@vellumai/assistant 0.5.3 → 0.5.5

package/src/__tests__/slack-messaging-token-resolution.test.ts

@@ -0,0 +1,319 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+import type { OAuthConnection } from "../oauth/connection.js";
+
+// ── Mocks ───────────────────────────────────────────────────────────────────
+
+const getSecureKeyAsyncMock = mock(
+  async (_key: string): Promise<string | null> => null,
+);
+const isProviderConnectedMock = mock(
+  async (_service: string): Promise<boolean> => false,
+);
+const resolveOAuthConnectionMock = mock(
+  async (
+    _service: string,
+    _opts?: { account?: string },
+  ): Promise<OAuthConnection> =>
+    ({ accessToken: "oauth-token" }) as unknown as OAuthConnection,
+);
+const getConnectionByProviderMock = mock(
+  (_provider: string): { status: string } | undefined => undefined,
+);
+
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: getSecureKeyAsyncMock,
+}));
+
+mock.module("../oauth/oauth-store.js", () => ({
+  isProviderConnected: isProviderConnectedMock,
+  getConnectionByProvider: getConnectionByProviderMock,
+}));
+
+mock.module("../oauth/connection-resolver.js", () => ({
+  resolveOAuthConnection: resolveOAuthConnectionMock,
+}));
+
+// Telegram adapter imports modules that need more stubs
+mock.module("../config/env.js", () => ({
+  getGatewayInternalBaseUrl: () => "http://localhost:3000",
+}));
+mock.module("../memory/conversation-key-store.js", () => ({
+  getOrCreateConversation: async () => "conv-1",
+}));
+mock.module("../memory/external-conversation-store.js", () => ({
+  getExternalConversation: () => undefined,
+  setExternalConversation: () => {},
+}));
+mock.module("../runtime/auth/token-service.js", () => ({
+  mintDaemonDeliveryToken: async () => "delivery-token",
+}));
+
+// Slack client stubs (not exercised in these tests, but required on import)
+mock.module("../messaging/providers/slack/client.js", () => ({}));
+
+// Gmail client stubs
+mock.module("../messaging/providers/gmail/client.js", () => ({}));
+mock.module("../messaging/providers/gmail/people-client.js", () => ({}));
+
+// Telegram client stubs
+mock.module("../messaging/providers/telegram-bot/client.js", () => ({}));
+
+import {
+  getProviderConnection,
+  resolveProvider,
+} from "../config/bundled-skills/messaging/tools/shared.js";
+import { gmailMessagingProvider } from "../messaging/providers/gmail/adapter.js";
+import { slackProvider } from "../messaging/providers/slack/adapter.js";
+import { telegramBotMessagingProvider } from "../messaging/providers/telegram-bot/adapter.js";
+import {
+  getConnectedProviders,
+  registerMessagingProvider,
+} from "../messaging/registry.js";
+
+// Register providers for integration tests
+registerMessagingProvider(slackProvider);
+registerMessagingProvider(gmailMessagingProvider);
+registerMessagingProvider(telegramBotMessagingProvider);
+
+// ── Helpers ─────────────────────────────────────────────────────────────────
+
+function resetAllMocks() {
+  getSecureKeyAsyncMock.mockReset();
+  getSecureKeyAsyncMock.mockImplementation(async () => null);
+  isProviderConnectedMock.mockReset();
+  isProviderConnectedMock.mockImplementation(async () => false);
+  resolveOAuthConnectionMock.mockReset();
+  resolveOAuthConnectionMock.mockImplementation(
+    async () => ({ accessToken: "oauth-token" }) as unknown as OAuthConnection,
+  );
+  getConnectionByProviderMock.mockReset();
+  getConnectionByProviderMock.mockImplementation(() => undefined);
+}
+
+// ── Tests ───────────────────────────────────────────────────────────────────
+
+describe("Slack messaging token resolution", () => {
+  beforeEach(resetAllMocks);
+
+  // ── slackProvider.isConnected() ─────────────────────────────────────────
+
+  describe("slackProvider.isConnected()", () => {
+    test("returns true when slack_channel bot token exists in credential store", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-bot-token" : null,
+      );
+
+      expect(await slackProvider.isConnected!()).toBe(true);
+    });
+
+    test("returns true even if slack_channel connection row is missing (backfill failure resilience)", async () => {
+      // Bot token exists but no connection row — isConnected should still return true
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-bot-token" : null,
+      );
+      // No getConnectionByProvider call expected — Slack adapter checks token first
+
+      expect(await slackProvider.isConnected!()).toBe(true);
+    });
+
+    test("returns true when only integration:slack has active OAuth connection (backwards compat)", async () => {
+      // No bot token
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      // But OAuth provider is connected
+      isProviderConnectedMock.mockImplementation(async (service: string) =>
+        service === "integration:slack" ? true : false,
+      );
+
+      expect(await slackProvider.isConnected!()).toBe(true);
+    });
+
+    test("returns false when neither credential path exists", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      isProviderConnectedMock.mockImplementation(async () => false);
+
+      expect(await slackProvider.isConnected!()).toBe(false);
+    });
+  });
+
+  // ── slackProvider.resolveConnection() ───────────────────────────────────
+
+  describe("slackProvider.resolveConnection()", () => {
+    test("returns bot token string when Socket Mode credentials exist", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token"
+          ? "xoxb-socket-token"
+          : null,
+      );
+
+      const result = await slackProvider.resolveConnection!();
+      expect(result).toBe("xoxb-socket-token");
+    });
+
+    test("returns bot token string even without a slack_channel connection row (token-only resilience)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-token-only" : null,
+      );
+      // No connection row — resolveConnection should still return the token
+
+      const result = await slackProvider.resolveConnection!();
+      expect(result).toBe("xoxb-token-only");
+    });
+
+    test("returns OAuthConnection when only OAuth integration:slack credentials exist (backwards compat)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      const oauthConn = {
+        accessToken: "xoxp-oauth-token",
+      } as unknown as OAuthConnection;
+      resolveOAuthConnectionMock.mockImplementation(async () => oauthConn);
+
+      const result = await slackProvider.resolveConnection!();
+      expect(result).toBe(oauthConn);
+      expect(resolveOAuthConnectionMock).toHaveBeenCalledWith(
+        "integration:slack",
+        { account: undefined },
+      );
+    });
+
+    test("throws when no credentials exist at all (no Socket Mode, no OAuth)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      resolveOAuthConnectionMock.mockImplementation(async () => {
+        throw new Error("No OAuth connection found for integration:slack");
+      });
+
+      await expect(slackProvider.resolveConnection!()).rejects.toThrow(
+        "No OAuth connection found",
+      );
+    });
+  });
+
+  // ── getProviderConnection() integration ─────────────────────────────────
+
+  describe("getProviderConnection()", () => {
+    test("returns bot token string for Slack when Socket Mode credentials exist", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-conn-token" : null,
+      );
+
+      const result = await getProviderConnection(slackProvider);
+      expect(result).toBe("xoxb-conn-token");
+    });
+
+    test("returns OAuthConnection for Slack when only OAuth credentials exist (backwards compat)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      const oauthConn = {
+        accessToken: "xoxp-oauth-token",
+      } as unknown as OAuthConnection;
+      resolveOAuthConnectionMock.mockImplementation(async () => oauthConn);
+
+      const result = await getProviderConnection(slackProvider);
+      expect(result).toBe(oauthConn);
+    });
+
+    test("throws when no Slack credentials exist", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      resolveOAuthConnectionMock.mockImplementation(async () => {
+        throw new Error("No OAuth connection found");
+      });
+
+      await expect(getProviderConnection(slackProvider)).rejects.toThrow(
+        "No OAuth connection found",
+      );
+    });
+
+    test('Telegram still returns "" (no resolveConnection, uses isConnected path — regression check)', async () => {
+      // Telegram has isConnected but no resolveConnection.
+      // When isConnected returns true, getProviderConnection returns ""
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) => {
+        if (key === "credential/telegram/bot_token") return "bot-token";
+        if (key === "credential/telegram/webhook_secret") return "secret";
+        return null;
+      });
+      getConnectionByProviderMock.mockImplementation((provider: string) =>
+        provider === "telegram" ? { status: "active" } : undefined,
+      );
+
+      const result = await getProviderConnection(telegramBotMessagingProvider);
+      expect(result).toBe("");
+    });
+
+    test("Gmail still calls resolveOAuthConnection (no resolveConnection, no isConnected — regression check)", async () => {
+      // Gmail has neither resolveConnection nor isConnected.
+      // getProviderConnection falls through to resolveOAuthConnection.
+      const oauthConn = {
+        accessToken: "gmail-oauth-token",
+      } as unknown as OAuthConnection;
+      resolveOAuthConnectionMock.mockImplementation(async () => oauthConn);
+
+      const result = await getProviderConnection(gmailMessagingProvider);
+      expect(result).toBe(oauthConn);
+      expect(resolveOAuthConnectionMock).toHaveBeenCalledWith(
+        "integration:google",
+        { account: undefined },
+      );
+    });
+  });
+
+  // ── resolveProvider() multi-platform behavior ───────────────────────────
+
+  describe("resolveProvider() multi-platform behavior", () => {
+    test('throws "Multiple platforms connected" when both Gmail and Slack (Socket Mode) are connected and no platform is specified', async () => {
+      // Slack connected via Socket Mode
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-token" : null,
+      );
+      // Gmail connected via OAuth
+      isProviderConnectedMock.mockImplementation(async (service: string) =>
+        service === "integration:google" ? true : false,
+      );
+
+      await expect(resolveProvider()).rejects.toThrow(
+        "Multiple platforms connected",
+      );
+    });
+
+    test("auto-selects Slack when it is the only connected provider", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-only" : null,
+      );
+      isProviderConnectedMock.mockImplementation(async () => false);
+
+      const provider = await resolveProvider();
+      expect(provider.id).toBe("slack");
+    });
+
+    test("auto-selects Gmail when it is the only connected provider (no Slack credentials)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      isProviderConnectedMock.mockImplementation(async (service: string) =>
+        service === "integration:google" ? true : false,
+      );
+
+      const provider = await resolveProvider();
+      expect(provider.id).toBe("gmail");
+    });
+  });
+
+  // ── getConnectedProviders() ─────────────────────────────────────────────
+
+  describe("getConnectedProviders()", () => {
+    test("includes Slack when connected via Socket Mode (slack_channel)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-token" : null,
+      );
+      isProviderConnectedMock.mockImplementation(async () => false);
+
+      const connected = await getConnectedProviders();
+      const ids = connected.map((p) => p.id);
+      expect(ids).toContain("slack");
+    });
+
+    test("excludes Slack when no bot token exists", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      isProviderConnectedMock.mockImplementation(async () => false);
+
+      const connected = await getConnectedProviders();
+      const ids = connected.map((p) => p.id);
+      expect(ids).not.toContain("slack");
+    });
+  });
+});

package/src/__tests__/volume-security-guard.test.ts

@@ -0,0 +1,155 @@
+import { execFileSync } from "node:child_process";
+import { join } from "node:path";
+import { describe, expect, test } from "bun:test";
+
+/**
+ * Guard test: assistant source code must not directly access files in the
+ * `protected/` directory (`trust.json`, `keys.enc`, `store.key`,
+ * `actor-token-signing-key`). In containerized (Docker) mode these files
+ * live outside the assistant's data volume and are managed by the gateway.
+ *
+ * All access must go through the appropriate abstraction layer:
+ *  - Trust rules: trust-store.ts / trust-client.ts (file vs gateway backend)
+ *  - Credentials: encrypted-store.ts / ces-credential-client.ts
+ *  - Signing keys: secure-keys.ts / credential-backend.ts
+ *
+ * Only the abstraction-layer files themselves (and tests) are allowed to
+ * reference the raw file paths / helper functions.
+ */
+
+// ---------------------------------------------------------------------------
+// Allowed files — abstraction layers that legitimately access protected/ files
+// ---------------------------------------------------------------------------
+
+const ALLOWED_FILES = new Set([
+  // Trust store backends
+  "assistant/src/permissions/trust-store.ts",
+  "assistant/src/permissions/trust-client.ts",
+  "assistant/src/permissions/trust-store-interface.ts",
+  // Credential / encrypted store backends
+  "assistant/src/security/encrypted-store.ts",
+  "assistant/src/security/secure-keys.ts",
+  "assistant/src/security/credential-backend.ts",
+  "assistant/src/security/ces-credential-client.ts",
+  // Token service owns the signing key lifecycle
+  "assistant/src/runtime/auth/token-service.ts",
+  // CLI commands that run outside Docker (doctor diagnostics, trust management)
+  "assistant/src/cli/commands/doctor.ts",
+  "assistant/src/cli/commands/trust.ts",
+  // Auth middleware documentation comment (not a file access)
+  "assistant/src/runtime/auth/middleware.ts",
+]);
+
+// ---------------------------------------------------------------------------
+// Patterns that indicate direct access to protected directory files
+// ---------------------------------------------------------------------------
+
+/**
+ * Each entry is a `git grep -E` pattern and a human-readable description
+ * for the error message.
+ */
+const GUARDED_PATTERNS: Array<{ pattern: string; description: string }> = [
+  {
+    pattern: "protected/trust\\.json",
+    description: "direct reference to protected/trust.json",
+  },
+  {
+    pattern: "protected/keys\\.enc",
+    description: "direct reference to protected/keys.enc",
+  },
+  {
+    pattern: "protected/store\\.key",
+    description: "direct reference to protected/store.key",
+  },
+  {
+    pattern: "actor-token-signing-key",
+    description: "direct reference to actor-token-signing-key file",
+  },
+  {
+    pattern: "\\bgetTrustPath\\b",
+    description: "use of getTrustPath() (trust-store internal)",
+  },
+  {
+    pattern: "\\bgetStoreKeyPath\\b",
+    description: "use of getStoreKeyPath() (encrypted-store internal)",
+  },
+];
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function getRepoRoot(): string {
+  return join(process.cwd(), "..");
+}
+
+function isTestFile(filePath: string): boolean {
+  return (
+    filePath.includes("/__tests__/") ||
+    filePath.endsWith(".test.ts") ||
+    filePath.endsWith(".test.js") ||
+    filePath.endsWith(".spec.ts") ||
+    filePath.endsWith(".spec.js")
+  );
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("volume security: protected directory access guard", () => {
+  for (const { pattern, description } of GUARDED_PATTERNS) {
+    test(`no ${description} outside allowed files`, () => {
+      const repoRoot = getRepoRoot();
+
+      let grepOutput = "";
+      try {
+        grepOutput = execFileSync(
+          "git",
+          [
+            "grep",
+            "-lE",
+            pattern,
+            "--",
+            "assistant/src/**/*.ts",
+            "assistant/src/*.ts",
+          ],
+          { encoding: "utf-8", cwd: repoRoot },
+        ).trim();
+      } catch (err) {
+        // Exit code 1 means no matches — happy path
+        if ((err as { status?: number }).status === 1) {
+          return;
+        }
+        throw err;
+      }
+
+      const files = grepOutput.split("\n").filter((f) => f.length > 0);
+      const violations = files.filter(
+        (f) => !isTestFile(f) && !ALLOWED_FILES.has(f),
+      );
+
+      if (violations.length > 0) {
+        const message = [
+          `Found assistant source files with ${description}.`,
+          "",
+          "In containerized (Docker) mode, the protected/ directory is not",
+          "accessible to the assistant. All access to protected files must go",
+          "through the abstraction layers:",
+          "  - Trust rules: trust-store.ts / trust-client.ts",
+          "  - Credentials: encrypted-store.ts / ces-credential-client.ts",
+          "  - Signing keys: secure-keys.ts / credential-backend.ts",
+          "",
+          "If this file is a new abstraction backend, add it to ALLOWED_FILES",
+          "in this guard test. Otherwise, use the appropriate abstraction layer",
+          "or gate the access behind !getIsContainerized().",
+          "",
+          "Violations:",
+          ...violations.map((f) => `  - ${f}`),
+        ].join("\n");
+
+        expect(violations, message).toEqual([]);
+      }
+    });
+  }
+});

package/src/cli/commands/conversations.ts

@@ -375,6 +375,24 @@ Examples:
           targetId: summaryId,
         });
       }
+      for (const obsId of result.deletedObservationIds) {
+        enqueueMemoryJob("delete_qdrant_vectors", {
+          targetType: "observation",
+          targetId: obsId,
+        });
+      }
+      for (const chunkId of result.deletedChunkIds) {
+        enqueueMemoryJob("delete_qdrant_vectors", {
+          targetType: "chunk",
+          targetId: chunkId,
+        });
+      }
+      for (const episodeId of result.deletedEpisodeIds) {
+        enqueueMemoryJob("delete_qdrant_vectors", {
+          targetType: "episode",
+          targetId: episodeId,
+        });
+      }
 
       log.info(
         `Wiped conversation "${conversation.title ?? "Untitled"}". ` +

package/src/config/bundled-skills/messaging/tools/shared.ts

@@ -136,6 +136,7 @@ export async function getProviderConnection(
   provider: MessagingProvider,
   account?: string,
 ): Promise<OAuthConnection | string> {
+  if (provider.resolveConnection) return provider.resolveConnection(account);
   if (await provider.isConnected?.()) return "";
   return resolveOAuthConnection(provider.credentialService, { account });
 }

package/src/config/bundled-skills/schedule/TOOLS.json

@@ -52,6 +52,10 @@
             "type": "object",
             "description": "Additional routing metadata (e.g. preferred channel identifiers)"
           },
+          "quiet": {
+            "type": "boolean",
+            "description": "When true, suppress completion notifications for this schedule. The job still runs and produces output, but no notification or conversation message is sent on completion. Useful for high-frequency recurring jobs that report findings separately. Defaults to false."
+          },
           "activity": {
             "type": "string",
             "description": "Brief non-technical explanation of why this tool is being called"
@@ -139,6 +143,10 @@
             "type": "object",
             "description": "Additional routing metadata (e.g. preferred channel identifiers)"
           },
+          "quiet": {
+            "type": "boolean",
+            "description": "When true, suppress completion notifications for this schedule. Useful for high-frequency jobs that report findings separately."
+          },
           "activity": {
             "type": "string",
             "description": "Brief non-technical explanation of why this tool is being called"

package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts

@@ -10,6 +10,7 @@ import {
 import { tmpdir } from "node:os";
 import { extname, join } from "node:path";
 
+import { OpenAIWhisperProvider } from "../../../../providers/speech-to-text/openai-whisper.js";
 import { getProviderKeyAsync } from "../../../../security/secure-keys.js";
 import type {
   ToolContext,
@@ -168,12 +169,19 @@ async function transcribeViaApi(
   apiKey: string,
   context: ToolContext,
 ): Promise<string> {
+  const provider = new OpenAIWhisperProvider(apiKey);
   const duration = await getAudioDuration(audioPath);
   const fileSize = Bun.file(audioPath).size;
 
   // If small enough, send directly
   if (fileSize <= WHISPER_API_MAX_BYTES) {
-    return await whisperApiRequest(audioPath, apiKey);
+    const audioBuffer = await readFile(audioPath);
+    const result = await provider.transcribe(
+      audioBuffer,
+      "audio/wav",
+      AbortSignal.timeout(API_REQUEST_TIMEOUT_MS),
+    );
+    return result.text;
   }
 
   // Split into chunks for large files
@@ -199,8 +207,13 @@ async function transcribeViaApi(
     for (let i = 0; i < chunks.length; i++) {
       if (context.signal?.aborted) throw new Error("Cancelled");
       context.onOutput?.(`  Transcribing chunk ${i + 1}/${chunks.length}...\n`);
-      const text = await whisperApiRequest(chunks[i], apiKey);
-      if (text) parts.push(text);
+      const audioBuffer = await readFile(chunks[i]);
+      const result = await provider.transcribe(
+        audioBuffer,
+        "audio/wav",
+        AbortSignal.timeout(API_REQUEST_TIMEOUT_MS),
+      );
+      if (result.text) parts.push(result.text);
     }
 
     return parts.join(" ");
@@ -213,40 +226,6 @@ async function transcribeViaApi(
   }
 }
 
-async function whisperApiRequest(
-  audioPath: string,
-  apiKey: string,
-): Promise<string> {
-  const audioData = await readFile(audioPath);
-  const formData = new FormData();
-  formData.append(
-    "file",
-    new Blob([audioData], { type: "audio/wav" }),
-    "audio.wav",
-  );
-  formData.append("model", "whisper-1");
-
-  const response = await fetch(
-    "https://api.openai.com/v1/audio/transcriptions",
-    {
-      method: "POST",
-      headers: { Authorization: `Bearer ${apiKey}` },
-      body: formData,
-      signal: AbortSignal.timeout(API_REQUEST_TIMEOUT_MS),
-    },
-  );
-
-  if (!response.ok) {
-    const body = await response.text().catch(() => "");
-    throw new Error(
-      `Whisper API error (${response.status}): ${body.slice(0, 300)}`,
-    );
-  }
-
-  const result = (await response.json()) as { text?: string };
-  return result.text?.trim() ?? "";
-}
-
 // ---------------------------------------------------------------------------
 // Local mode - whisper.cpp
 // ---------------------------------------------------------------------------

package/src/config/env-registry.ts

@@ -54,6 +54,15 @@ export function getIsContainerized(): boolean {
   return flag("IS_CONTAINERIZED");
 }
 
+/**
+ * WORKSPACE_DIR — string, default: undefined
+ * When set, overrides the default workspace directory. Used in containerized
+ * deployments where the workspace is a separate volume.
+ */
+export function getWorkspaceDirOverride(): string | undefined {
+  return str("WORKSPACE_DIR");
+}
+
 // ── Known env var names ──────────────────────────────────────────────────────
 
 /**

package/src/config/feature-flag-registry.json

@@ -288,6 +288,14 @@
       "label": "Inline Skill Command Expansion",
       "description": "Enable secure inline skill command expansion via !`command` syntax, with version-pinned approval and sandboxed execution at skill load time",
       "defaultEnabled": true
+    },
+    {
+      "id": "channel-voice-transcription",
+      "scope": "assistant",
+      "key": "feature_flags.channel-voice-transcription.enabled",
+      "label": "Channel Voice Transcription",
+      "description": "Auto-transcribe voice/audio messages received from channels (Telegram, WhatsApp) before processing",
+      "defaultEnabled": true
     }
   ]
 }

package/src/config/loader.ts

@@ -29,7 +29,6 @@ export const API_KEY_PROVIDERS = [
   "fireworks",
   "openrouter",
   "brave",
-  "elevenlabs",
   "perplexity",
 ] as const;
 

package/src/config/schemas/memory-simplified.ts

@@ -71,7 +71,7 @@ export const MemorySimplifiedConfigSchema = z
       .boolean({
         error: "memory.simplified.enabled must be a boolean",
       })
-      .default(false)
+      .default(true)
       .describe("Whether the simplified memory system is enabled"),
     brief: MemorySimplifiedBriefConfigSchema.default(
       MemorySimplifiedBriefConfigSchema.parse({}),