npm - @vellumai/assistant - Versions diffs - 0.5.15 → 0.6.0 - Mend

@vellumai/assistant 0.5.15 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (503) hide show

package/ARCHITECTURE.md +3 -3
package/Dockerfile +0 -3
package/docs/architecture/integrations.md +15 -14
package/knip.json +4 -1
package/openapi.yaml +670 -122
package/package.json +1 -1
package/src/__tests__/actor-token-service.test.ts +68 -0
package/src/__tests__/agent-loop.test.ts +0 -32
package/src/__tests__/always-loaded-tools-guard.test.ts +2 -2
package/src/__tests__/anthropic-provider.test.ts +57 -3
package/src/__tests__/app-compiler.test.ts +120 -0
package/src/__tests__/assistant-feature-flags-integration.test.ts +5 -377
package/src/__tests__/call-conversation-messages.test.ts +2 -6
package/src/__tests__/call-domain.test.ts +2 -6
package/src/__tests__/call-pointer-messages.test.ts +2 -14
package/src/__tests__/call-recovery.test.ts +2 -6
package/src/__tests__/call-routes-http.test.ts +2 -6
package/src/__tests__/call-store.test.ts +2 -6
package/src/__tests__/cancel-resolves-conversation-key.test.ts +2 -6
package/src/__tests__/canonical-guardian-store.test.ts +2 -6
package/src/__tests__/ces-rpc-credential-backend.test.ts +4 -1
package/src/__tests__/channel-delivery-store.test.ts +2 -6
package/src/__tests__/channel-retry-sweep.test.ts +2 -6
package/src/__tests__/checker.test.ts +84 -3
package/src/__tests__/clawhub.test.ts +54 -24
package/src/__tests__/cli-command-risk-guard.test.ts +108 -6
package/src/__tests__/cli-memory.test.ts +377 -0
package/src/__tests__/computer-use-skill-manifest-regression.test.ts +12 -2
package/src/__tests__/config-schema.test.ts +1 -3
package/src/__tests__/config-set-platform-guard.test.ts +302 -0
package/src/__tests__/config-watcher-feature-flags.test.ts +211 -0
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +2 -6
package/src/__tests__/contacts-tools.test.ts +31 -0
package/src/__tests__/context-overflow-reducer.test.ts +86 -0
package/src/__tests__/context-token-estimator.test.ts +175 -10
package/src/__tests__/conversation-agent-loop-overflow.test.ts +9 -0
package/src/__tests__/conversation-agent-loop.test.ts +9 -0
package/src/__tests__/conversation-attachments.test.ts +2 -6
package/src/__tests__/conversation-attention-store.test.ts +2 -6
package/src/__tests__/conversation-clear-safety.test.ts +2 -6
package/src/__tests__/conversation-delete-schedule-cleanup.test.ts +4 -10
package/src/__tests__/conversation-disk-view-integration.test.ts +2 -6
package/src/__tests__/conversation-disk-view.test.ts +2 -6
package/src/__tests__/conversation-error.test.ts +33 -2
package/src/__tests__/conversation-fork-crud.test.ts +2 -6
package/src/__tests__/conversation-history-web-search.test.ts +5 -0
package/src/__tests__/conversation-load-history-repair.test.ts +5 -1
package/src/__tests__/conversation-media-retry.test.ts +91 -0
package/src/__tests__/conversation-runtime-assembly.test.ts +7 -4
package/src/__tests__/conversation-slash-commands.test.ts +2 -6
package/src/__tests__/conversation-starter-routes.test.ts +20 -11
package/src/__tests__/conversation-store.test.ts +2 -6
package/src/__tests__/conversation-usage.test.ts +3 -6
package/src/__tests__/conversation-wipe.test.ts +11 -408
package/src/__tests__/credential-execution-feature-gates.test.ts +3 -3
package/src/__tests__/credential-execution-shell-lockdown.test.ts +2 -2
package/src/__tests__/credential-security-e2e.test.ts +6 -1
package/src/__tests__/docker-signing-key-bootstrap.test.ts +7 -73
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +6 -7
package/src/__tests__/followup-tools.test.ts +2 -6
package/src/__tests__/graph-extraction-event-date.test.ts +186 -0
package/src/__tests__/guardian-action-conversation-turn.test.ts +2 -6
package/src/__tests__/guardian-action-followup-executor.test.ts +2 -6
package/src/__tests__/guardian-action-followup-store.test.ts +2 -6
package/src/__tests__/guardian-action-grant-mint-consume.test.ts +2 -6
package/src/__tests__/guardian-action-late-reply.test.ts +2 -6
package/src/__tests__/guardian-action-store.test.ts +2 -6
package/src/__tests__/guardian-binding-drift-heal.test.ts +2 -6
package/src/__tests__/guardian-decision-primitive-canonical.test.ts +8 -8
package/src/__tests__/guardian-dispatch.test.ts +2 -6
package/src/__tests__/guardian-grant-minting.test.ts +2 -14
package/src/__tests__/guardian-principal-id-roundtrip.test.ts +2 -6
package/src/__tests__/guardian-routing-invariants.test.ts +343 -6
package/src/__tests__/guardian-routing-state.test.ts +2 -6
package/src/__tests__/guardian-verification-voice-binding.test.ts +2 -6
package/src/__tests__/heartbeat-service.test.ts +1 -3
package/src/__tests__/inbound-invite-redemption.test.ts +2 -6
package/src/__tests__/injection-block.test.ts +154 -0
package/src/__tests__/install-meta.test.ts +506 -0
package/src/__tests__/install-skill-routing.test.ts +292 -0
package/src/__tests__/intent-routing.test.ts +6 -18
package/src/__tests__/invite-redemption-service.test.ts +2 -6
package/src/__tests__/invite-routes-http.test.ts +2 -6
package/src/__tests__/jobs-store-qdrant-breaker.test.ts +2 -14
package/src/__tests__/list-messages-attachments.test.ts +2 -6
package/src/__tests__/llm-context-route-provider.test.ts +2 -6
package/src/__tests__/llm-request-log-turn-query.test.ts +2 -6
package/src/__tests__/llm-usage-store.test.ts +2 -6
package/src/__tests__/log-export-workspace.test.ts +4 -34
package/src/__tests__/managed-skill-lifecycle.test.ts +7 -37
package/src/__tests__/managed-store.test.ts +40 -21
package/src/__tests__/memory-jobs-worker-backoff.test.ts +2 -8
package/src/__tests__/memory-recall-log-store.test.ts +2 -6
package/src/__tests__/memory-upsert-concurrency.test.ts +4 -112
package/src/__tests__/messaging-send-tool.test.ts +6 -6
package/src/__tests__/migration-cross-version-compatibility.test.ts +1 -29
package/src/__tests__/migration-export-http.test.ts +3 -34
package/src/__tests__/migration-import-commit-http.test.ts +1 -29
package/src/__tests__/migration-import-preflight-http.test.ts +3 -34
package/src/__tests__/no-domain-routing-in-prompt-guard.test.ts +2 -1
package/src/__tests__/non-member-access-request.test.ts +2 -6
package/src/__tests__/notification-guardian-path.test.ts +2 -6
package/src/__tests__/oauth-apps-routes.test.ts +120 -10
package/src/__tests__/oauth-cli.test.ts +364 -2
package/src/__tests__/oauth-connect-orchestrator.test.ts +709 -0
package/src/__tests__/oauth-provider-serializer.test.ts +2 -1
package/src/__tests__/oauth-provider-visibility.test.ts +149 -0
package/src/__tests__/oauth-providers-routes.test.ts +5 -2
package/src/__tests__/oauth-store.test.ts +0 -5
package/src/__tests__/oauth2-gateway-transport.test.ts +18 -3
package/src/__tests__/outlook-attachments.test.ts +301 -0
package/src/__tests__/outlook-automation-tools.test.ts +425 -0
package/src/__tests__/outlook-categories.test.ts +212 -0
package/src/__tests__/outlook-client-automation.test.ts +246 -0
package/src/__tests__/outlook-compose-tools.test.ts +325 -0
package/src/__tests__/outlook-declutter-tools.test.ts +585 -0
package/src/__tests__/outlook-email-watcher.test.ts +322 -0
package/src/__tests__/outlook-follow-up.test.ts +196 -0
package/src/__tests__/outlook-messaging-provider.test.ts +1071 -0
package/src/__tests__/outlook-trash.test.ts +77 -0
package/src/__tests__/outlook-unsubscribe.test.ts +250 -0
package/src/__tests__/path-policy.test.ts +2 -17
package/src/__tests__/permission-types.test.ts +0 -1
package/src/__tests__/platform-callback-registration.test.ts +7 -11
package/src/__tests__/playbook-execution.test.ts +76 -80
package/src/__tests__/playbook-tools.test.ts +5 -7
package/src/__tests__/provider-commit-message-generator.test.ts +0 -1
package/src/__tests__/provider-error-scenarios.test.ts +21 -2
package/src/__tests__/qdrant-manager.test.ts +68 -21
package/src/__tests__/rebuild-index-graph-nodes.test.ts +273 -0
package/src/__tests__/registry.test.ts +2 -2
package/src/__tests__/require-fresh-approval.test.ts +64 -3
package/src/__tests__/runtime-events-sse-parity.test.ts +2 -6
package/src/__tests__/runtime-events-sse.test.ts +2 -6
package/src/__tests__/sandbox-diagnostics.test.ts +20 -29
package/src/__tests__/scaffold-managed-skill-tool.test.ts +2 -10
package/src/__tests__/schedule-store.test.ts +2 -6
package/src/__tests__/schedule-tools.test.ts +2 -6
package/src/__tests__/scheduler-recurrence.test.ts +1 -5
package/src/__tests__/scoped-approval-grants.test.ts +2 -6
package/src/__tests__/scoped-grant-security-matrix.test.ts +2 -6
package/src/__tests__/search-skills-unified.test.ts +421 -0
package/src/__tests__/secret-allowlist.test.ts +20 -35
package/src/__tests__/secret-onetime-send.test.ts +2 -0
package/src/__tests__/send-endpoint-busy.test.ts +2 -6
package/src/__tests__/sequence-store.test.ts +2 -6
package/src/__tests__/server-history-render.test.ts +2 -6
package/src/__tests__/shell-credential-ref.test.ts +0 -5
package/src/__tests__/skill-feature-flags-integration.test.ts +38 -31
package/src/__tests__/skill-feature-flags.test.ts +6 -6
package/src/__tests__/skill-load-feature-flag.test.ts +13 -54
package/src/__tests__/skill-load-inline-command.test.ts +3 -65
package/src/__tests__/skill-load-inline-includes.test.ts +3 -65
package/src/__tests__/skill-load-tool.test.ts +3 -67
package/src/__tests__/skill-memory.test.ts +480 -195
package/src/__tests__/skills-uninstall.test.ts +2 -2
package/src/__tests__/skills.test.ts +23 -50
package/src/__tests__/slack-channel-config.test.ts +2 -21
package/src/__tests__/slack-inbound-verification.test.ts +2 -6
package/src/__tests__/starter-bundle.test.ts +2 -8
package/src/__tests__/stt-hints.test.ts +7 -2
package/src/__tests__/system-prompt.test.ts +25 -45
package/src/__tests__/task-compiler.test.ts +2 -27
package/src/__tests__/task-management-tools.test.ts +2 -27
package/src/__tests__/task-memory-cleanup.test.ts +173 -250
package/src/__tests__/task-runner.test.ts +2 -27
package/src/__tests__/task-scheduler.test.ts +2 -27
package/src/__tests__/terminal-tools.test.ts +1 -17
package/src/__tests__/test-preload.ts +3 -0
package/src/__tests__/token-estimator-accuracy.benchmark.test.ts +0 -79
package/src/__tests__/tool-approval-handler.test.ts +4 -27
package/src/__tests__/tool-execution-abort-cleanup.test.ts +2 -11
package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +1 -25
package/src/__tests__/tool-executor-lifecycle-events.test.ts +0 -1
package/src/__tests__/tool-executor.test.ts +0 -1
package/src/__tests__/tool-grant-request-escalation.test.ts +4 -27
package/src/__tests__/tool-preview-lifecycle.test.ts +0 -20
package/src/__tests__/tool-side-effects-slack-dm.test.ts +276 -0
package/src/__tests__/trust-store.test.ts +10 -42
package/src/__tests__/trusted-contact-approval-notifier.test.ts +1 -30
package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +3 -27
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +2 -28
package/src/__tests__/trusted-contact-multichannel.test.ts +2 -28
package/src/__tests__/trusted-contact-verification.test.ts +2 -28
package/src/__tests__/turn-boundary-resolution.test.ts +2 -34
package/src/__tests__/twilio-provider.test.ts +0 -16
package/src/__tests__/twilio-routes-twiml.test.ts +7 -12
package/src/__tests__/twilio-routes.test.ts +0 -24
package/src/__tests__/update-bulletin.test.ts +17 -89
package/src/__tests__/usage-cache-backfill-migration.test.ts +1 -26
package/src/__tests__/usage-routes.test.ts +2 -27
package/src/__tests__/user-reference.test.ts +1 -5
package/src/__tests__/vbundle-pax-and-symlink.test.ts +4 -34
package/src/__tests__/vellum-self-knowledge-inline-command.test.ts +2 -53
package/src/__tests__/verification-control-plane-policy.test.ts +0 -2
package/src/__tests__/voice-invite-redemption.test.ts +2 -27
package/src/__tests__/voice-scoped-grant-consumer.test.ts +2 -30
package/src/__tests__/voice-session-bridge.test.ts +2 -27
package/src/__tests__/volume-security-guard.test.ts +2 -0
package/src/__tests__/workspace-lifecycle.test.ts +29 -1
package/src/__tests__/workspace-migration-009-backfill-conversation-disk-view.test.ts +4 -29
package/src/__tests__/workspace-migration-012-rename-conversation-disk-view-dirs.test.ts +2 -2
package/src/__tests__/workspace-migration-013-repair-conversation-disk-view.test.ts +4 -29
package/src/__tests__/workspace-migration-026-backfill-install-meta.test.ts +558 -0
package/src/__tests__/workspace-migration-down-functions.test.ts +0 -6
package/src/__tests__/workspace-policy.test.ts +1 -1
package/src/acp/client-handler.ts +1 -2
package/src/agent/attachments.ts +7 -2
package/src/agent/image-optimize.ts +165 -0
package/src/agent/loop.ts +1 -15
package/src/bundler/app-compiler.ts +179 -2
package/src/bundler/package-resolver.ts +3 -5
package/src/cli/__tests__/notifications.test.ts +1 -24
package/src/cli/cli-memory.ts +179 -0
package/src/cli/commands/avatar.ts +3 -3
package/src/cli/commands/config.ts +26 -13
package/src/cli/commands/doctor.ts +2 -2
package/src/cli/commands/memory.ts +41 -55
package/src/cli/commands/oauth/__tests__/connect.test.ts +2 -2
package/src/cli/commands/oauth/__tests__/disconnect.test.ts +2 -2
package/src/cli/commands/oauth/__tests__/mode.test.ts +8 -1
package/src/cli/commands/oauth/__tests__/providers-update.test.ts +1 -1
package/src/cli/commands/oauth/__tests__/status.test.ts +2 -2
package/src/cli/commands/oauth/connect.ts +26 -6
package/src/cli/commands/oauth/mode.ts +7 -0
package/src/cli/commands/oauth/providers.ts +49 -42
package/src/cli/commands/oauth/shared.ts +39 -3
package/src/cli/commands/platform/__tests__/connect.test.ts +3 -49
package/src/cli/commands/platform/__tests__/disconnect.test.ts +3 -49
package/src/cli/commands/platform/__tests__/status.test.ts +5 -55
package/src/cli/commands/platform/index.ts +16 -16
package/src/cli/commands/skills.ts +88 -16
package/src/cli/commands/trust.ts +2 -2
package/src/cli/lib/daemon-credential-client.ts +2 -3
package/src/config/bundled-skills/acp/TOOLS.json +1 -1
package/src/config/bundled-skills/computer-use/TOOLS.json +7 -7
package/src/config/bundled-skills/contacts/SKILL.md +0 -1
package/src/config/bundled-skills/contacts/TOOLS.json +0 -8
package/src/config/bundled-skills/contacts/tools/contact-upsert.ts +0 -4
package/src/config/bundled-skills/gmail/SKILL.md +2 -10
package/src/config/bundled-skills/google-calendar/SKILL.md +1 -9
package/src/config/bundled-skills/messaging/SKILL.md +26 -19
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +40 -33
package/src/config/bundled-skills/outlook/SKILL.md +189 -0
package/src/config/bundled-skills/outlook/TOOLS.json +530 -0
package/src/config/bundled-skills/outlook/tools/outlook-attachments.ts +85 -0
package/src/config/bundled-skills/outlook/tools/outlook-categories.ts +77 -0
package/src/config/bundled-skills/outlook/tools/outlook-draft.ts +84 -0
package/src/config/bundled-skills/outlook/tools/outlook-follow-up.ts +94 -0
package/src/config/bundled-skills/outlook/tools/outlook-forward.ts +49 -0
package/src/config/bundled-skills/outlook/tools/outlook-outreach-scan.ts +237 -0
package/src/config/bundled-skills/outlook/tools/outlook-rules.ts +161 -0
package/src/config/bundled-skills/outlook/tools/outlook-send-draft.ts +32 -0
package/src/config/bundled-skills/outlook/tools/outlook-sender-digest.ts +272 -0
package/src/config/bundled-skills/outlook/tools/outlook-trash.ts +29 -0
package/src/config/bundled-skills/outlook/tools/outlook-unsubscribe.ts +129 -0
package/src/config/bundled-skills/outlook/tools/outlook-vacation.ts +87 -0
package/src/config/bundled-skills/outlook/tools/shared.ts +20 -0
package/src/config/bundled-skills/outlook-calendar/SKILL.md +51 -0
package/src/config/bundled-skills/outlook-calendar/TOOLS.json +221 -0
package/src/config/bundled-skills/outlook-calendar/calendar-client.ts +252 -0
package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-check-availability.ts +53 -0
package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-create-event.ts +74 -0
package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-get-event.ts +18 -0
package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-list-events.ts +46 -0
package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-rsvp.ts +36 -0
package/src/config/bundled-skills/outlook-calendar/tools/shared.ts +17 -0
package/src/config/bundled-skills/outlook-calendar/types.ts +120 -0
package/src/config/bundled-skills/playbooks/tools/playbook-create.ts +47 -40
package/src/config/bundled-skills/playbooks/tools/playbook-delete.ts +16 -29
package/src/config/bundled-skills/playbooks/tools/playbook-list.ts +16 -18
package/src/config/bundled-skills/playbooks/tools/playbook-update.ts +39 -47
package/src/config/bundled-skills/settings/TOOLS.json +3 -3
package/src/config/bundled-skills/slack/SKILL.md +1 -7
package/src/config/bundled-tool-registry.ts +56 -4
package/src/config/env-registry.ts +15 -8
package/src/config/feature-flag-registry.json +29 -116
package/src/config/loader.ts +4 -0
package/src/config/schemas/platform.ts +8 -0
package/src/config/schemas/security.ts +0 -6
package/src/config/schemas/services.ts +8 -0
package/src/config/schemas/timeouts.ts +1 -1
package/src/config/skills.ts +18 -7
package/src/context/token-estimator.ts +25 -18
package/src/context/window-manager.ts +32 -9
package/src/credential-execution/approval-bridge.ts +0 -1
package/src/credential-execution/process-manager.ts +3 -1
package/src/daemon/config-watcher.ts +51 -0
package/src/daemon/context-overflow-reducer.ts +46 -2
package/src/daemon/conversation-agent-loop-handlers.ts +123 -82
package/src/daemon/conversation-agent-loop.ts +99 -63
package/src/daemon/conversation-error.ts +31 -8
package/src/daemon/conversation-lifecycle.ts +33 -0
package/src/daemon/conversation-media-retry.ts +85 -7
package/src/daemon/conversation-notifiers.ts +4 -1
package/src/daemon/conversation-process.ts +1 -0
package/src/daemon/conversation-runtime-assembly.ts +5 -0
package/src/daemon/conversation-usage.ts +1 -0
package/src/daemon/conversation.ts +41 -2
package/src/daemon/daemon-control.ts +8 -2
package/src/daemon/handlers/shared.ts +22 -12
package/src/daemon/handlers/skills.ts +423 -201
package/src/daemon/lifecycle.ts +52 -4
package/src/daemon/main.ts +5 -1
package/src/daemon/message-types/conversations.ts +5 -1
package/src/daemon/message-types/messages.ts +3 -1
package/src/daemon/message-types/skills.ts +97 -36
package/src/daemon/providers-setup.ts +7 -0
package/src/daemon/server.ts +35 -22
package/src/daemon/tool-side-effects.ts +27 -5
package/src/events/domain-events.ts +1 -2
package/src/heartbeat/heartbeat-service.ts +1 -0
package/src/hooks/cli.ts +2 -2
package/src/hooks/runner.ts +15 -38
package/src/inbound/platform-callback-registration.ts +14 -14
package/src/memory/admin.ts +11 -45
package/src/memory/conversation-bootstrap.ts +2 -0
package/src/memory/conversation-crud.ts +242 -348
package/src/memory/conversation-group-migration.ts +157 -0
package/src/memory/conversation-queries.ts +4 -2
package/src/memory/db-init.ts +39 -3
package/src/memory/embed.ts +73 -0
package/src/memory/embedding-backend.ts +8 -14
package/src/memory/embedding-runtime-manager.ts +12 -114
package/src/memory/fingerprint.ts +2 -2
package/src/memory/graph/bootstrap.ts +512 -0
package/src/memory/graph/capability-seed.ts +297 -0
package/src/memory/graph/consolidation.ts +691 -0
package/src/memory/graph/conversation-graph-memory.ts +630 -0
package/src/memory/graph/decay.test.ts +208 -0
package/src/memory/graph/decay.ts +195 -0
package/src/memory/graph/extraction-job.ts +69 -0
package/src/memory/graph/extraction.test.ts +936 -0
package/src/memory/graph/extraction.ts +1254 -0
package/src/memory/graph/graph-search.ts +266 -0
package/src/memory/graph/image-ref-utils.ts +29 -0
package/src/memory/graph/injection.test.ts +513 -0
package/src/memory/graph/injection.ts +439 -0
package/src/memory/graph/inspect.ts +534 -0
package/src/memory/graph/narrative.ts +267 -0
package/src/memory/graph/pattern-scan.ts +269 -0
package/src/memory/graph/retriever.ts +1008 -0
package/src/memory/graph/scoring.test.ts +548 -0
package/src/memory/graph/scoring.ts +232 -0
package/src/memory/graph/serendipity.ts +65 -0
package/src/memory/graph/store.test.ts +1050 -0
package/src/memory/graph/store.ts +699 -0
package/src/memory/graph/tool-handlers.ts +426 -0
package/src/memory/graph/tools.ts +141 -0
package/src/memory/graph/triggers.test.ts +487 -0
package/src/memory/graph/triggers.ts +223 -0
package/src/memory/graph/types.ts +271 -0
package/src/memory/group-crud.ts +191 -0
package/src/memory/indexer.ts +37 -19
package/src/memory/job-handlers/cleanup.ts +0 -53
package/src/memory/job-handlers/conversation-starters.ts +91 -53
package/src/memory/job-handlers/embedding.test.ts +3 -27
package/src/memory/job-handlers/embedding.ts +5 -31
package/src/memory/job-handlers/index-maintenance.ts +23 -11
package/src/memory/job-handlers/summarization.ts +32 -17
package/src/memory/job-utils.ts +1 -1
package/src/memory/jobs-store.ts +50 -70
package/src/memory/jobs-worker.ts +147 -112
package/src/memory/llm-usage-store.ts +35 -2
package/src/memory/message-content.ts +1 -0
package/src/memory/migrations/201-oauth-providers-feature-flag.ts +11 -0
package/src/memory/migrations/202-drop-callback-transport-column.ts +13 -0
package/src/memory/migrations/202-memory-graph-tables.ts +130 -0
package/src/memory/migrations/203-drop-memory-items-tables.ts +23 -0
package/src/memory/migrations/204-rename-memory-graph-type-values.ts +46 -0
package/src/memory/migrations/205-memory-graph-image-refs.ts +11 -0
package/src/memory/migrations/index.ts +6 -0
package/src/memory/migrations/registry.ts +8 -0
package/src/memory/qdrant-client.ts +44 -17
package/src/memory/qdrant-manager.ts +26 -5
package/src/memory/schema/index.ts +1 -0
package/src/memory/schema/memory-graph.ts +139 -0
package/src/memory/schema/oauth.ts +1 -1
package/src/memory/search/semantic.ts +47 -91
package/src/memory/slack-thread-store.ts +17 -0
package/src/memory/task-memory-cleanup.ts +28 -50
package/src/messaging/providers/outlook/adapter.ts +200 -0
package/src/messaging/providers/outlook/client.ts +610 -0
package/src/messaging/providers/outlook/types.ts +201 -0
package/src/notifications/adapters/macos.ts +1 -0
package/src/notifications/adapters/slack.ts +1 -1
package/src/notifications/copy-composer.ts +9 -0
package/src/notifications/signal.ts +16 -0
package/src/oauth/__tests__/identity-verifier.test.ts +1 -1
package/src/oauth/connect-orchestrator.ts +10 -3
package/src/oauth/oauth-store.ts +10 -11
package/src/oauth/provider-serializer.ts +3 -0
package/src/oauth/provider-visibility.ts +16 -0
package/src/oauth/seed-providers.ts +50 -17
package/src/permissions/checker.ts +62 -9
package/src/permissions/defaults.ts +4 -4
package/src/permissions/types.ts +2 -4
package/src/permissions/workspace-policy.ts +1 -1
package/src/playbooks/playbook-compiler.ts +19 -18
package/src/playbooks/types.ts +4 -3
package/src/prompts/system-prompt.ts +6 -93
package/src/prompts/templates/UPDATES.md +6 -0
package/src/providers/anthropic/client.ts +47 -19
package/src/providers/gemini/client.ts +1 -1
package/src/providers/openai/client.ts +1 -1
package/src/providers/registry.ts +1 -1
package/src/providers/retry.ts +19 -3
package/src/runtime/actor-trust-resolver.ts +5 -1
package/src/runtime/auth/__tests__/credential-service.test.ts +1 -27
package/src/runtime/auth/__tests__/token-service.test.ts +1 -25
package/src/runtime/auth/route-policy.ts +7 -4
package/src/runtime/guardian-reply-router.ts +10 -2
package/src/runtime/http-server.ts +23 -3
package/src/runtime/middleware/auth.ts +20 -0
package/src/runtime/routes/attachment-routes.test.ts +106 -0
package/src/runtime/routes/attachment-routes.ts +106 -16
package/src/runtime/routes/brain-graph-routes.ts +21 -22
package/src/runtime/routes/btw-routes.ts +8 -0
package/src/runtime/routes/conversation-management-routes.ts +2 -0
package/src/runtime/routes/conversation-query-routes.ts +2 -58
package/src/runtime/routes/conversation-starter-routes.ts +2 -2
package/src/runtime/routes/debug-routes.ts +1 -1
package/src/runtime/routes/global-search-routes.ts +21 -19
package/src/runtime/routes/group-routes.ts +207 -0
package/src/runtime/routes/guardian-action-routes.ts +21 -10
package/src/runtime/routes/guardian-bootstrap-routes.ts +23 -19
package/src/runtime/routes/inbound-message-handler.ts +19 -0
package/src/runtime/routes/inbound-stages/background-dispatch.ts +43 -2
package/src/runtime/routes/inbound-stages/guardian-activation-intercept.test.ts +292 -0
package/src/runtime/routes/inbound-stages/guardian-activation-intercept.ts +207 -0
package/src/runtime/routes/memory-item-routes.test.ts +2 -31
package/src/runtime/routes/memory-item-routes.ts +385 -341
package/src/runtime/routes/oauth-apps.ts +18 -1
package/src/runtime/routes/oauth-providers.ts +13 -1
package/src/runtime/routes/schedule-routes.ts +2 -0
package/src/runtime/routes/settings-routes.ts +1 -0
package/src/runtime/routes/skills-routes.ts +103 -37
package/src/runtime/routes/usage-routes.ts +19 -2
package/src/runtime/routes/work-items-routes.test.ts +2 -27
package/src/runtime/routes/workspace-routes.test.ts +3 -27
package/src/schedule/scheduler.ts +8 -1
package/src/security/oauth2.ts +1 -1
package/src/security/secret-allowlist.ts +4 -4
package/src/security/secure-keys.ts +4 -8
package/src/shared/provider-env-vars.ts +19 -0
package/src/skills/catalog-cache.ts +5 -0
package/src/skills/catalog-install.ts +15 -14
package/src/skills/clawhub.ts +134 -154
package/src/skills/install-meta.ts +208 -0
package/src/skills/managed-store.ts +27 -16
package/src/skills/skill-memory.ts +210 -96
package/src/skills/skillssh-registry.ts +19 -17
package/src/tasks/task-runner.ts +3 -1
package/src/telemetry/usage-telemetry-reporter.test.ts +3 -5
package/src/tools/browser/runtime-check.ts +3 -1
package/src/tools/memory/register.ts +63 -46
package/src/tools/permission-checker.ts +7 -19
package/src/tools/shared/filesystem/image-read.ts +22 -85
package/src/tools/skills/skill-script-runner.ts +1 -1
package/src/tools/terminal/safe-env.ts +1 -0
package/src/tools/tool-manifest.ts +3 -3
package/src/util/browser.ts +25 -10
package/src/util/bun-runtime.ts +172 -0
package/src/util/device-id.ts +3 -65
package/src/watcher/providers/outlook-calendar.ts +343 -0
package/src/watcher/providers/outlook.ts +198 -0
package/src/workspace/git-service.ts +27 -6
package/src/workspace/migrations/025-remove-oauth-app-setup-skills.ts +76 -0
package/src/workspace/migrations/026-backfill-install-meta.ts +325 -0
package/src/workspace/migrations/027-remove-orphaned-optimized-images-cache.ts +42 -0
package/src/workspace/migrations/registry.ts +6 -0
package/src/__tests__/context-memory-e2e.test.ts +0 -415
package/src/__tests__/journal-context.test.ts +0 -268
package/src/__tests__/memory-context-benchmark.benchmark.test.ts +0 -297
package/src/__tests__/memory-lifecycle-e2e.test.ts +0 -459
package/src/__tests__/memory-query-builder.test.ts +0 -59
package/src/__tests__/memory-recall-quality.test.ts +0 -1046
package/src/__tests__/memory-regressions.experimental.test.ts +0 -629
package/src/__tests__/memory-regressions.test.ts +0 -3696
package/src/__tests__/memory-retrieval.benchmark.test.ts +0 -295
package/src/daemon/conversation-memory.ts +0 -207
package/src/memory/conversation-starters-cadence.ts +0 -74
package/src/memory/items-extractor.ts +0 -860
package/src/memory/job-handlers/batch-extraction.ts +0 -741
package/src/memory/job-handlers/extraction.ts +0 -40
package/src/memory/job-handlers/journal-carry-forward.test.ts +0 -383
package/src/memory/job-handlers/journal-carry-forward.ts +0 -255
package/src/memory/journal-memory.ts +0 -224
package/src/memory/query-builder.ts +0 -47
package/src/memory/query-expansion.ts +0 -83
package/src/memory/retriever.test.ts +0 -1590
package/src/memory/retriever.ts +0 -1323
package/src/memory/search/formatting.test.ts +0 -140
package/src/memory/search/formatting.ts +0 -262
package/src/memory/search/mmr.ts +0 -136
package/src/memory/search/ranking.ts +0 -15
package/src/memory/search/staleness.ts +0 -40
package/src/memory/search/tier-classifier.ts +0 -18
package/src/memory/search/types.ts +0 -121
package/src/prompts/journal-context.ts +0 -156
package/src/tools/memory/definitions.ts +0 -69
package/src/tools/memory/handlers.test.ts +0 -590
package/src/tools/memory/handlers.ts +0 -434

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.5.15",
+  "version": "0.6.0",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/__tests__/actor-token-service.test.ts CHANGED Viewed

@@ -75,6 +75,9 @@ const loopbackServer = mockServer("127.0.0.1");
 /** Mock non-loopback server -- returns a public IP for all requests. */
 const nonLoopbackServer = mockServer("203.0.113.50");
+/** Mock LAN peer -- returns a private RFC 1918 IP (not loopback). */
+const lanPeerServer = mockServer("192.168.1.100");
 initializeDb();
 beforeEach(() => {
@@ -649,6 +652,25 @@ describe("pairing credential flow", () => {
 // ---------------------------------------------------------------------------
 describe("bootstrap private-network guard", () => {
+  test("rejects bootstrap request with private X-Forwarded-For", async () => {
+    const { handleGuardianBootstrap } =
+      await import("../runtime/routes/guardian-bootstrap-routes.js");
+    const req = new Request("http://localhost/v1/guardian/init", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Forwarded-For": "192.168.1.10",
+      },
+      body: JSON.stringify({ platform: "macos", deviceId: "test-device" }),
+    });
+    const res = await handleGuardianBootstrap(req, loopbackServer);
+    expect(res.status).toBe(403);
+    const body = (await res.json()) as { error: { message: string } };
+    expect(body.error.message).toContain("local-only");
+  });
   test("rejects bootstrap request with public X-Forwarded-For", async () => {
     const { handleGuardianBootstrap } =
       await import("../runtime/routes/guardian-bootstrap-routes.js");
@@ -697,4 +719,50 @@ describe("bootstrap private-network guard", () => {
     const res = await handleGuardianBootstrap(req, loopbackServer);
     expect(res.status).toBe(200);
   });
+  test("rejects LAN peer in non-containerized mode", async () => {
+    // Default IS_CONTAINERIZED is unset (non-containerized).
+    delete process.env.IS_CONTAINERIZED;
+    const { handleGuardianBootstrap } =
+      await import("../runtime/routes/guardian-bootstrap-routes.js");
+    const req = new Request("http://localhost/v1/guardian/init", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ platform: "macos", deviceId: "test-device-lan" }),
+    });
+    const res = await handleGuardianBootstrap(req, lanPeerServer);
+    expect(res.status).toBe(403);
+    const body = (await res.json()) as { error: { message: string } };
+    expect(body.error.message).toContain("local-only");
+  });
+  test("accepts LAN peer in containerized mode", async () => {
+    const prev = process.env.IS_CONTAINERIZED;
+    process.env.IS_CONTAINERIZED = "true";
+    try {
+      const { handleGuardianBootstrap } =
+        await import("../runtime/routes/guardian-bootstrap-routes.js");
+      const req = new Request("http://localhost/v1/guardian/init", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          platform: "macos",
+          deviceId: "test-device-docker",
+        }),
+      });
+      const res = await handleGuardianBootstrap(req, lanPeerServer);
+      expect(res.status).toBe(200);
+    } finally {
+      if (prev === undefined) {
+        delete process.env.IS_CONTAINERIZED;
+      } else {
+        process.env.IS_CONTAINERIZED = prev;
+      }
+    }
+  });
 });

package/src/__tests__/agent-loop.test.ts CHANGED Viewed

@@ -468,38 +468,6 @@ describe("AgentLoop", () => {
     ).toBe(false);
   });
-  // 8. Progress reminder injection every 5 tool-use turns
-  test("injects progress reminder after every 5 tool-use turns", async () => {
-    // Create 6 tool responses followed by a text response
-    const responses: ProviderResponse[] = [];
-    for (let i = 0; i < 6; i++) {
-      responses.push(
-        toolUseResponse(`t${i}`, "read_file", { path: `/file${i}.txt` }),
-      );
-    }
-    responses.push(textResponse("Finally done"));
-    const { provider, calls } = createMockProvider(responses);
-    const toolExecutor = async () => ({ content: "data", isError: false });
-    const loop = new AgentLoop(
-      provider,
-      "system",
-      {},
-      dummyTools,
-      toolExecutor,
-    );
-    await loop.run([userMessage], () => {});
-    // After the 5th tool-use turn, the user message should contain a progress reminder
-    // calls[5] is the 6th provider call; its messages[-1] should have the reminder
-    const fifthTurnResultMsg = calls[5].messages[calls[5].messages.length - 1];
-    const reminderBlock = fifthTurnResultMsg.content.find(
-      (b): b is Extract<ContentBlock, { type: "text" }> =>
-        b.type === "text" && b.text.includes("making meaningful progress"),
-    );
-    expect(reminderBlock).toBeDefined();
-  });
   // 9. Tool executor error results are forwarded correctly
   test("forwards tool error results to provider", async () => {

package/src/__tests__/always-loaded-tools-guard.test.ts CHANGED Viewed

@@ -56,8 +56,8 @@ describe("always-loaded tool count", () => {
       "file_edit",
       "file_read",
       "file_write",
-      "memory_manage",
-      "memory_recall",
+      "recall",
+      "remember",
       "skill_execute",
       "skill_load",
       "web_fetch",

package/src/__tests__/anthropic-provider.test.ts CHANGED Viewed

@@ -931,7 +931,7 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
     // Assistant message should have tool_use in paired portion, server_tool_use in carryover
     // ensureToolPairing splits: paired = [tool_use(tu_a)], carryover = [server_tool_use(srvtoolu_b)]
-    // Result: assistant(tool_use) → user(tool_result) → assistant(server_tool_use) → user(continue)
+    // Result: assistant(tool_use) → user(tool_result) → assistant(server_tool_use) → user(synthetic_continuation)
     const assistantMsg = sent[1];
     expect(assistantMsg.role).toBe("assistant");
     expect(assistantMsg.content[0].type).toBe("tool_use");
@@ -1258,7 +1258,7 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
     // 2. assistant(tool_use)
     // 3. user(tool_result)
     // 4. assistant(Checking the file now.)
-    // 5. user((continue))  <-- synthetic user message to maintain alternation
+    // 5. user(<synthetic_continuation __injected />)  <-- synthetic user message to maintain alternation
     // 6. assistant(Next response)
     expect(sent).toHaveLength(6);
     expect(sent[0].role).toBe("user");
@@ -1271,11 +1271,65 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
     expect(sent[3].content[0].text).toBe("Checking the file now.");
     expect(sent[4].role).toBe("user");
     expect(sent[4].content[0].type).toBe("text");
-    expect(sent[4].content[0].text).toBe("(continue)");
+    expect(sent[4].content[0].text).toBe(
+      "<synthetic_continuation __injected />",
+    );
     expect(sent[5].role).toBe("assistant");
     expect(sent[5].content[0].text).toBe("Next response");
   });
+  test("carryover with tool_result-only user turn skips synthetic when next message is user", async () => {
+    // When the user turn after the consumed pair is already a user message,
+    // the synthetic continuation is unnecessary — the next user message
+    // naturally maintains alternation after the carryover assistant message.
+    const messages: Message[] = [
+      userMsg("Read file"),
+      {
+        role: "assistant",
+        content: [
+          { type: "tool_use", id: "tu_1", name: "file_read", input: {} },
+          { type: "text", text: "Checking the file now." }, // carryover content
+        ],
+      },
+      {
+        role: "user",
+        content: [
+          // ONLY tool_result, no other content
+          {
+            type: "tool_result",
+            tool_use_id: "tu_1",
+            content: "file contents",
+            is_error: false,
+          },
+        ],
+      },
+      userMsg("Follow-up question"), // next message is user — no synthetic needed
+    ];
+    await provider.sendMessage(messages);
+    const sent = lastStreamParams!.messages as Array<{
+      role: string;
+      content: Array<{ type: string; text?: string; tool_use_id?: string }>;
+    }>;
+    // Expected structure:
+    // 1. user(Read file)
+    // 2. assistant(tool_use)
+    // 3. user(tool_result)
+    // 4. assistant(Checking the file now.)
+    // 5. user(Follow-up question)  <-- real user message, NO synthetic continuation
+    expect(sent).toHaveLength(5);
+    expect(sent[0].role).toBe("user");
+    expect(sent[1].role).toBe("assistant");
+    expect(sent[1].content[0].type).toBe("tool_use");
+    expect(sent[2].role).toBe("user");
+    expect(sent[2].content[0].type).toBe("tool_result");
+    expect(sent[3].role).toBe("assistant");
+    expect(sent[3].content[0].text).toBe("Checking the file now.");
+    expect(sent[4].role).toBe("user");
+    expect(sent[4].content[0].text).toBe("Follow-up question");
+  });
   test("multi-turn with workspace injection: cache on second-to-last user turn only", async () => {
     const messages: Message[] = [
       // Turn 1: workspace + user text (no cache - 3rd-to-last)

package/src/__tests__/app-compiler.test.ts CHANGED Viewed

@@ -214,6 +214,126 @@ console.log("styled");`,
     expect(js.length).toBeGreaterThan(100);
   }, 30_000);
+  test("rejects relative import that escapes app directory", async () => {
+    const appDir = await scaffold("escape-relative", {
+      "main.tsx": `import data from "../../../../etc/passwd";\nconsole.log(data);`,
+      "index.html": MINIMAL_HTML,
+    });
+    const result = await compileApp(appDir);
+    expect(result.ok).toBe(false);
+    expect(result.errors.length).toBeGreaterThan(0);
+    expect(result.errors[0].text).toContain(
+      "resolves outside the app directory",
+    );
+  });
+  test("rejects absolute path import", async () => {
+    const appDir = await scaffold("escape-absolute", {
+      "main.tsx": `import data from "/etc/passwd";\nconsole.log(data);`,
+      "index.html": MINIMAL_HTML,
+    });
+    const result = await compileApp(appDir);
+    expect(result.ok).toBe(false);
+    expect(result.errors.length).toBeGreaterThan(0);
+    expect(result.errors[0].text).toContain(
+      "resolves outside the app directory",
+    );
+  });
+  test("allows relative imports within app directory", async () => {
+    const appDir = await scaffold("local-relative", {
+      "main.tsx": `import { helper } from "./utils";\nconsole.log(helper);`,
+      "utils.ts": `export const helper = "ok";`,
+      "index.html": MINIMAL_HTML,
+    });
+    const result = await compileApp(appDir);
+    expect(result.ok).toBe(true);
+    expect(result.errors).toHaveLength(0);
+  });
+  test("rejects hex-escaped import that decodes to path traversal", async () => {
+    const appDir = await scaffold("escape-hex", {
+      // \x2e = '.', so this decodes to ../../../../etc/passwd
+      "main.tsx": `import data from "\\x2e\\x2e/\\x2e\\x2e/\\x2e\\x2e/\\x2e\\x2e/etc/passwd";\nconsole.log(data);`,
+      "index.html": MINIMAL_HTML,
+    });
+    const result = await compileApp(appDir);
+    expect(result.ok).toBe(false);
+    expect(result.errors.length).toBeGreaterThan(0);
+    expect(result.errors[0].text).toContain(
+      "resolves outside the app directory",
+    );
+  });
+  test("rejects unicode-escaped import that decodes to path traversal", async () => {
+    const appDir = await scaffold("escape-unicode", {
+      // \u002e = '.', \u002f = '/'
+      "main.tsx": `import data from "\\u002e\\u002e\\u002f\\u002e\\u002e/etc/passwd";\nconsole.log(data);`,
+      "index.html": MINIMAL_HTML,
+    });
+    const result = await compileApp(appDir);
+    expect(result.ok).toBe(false);
+    expect(result.errors.length).toBeGreaterThan(0);
+    expect(result.errors[0].text).toContain(
+      "resolves outside the app directory",
+    );
+  });
+  test("rejects import hidden behind block comment", async () => {
+    const appDir = await scaffold("escape-block-comment", {
+      "main.tsx": `import data from /* bypass */ "../../../../etc/passwd";\nconsole.log(data);`,
+      "index.html": MINIMAL_HTML,
+    });
+    const result = await compileApp(appDir);
+    expect(result.ok).toBe(false);
+    expect(result.errors.length).toBeGreaterThan(0);
+    expect(result.errors[0].text).toContain(
+      "resolves outside the app directory",
+    );
+  });
+  test("rejects import hidden behind line comment", async () => {
+    const appDir = await scaffold("escape-line-comment", {
+      "main.tsx": `import data from // bypass\n"../../../../etc/passwd";\nconsole.log(data);`,
+      "index.html": MINIMAL_HTML,
+    });
+    const result = await compileApp(appDir);
+    expect(result.ok).toBe(false);
+    expect(result.errors.length).toBeGreaterThan(0);
+    expect(result.errors[0].text).toContain(
+      "resolves outside the app directory",
+    );
+  });
+  test("rejects dynamic import escaping app directory", async () => {
+    const appDir = await scaffold("escape-dynamic", {
+      "main.tsx": `const data = await import("../../../../etc/hosts");\nconsole.log(data);`,
+      "index.html": MINIMAL_HTML,
+    });
+    const result = await compileApp(appDir);
+    expect(result.ok).toBe(false);
+    expect(result.errors.length).toBeGreaterThan(0);
+    expect(result.errors[0].text).toContain(
+      "resolves outside the app directory",
+    );
+  });
   test("allowed package uses shared cache on second build", async () => {
     // First build installs the package
     const appDir1 = await scaffold("cache-test-1", {