@vellumai/assistant 0.5.1 → 0.5.3

package/src/memory/retriever.ts

@@ -373,7 +373,7 @@ export async function buildMemoryRecall(
   // those messages are no longer in the conversation history and memory is
   // the only way they can influence the response.
   if (conversationId) {
-    const inContextMessageIds = getInContextMessageIds(conversationId);
+    const inContextMessageIds = getEffectiveInContextMessageIds(conversationId);
     if (inContextMessageIds) {
       for (const [key, c] of candidateMap) {
         if (c.type === "segment") {
@@ -392,6 +392,51 @@ export async function buildMemoryRecall(
           }
         }
       }
+
+      // ── Item filtering: exclude items whose ALL sources are in-context ──
+      // Items distilled from messages the model can already see are redundant.
+      // However, items with ANY source outside the in-context set carry
+      // cross-conversation information and must be preserved.
+      const itemCandidateIds = [...candidateMap.values()]
+        .filter((c) => c.type === "item")
+        .map((c) => c.id);
+
+      if (itemCandidateIds.length > 0) {
+        try {
+          const db = getDb();
+          const allSources = db
+            .select({
+              memoryItemId: memoryItemSources.memoryItemId,
+              messageId: memoryItemSources.messageId,
+            })
+            .from(memoryItemSources)
+            .where(inArray(memoryItemSources.memoryItemId, itemCandidateIds))
+            .all();
+
+          // Build item ID → source message IDs map
+          const itemSourceMap = new Map<string, string[]>();
+          for (const s of allSources) {
+            const existing = itemSourceMap.get(s.memoryItemId);
+            if (existing) existing.push(s.messageId);
+            else itemSourceMap.set(s.memoryItemId, [s.messageId]);
+          }
+
+          // Filter items whose ALL sources are in-context
+          for (const [key, c] of candidateMap) {
+            if (c.type !== "item") continue;
+            const sourceMessageIds = itemSourceMap.get(c.id);
+            if (!sourceMessageIds || sourceMessageIds.length === 0) continue;
+            if (sourceMessageIds.every((mid) => inContextMessageIds.has(mid))) {
+              candidateMap.delete(key);
+            }
+          }
+        } catch (err) {
+          log.warn(
+            { err },
+            "Failed to fetch item sources for in-context filtering; skipping",
+          );
+        }
+      }
     }
   }
 
@@ -574,14 +619,22 @@ export async function buildMemoryRecall(
 }
 
 /**
- * Get the set of message IDs that are still in the conversation's context
- * window (i.e., not compacted away). Uses `contextCompactedMessageCount` to
- * determine the offset: messages ordered by createdAt after that count are
- * still visible to the model.
+ * Get the set of message IDs that are effectively in the conversation's
+ * context window. This includes:
+ *   1. Messages still visible (not compacted) in the conversation history.
+ *   2. Fork-source message IDs — when a conversation is forked, messages are
+ *      copied with new IDs but their metadata stores the original parent
+ *      message ID as `forkSourceMessageId`. Segments sourced from those parent
+ *      messages are redundant because the fork already contains their content.
+ *
+ * Uses `contextCompactedMessageCount` to determine the compaction offset:
+ * messages ordered by createdAt after that count are still visible to the model.
  *
  * Returns `null` if the conversation is not found (deleted, or no DB row).
  */
-function getInContextMessageIds(conversationId: string): Set<string> | null {
+function getEffectiveInContextMessageIds(
+  conversationId: string,
+): Set<string> | null {
   try {
     const db = getDb();
 
@@ -599,9 +652,9 @@ function getInContextMessageIds(conversationId: string): Set<string> | null {
 
     const offset = conv.contextCompactedMessageCount;
 
-    // Fetch message IDs ordered by creation time, skipping compacted ones
+    // Fetch message IDs and metadata ordered by creation time
     const rows = db
-      .select({ id: messages.id })
+      .select({ id: messages.id, metadata: messages.metadata })
       .from(messages)
       .where(eq(messages.conversationId, conversationId))
       .orderBy(asc(messages.createdAt))
@@ -609,7 +662,30 @@ function getInContextMessageIds(conversationId: string): Set<string> | null {
 
     // Messages up to `offset` have been compacted out of context
     const inContextRows = rows.slice(offset);
-    return new Set(inContextRows.map((r) => r.id));
+    const idSet = new Set(inContextRows.map((r) => r.id));
+
+    // Also include fork-source message IDs from in-context messages.
+    // When a conversation is forked, each copied message's metadata contains
+    // `forkSourceMessageId` pointing to the original (parent or grandparent)
+    // message ID. Segments sourced from those original messages are redundant.
+    for (const row of inContextRows) {
+      if (!row.metadata) continue;
+      try {
+        const parsed = JSON.parse(row.metadata);
+        if (
+          parsed &&
+          typeof parsed === "object" &&
+          !Array.isArray(parsed) &&
+          typeof parsed.forkSourceMessageId === "string"
+        ) {
+          idSet.add(parsed.forkSourceMessageId);
+        }
+      } catch {
+        // Invalid metadata JSON — skip, don't break filtering.
+      }
+    }
+
+    return idSet;
   } catch (err) {
     log.warn(
       { err },

package/src/memory/schema/conversations.ts

@@ -26,12 +26,20 @@ export const conversations = sqliteTable(
     memoryScopeId: text("memory_scope_id").notNull().default("default"),
     originChannel: text("origin_channel"),
     originInterface: text("origin_interface"),
+    forkParentConversationId: text("fork_parent_conversation_id"),
+    forkParentMessageId: text("fork_parent_message_id"),
     isAutoTitle: integer("is_auto_title").notNull().default(1),
     scheduleJobId: text("schedule_job_id"),
+    memoryReducedThroughMessageId: text("memory_reduced_through_message_id"),
+    memoryDirtyTailSinceMessageId: text("memory_dirty_tail_since_message_id"),
+    memoryLastReducedAt: integer("memory_last_reduced_at"),
   },
   (table) => [
     index("idx_conversations_updated_at").on(table.updatedAt),
     index("idx_conversations_conversation_type").on(table.conversationType),
+    index("idx_conversations_fork_parent_conversation_id").on(
+      table.forkParentConversationId,
+    ),
   ],
 );
 
@@ -88,6 +96,7 @@ export const attachments = sqliteTable("attachments", {
   dataBase64: text("data_base64").notNull(),
   contentHash: text("content_hash"),
   thumbnailBase64: text("thumbnail_base64"),
+  filePath: text("file_path"),
   createdAt: integer("created_at").notNull(),
 });
 

package/src/memory/schema/index.ts

@@ -3,6 +3,8 @@ export * from "./contacts.js";
 export * from "./conversations.js";
 export * from "./guardian.js";
 export * from "./infrastructure.js";
+export * from "./memory-archive.js";
+export * from "./memory-brief.js";
 export * from "./memory-core.js";
 export * from "./notifications.js";
 export * from "./oauth.js";

package/src/memory/schema/infrastructure.ts

@@ -106,13 +106,19 @@ export const watcherEvents = sqliteTable("watcher_events", {
   createdAt: integer("created_at").notNull(),
 });
 
-export const llmRequestLogs = sqliteTable("llm_request_logs", {
-  id: text("id").primaryKey(),
-  conversationId: text("conversation_id").notNull(),
-  requestPayload: text("request_payload").notNull(),
-  responsePayload: text("response_payload").notNull(),
-  createdAt: integer("created_at").notNull(),
-});
+export const llmRequestLogs = sqliteTable(
+  "llm_request_logs",
+  {
+    id: text("id").primaryKey(),
+    conversationId: text("conversation_id").notNull(),
+    messageId: text("message_id"),
+    provider: text("provider"),
+    requestPayload: text("request_payload").notNull(),
+    responsePayload: text("response_payload").notNull(),
+    createdAt: integer("created_at").notNull(),
+  },
+  (table) => [index("idx_llm_request_logs_message_id").on(table.messageId)],
+);
 
 export const llmUsageEvents = sqliteTable(
   "llm_usage_events",

package/src/memory/schema/memory-archive.ts

@@ -0,0 +1,121 @@
+import {
+  index,
+  integer,
+  sqliteTable,
+  text,
+  uniqueIndex,
+} from "drizzle-orm/sqlite-core";
+
+import { conversations, messages } from "./conversations.js";
+
+/**
+ * Raw observation records captured from conversation turns. Each observation
+ * is a single factual statement extracted from user or assistant messages,
+ * annotated with modality and source metadata for downstream recall.
+ */
+export const memoryObservations = sqliteTable(
+  "memory_observations",
+  {
+    id: text("id").primaryKey(),
+    scopeId: text("scope_id").notNull().default("default"),
+    conversationId: text("conversation_id")
+      .notNull()
+      .references(() => conversations.id, { onDelete: "cascade" }),
+    messageId: text("message_id").references(() => messages.id, {
+      onDelete: "set null",
+    }),
+    /** The role that produced the observation (e.g. "user", "assistant"). */
+    role: text("role").notNull(),
+    /** Free-text statement capturing the observed fact. */
+    content: text("content").notNull(),
+    /**
+     * Modality of the source material: "text", "voice", "image", etc.
+     * Enables downstream filters for recall relevance.
+     */
+    modality: text("modality").notNull().default("text"),
+    /**
+     * Source channel or interface that produced the observation
+     * (e.g. "vellum", "telegram", "phone").
+     */
+    source: text("source"),
+    createdAt: integer("created_at").notNull(),
+  },
+  (table) => [
+    index("idx_memory_observations_scope_id").on(table.scopeId),
+    index("idx_memory_observations_conversation_id").on(table.conversationId),
+    index("idx_memory_observations_created_at").on(table.createdAt),
+  ],
+);
+
+/**
+ * Deduplicated content chunks derived from observations. Chunks are the unit
+ * of embedding and recall — each chunk carries a contentHash for idempotent
+ * dual-write safety so the same content is never stored twice.
+ */
+export const memoryChunks = sqliteTable(
+  "memory_chunks",
+  {
+    id: text("id").primaryKey(),
+    scopeId: text("scope_id").notNull().default("default"),
+    observationId: text("observation_id")
+      .notNull()
+      .references(() => memoryObservations.id, { onDelete: "cascade" }),
+    /** The chunk text used for embedding and recall. */
+    content: text("content").notNull(),
+    /** Token count estimate for context-window budgeting. */
+    tokenEstimate: integer("token_estimate").notNull(),
+    /**
+     * SHA-256 hash of the normalized content, used to skip duplicate inserts
+     * during dual-write windows.
+     */
+    contentHash: text("content_hash").notNull(),
+    createdAt: integer("created_at").notNull(),
+  },
+  (table) => [
+    index("idx_memory_chunks_scope_id").on(table.scopeId),
+    index("idx_memory_chunks_observation_id").on(table.observationId),
+    uniqueIndex("idx_memory_chunks_content_hash").on(
+      table.scopeId,
+      table.contentHash,
+    ),
+    index("idx_memory_chunks_created_at").on(table.createdAt),
+  ],
+);
+
+/**
+ * Episode records that group related observations into coherent narrative
+ * units. An episode represents a meaningful interaction or topic span,
+ * with source-link metadata for provenance tracking.
+ */
+export const memoryEpisodes = sqliteTable(
+  "memory_episodes",
+  {
+    id: text("id").primaryKey(),
+    scopeId: text("scope_id").notNull().default("default"),
+    conversationId: text("conversation_id")
+      .notNull()
+      .references(() => conversations.id, { onDelete: "cascade" }),
+    /** Human-readable title summarizing the episode. */
+    title: text("title").notNull(),
+    /** Longer narrative summary of the episode content. */
+    summary: text("summary").notNull(),
+    /** Token count estimate for the summary. */
+    tokenEstimate: integer("token_estimate").notNull(),
+    /**
+     * Source channel or interface that produced the episode
+     * (mirrors observation.source for episode-level filtering).
+     */
+    source: text("source"),
+    /** Epoch-ms timestamp of the earliest observation in the episode. */
+    startAt: integer("start_at").notNull(),
+    /** Epoch-ms timestamp of the latest observation in the episode. */
+    endAt: integer("end_at").notNull(),
+    createdAt: integer("created_at").notNull(),
+    updatedAt: integer("updated_at").notNull(),
+  },
+  (table) => [
+    index("idx_memory_episodes_scope_id").on(table.scopeId),
+    index("idx_memory_episodes_conversation_id").on(table.conversationId),
+    index("idx_memory_episodes_created_at").on(table.createdAt),
+  ],
+);

package/src/memory/schema/memory-brief.ts

@@ -0,0 +1,55 @@
+import { index, integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
+
+/**
+ * Time contexts represent bounded temporal windows that are relevant to the
+ * assistant's current awareness — e.g. "user is traveling next week",
+ * "quarterly planning period ends Friday".  Each row captures one window
+ * with an activation range and a human-readable summary the brief can surface.
+ */
+export const timeContexts = sqliteTable(
+  "time_contexts",
+  {
+    id: text("id").primaryKey(),
+    scopeId: text("scope_id").notNull(),
+    summary: text("summary").notNull(),
+    source: text("source").notNull(), // e.g. 'conversation', 'schedule', 'manual'
+    activeFrom: integer("active_from").notNull(), // epoch ms — window start
+    activeUntil: integer("active_until").notNull(), // epoch ms — window end
+    createdAt: integer("created_at").notNull(),
+    updatedAt: integer("updated_at").notNull(),
+  },
+  (table) => [
+    index("idx_time_contexts_scope_active_until").on(
+      table.scopeId,
+      table.activeUntil,
+    ),
+  ],
+);
+
+/**
+ * Open loops track unresolved items the assistant should follow up on —
+ * e.g. "waiting for Bob's reply", "need to file taxes before April 15".
+ * Each row carries a status and an optional due date so the brief can
+ * prioritise which loops to surface.
+ */
+export const openLoops = sqliteTable(
+  "open_loops",
+  {
+    id: text("id").primaryKey(),
+    scopeId: text("scope_id").notNull(),
+    summary: text("summary").notNull(),
+    status: text("status").notNull().default("open"), // 'open' | 'resolved' | 'expired'
+    source: text("source").notNull(), // e.g. 'conversation', 'followup', 'manual'
+    dueAt: integer("due_at"), // epoch ms — optional deadline
+    surfacedAt: integer("surfaced_at"), // epoch ms — last time shown in brief
+    createdAt: integer("created_at").notNull(),
+    updatedAt: integer("updated_at").notNull(),
+  },
+  (table) => [
+    index("idx_open_loops_scope_status_due").on(
+      table.scopeId,
+      table.status,
+      table.dueAt,
+    ),
+  ],
+);

package/src/memory/schema/oauth.ts

@@ -18,6 +18,12 @@ export const oauthProviders = sqliteTable("oauth_providers", {
   extraParams: text("extra_params"),
   callbackTransport: text("callback_transport"),
   pingUrl: text("ping_url"),
+  managedServiceConfigKey: text("managed_service_config_key"),
+  displayName: text("display_name"),
+  description: text("description"),
+  dashboardUrl: text("dashboard_url"),
+  clientIdPlaceholder: text("client_id_placeholder"),
+  requiresClientSecret: integer("requires_client_secret").notNull().default(1),
   createdAt: integer("created_at").notNull(),
   updatedAt: integer("updated_at").notNull(),
 });

package/src/memory/search/semantic.ts

@@ -61,6 +61,7 @@ export async function semanticSearch(
         fetchLimit,
         ["item", "summary", "segment", "media"],
         excludedMessageIds,
+        scopeIds,
       ),
     );
   }
@@ -277,13 +278,13 @@ export async function semanticSearch(
  * Build a Qdrant filter for hybrid search. Mirrors the logic in
  * `searchWithFilter` but as a standalone object for the query API.
  *
- * Scope filtering: items and media store `memory_scope_id` on the Qdrant
- * point payload, so we can filter at the Qdrant level. Segments and
- * summaries rely on post-query DB filtering (same as dense-only search).
+ * Scope filtering: points with a `memory_scope_id` payload field are
+ * filtered at the Qdrant level. Legacy points without the field pass
+ * through and are caught by post-query DB filtering.
  */
 function buildHybridFilter(
   excludeMessageIds: string[],
-  _scopeIds?: string[],
+  scopeIds?: string[],
 ): Record<string, unknown> {
   const mustConditions: Array<Record<string, unknown>> = [
     {
@@ -310,6 +311,18 @@ function buildHybridFilter(
     });
   }
 
+  // Scope filtering: accept points whose memory_scope_id matches one of the
+  // allowed scopes, OR points that lack the field entirely (legacy data).
+  // Post-query DB filtering remains as defense-in-depth for legacy points.
+  if (scopeIds && scopeIds.length > 0) {
+    mustConditions.push({
+      should: [
+        { key: "memory_scope_id", match: { any: scopeIds } },
+        { is_empty: { key: "memory_scope_id" } },
+      ],
+    });
+  }
+
   const mustNotConditions: Array<Record<string, unknown>> = [
     { key: "_meta", match: { value: true } },
   ];

package/src/messaging/providers/gmail/mime-builder.ts

@@ -45,7 +45,9 @@ export function buildMultipartMime(options: MimeMessageOptions): string {
   const sanitizedSubject = sanitizeHeaderValue(subject);
   const sanitizedCc = cc ? sanitizeHeaderValue(cc) : undefined;
   const sanitizedBcc = bcc ? sanitizeHeaderValue(bcc) : undefined;
-  const sanitizedInReplyTo = inReplyTo ? sanitizeHeaderValue(inReplyTo) : undefined;
+  const sanitizedInReplyTo = inReplyTo
+    ? sanitizeHeaderValue(inReplyTo)
+    : undefined;
 
   const headers = [
     `To: ${sanitizedTo}`,

package/src/notifications/copy-composer.ts

@@ -196,6 +196,14 @@ export function hasInviteFlowDirective(text: string | undefined): boolean {
  * Build the deterministic access-request contract text from payload fields.
  * This is the canonical baseline that enforcement can append when generated
  * copy is missing required elements.
+ *
+ * Channel-agnostic by design: this function reads from the generic
+ * `contextPayload` and works identically regardless of which channel
+ * (Slack, Telegram, desktop, etc.) the notification is delivered to.
+ * When `guardianResolutionSource` is present and not `"source-channel-contact"`,
+ * the guardian was resolved via fallback (e.g. vellum anchor) rather than
+ * a verified same-channel contact — downstream copy or routing can use
+ * this to append verification CTAs like "Was this you?".
  */
 export function buildAccessRequestContractText(
   payload: Record<string, unknown>,
@@ -208,6 +216,15 @@ export function buildAccessRequestContractText(
       ? payload.previousMemberStatus
       : undefined;
 
+  const guardianResolutionSource =
+    typeof payload.guardianResolutionSource === "string"
+      ? payload.guardianResolutionSource
+      : undefined;
+  const sourceChannel =
+    typeof payload.sourceChannel === "string"
+      ? payload.sourceChannel
+      : undefined;
+
   const lines: string[] = [];
   lines.push(buildAccessRequestIdentityLine(payload));
   if (previousMemberStatus === "revoked") {
@@ -220,6 +237,15 @@ export function buildAccessRequestContractText(
     );
   }
   lines.push(buildAccessRequestInviteDirective());
+  if (
+    (guardianResolutionSource === "vellum-anchor" ||
+      guardianResolutionSource === "none") &&
+    sourceChannel
+  ) {
+    lines.push(
+      `Note: You haven't verified your identity on ${sourceChannel} yet. If this was you trying to message your assistant, say "help me verify as guardian on ${sourceChannel}" to set up direct access.`,
+    );
+  }
   return lines.join("\n");
 }
 

package/src/notifications/decision-engine.ts

@@ -22,6 +22,7 @@ import {
 } from "../providers/provider-send-message.js";
 import type { ModelIntent, Provider } from "../providers/types.js";
 import { getLogger } from "../util/logger.js";
+import { truncate } from "../util/truncate.js";
 import {
   buildConversationCandidates,
   type ConversationCandidateSet,
@@ -55,6 +56,15 @@ const log = getLogger("notification-decision-engine");
 const DECISION_TIMEOUT_MS = 15_000;
 const PROMPT_VERSION = "v4";
 
+/**
+ * Maximum character budget for identity context injected into the notification
+ * decision prompt. We truncate to prevent oversized prompts when SOUL.md /
+ * IDENTITY.md / USER.md are large — exceeding the provider context window
+ * would cause the LLM call to fail and silently degrade to deterministic
+ * fallback for all notifications.
+ */
+const MAX_IDENTITY_CONTEXT_CHARS = 2000;
+
 // ── System prompt ──────────────────────────────────────────────────────
 
 function buildSystemPrompt(
@@ -790,7 +800,10 @@ async function classifyWithLLM(
   const candidateContext = candidateSet
     ? (serializeCandidatesForPrompt(candidateSet) ?? undefined)
     : undefined;
-  const identityContext = buildCoreIdentityContext() ?? undefined;
+  const rawIdentityContext = buildCoreIdentityContext();
+  const identityContext = rawIdentityContext
+    ? truncate(rawIdentityContext, MAX_IDENTITY_CONTEXT_CHARS, "\n…[truncated]")
+    : undefined;
   const systemPrompt = buildSystemPrompt(
     availableChannels,
     preferenceContext,

package/src/notifications/emit-signal.ts

@@ -220,7 +220,7 @@ export async function emitNotificationSignal<TEventName extends string>(
       sourceChannel: params.sourceChannel,
       sourceContextId: params.sourceContextId,
       attentionHints: params.attentionHints,
-      payload: params.contextPayload ?? {},
+      payload: (params.contextPayload ?? {}) as Record<string, unknown>,
       dedupeKey: params.dedupeKey,
     });
 

package/src/notifications/signal.ts

@@ -118,8 +118,44 @@ export interface AttentionHints {
 
 export type RoutingIntent = "single_channel" | "multi_channel" | "all_channels";
 
+// ── Typed context payloads ──────────────────────────────────────────────
+
+/**
+ * How the guardian was resolved for an access request.
+ *
+ * - `"source-channel-contact"` — Guardian was found via the originating channel's
+ *   contact store and their principalId matches the assistant's anchor.
+ * - `"vellum-anchor"` — No same-channel guardian matched; fell back to the
+ *   assistant's vellum guardian principal.
+ * - `"none"` — No guardian binding could be resolved at all.
+ *
+ * Downstream consumers (notification copy, routing) use this to decide whether
+ * to append a "Was this you?" CTA or route notifications beyond the source channel.
+ * This is channel-agnostic by design — any channel's access request that
+ * resolves to a non-source-channel guardian gets the same treatment.
+ */
+export type GuardianResolutionSource =
+  | "source-channel-contact"
+  | "vellum-anchor"
+  | "none";
+
+export interface AccessRequestContextPayload {
+  requestId: string;
+  requestCode: string;
+  sourceChannel: string;
+  conversationExternalId: string;
+  actorExternalId: string;
+  actorDisplayName: string | null;
+  actorUsername: string | null;
+  senderIdentifier: string;
+  guardianBindingChannel: string | null;
+  guardianResolutionSource: GuardianResolutionSource;
+  previousMemberStatus: string | null;
+}
+
 export interface NotificationEventContextPayloadMap {
   "guardian.question": GuardianQuestionPayload;
+  "ingress.access_request": AccessRequestContextPayload;
 }
 
 export type NotificationContextPayload<TEventName extends string = string> =

package/src/oauth/byo-connection.test.ts

@@ -236,8 +236,6 @@ function createConnection(service = "integration:google"): BYOOAuthConnection {
     providerKey: service,
     baseUrl: "https://gmail.googleapis.com/gmail/v1/users/me",
     accountInfo: null,
-    grantedScopes: ["read", "write"],
-    credentialService: service,
   });
 }
 
@@ -500,12 +498,11 @@ describe("resolveOAuthConnection", () => {
 
     expect(conn).toBeInstanceOf(BYOOAuthConnection);
     expect(conn.providerKey).toBe("integration:google");
-    expect(conn.grantedScopes).toEqual(["read", "write"]);
   });
 
   test("throws when no credential metadata exists", async () => {
     await expect(resolveOAuthConnection("integration:unknown")).rejects.toThrow(
-      /No credential found for "integration:unknown"/,
+      /No active OAuth connection found for "integration:unknown"/,
     );
   });
 
@@ -517,45 +514,4 @@ describe("resolveOAuthConnection", () => {
       /No base URL configured for "integration:custom-service"/,
     );
   });
-
-  test("resolves base URL via app's canonical providerKey for custom credential_service", async () => {
-    // Set up a well-known provider with a baseUrl
-    mockProviders.set("github", {
-      key: "github",
-      tokenUrl: "https://github.com/login/oauth/access_token",
-      baseUrl: "https://api.github.com",
-    });
-    // The custom credential service has no provider entry of its own
-    // (getProvider("integration:github-work") returns undefined)
-
-    // App points to the canonical "github" provider
-    const appId = "app-github-work";
-    mockApps.set(appId, {
-      id: appId,
-      providerKey: "github",
-      clientId: "test-client-id",
-      clientSecretCredentialPath: `oauth_app/${appId}/client_secret`,
-    });
-
-    // Connection uses the custom credential service as its providerKey
-    const connId = "conn-github-work";
-    mockConnections.set("integration:github-work", {
-      id: connId,
-      providerKey: "integration:github-work",
-      oauthAppId: appId,
-      expiresAt: Date.now() + 3600 * 1000,
-      grantedScopes: JSON.stringify(["repo"]),
-      accountInfo: null,
-    });
-    await setSecureKeyAsync(
-      `oauth_connection/${connId}/access_token`,
-      "ghp-test-token",
-    );
-
-    const conn = await resolveOAuthConnection("integration:github-work");
-
-    expect(conn).toBeInstanceOf(BYOOAuthConnection);
-    expect(conn.providerKey).toBe("integration:github-work");
-    expect(conn.grantedScopes).toEqual(["repo"]);
-  });
 });