@vellumai/assistant 0.4.56 → 0.5.0

package/src/memory/task-memory-cleanup.ts

@@ -42,9 +42,13 @@ export function isConversationFailed(conversationId: string): boolean {
 export function invalidateAssistantInferredItemsForConversation(
   conversationId: string,
 ): number {
-  // Cancel pending extract_items jobs for this conversation's messages
+  // Cancel pending extraction jobs for this conversation's messages
   // so the worker never processes them. Jobs already running will be
   // caught by the isConversationFailed check in the extraction handler.
+  // NOTE: Only extract_items jobs are cancelled here — not embed_item or
+  // other job types. Multi-sourced items may still be valid (corroborated
+  // by other conversations), and their embedding jobs must not be killed.
+  // The broader cancelPendingJobsForConversation is used by the wipe path.
   cancelPendingExtractionJobsForConversation(conversationId);
 
   const affected = rawRun(
@@ -94,9 +98,95 @@ export function invalidateAssistantInferredItemsForConversation(
 }
 
 /**
- * Cancel pending `extract_items` jobs whose messageId belongs to the given
- * conversation. This drains the queue so the worker never processes them,
- * complementing the runtime check in the extraction handler.
+ * Cancel all pending/running memory jobs referencing the given conversation.
+ * Covers every job type: `extract_items`, `embed_attachment` (keyed by messageId),
+ * `embed_segment` (keyed by segmentId via memory_segments),
+ * `build_conversation_summary` (keyed by conversationId),
+ * and `embed_item` (keyed by itemId sourced from the conversation's messages).
+ */
+export function cancelPendingJobsForConversation(
+  conversationId: string,
+  reason: string = "conversation_wiped",
+): number {
+  const now = Date.now();
+  let total = 0;
+
+  // Jobs keyed by messageId: extract_items, embed_attachment
+  total += rawRun(
+    `UPDATE memory_jobs
+        SET status = 'failed',
+            last_error = ?,
+            updated_at = ?
+      WHERE status IN ('pending', 'running')
+        AND json_extract(payload, '$.messageId') IN (
+          SELECT id FROM messages WHERE conversation_id = ?
+        )`,
+    reason,
+    now,
+    conversationId,
+  );
+
+  // Jobs keyed by conversationId: build_conversation_summary
+  total += rawRun(
+    `UPDATE memory_jobs
+        SET status = 'failed',
+            last_error = ?,
+            updated_at = ?
+      WHERE status IN ('pending', 'running')
+        AND json_extract(payload, '$.conversationId') = ?`,
+    reason,
+    now,
+    conversationId,
+  );
+
+  // Jobs keyed by segmentId: embed_segment (segments belong to the conversation)
+  total += rawRun(
+    `UPDATE memory_jobs
+        SET status = 'failed',
+            last_error = ?,
+            updated_at = ?
+      WHERE status IN ('pending', 'running')
+        AND json_extract(payload, '$.segmentId') IN (
+          SELECT id FROM memory_segments WHERE conversation_id = ?
+        )`,
+    reason,
+    now,
+    conversationId,
+  );
+
+  // Jobs keyed by itemId: embed_item (items sourced from this conversation)
+  total += rawRun(
+    `UPDATE memory_jobs
+        SET status = 'failed',
+            last_error = ?,
+            updated_at = ?
+      WHERE status IN ('pending', 'running')
+        AND json_extract(payload, '$.itemId') IN (
+          SELECT mis.memory_item_id
+            FROM memory_item_sources mis
+            JOIN messages m ON m.id = mis.message_id
+           WHERE m.conversation_id = ?
+        )`,
+    reason,
+    now,
+    conversationId,
+  );
+
+  if (total > 0) {
+    log.info(
+      { conversationId, cancelled: total },
+      "Cancelled pending memory jobs for conversation",
+    );
+  }
+
+  return total;
+}
+
+/**
+ * Cancel only pending/running `extract_items` jobs for messages in the
+ * given conversation. Used by the task-failure path where we want to
+ * stop new extractions but must NOT cancel `embed_item` jobs — those
+ * items may be multi-sourced and still valid.
  */
 function cancelPendingExtractionJobsForConversation(
   conversationId: string,
@@ -107,8 +197,8 @@ function cancelPendingExtractionJobsForConversation(
         SET status = 'failed',
             last_error = 'conversation_failed',
             updated_at = ?
-      WHERE type IN ('extract_items')
-        AND status IN ('pending', 'running')
+      WHERE status IN ('pending', 'running')
+        AND type = 'extract_items'
         AND json_extract(payload, '$.messageId') IN (
           SELECT id FROM messages WHERE conversation_id = ?
         )`,

package/src/memory/trace-event-store.ts

@@ -0,0 +1,148 @@
+import { and, asc, eq, gt, lt, sql } from "drizzle-orm";
+
+import type {
+  TraceEvent,
+  TraceEventKind,
+} from "../daemon/message-types/messages.js";
+import { getDb, rawChanges } from "./db.js";
+import { traceEvents } from "./schema.js";
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export interface TraceEventRow {
+  eventId: string;
+  conversationId: string;
+  requestId?: string;
+  timestampMs: number;
+  sequence: number;
+  kind: TraceEventKind;
+  status?: "info" | "success" | "warning" | "error";
+  summary: string;
+  attributes?: Record<string, string | number | boolean | null>;
+}
+
+// ---------------------------------------------------------------------------
+// Write
+// ---------------------------------------------------------------------------
+
+/** Insert a single trace event row. Duplicate eventIds are silently ignored. */
+export function persistTraceEvent(event: TraceEvent): void {
+  const db = getDb();
+  db.insert(traceEvents)
+    .values({
+      eventId: event.eventId,
+      conversationId: event.conversationId,
+      requestId: event.requestId ?? null,
+      timestampMs: event.timestampMs,
+      sequence: event.sequence,
+      kind: event.kind,
+      status: event.status ?? null,
+      summary: event.summary,
+      attributesJson: event.attributes
+        ? JSON.stringify(event.attributes)
+        : null,
+      createdAt: Date.now(),
+    })
+    .onConflictDoNothing()
+    .run();
+}
+
+// ---------------------------------------------------------------------------
+// Read
+// ---------------------------------------------------------------------------
+
+/** Parse a raw DB row into a TraceEventRow with deserialized attributes. */
+function rowToTraceEventRow(row: {
+  eventId: string;
+  conversationId: string;
+  requestId: string | null;
+  timestampMs: number;
+  sequence: number;
+  kind: string;
+  status: string | null;
+  summary: string;
+  attributesJson: string | null;
+}): TraceEventRow {
+  return {
+    eventId: row.eventId,
+    conversationId: row.conversationId,
+    requestId: row.requestId ?? undefined,
+    timestampMs: row.timestampMs,
+    sequence: row.sequence,
+    kind: row.kind as TraceEventKind,
+    status: (row.status as TraceEventRow["status"]) ?? undefined,
+    summary: row.summary,
+    attributes: row.attributesJson
+      ? (JSON.parse(row.attributesJson) as Record<
+          string,
+          string | number | boolean | null
+        >)
+      : undefined,
+  };
+}
+
+/**
+ * Query trace events for a conversation, ordered by sequence ASC, timestamp_ms ASC.
+ * Default limit of 5000 (matching the client's retention cap).
+ * Supports `afterSequence` for incremental fetching.
+ */
+export function getTraceEvents(
+  conversationId: string,
+  opts?: { limit?: number; afterSequence?: number },
+): TraceEventRow[] {
+  const db = getDb();
+  const limit = opts?.limit ?? 5000;
+
+  const where =
+    opts?.afterSequence != null
+      ? and(
+          eq(traceEvents.conversationId, conversationId),
+          gt(traceEvents.sequence, opts.afterSequence),
+        )
+      : eq(traceEvents.conversationId, conversationId);
+
+  const rows = db
+    .select()
+    .from(traceEvents)
+    .where(where)
+    .orderBy(asc(traceEvents.sequence), asc(traceEvents.timestampMs))
+    .limit(limit)
+    .all();
+
+  return rows.map(rowToTraceEventRow);
+}
+
+// ---------------------------------------------------------------------------
+// Cleanup
+// ---------------------------------------------------------------------------
+
+/**
+ * Delete trace events older than `maxAgeDays` based on `created_at`.
+ * Returns the count of deleted rows.
+ */
+export function deleteOldTraceEvents(maxAgeDays: number): number {
+  const db = getDb();
+  const cutoff = Date.now() - maxAgeDays * 24 * 60 * 60 * 1000;
+  db.delete(traceEvents).where(lt(traceEvents.createdAt, cutoff)).run();
+  return rawChanges();
+}
+
+// ---------------------------------------------------------------------------
+// Sequence
+// ---------------------------------------------------------------------------
+
+/**
+ * Return the highest sequence number persisted for a conversation,
+ * or -1 if no events exist yet.
+ */
+export function getMaxSequence(conversationId: string): number {
+  const db = getDb();
+  const row = db
+    .select({ maxSeq: sql<number>`MAX(${traceEvents.sequence})` })
+    .from(traceEvents)
+    .where(eq(traceEvents.conversationId, conversationId))
+    .get();
+  return row?.maxSeq ?? -1;
+}

package/src/notifications/README.md

@@ -441,7 +441,7 @@ import { emitNotificationSignal } from "../notifications/emit-signal.js";
 await emitNotificationSignal({
   sourceEventName: "your_event_name",
   sourceChannel: "scheduler", // where the event originated
-  sourceSessionId: conversationId,
+  sourceContextId: conversationId,
   attentionHints: {
     requiresAction: true,
     urgency: "high",

package/src/notifications/decision-engine.ts

@@ -319,7 +319,7 @@ function buildFallbackDecision(
       selectedChannels: [],
       reasoningSummary: "Fallback: suppressed (vellum channel not available)",
       renderedCopy: {},
-      dedupeKey: `fallback:${signal.sourceEventName}:${signal.sourceSessionId}:${signal.createdAt}`,
+      dedupeKey: `fallback:${signal.sourceEventName}:${signal.sourceContextId}:${signal.createdAt}`,
       confidence: 0.3,
       fallbackUsed: true,
     };
@@ -334,7 +334,7 @@ function buildFallbackDecision(
       ? "Fallback: high urgency + requires action — all channels"
       : "Fallback: vellum-only (local, always delivered)",
     renderedCopy: copy,
-    dedupeKey: `fallback:${signal.sourceEventName}:${signal.sourceSessionId}:${signal.createdAt}`,
+    dedupeKey: `fallback:${signal.sourceEventName}:${signal.sourceContextId}:${signal.createdAt}`,
     confidence: 0.3,
     fallbackUsed: true,
   };
@@ -852,17 +852,58 @@ async function classifyWithLLM(
  *
  * - `all_channels`: force selected channels to all connected channels.
  * - `multi_channel`: ensure at least 2 channels when 2+ are connected.
- * - `single_channel`: no override (default behavior).
+ * - `single_channel`: cap to a single channel. When explicitly set, reduces
+ *   selected channels to one — preferring the source channel if present.
  */
 export function enforceRoutingIntent(
   decision: NotificationDecision,
   routingIntent: RoutingIntent | undefined,
   connectedChannels: NotificationChannel[],
+  sourceChannel?: string,
 ): NotificationDecision {
-  if (!routingIntent || routingIntent === "single_channel") {
+  if (!routingIntent) {
     return decision;
   }
 
+  if (routingIntent === "single_channel") {
+    if (!decision.shouldNotify) {
+      return decision;
+    }
+
+    // Force delivery to the source channel only. If the source channel
+    // is among the connected channels, use it regardless of what the LLM
+    // picked (even if the LLM picked exactly one wrong channel).
+    // Otherwise fall back to capping at the first selected channel.
+    const sourceIsConnected =
+      sourceChannel &&
+      connectedChannels.includes(sourceChannel as NotificationChannel);
+    const preferred = sourceIsConnected
+      ? (sourceChannel as NotificationChannel)
+      : decision.selectedChannels[0];
+
+    // No change needed if the decision already matches.
+    if (
+      decision.selectedChannels.length === 1 &&
+      decision.selectedChannels[0] === preferred
+    ) {
+      return decision;
+    }
+
+    const enforced = { ...decision };
+    enforced.selectedChannels = [preferred];
+    enforced.reasoningSummary = `${decision.reasoningSummary} [routing_intent=single_channel enforced: capped to ${preferred}]`;
+    log.info(
+      {
+        routingIntent,
+        sourceChannel,
+        originalChannels: decision.selectedChannels,
+        enforcedChannel: preferred,
+      },
+      "Routing intent enforcement: single_channel → capped to one channel",
+    );
+    return enforced;
+  }
+
   if (!decision.shouldNotify) {
     return decision;
   }

package/src/notifications/emit-signal.ts

@@ -148,8 +148,8 @@ export interface EmitSignalParams<TEventName extends string = string> {
   sourceEventName: TEventName;
   /** Source channel that produced the event — must be a registered channel. */
   sourceChannel: NotificationSourceChannel;
-  /** Conversation or conversation ID from the source context. */
-  sourceSessionId: string;
+  /** Opaque identifier for the source context (conversation ID, schedule ID, call session ID, etc.). */
+  sourceContextId: string;
   /** Attention hints for the decision engine. */
   attentionHints: AttentionHints;
   /** Arbitrary context payload passed to the decision engine. */
@@ -202,7 +202,7 @@ export async function emitNotificationSignal<TEventName extends string>(
     signalId,
     createdAt: Date.now(),
     sourceChannel: params.sourceChannel,
-    sourceSessionId: params.sourceSessionId,
+    sourceContextId: params.sourceContextId,
     sourceEventName: params.sourceEventName,
     contextPayload: (params.contextPayload ??
       {}) as NotificationContextPayload<TEventName>,
@@ -218,7 +218,7 @@ export async function emitNotificationSignal<TEventName extends string>(
       id: signalId,
       sourceEventName: params.sourceEventName,
       sourceChannel: params.sourceChannel,
-      sourceSessionId: params.sourceSessionId,
+      sourceContextId: params.sourceContextId,
       attentionHints: params.attentionHints,
       payload: params.contextPayload ?? {},
       dedupeKey: params.dedupeKey,
@@ -256,6 +256,7 @@ export async function emitNotificationSignal<TEventName extends string>(
       decision,
       signal.routingIntent,
       connectedChannels,
+      signal.sourceChannel,
     );
 
     // Re-persist the decision if routing intent enforcement changed it,

package/src/notifications/events-store.ts

@@ -16,7 +16,7 @@ export interface NotificationEventRow {
   id: string;
   sourceEventName: string;
   sourceChannel: string;
-  sourceSessionId: string;
+  sourceContextId: string;
   attentionHintsJson: string;
   payloadJson: string;
   dedupeKey: string | null;
@@ -31,7 +31,7 @@ function rowToEvent(
     id: row.id,
     sourceEventName: row.sourceEventName,
     sourceChannel: row.sourceChannel,
-    sourceSessionId: row.sourceSessionId,
+    sourceContextId: row.sourceContextId,
     attentionHintsJson: row.attentionHintsJson,
     payloadJson: row.payloadJson,
     dedupeKey: row.dedupeKey,
@@ -44,7 +44,7 @@ export interface CreateEventParams {
   id: string;
   sourceEventName: string;
   sourceChannel: string;
-  sourceSessionId: string;
+  sourceContextId: string;
   attentionHints: AttentionHints;
   payload: Record<string, unknown>;
   dedupeKey?: string;
@@ -76,7 +76,7 @@ export function createEvent(
     id: params.id,
     sourceEventName: params.sourceEventName,
     sourceChannel: params.sourceChannel,
-    sourceSessionId: params.sourceSessionId,
+    sourceContextId: params.sourceContextId,
     attentionHintsJson: JSON.stringify(params.attentionHints),
     payloadJson: JSON.stringify(params.payload),
     dedupeKey: normalizedDedupeKey,

package/src/notifications/signal.ts

@@ -131,7 +131,7 @@ export interface NotificationSignal<TEventName extends string = string> {
   signalId: string;
   createdAt: number; // epoch ms
   sourceChannel: NotificationSourceChannel; // see NOTIFICATION_SOURCE_CHANNELS registry
-  sourceSessionId: string;
+  sourceContextId: string;
   sourceEventName: TEventName; // free-form: 'reminder_fired', 'schedule_complete', 'guardian_question', etc.
   contextPayload: NotificationContextPayload<TEventName>;
   attentionHints: AttentionHints;

package/src/oauth/manual-token-connection.ts

@@ -65,6 +65,53 @@ export function removeManualTokenConnection(providerKey: string): void {
   deleteConnection(conn.id);
 }
 
+/**
+ * Reconcile the synthetic oauth_connection row for a manual-token provider
+ * with whatever credentials are currently present in secure storage.
+ *
+ * This lets generic credential entry paths (chat setup, CLI, secure prompt)
+ * keep connection status in sync without duplicating per-provider rules.
+ */
+export async function syncManualTokenConnection(
+  providerKey: string,
+  accountInfo?: string,
+): Promise<void> {
+  switch (providerKey) {
+    case "telegram": {
+      const hasBotToken = !!(await getSecureKeyAsync(
+        credentialKey("telegram", "bot_token"),
+      ));
+      const hasWebhookSecret = !!(await getSecureKeyAsync(
+        credentialKey("telegram", "webhook_secret"),
+      ));
+      if (hasBotToken && hasWebhookSecret) {
+        await ensureManualTokenConnection(providerKey, accountInfo);
+      } else {
+        removeManualTokenConnection(providerKey);
+      }
+      return;
+    }
+
+    case "slack_channel": {
+      const hasBotToken = !!(await getSecureKeyAsync(
+        credentialKey("slack_channel", "bot_token"),
+      ));
+      const hasAppToken = !!(await getSecureKeyAsync(
+        credentialKey("slack_channel", "app_token"),
+      ));
+      if (hasBotToken && hasAppToken) {
+        await ensureManualTokenConnection(providerKey, accountInfo);
+      } else {
+        removeManualTokenConnection(providerKey);
+      }
+      return;
+    }
+
+    default:
+      return;
+  }
+}
+
 /**
  * Backfill oauth_connection rows for manual-token providers that already
  * have valid keychain credentials but are missing connection records.
@@ -78,29 +125,6 @@ export function removeManualTokenConnection(providerKey: string): void {
  * connection row.
  */
 export async function backfillManualTokenConnections(): Promise<void> {
-  // Telegram: requires both bot_token and webhook_secret
-  if (!getConnectionByProvider("telegram")) {
-    const hasBotToken = !!(await getSecureKeyAsync(
-      credentialKey("telegram", "bot_token"),
-    ));
-    const hasWebhookSecret = !!(await getSecureKeyAsync(
-      credentialKey("telegram", "webhook_secret"),
-    ));
-    if (hasBotToken && hasWebhookSecret) {
-      await ensureManualTokenConnection("telegram");
-    }
-  }
-
-  // Slack channel: requires both bot_token and app_token
-  if (!getConnectionByProvider("slack_channel")) {
-    const hasBotToken = !!(await getSecureKeyAsync(
-      credentialKey("slack_channel", "bot_token"),
-    ));
-    const hasAppToken = !!(await getSecureKeyAsync(
-      credentialKey("slack_channel", "app_token"),
-    ));
-    if (hasBotToken && hasAppToken) {
-      await ensureManualTokenConnection("slack_channel");
-    }
-  }
+  await syncManualTokenConnection("telegram");
+  await syncManualTokenConnection("slack_channel");
 }

package/src/permissions/checker.ts

@@ -48,10 +48,10 @@ function riskCacheKey(
   workingDir?: string,
   manifestOverride?: ManifestOverride,
 ): string {
-  // Strip `reason` before computing the cache key — it is cosmetic and varies
-  // per invocation even for identical tool operations, causing unnecessary
-  // cache misses.
-  const { reason: _reason, ...cacheableInput } = input;
+  // Strip `reason` and `activity` before computing the cache key — they are
+  // cosmetic status text that varies per invocation even for identical tool
+  // operations, causing unnecessary cache misses.
+  const { reason: _reason, activity: _activity, ...cacheableInput } = input;
   const inputJson = JSON.stringify(cacheableInput);
   const hash = createHash("sha256")
     .update(inputJson)
@@ -143,6 +143,7 @@ const LOW_RISK_PROGRAMS = new Set([
   "tree",
   "du",
   "df",
+  "assistant",
 ]);
 
 // High-risk shell programs / patterns
@@ -544,7 +545,7 @@ async function classifyRiskUncached(
     ) {
       return RiskLevel.High;
     }
-    return RiskLevel.Medium;
+    return RiskLevel.Low;
   }
   if (toolName === "web_search") return RiskLevel.Low;
   if (toolName === "web_fetch") {

package/src/permissions/defaults.ts

@@ -259,10 +259,10 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
     }),
   );
 
-  // ui_update and ui_dismiss are purely passive operations (modify/remove existing
-  // surfaces). ui_show is excluded because it can create forms that collect user
-  // input — it goes through normal permission checking instead.
-  const UI_SURFACE_TOOLS = ["ui_update", "ui_dismiss"] as const;
+  // All three UI surface tools are passive, user-visible operations. ui_show
+  // creates surfaces (cards, forms, tables) but user input is voluntary and
+  // user-controlled — safe to auto-approve like ui_update and ui_dismiss.
+  const UI_SURFACE_TOOLS = ["ui_show", "ui_update", "ui_dismiss"] as const;
   const uiSurfaceRules: DefaultRuleTemplate[] = UI_SURFACE_TOOLS.map(
     (tool) => ({
       id: `default:allow-${tool}-global`,