@vellumai/assistant 0.4.53 → 0.4.54

package/src/providers/managed-proxy/context.ts

@@ -11,7 +11,7 @@
 
 import { getPlatformBaseUrl } from "../../config/env.js";
 import { credentialKey } from "../../security/credential-key.js";
-import { getSecureKey } from "../../security/secure-keys.js";
+import { getSecureKeyAsync } from "../../security/secure-keys.js";
 import { MANAGED_PROVIDER_META } from "./constants.js";
 
 /** Storage key for the assistant API key credential. */
@@ -35,9 +35,10 @@ export interface ManagedProxyContext {
  * Returns an enabled context only when both the platform base URL and
  * the assistant API key are present. Otherwise returns a disabled context.
  */
-export function resolveManagedProxyContext(): ManagedProxyContext {
+export async function resolveManagedProxyContext(): Promise<ManagedProxyContext> {
   const platformBaseUrl = getPlatformBaseUrl().replace(/\/+$/, "");
-  const assistantApiKey = getSecureKey(ASSISTANT_API_KEY_STORAGE_KEY) ?? "";
+  const assistantApiKey =
+    (await getSecureKeyAsync(ASSISTANT_API_KEY_STORAGE_KEY)) ?? "";
 
   const enabled = !!platformBaseUrl && !!assistantApiKey;
 
@@ -48,8 +49,8 @@ export function resolveManagedProxyContext(): ManagedProxyContext {
  * Check whether managed proxy prerequisites are available.
  * Shorthand for checking that both platform URL and assistant API key exist.
  */
-export function hasManagedProxyPrereqs(): boolean {
-  return resolveManagedProxyContext().enabled;
+export async function hasManagedProxyPrereqs(): Promise<boolean> {
+  return (await resolveManagedProxyContext()).enabled;
 }
 
 /**
@@ -58,11 +59,13 @@ export function hasManagedProxyPrereqs(): boolean {
  * Combines the platform base URL with the provider's deterministic proxy path.
  * Returns undefined if the provider is not managed or prerequisites are missing.
  */
-export function buildManagedBaseUrl(provider: string): string | undefined {
+export async function buildManagedBaseUrl(
+  provider: string,
+): Promise<string | undefined> {
   const meta = MANAGED_PROVIDER_META[provider];
   if (!meta?.managed || !meta.proxyPath) return undefined;
 
-  const ctx = resolveManagedProxyContext();
+  const ctx = await resolveManagedProxyContext();
   if (!ctx.enabled) return undefined;
 
   return `${ctx.platformBaseUrl}${meta.proxyPath}`;
@@ -74,8 +77,10 @@ export function buildManagedBaseUrl(provider: string): string | undefined {
  * Returns true when the provider supports managed proxy routing and
  * all prerequisites (platform URL + assistant API key) are satisfied.
  */
-export function managedFallbackEnabledFor(provider: string): boolean {
+export async function managedFallbackEnabledFor(
+  provider: string,
+): Promise<boolean> {
   const meta = MANAGED_PROVIDER_META[provider];
   if (!meta?.managed) return false;
-  return hasManagedProxyPrereqs();
+  return await hasManagedProxyPrereqs();
 }

package/src/providers/provider-send-message.ts

@@ -40,12 +40,12 @@ let fallbackWarningLogged = false;
  *
  * Returns `null` when no providers are available at all.
  */
-export function resolveConfiguredProvider(): ConfiguredProviderResult | null {
+export async function resolveConfiguredProvider(): Promise<ConfiguredProviderResult | null> {
   const config = getConfig();
 
   if (listProviders().length === 0) {
     try {
-      initializeProviders(config);
+      await initializeProviders(config);
     } catch {
       return null;
     }
@@ -89,8 +89,8 @@ export function resolveConfiguredProvider(): ConfiguredProviderResult | null {
  *
  * Returns `null` when no providers are available.
  */
-export function getConfiguredProvider(): Provider | null {
-  const result = resolveConfiguredProvider();
+export async function getConfiguredProvider(): Promise<Provider | null> {
+  const result = await resolveConfiguredProvider();
   return result?.provider ?? null;
 }
 
@@ -170,51 +170,3 @@ export function extractToolUse(
 export function userMessage(text: string): Message {
   return { role: "user", content: [{ type: "text", text }] };
 }
-
-/**
- * Build a single user message with image + text content.
- */
-export function userMessageWithImage(
-  imageBase64: string,
-  mediaType: string,
-  text: string,
-): Message {
-  return {
-    role: "user",
-    content: [
-      {
-        type: "image",
-        source: {
-          type: "base64",
-          media_type: mediaType,
-          data: imageBase64,
-        },
-      },
-      { type: "text", text },
-    ],
-  };
-}
-
-/**
- * Build a single user message with multiple images followed by a text block.
- * Each image becomes its own content block; the text block comes last.
- */
-export function userMessageWithImages(
-  images: Array<{ base64: string; mediaType: string }>,
-  text: string,
-): Message {
-  return {
-    role: "user",
-    content: [
-      ...images.map((img) => ({
-        type: "image" as const,
-        source: {
-          type: "base64" as const,
-          media_type: img.mediaType,
-          data: img.base64,
-        },
-      })),
-      { type: "text" as const, text },
-    ],
-  };
-}

package/src/providers/registry.ts

@@ -1,5 +1,5 @@
 import { wrapWithLogfire } from "../logfire.js";
-import { getSecureKey } from "../security/secure-keys.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { ConfigError, ProviderNotConfiguredError } from "../util/errors.js";
 import { AnthropicProvider } from "./anthropic/client.js";
 import { FailoverProvider, type ProviderHealthStatus } from "./failover.js";
@@ -202,7 +202,9 @@ export function getProviderDebugStatus(
   };
 }
 
-export function initializeProviders(config: ProvidersConfig): void {
+export async function initializeProviders(
+  config: ProvidersConfig,
+): Promise<void> {
   providers.clear();
   routingSources.clear();
   cachedFailoverProvider = null;
@@ -211,7 +213,7 @@ export function initializeProviders(config: ProvidersConfig): void {
   const streamTimeoutMs =
     (config.timeouts?.providerStreamTimeoutSec ?? 300) * 1000;
 
-  const anthropicKey = getSecureKey("anthropic");
+  const anthropicKey = await getSecureKeyAsync("anthropic");
   if (anthropicKey) {
     const model = resolveModel(config, "anthropic");
     registerProvider(
@@ -228,9 +230,9 @@ export function initializeProviders(config: ProvidersConfig): void {
     routingSources.set("anthropic", "user-key");
   } else {
     // No user Anthropic key — route through managed proxy
-    const managedBaseUrl = buildManagedBaseUrl("anthropic");
+    const managedBaseUrl = await buildManagedBaseUrl("anthropic");
     if (managedBaseUrl) {
-      const ctx = resolveManagedProxyContext();
+      const ctx = await resolveManagedProxyContext();
       const model = resolveModel(config, "anthropic");
       registerProvider(
         "anthropic",
@@ -248,7 +250,7 @@ export function initializeProviders(config: ProvidersConfig): void {
       routingSources.set("anthropic", "managed-proxy");
     }
   }
-  const openaiKey = getSecureKey("openai");
+  const openaiKey = await getSecureKeyAsync("openai");
   if (openaiKey) {
     const model = resolveModel(config, "openai");
     registerProvider(
@@ -261,9 +263,9 @@ export function initializeProviders(config: ProvidersConfig): void {
     );
     routingSources.set("openai", "user-key");
   } else {
-    const managedBaseUrl = buildManagedBaseUrl("openai");
+    const managedBaseUrl = await buildManagedBaseUrl("openai");
     if (managedBaseUrl) {
-      const ctx = resolveManagedProxyContext();
+      const ctx = await resolveManagedProxyContext();
       const model = resolveModel(config, "openai");
       registerProvider(
         "openai",
@@ -279,7 +281,7 @@ export function initializeProviders(config: ProvidersConfig): void {
       routingSources.set("openai", "managed-proxy");
     }
   }
-  const geminiKey = getSecureKey("gemini");
+  const geminiKey = await getSecureKeyAsync("gemini");
   if (geminiKey) {
     const model = resolveModel(config, "gemini");
     registerProvider(
@@ -293,9 +295,9 @@ export function initializeProviders(config: ProvidersConfig): void {
     routingSources.set("gemini", "user-key");
   } else {
     // No user Gemini key — route through Vertex managed proxy
-    const managedBaseUrl = buildManagedBaseUrl("vertex");
+    const managedBaseUrl = await buildManagedBaseUrl("vertex");
     if (managedBaseUrl) {
-      const ctx = resolveManagedProxyContext();
+      const ctx = await resolveManagedProxyContext();
       const model = resolveModel(config, "gemini");
       registerProvider(
         "gemini",
@@ -311,7 +313,7 @@ export function initializeProviders(config: ProvidersConfig): void {
       routingSources.set("gemini", "managed-proxy");
     }
   }
-  const ollamaKey = getSecureKey("ollama");
+  const ollamaKey = await getSecureKeyAsync("ollama");
   if (config.provider === "ollama" || ollamaKey) {
     const model = resolveModel(config, "ollama");
     registerProvider(
@@ -327,7 +329,7 @@ export function initializeProviders(config: ProvidersConfig): void {
     );
     routingSources.set("ollama", "user-key");
   }
-  const fireworksKey = getSecureKey("fireworks");
+  const fireworksKey = await getSecureKeyAsync("fireworks");
   if (fireworksKey) {
     const model = resolveModel(config, "fireworks");
     registerProvider(
@@ -341,26 +343,8 @@ export function initializeProviders(config: ProvidersConfig): void {
       ),
     );
     routingSources.set("fireworks", "user-key");
-  } else {
-    const managedBaseUrl = buildManagedBaseUrl("fireworks");
-    if (managedBaseUrl) {
-      const ctx = resolveManagedProxyContext();
-      const model = resolveModel(config, "fireworks");
-      registerProvider(
-        "fireworks",
-        new RetryProvider(
-          wrapWithLogfire(
-            new FireworksProvider(ctx.assistantApiKey, model, {
-              baseURL: managedBaseUrl,
-              streamTimeoutMs,
-            }),
-          ),
-        ),
-      );
-      routingSources.set("fireworks", "managed-proxy");
-    }
   }
-  const openrouterKey = getSecureKey("openrouter");
+  const openrouterKey = await getSecureKeyAsync("openrouter");
   if (openrouterKey) {
     const model = resolveModel(config, "openrouter");
     registerProvider(
@@ -374,23 +358,5 @@ export function initializeProviders(config: ProvidersConfig): void {
       ),
     );
     routingSources.set("openrouter", "user-key");
-  } else {
-    const managedBaseUrl = buildManagedBaseUrl("openrouter");
-    if (managedBaseUrl) {
-      const ctx = resolveManagedProxyContext();
-      const model = resolveModel(config, "openrouter");
-      registerProvider(
-        "openrouter",
-        new RetryProvider(
-          wrapWithLogfire(
-            new OpenRouterProvider(ctx.assistantApiKey, model, {
-              baseURL: managedBaseUrl,
-              streamTimeoutMs,
-            }),
-          ),
-        ),
-      );
-      routingSources.set("openrouter", "managed-proxy");
-    }
   }
 }

package/src/runtime/actor-token-store.ts

@@ -155,29 +155,6 @@ export function revokeByDeviceBinding(
   return matching.length;
 }
 
-/**
- * Find all active actor token records for a given guardianPrincipalId.
- * Used for multi-device guardian fanout — returns all bound devices (macOS, iOS, etc.)
- * so notification targeting can reach every device for the same guardian identity.
- */
-export function findActiveByGuardianPrincipalId(
-  guardianPrincipalId: string,
-): ActorTokenRecord[] {
-  const db = getDb();
-  const rows = db
-    .select()
-    .from(actorTokenRecords)
-    .where(
-      and(
-        eq(actorTokenRecords.guardianPrincipalId, guardianPrincipalId),
-        eq(actorTokenRecords.status, "active"),
-      ),
-    )
-    .all();
-
-  return rows.map(rowToRecord);
-}
-
 /**
  * Revoke a single token by its hash.
  */

package/src/runtime/http-router.ts

@@ -86,10 +86,14 @@ export class HttpRouter {
     server: ReturnType<typeof Bun.serve>,
     authContext: AuthContext,
   ): Promise<Response | null> {
+    // Normalize trailing slashes so "/integrations/twilio/config/" matches
+    // a route defined as "integrations/twilio/config".
+    const normalized = endpoint.endsWith("/") ? endpoint.slice(0, -1) : endpoint;
+
     for (const compiled of this.compiledRoutes) {
       if (compiled.def.method !== req.method) continue;
 
-      const match = endpoint.match(compiled.regex);
+      const match = normalized.match(compiled.regex);
       if (!match) continue;
 
       // Extract named params

package/src/runtime/http-server.ts

@@ -42,6 +42,10 @@ import {
   recordConversationSeenSignal,
   type SignalType,
 } from "../memory/conversation-attention-store.js";
+import {
+  getConversation,
+  getDisplayMetaForConversations,
+} from "../memory/conversation-crud.js";
 import {
   countConversations,
   listConversations,
@@ -271,16 +275,16 @@ export class RuntimeHttpServer {
   }
 
   private get pairingContext(): PairingHandlerContext {
-    const ipcBroadcast = this.pairingBroadcast;
+    const broadcast = this.pairingBroadcast;
     return {
       pairingStore: this.pairingStore,
       bearerToken: this.bearerToken,
       featureFlagToken: this.readFeatureFlagToken(),
-      pairingBroadcast: ipcBroadcast
+      pairingBroadcast: broadcast
         ? (msg) => {
             // Broadcast to all clients via the event hub so HTTP/SSE clients
             // (e.g. macOS app) receive pairing approval requests.
-            ipcBroadcast(msg);
+            broadcast(msg);
             void assistantEventHub.publish(
               buildAssistantEvent(DAEMON_INTERNAL_ASSISTANT_ID, msg),
             );
@@ -795,6 +799,7 @@ export class RuntimeHttpServer {
           const conversations = listConversations(limit, false, offset);
           const totalCount = countConversations();
           const conversationIds = conversations.map((c) => c.id);
+          const displayMeta = getDisplayMetaForConversations(conversationIds);
           const bindings =
             externalConversationStore.getBindingsForConversations(
               conversationIds,
@@ -856,13 +861,22 @@ export class RuntimeHttpServer {
                   ? { conversationOriginChannel: originChannel }
                   : {}),
                 ...(assistantAttention ? { assistantAttention } : {}),
+                ...(displayMeta.get(c.id)?.isPinned
+                  ? {
+                      isPinned: true,
+                      displayOrder: displayMeta.get(c.id)!.displayOrder,
+                    }
+                  : displayMeta.get(c.id)?.displayOrder != null
+                    ? {
+                        displayOrder: displayMeta.get(c.id)!.displayOrder,
+                      }
+                    : {}),
               };
             }),
             hasMore: offset + conversations.length < totalCount,
           });
         },
       },
-
       ...conversationAttentionRouteDefinitions(),
 
       ...(this.sessionManagementDeps
@@ -933,6 +947,89 @@ export class RuntimeHttpServer {
         },
       },
 
+      // conversations/:id must be registered AFTER all literal conversations/<word>
+      // routes above (attention, seen, unread) so the parameterized :id does not
+      // shadow them.
+      {
+        endpoint: "conversations/:id",
+        method: "GET",
+        handler: ({ params }) => {
+          const conversation = getConversation(params.id);
+          if (!conversation) {
+            return httpError(
+              "NOT_FOUND",
+              `Conversation ${params.id} not found`,
+              404,
+            );
+          }
+          const bindings =
+            externalConversationStore.getBindingsForConversations([
+              conversation.id,
+            ]);
+          const attentionStates = getAttentionStateByConversationIds([
+            conversation.id,
+          ]);
+          const binding = bindings.get(conversation.id);
+          const originChannel = parseChannelId(conversation.originChannel);
+          const attn = attentionStates.get(conversation.id);
+          const assistantAttention = attn
+            ? {
+                hasUnseenLatestAssistantMessage:
+                  attn.latestAssistantMessageAt != null &&
+                  (attn.lastSeenAssistantMessageAt == null ||
+                    attn.lastSeenAssistantMessageAt <
+                      attn.latestAssistantMessageAt),
+                ...(attn.latestAssistantMessageAt != null
+                  ? {
+                      latestAssistantMessageAt: attn.latestAssistantMessageAt,
+                    }
+                  : {}),
+                ...(attn.lastSeenAssistantMessageAt != null
+                  ? {
+                      lastSeenAssistantMessageAt:
+                        attn.lastSeenAssistantMessageAt,
+                    }
+                  : {}),
+                ...(attn.lastSeenConfidence != null
+                  ? { lastSeenConfidence: attn.lastSeenConfidence }
+                  : {}),
+                ...(attn.lastSeenSignalType != null
+                  ? { lastSeenSignalType: attn.lastSeenSignalType }
+                  : {}),
+              }
+            : undefined;
+          return Response.json({
+            session: {
+              id: conversation.id,
+              title: conversation.title ?? "Untitled",
+              createdAt: conversation.createdAt,
+              updatedAt: conversation.updatedAt,
+              threadType:
+                conversation.threadType === "private" ? "private" : "standard",
+              source: conversation.source ?? "user",
+              ...(conversation.scheduleJobId
+                ? { scheduleJobId: conversation.scheduleJobId }
+                : {}),
+              ...(binding
+                ? {
+                    channelBinding: {
+                      sourceChannel: binding.sourceChannel,
+                      externalChatId: binding.externalChatId,
+                      externalUserId: binding.externalUserId,
+                      displayName: binding.displayName,
+                      username: binding.username,
+                    },
+                  }
+                : {}),
+              ...(originChannel
+                ? { conversationOriginChannel: originChannel }
+                : {}),
+              ...(assistantAttention ? { assistantAttention } : {}),
+            },
+          });
+        },
+      },
+
       ...btwRouteDefinitions({
         sendMessageDeps: this.sendMessageDeps,
       }),

package/src/runtime/invite-instruction-generator.ts

@@ -23,49 +23,6 @@ const GENERATION_TIMEOUT_MS = 5_000;
 /** Maximum allowed length for a generated instruction. */
 const MAX_INSTRUCTION_LENGTH = 500;
 
-// ---------------------------------------------------------------------------
-// Channel display label
-// ---------------------------------------------------------------------------
-
-/** Human-readable label for a channel type. */
-export function channelDisplayLabel(type: string): string {
-  switch (type) {
-    case "telegram":
-      return "Telegram";
-    case "email":
-      return "Email";
-    case "slack":
-      return "Slack";
-    case "phone":
-      return "Voice";
-    default:
-      return type.charAt(0).toUpperCase() + type.slice(1);
-  }
-}
-
-// ---------------------------------------------------------------------------
-// Deterministic fallback
-// ---------------------------------------------------------------------------
-
-/**
- * Build a deterministic fallback instruction when the LLM is unavailable.
- */
-export function buildFallbackInstruction(params: {
-  contactName?: string;
-  channelLabel: string;
-  channelHandle?: string;
-  shareUrl?: string;
-}): string {
-  const contact = params.contactName || "the contact";
-  const handle = params.channelHandle
-    ? ` at ${params.channelHandle}`
-    : ` on ${params.channelLabel}`;
-  if (params.shareUrl) {
-    return `Send ${contact} this link: ${params.shareUrl} — or tell them to message me${handle} with the code below.`;
-  }
-  return `Tell ${contact} to message me${handle} with the code below.`;
-}
-
 // ---------------------------------------------------------------------------
 // LLM-powered generation
 // ---------------------------------------------------------------------------
@@ -88,15 +45,32 @@ export async function generateInviteInstruction(params: {
    */
   shareUrl?: string;
 }): Promise<string> {
-  const channelLabel = channelDisplayLabel(params.channelType);
-  const fallback = buildFallbackInstruction({
-    contactName: params.contactName,
-    channelLabel,
-    channelHandle: params.channelHandle,
-    shareUrl: params.shareUrl,
-  });
+  const channelLabel = (() => {
+    switch (params.channelType) {
+      case "telegram":
+        return "Telegram";
+      case "email":
+        return "Email";
+      case "slack":
+        return "Slack";
+      case "phone":
+        return "Voice";
+      default:
+        return (
+          params.channelType.charAt(0).toUpperCase() +
+          params.channelType.slice(1)
+        );
+    }
+  })();
+  const contact = params.contactName || "the contact";
+  const handle = params.channelHandle
+    ? ` at ${params.channelHandle}`
+    : ` on ${channelLabel}`;
+  const fallback = params.shareUrl
+    ? `Send ${contact} this link: ${params.shareUrl} — or tell them to message me${handle} with the code below.`
+    : `Tell ${contact} to message me${handle} with the code below.`;
 
-  const resolved = resolveConfiguredProvider();
+  const resolved = await resolveConfiguredProvider();
   if (!resolved) {
     log.debug(
       "No provider available for invite instruction generation, using fallback",

package/src/runtime/invite-service.ts

@@ -34,7 +34,6 @@ import {
 } from "./channel-invite-transport.js";
 import { generateInviteInstruction } from "./invite-instruction-generator.js";
 import {
-  type InviteRedemptionOutcome,
   redeemInvite as redeemInviteTyped,
   redeemVoiceInviteCode as redeemVoiceInviteCodeTyped,
   type VoiceRedemptionOutcome,
@@ -372,25 +371,6 @@ export function redeemIngressInvite(params: {
   return { ok: true, data: inviteToResponse(inv) };
 }
 
-// ---------------------------------------------------------------------------
-// Typed invite redemption — preferred entry point for new callers
-// ---------------------------------------------------------------------------
-
-export { type InviteRedemptionOutcome } from "./invite-redemption-service.js";
-export { type VoiceRedemptionOutcome } from "./invite-redemption-service.js";
-
-export function redeemIngressInviteTyped(params: {
-  rawToken: string;
-  sourceChannel: string;
-  externalUserId?: string;
-  externalChatId?: string;
-  displayName?: string;
-  username?: string;
-  assistantId?: string;
-}): InviteRedemptionOutcome {
-  return redeemInviteTyped(params);
-}
-
 export function redeemVoiceInviteCode(params: {
   assistantId?: string;
   callerExternalUserId: string;

package/src/runtime/routes/attachment-routes.ts

@@ -101,7 +101,7 @@ export async function handleDeleteAttachment(req: Request): Promise<Response> {
   return new Response(null, { status: 204 });
 }
 
-export function handleGetAttachment(attachmentId: string): Response {
+function handleGetAttachment(attachmentId: string): Response {
   const attachment = attachmentsStore.getAttachmentById(attachmentId);
   if (!attachment) {
     return httpError("NOT_FOUND", "Attachment not found", 404);

package/src/runtime/routes/brain-graph-routes.ts

@@ -34,7 +34,7 @@ function getMemoryKindColor(kind: string): string {
   }
 }
 
-export function handleGetBrainGraph(): Response {
+function handleGetBrainGraph(): Response {
   try {
     const db = getDb();
 

package/src/runtime/routes/call-routes.ts

@@ -148,7 +148,7 @@ export async function handleStartCall(
 /**
  * GET /v1/calls/:callSessionId
  */
-export function handleGetCallStatus(callSessionId: string): Response {
+function handleGetCallStatus(callSessionId: string): Response {
   const result = getCallStatus(callSessionId);
 
   if (!result.ok) {