2 -2
package/src/daemon/message-types/computer-use.ts +1 -12
package/src/daemon/message-types/memory.ts +4 -16
package/src/daemon/message-types/messages.ts +1 -0
package/src/daemon/message-types/sessions.ts +4 -42
package/src/daemon/server.ts +6 -1
package/src/daemon/session-agent-loop-handlers.ts +38 -0
package/src/daemon/session-agent-loop.ts +334 -48
package/src/daemon/session-error.ts +89 -6
package/src/daemon/session-history.ts +17 -7
package/src/daemon/session-media-retry.ts +6 -2
package/src/daemon/session-memory.ts +69 -149
package/src/daemon/session-process.ts +10 -1
package/src/daemon/session-runtime-assembly.ts +49 -19
package/src/daemon/session-slash.ts +3 -5
package/src/daemon/session-surfaces.ts +4 -1
package/src/daemon/session-tool-setup.ts +7 -1
package/src/daemon/session.ts +12 -2
package/src/email/providers/index.ts +2 -2
package/src/instrument.ts +61 -1
package/src/media/avatar-router.ts +1 -1
package/src/memory/admin.ts +2 -191
package/src/memory/canonical-guardian-store.ts +38 -2
package/src/memory/conversation-crud.ts +0 -33
package/src/memory/conversation-queries.ts +25 -83
package/src/memory/db-init.ts +32 -0
package/src/memory/embedding-backend.ts +84 -8
package/src/memory/embedding-types.ts +9 -1
package/src/memory/indexer.ts +7 -46
package/src/memory/invite-store.ts +19 -0
package/src/memory/items-extractor.ts +274 -76
package/src/memory/job-handlers/backfill.ts +2 -127
package/src/memory/job-handlers/cleanup.ts +2 -16
package/src/memory/job-handlers/extraction.ts +2 -138
package/src/memory/job-handlers/index-maintenance.ts +1 -6
package/src/memory/job-handlers/summarization.ts +3 -148
package/src/memory/job-utils.ts +21 -59
package/src/memory/jobs-store.ts +1 -159
package/src/memory/jobs-worker.ts +9 -52
package/src/memory/migrations/104-core-indexes.ts +3 -3
package/src/memory/migrations/149-oauth-tables.ts +2 -0
package/src/memory/migrations/150-oauth-apps-client-secret-path.ts +98 -0
package/src/memory/migrations/151-oauth-providers-ping-url.ts +11 -0
package/src/memory/migrations/152-memory-item-supersession.ts +44 -0
package/src/memory/migrations/153-drop-entity-tables.ts +15 -0
package/src/memory/migrations/154-drop-fts.ts +20 -0
package/src/memory/migrations/155-drop-conflicts.ts +7 -0
package/src/memory/migrations/156-call-session-invite-metadata.ts +24 -0
package/src/memory/migrations/157-invite-contact-id.ts +104 -0
package/src/memory/migrations/index.ts +8 -0
package/src/memory/migrations/registry.ts +6 -0
package/src/memory/qdrant-client.ts +148 -51
package/src/memory/raw-query.ts +1 -1
package/src/memory/retriever.test.ts +294 -273
package/src/memory/retriever.ts +421 -645
package/src/memory/schema/calls.ts +2 -0
package/src/memory/schema/contacts.ts +1 -0
package/src/memory/schema/memory-core.ts +3 -48
package/src/memory/schema/oauth.ts +2 -0
package/src/memory/search/formatting.ts +263 -176
package/src/memory/search/lexical.ts +1 -254
package/src/memory/search/ranking.ts +0 -455
package/src/memory/search/semantic.ts +100 -14
package/src/memory/search/staleness.ts +47 -0
package/src/memory/search/tier-classifier.ts +21 -0
package/src/memory/search/types.ts +15 -77
package/src/memory/task-memory-cleanup.ts +4 -6
package/src/messaging/provider.ts +1 -1
package/src/messaging/providers/gmail/adapter.ts +1 -1
package/src/messaging/providers/gmail/mime-builder.ts +17 -7
package/src/messaging/providers/telegram-bot/adapter.ts +17 -8
package/src/messaging/providers/whatsapp/adapter.ts +13 -9
package/src/messaging/registry.ts +9 -5
package/src/oauth/byo-connection.test.ts +40 -25
package/src/oauth/connect-orchestrator.ts +4 -10
package/src/oauth/connection-resolver.ts +20 -6
package/src/oauth/manual-token-connection.ts +5 -5
package/src/oauth/oauth-store.ts +183 -31
package/src/oauth/platform-connection.test.ts +1 -1
package/src/oauth/provider-behaviors.ts +503 -4
package/src/oauth/seed-providers.ts +214 -8
package/src/oauth/token-persistence.ts +31 -16
package/src/permissions/defaults.ts +1 -0
package/src/permissions/trust-store.ts +23 -1
package/src/playbooks/playbook-compiler.ts +1 -1
package/src/prompts/system-prompt.ts +18 -2
package/src/providers/anthropic/client.ts +56 -126
package/src/providers/types.ts +7 -1
package/src/runtime/AGENTS.md +9 -0
package/src/runtime/auth/route-policy.ts +6 -3
package/src/runtime/channel-readiness-service.ts +48 -40
package/src/runtime/guardian-reply-router.ts +24 -22
package/src/runtime/http-server.ts +2 -2
package/src/runtime/http-types.ts +2 -0
package/src/runtime/invite-redemption-service.ts +72 -12
package/src/runtime/invite-service.ts +43 -0
package/src/runtime/middleware/twilio-validation.ts +1 -1
package/src/runtime/pending-interactions.ts +2 -2
package/src/runtime/routes/brain-graph-routes.ts +10 -90
package/src/runtime/routes/btw-routes.ts +10 -5
package/src/runtime/routes/conversation-routes.ts +56 -11
package/src/runtime/routes/inbound-stages/acl-enforcement.ts +21 -12
package/src/runtime/routes/integrations/slack/channel.ts +2 -2
package/src/runtime/routes/integrations/telegram.ts +2 -2
package/src/runtime/routes/integrations/twilio.ts +17 -17
package/src/runtime/routes/invite-routes.ts +29 -4
package/src/runtime/routes/memory-item-routes.test.ts +754 -0
package/src/runtime/routes/memory-item-routes.ts +503 -0
package/src/runtime/routes/secret-routes.ts +17 -0
package/src/runtime/routes/session-management-routes.ts +3 -3
package/src/runtime/routes/settings-routes.ts +3 -3
package/src/runtime/routes/trust-rules-routes.ts +14 -0
package/src/runtime/routes/workspace-routes.ts +9 -4
package/src/runtime/routes/workspace-utils.ts +8 -2
package/src/schedule/integration-status.ts +26 -19
package/src/security/keychain-broker-client.ts +17 -4
package/src/security/oauth2.ts +6 -7
package/src/security/secure-keys.ts +44 -19
package/src/security/token-manager.ts +46 -39
package/src/services/vercel-deploy.ts +0 -24
package/src/signals/confirm.ts +78 -0
package/src/signals/mcp-reload.ts +18 -0
package/src/skills/catalog-install.ts +74 -18
package/src/skills/skillssh-registry.ts +503 -0
package/src/tools/assets/search.ts +5 -1
package/src/tools/computer-use/definitions.ts +0 -10
package/src/tools/computer-use/registry.ts +1 -1
package/src/tools/credentials/vault.ts +22 -7
package/src/tools/memory/definitions.ts +4 -13
package/src/tools/memory/handlers.test.ts +83 -103
package/src/tools/memory/handlers.ts +50 -85
package/src/tools/network/script-proxy/session-manager.ts +8 -8
package/src/tools/schedule/create.ts +10 -3
package/src/tools/schedule/update.ts +8 -1
package/src/tools/skills/load.ts +25 -2
package/src/watcher/provider-types.ts +1 -1
package/src/watcher/providers/github.ts +1 -1
package/src/watcher/providers/gmail.ts +3 -3
package/src/watcher/providers/google-calendar.ts +3 -3
package/src/watcher/providers/linear.ts +1 -1
package/src/__tests__/clarification-resolver.test.ts +0 -193
package/src/__tests__/conflict-intent-tokenization.test.ts +0 -160
package/src/__tests__/conflict-policy.test.ts +0 -269
package/src/__tests__/conflict-store.test.ts +0 -372
package/src/__tests__/contradiction-checker.test.ts +0 -361
package/src/__tests__/entity-extractor.test.ts +0 -211
package/src/__tests__/entity-search.test.ts +0 -1117
package/src/__tests__/profile-compiler.test.ts +0 -392
package/src/__tests__/session-conflict-gate.test.ts +0 -1228
package/src/__tests__/session-profile-injection.test.ts +0 -557
package/src/config/bundled-skills/knowledge-graph/SKILL.md +0 -25
package/src/config/bundled-skills/knowledge-graph/TOOLS.json +0 -66
package/src/config/bundled-skills/knowledge-graph/tools/graph-query.ts +0 -211
package/src/daemon/session-conflict-gate.ts +0 -167
package/src/daemon/session-dynamic-profile.ts +0 -77
package/src/memory/clarification-resolver.ts +0 -417
package/src/memory/conflict-intent.ts +0 -205
package/src/memory/conflict-policy.ts +0 -127
package/src/memory/conflict-store.ts +0 -410
package/src/memory/contradiction-checker.ts +0 -508
package/src/memory/entity-extractor.ts +0 -535
package/src/memory/format-recall.ts +0 -47
package/src/memory/fts-reconciler.ts +0 -165
package/src/memory/job-handlers/conflict.ts +0 -200
package/src/memory/profile-compiler.ts +0 -195
package/src/memory/recall-cache.ts +0 -117
package/src/memory/search/entity.ts +0 -535
package/src/memory/search/query-expansion.test.ts +0 -70
package/src/memory/search/query-expansion.ts +0 -118
package/src/runtime/routes/mcp-routes.ts +0 -20

package/src/__tests__/oauth-provider-profiles.test.ts CHANGED Viewed

@@ -10,7 +10,7 @@ describe("oauth provider behaviors", () => {
     const service = resolveService("gmail");
     const behavior = getProviderBehavior(service);
-    expect(service).toBe("integration:gmail");
+    expect(service).toBe("integration:google");
     expect(behavior).toBeDefined();
     expect(behavior?.injectionTemplates).toBeDefined();
     expect(behavior?.injectionTemplates).toHaveLength(3);

package/src/__tests__/oauth-store.test.ts CHANGED Viewed

@@ -34,9 +34,14 @@ mock.module("../security/secure-keys.js", () => ({
   deleteSecureKeyAsync: mockDeleteSecureKeyAsync,
   setSecureKeyAsync: mockSetSecureKeyAsync,
   getSecureKey: (account: string) => secureKeyValues.get(account),
+  getSecureKeyAsync: (account: string) =>
+    Promise.resolve(secureKeyValues.get(account)),
 }));
-import { initializeDb, resetDb, resetTestTables } from "../memory/db.js";
+import { eq } from "drizzle-orm";
+import { getDb, initializeDb, resetDb, resetTestTables } from "../memory/db.js";
+import { oauthProviders } from "../memory/schema/oauth.js";
 import {
   createConnection,
   deleteApp,
@@ -46,8 +51,10 @@ import {
   getAppByProviderAndClientId,
   getConnection,
   getConnectionByProvider,
+  getConnectionByProviderAndAccount,
   getProvider,
   isProviderConnected,
+  listActiveConnectionsByProvider,
   listConnections,
   registerProvider,
   seedProviders,
@@ -137,7 +144,7 @@ describe("provider operations", () => {
       });
     });
-    test("updates existing provider rows with corrected seed data", () => {
+    test("updates implementation fields while preserving user-customizable fields on re-seed", () => {
       seedProviders([
         {
           providerKey: "github",
@@ -168,17 +175,134 @@ describe("provider operations", () => {
       const row = getProvider("github");
       expect(row).toBeDefined();
-      // Seed data should overwrite the existing row
+      // Implementation fields should be overwritten by the re-seed
       expect(row!.authUrl).toBe("https://github.com/login/oauth/authorize-v2");
       expect(row!.tokenUrl).toBe(
         "https://github.com/login/oauth/access_token-v2",
       );
-      expect(row!.baseUrl).toBe("https://api.github.com/v2");
-      expect(JSON.parse(row!.defaultScopes)).toEqual(["repo", "user"]);
-      expect(JSON.parse(row!.scopePolicy)).toEqual({ required: ["repo"] });
+      // User-customizable fields (baseUrl, defaultScopes, scopePolicy) are
+      // preserved from the original insert — not overwritten on re-seed.
+      expect(row!.baseUrl).toBe("https://api.github.com");
+      expect(JSON.parse(row!.defaultScopes)).toEqual(["repo"]);
+      expect(JSON.parse(row!.scopePolicy)).toEqual({});
       // createdAt should be preserved from the original insert
       expect(row!.createdAt).toBe(originalCreatedAt);
     });
+    test("persists pingUrl when provided", () => {
+      seedProviders([
+        {
+          providerKey: "github",
+          authUrl: "https://github.com/authorize",
+          tokenUrl: "https://github.com/token",
+          defaultScopes: ["repo"],
+          scopePolicy: {},
+          pingUrl: "https://api.github.com/user",
+        },
+      ]);
+      const row = getProvider("github");
+      expect(row!.pingUrl).toBe("https://api.github.com/user");
+    });
+    test("pingUrl defaults to null when omitted", () => {
+      seedProviders([
+        {
+          providerKey: "github",
+          authUrl: "https://github.com/authorize",
+          tokenUrl: "https://github.com/token",
+          defaultScopes: ["repo"],
+          scopePolicy: {},
+        },
+      ]);
+      const row = getProvider("github");
+      expect(row!.pingUrl).toBeNull();
+    });
+    test("preserves user-customizable fields while overwriting implementation fields on re-seed", () => {
+      // Initial seed with all fields
+      seedProviders([
+        {
+          providerKey: "github",
+          authUrl: "https://github.com/authorize",
+          tokenUrl: "https://github.com/token",
+          tokenEndpointAuthMethod: "client_secret_post",
+          defaultScopes: ["repo"],
+          scopePolicy: { required: ["repo"] },
+          userinfoUrl: "https://api.github.com/user",
+          baseUrl: "https://api.github.com",
+          extraParams: { prompt: "consent" },
+          callbackTransport: "loopback",
+          loopbackPort: 8765,
+          pingUrl: "https://api.github.com/user",
+        },
+      ]);
+      // Manually update user-customizable fields to simulate user edits
+      const db = getDb();
+      db.update(oauthProviders)
+        .set({
+          defaultScopes: JSON.stringify(["repo", "user", "gist"]),
+          scopePolicy: JSON.stringify({
+            required: ["repo"],
+            allowAdditionalScopes: true,
+          }),
+          userinfoUrl: "https://api.github.com/user/custom",
+          baseUrl: "https://custom.github.com/api",
+        })
+        .where(eq(oauthProviders.providerKey, "github"))
+        .run();
+      // Verify the manual updates took effect
+      const beforeReseed = getProvider("github");
+      expect(JSON.parse(beforeReseed!.defaultScopes)).toEqual([
+        "repo",
+        "user",
+        "gist",
+      ]);
+      expect(beforeReseed!.userinfoUrl).toBe(
+        "https://api.github.com/user/custom",
+      );
+      expect(beforeReseed!.baseUrl).toBe("https://custom.github.com/api");
+      // Re-seed with updated implementation fields
+      seedProviders([
+        {
+          providerKey: "github",
+          authUrl: "https://github.com/authorize-v2",
+          tokenUrl: "https://github.com/token-v2",
+          tokenEndpointAuthMethod: "client_secret_basic",
+          defaultScopes: ["repo-only"],
+          scopePolicy: {},
+          userinfoUrl: "https://api.github.com/user-v2",
+          baseUrl: "https://api.github.com/v2",
+          extraParams: { prompt: "login" },
+          callbackTransport: "gateway",
+          loopbackPort: 9999,
+          pingUrl: "https://api.github.com/user-v2",
+        },
+      ]);
+      const row = getProvider("github");
+      expect(row).toBeDefined();
+      // User-customizable fields should retain their manual values
+      expect(JSON.parse(row!.defaultScopes)).toEqual(["repo", "user", "gist"]);
+      expect(JSON.parse(row!.scopePolicy)).toEqual({
+        required: ["repo"],
+        allowAdditionalScopes: true,
+      });
+      expect(row!.userinfoUrl).toBe("https://api.github.com/user/custom");
+      expect(row!.baseUrl).toBe("https://custom.github.com/api");
+      // Implementation fields should be overwritten from the seed data
+      expect(row!.authUrl).toBe("https://github.com/authorize-v2");
+      expect(row!.tokenUrl).toBe("https://github.com/token-v2");
+      expect(row!.tokenEndpointAuthMethod).toBe("client_secret_basic");
+      expect(JSON.parse(row!.extraParams!)).toEqual({ prompt: "login" });
+      expect(row!.callbackTransport).toBe("gateway");
+      expect(row!.loopbackPort).toBe(9999);
+      expect(row!.pingUrl).toBe("https://api.github.com/user-v2");
+    });
   });
   describe("getProvider", () => {
@@ -279,13 +403,18 @@ describe("app operations", () => {
     test("stores clientSecret in secure storage on new app creation", async () => {
       seedTestProvider("github");
-      const app = await upsertApp("github", "client-abc", "my-secret");
+      const app = await upsertApp("github", "client-abc", {
+        clientSecretValue: "my-secret",
+      });
       expect(mockSetSecureKeyAsync).toHaveBeenCalledTimes(1);
       expect(mockSetSecureKeyAsync).toHaveBeenCalledWith(
         `oauth_app/${app.id}/client_secret`,
         "my-secret",
       );
+      expect(app.clientSecretCredentialPath).toBe(
+        `oauth_app/${app.id}/client_secret`,
+      );
     });
     test("stores clientSecret in secure storage when upserting an existing app", async () => {
@@ -293,11 +422,13 @@ describe("app operations", () => {
       const first = await upsertApp("github", "client-abc");
       mockSetSecureKeyAsync.mockClear();
-      await upsertApp("github", "client-abc", "updated-secret");
+      await upsertApp("github", "client-abc", {
+        clientSecretValue: "updated-secret",
+      });
       expect(mockSetSecureKeyAsync).toHaveBeenCalledTimes(1);
       expect(mockSetSecureKeyAsync).toHaveBeenCalledWith(
-        `oauth_app/${first.id}/client_secret`,
+        first.clientSecretCredentialPath,
         "updated-secret",
       );
     });
@@ -307,9 +438,70 @@ describe("app operations", () => {
       mockSetSecureKeyAsync.mockResolvedValueOnce(false);
       await expect(
-        upsertApp("github", "client-abc", "bad-secret"),
+        upsertApp("github", "client-abc", { clientSecretValue: "bad-secret" }),
       ).rejects.toThrow("Failed to store client_secret in secure storage");
     });
+    test("accepts clientSecretCredentialPath and verifies existence", async () => {
+      seedTestProvider("github");
+      secureKeyValues.set("custom/path", "stored-secret");
+      const app = await upsertApp("github", "client-abc", {
+        clientSecretCredentialPath: "custom/path",
+      });
+      expect(app.clientSecretCredentialPath).toBe("custom/path");
+      // Should not have called setSecureKeyAsync since we only provided a path
+      expect(mockSetSecureKeyAsync).not.toHaveBeenCalled();
+    });
+    test("throws when clientSecretCredentialPath points to nonexistent secret", async () => {
+      seedTestProvider("github");
+      await expect(
+        upsertApp("github", "client-abc", {
+          clientSecretCredentialPath: "nonexistent/path",
+        }),
+      ).rejects.toThrow("No secret found at credential path: nonexistent/path");
+    });
+    test("throws when both clientSecretValue and clientSecretCredentialPath are provided", async () => {
+      seedTestProvider("github");
+      await expect(
+        upsertApp("github", "client-abc", {
+          clientSecretValue: "my-secret",
+          clientSecretCredentialPath: "custom/path",
+        }),
+      ).rejects.toThrow(
+        "Cannot provide both clientSecretValue and clientSecretCredentialPath",
+      );
+    });
+    test("records default clientSecretCredentialPath when neither value nor path is provided", async () => {
+      seedTestProvider("github");
+      const app = await upsertApp("github", "client-abc");
+      expect(app.clientSecretCredentialPath).toBe(
+        `oauth_app/${app.id}/client_secret`,
+      );
+    });
+    test("updates clientSecretCredentialPath on existing row when path is provided", async () => {
+      seedTestProvider("github");
+      const first = await upsertApp("github", "client-abc");
+      expect(first.clientSecretCredentialPath).toBe(
+        `oauth_app/${first.id}/client_secret`,
+      );
+      secureKeyValues.set("new/custom/path", "stored-secret");
+      const updated = await upsertApp("github", "client-abc", {
+        clientSecretCredentialPath: "new/custom/path",
+      });
+      expect(updated.id).toBe(first.id);
+      expect(updated.clientSecretCredentialPath).toBe("new/custom/path");
+    });
   });
   describe("getApp", () => {
@@ -353,14 +545,29 @@ describe("app operations", () => {
       expect(getApp(app.id)).toBeUndefined();
     });
-    test("cleans up client_secret from secure storage", async () => {
+    test("cleans up client_secret from secure storage using stored path", async () => {
       const app = await createTestApp("github", "client-1");
       mockDeleteSecureKeyAsync.mockClear();
       await deleteApp(app.id);
       expect(mockDeleteSecureKeyAsync).toHaveBeenCalledWith(
-        `oauth_app/${app.id}/client_secret`,
+        app.clientSecretCredentialPath,
+      );
+    });
+    test("uses custom clientSecretCredentialPath when deleting", async () => {
+      seedTestProvider("github");
+      secureKeyValues.set("custom/secret/path", "the-secret");
+      const app = await upsertApp("github", "client-1", {
+        clientSecretCredentialPath: "custom/secret/path",
+      });
+      mockDeleteSecureKeyAsync.mockClear();
+      await deleteApp(app.id);
+      expect(mockDeleteSecureKeyAsync).toHaveBeenCalledWith(
+        "custom/secret/path",
       );
     });
@@ -506,6 +713,145 @@ describe("connection operations", () => {
     });
   });
+  describe("getConnectionByProviderAndAccount", () => {
+    test("returns the connection matching the given account", async () => {
+      const app = await createTestApp("github", "client-1");
+      const conn1 = createConnection({
+        oauthAppId: app.id,
+        providerKey: "github",
+        accountInfo: "user1@example.com",
+        grantedScopes: ["repo"],
+        hasRefreshToken: false,
+        createdAt: 1000,
+      });
+      createConnection({
+        oauthAppId: app.id,
+        providerKey: "github",
+        accountInfo: "user2@example.com",
+        grantedScopes: ["repo"],
+        hasRefreshToken: false,
+        createdAt: 2000,
+      });
+      const result = getConnectionByProviderAndAccount(
+        "github",
+        "user1@example.com",
+      );
+      expect(result).toBeDefined();
+      expect(result!.id).toBe(conn1.id);
+    });
+    test("falls back to getConnectionByProvider when accountInfo is undefined", async () => {
+      const app = await createTestApp("github", "client-1");
+      const conn = createConnection({
+        oauthAppId: app.id,
+        providerKey: "github",
+        accountInfo: "user@example.com",
+        grantedScopes: ["repo"],
+        hasRefreshToken: false,
+      });
+      const result = getConnectionByProviderAndAccount("github", undefined);
+      expect(result).toBeDefined();
+      expect(result!.id).toBe(conn.id);
+    });
+    test("returns undefined when no connection matches the account", async () => {
+      const app = await createTestApp("github", "client-1");
+      createConnection({
+        oauthAppId: app.id,
+        providerKey: "github",
+        accountInfo: "user@example.com",
+        grantedScopes: ["repo"],
+        hasRefreshToken: false,
+      });
+      const result = getConnectionByProviderAndAccount(
+        "github",
+        "other@example.com",
+      );
+      expect(result).toBeUndefined();
+    });
+    test("skips revoked connections", async () => {
+      const app = await createTestApp("github", "client-1");
+      const conn = createConnection({
+        oauthAppId: app.id,
+        providerKey: "github",
+        accountInfo: "user@example.com",
+        grantedScopes: ["repo"],
+        hasRefreshToken: false,
+      });
+      updateConnection(conn.id, { status: "revoked" });
+      const result = getConnectionByProviderAndAccount(
+        "github",
+        "user@example.com",
+      );
+      expect(result).toBeUndefined();
+    });
+  });
+  describe("listActiveConnectionsByProvider", () => {
+    test("returns all active connections for a provider", async () => {
+      const app = await createTestApp("github", "client-1");
+      createConnection({
+        oauthAppId: app.id,
+        providerKey: "github",
+        accountInfo: "user1@example.com",
+        grantedScopes: ["repo"],
+        hasRefreshToken: false,
+      });
+      createConnection({
+        oauthAppId: app.id,
+        providerKey: "github",
+        accountInfo: "user2@example.com",
+        grantedScopes: ["repo"],
+        hasRefreshToken: false,
+      });
+      const results = listActiveConnectionsByProvider("github");
+      expect(results).toHaveLength(2);
+    });
+    test("excludes revoked connections", async () => {
+      const app = await createTestApp("github", "client-1");
+      createConnection({
+        oauthAppId: app.id,
+        providerKey: "github",
+        accountInfo: "user1@example.com",
+        grantedScopes: ["repo"],
+        hasRefreshToken: false,
+      });
+      const conn2 = createConnection({
+        oauthAppId: app.id,
+        providerKey: "github",
+        accountInfo: "user2@example.com",
+        grantedScopes: ["repo"],
+        hasRefreshToken: false,
+      });
+      updateConnection(conn2.id, { status: "revoked" });
+      const results = listActiveConnectionsByProvider("github");
+      expect(results).toHaveLength(1);
+      expect(results[0]!.accountInfo).toBe("user1@example.com");
+    });
+    test("returns empty array when no active connections exist", () => {
+      const results = listActiveConnectionsByProvider("github");
+      expect(results).toHaveLength(0);
+    });
+  });
   describe("isProviderConnected", () => {
     test("returns true when active connection has an access token in secure storage", async () => {
       const app = await createTestApp("github", "client-1");
@@ -518,7 +864,7 @@ describe("connection operations", () => {
       secureKeyValues.set(`oauth_connection/${conn.id}/access_token`, "tok");
-      expect(isProviderConnected("github")).toBe(true);
+      expect(await isProviderConnected("github")).toBe(true);
     });
     test("returns false when active connection exists but access token is missing", async () => {
@@ -531,11 +877,11 @@ describe("connection operations", () => {
       });
       // No secure key set — simulates failed token write
-      expect(isProviderConnected("github")).toBe(false);
+      expect(await isProviderConnected("github")).toBe(false);
     });
-    test("returns false when no connection exists", () => {
-      expect(isProviderConnected("github")).toBe(false);
+    test("returns false when no connection exists", async () => {
+      expect(await isProviderConnected("github")).toBe(false);
     });
     test("returns false when connection is revoked even with token in store", async () => {
@@ -550,7 +896,7 @@ describe("connection operations", () => {
       updateConnection(conn.id, { status: "revoked" });
       secureKeyValues.set(`oauth_connection/${conn.id}/access_token`, "tok");
-      expect(isProviderConnected("github")).toBe(false);
+      expect(await isProviderConnected("github")).toBe(false);
     });
   });

package/src/__tests__/qdrant-collection-migration.test.ts CHANGED Viewed

@@ -21,12 +21,14 @@ interface MockCallLog {
 let mockCollectionExists: boolean;
 let mockCollectionSize: number;
+let mockUseNamedVectors: boolean;
 let mockSentinelPayload: Record<string, unknown> | null;
 let callLog: MockCallLog;
 function resetMockState() {
   mockCollectionExists = false;
   mockCollectionSize = 384;
+  mockUseNamedVectors = false;
   mockSentinelPayload = null;
   callLog = {
     collectionExists: 0,
@@ -51,7 +53,9 @@ mock.module("@qdrant/js-client-rest", () => ({
       return {
         config: {
           params: {
-            vectors: { size: mockCollectionSize },
+            vectors: mockUseNamedVectors
+              ? { dense: { size: mockCollectionSize } }
+              : { size: mockCollectionSize },
           },
         },
       };
@@ -77,7 +81,12 @@ mock.module("@qdrant/js-client-rest", () => ({
         mockSentinelPayload &&
         opts.ids.includes("00000000-0000-0000-0000-000000000000")
       ) {
-        return [{ id: "00000000-0000-0000-0000-000000000000", payload: mockSentinelPayload }];
+        return [
+          {
+            id: "00000000-0000-0000-0000-000000000000",
+            payload: mockSentinelPayload,
+          },
+        ];
       }
       return [];
     }
@@ -97,6 +106,7 @@ beforeEach(() => {
 describe("Qdrant collection migration", () => {
   test("deletes and recreates collection on dimension mismatch", async () => {
     mockCollectionExists = true;
+    mockUseNamedVectors = true;
     mockCollectionSize = 384; // Current collection has 384-dim vectors
     const client = new VellumQdrantClient({
@@ -108,14 +118,16 @@ describe("Qdrant collection migration", () => {
       embeddingModel: "gemini:gemini-embedding-2-preview",
     });
-    await client.ensureCollection();
+    const result = await client.ensureCollection();
     expect(callLog.deleteCollection).toBe(1);
     expect(callLog.createCollection).toBe(1);
+    expect(result.migrated).toBe(true);
   });
   test("deletes and recreates collection on model-only mismatch", async () => {
     mockCollectionExists = true;
+    mockUseNamedVectors = true;
     mockCollectionSize = 768; // Same dimension
     mockSentinelPayload = {
       _meta: true,
@@ -131,16 +143,18 @@ describe("Qdrant collection migration", () => {
       embeddingModel: "gemini:gemini-embedding-2-preview", // New model
     });
-    await client.ensureCollection();
+    const result = await client.ensureCollection();
     expect(callLog.deleteCollection).toBe(1);
     expect(callLog.createCollection).toBe(1);
     // Sentinel should be written for the new model
     expect(callLog.upsert).toBe(1);
+    expect(result.migrated).toBe(true);
   });
   test("leaves collection untouched when dimensions and model match", async () => {
     mockCollectionExists = true;
+    mockUseNamedVectors = true;
     mockCollectionSize = 768;
     mockSentinelPayload = {
       _meta: true,
@@ -156,14 +170,16 @@ describe("Qdrant collection migration", () => {
       embeddingModel: "gemini:gemini-embedding-2-preview",
     });
-    await client.ensureCollection();
+    const result = await client.ensureCollection();
     expect(callLog.deleteCollection).toBe(0);
     expect(callLog.createCollection).toBe(0);
+    expect(result.migrated).toBe(false);
   });
   test("does not rebuild pre-existing collection without sentinel (graceful upgrade)", async () => {
     mockCollectionExists = true;
+    mockUseNamedVectors = true;
     mockCollectionSize = 768;
     mockSentinelPayload = null; // No sentinel — pre-existing collection
@@ -176,11 +192,12 @@ describe("Qdrant collection migration", () => {
       embeddingModel: "gemini:gemini-embedding-2-preview",
     });
-    await client.ensureCollection();
+    const result = await client.ensureCollection();
     // No sentinel found → no model mismatch → collection kept
     expect(callLog.deleteCollection).toBe(0);
     expect(callLog.createCollection).toBe(0);
+    expect(result.migrated).toBe(false);
   });
   test("writes sentinel point when creating a new collection", async () => {
@@ -195,11 +212,37 @@ describe("Qdrant collection migration", () => {
       embeddingModel: "gemini:gemini-embedding-2-preview",
     });
-    await client.ensureCollection();
+    const result = await client.ensureCollection();
     expect(callLog.createCollection).toBe(1);
     // Sentinel upsert should be called
     expect(callLog.upsert).toBe(1);
+    // Fresh collection, not a migration
+    expect(result.migrated).toBe(false);
+  });
+  test("deletes and recreates collection when migrating from unnamed to named vectors", async () => {
+    mockCollectionExists = true;
+    mockUseNamedVectors = false; // Legacy unnamed vectors
+    mockCollectionSize = 768;
+    const client = new VellumQdrantClient({
+      url: "http://localhost:6333",
+      collection: "memory",
+      vectorSize: 768, // Same dimension
+      onDisk: false,
+      quantization: "none",
+      embeddingModel: "gemini:gemini-embedding-2-preview",
+    });
+    const result = await client.ensureCollection();
+    // Unnamed vectors should trigger delete + recreate with named vectors
+    expect(callLog.deleteCollection).toBe(1);
+    expect(callLog.createCollection).toBe(1);
+    // Sentinel should be written for the new collection
+    expect(callLog.upsert).toBe(1);
+    expect(result.migrated).toBe(true);
   });
   test("does not write sentinel when embeddingModel is not provided", async () => {
@@ -214,10 +257,12 @@ describe("Qdrant collection migration", () => {
       // No embeddingModel
     });
-    await client.ensureCollection();
+    const result = await client.ensureCollection();
     expect(callLog.createCollection).toBe(1);
     // No sentinel should be written
     expect(callLog.upsert).toBe(0);
+    // Fresh collection, not a migration
+    expect(result.migrated).toBe(false);
   });
 });

package/src/__tests__/registry.test.ts CHANGED Viewed

@@ -524,6 +524,5 @@ describe("computer-use registration split", () => {
     expect(registered.every((t) => t.name.startsWith("computer_use_"))).toBe(
       true,
     );
-    expect(getTool("computer_use_request_control")).toBeUndefined();
   });
 });