@vellumai/assistant 0.5.6 → 0.5.7

package/src/workspace/migrations/004-extract-collect-usage-data.ts

@@ -45,6 +45,39 @@ export const extractCollectUsageDataMigration: WorkspaceMigration = {
       delete config.assistantFeatureFlagValues;
     }
 
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
+  down(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return;
+    }
+
+    // Only reverse if collectUsageData was explicitly set to false
+    // (the forward migration only persisted false).
+    if (!("collectUsageData" in config)) return;
+    const value = config.collectUsageData;
+    if (typeof value !== "boolean") return;
+
+    // Restore the feature flag value
+    const FLAG_KEY = "feature_flags.collect-usage-data.enabled";
+    const flagValues = (config.assistantFeatureFlagValues ?? {}) as Record<
+      string,
+      unknown
+    >;
+    flagValues[FLAG_KEY] = value;
+    config.assistantFeatureFlagValues = flagValues;
+
+    // Remove the extracted top-level key
+    delete config.collectUsageData;
+
     writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
   },
 };

package/src/workspace/migrations/005-add-send-diagnostics.ts

@@ -9,4 +9,7 @@ export const addSendDiagnosticsMigration: WorkspaceMigration = {
     // will sync the UserDefaults value on first startup. This migration exists
     // as a checkpoint marker for future reference.
   },
+  down(_workspaceDir: string): void {
+    // No-op — the forward migration is a checkpoint marker with no data changes.
+  },
 };

package/src/workspace/migrations/006-services-config.ts

@@ -132,6 +132,55 @@ export const servicesConfigMigration: WorkspaceMigration = {
     delete config.imageGenModel;
     delete config.webSearchProvider;
 
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
+  down(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return;
+    }
+
+    const services = config.services;
+    if (!services || typeof services !== "object" || Array.isArray(services))
+      return;
+
+    const svc = services as Record<string, Record<string, unknown>>;
+
+    // Extract inference provider and model back to top-level fields.
+    // Note: inferenceMode is lost in this rollback — the original config did
+    // not store a mode field. This is an accepted lossy reversal.
+    if (svc.inference) {
+      if (typeof svc.inference.provider === "string") {
+        config.provider = svc.inference.provider;
+      }
+      if (typeof svc.inference.model === "string") {
+        config.model = svc.inference.model;
+      }
+    }
+
+    // Extract image generation model back to top-level
+    if (svc["image-generation"]) {
+      if (typeof svc["image-generation"].model === "string") {
+        config.imageGenModel = svc["image-generation"].model;
+      }
+    }
+
+    // Extract web search provider back to top-level
+    if (svc["web-search"]) {
+      if (typeof svc["web-search"].provider === "string") {
+        config.webSearchProvider = svc["web-search"].provider;
+      }
+    }
+
+    delete config.services;
+
     writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
   },
 };

package/src/workspace/migrations/007-web-search-provider-rename.ts

@@ -34,4 +34,31 @@ export const webSearchProviderRenameMigration: WorkspaceMigration = {
     ws.provider = "inference-provider-native";
     writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
   },
+  down(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return;
+    }
+
+    const services = config.services;
+    if (!services || typeof services !== "object" || Array.isArray(services))
+      return;
+
+    const webSearch = (services as Record<string, unknown>)["web-search"];
+    if (!webSearch || typeof webSearch !== "object" || Array.isArray(webSearch))
+      return;
+
+    const ws = webSearch as Record<string, unknown>;
+    if (ws.provider !== "inference-provider-native") return;
+
+    ws.provider = "anthropic-native";
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
 };

package/src/workspace/migrations/008-voice-timeout-and-max-steps.ts

@@ -9,4 +9,7 @@ export const voiceTimeoutAndMaxStepsMigration: WorkspaceMigration = {
     // Existing users: macOS client will sync UserDefaults values
     // to config on next startup via settings sync endpoints.
   },
+  down(_workspaceDir: string): void {
+    // No-op — the forward migration is a checkpoint marker with no data changes.
+  },
 };

package/src/workspace/migrations/009-backfill-conversation-disk-view.ts

@@ -7,4 +7,8 @@ export const backfillConversationDiskViewMigration: WorkspaceMigration = {
   run(_workspaceDir: string): void {
     rebuildConversationDiskViewFromDb();
   },
+  // No-op: the disk view is a derived cache that can be regenerated from the
+  // database at any time. Removing it would only cause unnecessary I/O churn
+  // since the next forward migration (or startup rebuild) will recreate it.
+  down(_workspaceDir: string): void {},
 };

package/src/workspace/migrations/010-app-dir-rename.ts

@@ -76,6 +76,84 @@ export const appDirRenameMigration: WorkspaceMigration = {
   description:
     "Rename UUID-based app directories and files to human-readable slugified names",
 
+  down(workspaceDir: string): void {
+    const appsDir = join(workspaceDir, "data", "apps");
+    if (!existsSync(appsDir)) return;
+
+    const jsonFiles = readdirSync(appsDir)
+      .filter((f) => f.endsWith(".json"))
+      .sort();
+
+    if (jsonFiles.length === 0) return;
+
+    for (const jsonFile of jsonFiles) {
+      const jsonPath = join(appsDir, jsonFile);
+      let raw: string;
+      try {
+        raw = readFileSync(jsonPath, "utf-8");
+      } catch {
+        continue;
+      }
+
+      let parsed: {
+        id?: string;
+        name?: string;
+        dirName?: string;
+      };
+      try {
+        parsed = JSON.parse(raw);
+      } catch {
+        continue;
+      }
+
+      const appId = parsed.id;
+      if (!appId || !parsed.dirName || !isValidDirName(parsed.dirName)) {
+        continue;
+      }
+
+      const dirName = parsed.dirName;
+
+      // 1. Rename the app directory: {dirName}/ -> {appId}/
+      const slugDir = join(appsDir, dirName);
+      const uuidDir = join(appsDir, appId);
+      if (existsSync(slugDir) && !existsSync(uuidDir) && slugDir !== uuidDir) {
+        renameSync(slugDir, uuidDir);
+      }
+
+      // 2. Rename the preview file: {dirName}.preview -> {appId}.preview
+      const slugPreview = join(appsDir, `${dirName}.preview`);
+      const uuidPreview = join(appsDir, `${appId}.preview`);
+      if (
+        existsSync(slugPreview) &&
+        !existsSync(uuidPreview) &&
+        slugPreview !== uuidPreview
+      ) {
+        renameSync(slugPreview, uuidPreview);
+      }
+
+      // 3. Remove dirName from JSON and rename file: {dirName}.json -> {appId}.json
+      const updatedParsed = { ...parsed };
+      delete updatedParsed.dirName;
+      const updatedJson = JSON.stringify(updatedParsed, null, 2);
+
+      const uuidJsonFile = `${appId}.json`;
+      const uuidJsonPath = join(appsDir, uuidJsonFile);
+
+      if (jsonFile !== uuidJsonFile) {
+        writeFileSync(uuidJsonPath, updatedJson, "utf-8");
+        if (existsSync(jsonPath) && jsonPath !== uuidJsonPath) {
+          try {
+            unlinkSync(jsonPath);
+          } catch {
+            // Old file cleanup is best-effort
+          }
+        }
+      } else {
+        writeFileSync(uuidJsonPath, updatedJson, "utf-8");
+      }
+    }
+  },
+
   run(workspaceDir: string): void {
     const appsDir = join(workspaceDir, "data", "apps");
     if (!existsSync(appsDir)) return;

package/src/workspace/migrations/011-backfill-installation-id.ts

@@ -14,6 +14,17 @@ export const backfillInstallationIdMigration: WorkspaceMigration = {
   id: "011-backfill-installation-id",
   description:
     "Backfill installationId into lockfile from SQLite checkpoint and clean up stale row",
+
+  down(_workspaceDir: string): void {
+    // The forward migration moved an installationId from a SQLite checkpoint
+    // into the lockfile entry. Rolling back by removing installationId from
+    // the lockfile would break telemetry continuity and the field is harmless
+    // to leave in place. The SQLite checkpoint was already deleted and
+    // cannot be restored.
+    //
+    // No-op: leaving installationId in the lockfile is safe and non-disruptive.
+  },
+
   run(_workspaceDir: string): void {
     // a. Read existing installation ID from SQLite, or generate a new one.
     //    On fresh installs the memory_checkpoints table may not exist yet,

package/src/workspace/migrations/012-rename-conversation-disk-view-dirs.ts

@@ -17,6 +17,10 @@ import type { WorkspaceMigration } from "./types.js";
 const LEGACY_CONVERSATION_DIR_PATTERN =
   /^(.*)_(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}\.\d{3}Z)$/;
 
+/** Matches the new timestamp-first format: {timestamp}_{conversationId} */
+const NEW_CONVERSATION_DIR_PATTERN =
+  /^(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}\.\d{3}Z)_(.+)$/;
+
 function parseLegacyConversationDirName(
   dirName: string,
 ): { conversationId: string; timestamp: string } | null {
@@ -29,11 +33,51 @@ function parseLegacyConversationDirName(
   };
 }
 
+function parseNewConversationDirName(
+  dirName: string,
+): { timestamp: string; conversationId: string } | null {
+  const match = dirName.match(NEW_CONVERSATION_DIR_PATTERN);
+  if (!match) return null;
+
+  return {
+    timestamp: match[1],
+    conversationId: match[2],
+  };
+}
+
 export const renameConversationDiskViewDirsMigration: WorkspaceMigration = {
   id: "012-rename-conversation-disk-view-dirs",
   description:
     "Rename legacy conversation disk-view directories to timestamp-first names",
 
+  down(workspaceDir: string): void {
+    const conversationsDir = join(workspaceDir, "conversations");
+    if (!existsSync(conversationsDir)) return;
+
+    const entries = readdirSync(conversationsDir, { withFileTypes: true })
+      .filter((entry) => entry.isDirectory())
+      .map((entry) => entry.name)
+      .sort();
+
+    for (const dirName of entries) {
+      const parsed = parseNewConversationDirName(dirName);
+      if (!parsed) continue;
+
+      const sourcePath = join(conversationsDir, dirName);
+      const targetName = `${parsed.conversationId}_${parsed.timestamp}`;
+      const targetPath = join(conversationsDir, targetName);
+
+      if (sourcePath === targetPath) continue;
+      if (existsSync(targetPath)) continue;
+
+      try {
+        renameSync(sourcePath, targetPath);
+      } catch {
+        // Best-effort: leave the directory in place if a single rename fails.
+      }
+    }
+  },
+
   run(workspaceDir: string): void {
     const conversationsDir = join(workspaceDir, "conversations");
     if (!existsSync(conversationsDir)) return;

package/src/workspace/migrations/013-repair-conversation-disk-view.ts

@@ -8,4 +8,9 @@ export const repairConversationDiskViewMigration: WorkspaceMigration = {
   run(_workspaceDir: string): void {
     rebuildConversationDiskViewFromDb();
   },
+  // No-op: this is a repair migration that rebuilds derived disk-view data
+  // from the database. There is no meaningful reverse operation — the data
+  // is a cache that can be regenerated, and removing it would just cause
+  // unnecessary churn on the next forward run.
+  down(_workspaceDir: string): void {},
 };

package/src/workspace/migrations/015-migrate-credentials-to-keychain.ts

@@ -0,0 +1,153 @@
+import { getLogger } from "../../util/logger.js";
+import type { WorkspaceMigration } from "./types.js";
+
+const log = getLogger("workspace-migrations");
+
+const BROKER_WAIT_INTERVAL_MS = 500;
+const BROKER_WAIT_MAX_ATTEMPTS = 10; // 5 seconds total
+
+export const migrateCredentialsToKeychainMigration: WorkspaceMigration = {
+  id: "015-migrate-credentials-to-keychain",
+  description:
+    "Copy encrypted store credentials to keychain for single-backend migration",
+
+  async down(_workspaceDir: string): Promise<void> {
+    // Reverse: copy credentials from keychain back to encrypted store.
+    // Mirrors the forward logic of 016-migrate-credentials-from-keychain.
+    if (
+      process.env.VELLUM_DESKTOP_APP !== "1" ||
+      process.env.VELLUM_DEV === "1"
+    ) {
+      return;
+    }
+
+    const { createBrokerClient } =
+      await import("../../security/keychain-broker-client.js");
+    const client = createBrokerClient();
+
+    let brokerAvailable = false;
+    for (let i = 0; i < BROKER_WAIT_MAX_ATTEMPTS; i++) {
+      if (client.isAvailable()) {
+        brokerAvailable = true;
+        break;
+      }
+      await new Promise((r) => setTimeout(r, BROKER_WAIT_INTERVAL_MS));
+    }
+
+    if (!brokerAvailable) {
+      throw new Error(
+        "Keychain broker not available after waiting — credential rollback " +
+          "will be retried on next startup",
+      );
+    }
+
+    const { setKey } = await import("../../security/encrypted-store.js");
+
+    const accounts = await client.list();
+    if (accounts.length === 0) return;
+
+    let rolledBackCount = 0;
+    let failedCount = 0;
+
+    for (const account of accounts) {
+      const result = await client.get(account);
+      if (!result || !result.found || result.value === undefined) {
+        log.warn(
+          { account },
+          "Failed to read key from keychain during rollback — skipping",
+        );
+        failedCount++;
+        continue;
+      }
+
+      const written = setKey(account, result.value);
+      if (written) {
+        await client.del(account);
+        rolledBackCount++;
+      } else {
+        log.warn(
+          { account },
+          "Failed to write key to encrypted store during rollback — skipping",
+        );
+        failedCount++;
+      }
+    }
+
+    log.info(
+      { rolledBackCount, failedCount },
+      "Credential rollback from keychain to encrypted store complete",
+    );
+  },
+
+  async run(_workspaceDir: string): Promise<void> {
+    // Only run on mac production builds (desktop app, non-dev).
+    if (
+      process.env.VELLUM_DESKTOP_APP !== "1" ||
+      process.env.VELLUM_DEV === "1"
+    ) {
+      return;
+    }
+
+    const { createBrokerClient } =
+      await import("../../security/keychain-broker-client.js");
+    const client = createBrokerClient();
+
+    // Wait for the broker to become available (up to 5 seconds), matching
+    // the retry strategy in secure-keys.ts waitForBrokerAvailability().
+    let brokerAvailable = false;
+    for (let i = 0; i < BROKER_WAIT_MAX_ATTEMPTS; i++) {
+      if (client.isAvailable()) {
+        brokerAvailable = true;
+        break;
+      }
+      await new Promise((r) => setTimeout(r, BROKER_WAIT_INTERVAL_MS));
+    }
+
+    if (!brokerAvailable) {
+      throw new Error(
+        "Keychain broker not available after waiting — credential migration " +
+          "will be retried on next startup",
+      );
+    }
+
+    const { listKeys, getKey, deleteKey } =
+      await import("../../security/encrypted-store.js");
+
+    const accounts = listKeys();
+    if (accounts.length === 0) {
+      return;
+    }
+
+    let migratedCount = 0;
+    let failedCount = 0;
+
+    for (const account of accounts) {
+      const value = getKey(account);
+      if (value === undefined) {
+        log.warn(
+          { account },
+          "Failed to read key from encrypted store — skipping",
+        );
+        failedCount++;
+        continue;
+      }
+
+      const result = await client.set(account, value);
+      if (result.status === "ok") {
+        deleteKey(account);
+        migratedCount++;
+      } else {
+        log.warn(
+          { account, status: result.status },
+          "Failed to write key to keychain — skipping",
+        );
+        failedCount++;
+      }
+    }
+
+    log.info(
+      { migratedCount, failedCount },
+      "Credential migration to keychain complete",
+    );
+  },
+};

package/src/workspace/migrations/016-extract-feature-flags-to-protected.ts

@@ -0,0 +1,156 @@
+import {
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  renameSync,
+  unlinkSync,
+  writeFileSync,
+} from "node:fs";
+import { join } from "node:path";
+
+import { getRootDir } from "../../util/platform.js";
+import type { WorkspaceMigration } from "./types.js";
+
+export const extractFeatureFlagsToProtectedMigration: WorkspaceMigration = {
+  id: "016-extract-feature-flags-to-protected",
+  description:
+    "Move assistantFeatureFlagValues from config.json to ~/.vellum/protected/feature-flags.json",
+
+  down(workspaceDir: string): void {
+    // Reverse: read feature flags from protected directory and write them
+    // back to config.json as assistantFeatureFlagValues.
+    const protectedDir = join(getRootDir(), "protected");
+    const featureFlagsPath = join(protectedDir, "feature-flags.json");
+
+    if (!existsSync(featureFlagsPath)) return;
+
+    let flagValues: Record<string, boolean>;
+    try {
+      const raw = JSON.parse(readFileSync(featureFlagsPath, "utf-8"));
+      if (
+        !raw ||
+        raw.version !== 1 ||
+        !raw.values ||
+        typeof raw.values !== "object"
+      ) {
+        return;
+      }
+      flagValues = raw.values;
+    } catch {
+      return; // Malformed file — skip
+    }
+
+    if (Object.keys(flagValues).length === 0) return;
+
+    // Read config.json and restore assistantFeatureFlagValues
+    const configPath = join(workspaceDir, "config.json");
+    let config: Record<string, unknown> = {};
+    if (existsSync(configPath)) {
+      try {
+        const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+        if (raw && typeof raw === "object" && !Array.isArray(raw)) {
+          config = raw as Record<string, unknown>;
+        }
+      } catch {
+        // Malformed config — start with empty object
+      }
+    }
+
+    // Merge into existing assistantFeatureFlagValues if present
+    const existing = (config.assistantFeatureFlagValues ?? {}) as Record<
+      string,
+      boolean
+    >;
+    config.assistantFeatureFlagValues = { ...existing, ...flagValues };
+
+    const tmpConfigPath = configPath + ".tmp";
+    writeFileSync(
+      tmpConfigPath,
+      JSON.stringify(config, null, 2) + "\n",
+      "utf-8",
+    );
+    renameSync(tmpConfigPath, configPath);
+
+    // Remove the protected feature-flags file
+    try {
+      unlinkSync(featureFlagsPath);
+    } catch {
+      // Best-effort cleanup
+    }
+  },
+
+  run(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return; // Malformed config — skip
+    }
+
+    const flagValues = config.assistantFeatureFlagValues as
+      | Record<string, boolean>
+      | undefined;
+    if (
+      !flagValues ||
+      typeof flagValues !== "object" ||
+      Object.keys(flagValues).length === 0
+    ) {
+      return; // Nothing to migrate
+    }
+
+    // Write feature flags to protected directory
+    const protectedDir = join(getRootDir(), "protected");
+    mkdirSync(protectedDir, { recursive: true });
+
+    const featureFlagsPath = join(protectedDir, "feature-flags.json");
+
+    // Read existing feature-flags.json if present (may have been written by
+    // the gateway in a rolling deployment) so we merge rather than overwrite.
+    let existingValues: Record<string, boolean> = {};
+    if (existsSync(featureFlagsPath)) {
+      try {
+        const existing = JSON.parse(readFileSync(featureFlagsPath, "utf-8"));
+        if (
+          existing.version === 1 &&
+          existing.values &&
+          typeof existing.values === "object"
+        ) {
+          existingValues = existing.values;
+        }
+      } catch {
+        // Malformed file — start fresh
+      }
+    }
+
+    // Merge: config values take precedence, existing keys preserved
+    const mergedValues = { ...existingValues, ...flagValues };
+
+    const featureFlagsContent = JSON.stringify(
+      { version: 1, values: mergedValues },
+      null,
+      2,
+    );
+
+    const tmpFeatureFlagsPath = featureFlagsPath + ".tmp";
+    writeFileSync(tmpFeatureFlagsPath, featureFlagsContent + "\n", "utf-8");
+    chmodSync(tmpFeatureFlagsPath, 0o600);
+    renameSync(tmpFeatureFlagsPath, featureFlagsPath);
+
+    // Remove assistantFeatureFlagValues from config.json
+    delete config.assistantFeatureFlagValues;
+
+    const tmpConfigPath = configPath + ".tmp";
+    writeFileSync(
+      tmpConfigPath,
+      JSON.stringify(config, null, 2) + "\n",
+      "utf-8",
+    );
+    renameSync(tmpConfigPath, configPath);
+  },
+};