@vellumai/assistant 0.4.49 → 0.4.51

package/src/config/bundled-skills/google-calendar/TOOLS.json

@@ -41,6 +41,10 @@
           "reason": {
             "type": "string",
             "description": "Brief non-technical explanation of why this tool is being called"
+          },
+          "account": {
+            "type": "string",
+            "description": "Email address of the Google account to use. Required when multiple Google accounts are connected. If omitted, uses the most recently connected account."
           }
         }
       },
@@ -66,6 +70,10 @@
           "reason": {
             "type": "string",
             "description": "Brief non-technical explanation of why this tool is being called"
+          },
+          "account": {
+            "type": "string",
+            "description": "Email address of the Google account to use. Required when multiple Google accounts are connected. If omitted, uses the most recently connected account."
           }
         },
         "required": ["event_id"]
@@ -123,6 +131,10 @@
           "reason": {
             "type": "string",
             "description": "Brief non-technical explanation of why this tool is being called"
+          },
+          "account": {
+            "type": "string",
+            "description": "Email address of the Google account to use. Required when multiple Google accounts are connected. If omitted, uses the most recently connected account."
           }
         },
         "required": ["summary", "start", "end", "confidence"]
@@ -160,6 +172,10 @@
           "reason": {
             "type": "string",
             "description": "Brief non-technical explanation of why this tool is being called"
+          },
+          "account": {
+            "type": "string",
+            "description": "Email address of the Google account to use. Required when multiple Google accounts are connected. If omitted, uses the most recently connected account."
           }
         },
         "required": ["time_min", "time_max"]
@@ -195,6 +211,10 @@
           "reason": {
             "type": "string",
             "description": "Brief non-technical explanation of why this tool is being called"
+          },
+          "account": {
+            "type": "string",
+            "description": "Email address of the Google account to use. Required when multiple Google accounts are connected. If omitted, uses the most recently connected account."
           }
         },
         "required": ["event_id", "response", "confidence"]

package/src/config/bundled-skills/google-calendar/tools/calendar-check-availability.ts

@@ -9,12 +9,13 @@ export async function run(
   input: Record<string, unknown>,
   _context: ToolContext,
 ): Promise<ToolExecutionResult> {
+  const account = input.account as string | undefined;
   const timeMin = input.time_min as string;
   const timeMax = input.time_max as string;
   const calendarIds = (input.calendar_ids as string[]) ?? ["primary"];
   const timezone = input.timezone as string | undefined;
 
-  const connection = getCalendarConnection();
+  const connection = await getCalendarConnection(account, calendarIds[0]);
   const result = await calendar.freeBusy(connection, {
     timeMin,
     timeMax,

package/src/config/bundled-skills/google-calendar/tools/calendar-create-event.ts

@@ -9,6 +9,7 @@ export async function run(
   input: Record<string, unknown>,
   _context: ToolContext,
 ): Promise<ToolExecutionResult> {
+  const account = input.account as string | undefined;
   const summary = input.summary as string;
   const startRaw = input.start as string;
   const endRaw = input.end as string;
@@ -40,7 +41,7 @@ export async function run(
     eventBody.attendees = attendees.map((email) => ({ email }));
   }
 
-  const connection = getCalendarConnection();
+  const connection = await getCalendarConnection(account, calendarId);
   const event = await calendar.createEvent(connection, eventBody, calendarId);
   const link = event.htmlLink ? ` View it here: ${event.htmlLink}` : "";
   return ok(`Event created (ID: ${event.id}).${link}`);

package/src/config/bundled-skills/google-calendar/tools/calendar-get-event.ts

@@ -9,10 +9,11 @@ export async function run(
   input: Record<string, unknown>,
   _context: ToolContext,
 ): Promise<ToolExecutionResult> {
+  const account = input.account as string | undefined;
   const eventId = input.event_id as string;
   const calendarId = (input.calendar_id as string) ?? "primary";
 
-  const connection = getCalendarConnection();
+  const connection = await getCalendarConnection(account, calendarId);
   const event = await calendar.getEvent(connection, eventId, calendarId);
   return ok(JSON.stringify(event, null, 2));
 }

package/src/config/bundled-skills/google-calendar/tools/calendar-list-events.ts

@@ -9,6 +9,7 @@ export async function run(
   input: Record<string, unknown>,
   _context: ToolContext,
 ): Promise<ToolExecutionResult> {
+  const account = input.account as string | undefined;
   const calendarId = (input.calendar_id as string) ?? "primary";
   const timeMin = (input.time_min as string) ?? new Date().toISOString();
   const timeMax = input.time_max as string | undefined;
@@ -17,7 +18,7 @@ export async function run(
   const singleEvents = (input.single_events as boolean) ?? true;
   const orderBy = input.order_by as "startTime" | "updated" | undefined;
 
-  const connection = getCalendarConnection();
+  const connection = await getCalendarConnection(account, calendarId);
   const result = await calendar.listEvents(connection, calendarId, {
     timeMin,
     timeMax,

package/src/config/bundled-skills/google-calendar/tools/calendar-rsvp.ts

@@ -9,11 +9,12 @@ export async function run(
   input: Record<string, unknown>,
   _context: ToolContext,
 ): Promise<ToolExecutionResult> {
+  const account = input.account as string | undefined;
   const eventId = input.event_id as string;
   const response = input.response as "accepted" | "declined" | "tentative";
   const calendarId = (input.calendar_id as string) ?? "primary";
 
-  const connection = getCalendarConnection();
+  const connection = await getCalendarConnection(account, calendarId);
 
   // First get the event to find the user's attendee entry
   const event = await calendar.getEvent(connection, eventId, calendarId);

package/src/config/bundled-skills/google-calendar/tools/shared.ts

@@ -10,6 +10,12 @@ export function ok(content: string): ToolExecutionResult {
  * Calendar uses the same OAuth credential service as Gmail since both
  * scopes are granted in a single OAuth consent flow.
  */
-export function getCalendarConnection(): OAuthConnection {
-  return resolveOAuthConnection("integration:gmail");
+export async function getCalendarConnection(
+  account?: string,
+  calendarId?: string,
+): Promise<OAuthConnection> {
+  // If no explicit account but calendar_id looks like an email, use it as the account hint
+  const resolved =
+    account ?? (calendarId?.includes("@") ? calendarId : undefined);
+  return resolveOAuthConnection("integration:google", resolved);
 }

package/src/config/bundled-skills/messaging/SKILL.md

@@ -23,7 +23,7 @@ Do not offer AgentMail as an option or mention it unless the user specifically a
 ## Communication Style
 
 - **Be action-oriented.** When the user asks to do something ("declutter", "check my email"), start doing it immediately. Don't ask for permission to read their inbox — that's obviously what they want.
-- **Keep it human.** Never mention OAuth, tokens, APIs, sandboxes, credential proxies, or other technical internals. If something isn't working, say "Gmail needs to be reconnected" — not "the OAuth2 access token for integration:gmail has expired."
+- **Keep it human.** Never mention OAuth, tokens, APIs, sandboxes, credential proxies, or other technical internals. If something isn't working, say "Gmail needs to be reconnected" — not "the OAuth2 access token for integration:google has expired."
 - **Show progress.** When running a tool that scans many emails, tell the user what you're doing: "Scanning your inbox for clutter..." Don't go silent.
 - **Be brief and warm.** One or two sentences per update is plenty. Don't over-explain what you're about to do — just do it and narrate lightly.
 

package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts

@@ -90,8 +90,8 @@ export async function run(
   const queryFilter = input.query_filter as string | undefined;
 
   try {
-    const provider = resolveProvider(platform);
-    const conn = getProviderConnection(provider);
+    const provider = await resolveProvider(platform);
+    const conn = await getProviderConnection(provider);
     // Search for sent messages using the platform's search
     const query =
       queryFilter ?? (provider.id === "gmail" ? "in:sent" : "from:me");

package/src/config/bundled-skills/messaging/tools/messaging-archive-by-sender.ts

@@ -22,7 +22,7 @@ export async function run(
   }
 
   try {
-    const provider = resolveProvider(platform);
+    const provider = await resolveProvider(platform);
 
     if (!provider.archiveByQuery) {
       return err(
@@ -30,7 +30,7 @@ export async function run(
       );
     }
 
-    const conn = getProviderConnection(provider);
+    const conn = await getProviderConnection(provider);
     const result = await provider.archiveByQuery!(conn, query);
 
     if (result.archived === 0) {

package/src/config/bundled-skills/messaging/tools/messaging-auth-test.ts

@@ -11,8 +11,8 @@ export async function run(
   const platform = input.platform as string | undefined;
 
   try {
-    const provider = resolveProvider(platform);
-    const conn = getProviderConnection(provider);
+    const provider = await resolveProvider(platform);
+    const conn = await getProviderConnection(provider);
     const info = await provider.testConnection(conn);
     return ok(JSON.stringify(info, null, 2));
   } catch (e) {

package/src/config/bundled-skills/messaging/tools/messaging-list-conversations.ts

@@ -13,8 +13,8 @@ export async function run(
   const limit = input.limit as number | undefined;
 
   try {
-    const provider = resolveProvider(platform);
-    const conn = getProviderConnection(provider);
+    const provider = await resolveProvider(platform);
+    const conn = await getProviderConnection(provider);
     const conversations = await provider.listConversations(conn, {
       types: types as Array<"channel" | "dm" | "group" | "inbox"> | undefined,
       limit,

package/src/config/bundled-skills/messaging/tools/messaging-mark-read.ts

@@ -17,13 +17,13 @@ export async function run(
   }
 
   try {
-    const provider = resolveProvider(platform);
+    const provider = await resolveProvider(platform);
     if (!provider.markRead) {
       return err(
         `${provider.displayName} does not support marking messages as read.`,
       );
     }
-    const conn = getProviderConnection(provider);
+    const conn = await getProviderConnection(provider);
     await provider.markRead(conn, conversationId, messageId);
     return ok("Marked as read.");
   } catch (e) {

package/src/config/bundled-skills/messaging/tools/messaging-read.ts

@@ -18,8 +18,8 @@ export async function run(
   }
 
   try {
-    const provider = resolveProvider(platform);
-    const conn = getProviderConnection(provider);
+    const provider = await resolveProvider(platform);
+    const conn = await getProviderConnection(provider);
     let messages;
     if (threadId && provider.getThreadReplies) {
       messages = await provider.getThreadReplies(

package/src/config/bundled-skills/messaging/tools/messaging-search.ts

@@ -17,8 +17,8 @@ export async function run(
   }
 
   try {
-    const provider = resolveProvider(platform);
-    const conn = getProviderConnection(provider);
+    const provider = await resolveProvider(platform);
+    const conn = await getProviderConnection(provider);
     const result = await provider.search(conn, query, { count: maxResults });
     return ok(JSON.stringify(result, null, 2));
   } catch (e) {

package/src/config/bundled-skills/messaging/tools/messaging-send.ts

@@ -45,14 +45,14 @@ export async function run(
   }
 
   try {
-    const provider = resolveProvider(platform);
+    const provider = await resolveProvider(platform);
 
     // Non-Gmail platforms: reject attachment_paths
     if (provider.id !== "gmail" && attachmentPaths?.length) {
       return err("Attachments are only supported on Gmail.");
     }
 
-    const conn = getProviderConnection(provider);
+    const conn = await getProviderConnection(provider);
 
     // Gmail: create a draft instead of sending directly
     if (provider.id === "gmail") {

package/src/config/bundled-skills/messaging/tools/messaging-sender-digest.ts

@@ -15,7 +15,7 @@ export async function run(
   const pageToken = input.page_token as string | undefined;
 
   try {
-    const provider = resolveProvider(platform);
+    const provider = await resolveProvider(platform);
 
     if (!provider.senderDigest) {
       return err(
@@ -23,7 +23,7 @@ export async function run(
       );
     }
 
-    const conn = getProviderConnection(provider);
+    const conn = await getProviderConnection(provider);
     const result = await provider.senderDigest!(conn, query, {
       maxMessages,
       maxSenders,

package/src/config/bundled-skills/messaging/tools/shared.ts

@@ -106,10 +106,12 @@ export function extractEmail(address: string): string {
  * If only one provider is connected, auto-select it.
  * Otherwise, throw asking the user to specify.
  */
-export function resolveProvider(platformInput?: string): MessagingProvider {
+export async function resolveProvider(
+  platformInput?: string,
+): Promise<MessagingProvider> {
   if (platformInput) return getMessagingProvider(platformInput);
 
-  const connected = getConnectedProviders();
+  const connected = await getConnectedProviders();
   if (connected.length === 1) return connected[0];
   if (connected.length === 0) {
     throw new Error(
@@ -130,9 +132,9 @@ export function resolveProvider(platformInput?: string): MessagingProvider {
  * Non-OAuth providers (e.g. Telegram) use isConnected() and don't need
  * tokens — they receive an empty string which the string overload handles.
  */
-export function getProviderConnection(
+export async function getProviderConnection(
   provider: MessagingProvider,
-): OAuthConnection | string {
-  if (provider.isConnected?.()) return "";
+): Promise<OAuthConnection | string> {
+  if (await provider.isConnected?.()) return "";
   return resolveOAuthConnection(provider.credentialService);
 }

package/src/config/bundled-skills/slack/tools/shared.ts

@@ -14,6 +14,6 @@ export function err(message: string): ToolExecutionResult {
   return { content: message, isError: true };
 }
 
-export function getSlackConnection(): OAuthConnection {
+export async function getSlackConnection(): Promise<OAuthConnection> {
   return resolveOAuthConnection("integration:slack");
 }

package/src/config/bundled-skills/slack/tools/slack-add-reaction.ts

@@ -18,7 +18,7 @@ export async function run(
   }
 
   try {
-    const connection = getSlackConnection();
+    const connection = await getSlackConnection();
     await addReaction(connection, channel, timestamp, emoji);
     return ok(`Added :${emoji}: reaction.`);
   } catch (e) {

package/src/config/bundled-skills/slack/tools/slack-channel-details.ts

@@ -16,7 +16,7 @@ export async function run(
   }
 
   try {
-    const connection = getSlackConnection();
+    const connection = await getSlackConnection();
     const resp = await slack.conversationInfo(connection, channelId);
     const conv = resp.channel;
 

package/src/config/bundled-skills/slack/tools/slack-delete-message.ts

@@ -17,7 +17,7 @@ export async function run(
   }
 
   try {
-    const connection = getSlackConnection();
+    const connection = await getSlackConnection();
     await deleteMessage(connection, channel, timestamp);
     return ok(`Message deleted.`);
   } catch (e) {

package/src/config/bundled-skills/slack/tools/slack-edit-message.ts

@@ -18,7 +18,7 @@ export async function run(
   }
 
   try {
-    const connection = getSlackConnection();
+    const connection = await getSlackConnection();
     await updateMessage(connection, channel, timestamp, text);
     return ok(`Message updated.`);
   } catch (e) {

package/src/config/bundled-skills/slack/tools/slack-leave-channel.ts

@@ -16,7 +16,7 @@ export async function run(
   }
 
   try {
-    const connection = getSlackConnection();
+    const connection = await getSlackConnection();
     await leaveConversation(connection, channel);
     return ok("Left channel.");
   } catch (e) {

package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts

@@ -264,7 +264,7 @@ export async function run(
   const format = (input.format as string) ?? "text";
 
   try {
-    const connection = getSlackConnection();
+    const connection = await getSlackConnection();
     const oldestTs = String((Date.now() - hoursBack * 60 * 60 * 1000) / 1000);
 
     let channelsToScan: SlackConversation[];

package/src/config/bundled-tool-registry.ts

@@ -48,6 +48,7 @@ import * as computerUseClick from "./bundled-skills/computer-use/tools/computer-
 import * as computerUseDone from "./bundled-skills/computer-use/tools/computer-use-done.js";
 import * as computerUseDrag from "./bundled-skills/computer-use/tools/computer-use-drag.js";
 import * as computerUseKey from "./bundled-skills/computer-use/tools/computer-use-key.js";
+import * as computerUseObserve from "./bundled-skills/computer-use/tools/computer-use-observe.js";
 import * as computerUseOpenApp from "./bundled-skills/computer-use/tools/computer-use-open-app.js";
 import * as computerUseRespond from "./bundled-skills/computer-use/tools/computer-use-respond.js";
 import * as computerUseRunApplescript from "./bundled-skills/computer-use/tools/computer-use-run-applescript.js";
@@ -88,8 +89,6 @@ import * as calendarListEvents from "./bundled-skills/google-calendar/tools/cale
 import * as calendarRsvp from "./bundled-skills/google-calendar/tools/calendar-rsvp.js";
 // ── image-studio ───────────────────────────────────────────────────────────────
 import * as mediaGenerateImage from "./bundled-skills/image-studio/tools/media-generate-image.js";
-// ── knowledge-graph ────────────────────────────────────────────────────────────
-import * as graphQuery from "./bundled-skills/knowledge-graph/tools/graph-query.js";
 // ── media-processing ───────────────────────────────────────────────────────────
 import * as analyzeKeyframes from "./bundled-skills/media-processing/tools/analyze-keyframes.js";
 import * as extractKeyframes from "./bundled-skills/media-processing/tools/extract-keyframes.js";
@@ -219,6 +218,7 @@ export const bundledToolRegistry = new Map<string, SkillToolScript>([
   ["claude-code:tools/claude-code.ts", claudeCode],
 
   // computer-use
+  ["computer-use:tools/computer-use-observe.ts", computerUseObserve],
   ["computer-use:tools/computer-use-click.ts", computerUseClick],
   ["computer-use:tools/computer-use-type-text.ts", computerUseTypeText],
   ["computer-use:tools/computer-use-key.ts", computerUseKey],
@@ -276,9 +276,6 @@ export const bundledToolRegistry = new Map<string, SkillToolScript>([
   // image-studio
   ["image-studio:tools/media-generate-image.ts", mediaGenerateImage],
 
-  // knowledge-graph
-  ["knowledge-graph:tools/graph-query.ts", graphQuery],
-
   // media-processing
   ["media-processing:tools/ingest-media.ts", ingestMedia],
   ["media-processing:tools/media-status.ts", mediaStatus],

package/src/config/loader.ts

@@ -405,8 +405,9 @@ export function invalidateConfigCache(): void {
 }
 
 /**
- * Load the raw config from disk, merging API keys from secure storage.
+ * Load the raw config from disk without any secure-storage merging.
  * Used by CLI config commands to read/write the file directly.
+ * API keys in secure storage are managed via `assistant keys` commands.
  */
 export function loadRawConfig(): Record<string, unknown> {
   ensureMigratedDataDir();
@@ -420,25 +421,6 @@ export function loadRawConfig(): Record<string, unknown> {
     }
   }
 
-  // Merge secure keys into apiKeys so `config get apiKeys.*` works
-  try {
-    const apiKeys =
-      raw.apiKeys &&
-      typeof raw.apiKeys === "object" &&
-      !Array.isArray(raw.apiKeys)
-        ? { ...(raw.apiKeys as Record<string, unknown>) }
-        : {};
-    for (const provider of API_KEY_PROVIDERS) {
-      const value = getSecureKey(provider);
-      if (value) apiKeys[provider] = value;
-    }
-    if (Object.keys(apiKeys).length > 0) {
-      raw.apiKeys = apiKeys;
-    }
-  } catch (err) {
-    log.debug({ err }, "Failed to merge secure keys into raw config");
-  }
-
   return raw;
 }
 
@@ -446,28 +428,10 @@ export function saveRawConfig(config: Record<string, unknown>): void {
   ensureMigratedDataDir();
   const configPath = getConfigPath();
 
-  // Route apiKeys to secure storage and strip from plaintext file
-  const apiKeys = config.apiKeys;
-  if (apiKeys && typeof apiKeys === "object" && !Array.isArray(apiKeys)) {
-    for (const [provider, value] of Object.entries(
-      apiKeys as Record<string, unknown>,
-    )) {
-      if (typeof value === "string" && value.length > 0) {
-        if (!setSecureKey(provider, value)) {
-          throw new ConfigError(
-            `Failed to save API key for "${provider}" to secure storage. Key not removed from config to prevent data loss.`,
-          );
-        }
-      } else if (value == null || value === "") {
-        deleteSecureKey(provider);
-      }
-    }
-    // Remove apiKeys from plaintext config
-    const { apiKeys: _, ...rest } = config;
-    writeFileSync(configPath, JSON.stringify(rest, null, 2) + "\n");
-  } else {
-    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
-  }
+  // Strip apiKeys from plaintext config — secure storage is managed
+  // by saveConfig() and `assistant keys` commands, not here.
+  const { apiKeys: _, ...rest } = config;
+  writeFileSync(configPath, JSON.stringify(rest, null, 2) + "\n");
 
   cached = null; // invalidate cache
 }

package/src/config/schema.ts

@@ -91,27 +91,16 @@ export {
   MemoryRetentionConfigSchema,
 } from "./schemas/memory-lifecycle.js";
 export type {
-  MemoryConflictsConfig,
-  MemoryEntityConfig,
   MemoryExtractionConfig,
-  MemoryProfileConfig,
   MemorySummarizationConfig,
 } from "./schemas/memory-processing.js";
 export {
-  MemoryConflictsConfigSchema,
-  MemoryEntityConfigSchema,
   MemoryExtractionConfigSchema,
-  MemoryProfileConfigSchema,
   MemorySummarizationConfigSchema,
 } from "./schemas/memory-processing.js";
-export type {
-  MemoryRerankingConfig,
-  MemoryRetrievalConfig,
-} from "./schemas/memory-retrieval.js";
+export type { MemoryRetrievalConfig } from "./schemas/memory-retrieval.js";
 export {
   MemoryDynamicBudgetConfigSchema,
-  MemoryEarlyTerminationConfigSchema,
-  MemoryRerankingConfigSchema,
   MemoryRetrievalConfigSchema,
 } from "./schemas/memory-retrieval.js";
 export type {

package/src/config/schemas/memory-lifecycle.ts

@@ -33,15 +33,6 @@ export const MemoryCleanupConfigSchema = z.object({
     .int("memory.cleanup.enqueueIntervalMs must be an integer")
     .positive("memory.cleanup.enqueueIntervalMs must be a positive integer")
     .default(6 * 60 * 60 * 1000),
-  resolvedConflictRetentionMs: z
-    .number({
-      error: "memory.cleanup.resolvedConflictRetentionMs must be a number",
-    })
-    .int("memory.cleanup.resolvedConflictRetentionMs must be an integer")
-    .positive(
-      "memory.cleanup.resolvedConflictRetentionMs must be a positive integer",
-    )
-    .default(30 * 24 * 60 * 60 * 1000),
   supersededItemRetentionMs: z
     .number({
       error: "memory.cleanup.supersededItemRetentionMs must be a number",