@vellumai/assistant 0.4.56 → 0.5.0

package/src/skills/skill-memory.ts

@@ -0,0 +1,222 @@
+import { and, eq } from "drizzle-orm";
+import { v4 as uuid } from "uuid";
+
+import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
+import { getConfig } from "../config/loader.js";
+import { getDb } from "../memory/db.js";
+import { computeMemoryFingerprint } from "../memory/fingerprint.js";
+import { enqueueMemoryJob } from "../memory/jobs-store.js";
+import { memoryItems } from "../memory/schema.js";
+import { getLogger } from "../util/logger.js";
+import { type CatalogSkill, resolveCatalog } from "./catalog-install.js";
+
+const log = getLogger("skill-memory");
+
+/**
+ * Build a semantically rich capability statement from a catalog skill entry.
+ * Truncated to 500 chars max (matching the limit used by memory item extraction).
+ */
+export function buildCapabilityStatement(entry: CatalogSkill): string {
+  const displayName = entry.metadata?.vellum?.["display-name"] ?? entry.name;
+  const activationHints = entry.metadata?.vellum?.["activation-hints"];
+
+  let statement = `The "${displayName}" skill (${entry.id}) is available. ${entry.description}.`;
+  if (activationHints && activationHints.length > 0) {
+    statement += ` Use when: ${activationHints.join("; ")}.`;
+  }
+
+  // Truncate to 500 chars max
+  if (statement.length > 500) {
+    statement = statement.slice(0, 500);
+  }
+
+  return statement;
+}
+
+/**
+ * Upsert a capability memory item for a catalog skill.
+ * Best-effort: errors are logged but never thrown.
+ */
+export function upsertSkillCapabilityMemory(
+  skillId: string,
+  entry: CatalogSkill,
+): void {
+  try {
+    const db = getDb();
+    const subject = `skill:${skillId}`;
+    const statement = buildCapabilityStatement(entry);
+    const kind = "capability";
+    const scopeId = "default";
+    const confidence = 1.0;
+    const importance = 0.7;
+    const fingerprint = computeMemoryFingerprint(
+      scopeId,
+      kind,
+      subject,
+      statement,
+    );
+    const now = Date.now();
+
+    const existing = db
+      .select()
+      .from(memoryItems)
+      .where(
+        and(
+          eq(memoryItems.kind, kind),
+          eq(memoryItems.subject, subject),
+          eq(memoryItems.scopeId, scopeId),
+        ),
+      )
+      .get();
+
+    if (existing) {
+      if (
+        existing.status === "active" &&
+        existing.fingerprint === fingerprint
+      ) {
+        // Same content — just touch lastSeenAt
+        db.update(memoryItems)
+          .set({ lastSeenAt: now })
+          .where(eq(memoryItems.id, existing.id))
+          .run();
+        return;
+      }
+
+      if (existing.status === "active") {
+        // Content changed — update statement and fingerprint
+        db.update(memoryItems)
+          .set({
+            statement,
+            fingerprint,
+            lastSeenAt: now,
+          })
+          .where(eq(memoryItems.id, existing.id))
+          .run();
+        enqueueMemoryJob("embed_item", { itemId: existing.id });
+        return;
+      }
+
+      // status === "deleted" or other — reactivate
+      db.update(memoryItems)
+        .set({
+          status: "active",
+          statement,
+          fingerprint,
+          lastSeenAt: now,
+          firstSeenAt: now,
+        })
+        .where(eq(memoryItems.id, existing.id))
+        .run();
+      enqueueMemoryJob("embed_item", { itemId: existing.id });
+      return;
+    }
+
+    // No existing — insert new row
+    const id = uuid();
+    db.insert(memoryItems)
+      .values({
+        id,
+        kind,
+        subject,
+        statement,
+        status: "active",
+        confidence,
+        importance,
+        fingerprint,
+        scopeId,
+        firstSeenAt: now,
+        lastSeenAt: now,
+      })
+      .run();
+    enqueueMemoryJob("embed_item", { itemId: id });
+  } catch (err) {
+    log.warn({ err, skillId }, "Failed to upsert skill capability memory");
+  }
+}
+
+/**
+ * Soft-delete the capability memory item for a skill.
+ * Best-effort: errors are logged but never thrown.
+ */
+export function deleteSkillCapabilityMemory(skillId: string): void {
+  try {
+    const db = getDb();
+    const subject = `skill:${skillId}`;
+    const now = Date.now();
+
+    const existing = db
+      .select()
+      .from(memoryItems)
+      .where(
+        and(
+          eq(memoryItems.kind, "capability"),
+          eq(memoryItems.subject, subject),
+          eq(memoryItems.scopeId, "default"),
+        ),
+      )
+      .get();
+
+    if (existing && existing.status !== "deleted") {
+      db.update(memoryItems)
+        .set({ status: "deleted", lastSeenAt: now })
+        .where(eq(memoryItems.id, existing.id))
+        .run();
+    }
+  } catch (err) {
+    log.warn({ err, skillId }, "Failed to delete skill capability memory");
+  }
+}
+
+/**
+ * Seed capability memory items for all catalog skills.
+ * Prunes stale entries whose skills are no longer in the catalog.
+ * Best-effort: errors are logged but never thrown.
+ */
+export async function seedCatalogSkillMemories(): Promise<void> {
+  try {
+    const catalog = await resolveCatalog();
+    const config = getConfig();
+    const catalogIds = new Set<string>();
+
+    for (const entry of catalog) {
+      // Skip skills whose feature flag is disabled
+      const flagId = entry.metadata?.vellum?.["feature-flag"];
+      if (flagId) {
+        const flagKey = `feature_flags.${flagId}.enabled`;
+        if (!isAssistantFeatureFlagEnabled(flagKey, config)) {
+          continue;
+        }
+      }
+
+      catalogIds.add(entry.id);
+      upsertSkillCapabilityMemory(entry.id, entry);
+    }
+
+    // Prune stale capability memories for skills no longer in catalog
+    const db = getDb();
+    const allCapabilities = db
+      .select()
+      .from(memoryItems)
+      .where(
+        and(
+          eq(memoryItems.kind, "capability"),
+          eq(memoryItems.scopeId, "default"),
+          eq(memoryItems.status, "active"),
+        ),
+      )
+      .all();
+
+    const now = Date.now();
+    for (const item of allCapabilities) {
+      const itemSkillId = item.subject.replace("skill:", "");
+      if (!catalogIds.has(itemSkillId)) {
+        db.update(memoryItems)
+          .set({ status: "deleted", lastSeenAt: now })
+          .where(eq(memoryItems.id, item.id))
+          .run();
+      }
+    }
+  } catch (err) {
+    log.warn({ err }, "Failed to seed catalog skill memories");
+  }
+}

package/src/subagent/manager.ts

@@ -134,10 +134,7 @@ export class SubagentManager {
       appConfig.providerOrder,
     );
     const { rateLimit } = appConfig;
-    if (
-      rateLimit.maxRequestsPerMinute > 0 ||
-      rateLimit.maxTokensPerSession > 0
-    ) {
+    if (rateLimit.maxRequestsPerMinute > 0) {
       provider = new RateLimitProvider(
         provider,
         rateLimit,

package/src/telemetry/types.ts

@@ -22,5 +22,14 @@ export interface TurnTelemetryEvent extends TelemetryEventBase {
   type: "turn";
 }
 
+/** Lifecycle event — app_open, hatch, etc. */
+export interface LifecycleTelemetryEvent extends TelemetryEventBase {
+  type: "lifecycle";
+  event_name: string;
+}
+
 /** Discriminated union of all telemetry event types. */
-export type TelemetryEvent = LlmUsageTelemetryEvent | TurnTelemetryEvent;
+export type TelemetryEvent =
+  | LlmUsageTelemetryEvent
+  | TurnTelemetryEvent
+  | LifecycleTelemetryEvent;

package/src/telemetry/usage-telemetry-reporter.test.ts

@@ -89,6 +89,10 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
+mock.module("../version.js", () => ({
+  APP_VERSION: "1.2.3-test",
+}));
+
 // ---------------------------------------------------------------------------
 // Production import (after mocks)
 // ---------------------------------------------------------------------------
@@ -193,7 +197,7 @@ describe("UsageTelemetryReporter", () => {
 
     expect(mockFetch).toHaveBeenCalledTimes(1);
     const [url, opts] = mockFetch.mock.calls[0] as [string, RequestInit];
-    expect(url).toBe("https://test.vellum.ai/v1/assistants/telemetry/ingest/");
+    expect(url).toBe("https://test.vellum.ai/v1/telemetry/ingest/");
     expect((opts.headers as Record<string, string>)["Authorization"]).toBe(
       "Api-Key test-key",
     );
@@ -370,8 +374,9 @@ describe("UsageTelemetryReporter", () => {
       (mockFetch.mock.calls[0] as [string, RequestInit])[1].body as string,
     );
 
-    // Top-level: installation_id and events array (no turn_events key)
+    // Top-level: installation_id, app_version, and events array (no turn_events key)
     expect(body.installation_id).toBe("test-device-id");
+    expect(body.app_version).toBe("1.2.3-test");
     expect(Array.isArray(body.events)).toBe(true);
     expect(body.events.length).toBe(1);
     expect(body.turn_events).toBeUndefined();

package/src/telemetry/usage-telemetry-reporter.ts

@@ -19,12 +19,14 @@ import {
   getMemoryCheckpoint,
   setMemoryCheckpoint,
 } from "../memory/checkpoints.js";
+import { queryUnreportedLifecycleEvents } from "../memory/lifecycle-events-store.js";
 import { queryUnreportedUsageEvents } from "../memory/llm-usage-store.js";
 import { queryUnreportedTurnEvents } from "../memory/turn-events-store.js";
 import { resolveManagedProxyContext } from "../providers/managed-proxy/context.js";
 import { getExternalAssistantId } from "../runtime/auth/external-assistant-id.js";
 import { getDeviceId } from "../util/device-id.js";
 import { getLogger } from "../util/logger.js";
+import { APP_VERSION } from "../version.js";
 import type { TelemetryEvent } from "./types.js";
 
 const log = getLogger("usage-telemetry");
@@ -37,10 +39,14 @@ const CHECKPOINT_KEY_WATERMARK = "telemetry:usage:last_reported_at";
 const CHECKPOINT_KEY_WATERMARK_ID = "telemetry:usage:last_reported_id";
 const CHECKPOINT_KEY_TURN_WATERMARK = "telemetry:turns:last_reported_at";
 const CHECKPOINT_KEY_TURN_WATERMARK_ID = "telemetry:turns:last_reported_id";
+const CHECKPOINT_KEY_LIFECYCLE_WATERMARK =
+  "telemetry:lifecycle:last_reported_at";
+const CHECKPOINT_KEY_LIFECYCLE_WATERMARK_ID =
+  "telemetry:lifecycle:last_reported_id";
 const REPORT_INTERVAL_MS = 5 * 60 * 1000;
 const BATCH_SIZE = 500;
 const MAX_CONSECUTIVE_BATCHES = 10;
-const TELEMETRY_PATH = "/v1/assistants/telemetry/ingest/";
+const TELEMETRY_PATH = "/v1/telemetry/ingest/";
 
 // ---------------------------------------------------------------------------
 // Reporter
@@ -100,6 +106,13 @@ export class UsageTelemetryReporter {
       const turnWatermarkId =
         getMemoryCheckpoint(CHECKPOINT_KEY_TURN_WATERMARK_ID) ?? undefined;
 
+      // Read lifecycle watermark (compound cursor: createdAt + id)
+      const lifecycleWatermark = Number(
+        getMemoryCheckpoint(CHECKPOINT_KEY_LIFECYCLE_WATERMARK) ?? "0",
+      );
+      const lifecycleWatermarkId =
+        getMemoryCheckpoint(CHECKPOINT_KEY_LIFECYCLE_WATERMARK_ID) ?? undefined;
+
       // Query unreported events
       const events = queryUnreportedUsageEvents(
         watermark,
@@ -111,8 +124,18 @@ export class UsageTelemetryReporter {
         turnWatermarkId,
         BATCH_SIZE,
       );
+      const lifecycleEvents = queryUnreportedLifecycleEvents(
+        lifecycleWatermark,
+        lifecycleWatermarkId,
+        BATCH_SIZE,
+      );
 
-      if (events.length === 0 && turnEvents.length === 0) return;
+      if (
+        events.length === 0 &&
+        turnEvents.length === 0 &&
+        lifecycleEvents.length === 0
+      )
+        return;
 
       // Resolve auth context — skip flush when neither auth mode is viable
       const proxyCtx = await resolveManagedProxyContext();
@@ -154,6 +177,14 @@ export class UsageTelemetryReporter {
             recorded_at: e.createdAt,
           }),
         ),
+        ...lifecycleEvents.map(
+          (e): TelemetryEvent => ({
+            type: "lifecycle",
+            daemon_event_id: e.id,
+            event_name: e.eventName,
+            recorded_at: e.createdAt,
+          }),
+        ),
       ];
 
       const assistantId = getExternalAssistantId() ?? "self";
@@ -162,6 +193,7 @@ export class UsageTelemetryReporter {
       const payload = {
         installation_id: getDeviceId(),
         assistant_id: assistantId,
+        app_version: APP_VERSION,
         ...(organizationId ? { organization_id: organizationId } : {}),
         ...(userId ? { user_id: userId } : {}),
         events: typedEvents,
@@ -207,8 +239,25 @@ export class UsageTelemetryReporter {
         setMemoryCheckpoint(CHECKPOINT_KEY_TURN_WATERMARK_ID, lastTurn.id);
       }
 
-      // If we got a full batch of either type, there may be more — recurse
-      if (events.length === BATCH_SIZE || turnEvents.length === BATCH_SIZE) {
+      // Advance lifecycle watermark (compound cursor)
+      if (lifecycleEvents.length > 0) {
+        const lastLifecycle = lifecycleEvents[lifecycleEvents.length - 1];
+        setMemoryCheckpoint(
+          CHECKPOINT_KEY_LIFECYCLE_WATERMARK,
+          String(lastLifecycle.createdAt),
+        );
+        setMemoryCheckpoint(
+          CHECKPOINT_KEY_LIFECYCLE_WATERMARK_ID,
+          lastLifecycle.id,
+        );
+      }
+
+      // If we got a full batch of any type, there may be more — recurse
+      if (
+        events.length === BATCH_SIZE ||
+        turnEvents.length === BATCH_SIZE ||
+        lifecycleEvents.length === BATCH_SIZE
+      ) {
         await this._doFlush(batchCount + 1);
       }
     } catch (err) {

package/src/tools/AGENTS.md

@@ -1,4 +1,4 @@
-# Tools — Agent Instructions
+# Tools - Agent Instructions
 
 ## No New Tools Policy
 
@@ -8,11 +8,11 @@ The tool registration system (`class ... implements Tool` + `registerTool()`) is
 
 ## Why This Policy Exists
 
-1. **Skills are preferred** — The project direction is to teach the assistant CLI tools via skills rather than hardcoding tool implementations. Skills are progressively disclosed into context, are more portable, and are often self-contained.
+1. **Skills are preferred** - The project direction is to teach the assistant CLI tools via skills rather than hardcoding tool implementations. Skills are progressively disclosed into context, are more portable, and are often self-contained.
 
-2. **Context overhead** — Each registered tool adds to the system prompt and increases token usage for every conversation.
+2. **Context overhead** - Each registered tool adds to the system prompt and increases token usage for every conversation.
 
-3. **Maintenance burden** — Tools require ongoing maintenance, testing, and security review. Skills can be iterated on independently.
+3. **Maintenance burden** - Tools require ongoing maintenance, testing, and security review. Skills can be iterated on independently.
 
 ## What To Do Instead
 
@@ -20,9 +20,9 @@ Instead of creating a new tool, consider:
 
 1. **Create a skill**
 
-2. **Use existing tools** — Many capabilities can be achieved by combining existing tools (bash, file operations, network tools) with skill instructions.
+2. **Use existing tools** - Many capabilities can be achieved by combining existing tools (bash, file operations, network tools) with skill instructions.
 
-3. **External CLI tools** — If you need new functionality, consider whether it can be exposed as a CLI tool that the assistant can invoke via bash.
+3. **External CLI tools** - If you need new functionality, consider whether it can be exposed as a CLI tool that the assistant can invoke via bash.
 
 ## Approved Exception: Credential Execution Service (CES) Tools
 
@@ -36,16 +36,16 @@ The following three CES tools are the only approved exception to the no-new-tool
 
 These tools exist as `class ... implements Tool` registrations because:
 
-- They enforce hard process-boundary isolation — credential values are materialized only inside the CES process (`credential-executor/` package), never in the assistant process
+- They enforce hard process-boundary isolation - credential values are materialized only inside the CES process (`credential-executor/` package), never in the assistant process
 - Skills run inside the assistant process and cannot provide this isolation guarantee
 - The tools are thin RPC stubs; actual credential materialization and execution logic lives in the separate `credential-executor/` package
 
 **Key constraints**:
 
-- CES is a **separate package and image** — no direct source imports from `assistant/` to `credential-executor/` or vice versa
-- **Grants and audit logs are CES-owned** durable state — the assistant never reads or writes CES grant or audit tables directly
-- `host_bash` is **outside the strong CES secrecy guarantee** — it does not enforce credential isolation
-- Secure generic authenticated HTTP **must not** run through `run_authenticated_command` — use `make_authenticated_request` instead, which enforces domain validation and produces structured audit logs
+- CES is a **separate package and image** - no direct source imports from `assistant/` to `credential-executor/` or vice versa
+- **Grants and audit logs are CES-owned** durable state - the assistant never reads or writes CES grant or audit tables directly
+- `host_bash` is **outside the strong CES secrecy guarantee** - it does not enforce credential isolation
+- Secure generic authenticated HTTP **must not** run through `run_authenticated_command` - use `make_authenticated_request` instead, which enforces domain validation and produces structured audit logs
 - Managed rollout requires a **third runtime image** (alongside assistant and gateway) and `vembda` pod-template changes
 
 See [`assistant/docs/credential-execution-service.md`](../../docs/credential-execution-service.md) for the full ADR.

package/src/tools/acp/spawn.ts

@@ -32,7 +32,7 @@ export async function executeAcpSpawn(
     | undefined;
   if (!sendToClient) {
     return {
-      content: "No client connected — cannot spawn ACP agent.",
+      content: "No client connected - cannot spawn ACP agent.",
       isError: true,
     };
   }

package/src/tools/apps/executors.ts

@@ -28,7 +28,7 @@ export interface ExecutorResult {
 }
 
 // ---------------------------------------------------------------------------
-// Dependency interfaces — callers inject these rather than importing the
+// Dependency interfaces - callers inject these rather than importing the
 // app-store module directly, which makes the executors testable with mocks.
 // ---------------------------------------------------------------------------
 
@@ -82,7 +82,7 @@ export type ProxyResolver = (
 ) => Promise<ExecutorResult>;
 
 // ---------------------------------------------------------------------------
-// Path resolution — multifile apps default to src/ for file operations
+// Path resolution - multifile apps default to src/ for file operations
 // ---------------------------------------------------------------------------
 
 /**
@@ -146,7 +146,7 @@ export async function executeAppCreate(
   const autoOpen = input.auto_open !== false; // default true
   const preview = input.preview;
 
-  // Validate required fields — LLM input is not type-checked at runtime
+  // Validate required fields - LLM input is not type-checked at runtime
   if (typeof name !== "string" || name.trim() === "") {
     return {
       content: JSON.stringify({
@@ -168,7 +168,7 @@ export async function executeAppCreate(
     }
   }
 
-  // Extract icon from preview if provided — only persist emoji-like values,
+  // Extract icon from preview if provided - only persist emoji-like values,
   // not URLs which would render as raw strings in UI and bundle manifests.
   const rawIcon = preview?.icon as string | undefined;
   const icon = rawIcon && !rawIcon.startsWith("http") ? rawIcon : undefined;
@@ -270,7 +270,7 @@ render(<App />, document.getElementById('app')!);
         isError: false,
       };
     } catch {
-      // Preview emission failure is non-fatal — the app was created successfully.
+      // Preview emission failure is non-fatal - the app was created successfully.
       return {
         content: JSON.stringify({
           ...app,
@@ -388,7 +388,7 @@ export function executeAppFileList(
 
   if (app && isMultifileApp(app)) {
     // Separate build output paths from source paths without mutating the
-    // file path strings — consumers need clean paths for subsequent tool calls.
+    // file path strings - consumers need clean paths for subsequent tool calls.
     const buildOutputPaths = files.filter((f) =>
       f.replace(/\\/g, "/").startsWith("dist/"),
     );
@@ -557,7 +557,7 @@ export async function executeAppGenerateIcon(
   );
 
   if (existsSync(iconPath)) {
-    // Success — clean up the old icon backup
+    // Success - clean up the old icon backup
     if (existsSync(tempPath)) {
       unlinkSync(tempPath);
     }
@@ -567,7 +567,7 @@ export async function executeAppGenerateIcon(
     };
   }
 
-  // Generation failed — restore the previous icon if we had one
+  // Generation failed - restore the previous icon if we had one
   if (existsSync(tempPath)) {
     renameSync(tempPath, iconPath);
   }

package/src/tools/apps/registry.ts

@@ -2,7 +2,7 @@
  * Registers app proxy tools with the daemon's tool registry.
  *
  * Called once at daemon startup via initializeTools(). Only proxy tools
- * (e.g. app_open) are registered here — non-proxy data tools are now
+ * (e.g. app_open) are registered here - non-proxy data tools are now
  * provided by the app-builder skill via its TOOLS.json manifest.
  */
 

package/src/tools/assets/materialize.ts

@@ -1,5 +1,5 @@
 /**
- * asset_materialize — write a stored attachment to a sandbox file path.
+ * asset_materialize - write a stored attachment to a sandbox file path.
  *
  * Accepts an attachment ID (from asset_search) and a destination path
  * within the sandbox working directory. Decodes the base64 content and
@@ -31,11 +31,11 @@ import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 import { getAttachmentSourceConversations } from "./search.js";
 
 // ---------------------------------------------------------------------------
-// Size limit — prevent materializing excessively large attachments
+// Size limit - prevent materializing excessively large attachments
 // ---------------------------------------------------------------------------
 
-/** 50 MB ceiling for materialized files. */
-export const MAX_MATERIALIZE_BYTES = 50 * 1024 * 1024;
+/** 100 MB ceiling for materialized files. */
+export const MAX_MATERIALIZE_BYTES = 100 * 1024 * 1024;
 
 // ---------------------------------------------------------------------------
 // Helpers
@@ -110,7 +110,7 @@ class AssetMaterializeTool implements Tool {
   name = "asset_materialize";
   description = definition.description;
   category = "assets";
-  defaultRiskLevel = RiskLevel.Medium;
+  defaultRiskLevel = RiskLevel.Low;
 
   getDefinition(): ToolDefinition {
     return definition;
@@ -177,7 +177,7 @@ class AssetMaterializeTool implements Tool {
     if (sources.length > 0) {
       const hasStandard = sources.some((s) => s.conversationType !== "private");
       if (!hasStandard) {
-        // All sources are private — check if the caller is in any of those conversations
+        // All sources are private - check if the caller is in any of those conversations
         const callerInSourceConversation = sources.some((s) =>
           isAttachmentVisible(
             { conversationId: s.conversationId, isPrivate: true },

package/src/tools/assets/search.ts

@@ -1,9 +1,9 @@
 /**
- * asset_search — cross-conversation attachment metadata search.
+ * asset_search - cross-conversation attachment metadata search.
  *
  * Queries the attachments store for matching assets by MIME type,
  * filename, recency, or conversation scope. Returns metadata and
- * attachment IDs only — never base64 payloads. The IDs can be
+ * attachment IDs only - never base64 payloads. The IDs can be
  * passed to asset_materialize (PR 35) to retrieve actual content.
  */
 
@@ -33,7 +33,7 @@ import { registerTool } from "../registry.js";
 import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
 
 // ---------------------------------------------------------------------------
-// Recency presets — map human-readable labels to epoch-ms cutoff offsets
+// Recency presets - map human-readable labels to epoch-ms cutoff offsets
 // ---------------------------------------------------------------------------
 
 const RECENCY_MS: Record<string, number> = {
@@ -113,7 +113,7 @@ function isAttachmentVisibleFromContext(
     return true;
   }
 
-  // All sources are private — visible only if the caller is in one of those conversations
+  // All sources are private - visible only if the caller is in one of those conversations
   return sources.some((s) =>
     isAttachmentVisible(
       { conversationId: s.conversationId, isPrivate: true },
@@ -143,13 +143,13 @@ export function searchAttachments(
   const db = getDb();
   const conditions = [];
 
-  // MIME type filter — supports wildcards like 'image/*' via LIKE
+  // MIME type filter - supports wildcards like 'image/*' via LIKE
   if (params.mime_type) {
     const mimePattern = params.mime_type.replace(/\*/g, "%");
     conditions.push(like(attachments.mimeType, mimePattern));
   }
 
-  // Filename filter — case-insensitive substring match (escape LIKE wildcards)
+  // Filename filter - case-insensitive substring match (escape LIKE wildcards)
   if (params.filename) {
     conditions.push(
       like(
@@ -159,7 +159,7 @@ export function searchAttachments(
     );
   }
 
-  // Recency filter — computed cutoff timestamp
+  // Recency filter - computed cutoff timestamp
   if (params.recency) {
     const offsetMs = RECENCY_MS[params.recency];
     if (offsetMs) {
@@ -168,7 +168,7 @@ export function searchAttachments(
     }
   }
 
-  // Conversation scope — join through message_attachments + messages
+  // Conversation scope - join through message_attachments + messages
   if (params.conversation_id) {
     const linkedIds = db
       .select({ attachmentId: messageAttachments.attachmentId })
@@ -239,7 +239,7 @@ export function searchAttachments(
     }));
   }
 
-  // No conversation constraint — query attachments table directly
+  // No conversation constraint - query attachments table directly
   const limit = Math.min(params.limit ?? DEFAULT_LIMIT, MAX_RESULTS);
   const where = conditions.length > 0 ? and(...conditions) : undefined;
 
@@ -271,7 +271,7 @@ const definition: ToolDefinition = {
   name: "asset_search",
   description:
     "Search for previously uploaded media assets (images, documents, etc.) by metadata. " +
-    "Returns attachment IDs and metadata — not file content. Use the returned IDs with " +
+    "Returns attachment IDs and metadata - not file content. Use the returned IDs with " +
     "asset_materialize to retrieve actual file data.",
   input_schema: {
     type: "object",