@vellumai/assistant 0.5.11 → 0.5.13

package/src/memory/journal-memory.ts

@@ -143,7 +143,10 @@ export function upsertJournalMemoriesFromDisk(
 
     // Filter for .md files, excluding readme.md (case-insensitive)
     const mdFiles = files.filter(
-      (f) => f.endsWith(".md") && f.toLowerCase() !== "readme.md",
+      (f) =>
+        f.endsWith(".md") &&
+        !f.startsWith(".") &&
+        f.toLowerCase() !== "readme.md",
     );
 
     let upserted = 0;
@@ -178,7 +181,10 @@ export function upsertJournalMemoriesFromDisk(
         if (!statSync(subdirPath).isDirectory()) continue;
 
         const subFiles = readdirSync(subdirPath).filter(
-          (f) => f.endsWith(".md") && f.toLowerCase() !== "readme.md",
+          (f) =>
+            f.endsWith(".md") &&
+            !f.startsWith(".") &&
+            f.toLowerCase() !== "readme.md",
         );
 
         for (const filename of subFiles) {

package/src/memory/migrations/196-messages-conversation-created-at-index.ts

@@ -0,0 +1,9 @@
+import type { DrizzleDb } from "../db-connection.js";
+
+export function migrateMessagesConversationCreatedAtIndex(
+  database: DrizzleDb,
+): void {
+  database.run(
+    /*sql*/ `CREATE INDEX IF NOT EXISTS idx_messages_conversation_created_at ON messages(conversation_id, created_at)`,
+  );
+}

package/src/memory/migrations/196-strip-integration-prefix-from-provider-keys.ts

@@ -0,0 +1,186 @@
+import type { DrizzleDb } from "../db-connection.js";
+import { getSqliteFrom } from "../db-connection.js";
+import { withCrashRecovery } from "./validate-migration-state.js";
+
+/**
+ * One-shot migration: strip the `integration:` prefix from provider_key
+ * values across all three OAuth tables (oauth_providers, oauth_apps,
+ * oauth_connections).
+ *
+ * Historically provider keys were stored as `integration:google`,
+ * `integration:slack`, etc.  The codebase is moving to bare-name keys
+ * (`google`, `slack`) for simplicity.  Providers that were already stored
+ * with bare names (e.g. `slack_channel`, `telegram`) are unaffected.
+ *
+ * If a bare-name key already exists (runtime seed data created it), the
+ * old `integration:` rows are orphaned — we delete them instead of
+ * renaming to avoid UNIQUE constraint violations.
+ *
+ * FK constraints require us to update child tables (oauth_apps,
+ * oauth_connections) before the parent (oauth_providers), or disable FKs.
+ * We disable FKs for safety and update all three tables atomically.
+ */
+export function migrateStripIntegrationPrefixFromProviderKeys(
+  database: DrizzleDb,
+): void {
+  withCrashRecovery(
+    database,
+    "migration_strip_integration_prefix_from_provider_keys_v1",
+    () => {
+      const raw = getSqliteFrom(database);
+
+      raw.exec("PRAGMA foreign_keys = OFF");
+      try {
+        // Find all provider keys with the integration: prefix.
+        const rows = raw
+          .prepare(
+            /*sql*/ `SELECT provider_key FROM oauth_providers WHERE provider_key LIKE 'integration:%'`,
+          )
+          .all() as Array<{ provider_key: string }>;
+
+        for (const { provider_key: oldKey } of rows) {
+          const newKey = oldKey.replace(/^integration:/, "");
+
+          // Check if the bare-name key already exists (seed data may have created it).
+          const bareExists = raw
+            .prepare(
+              /*sql*/ `SELECT 1 FROM oauth_providers WHERE provider_key = ?`,
+            )
+            .get(newKey);
+
+          if (bareExists) {
+            // Bare-name provider already exists — delete the old prefixed rows
+            // to avoid UNIQUE constraint violations.
+            raw
+              .prepare(
+                /*sql*/ `DELETE FROM oauth_connections WHERE provider_key = ?`,
+              )
+              .run(oldKey);
+            raw
+              .prepare(/*sql*/ `DELETE FROM oauth_apps WHERE provider_key = ?`)
+              .run(oldKey);
+            raw
+              .prepare(
+                /*sql*/ `DELETE FROM oauth_providers WHERE provider_key = ?`,
+              )
+              .run(oldKey);
+          } else {
+            // Rename: update child tables first, then parent.
+            raw
+              .prepare(
+                /*sql*/ `UPDATE oauth_connections SET provider_key = ? WHERE provider_key = ?`,
+              )
+              .run(newKey, oldKey);
+            raw
+              .prepare(
+                /*sql*/ `UPDATE oauth_apps SET provider_key = ? WHERE provider_key = ?`,
+              )
+              .run(newKey, oldKey);
+            raw
+              .prepare(
+                /*sql*/ `UPDATE oauth_providers SET provider_key = ? WHERE provider_key = ?`,
+              )
+              .run(newKey, oldKey);
+          }
+        }
+
+        // Also update the watchers table — credential_service stores provider
+        // keys like "integration:google" that feed into resolveOAuthConnection().
+        raw
+          .prepare(
+            /*sql*/ `UPDATE watchers SET credential_service = REPLACE(credential_service, 'integration:', '') WHERE credential_service LIKE 'integration:%'`,
+          )
+          .run();
+      } finally {
+        raw.exec("PRAGMA foreign_keys = ON");
+      }
+    },
+  );
+}
+
+/**
+ * Reverse: re-add the `integration:` prefix to provider keys that don't
+ * already have one and aren't known bare-name providers.
+ *
+ * This is a best-effort rollback — we prefix all keys that look like they
+ * were originally `integration:` prefixed.  Known bare-name keys
+ * (`slack_channel`, `telegram`) are left as-is because they never had the
+ * prefix.
+ */
+export function migrateStripIntegrationPrefixFromProviderKeysDown(
+  database: DrizzleDb,
+): void {
+  const raw = getSqliteFrom(database);
+
+  // Keys that were always bare — never had an integration: prefix.
+  const ALWAYS_BARE = new Set(["slack_channel", "telegram"]);
+
+  raw.exec("PRAGMA foreign_keys = OFF");
+  try {
+    const rows = raw
+      .prepare(
+        /*sql*/ `SELECT provider_key FROM oauth_providers WHERE provider_key NOT LIKE 'integration:%'`,
+      )
+      .all() as Array<{ provider_key: string }>;
+
+    for (const { provider_key: bareKey } of rows) {
+      if (ALWAYS_BARE.has(bareKey)) continue;
+
+      const prefixedKey = `integration:${bareKey}`;
+
+      // If the prefixed key already exists, delete the bare rows.
+      const prefixedExists = raw
+        .prepare(/*sql*/ `SELECT 1 FROM oauth_providers WHERE provider_key = ?`)
+        .get(prefixedKey);
+
+      if (prefixedExists) {
+        raw
+          .prepare(
+            /*sql*/ `DELETE FROM oauth_connections WHERE provider_key = ?`,
+          )
+          .run(bareKey);
+        raw
+          .prepare(/*sql*/ `DELETE FROM oauth_apps WHERE provider_key = ?`)
+          .run(bareKey);
+        raw
+          .prepare(/*sql*/ `DELETE FROM oauth_providers WHERE provider_key = ?`)
+          .run(bareKey);
+      } else {
+        raw
+          .prepare(
+            /*sql*/ `UPDATE oauth_connections SET provider_key = ? WHERE provider_key = ?`,
+          )
+          .run(prefixedKey, bareKey);
+        raw
+          .prepare(
+            /*sql*/ `UPDATE oauth_apps SET provider_key = ? WHERE provider_key = ?`,
+          )
+          .run(prefixedKey, bareKey);
+        raw
+          .prepare(
+            /*sql*/ `UPDATE oauth_providers SET provider_key = ? WHERE provider_key = ?`,
+          )
+          .run(prefixedKey, bareKey);
+      }
+    }
+
+    // Reverse the watchers table update — re-add the prefix for keys that
+    // aren't known bare-name providers.
+    const watcherRows = raw
+      .prepare(
+        /*sql*/ `SELECT DISTINCT credential_service FROM watchers WHERE credential_service NOT LIKE 'integration:%'`,
+      )
+      .all() as Array<{ credential_service: string }>;
+
+    for (const { credential_service: bareKey } of watcherRows) {
+      if (ALWAYS_BARE.has(bareKey)) continue;
+      raw
+        .prepare(
+          /*sql*/ `UPDATE watchers SET credential_service = ? WHERE credential_service = ?`,
+        )
+        .run(`integration:${bareKey}`, bareKey);
+    }
+  } finally {
+    raw.exec("PRAGMA foreign_keys = ON");
+  }
+}

package/src/memory/migrations/197-oauth-providers-behavior-columns.ts

@@ -0,0 +1,29 @@
+import type { DrizzleDb } from "../db-connection.js";
+import { getSqliteFrom } from "../db-connection.js";
+
+export function migrateOAuthProvidersBehaviorColumns(
+  database: DrizzleDb,
+): void {
+  const raw = getSqliteFrom(database);
+  const columns = [
+    "loopback_port INTEGER",
+    "injection_templates TEXT",
+    "setup_skill_id TEXT",
+    "app_type TEXT",
+    "setup_notes TEXT",
+    "identity_url TEXT",
+    "identity_method TEXT",
+    "identity_headers TEXT",
+    "identity_body TEXT",
+    "identity_response_paths TEXT",
+    "identity_format TEXT",
+    "identity_ok_field TEXT",
+  ];
+  for (const col of columns) {
+    try {
+      raw.exec(`ALTER TABLE oauth_providers ADD COLUMN ${col}`);
+    } catch {
+      // Column already exists — nothing to do.
+    }
+  }
+}

package/src/memory/migrations/198-drop-setup-skill-id-column.ts

@@ -0,0 +1,11 @@
+import type { DrizzleDb } from "../db-connection.js";
+import { getSqliteFrom } from "../db-connection.js";
+
+export function migrateDropSetupSkillIdColumn(database: DrizzleDb): void {
+  const raw = getSqliteFrom(database);
+  try {
+    raw.exec(/*sql*/ `ALTER TABLE oauth_providers DROP COLUMN setup_skill_id`);
+  } catch {
+    // Column already dropped or doesn't exist — nothing to do.
+  }
+}

package/src/memory/migrations/index.ts

@@ -134,6 +134,10 @@ export { migrateContactsUserFileColumn } from "./192-contacts-user-file-column.j
 export { migrateAddSourceTypeColumns } from "./193-add-source-type-columns.js";
 export { migrateCreateMemoryRecallLogs } from "./194-memory-recall-logs.js";
 export { migrateOAuthProvidersPingConfig } from "./195-oauth-providers-ping-config.js";
+export { migrateMessagesConversationCreatedAtIndex } from "./196-messages-conversation-created-at-index.js";
+export { migrateStripIntegrationPrefixFromProviderKeys } from "./196-strip-integration-prefix-from-provider-keys.js";
+export { migrateOAuthProvidersBehaviorColumns } from "./197-oauth-providers-behavior-columns.js";
+export { migrateDropSetupSkillIdColumn } from "./198-drop-setup-skill-id-column.js";
 export {
   MIGRATION_REGISTRY,
   type MigrationRegistryEntry,

package/src/memory/migrations/registry.ts

@@ -38,6 +38,7 @@ import { migrateBackfillInlineAttachmentsToDiskDown } from "./180-backfill-inlin
 import { migrateRenameThreadStartersCheckpointsDown } from "./181-rename-thread-starters-checkpoints.js";
 import { migrateBackfillAudioAttachmentMimeTypesDown } from "./191-backfill-audio-attachment-mime-types.js";
 import { migrateAddSourceTypeColumnsDown } from "./193-add-source-type-columns.js";
+import { migrateStripIntegrationPrefixFromProviderKeysDown } from "./196-strip-integration-prefix-from-provider-keys.js";
 
 export interface MigrationRegistryEntry {
   /** The checkpoint key written to memory_checkpoints on completion. */
@@ -333,6 +334,13 @@ export const MIGRATION_REGISTRY: MigrationRegistryEntry[] = [
       "Add source_type and source_message_role columns to memory_items with backfill from verification_state and source messages",
     down: migrateAddSourceTypeColumnsDown,
   },
+  {
+    key: "migration_strip_integration_prefix_from_provider_keys_v1",
+    version: 38,
+    description:
+      "Strip integration: prefix from provider_key across oauth_providers, oauth_apps, and oauth_connections",
+    down: migrateStripIntegrationPrefixFromProviderKeysDown,
+  },
 ];
 
 export function getMaxMigrationVersion(): number {

package/src/memory/schema/oauth.ts

@@ -27,6 +27,17 @@ export const oauthProviders = sqliteTable("oauth_providers", {
   dashboardUrl: text("dashboard_url"),
   clientIdPlaceholder: text("client_id_placeholder"),
   requiresClientSecret: integer("requires_client_secret").notNull().default(1),
+  loopbackPort: integer("loopback_port"),
+  injectionTemplates: text("injection_templates"),
+  appType: text("app_type"),
+  setupNotes: text("setup_notes"),
+  identityUrl: text("identity_url"),
+  identityMethod: text("identity_method"),
+  identityHeaders: text("identity_headers"),
+  identityBody: text("identity_body"),
+  identityResponsePaths: text("identity_response_paths"),
+  identityFormat: text("identity_format"),
+  identityOkField: text("identity_ok_field"),
   createdAt: integer("created_at").notNull(),
   updatedAt: integer("updated_at").notNull(),
 });

package/src/messaging/provider.ts

@@ -30,25 +30,23 @@ export interface MessagingProvider {
 
   // ── Universal operations (every platform must implement) ──────────
 
-  testConnection(
-    connectionOrToken: OAuthConnection | string,
-  ): Promise<ConnectionInfo>;
+  testConnection(connection?: OAuthConnection): Promise<ConnectionInfo>;
   listConversations(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     options?: ListOptions,
   ): Promise<Conversation[]>;
   getHistory(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     conversationId: string,
     options?: HistoryOptions,
   ): Promise<Message[]>;
   search(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     query: string,
     options?: SearchOptions,
   ): Promise<SearchResult>;
   sendMessage(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     conversationId: string,
     text: string,
     options?: SendOptions,
@@ -57,26 +55,26 @@ export interface MessagingProvider {
   // ── Optional operations (platforms implement what they support) ───
 
   getThreadReplies?(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     conversationId: string,
     threadId: string,
     options?: HistoryOptions,
   ): Promise<Message[]>;
   markRead?(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     conversationId: string,
     messageId?: string,
   ): Promise<void>;
 
   /** Scan messages and group by sender for bulk cleanup (e.g. newsletter decluttering). */
   senderDigest?(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     query: string,
     options?: { maxMessages?: number; maxSenders?: number; pageToken?: string },
   ): Promise<SenderDigestResult>;
   /** Archive messages matching a search query. */
   archiveByQuery?(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     query: string,
   ): Promise<ArchiveResult>;
 
@@ -95,8 +93,11 @@ export interface MessagingProvider {
    * than the OAuth provider key). When present, getProviderConnection() calls
    * this instead of resolveOAuthConnection(), giving the provider full control
    * over credential lookup including fallback strategies.
+   *
+   * Returns an OAuthConnection if the provider uses OAuth, or undefined if
+   * the provider manages credentials internally (e.g. raw bot tokens).
    */
-  resolveConnection?(account?: string): Promise<OAuthConnection | string>;
+  resolveConnection?(account?: string): Promise<OAuthConnection | undefined>;
 
   /** Platform-specific capabilities for tool routing (e.g. 'reactions', 'threads', 'labels'). */
   capabilities: Set<string>;

package/src/messaging/providers/gmail/adapter.ts

@@ -24,6 +24,17 @@ import type {
 import * as gmail from "./client.js";
 import type { GmailMessage, GmailMessagePart } from "./types.js";
 
+function requireConnection(
+  connection: OAuthConnection | undefined,
+): OAuthConnection {
+  if (!connection) {
+    throw new Error(
+      "Gmail requires an OAuth connection — is the account connected?",
+    );
+  }
+  return connection;
+}
+
 function extractHeader(msg: GmailMessage, name: string): string {
   const lower = name.toLowerCase();
   return (
@@ -86,7 +97,7 @@ function mapGmailMessage(msg: GmailMessage): Message {
 export const gmailMessagingProvider: MessagingProvider = {
   id: "gmail",
   displayName: "Gmail",
-  credentialService: "integration:google",
+  credentialService: "google",
   capabilities: new Set([
     "threads",
     "labels",
@@ -95,11 +106,9 @@ export const gmailMessagingProvider: MessagingProvider = {
     "unsubscribe",
   ]),
 
-  async testConnection(
-    connectionOrToken: OAuthConnection | string,
-  ): Promise<ConnectionInfo> {
-    const connection = connectionOrToken as OAuthConnection;
-    const profile = await gmail.getProfile(connection);
+  async testConnection(connection?: OAuthConnection): Promise<ConnectionInfo> {
+    const conn = requireConnection(connection);
+    const profile = await gmail.getProfile(conn);
     return {
       connected: true,
       user: profile.emailAddress,
@@ -112,12 +121,12 @@ export const gmailMessagingProvider: MessagingProvider = {
   },
 
   async listConversations(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     _options?: ListOptions,
   ): Promise<Conversation[]> {
-    const connection = connectionOrToken as OAuthConnection;
+    const conn = requireConnection(connection);
     // Gmail "conversations" are modeled as labels with unread counts
-    const labels = await gmail.listLabels(connection);
+    const labels = await gmail.listLabels(conn);
     const conversations: Conversation[] = [];
 
     for (const label of labels) {
@@ -156,15 +165,15 @@ export const gmailMessagingProvider: MessagingProvider = {
   },
 
   async getHistory(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     conversationId: string,
     options?: HistoryOptions,
   ): Promise<Message[]> {
-    const connection = connectionOrToken as OAuthConnection;
+    const conn = requireConnection(connection);
     // conversationId is a label ID — list messages in that label
     const limit = options?.limit ?? 50;
     const listResult = await gmail.listMessages(
-      connection,
+      conn,
       undefined,
       limit,
       undefined,
@@ -174,7 +183,7 @@ export const gmailMessagingProvider: MessagingProvider = {
     if (!listResult.messages?.length) return [];
 
     const messages = await gmail.batchGetMessages(
-      connection,
+      conn,
       listResult.messages.map((m) => m.id),
       "full",
     );
@@ -183,20 +192,20 @@ export const gmailMessagingProvider: MessagingProvider = {
   },
 
   async search(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     query: string,
     options?: SearchOptions,
   ): Promise<SearchResult> {
-    const connection = connectionOrToken as OAuthConnection;
+    const conn = requireConnection(connection);
     const count = options?.count ?? 20;
-    const listResult = await gmail.listMessages(connection, query, count);
+    const listResult = await gmail.listMessages(conn, query, count);
 
     if (!listResult.messages?.length) {
       return { total: 0, messages: [], hasMore: false };
     }
 
     const messages = await gmail.batchGetMessages(
-      connection,
+      conn,
       listResult.messages.map((m) => m.id),
       "full",
     );
@@ -210,17 +219,17 @@ export const gmailMessagingProvider: MessagingProvider = {
   },
 
   async sendMessage(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     conversationId: string,
     text: string,
     options?: SendOptions,
   ): Promise<SendResult> {
-    const connection = connectionOrToken as OAuthConnection;
+    const conn = requireConnection(connection);
     // conversationId is the recipient email for Gmail
     const to = conversationId;
     const subject = options?.subject ?? "";
     const msg = await gmail.sendMessage(
-      connection,
+      conn,
       to,
       subject,
       text,
@@ -236,16 +245,16 @@ export const gmailMessagingProvider: MessagingProvider = {
   },
 
   async getThreadReplies(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     _conversationId: string,
     threadId: string,
     options?: HistoryOptions,
   ): Promise<Message[]> {
-    const connection = connectionOrToken as OAuthConnection;
+    const conn = requireConnection(connection);
     // Get all messages in a Gmail thread
     const limit = options?.limit ?? 50;
     const listResult = await gmail.listMessages(
-      connection,
+      conn,
       `thread:${threadId}`,
       limit,
     );
@@ -253,7 +262,7 @@ export const gmailMessagingProvider: MessagingProvider = {
     if (!listResult.messages?.length) return [];
 
     const messages = await gmail.batchGetMessages(
-      connection,
+      conn,
       listResult.messages.map((m) => m.id),
       "full",
     );
@@ -262,23 +271,23 @@ export const gmailMessagingProvider: MessagingProvider = {
   },
 
   async markRead(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     _conversationId: string,
     messageId?: string,
   ): Promise<void> {
-    const connection = connectionOrToken as OAuthConnection;
+    const conn = requireConnection(connection);
     if (!messageId) return;
-    await gmail.modifyMessage(connection, messageId, {
+    await gmail.modifyMessage(conn, messageId, {
       removeLabelIds: ["UNREAD"],
     });
   },
 
   async senderDigest(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     query: string,
     options?: { maxMessages?: number; maxSenders?: number; pageToken?: string },
   ): Promise<SenderDigestResult> {
-    const connection = connectionOrToken as OAuthConnection;
+    const conn = requireConnection(connection);
     const maxMessages = Math.min(options?.maxMessages ?? 5000, 5000);
     const maxSenders = options?.maxSenders ?? 30;
     const maxIdsPerSender = 5000;
@@ -298,7 +307,7 @@ export const gmailMessagingProvider: MessagingProvider = {
       }
       const pageSize = Math.min(100, maxMessages - allMessageIds.length);
       const listResp = await gmail.listMessages(
-        connection,
+        conn,
         query,
         pageSize,
         pageToken,
@@ -308,7 +317,7 @@ export const gmailMessagingProvider: MessagingProvider = {
       allMessageIds.push(...ids);
       fetchPromises.push(
         gmail.batchGetMessages(
-          connection,
+          conn,
           ids,
           "metadata",
           metadataHeaders,
@@ -423,10 +432,10 @@ export const gmailMessagingProvider: MessagingProvider = {
   },
 
   async archiveByQuery(
-    connectionOrToken: OAuthConnection | string,
+    connection: OAuthConnection | undefined,
     query: string,
   ): Promise<ArchiveResult> {
-    const connection = connectionOrToken as OAuthConnection;
+    const conn = requireConnection(connection);
     const maxMessages = 5000;
     const batchModifyLimit = 1000;
 
@@ -436,7 +445,7 @@ export const gmailMessagingProvider: MessagingProvider = {
 
     while (allMessageIds.length < maxMessages) {
       const listResp = await gmail.listMessages(
-        connection,
+        conn,
         query,
         Math.min(500, maxMessages - allMessageIds.length),
         pageToken,
@@ -458,7 +467,7 @@ export const gmailMessagingProvider: MessagingProvider = {
 
     for (let i = 0; i < allMessageIds.length; i += batchModifyLimit) {
       const chunk = allMessageIds.slice(i, i + batchModifyLimit);
-      await gmail.batchModifyMessages(connection, chunk, {
+      await gmail.batchModifyMessages(conn, chunk, {
         removeLabelIds: ["INBOX"],
       });
     }