npm - @vellumai/assistant - Versions diffs - 0.5.1 → 0.5.3 - Mend

@vellumai/assistant 0.5.1 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (405) hide show

package/ARCHITECTURE.md +163 -54
package/docs/architecture/integrations.md +62 -67
package/docs/credential-execution-service.md +3 -3
package/docs/skills.md +100 -0
package/package.json +1 -1
package/src/__tests__/agent-loop.test.ts +111 -0
package/src/__tests__/always-loaded-tools-guard.test.ts +3 -4
package/src/__tests__/app-builder-tool-scripts.test.ts +13 -151
package/src/__tests__/app-dir-path-guard.test.ts +78 -0
package/src/__tests__/app-executors.test.ts +1 -291
package/src/__tests__/app-git-history.test.ts +4 -4
package/src/__tests__/app-routes-csp.test.ts +1 -0
package/src/__tests__/app-store-dir-names.test.ts +426 -0
package/src/__tests__/attachments-store.test.ts +169 -21
package/src/__tests__/attachments.test.ts +115 -1
package/src/__tests__/btw-routes.test.ts +1 -0
package/src/__tests__/canonical-guardian-store.test.ts +38 -0
package/src/__tests__/channel-reply-delivery.test.ts +55 -0
package/src/__tests__/checker.test.ts +54 -0
package/src/__tests__/claude-code-skill-regression.test.ts +2 -0
package/src/__tests__/claude-code-tool-profiles.test.ts +2 -0
package/src/__tests__/compaction.benchmark.test.ts +2 -1
package/src/__tests__/config-schema-cmd.test.ts +68 -21
package/src/__tests__/config-schema.test.ts +1 -1
package/src/__tests__/conversation-agent-loop-overflow.test.ts +156 -5
package/src/__tests__/conversation-agent-loop.test.ts +297 -2
package/src/__tests__/conversation-attachments.test.ts +17 -19
package/src/__tests__/conversation-disk-view-integration.test.ts +277 -0
package/src/__tests__/conversation-disk-view.test.ts +810 -0
package/src/__tests__/conversation-error.test.ts +1 -1
package/src/__tests__/conversation-fork-crud.test.ts +551 -0
package/src/__tests__/conversation-fork-route.test.ts +386 -0
package/src/__tests__/conversation-history-web-search.test.ts +1 -1
package/src/__tests__/conversation-key-store-disk-view.test.ts +130 -0
package/src/__tests__/conversation-media-retry.test.ts +8 -2
package/src/__tests__/conversation-memory-dirty-tail.test.ts +150 -0
package/src/__tests__/conversation-provider-retry-repair.test.ts +7 -0
package/src/__tests__/conversation-queue.test.ts +36 -1
package/src/__tests__/conversation-routes-disk-view.test.ts +439 -0
package/src/__tests__/conversation-routes-guardian-reply.test.ts +2 -2
package/src/__tests__/conversation-routes-slash-commands.test.ts +2 -7
package/src/__tests__/conversation-runtime-assembly.test.ts +17 -2
package/src/__tests__/conversation-skill-tools.test.ts +4 -9
package/src/__tests__/conversation-slash-commands.test.ts +149 -0
package/src/__tests__/conversation-store.test.ts +24 -21
package/src/__tests__/conversation-surfaces-state-update.test.ts +246 -0
package/src/__tests__/conversation-surfaces-task-progress.test.ts +1 -0
package/src/__tests__/conversation-title-service.test.ts +137 -0
package/src/__tests__/conversation-tool-setup-app-refresh.test.ts +25 -315
package/src/__tests__/conversation-tool-setup-memory-scope.test.ts +1 -0
package/src/__tests__/conversation-tool-setup-side-effect-flag.test.ts +1 -0
package/src/__tests__/conversation-wipe.test.ts +226 -0
package/src/__tests__/conversation-workspace-cache-state.test.ts +44 -2
package/src/__tests__/conversation-workspace-injection.test.ts +11 -0
package/src/__tests__/credential-security-invariants.test.ts +3 -0
package/src/__tests__/credential-vault-unit.test.ts +5 -10
package/src/__tests__/cu-unified-flow.test.ts +1 -0
package/src/__tests__/db-conversation-fork-lineage-migration.test.ts +241 -0
package/src/__tests__/db-llm-request-log-provider-migration.test.ts +214 -0
package/src/__tests__/db-memory-archive-migration.test.ts +372 -0
package/src/__tests__/db-memory-brief-state-migration.test.ts +213 -0
package/src/__tests__/db-memory-reducer-checkpoints.test.ts +273 -0
package/src/__tests__/diagnostics-export.test.ts +70 -1
package/src/__tests__/first-greeting.test.ts +80 -0
package/src/__tests__/gateway-only-guard.test.ts +1 -0
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +3 -7
package/src/__tests__/history-repair.test.ts +32 -10
package/src/__tests__/http-conversation-lineage.test.ts +251 -0
package/src/__tests__/image-source-path-reinject.test.ts +136 -0
package/src/__tests__/inline-command-runner.test.ts +311 -0
package/src/__tests__/inline-skill-authoring-guard.test.ts +220 -0
package/src/__tests__/inline-skill-load-permissions.test.ts +435 -0
package/src/__tests__/list-messages-attachments.test.ts +96 -0
package/src/__tests__/llm-context-normalization.test.ts +1116 -0
package/src/__tests__/llm-context-route-provider.test.ts +217 -0
package/src/__tests__/llm-request-log-turn-query.test.ts +270 -0
package/src/__tests__/media-generate-image.test.ts +47 -94
package/src/__tests__/memory-brief-open-loops.test.ts +530 -0
package/src/__tests__/memory-brief-time.test.ts +285 -0
package/src/__tests__/memory-brief-wrapper.test.ts +311 -0
package/src/__tests__/memory-chunk-archive.test.ts +400 -0
package/src/__tests__/memory-chunk-dual-write.test.ts +453 -0
package/src/__tests__/memory-episode-archive.test.ts +370 -0
package/src/__tests__/memory-episode-dual-write.test.ts +626 -0
package/src/__tests__/memory-lifecycle-e2e.test.ts +3 -1
package/src/__tests__/memory-observation-archive.test.ts +375 -0
package/src/__tests__/memory-observation-dual-write.test.ts +318 -0
package/src/__tests__/memory-recall-quality.test.ts +7 -7
package/src/__tests__/memory-reducer-store.test.ts +728 -0
package/src/__tests__/memory-reducer-types.test.ts +699 -0
package/src/__tests__/memory-reducer.test.ts +698 -0
package/src/__tests__/memory-regressions.test.ts +6 -4
package/src/__tests__/memory-simplified-config.test.ts +281 -0
package/src/__tests__/migration-cross-version-compatibility.test.ts +4 -1
package/src/__tests__/migration-export-http.test.ts +3 -1
package/src/__tests__/migration-import-commit-http.test.ts +18 -4
package/src/__tests__/migration-import-preflight-http.test.ts +1 -3
package/src/__tests__/mime-builder.test.ts +3 -2
package/src/__tests__/non-member-access-request.test.ts +12 -1
package/src/__tests__/notification-decision-identity.test.ts +52 -0
package/src/__tests__/oauth-apps-routes.test.ts +103 -0
package/src/__tests__/oauth-store.test.ts +115 -0
package/src/__tests__/parse-identity-fields.test.ts +129 -0
package/src/__tests__/provider-error-scenarios.test.ts +1 -3
package/src/__tests__/provider-failover-actual-provider.test.ts +66 -0
package/src/__tests__/recording-handler.test.ts +17 -0
package/src/__tests__/registry.test.ts +3 -8
package/src/__tests__/relay-server.test.ts +1 -1
package/src/__tests__/runtime-attachment-metadata.test.ts +7 -3
package/src/__tests__/schema-transforms.test.ts +165 -5
package/src/__tests__/server-history-render.test.ts +2 -2
package/src/__tests__/skill-load-inline-command.test.ts +598 -0
package/src/__tests__/skill-load-inline-includes.test.ts +644 -0
package/src/__tests__/skills-inline-command-expansions.test.ts +301 -0
package/src/__tests__/skills-transitive-hash.test.ts +333 -0
package/src/__tests__/slack-app-setup-skill-regression.test.ts +3 -1
package/src/__tests__/slack-inbound-verification.test.ts +2 -2
package/src/__tests__/starter-task-flow.test.ts +1 -0
package/src/__tests__/suggestion-routes.test.ts +443 -0
package/src/__tests__/swarm-conversation-integration.test.ts +1 -0
package/src/__tests__/swarm-recursion.test.ts +1 -0
package/src/__tests__/swarm-tool.test.ts +1 -0
package/src/__tests__/tool-execution-abort-cleanup.test.ts +1 -0
package/src/__tests__/tool-preview-lifecycle.test.ts +32 -5
package/src/__tests__/top-level-renderer.test.ts +22 -0
package/src/__tests__/turn-boundary-resolution.test.ts +243 -0
package/src/__tests__/vellum-self-knowledge-inline-command.test.ts +320 -0
package/src/__tests__/web-fetch.test.ts +6 -2
package/src/__tests__/workspace-migration-006-services-config.test.ts +335 -0
package/src/__tests__/workspace-migration-007-web-search-provider-rename.test.ts +312 -0
package/src/__tests__/workspace-migration-009-backfill-conversation-disk-view.test.ts +278 -0
package/src/__tests__/workspace-migration-010-app-dir-rename.test.ts +275 -0
package/src/__tests__/workspace-migration-012-rename-conversation-disk-view-dirs.test.ts +77 -0
package/src/__tests__/workspace-migration-013-repair-conversation-disk-view.test.ts +401 -0
package/src/__tests__/workspace-migration-backfill-installation-id.test.ts +328 -0
package/src/__tests__/workspace-migration-seed-device-id.test.ts +6 -10
package/src/agent/attachments.ts +27 -1
package/src/agent/loop.ts +29 -1
package/src/avatar/traits-png-sync.ts +80 -25
package/src/bundler/app-bundler.ts +4 -4
package/src/calls/call-domain.ts +1 -0
package/src/calls/voice-session-bridge.ts +1 -0
package/src/cli/commands/auth.ts +92 -0
package/src/cli/commands/avatar.ts +7 -6
package/src/cli/commands/config.ts +2 -0
package/src/cli/commands/oauth/providers.ts +29 -0
package/src/cli/program.ts +12 -0
package/src/cli.ts +15 -48
package/src/config/bundled-skills/app-builder/SKILL.md +103 -28
package/src/config/bundled-skills/app-builder/TOOLS.json +5 -199
package/src/config/bundled-skills/app-builder/tools/{app-query.ts → app-refresh.ts} +2 -2
package/src/config/bundled-skills/contacts/tools/google-contacts.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +6 -9
package/src/config/bundled-skills/gmail/tools/gmail-attachments.ts +4 -6
package/src/config/bundled-skills/gmail/tools/gmail-draft.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-filters.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-follow-up.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-forward.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-label.ts +4 -6
package/src/config/bundled-skills/gmail/tools/gmail-outreach-scan.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-send-draft.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-trash.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-unsubscribe.ts +2 -3
package/src/config/bundled-skills/gmail/tools/gmail-vacation.ts +2 -3
package/src/config/bundled-skills/google-calendar/tools/shared.ts +1 -1
package/src/config/bundled-skills/image-studio/SKILL.md +2 -2
package/src/config/bundled-skills/image-studio/TOOLS.json +2 -2
package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +45 -72
package/src/config/bundled-skills/media-processing/tools/extract-keyframes.ts +2 -2
package/src/config/bundled-skills/messaging/tools/shared.ts +1 -1
package/src/config/bundled-skills/settings/tools/voice-config-update.ts +19 -3
package/src/config/bundled-skills/skill-management/SKILL.md +1 -1
package/src/config/bundled-skills/skill-management/TOOLS.json +2 -2
package/src/config/bundled-skills/slack/tools/shared.ts +19 -4
package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts +2 -3
package/src/config/bundled-skills/transcribe/SKILL.md +1 -1
package/src/config/bundled-skills/transcribe/TOOLS.json +2 -6
package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts +19 -83
package/src/config/bundled-tool-registry.ts +2 -14
package/src/config/feature-flag-registry.json +24 -0
package/src/config/loader.ts +65 -0
package/src/config/raw-config-utils.ts +58 -0
package/src/config/schema-utils.ts +28 -7
package/src/config/schema.ts +20 -0
package/src/config/schemas/elevenlabs.ts +18 -0
package/src/config/schemas/memory-lifecycle.ts +4 -2
package/src/config/schemas/memory-simplified.ts +101 -0
package/src/config/schemas/memory-storage.ts +1 -1
package/src/config/schemas/memory.ts +4 -0
package/src/config/schemas/services.ts +8 -6
package/src/config/skills.ts +50 -4
package/src/contacts/contact-store.ts +13 -6
package/src/contacts/contacts-write.ts +0 -1
package/src/context/window-manager.ts +13 -2
package/src/daemon/conversation-agent-loop-handlers.ts +54 -8
package/src/daemon/conversation-agent-loop.ts +127 -20
package/src/daemon/conversation-attachments.ts +18 -36
package/src/daemon/conversation-error.ts +2 -1
package/src/daemon/conversation-history.ts +18 -4
package/src/daemon/conversation-lifecycle.ts +50 -16
package/src/daemon/conversation-messaging.ts +70 -26
package/src/daemon/conversation-process.ts +58 -34
package/src/daemon/conversation-runtime-assembly.ts +22 -38
package/src/daemon/conversation-slash.ts +121 -256
package/src/daemon/conversation-surfaces.ts +170 -24
package/src/daemon/conversation-tool-setup.ts +0 -6
package/src/daemon/conversation-workspace.ts +21 -1
package/src/daemon/conversation.ts +69 -30
package/src/daemon/first-greeting.ts +35 -0
package/src/daemon/handlers/config-embeddings.ts +156 -0
package/src/daemon/handlers/config-model.ts +62 -26
package/src/daemon/handlers/conversations.ts +0 -23
package/src/daemon/handlers/identity.ts +12 -1
package/src/daemon/handlers/recording.ts +26 -21
package/src/daemon/host-cu-proxy.ts +2 -2
package/src/daemon/lifecycle.ts +115 -65
package/src/daemon/message-protocol.ts +3 -0
package/src/daemon/message-types/conversations.ts +18 -0
package/src/daemon/message-types/messages.ts +1 -0
package/src/daemon/message-types/shared.ts +2 -0
package/src/daemon/message-types/surfaces.ts +2 -0
package/src/daemon/message-types/upgrades.ts +23 -0
package/src/daemon/server.ts +83 -12
package/src/daemon/shutdown-handlers.ts +8 -5
package/src/daemon/startup-error.ts +9 -0
package/src/daemon/tool-side-effects.ts +11 -28
package/src/events/tool-permission-telemetry-listener.ts +1 -3
package/src/followups/followup-store.ts +47 -1
package/src/instrument.ts +0 -4
package/src/media/app-icon-generator.ts +2 -2
package/src/memory/app-git-service.ts +28 -16
package/src/memory/app-store.ts +230 -41
package/src/memory/archive-store.ts +400 -0
package/src/memory/attachments-store.ts +558 -130
package/src/memory/brief-formatting.ts +33 -0
package/src/memory/brief-open-loops.ts +266 -0
package/src/memory/brief-time.ts +161 -0
package/src/memory/brief.ts +75 -0
package/src/memory/conversation-attention-store.ts +70 -0
package/src/memory/conversation-crud.ts +591 -8
package/src/memory/conversation-directories.ts +125 -0
package/src/memory/conversation-disk-view.ts +390 -0
package/src/memory/conversation-key-store.ts +17 -5
package/src/memory/conversation-queries.ts +5 -1
package/src/memory/conversation-title-service.ts +21 -49
package/src/memory/db-init.ts +40 -0
package/src/memory/embedding-backend.ts +42 -53
package/src/memory/embedding-gemini.test.ts +4 -4
package/src/memory/embedding-local.ts +1 -3
package/src/memory/embedding-ollama.ts +1 -3
package/src/memory/embedding-openai.ts +1 -3
package/src/memory/indexer.ts +114 -21
package/src/memory/items-extractor.ts +42 -13
package/src/memory/job-handlers/conversation-starters.ts +6 -1
package/src/memory/job-handlers/embedding.test.ts +2 -4
package/src/memory/job-handlers/embedding.ts +83 -0
package/src/memory/job-utils.ts +1 -1
package/src/memory/jobs-store.ts +6 -0
package/src/memory/jobs-worker.ts +12 -0
package/src/memory/llm-request-log-store.ts +100 -1
package/src/memory/migrations/102-alter-table-columns.ts +5 -0
package/src/memory/migrations/146-schedule-oneshot-routing.ts +3 -3
package/src/memory/migrations/147-migrate-reminders-to-schedules.ts +66 -70
package/src/memory/migrations/148-drop-reminders-table.ts +5 -9
package/src/memory/migrations/160-drop-loopback-port-column.ts +1 -3
package/src/memory/migrations/174-rename-thread-starters-table.ts +0 -7
package/src/memory/migrations/178-oauth-providers-managed-service-config-key.ts +15 -0
package/src/memory/migrations/179-llm-request-log-message-id.ts +16 -0
package/src/memory/migrations/180-backfill-inline-attachments-to-disk.ts +66 -0
package/src/memory/migrations/181-rename-thread-starters-checkpoints.ts +46 -0
package/src/memory/migrations/182-oauth-providers-display-metadata.ts +20 -0
package/src/memory/migrations/183-add-conversation-fork-lineage.ts +22 -0
package/src/memory/migrations/184-llm-request-log-provider.ts +12 -0
package/src/memory/migrations/185-memory-brief-state.ts +52 -0
package/src/memory/migrations/186-memory-archive.ts +109 -0
package/src/memory/migrations/187-memory-reducer-checkpoints.ts +19 -0
package/src/memory/migrations/index.ts +10 -0
package/src/memory/migrations/registry.ts +13 -0
package/src/memory/qdrant-client.ts +23 -4
package/src/memory/reducer-store.ts +271 -0
package/src/memory/reducer-types.ts +99 -0
package/src/memory/reducer.ts +453 -0
package/src/memory/retriever.test.ts +601 -2
package/src/memory/retriever.ts +85 -9
package/src/memory/schema/conversations.ts +9 -0
package/src/memory/schema/index.ts +2 -0
package/src/memory/schema/infrastructure.ts +13 -7
package/src/memory/schema/memory-archive.ts +121 -0
package/src/memory/schema/memory-brief.ts +55 -0
package/src/memory/schema/oauth.ts +6 -0
package/src/memory/search/semantic.ts +17 -4
package/src/messaging/providers/gmail/mime-builder.ts +3 -1
package/src/notifications/copy-composer.ts +26 -0
package/src/notifications/decision-engine.ts +14 -1
package/src/notifications/emit-signal.ts +1 -1
package/src/notifications/signal.ts +36 -0
package/src/oauth/byo-connection.test.ts +1 -45
package/src/oauth/byo-connection.ts +2 -8
package/src/oauth/connect-orchestrator.ts +15 -11
package/src/oauth/connection-resolver.test.ts +191 -0
package/src/oauth/connection-resolver.ts +66 -38
package/src/oauth/connection.ts +0 -1
package/src/oauth/oauth-store.ts +99 -47
package/src/oauth/platform-connection.test.ts +0 -1
package/src/oauth/platform-connection.ts +11 -3
package/src/oauth/seed-providers.ts +78 -3
package/src/oauth/token-persistence.ts +16 -10
package/src/permissions/checker.ts +160 -14
package/src/permissions/defaults.ts +14 -0
package/src/prompts/templates/BOOTSTRAP.md +2 -0
package/src/providers/anthropic/client.ts +8 -1
package/src/providers/failover.ts +4 -1
package/src/providers/gemini/client.ts +50 -0
package/src/providers/model-catalog.ts +92 -0
package/src/providers/model-intents.ts +29 -20
package/src/providers/openai/client.ts +49 -0
package/src/providers/types.ts +2 -0
package/src/runtime/access-request-helper.ts +16 -7
package/src/runtime/auth/credential-service.ts +3 -1
package/src/runtime/auth/route-policy.ts +14 -1
package/src/runtime/btw-sidechain.ts +101 -0
package/src/runtime/channel-reply-delivery.ts +17 -1
package/src/runtime/http-router.ts +3 -1
package/src/runtime/http-server.ts +196 -141
package/src/runtime/http-types.ts +1 -0
package/src/runtime/migrations/vbundle-builder.ts +5 -1
package/src/runtime/routes/access-request-decision.ts +41 -0
package/src/runtime/routes/app-management-routes.ts +6 -3
package/src/runtime/routes/app-routes.ts +7 -3
package/src/runtime/routes/approval-routes.ts +1 -0
package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +34 -2
package/src/runtime/routes/attachment-routes.ts +45 -15
package/src/runtime/routes/btw-routes.ts +21 -61
package/src/runtime/routes/conversation-management-routes.ts +74 -0
package/src/runtime/routes/conversation-query-routes.ts +187 -10
package/src/runtime/routes/conversation-routes.ts +269 -28
package/src/runtime/routes/conversation-starter-routes.ts +9 -11
package/src/runtime/routes/diagnostics-routes.ts +1 -0
package/src/runtime/routes/identity-routes.ts +2 -35
package/src/runtime/routes/inbound-stages/acl-enforcement.ts +2 -2
package/src/runtime/routes/llm-context-normalization.ts +1212 -0
package/src/runtime/routes/log-export-routes.ts +3 -0
package/src/runtime/routes/memory-item-routes.test.ts +34 -0
package/src/runtime/routes/memory-item-routes.ts +94 -5
package/src/runtime/routes/migration-routes.ts +4 -1
package/src/runtime/routes/oauth-apps.ts +291 -0
package/src/runtime/routes/secret-routes.ts +30 -1
package/src/runtime/routes/settings-routes.ts +14 -0
package/src/runtime/routes/surface-action-routes.ts +68 -1
package/src/runtime/routes/trace-event-routes.ts +4 -1
package/src/schedule/schedule-store.ts +30 -21
package/src/security/secure-keys.ts +21 -0
package/src/signals/bash.ts +1 -1
package/src/skills/inline-command-expansions.ts +204 -0
package/src/skills/inline-command-render.ts +127 -0
package/src/skills/inline-command-runner.ts +242 -0
package/src/skills/transitive-version-hash.ts +88 -0
package/src/swarm/backend-claude-code.ts +3 -6
package/src/tasks/task-store.ts +43 -1
package/src/telemetry/usage-telemetry-reporter.test.ts +3 -2
package/src/telemetry/usage-telemetry-reporter.ts +3 -1
package/src/tools/AGENTS.md +6 -10
package/src/tools/apps/executors.ts +17 -232
package/src/tools/claude-code/claude-code.ts +2 -3
package/src/tools/credentials/vault.ts +7 -12
package/src/tools/host-filesystem/read.ts +13 -10
package/src/tools/network/__tests__/web-search.test.ts +4 -2
package/src/tools/permission-checker.ts +8 -1
package/src/tools/schedule/list.ts +2 -7
package/src/tools/schema-transforms.ts +5 -0
package/src/tools/shared/filesystem/format-diff.ts +2 -7
package/src/tools/skills/execute.ts +1 -1
package/src/tools/skills/load.ts +140 -6
package/src/tools/tool-manifest.ts +0 -6
package/src/tools/ui-surface/definitions.ts +2 -2
package/src/util/device-id.ts +28 -5
package/src/util/platform.ts +24 -0
package/src/util/pricing.ts +1 -0
package/src/util/retry.ts +1 -3
package/src/workspace/migrations/003-seed-device-id.ts +3 -4
package/src/workspace/migrations/006-services-config.ts +5 -0
package/src/workspace/migrations/008-voice-timeout-and-max-steps.ts +12 -0
package/src/workspace/migrations/009-backfill-conversation-disk-view.ts +10 -0
package/src/workspace/migrations/010-app-dir-rename.ts +223 -0
package/src/workspace/migrations/{002-backfill-installation-id.ts → 011-backfill-installation-id.ts} +24 -13
package/src/workspace/migrations/012-rename-conversation-disk-view-dirs.ts +64 -0
package/src/workspace/migrations/013-repair-conversation-disk-view.ts +11 -0
package/src/workspace/migrations/rebuild-conversation-disk-view.ts +186 -0
package/src/workspace/migrations/registry.ts +11 -1
package/src/workspace/top-level-renderer.ts +12 -0
package/src/__tests__/asset-materialize-tool.test.ts +0 -523
package/src/__tests__/asset-search-tool.test.ts +0 -536
package/src/__tests__/fixtures/media-reuse-fixtures.ts +0 -56
package/src/__tests__/media-reuse-story.e2e.test.ts +0 -762
package/src/__tests__/media-visibility-policy.test.ts +0 -190
package/src/config/bundled-skills/app-builder/tools/app-file-edit.ts +0 -14
package/src/config/bundled-skills/app-builder/tools/app-file-list.ts +0 -13
package/src/config/bundled-skills/app-builder/tools/app-file-read.ts +0 -21
package/src/config/bundled-skills/app-builder/tools/app-file-write.ts +0 -14
package/src/config/bundled-skills/app-builder/tools/app-list.ts +0 -13
package/src/config/bundled-skills/app-builder/tools/app-update.ts +0 -23
package/src/daemon/media-visibility-policy.ts +0 -59
package/src/tools/assets/materialize.ts +0 -248
package/src/tools/assets/search.ts +0 -400

package/src/oauth/byo-connection.ts CHANGED Viewed

@@ -25,31 +25,25 @@ export interface BYOOAuthConnectionOptions {
   providerKey: string;
   baseUrl: string;
   accountInfo: string | null;
-  grantedScopes: string[];
-  credentialService: string;
 }
 export class BYOOAuthConnection implements OAuthConnection {
   readonly id: string;
   readonly providerKey: string;
   readonly accountInfo: string | null;
-  readonly grantedScopes: string[];
   private readonly baseUrl: string;
-  private readonly credentialService: string;
   constructor(opts: BYOOAuthConnectionOptions) {
     this.id = opts.id;
     this.providerKey = opts.providerKey;
     this.baseUrl = opts.baseUrl;
     this.accountInfo = opts.accountInfo;
-    this.grantedScopes = opts.grantedScopes;
-    this.credentialService = opts.credentialService;
   }
   async request(req: OAuthConnectionRequest): Promise<OAuthConnectionResponse> {
     return withValidToken(
-      this.credentialService,
+      this.providerKey,
       async (token) => {
         const effectiveBaseUrl = req.baseUrl ?? this.baseUrl;
         let fullUrl = `${effectiveBaseUrl}${req.path}`;
@@ -106,7 +100,7 @@ export class BYOOAuthConnection implements OAuthConnection {
   }
   async withToken<T>(fn: (token: string) => Promise<T>): Promise<T> {
-    return withValidToken(this.credentialService, fn, {
+    return withValidToken(this.providerKey, fn, {
       connectionId: this.id,
     });
   }

package/src/oauth/connect-orchestrator.ts CHANGED Viewed

@@ -252,12 +252,13 @@ export async function orchestrateOAuthConnect(
       prepared.completion
         .then(async (result) => {
           try {
-            let accountInfo: string | undefined;
+            let parsedAccountIdentifier: string | undefined;
-            // Run identity verifier if available (code-side behavior)
+            // Parse account identifier from the provider's identity endpoint.
+            // Best-effort — format varies by provider and may fail.
             if (behavior.identityVerifier) {
               try {
-                accountInfo = await behavior.identityVerifier(
+                parsedAccountIdentifier = await behavior.identityVerifier(
                   result.tokens.accessToken,
                 );
               } catch {
@@ -270,19 +271,19 @@ export async function orchestrateOAuthConnect(
               tokens: result.tokens,
               grantedScopes: result.grantedScopes,
               rawTokenResponse: result.rawTokenResponse,
-              identityAccountInfo: accountInfo,
+              parsedAccountIdentifier,
             });
             log.info(
               {
                 service: resolvedService,
-                accountInfo: stored.accountInfo ?? accountInfo,
+                accountInfo: stored.accountInfo ?? parsedAccountIdentifier,
               },
               "Deferred OAuth2 flow completed — tokens stored",
             );
             options.onDeferredComplete?.({
               success: true,
               service: resolvedService,
-              accountInfo: stored.accountInfo ?? accountInfo,
+              accountInfo: stored.accountInfo ?? parsedAccountIdentifier,
             });
           } catch (err) {
             log.error(
@@ -353,11 +354,14 @@ export async function orchestrateOAuthConnect(
           : undefined,
     );
-    // Run identity verifier if available (code-side behavior)
-    let verifiedIdentity: string | undefined;
+    // Parse account identifier from the provider's identity endpoint.
+    // Best-effort — format varies by provider and may fail.
+    let parsedAccountIdentifier: string | undefined;
     if (behavior.identityVerifier) {
       try {
-        verifiedIdentity = await behavior.identityVerifier(tokens.accessToken);
+        parsedAccountIdentifier = await behavior.identityVerifier(
+          tokens.accessToken,
+        );
       } catch {
         // Non-fatal
       }
@@ -368,14 +372,14 @@ export async function orchestrateOAuthConnect(
       tokens,
       grantedScopes,
       rawTokenResponse,
-      identityAccountInfo: verifiedIdentity,
+      parsedAccountIdentifier,
     });
     return {
       success: true,
       deferred: false,
       grantedScopes,
-      accountInfo: accountInfo ?? verifiedIdentity,
+      accountInfo: accountInfo ?? parsedAccountIdentifier,
     };
   } catch (err: unknown) {
     const message =

package/src/oauth/connection-resolver.test.ts ADDED Viewed

@@ -0,0 +1,191 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+// ---------------------------------------------------------------------------
+// Mutable mock state
+// ---------------------------------------------------------------------------
+let mockProvider: Record<string, unknown> | undefined;
+let mockConnection: Record<string, unknown> | undefined;
+let mockAccessToken: string | undefined;
+let mockConfig: Record<string, unknown> = {};
+let mockManagedProxyCtx = {
+  enabled: false,
+  platformBaseUrl: "",
+  assistantApiKey: "",
+};
+let mockAssistantId = "";
+// ---------------------------------------------------------------------------
+// Module mocks (must precede imports of the module under test)
+// ---------------------------------------------------------------------------
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+mock.module("./oauth-store.js", () => ({
+  getProvider: () => mockProvider,
+  getActiveConnection: (
+    _pk: string,
+    opts?: { clientId?: string; account?: string },
+  ) => {
+    if (opts?.clientId && mockConnection?.clientId !== opts.clientId)
+      return undefined;
+    if (opts?.account && mockConnection?.accountInfo !== opts.account)
+      return undefined;
+    return mockConnection;
+  },
+}));
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: async () => mockAccessToken,
+}));
+mock.module("../config/loader.js", () => ({
+  getConfig: () => mockConfig,
+}));
+mock.module("../config/env.js", () => ({
+  getPlatformAssistantId: () => mockAssistantId,
+}));
+mock.module("../providers/managed-proxy/context.js", () => ({
+  resolveManagedProxyContext: async () => mockManagedProxyCtx,
+}));
+// ---------------------------------------------------------------------------
+// Import the module under test (after all mocks are registered)
+// ---------------------------------------------------------------------------
+import { BYOOAuthConnection } from "./byo-connection.js";
+import { resolveOAuthConnection } from "./connection-resolver.js";
+import { PlatformOAuthConnection } from "./platform-connection.js";
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function setupDefaults(): void {
+  mockProvider = {
+    providerKey: "integration:google",
+    baseUrl: "https://gmail.googleapis.com/gmail/v1/users/me",
+    managedServiceConfigKey: null,
+  };
+  mockConnection = {
+    id: "conn-1",
+    providerKey: "integration:google",
+    oauthAppId: "app-1",
+    accountInfo: "user@example.com",
+    grantedScopes: JSON.stringify(["scope-a", "scope-b"]),
+    status: "active",
+    clientId: "client-1",
+  };
+  mockAccessToken = "tok-valid";
+  mockConfig = {
+    services: {
+      inference: {
+        mode: "your-own",
+        provider: "anthropic",
+        model: "claude-opus-4-6",
+      },
+      "image-generation": {
+        mode: "your-own",
+        provider: "gemini",
+        model: "gemini-3.1-flash-image-preview",
+      },
+      "web-search": { mode: "your-own", provider: "inference-provider-native" },
+      "google-oauth": { mode: "managed" },
+    },
+  };
+  mockManagedProxyCtx = {
+    enabled: true,
+    platformBaseUrl: "https://platform.example.com",
+    assistantApiKey: "sk-test-key",
+  };
+  mockAssistantId = "asst-123";
+}
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+describe("resolveOAuthConnection", () => {
+  beforeEach(() => {
+    setupDefaults();
+  });
+  test("returns BYOOAuthConnection when provider has no managedServiceConfigKey", async () => {
+    const result = await resolveOAuthConnection("integration:google");
+    expect(result).toBeInstanceOf(BYOOAuthConnection);
+    expect(result.id).toBe("conn-1");
+    expect(result.providerKey).toBe("integration:google");
+  });
+  test("returns PlatformOAuthConnection when managed mode is active", async () => {
+    mockProvider!.managedServiceConfigKey = "google-oauth";
+    const result = await resolveOAuthConnection("integration:google");
+    expect(result).toBeInstanceOf(PlatformOAuthConnection);
+    expect(result.id).toBe("integration:google");
+    expect(result.providerKey).toBe("integration:google");
+    expect(result.accountInfo).toBeNull();
+  });
+  test("passes account through to PlatformOAuthConnection", async () => {
+    mockProvider!.managedServiceConfigKey = "google-oauth";
+    const result = await resolveOAuthConnection("integration:google", {
+      account: "user@example.com",
+    });
+    expect(result).toBeInstanceOf(PlatformOAuthConnection);
+    expect(result.accountInfo).toBe("user@example.com");
+  });
+  test("returns BYOOAuthConnection when service config mode is your-own", async () => {
+    mockProvider!.managedServiceConfigKey = "google-oauth";
+    (mockConfig.services as Record<string, unknown>)["google-oauth"] = {
+      mode: "your-own",
+    };
+    const result = await resolveOAuthConnection("integration:google");
+    expect(result).toBeInstanceOf(BYOOAuthConnection);
+    expect(result.id).toBe("conn-1");
+  });
+  test("managed path does not require a local connection row", async () => {
+    mockProvider!.managedServiceConfigKey = "google-oauth";
+    mockConnection = undefined;
+    mockAccessToken = undefined;
+    const result = await resolveOAuthConnection("integration:google");
+    expect(result).toBeInstanceOf(PlatformOAuthConnection);
+  });
+  test("managed path ignores clientId option", async () => {
+    mockProvider!.managedServiceConfigKey = "google-oauth";
+    const result = await resolveOAuthConnection("integration:google", {
+      clientId: "some-client-id",
+    });
+    expect(result).toBeInstanceOf(PlatformOAuthConnection);
+  });
+  test("BYO path narrows by clientId when provided", async () => {
+    const result = await resolveOAuthConnection("integration:google", {
+      clientId: "client-1",
+    });
+    expect(result).toBeInstanceOf(BYOOAuthConnection);
+    expect(result.id).toBe("conn-1");
+  });
+  test("BYO path returns no credential when clientId does not match", async () => {
+    await expect(
+      resolveOAuthConnection("integration:google", {
+        clientId: "wrong-client",
+      }),
+    ).rejects.toThrow(/No active OAuth connection found/);
+  });
+});

package/src/oauth/connection-resolver.ts CHANGED Viewed

@@ -1,72 +1,100 @@
+import { getPlatformAssistantId } from "../config/env.js";
+import { getConfig } from "../config/loader.js";
+import { type Services, ServicesSchema } from "../config/schemas/services.js";
+import { resolveManagedProxyContext } from "../providers/managed-proxy/context.js";
 import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { BYOOAuthConnection } from "./byo-connection.js";
 import type { OAuthConnection } from "./connection.js";
-import {
-  getApp,
-  getConnectionByProvider,
-  getConnectionByProviderAndAccount,
-  getProvider,
-} from "./oauth-store.js";
+import { getActiveConnection, getProvider } from "./oauth-store.js";
+import { PlatformOAuthConnection } from "./platform-connection.js";
+export interface ResolveOAuthConnectionOptions {
+  /** OAuth app client ID — narrows to a specific app when multiple BYO apps
+   *  exist for the same provider. */
+  clientId?: string;
+  /** Account identifier (e.g. email, username) — disambiguates when multiple
+   *  accounts are connected for the same provider. Best-effort: not guaranteed
+   *  to be present on all connections. */
+  account?: string;
+}
 /**
- * Resolve an OAuthConnection for a given credential service.
+ * Resolve an OAuthConnection for a given provider.
+ *
+ * Managed providers (where the service config `mode` is `"managed"`) are
+ * routed through the platform proxy with no local state required.
  *
- * When `accountInfo` is provided, resolves the connection for that specific
- * account (e.g. "user@gmail.com"). Otherwise falls back to the most recent
- * active connection.
+ * BYO providers resolve from the local SQLite oauth-store and require an
+ * active connection row and a stored access token.
  *
- * Reads exclusively from the SQLite oauth-store. Throws if no connection
- * exists (authorization required).
+ * @param providerKey - Provider identifier (e.g. "integration:google").
+ *   Maps to the `provider_key` primary key in the `oauth_providers` table.
+ * @param options.clientId - Optional OAuth app client ID. When multiple BYO
+ *   apps exist for the same provider, narrows the connection lookup to the
+ *   app matching this client ID. Ignored for managed providers.
+ * @param options.account - Optional account identifier to disambiguate
+ *   multi-account connections.
  */
 export async function resolveOAuthConnection(
-  credentialService: string,
-  accountInfo?: string,
+  providerKey: string,
+  options?: ResolveOAuthConnectionOptions,
 ): Promise<OAuthConnection> {
-  const conn = accountInfo
-    ? getConnectionByProviderAndAccount(credentialService, accountInfo)
-    : getConnectionByProvider(credentialService);
+  const { clientId, account } = options ?? {};
+  const provider = getProvider(providerKey);
+  const managedKey = provider?.managedServiceConfigKey;
+  if (managedKey && managedKey in ServicesSchema.shape) {
+    const services: Services = getConfig().services;
+    if (services[managedKey as keyof Services].mode === "managed") {
+      const ctx = await resolveManagedProxyContext();
+      const assistantId = getPlatformAssistantId();
+      return new PlatformOAuthConnection({
+        id: providerKey,
+        providerKey,
+        externalId: providerKey,
+        accountInfo: account ?? null,
+        assistantId,
+        platformBaseUrl: ctx.platformBaseUrl,
+        apiKey: ctx.assistantApiKey,
+      });
+    }
+  }
+  // BYO path — requires a local connection row, access token, and base URL.
+  const conn = getActiveConnection(providerKey, { clientId, account });
   if (!conn) {
+    const filters = [
+      account && `account "${account}"`,
+      clientId && `client ID "${clientId}"`,
+    ].filter(Boolean);
+    const qualifier = filters.length
+      ? ` matching ${filters.join(" and ")}`
+      : "";
     throw new Error(
-      `No credential found for "${credentialService}". Authorization required.`,
+      `No active OAuth connection found for "${providerKey}"${qualifier}. Connect the service first with oauth2_connect.`,
     );
   }
   const accessToken = await getSecureKeyAsync(
     `oauth_connection/${conn.id}/access_token`,
   );
   if (!accessToken) {
     throw new Error(
-      `No access token found for "${credentialService}". Authorization required.`,
+      `OAuth connection for "${providerKey}" exists but has no access token. Re-authorize with oauth2_connect.`,
     );
   }
-  // Look up the provider by credentialService first; fall back to the
-  // connection's app's canonical providerKey so custom credential_service
-  // overrides (e.g. "integration:github-work") still resolve to the well-known
-  // provider's base URL. We traverse conn -> oauthApp -> providerKey because
-  // conn.providerKey equals credentialService (getConnectionByProvider queries
-  // WHERE providerKey = credentialService), whereas the app's providerKey is a
-  // foreign key to the oauthProviders table.
-  const provider =
-    getProvider(credentialService) ??
-    getProvider(getApp(conn.oauthAppId)?.providerKey ?? "");
   const baseUrl = provider?.baseUrl;
   if (!baseUrl) {
-    throw new Error(`No base URL configured for "${credentialService}".`);
+    throw new Error(
+      `OAuth provider "${providerKey}" has no base URL configured. Check provider setup.`,
+    );
   }
-  const grantedScopes: string[] = conn.grantedScopes
-    ? JSON.parse(conn.grantedScopes)
-    : [];
   return new BYOOAuthConnection({
     id: conn.id,
     providerKey: conn.providerKey,
     baseUrl,
     accountInfo: conn.accountInfo,
-    grantedScopes,
-    credentialService,
   });
 }

package/src/oauth/connection.ts CHANGED Viewed

@@ -34,5 +34,4 @@ export interface OAuthConnection {
   readonly id: string;
   readonly providerKey: string;
   readonly accountInfo: string | null;
-  readonly grantedScopes: string[];
 }