@vellumai/assistant 0.5.3 → 0.5.5

package/src/credential-execution/managed-catalog.ts

@@ -11,8 +11,7 @@
 
 import { platformOAuthHandle } from "@vellumai/ces-contracts";
 
-import { getPlatformAssistantId } from "../config/env.js";
-import { resolveManagedProxyContext } from "../providers/managed-proxy/context.js";
+import { VellumPlatformClient } from "../platform/client.js";
 import { getLogger } from "../util/logger.js";
 
 const log = getLogger("managed-catalog");
@@ -79,25 +78,18 @@ export interface FetchManagedCatalogResult {
  * error message that never contains secret material.
  */
 export async function fetchManagedCatalog(): Promise<FetchManagedCatalogResult> {
-  const ctx = await resolveManagedProxyContext();
+  const client = await VellumPlatformClient.create();
 
-  if (!ctx.enabled) {
+  if (!client || !client.platformAssistantId) {
     return { ok: true, descriptors: [] };
   }
 
-  const assistantId = getPlatformAssistantId();
-  if (!assistantId) {
-    log.warn("PLATFORM_ASSISTANT_ID not set; cannot fetch managed catalog");
-    return { ok: true, descriptors: [] };
-  }
-
-  const url = `${ctx.platformBaseUrl}/v1/assistants/${encodeURIComponent(assistantId)}/oauth/managed/catalog/`;
+  const path = `/v1/assistants/${encodeURIComponent(client.platformAssistantId)}/oauth/managed/catalog/`;
 
   try {
-    const response = await fetch(url, {
+    const response = await client.fetch(path, {
       method: "GET",
       headers: {
-        Authorization: `Api-Key ${ctx.assistantApiKey}`,
         Accept: "application/json",
       },
     });
@@ -139,8 +131,6 @@ export async function fetchManagedCatalog(): Promise<FetchManagedCatalogResult>
     return { ok: true, descriptors };
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    // Ensure the error message does not leak secrets — strip any URL params
-    // that might contain tokens (defensive, since we use Api-Key header).
     const safeMessage = message.replace(
       /Api-Key\s+\S+/gi,
       "Api-Key [REDACTED]",

package/src/daemon/config-watcher.ts

@@ -12,6 +12,7 @@ import {
 } from "node:fs";
 import { join } from "node:path";
 
+import { getIsContainerized } from "../config/env-registry.js";
 import { getConfig, invalidateConfigCache } from "../config/loader.js";
 import { clearEmbeddingBackendCache } from "../memory/embedding-backend.js";
 import { clearCache as clearTrustCache } from "../permissions/trust-store.js";
@@ -209,7 +210,9 @@ export class ConfigWatcher {
       );
     }
 
-    this.startSignalsWatcher();
+    if (!getIsContainerized()) {
+      this.startSignalsWatcher();
+    }
     this.startSkillsWatchers(onConversationEvict);
   }
 

package/src/daemon/conversation-memory.ts

@@ -1,5 +1,8 @@
 import { getConfig } from "../config/loader.js";
 import { estimatePromptTokens } from "../context/token-estimator.js";
+import { buildArchiveRecall } from "../memory/archive-recall.js";
+import { compileMemoryBrief } from "../memory/brief.js";
+import { getDb } from "../memory/db.js";
 import { buildMemoryQuery } from "../memory/query-builder.js";
 import { computeRecallBudget } from "../memory/retrieval-budget.js";
 import {
@@ -9,8 +12,11 @@ import {
 import type { ScopePolicyOverride } from "../memory/search/types.js";
 import type { Message } from "../providers/types.js";
 import type { Provider } from "../providers/types.js";
+import { getLogger } from "../util/logger.js";
 import type { ServerMessage } from "./message-protocol.js";
 
+const log = getLogger("conversation-memory");
+
 export interface MemoryRecallResult {
   runMessages: Message[];
   recall: Awaited<ReturnType<typeof buildMemoryRecall>>;
@@ -115,6 +121,14 @@ export async function prepareMemoryContext(
 
   const runtimeConfig = getConfig();
 
+  // ── Simplified memory path ──────────────────────────────────────────
+  // When `memory.simplified.enabled` is true, inject the brief and
+  // optional archive recall instead of the legacy hybrid pipeline.
+  if (runtimeConfig.memory?.simplified?.enabled) {
+    return prepareSimplifiedMemoryContext(ctx, content, userMessageId, onEvent);
+  }
+
+  // ── Legacy memory path (fallback) ──────────────────────────────────
   // Memory recall via the V2 hybrid pipeline
   const recallQuery = buildMemoryQuery(content, ctx.messages);
   const dynamicBudgetConfig = runtimeConfig.memory?.retrieval?.dynamicBudget;
@@ -207,3 +221,106 @@ export async function prepareMemoryContext(
     recall,
   };
 }
+
+// ── Simplified memory injection ─────────────────────────────────────────
+
+/**
+ * Build simplified memory context for a turn: compiles the `<memory_brief>`
+ * block and conditionally appends `<supporting_recall>` from the archive.
+ *
+ * Non-empty blocks are injected as text content blocks prepended to the
+ * last user message, following the same injection pattern as the legacy
+ * pipeline. Stripping is handled by `RUNTIME_INJECTION_PREFIXES` which
+ * already includes `<memory_brief>`.
+ */
+function prepareSimplifiedMemoryContext(
+  ctx: MemoryPrepareContext,
+  content: string,
+  userMessageId: string,
+  onEvent: (msg: ServerMessage) => void,
+): MemoryRecallResult {
+  const start = Date.now();
+
+  // Build a no-op recall result matching the legacy shape.
+  const noopRecall = (): Awaited<ReturnType<typeof buildMemoryRecall>> =>
+    ({
+      enabled: true,
+      degraded: false,
+      injectedText: "",
+      semanticHits: 0,
+      recencyHits: 0,
+      mergedCount: 0,
+      selectedCount: 0,
+      injectedTokens: 0,
+      latencyMs: 0,
+      topCandidates: [],
+      tier1Count: 0,
+      tier2Count: 0,
+    }) as Awaited<ReturnType<typeof buildMemoryRecall>>;
+
+  try {
+    const db = getDb();
+
+    // Step 1: Build the memory brief
+    const briefResult = compileMemoryBrief(db, ctx.scopeId, userMessageId);
+
+    // Step 2: Conditionally build supporting recall from the archive
+    const archiveResult = buildArchiveRecall(ctx.scopeId, content);
+
+    // Step 3: Assemble the injection blocks (non-empty only)
+    const blocks: string[] = [];
+    if (briefResult.text.length > 0) {
+      blocks.push(briefResult.text);
+    }
+    if (archiveResult.text.length > 0) {
+      blocks.push(archiveResult.text);
+    }
+
+    const latencyMs = Date.now() - start;
+
+    // Emit memory status for the simplified path
+    onEvent({
+      type: "memory_status",
+      enabled: true,
+      degraded: false,
+    });
+
+    // Inject non-empty blocks into the last user message
+    let runMessages = ctx.messages;
+    if (blocks.length > 0) {
+      const injectedText = blocks.join("\n\n");
+      const userTail = ctx.messages[ctx.messages.length - 1];
+      if (userTail && userTail.role === "user") {
+        runMessages = injectMemoryRecallAsUserBlock(ctx.messages, injectedText);
+      }
+
+      log.debug(
+        {
+          briefLength: briefResult.text.length,
+          recallTrigger: archiveResult.trigger,
+          recallBullets: archiveResult.bullets.length,
+          latencyMs,
+        },
+        "Simplified memory injection completed",
+      );
+    }
+
+    return {
+      runMessages,
+      recall: {
+        ...noopRecall(),
+        injectedText: blocks.length > 0 ? blocks.join("\n\n") : "",
+        latencyMs,
+      },
+    };
+  } catch (err) {
+    log.warn({ err }, "Simplified memory injection failed, returning no-op");
+    return {
+      runMessages: ctx.messages,
+      recall: {
+        ...noopRecall(),
+        latencyMs: Date.now() - start,
+      },
+    };
+  }
+}

package/src/daemon/conversation-runtime-assembly.ts

@@ -962,6 +962,7 @@ const RUNTIME_INJECTION_PREFIXES = [
   "<interface_turn_context>",
   "<turn_context>",
   "<memory_brief>",
+  "<supporting_recall>",
   "<memory_context __injected>",
   "<memory_context>", // backward-compat: strip legacy blocks from pre-__injected history
   "<voice_call_control>",

package/src/daemon/daemon-control.ts

@@ -11,6 +11,7 @@ import {
 import { join, resolve } from "node:path";
 
 import { getRuntimeHttpHost, getRuntimeHttpPort } from "../config/env.js";
+import { getIsContainerized } from "../config/env-registry.js";
 import { DaemonError } from "../util/errors.js";
 import { getLogger } from "../util/logger.js";
 import {
@@ -157,6 +158,7 @@ export async function isHttpHealthy(): Promise<boolean> {
 }
 
 function readPid(): number | null {
+  if (getIsContainerized()) return null; // Docker manages process lifecycle
   const pidPath = getPidPath();
   if (!existsSync(pidPath)) return null;
   try {
@@ -168,10 +170,12 @@ function readPid(): number | null {
 }
 
 export function writePid(pid: number): void {
+  if (getIsContainerized()) return; // Docker manages process lifecycle
   writeFileSync(getPidPath(), String(pid));
 }
 
 export function cleanupPidFile(): void {
+  if (getIsContainerized()) return; // Docker manages process lifecycle
   const pidPath = getPidPath();
   if (existsSync(pidPath)) {
     unlinkSync(pidPath);
@@ -181,6 +185,7 @@ export function cleanupPidFile(): void {
 /** Only remove the PID file if it belongs to the given process. Prevents a
  *  failing second startup from deleting the PID of an already-running daemon. */
 export function cleanupPidFileIfOwner(ownerPid: number): void {
+  if (getIsContainerized()) return; // Docker manages process lifecycle
   const currentPid = readPid();
   if (currentPid === ownerPid) {
     cleanupPidFile();
@@ -188,6 +193,7 @@ export function cleanupPidFileIfOwner(ownerPid: number): void {
 }
 
 export function isDaemonRunning(): boolean {
+  if (getIsContainerized()) return true; // Container orchestrator manages lifecycle
   const pid = readPid();
   if (pid == null) return false;
   if (!isProcessRunning(pid)) {
@@ -201,6 +207,7 @@ export async function getDaemonStatus(): Promise<{
   running: boolean;
   pid?: number;
 }> {
+  if (getIsContainerized()) return { running: true, pid: process.pid }; // Container orchestrator manages lifecycle
   const pid = readPid();
   if (pid == null) return { running: false };
   if (!isProcessRunning(pid)) {

package/src/daemon/handlers/conversations.ts

@@ -23,6 +23,7 @@ import {
   queueGenerateConversationTitle,
   UNTITLED_FALLBACK,
 } from "../../memory/conversation-title-service.js";
+import { reduceBeforeSwitch } from "../../memory/reducer-scheduler.js";
 import * as pendingInteractions from "../../runtime/pending-interactions.js";
 import { getSubagentManager } from "../../subagent/index.js";
 import { truncate } from "../../util/truncate.js";
@@ -233,6 +234,12 @@ export async function handleConversationCreate(
     conversationType: normalizeConversationType(conversation.conversationType),
   });
 
+  // Reduce the previous dirty conversation before processing the initial
+  // message so its memory is fresh for the next read.
+  if (msg.initialMessage) {
+    await reduceBeforeSwitch(conversation.id);
+  }
+
   // Auto-send the initial message if provided, kick-starting the skill.
   if (msg.initialMessage) {
     // Queue title generation eagerly — some processMessage paths (guardian
@@ -343,6 +350,10 @@ export async function switchConversation(
     return null;
   }
 
+  // Reduce the previous dirty conversation before switching so its memory
+  // is fresh for the next read.
+  await reduceBeforeSwitch(conversationId);
+
   // If the target conversation is headless-locked (actively executing a task run),
   // skip rebinding so tool confirmations stay suppressed.
   const existingConversation = ctx.conversations.get(conversationId);

package/src/daemon/lifecycle.ts

@@ -20,7 +20,7 @@ import { loadConfig } from "../config/loader.js";
 import { HeartbeatService } from "../heartbeat/heartbeat-service.js";
 import { getHookManager } from "../hooks/manager.js";
 import { installTemplates } from "../hooks/templates.js";
-import { closeSentry, initSentry } from "../instrument.js";
+import { closeSentry, initSentry, setSentryDeviceId } from "../instrument.js";
 import { disableLogfire, initLogfire } from "../logfire.js";
 import { getMcpServerManager } from "../mcp/manager.js";
 import * as attachmentsStore from "../memory/attachments-store.js";
@@ -30,6 +30,7 @@ import {
   getConversationType,
   getMessages,
   purgePrivateConversations,
+  sweepStaleReducerJobs,
 } from "../memory/conversation-crud.js";
 import { resolveConversationId } from "../memory/conversation-key-store.js";
 import { initializeDb } from "../memory/db.js";
@@ -64,6 +65,7 @@ import { RuntimeHttpServer } from "../runtime/http-server.js";
 import { startScheduler } from "../schedule/scheduler.js";
 import { seedCatalogSkillMemories } from "../skills/skill-memory.js";
 import { UsageTelemetryReporter } from "../telemetry/usage-telemetry-reporter.js";
+import { getDeviceId } from "../util/device-id.js";
 import { getLogger, initLogger } from "../util/logger.js";
 import {
   ensureDataDir,
@@ -178,6 +180,11 @@ export async function runDaemon(): Promise<void> {
     await runWorkspaceMigrations(getWorkspaceDir(), WORKSPACE_MIGRATIONS);
     log.info("Daemon startup: workspace migrations complete");
 
+    // Now that workspace migrations have run (including 003-seed-device-id
+    // which may copy the legacy installationId into device.json), it is safe
+    // to read the device ID and set the Sentry tag.
+    setSentryDeviceId(getDeviceId());
+
     // Purge private (temporary) conversations from the previous daemon run.
     // These are ephemeral by design and should not survive daemon restarts.
     const { count: purgedCount, deletedMemory } = purgePrivateConversations();
@@ -206,16 +213,40 @@ export async function runDaemon(): Promise<void> {
           targetId: summaryId,
         });
       }
+      for (const obsId of deletedMemory.deletedObservationIds) {
+        enqueueMemoryJob("delete_qdrant_vectors", {
+          targetType: "observation",
+          targetId: obsId,
+        });
+      }
+      for (const chunkId of deletedMemory.deletedChunkIds) {
+        enqueueMemoryJob("delete_qdrant_vectors", {
+          targetType: "chunk",
+          targetId: chunkId,
+        });
+      }
+      for (const episodeId of deletedMemory.deletedEpisodeIds) {
+        enqueueMemoryJob("delete_qdrant_vectors", {
+          targetType: "episode",
+          targetId: episodeId,
+        });
+      }
       if (
         deletedMemory.segmentIds.length > 0 ||
         deletedMemory.orphanedItemIds.length > 0 ||
-        deletedMemory.deletedSummaryIds.length > 0
+        deletedMemory.deletedSummaryIds.length > 0 ||
+        deletedMemory.deletedObservationIds.length > 0 ||
+        deletedMemory.deletedChunkIds.length > 0 ||
+        deletedMemory.deletedEpisodeIds.length > 0
       ) {
         log.info(
           {
             segments: deletedMemory.segmentIds.length,
             orphanedItems: deletedMemory.orphanedItemIds.length,
             deletedSummaries: deletedMemory.deletedSummaryIds.length,
+            deletedObservations: deletedMemory.deletedObservationIds.length,
+            deletedChunks: deletedMemory.deletedChunkIds.length,
+            deletedEpisodes: deletedMemory.deletedEpisodeIds.length,
           },
           "Enqueued Qdrant vector cleanup jobs for purged private conversations",
         );
@@ -240,6 +271,24 @@ export async function runDaemon(): Promise<void> {
       );
     }
 
+    // Sweep dirty conversations whose tail messages are already past the
+    // idle delay — they should have been reduced while the daemon was down.
+    // Enqueue immediate reducer jobs so the memory worker picks them up.
+    try {
+      const sweepCount = sweepStaleReducerJobs();
+      if (sweepCount > 0) {
+        log.info(
+          { sweepCount },
+          `Enqueued reducer jobs for ${sweepCount} stale dirty conversation(s)`,
+        );
+      }
+    } catch (err) {
+      log.warn(
+        { err },
+        "Startup sweep for stale reducer jobs failed — continuing startup",
+      );
+    }
+
     // Ensure a vellum guardian binding exists so the identity system works
     // without requiring a manual bootstrap step.
     try {

package/src/daemon/providers-setup.ts

@@ -5,7 +5,7 @@ import {
   setPlatformUserId,
 } from "../config/env.js";
 import type { AssistantConfig } from "../config/types.js";
-import { setSentryOrganizationId } from "../instrument.js";
+import { setSentryOrganizationId, setSentryUserId } from "../instrument.js";
 import { getMcpServerManager } from "../mcp/manager.js";
 import { gmailMessagingProvider } from "../messaging/providers/gmail/adapter.js";
 import { slackProvider as slackMessagingProvider } from "../messaging/providers/slack/adapter.js";
@@ -91,6 +91,7 @@ export async function initializeProvidersAndTools(
     const trimmed = persisted?.trim();
     if (trimmed) {
       setPlatformUserId(trimmed);
+      setSentryUserId(trimmed);
       log.info("Rehydrated platform user ID from credential store");
     }
   } catch (err) {

package/src/hooks/manager.ts

@@ -1,5 +1,6 @@
 import { type FSWatcher, watch } from "node:fs";
 
+import { getIsContainerized } from "../config/env-registry.js";
 import { Debouncer } from "../util/debounce.js";
 import { pathExists } from "../util/fs.js";
 import { getLogger } from "../util/logger.js";
@@ -32,6 +33,10 @@ export class HookManager {
   private readonly debouncer = new Debouncer(500);
 
   initialize(): void {
+    if (getIsContainerized()) {
+      log.info("Hooks disabled in containerized mode");
+      return;
+    }
     this.hooks = discoverHooks();
     this.buildEventIndex();
     const enabled = this.hooks.filter((h) => h.enabled).length;
@@ -107,6 +112,7 @@ export class HookManager {
   }
 
   reload(): void {
+    if (getIsContainerized()) return;
     this.hooks = discoverHooks();
     this.buildEventIndex();
     const enabled = this.hooks.filter((h) => h.enabled).length;
@@ -114,6 +120,7 @@ export class HookManager {
   }
 
   watch(): void {
+    if (getIsContainerized()) return;
     const hooksDir = getHooksDir();
     if (!pathExists(hooksDir)) return;
 

package/src/instrument.ts

@@ -2,7 +2,11 @@ import { arch, hostname, platform, release } from "node:os";
 
 import * as Sentry from "@sentry/node";
 
-import { getPlatformOrganizationId, getSentryDsn } from "./config/env.js";
+import {
+  getPlatformOrganizationId,
+  getPlatformUserId,
+  getSentryDsn,
+} from "./config/env.js";
 import { APP_VERSION, COMMIT_SHA } from "./version.js";
 
 /** Patterns that match sensitive data in Sentry event values. */
@@ -51,6 +55,7 @@ export function initSentry(): void {
     initialScope: {
       tags: {
         commit: COMMIT_SHA,
+        assistant_version: APP_VERSION,
         os_platform: platform(),
         os_release: release(),
         os_arch: arch(),
@@ -58,9 +63,14 @@ export function initSentry(): void {
         runtime: "bun",
         runtime_version:
           typeof Bun !== "undefined" ? Bun.version : process.version,
+        // NOTE: device_id is NOT set here. It is deferred to setSentryDeviceId()
+        // which is called after workspace migrations run, so that migration
+        // 003-seed-device-id can copy the legacy installationId into device.json
+        // before getDeviceId() eagerly creates a new random UUID.
         ...(getPlatformOrganizationId()
           ? { organization_id: getPlatformOrganizationId() }
           : {}),
+        ...(getPlatformUserId() ? { user_id: getPlatformUserId() } : {}),
       },
     },
     beforeSend(event) {
@@ -109,6 +119,28 @@ export function setSentryOrganizationId(
   Sentry.setTag("organization_id", organizationId || undefined);
 }
 
+/**
+ * Set (or clear) the user_id tag on the global Sentry scope.
+ *
+ * Called after the platform user ID is rehydrated from the credential
+ * store or updated at runtime so that every subsequent Sentry event
+ * includes the user context.
+ */
+export function setSentryUserId(userId: string | undefined): void {
+  Sentry.setTag("user_id", userId || undefined);
+}
+
+/**
+ * Set the device_id tag on the global Sentry scope.
+ *
+ * Called after workspace migrations complete so that migration
+ * 003-seed-device-id has a chance to copy the legacy installationId
+ * into device.json before getDeviceId() is invoked.
+ */
+export function setSentryDeviceId(deviceId: string): void {
+  Sentry.setTag("device_id", deviceId);
+}
+
 // ── Dynamic conversation-scoped Sentry tags ─────────────────────────
 //
 // These tags change per conversation turn and are set on the current