@vellumai/assistant 0.4.51 → 0.4.53

package/src/daemon/session-process.ts

@@ -15,7 +15,7 @@ import type {
   TurnInterfaceContext,
 } from "../channels/types.js";
 import { parseChannelId, parseInterfaceId } from "../channels/types.js";
-import { getConfig } from "../config/loader.js";
+import { API_KEY_PROVIDERS, getConfig } from "../config/loader.js";
 import { listPendingRequestsByConversationScope } from "../memory/canonical-guardian-store.js";
 import {
   addMessage,
@@ -27,6 +27,7 @@ import { extractPreferences } from "../notifications/preference-extractor.js";
 import { createPreference } from "../notifications/preferences-store.js";
 import type { Message } from "../providers/types.js";
 import { routeGuardianReply } from "../runtime/guardian-reply-router.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { getLogger } from "../util/logger.js";
 import type {
   ServerMessage,
@@ -47,12 +48,15 @@ import { resolveVerificationSessionIntent } from "./verification-session-intent.
 const log = getLogger("session-process");
 
 /** Build a model_info event with fresh config data. */
-export function buildModelInfoEvent(): ServerMessage {
+export async function buildModelInfoEvent(): Promise<ServerMessage> {
   const config = getConfig();
-  const configured = Object.keys(config.apiKeys).filter(
-    (k) => !!config.apiKeys[k],
-  );
-  if (!configured.includes("ollama")) configured.push("ollama");
+  const configured: string[] = ["ollama"];
+  for (const p of API_KEY_PROVIDERS) {
+    if (p === "ollama") continue;
+    if (await getSecureKeyAsync(p)) {
+      configured.push(p);
+    }
+  }
   return {
     type: "model_info",
     model: config.model,
@@ -296,7 +300,10 @@ export async function drainQueue(
   }
 
   // Resolve slash commands for queued messages
-  const slashResult = resolveSlash(next.content, buildSlashContext(session));
+  const slashResult = await resolveSlash(
+    next.content,
+    buildSlashContext(session),
+  );
 
   // Unknown slash — persist the exchange and continue draining.
   // Persist each message before pushing to session.messages so that a
@@ -365,7 +372,7 @@ export async function drainQueue(
         isModelSlashCommand(next.content) ||
         isProviderShortcut(next.content)
       ) {
-        next.onEvent(buildModelInfoEvent());
+        next.onEvent(await buildModelInfoEvent());
       }
       next.onEvent({ type: "assistant_text_delta", text: slashResult.message });
       session.traceEmitter.emit(
@@ -651,7 +658,7 @@ export async function processMessage(
   }
 
   // Resolve slash commands before persistence
-  const slashResult = resolveSlash(content, buildSlashContext(session));
+  const slashResult = await resolveSlash(content, buildSlashContext(session));
 
   // Unknown slash command — persist the exchange (user + assistant) so the
   // messageId is real.  Persist each message before pushing to session.messages
@@ -715,7 +722,7 @@ export async function processMessage(
     // Emit fresh model info before the text delta so the client has
     // up-to-date configuredProviders when rendering /model or /models UI.
     if (isModelSlashCommand(content) || isProviderShortcut(content)) {
-      onEvent(buildModelInfoEvent());
+      onEvent(await buildModelInfoEvent());
     }
     onEvent({ type: "assistant_text_delta", text: slashResult.message });
     session.traceEmitter.emit(

package/src/daemon/session-runtime-assembly.ts

@@ -37,6 +37,8 @@ export interface ChannelCapabilities {
   pttActivationKey?: string;
   /** Whether the client has been granted microphone permission by the OS. */
   microphonePermissionGranted?: boolean;
+  /** Chat type from the gateway (e.g. "private", "group", "supergroup", "channel", "im", "mpim"). */
+  chatType?: string;
 }
 
 /**
@@ -296,6 +298,7 @@ export function resolveChannelCapabilities(
   sourceChannel?: string | null,
   sourceInterface?: string | null,
   pttMetadata?: PttMetadata | null,
+  chatType?: string | null,
 ): ChannelCapabilities {
   // Normalise legacy pseudo-channel IDs to canonical ChannelId values.
   let channel: string;
@@ -330,6 +333,8 @@ export function resolveChannelCapabilities(
     }
   }
 
+  const resolvedChatType = chatType ?? undefined;
+
   switch (channel) {
     case "vellum": {
       const supportsDesktopUi = iface === "macos";
@@ -342,6 +347,7 @@ export function resolveChannelCapabilities(
           pttMetadata?.pttActivationKey,
         ),
         microphonePermissionGranted: pttMetadata?.microphonePermissionGranted,
+        chatType: resolvedChatType,
       };
     }
     case "telegram":
@@ -354,6 +360,7 @@ export function resolveChannelCapabilities(
         dashboardCapable: false,
         supportsDynamicUi: false,
         supportsVoiceInput: false,
+        chatType: resolvedChatType,
       };
     default:
       return {
@@ -361,10 +368,28 @@ export function resolveChannelCapabilities(
         dashboardCapable: false,
         supportsDynamicUi: false,
         supportsVoiceInput: false,
+        chatType: resolvedChatType,
       };
   }
 }
 
+/**
+ * Returns true when the chat type indicates a group/multi-party conversation
+ * (Telegram group/supergroup, Slack channel/group/mpim, etc.).
+ */
+export function isGroupChatType(chatType?: string): boolean {
+  if (!chatType) return false;
+  switch (chatType) {
+    case "group":
+    case "supergroup":
+    case "channel":
+    case "mpim":
+      return true;
+    default:
+      return false;
+  }
+}
+
 /** Context about the active workspace surface, passed to applyRuntimeInjections. */
 export interface ActiveSurfaceContext {
   surfaceId: string;
@@ -632,6 +657,31 @@ export function injectChannelCapabilityContext(
     }
   }
 
+  // Inject group chat etiquette only when the chat type indicates a multi-party
+  // conversation, avoiding misconditioned "stay silent" guidance in 1:1 DMs.
+  if (isGroupChatType(caps.chatType)) {
+    lines.push(`chat_type: ${caps.chatType}`);
+    lines.push("");
+    lines.push("GROUP CHAT ETIQUETTE:");
+    lines.push(
+      "- You are a **participant**, not the user's proxy. Think before you speak.",
+    );
+    lines.push(
+      "- **Respond when:** directly mentioned, you can add genuine value, something witty fits naturally, or correcting important misinformation.",
+    );
+    lines.push(
+      '- **Stay silent when:** casual banter between humans, someone already answered, your response would just be "yeah" or "nice", or the conversation flows fine without you.',
+    );
+    lines.push(
+      "- **The human rule:** humans don't respond to every message in a group chat. Neither should you. Quality over quantity.",
+    );
+    if (caps.channel === "slack") {
+      lines.push(
+        "- Use emoji reactions naturally to acknowledge without cluttering.",
+      );
+    }
+  }
+
   lines.push("</channel_capabilities>");
 
   const block = lines.join("\n");

package/src/daemon/session-slash.ts

@@ -5,10 +5,16 @@ import { join } from "node:path";
 import QRCode from "qrcode";
 
 import { getGatewayPort, getIngressPublicBaseUrl } from "../config/env.js";
-import { getConfig, loadRawConfig, saveRawConfig } from "../config/loader.js";
+import {
+  API_KEY_PROVIDERS,
+  getConfig,
+  loadRawConfig,
+  saveRawConfig,
+} from "../config/loader.js";
 import { resolveSkillStates } from "../config/skill-state.js";
 import { loadSkillCatalog } from "../config/skills.js";
 import { initializeProviders } from "../providers/registry.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import {
   buildInvocableSlashCatalog,
   resolveSlashSkillCommand,
@@ -53,14 +59,12 @@ export interface SlashContext {
 
 const AVAILABLE_MODELS = [
   "claude-opus-4-6",
-  "claude-opus-4-6-fast",
   "claude-sonnet-4-6",
   "claude-haiku-4-5-20251001",
 ] as const;
 
 const MODEL_DISPLAY_NAMES: Record<string, string> = {
   "claude-opus-4-6": "Claude Opus 4.6",
-  "claude-opus-4-6-fast": "Claude Opus 4.6 Fast",
   "claude-sonnet-4-6": "Claude Sonnet 4.6",
   "claude-haiku-4-5-20251001": "Claude Haiku 4.5",
 };
@@ -75,11 +79,6 @@ const PROVIDER_MODEL_SHORTCUTS: Record<
     model: "claude-opus-4-6",
     displayName: "Claude Opus 4.6",
   },
-  "opus-fast": {
-    provider: "anthropic",
-    model: "claude-opus-4-6-fast",
-    displayName: "Claude Opus 4.6 Fast",
-  },
   sonnet: {
     provider: "anthropic",
     model: "claude-sonnet-4-6",
@@ -146,7 +145,9 @@ function matchModel(input: string): string | undefined {
   return AVAILABLE_MODELS.find((m) => m.includes(lower));
 }
 
-function resolveProviderModelCommand(content: string): SlashResolution | null {
+async function resolveProviderModelCommand(
+  content: string,
+): Promise<SlashResolution | null> {
   const trimmed = content.trim();
   if (!trimmed.startsWith("/")) return null;
 
@@ -163,7 +164,7 @@ function resolveProviderModelCommand(content: string): SlashResolution | null {
   const name = getAssistantName();
 
   // Check if API key exists for this provider (Ollama doesn't require an API key)
-  if (provider !== "ollama" && !config.apiKeys[provider]) {
+  if (provider !== "ollama" && !(await getSecureKeyAsync(provider))) {
     return {
       kind: "unknown",
       message: `Cannot switch to ${displayName}. No API key configured for ${provider}.\n\nSet it with: \`keys set ${provider} <your-key>\``,
@@ -201,14 +202,23 @@ function resolveProviderModelCommand(content: string): SlashResolution | null {
   };
 }
 
-function resolveModelList(): SlashResolution {
+async function resolveModelList(): Promise<SlashResolution> {
   const config = getConfig();
+
+  // Build a set of providers that have a configured API key.
+  const configuredProviders = new Set<string>(["ollama"]);
+  for (const p of API_KEY_PROVIDERS) {
+    if (await getSecureKeyAsync(p)) {
+      configuredProviders.add(p);
+    }
+  }
+
   const lines = ["Available models:\n"];
 
   for (const [cmd, { provider, model, displayName }] of Object.entries(
     PROVIDER_MODEL_SHORTCUTS,
   )) {
-    const hasKey = provider === "ollama" || !!config.apiKeys[provider];
+    const hasKey = configuredProviders.has(provider);
     const isCurrent = config.provider === provider && config.model === model;
     const status = hasKey ? "✓" : "✗";
     const current = isCurrent ? " **[current]**" : "";
@@ -224,11 +234,13 @@ function resolveModelList(): SlashResolution {
   };
 }
 
-function resolveModelCommand(content: string): SlashResolution | null {
+async function resolveModelCommand(
+  content: string,
+): Promise<SlashResolution | null> {
   const trimmed = content.trim();
   // Match /models → route to list
   if (trimmed === "/models") {
-    return resolveModelList();
+    return await resolveModelList();
   }
 
   if (!trimmed.startsWith("/model")) return null;
@@ -251,7 +263,7 @@ function resolveModelCommand(content: string): SlashResolution | null {
 
   // Handle /model list
   if (args === "list") {
-    return resolveModelList();
+    return await resolveModelList();
   }
 
   // Try to match the model name
@@ -280,7 +292,7 @@ function resolveModelCommand(content: string): SlashResolution | null {
   }
 
   // Validate that Anthropic provider is available
-  if (!currentConfig.apiKeys.anthropic) {
+  if (!(await getSecureKeyAsync("anthropic"))) {
     const displayName = MODEL_DISPLAY_NAMES[matched] ?? matched;
     return {
       kind: "unknown",
@@ -343,16 +355,16 @@ function resolveStatusCommand(context: SlashContext): SlashResolution {
  * Resolve slash commands against the current skill catalog.
  * Returns `unknown` with a deterministic message, or the (possibly rewritten) content.
  */
-export function resolveSlash(
+export async function resolveSlash(
   content: string,
   context?: SlashContext,
-): SlashResolution {
+): Promise<SlashResolution> {
   // Check provider shortcuts first (/gpt4, /opus, etc.)
-  const providerResult = resolveProviderModelCommand(content);
+  const providerResult = await resolveProviderModelCommand(content);
   if (providerResult) return providerResult;
 
   // Handle /model command
-  const modelResult = resolveModelCommand(content);
+  const modelResult = await resolveModelCommand(content);
   if (modelResult) return modelResult;
 
   // Handle /pair command

package/src/daemon/session.ts

@@ -348,6 +348,7 @@ export class Session {
       provider,
       systemPrompt: () => resolveSystemPromptCallback([]).systemPrompt,
       config: config.contextWindow,
+      toolTokenBudget: this.agentLoop.getToolTokenBudget(),
     });
 
     void getHookManager().trigger("session-start", {

package/src/events/domain-events.ts

@@ -25,6 +25,7 @@ export interface ToolDomainEvents {
       | "allow_10m"
       | "allow_thread"
       | "always_allow"
+      | "always_allow_high_risk"
       | "deny"
       | "always_deny"
       | "temporary_override";

package/src/media/app-icon-generator.ts

@@ -15,6 +15,7 @@ import {
   buildManagedBaseUrl,
   resolveManagedProxyContext,
 } from "../providers/managed-proxy/context.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { getLogger } from "../util/logger.js";
 import {
   generateImage,
@@ -36,7 +37,7 @@ export async function generateAppIcon(
   appDescription?: string,
 ): Promise<void> {
   const config = getConfig();
-  const apiKey = config.apiKeys.gemini ?? process.env.GEMINI_API_KEY;
+  const apiKey = await getSecureKeyAsync("gemini");
 
   let credentials: ImageGenCredentials | undefined;
   if (apiKey) {

package/src/media/avatar-router.ts

@@ -3,6 +3,7 @@ import {
   buildManagedBaseUrl,
   resolveManagedProxyContext,
 } from "../providers/managed-proxy/context.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { ConfigError, ProviderError } from "../util/errors.js";
 import {
   generateImage,
@@ -13,7 +14,7 @@ export async function generateAvatar(
   prompt: string,
 ): Promise<{ imageBase64: string; mimeType: string }> {
   const config = getConfig();
-  const geminiKey = config.apiKeys.gemini ?? process.env.GEMINI_API_KEY;
+  const geminiKey = await getSecureKeyAsync("gemini");
 
   let credentials: ImageGenCredentials | undefined;
   if (geminiKey) {
@@ -32,7 +33,7 @@ export async function generateAvatar(
 
   if (!credentials) {
     throw new ConfigError(
-      "Gemini API key is not configured. Set it via `keys set gemini <key>` or the GEMINI_API_KEY environment variable.",
+      "Gemini API key is not configured. Set it via `keys set gemini <key>`.",
     );
   }
 

package/src/memory/canonical-guardian-store.ts

@@ -7,7 +7,7 @@
  * request from the expected status wins.
  */
 
-import { and, desc, eq } from "drizzle-orm";
+import { and, desc, eq, inArray } from "drizzle-orm";
 import { v4 as uuid } from "uuid";
 
 import { IntegrityError } from "../util/errors.js";
@@ -460,12 +460,29 @@ export function resolveCanonicalGuardianRequest(
 }
 
 /**
- * Expire all pending canonical guardian requests in a single bulk update.
+ * Request kinds whose resolution depends on the in-memory
+ * `pendingInteractions` Map. These kinds become unresolvable after a daemon
+ * restart because the Map is wiped, so they should be expired on startup.
+ *
+ * Persistent kinds (`access_request`, `tool_grant_request`) resolve without
+ * pending interactions and remain valid across restarts — they must NOT be
+ * expired here.
+ */
+const INTERACTION_BOUND_KINDS = ["tool_approval", "pending_question"];
+
+/**
+ * Expire pending interaction-bound canonical guardian requests in a single
+ * bulk update.
  *
  * Called at daemon startup to clean up requests that can never be completed
  * because the in-memory pending-interactions Map (which holds session
  * references needed by resolvers) was wiped on restart.
  *
+ * Only expires request kinds that depend on in-memory pending interactions
+ * (`tool_approval`, `pending_question`). Persistent kinds like
+ * `access_request` and `tool_grant_request` resolve without pending
+ * interactions and remain valid across restarts.
+ *
  * Returns the number of requests transitioned from pending → expired.
  */
 export function expireAllPendingCanonicalRequests(): number {
@@ -474,7 +491,12 @@ export function expireAllPendingCanonicalRequests(): number {
 
   db.update(canonicalGuardianRequests)
     .set({ status: "expired", updatedAt: now })
-    .where(eq(canonicalGuardianRequests.status, "pending"))
+    .where(
+      and(
+        eq(canonicalGuardianRequests.status, "pending"),
+        inArray(canonicalGuardianRequests.kind, INTERACTION_BOUND_KINDS),
+      ),
+    )
     .run();
 
   return rawChanges();

package/src/memory/db-init.ts

@@ -42,6 +42,7 @@ import {
   migrateCanonicalGuardianDeliveriesDestinationIndex,
   migrateCanonicalGuardianRequesterChatId,
   migrateChannelInboundDeliveredSegments,
+  migrateChannelInteractionColumns,
   migrateContactChannelsAccessFields,
   migrateContactChannelsTypeChatIdIndex,
   migrateContactsAssistantId,
@@ -51,8 +52,10 @@ import {
   migrateDropAccountsTable,
   migrateDropAssistantIdColumns,
   migrateDropConflicts,
+  migrateDropContactInteractionColumns,
   migrateDropEntityTables,
   migrateDropLegacyMemberGuardianTables,
+  migrateDropLoopbackPortColumn,
   migrateDropMemorySegmentFts,
   migrateDropRemindersTable,
   migrateDropUsageCompositeIndexes,
@@ -376,6 +379,15 @@ export function initializeDb(): void {
   // 60. Add required contact_id to assistant_ingress_invites and clean up legacy rows
   migrateInviteContactId(database);
 
+  // 61. Add interaction_count and last_interaction columns to contact_channels
+  migrateChannelInteractionColumns(database);
+
+  // 62. Drop interaction_count and last_interaction columns from contacts (now derived from channels)
+  migrateDropContactInteractionColumns(database);
+
+  // 63. Drop loopback_port column from oauth_providers (moved to code-side behavior registry)
+  migrateDropLoopbackPortColumn(database);
+
   validateMigrationState(database);
 
   if (process.env.BUN_TEST === "1") {

package/src/memory/embedding-backend.ts

@@ -2,6 +2,7 @@ import { createHash } from "node:crypto";
 
 import { getOllamaBaseUrlEnv } from "../config/env.js";
 import type { AssistantConfig } from "../config/types.js";
+import { getSecureKey } from "../security/secure-keys.js";
 import { getLogger } from "../util/logger.js";
 import { GeminiEmbeddingBackend } from "./embedding-gemini.js";
 import { OllamaEmbeddingBackend } from "./embedding-ollama.js";
@@ -255,7 +256,7 @@ export function selectEmbeddingBackend(
         config.memory.embeddings.ollamaModel,
         () =>
           new OllamaEmbeddingBackend(config.memory.embeddings.ollamaModel, {
-            apiKey: config.apiKeys.ollama,
+            apiKey: getSecureKey("ollama") ?? undefined,
           }),
       ),
       reason: null,
@@ -283,29 +284,32 @@ export function selectEmbeddingBackend(
           ),
           reason: null,
         };
-      case "openai":
-        if (!config.apiKeys.openai) continue;
+      case "openai": {
+        const openaiKey = getSecureKey("openai");
+        if (!openaiKey) continue;
         return {
           backend: getCachedOrCreate(
             "openai",
             config.memory.embeddings.openaiModel,
             () =>
               new OpenAIEmbeddingBackend(
-                config.apiKeys.openai,
+                openaiKey,
                 config.memory.embeddings.openaiModel,
               ),
           ),
           reason: null,
         };
-      case "gemini":
-        if (!config.apiKeys.gemini) continue;
+      }
+      case "gemini": {
+        const geminiKey = getSecureKey("gemini");
+        if (!geminiKey) continue;
         return {
           backend: getCachedOrCreate(
             "gemini",
             config.memory.embeddings.geminiModel,
             () =>
               new GeminiEmbeddingBackend(
-                config.apiKeys.gemini,
+                geminiKey,
                 config.memory.embeddings.geminiModel,
                 {
                   taskType: config.memory.embeddings.geminiTaskType,
@@ -316,6 +320,7 @@ export function selectEmbeddingBackend(
           ),
           reason: null,
         };
+      }
       case "ollama":
         if (!isOllamaConfigured(config)) continue;
         return {
@@ -324,7 +329,7 @@ export function selectEmbeddingBackend(
             config.memory.embeddings.ollamaModel,
             () =>
               new OllamaEmbeddingBackend(config.memory.embeddings.ollamaModel, {
-                apiKey: config.apiKeys.ollama,
+                apiKey: getSecureKey("ollama") ?? undefined,
               }),
           ),
           reason: null,
@@ -530,30 +535,33 @@ function selectFallbackBackends(
   for (const provider of order) {
     if (provider === exclude) continue;
     switch (provider) {
-      case "openai":
-        if (config.apiKeys.openai) {
+      case "openai": {
+        const openaiKey = getSecureKey("openai");
+        if (openaiKey) {
           backends.push(
             getCachedOrCreate(
               "openai",
               config.memory.embeddings.openaiModel,
               () =>
                 new OpenAIEmbeddingBackend(
-                  config.apiKeys.openai,
+                  openaiKey,
                   config.memory.embeddings.openaiModel,
                 ),
             ),
           );
         }
         break;
-      case "gemini":
-        if (config.apiKeys.gemini) {
+      }
+      case "gemini": {
+        const geminiKey = getSecureKey("gemini");
+        if (geminiKey) {
           backends.push(
             getCachedOrCreate(
               "gemini",
               config.memory.embeddings.geminiModel,
               () =>
                 new GeminiEmbeddingBackend(
-                  config.apiKeys.gemini,
+                  geminiKey,
                   config.memory.embeddings.geminiModel,
                   {
                     taskType: config.memory.embeddings.geminiTaskType,
@@ -565,6 +573,7 @@ function selectFallbackBackends(
           );
         }
         break;
+      }
       case "ollama":
         if (isOllamaConfigured(config)) {
           backends.push(
@@ -575,7 +584,7 @@ function selectFallbackBackends(
                 new OllamaEmbeddingBackend(
                   config.memory.embeddings.ollamaModel,
                   {
-                    apiKey: config.apiKeys.ollama,
+                    apiKey: getSecureKey("ollama") ?? undefined,
                   },
                 ),
             ),
@@ -614,7 +623,7 @@ export function selectedBackendSupportsMultimodal(
 function isOllamaConfigured(config: AssistantConfig): boolean {
   return (
     config.provider === "ollama" ||
-    Boolean(config.apiKeys.ollama) ||
+    Boolean(getSecureKey("ollama")) ||
     Boolean(getOllamaBaseUrlEnv())
   );
 }

package/src/memory/migrations/158-channel-interaction-columns.ts

@@ -0,0 +1,18 @@
+import type { DrizzleDb } from "../db-connection.js";
+
+export function migrateChannelInteractionColumns(database: DrizzleDb): void {
+  try {
+    database.run(
+      /*sql*/ `ALTER TABLE contact_channels ADD COLUMN interaction_count INTEGER NOT NULL DEFAULT 0`,
+    );
+  } catch {
+    /* already exists */
+  }
+  try {
+    database.run(
+      /*sql*/ `ALTER TABLE contact_channels ADD COLUMN last_interaction INTEGER`,
+    );
+  } catch {
+    /* already exists */
+  }
+}

package/src/memory/migrations/159-drop-contact-interaction-columns.ts

@@ -0,0 +1,16 @@
+import type { DrizzleDb } from "../db-connection.js";
+
+export function migrateDropContactInteractionColumns(
+  database: DrizzleDb,
+): void {
+  try {
+    database.run(/*sql*/ `ALTER TABLE contacts DROP COLUMN interaction_count`);
+  } catch {
+    /* already dropped or doesn't exist */
+  }
+  try {
+    database.run(/*sql*/ `ALTER TABLE contacts DROP COLUMN last_interaction`);
+  } catch {
+    /* already dropped or doesn't exist */
+  }
+}

package/src/memory/migrations/160-drop-loopback-port-column.ts

@@ -0,0 +1,13 @@
+import type { DrizzleDb } from "../db-connection.js";
+import { getSqliteFrom } from "../db-connection.js";
+
+export function migrateDropLoopbackPortColumn(database: DrizzleDb): void {
+  const raw = getSqliteFrom(database);
+  try {
+    raw.exec(
+      /*sql*/ `ALTER TABLE oauth_providers DROP COLUMN loopback_port`,
+    );
+  } catch {
+    // Column already dropped or doesn't exist — nothing to do.
+  }
+}

package/src/memory/migrations/index.ts

@@ -99,6 +99,9 @@ export { migrateDropMemorySegmentFts } from "./154-drop-fts.js";
 export { migrateDropConflicts } from "./155-drop-conflicts.js";
 export { migrateCallSessionInviteMetadata } from "./156-call-session-invite-metadata.js";
 export { migrateInviteContactId } from "./157-invite-contact-id.js";
+export { migrateChannelInteractionColumns } from "./158-channel-interaction-columns.js";
+export { migrateDropContactInteractionColumns } from "./159-drop-contact-interaction-columns.js";
+export { migrateDropLoopbackPortColumn } from "./160-drop-loopback-port-column.js";
 export {
   MIGRATION_REGISTRY,
   type MigrationRegistryEntry,