@vellumai/assistant 0.4.52 → 0.4.54

package/src/memory/published-pages-store.ts

@@ -22,89 +22,6 @@ export interface PublishedPageRecord {
   projectSlug: string | null;
 }
 
-export function createPublishedPage(record: {
-  id: string;
-  deploymentId: string;
-  publicUrl: string;
-  pageTitle?: string;
-  htmlHash: string;
-  appId?: string;
-  projectSlug?: string;
-}): void {
-  const db = getDb();
-  db.insert(publishedPages)
-    .values({
-      id: record.id,
-      deploymentId: record.deploymentId,
-      publicUrl: record.publicUrl,
-      pageTitle: record.pageTitle ?? null,
-      htmlHash: record.htmlHash,
-      publishedAt: Date.now(),
-      status: "active",
-      appId: record.appId ?? null,
-      projectSlug: record.projectSlug ?? null,
-    })
-    .run();
-}
-
-export function getPublishedPageByDeploymentId(
-  deploymentId: string,
-): PublishedPageRecord | null {
-  const db = getDb();
-  const row = db
-    .select()
-    .from(publishedPages)
-    .where(eq(publishedPages.deploymentId, deploymentId))
-    .get();
-
-  return row ?? null;
-}
-
-export function getPublishedPageByHash(
-  hash: string,
-): PublishedPageRecord | null {
-  const db = getDb();
-  const row = db
-    .select()
-    .from(publishedPages)
-    .where(
-      and(
-        eq(publishedPages.htmlHash, hash),
-        eq(publishedPages.status, "active"),
-      ),
-    )
-    .get();
-
-  return row ?? null;
-}
-
-export function listPublishedPages(): PublishedPageRecord[] {
-  const db = getDb();
-  return db
-    .select()
-    .from(publishedPages)
-    .where(eq(publishedPages.status, "active"))
-    .all();
-}
-
-export function markDeleted(id: string): boolean {
-  const db = getDb();
-  const existing = db
-    .select({ id: publishedPages.id })
-    .from(publishedPages)
-    .where(eq(publishedPages.id, id))
-    .get();
-
-  if (!existing) return false;
-
-  db.update(publishedPages)
-    .set({ status: "deleted" })
-    .where(eq(publishedPages.id, id))
-    .run();
-
-  return true;
-}
-
 export function getActivePublishedPageByAppId(
   appId: string,
 ): PublishedPageRecord | null {

package/src/memory/qdrant-circuit-breaker.ts

@@ -108,11 +108,3 @@ export function _resetQdrantBreaker(): void {
   openedAt = 0;
   halfOpenProbeInFlight = false;
 }
-
-/** @internal Test-only: get breaker state */
-export function _getQdrantBreakerState(): {
-  state: BreakerState;
-  consecutiveFailures: number;
-} {
-  return { state: breakerState, consecutiveFailures };
-}

package/src/memory/retriever.test.ts

@@ -374,7 +374,14 @@ describe("Memory Retriever Pipeline", () => {
     const convId = "conv-superseded";
 
     insertConversation(db, convId, now - 60_000);
-    insertMessage(db, "msg-s1", convId, "user", "test superseded", now - 50_000);
+    insertMessage(
+      db,
+      "msg-s1",
+      convId,
+      "user",
+      "test superseded",
+      now - 50_000,
+    );
 
     insertSegment(
       db,
@@ -535,12 +542,6 @@ describe("Memory Retriever Pipeline", () => {
 
     const requiredEmbedConfig: AssistantConfig = {
       ...TEST_CONFIG,
-      apiKeys: {
-        ...TEST_CONFIG.apiKeys,
-        openai: "",
-        gemini: "",
-        ollama: "",
-      },
       memory: {
         ...TEST_CONFIG.memory,
         embeddings: {
@@ -595,7 +596,8 @@ describe("Memory Retriever Pipeline", () => {
       role: "user" | "assistant";
       content: Array<{ type: string; text?: string }>;
     };
-    const recallText = "<memory_context>\n\n<relevant_context>\nsome context\n</relevant_context>\n\n</memory_context>";
+    const recallText =
+      "<memory_context>\n\n<relevant_context>\nsome context\n</relevant_context>\n\n</memory_context>";
 
     const msgs: Msg[] = [
       {
@@ -615,7 +617,9 @@ describe("Memory Retriever Pipeline", () => {
     const cleaned = stripMemoryRecallMessages(msgs, recallText);
     expect(cleaned).toHaveLength(1);
     expect(cleaned[0].role).toBe("user");
-    expect(cleaned[0].content[0].text).toBe("Hello, what do you know about me?");
+    expect(cleaned[0].content[0].text).toBe(
+      "Hello, what do you know about me?",
+    );
   });
 
   test("stripMemoryRecallMessages: handles <memory_context> with slightly different content", () => {
@@ -623,8 +627,10 @@ describe("Memory Retriever Pipeline", () => {
       role: "user" | "assistant";
       content: Array<{ type: string; text?: string }>;
     };
-    const originalRecall = "<memory_context>\n\n<relevant_context>\noriginal\n</relevant_context>\n\n</memory_context>";
-    const actualRecall = "<memory_context>\n\n<relevant_context>\nslightly different\n</relevant_context>\n\n</memory_context>";
+    const originalRecall =
+      "<memory_context>\n\n<relevant_context>\noriginal\n</relevant_context>\n\n</memory_context>";
+    const actualRecall =
+      "<memory_context>\n\n<relevant_context>\nslightly different\n</relevant_context>\n\n</memory_context>";
 
     const msgs: Msg[] = [
       {
@@ -663,7 +669,8 @@ describe("Memory Retriever Pipeline", () => {
       },
     ];
 
-    const recallText = "<memory_context>\n\n<relevant_context>\ntest\n</relevant_context>\n\n</memory_context>";
+    const recallText =
+      "<memory_context>\n\n<relevant_context>\ntest\n</relevant_context>\n\n</memory_context>";
     const result = injectMemoryRecallAsSeparateMessage(msgs, recallText);
 
     expect(result).toHaveLength(3);

package/src/memory/retriever.ts

@@ -166,7 +166,7 @@ async function generateQueryEmbedding(
   signal: AbortSignal | undefined,
   start: number,
 ): Promise<EmbeddingResult | { earlyExit: MemoryRecallResult }> {
-  const backendStatus = getMemoryBackendStatus(config);
+  const backendStatus = await getMemoryBackendStatus(config);
   let queryVector: number[] | null = null;
   let provider: string | undefined;
   let model: string | undefined;

package/src/memory/schema/contacts.ts

@@ -6,8 +6,6 @@ export const contacts = sqliteTable("contacts", {
   id: text("id").primaryKey(),
   displayName: text("display_name").notNull(),
   notes: text("notes"),
-  lastInteraction: integer("last_interaction"), // epoch ms
-  interactionCount: integer("interaction_count").notNull().default(0),
   createdAt: integer("created_at").notNull(),
   updatedAt: integer("updated_at").notNull(),
   role: text("role").notNull().default("contact"), // 'guardian' | 'contact'
@@ -37,6 +35,8 @@ export const contactChannels = sqliteTable(
     revokedReason: text("revoked_reason"),
     blockedReason: text("blocked_reason"),
     lastSeenAt: integer("last_seen_at"), // epoch ms
+    interactionCount: integer("interaction_count").notNull().default(0),
+    lastInteraction: integer("last_interaction"),
     updatedAt: integer("updated_at"), // epoch ms
     createdAt: integer("created_at").notNull(),
   },

package/src/memory/schema/oauth.ts

@@ -17,7 +17,6 @@ export const oauthProviders = sqliteTable("oauth_providers", {
   scopePolicy: text("scope_policy").notNull().default("{}"),
   extraParams: text("extra_params"),
   callbackTransport: text("callback_transport"),
-  loopbackPort: integer("loopback_port"),
   pingUrl: text("ping_url"),
   createdAt: integer("created_at").notNull(),
   updatedAt: integer("updated_at").notNull(),

package/src/memory/search/semantic.ts

@@ -2,11 +2,7 @@ import { inArray } from "drizzle-orm";
 
 import { getLogger } from "../../util/logger.js";
 import { getDb } from "../db.js";
-import {
-  _getQdrantBreakerState,
-  _resetQdrantBreaker,
-  withQdrantBreaker,
-} from "../qdrant-circuit-breaker.js";
+import { withQdrantBreaker } from "../qdrant-circuit-breaker.js";
 import type {
   QdrantSearchResult,
   QdrantSparseVector,
@@ -24,9 +20,6 @@ import type { Candidate } from "./types.js";
 
 const _log = getLogger("semantic-search");
 
-// Re-export for tests that depend on these from this module
-export { _getQdrantBreakerState, _resetQdrantBreaker };
-
 export async function semanticSearch(
   queryVector: number[],
   _provider: string,

package/src/memory/shared-app-links-store.ts

@@ -104,21 +104,6 @@ export function getSharedAppLink(
   };
 }
 
-export function deleteSharedAppLink(id: string): boolean {
-  const db = getDb();
-  const existing = db
-    .select({ id: sharedAppLinks.id })
-    .from(sharedAppLinks)
-    .where(eq(sharedAppLinks.id, id))
-    .get();
-
-  if (!existing) return false;
-
-  db.delete(sharedAppLinks).where(eq(sharedAppLinks.id, id)).run();
-
-  return true;
-}
-
 export function deleteSharedAppLinkByToken(shareToken: string): boolean {
   const db = getDb();
   const existing = db

package/src/messaging/registry.ts

@@ -33,8 +33,3 @@ export async function getConnectedProviders(): Promise<MessagingProvider[]> {
   }
   return results;
 }
-
-/** Return all registered provider IDs. */
-export function getRegisteredProviderIds(): string[] {
-  return Array.from(providers.keys());
-}

package/src/messaging/style-analyzer.ts

@@ -127,7 +127,7 @@ export async function extractStylePatterns(
     .map((e, i) => `--- Message ${i + 1} ---\n${e}`)
     .join("\n\n");
 
-  const provider = getConfiguredProvider();
+  const provider = await getConfiguredProvider();
   if (!provider) {
     return { stylePatterns: [], contactObservations: [] };
   }

package/src/notifications/copy-composer.ts

@@ -117,21 +117,10 @@ export function buildAccessRequestIdentityLine(
   return `${parts.join(" ")} is requesting access to the assistant.`;
 }
 
-export function buildAccessRequestDecisionDirective(
-  requestCode: string,
-): string {
-  const code = requestCode.toUpperCase();
-  return `Reply "${code} approve" to grant access or "${code} reject" to deny.`;
-}
-
 export function buildAccessRequestInviteDirective(): string {
   return 'Reply "open invite flow" to start Trusted Contacts invite flow.';
 }
 
-export function buildAccessRequestRevokedNote(): string {
-  return "Note: this user was previously revoked.";
-}
-
 /**
  * Normalize text before running directive-matching regexes.
  *
@@ -222,10 +211,13 @@ export function buildAccessRequestContractText(
   const lines: string[] = [];
   lines.push(buildAccessRequestIdentityLine(payload));
   if (previousMemberStatus === "revoked") {
-    lines.push(buildAccessRequestRevokedNote());
+    lines.push("Note: this user was previously revoked.");
   }
   if (requestCode) {
-    lines.push(buildAccessRequestDecisionDirective(requestCode));
+    const code = requestCode.toUpperCase();
+    lines.push(
+      `Reply "${code} approve" to grant access or "${code} reject" to deny.`,
+    );
   }
   lines.push(buildAccessRequestInviteDirective());
   return lines.join("\n");

package/src/notifications/decision-engine.ts

@@ -711,7 +711,7 @@ export async function evaluateSignal(
     );
   }
 
-  const provider = getConfiguredProvider();
+  const provider = await getConfiguredProvider();
   if (!provider) {
     log.warn(
       "Configured provider unavailable for notification decision, using fallback",
@@ -767,7 +767,7 @@ async function classifyWithLLM(
   modelIntent: ModelIntent,
   candidateSet?: ThreadCandidateSet,
 ): Promise<NotificationDecision> {
-  const provider = getConfiguredProvider()!;
+  const provider = (await getConfiguredProvider())!;
   const { signal: abortSignal, cleanup } = createTimeout(DECISION_TIMEOUT_MS);
 
   const candidateContext = candidateSet

package/src/notifications/deliveries-store.ts

@@ -159,45 +159,6 @@ export function updateDeliveryStatus(
   return rawChanges() > 0;
 }
 
-/**
- * Update a delivery record with the client-side outcome of posting the
- * notification via UNUserNotificationCenter.add().
- *
- * Returns true if a row was updated, false otherwise (e.g. unknown deliveryId).
- */
-export function updateDeliveryClientOutcome(
-  deliveryId: string,
-  success: boolean,
-  error?: { code?: string; message?: string },
-): boolean {
-  const db = getDb();
-  const now = Date.now();
-
-  const updates: Record<string, unknown> = {
-    clientDeliveryStatus: success ? "delivered" : "client_failed",
-    clientDeliveryAt: now,
-    updatedAt: now,
-  };
-
-  if (success) {
-    // Clear any stale error from previous failed attempts
-    updates.clientDeliveryError = null;
-  } else if (error?.message) {
-    updates.clientDeliveryError = error.code
-      ? `[${error.code}] ${error.message}`
-      : error.message;
-  } else if (error?.code) {
-    updates.clientDeliveryError = error.code;
-  }
-
-  db.update(notificationDeliveries)
-    .set(updates)
-    .where(eq(notificationDeliveries.id, deliveryId))
-    .run();
-
-  return rawChanges() > 0;
-}
-
 /** Check whether a delivery already exists for a given decision+channel pair. */
 export function findDeliveryByDecisionAndChannel(
   decisionId: string,

package/src/notifications/guardian-question-mode.ts

@@ -6,15 +6,11 @@
  * fields like `toolName`.
  */
 
-export const GUARDIAN_QUESTION_REQUEST_KINDS = {
-  pending_question: "pending_question",
-  tool_approval: "tool_approval",
-  tool_grant_request: "tool_grant_request",
-  access_request: "access_request",
-} as const;
-
 export type GuardianQuestionRequestKind =
-  keyof typeof GUARDIAN_QUESTION_REQUEST_KINDS;
+  | "pending_question"
+  | "tool_approval"
+  | "tool_grant_request"
+  | "access_request";
 export type GuardianQuestionInstructionMode = "approval" | "answer";
 
 interface GuardianRequestKindModeConfig {
@@ -151,7 +147,7 @@ function nonEmptyString(value: unknown): string | null {
   return trimmed.length > 0 ? trimmed : null;
 }
 
-export function parseGuardianQuestionRequestKind(
+function parseGuardianQuestionRequestKind(
   payload: Record<string, unknown>,
 ): GuardianQuestionRequestKind | null {
   const raw = nonEmptyString(payload.requestKind);
@@ -241,7 +237,7 @@ export function parseGuardianQuestionPayload(
   }
 }
 
-export function resolveGuardianInstructionModeForRequestKind(
+function resolveGuardianInstructionModeForRequestKind(
   requestKind: GuardianQuestionRequestKind,
   toolName?: string | null,
 ): GuardianQuestionInstructionMode {

package/src/notifications/preference-extractor.ts

@@ -140,7 +140,7 @@ const EXTRACTION_TOOL = {
 export async function extractPreferences(
   message: string,
 ): Promise<ExtractionResult> {
-  const provider = getConfiguredProvider();
+  const provider = await getConfiguredProvider();
   if (!provider) {
     log.debug("No provider available for preference extraction");
     return { detected: false, preferences: [] };

package/src/oauth/byo-connection.test.ts

@@ -117,7 +117,7 @@ mock.module("./oauth-store.js", () => ({
 // Imports (after mocks)
 // ---------------------------------------------------------------------------
 
-import { setSecureKey } from "../security/secure-keys.js";
+import { setSecureKeyAsync } from "../security/secure-keys.js";
 import {
   _resetInflightRefreshes,
   _resetRefreshBreakers,
@@ -183,7 +183,7 @@ afterEach(() => {
   }
 });
 
-function setupCredential(
+async function setupCredential(
   service: string,
   opts?: { expiresAt?: number; grantedScopes?: string[] },
 ) {
@@ -214,13 +214,19 @@ function setupCredential(
     accountInfo: null,
   });
   // Store access token in oauth-store key format
-  setSecureKey(`oauth_connection/${connId}/access_token`, "test-access-token");
+  await setSecureKeyAsync(
+    `oauth_connection/${connId}/access_token`,
+    "test-access-token",
+  );
   // Store refresh token and client_secret in secure keys (token-manager reads them)
-  setSecureKey(
+  await setSecureKeyAsync(
     `oauth_connection/${connId}/refresh_token`,
     "test-refresh-token",
   );
-  setSecureKey(`oauth_app/${appId}/client_secret`, "test-client-secret");
+  await setSecureKeyAsync(
+    `oauth_app/${appId}/client_secret`,
+    "test-client-secret",
+  );
   upsertCredentialMetadata(service, "access_token", {});
 }
 
@@ -242,7 +248,7 @@ function createConnection(service = "integration:google"): BYOOAuthConnection {
 describe("BYOOAuthConnection", () => {
   describe("request()", () => {
     test("makes authenticated request with Bearer token", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       const result = await conn.request({
@@ -266,7 +272,7 @@ describe("BYOOAuthConnection", () => {
     });
 
     test("appends query parameters", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       await conn.request({
@@ -282,7 +288,7 @@ describe("BYOOAuthConnection", () => {
     });
 
     test("uses per-request baseUrl override", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       await conn.request({
@@ -296,7 +302,7 @@ describe("BYOOAuthConnection", () => {
     });
 
     test("sends JSON body for POST requests", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       await conn.request({
@@ -316,7 +322,7 @@ describe("BYOOAuthConnection", () => {
     });
 
     test("retries once on 401 response", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       // First call returns 401, second returns 200
@@ -344,7 +350,7 @@ describe("BYOOAuthConnection", () => {
     });
 
     test("handles empty response body", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       globalThis.fetch = mock(() =>
@@ -361,7 +367,7 @@ describe("BYOOAuthConnection", () => {
     });
 
     test("handles non-JSON response body", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       globalThis.fetch = mock(() =>
@@ -378,7 +384,7 @@ describe("BYOOAuthConnection", () => {
     });
 
     test("returns response headers", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       globalThis.fetch = mock(() =>
@@ -402,7 +408,7 @@ describe("BYOOAuthConnection", () => {
     });
 
     test("includes custom request headers", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       await conn.request({
@@ -421,7 +427,7 @@ describe("BYOOAuthConnection", () => {
   describe("proactive token refresh", () => {
     test("refreshes token when near expiry (within 5-minute buffer)", async () => {
       // Set token to expire in 2 minutes (within 5-min buffer)
-      setupCredential("integration:google", {
+      await setupCredential("integration:google", {
         expiresAt: Date.now() + 2 * 60 * 1000,
       });
       const conn = createConnection();
@@ -445,7 +451,7 @@ describe("BYOOAuthConnection", () => {
 
   describe("withToken()", () => {
     test("provides valid token to callback", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       const result = await conn.withToken(async (token) => {
@@ -456,7 +462,7 @@ describe("BYOOAuthConnection", () => {
     });
 
     test("retries callback on 401 error", async () => {
-      setupCredential("integration:google");
+      await setupCredential("integration:google");
       const conn = createConnection();
 
       let callCount = 0;
@@ -489,7 +495,7 @@ describe("BYOOAuthConnection", () => {
 
 describe("resolveOAuthConnection", () => {
   test("returns a BYOOAuthConnection for valid credential", async () => {
-    setupCredential("integration:google");
+    await setupCredential("integration:google");
     const conn = await resolveOAuthConnection("integration:google");
 
     expect(conn).toBeInstanceOf(BYOOAuthConnection);
@@ -504,7 +510,7 @@ describe("resolveOAuthConnection", () => {
   });
 
   test("throws when no base URL configured", async () => {
-    setupCredential("integration:custom-service");
+    await setupCredential("integration:custom-service");
     await expect(
       resolveOAuthConnection("integration:custom-service"),
     ).rejects.toThrow(
@@ -541,7 +547,10 @@ describe("resolveOAuthConnection", () => {
       grantedScopes: JSON.stringify(["repo"]),
       accountInfo: null,
     });
-    setSecureKey(`oauth_connection/${connId}/access_token`, "ghp-test-token");
+    await setSecureKeyAsync(
+      `oauth_connection/${connId}/access_token`,
+      "ghp-test-token",
+    );
 
     const conn = await resolveOAuthConnection("integration:github-work");
 

package/src/oauth/connect-orchestrator.ts

@@ -48,6 +48,7 @@ function resolveBehavior(providerKey: string): {
   setup?: OAuthProviderBehavior["setup"];
   setupSkillId?: string;
   postConnectHookId?: string;
+  loopbackPort?: number;
 } {
   const behavior = getProviderBehavior(providerKey);
   if (!behavior) return {};
@@ -56,6 +57,7 @@ function resolveBehavior(providerKey: string): {
     setup: behavior.setup,
     setupSkillId: behavior.setupSkillId,
     postConnectHookId: behavior.postConnectHookId,
+    loopbackPort: behavior.loopbackPort,
   };
 }
 
@@ -161,7 +163,7 @@ export async function orchestrateOAuthConnect(
   const callbackTransport =
     (providerRow.callbackTransport as "loopback" | "gateway" | null) ??
     "loopback";
-  const loopbackPort = providerRow.loopbackPort;
+  const loopbackPort = behavior.loopbackPort;
 
   // Resolve scopes via the scope policy engine
   const scopeProfile = {
@@ -240,7 +242,7 @@ export async function orchestrateOAuthConnect(
       const prepared = await prepareOAuth2Flow(
         oauthConfig,
         callbackTransport === "loopback"
-          ? { callbackTransport, loopbackPort: loopbackPort ?? undefined }
+          ? { callbackTransport, loopbackPort }
           : callbackTransport === "gateway"
             ? { callbackTransport }
             : undefined,
@@ -345,7 +347,7 @@ export async function orchestrateOAuthConnect(
         },
       },
       callbackTransport === "loopback"
-        ? { callbackTransport, loopbackPort: loopbackPort ?? undefined }
+        ? { callbackTransport, loopbackPort }
         : callbackTransport === "gateway"
           ? { callbackTransport }
           : undefined,

package/src/oauth/connect-types.ts

@@ -34,8 +34,8 @@ export interface OAuthScopePolicy {
  * Code-side behavioral configuration for a well-known OAuth provider.
  *
  * Protocol-level fields (authUrl, tokenUrl, defaultScopes, scopePolicy,
- * tokenEndpointAuthMethod, callbackTransport, loopbackPort, userinfoUrl,
- * extraParams) are stored in the `oauth_providers` DB table. This
+ * tokenEndpointAuthMethod, callbackTransport, userinfoUrl, extraParams)
+ * are stored in the `oauth_providers` DB table. This
  * interface contains only fields that require code references (functions,
  * templates, skill IDs) and cannot be serialised to a DB row.
  */
@@ -74,6 +74,13 @@ export interface OAuthProviderBehavior {
    * agent to load this skill rather than embedding instructions inline.
    */
   setupSkillId?: string;
+  /**
+   * Fixed port for the loopback OAuth callback server. When set, the
+   * server binds to this port instead of an OS-assigned random port.
+   * Required for providers that need pre-registered redirect URIs
+   * (e.g. Slack, Notion).
+   */
+  loopbackPort?: number;
 }
 
 // ---------------------------------------------------------------------------