@vellumai/assistant 0.5.6 → 0.5.8

package/src/workspace/migrations/012-rename-conversation-disk-view-dirs.ts

@@ -17,6 +17,10 @@ import type { WorkspaceMigration } from "./types.js";
 const LEGACY_CONVERSATION_DIR_PATTERN =
   /^(.*)_(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}\.\d{3}Z)$/;
 
+/** Matches the new timestamp-first format: {timestamp}_{conversationId} */
+const NEW_CONVERSATION_DIR_PATTERN =
+  /^(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}\.\d{3}Z)_(.+)$/;
+
 function parseLegacyConversationDirName(
   dirName: string,
 ): { conversationId: string; timestamp: string } | null {
@@ -29,11 +33,51 @@ function parseLegacyConversationDirName(
   };
 }
 
+function parseNewConversationDirName(
+  dirName: string,
+): { timestamp: string; conversationId: string } | null {
+  const match = dirName.match(NEW_CONVERSATION_DIR_PATTERN);
+  if (!match) return null;
+
+  return {
+    timestamp: match[1],
+    conversationId: match[2],
+  };
+}
+
 export const renameConversationDiskViewDirsMigration: WorkspaceMigration = {
   id: "012-rename-conversation-disk-view-dirs",
   description:
     "Rename legacy conversation disk-view directories to timestamp-first names",
 
+  down(workspaceDir: string): void {
+    const conversationsDir = join(workspaceDir, "conversations");
+    if (!existsSync(conversationsDir)) return;
+
+    const entries = readdirSync(conversationsDir, { withFileTypes: true })
+      .filter((entry) => entry.isDirectory())
+      .map((entry) => entry.name)
+      .sort();
+
+    for (const dirName of entries) {
+      const parsed = parseNewConversationDirName(dirName);
+      if (!parsed) continue;
+
+      const sourcePath = join(conversationsDir, dirName);
+      const targetName = `${parsed.conversationId}_${parsed.timestamp}`;
+      const targetPath = join(conversationsDir, targetName);
+
+      if (sourcePath === targetPath) continue;
+      if (existsSync(targetPath)) continue;
+
+      try {
+        renameSync(sourcePath, targetPath);
+      } catch {
+        // Best-effort: leave the directory in place if a single rename fails.
+      }
+    }
+  },
+
   run(workspaceDir: string): void {
     const conversationsDir = join(workspaceDir, "conversations");
     if (!existsSync(conversationsDir)) return;

package/src/workspace/migrations/013-repair-conversation-disk-view.ts

@@ -8,4 +8,9 @@ export const repairConversationDiskViewMigration: WorkspaceMigration = {
   run(_workspaceDir: string): void {
     rebuildConversationDiskViewFromDb();
   },
+  // No-op: this is a repair migration that rebuilds derived disk-view data
+  // from the database. There is no meaningful reverse operation — the data
+  // is a cache that can be regenerated, and removing it would just cause
+  // unnecessary churn on the next forward run.
+  down(_workspaceDir: string): void {},
 };

package/src/workspace/migrations/015-migrate-credentials-to-keychain.ts

@@ -0,0 +1,153 @@
+import { getLogger } from "../../util/logger.js";
+import type { WorkspaceMigration } from "./types.js";
+
+const log = getLogger("workspace-migrations");
+
+const BROKER_WAIT_INTERVAL_MS = 500;
+const BROKER_WAIT_MAX_ATTEMPTS = 10; // 5 seconds total
+
+export const migrateCredentialsToKeychainMigration: WorkspaceMigration = {
+  id: "015-migrate-credentials-to-keychain",
+  description:
+    "Copy encrypted store credentials to keychain for single-backend migration",
+
+  async down(_workspaceDir: string): Promise<void> {
+    // Reverse: copy credentials from keychain back to encrypted store.
+    // Mirrors the forward logic of 016-migrate-credentials-from-keychain.
+    if (
+      process.env.VELLUM_DESKTOP_APP !== "1" ||
+      process.env.VELLUM_DEV === "1"
+    ) {
+      return;
+    }
+
+    const { createBrokerClient } =
+      await import("../../security/keychain-broker-client.js");
+    const client = createBrokerClient();
+
+    let brokerAvailable = false;
+    for (let i = 0; i < BROKER_WAIT_MAX_ATTEMPTS; i++) {
+      if (client.isAvailable()) {
+        brokerAvailable = true;
+        break;
+      }
+      await new Promise((r) => setTimeout(r, BROKER_WAIT_INTERVAL_MS));
+    }
+
+    if (!brokerAvailable) {
+      throw new Error(
+        "Keychain broker not available after waiting — credential rollback " +
+          "will be retried on next startup",
+      );
+    }
+
+    const { setKey } = await import("../../security/encrypted-store.js");
+
+    const accounts = await client.list();
+    if (accounts.length === 0) return;
+
+    let rolledBackCount = 0;
+    let failedCount = 0;
+
+    for (const account of accounts) {
+      const result = await client.get(account);
+      if (!result || !result.found || result.value === undefined) {
+        log.warn(
+          { account },
+          "Failed to read key from keychain during rollback — skipping",
+        );
+        failedCount++;
+        continue;
+      }
+
+      const written = setKey(account, result.value);
+      if (written) {
+        await client.del(account);
+        rolledBackCount++;
+      } else {
+        log.warn(
+          { account },
+          "Failed to write key to encrypted store during rollback — skipping",
+        );
+        failedCount++;
+      }
+    }
+
+    log.info(
+      { rolledBackCount, failedCount },
+      "Credential rollback from keychain to encrypted store complete",
+    );
+  },
+
+  async run(_workspaceDir: string): Promise<void> {
+    // Only run on mac production builds (desktop app, non-dev).
+    if (
+      process.env.VELLUM_DESKTOP_APP !== "1" ||
+      process.env.VELLUM_DEV === "1"
+    ) {
+      return;
+    }
+
+    const { createBrokerClient } =
+      await import("../../security/keychain-broker-client.js");
+    const client = createBrokerClient();
+
+    // Wait for the broker to become available (up to 5 seconds), matching
+    // the retry strategy in secure-keys.ts waitForBrokerAvailability().
+    let brokerAvailable = false;
+    for (let i = 0; i < BROKER_WAIT_MAX_ATTEMPTS; i++) {
+      if (client.isAvailable()) {
+        brokerAvailable = true;
+        break;
+      }
+      await new Promise((r) => setTimeout(r, BROKER_WAIT_INTERVAL_MS));
+    }
+
+    if (!brokerAvailable) {
+      throw new Error(
+        "Keychain broker not available after waiting — credential migration " +
+          "will be retried on next startup",
+      );
+    }
+
+    const { listKeys, getKey, deleteKey } =
+      await import("../../security/encrypted-store.js");
+
+    const accounts = listKeys();
+    if (accounts.length === 0) {
+      return;
+    }
+
+    let migratedCount = 0;
+    let failedCount = 0;
+
+    for (const account of accounts) {
+      const value = getKey(account);
+      if (value === undefined) {
+        log.warn(
+          { account },
+          "Failed to read key from encrypted store — skipping",
+        );
+        failedCount++;
+        continue;
+      }
+
+      const result = await client.set(account, value);
+      if (result.status === "ok") {
+        deleteKey(account);
+        migratedCount++;
+      } else {
+        log.warn(
+          { account, status: result.status },
+          "Failed to write key to keychain — skipping",
+        );
+        failedCount++;
+      }
+    }
+
+    log.info(
+      { migratedCount, failedCount },
+      "Credential migration to keychain complete",
+    );
+  },
+};

package/src/workspace/migrations/016-extract-feature-flags-to-protected.ts

@@ -0,0 +1,156 @@
+import {
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  renameSync,
+  unlinkSync,
+  writeFileSync,
+} from "node:fs";
+import { join } from "node:path";
+
+import { getRootDir } from "../../util/platform.js";
+import type { WorkspaceMigration } from "./types.js";
+
+export const extractFeatureFlagsToProtectedMigration: WorkspaceMigration = {
+  id: "016-extract-feature-flags-to-protected",
+  description:
+    "Move assistantFeatureFlagValues from config.json to ~/.vellum/protected/feature-flags.json",
+
+  down(workspaceDir: string): void {
+    // Reverse: read feature flags from protected directory and write them
+    // back to config.json as assistantFeatureFlagValues.
+    const protectedDir = join(getRootDir(), "protected");
+    const featureFlagsPath = join(protectedDir, "feature-flags.json");
+
+    if (!existsSync(featureFlagsPath)) return;
+
+    let flagValues: Record<string, boolean>;
+    try {
+      const raw = JSON.parse(readFileSync(featureFlagsPath, "utf-8"));
+      if (
+        !raw ||
+        raw.version !== 1 ||
+        !raw.values ||
+        typeof raw.values !== "object"
+      ) {
+        return;
+      }
+      flagValues = raw.values;
+    } catch {
+      return; // Malformed file — skip
+    }
+
+    if (Object.keys(flagValues).length === 0) return;
+
+    // Read config.json and restore assistantFeatureFlagValues
+    const configPath = join(workspaceDir, "config.json");
+    let config: Record<string, unknown> = {};
+    if (existsSync(configPath)) {
+      try {
+        const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+        if (raw && typeof raw === "object" && !Array.isArray(raw)) {
+          config = raw as Record<string, unknown>;
+        }
+      } catch {
+        // Malformed config — start with empty object
+      }
+    }
+
+    // Merge into existing assistantFeatureFlagValues if present
+    const existing = (config.assistantFeatureFlagValues ?? {}) as Record<
+      string,
+      boolean
+    >;
+    config.assistantFeatureFlagValues = { ...existing, ...flagValues };
+
+    const tmpConfigPath = configPath + ".tmp";
+    writeFileSync(
+      tmpConfigPath,
+      JSON.stringify(config, null, 2) + "\n",
+      "utf-8",
+    );
+    renameSync(tmpConfigPath, configPath);
+
+    // Remove the protected feature-flags file
+    try {
+      unlinkSync(featureFlagsPath);
+    } catch {
+      // Best-effort cleanup
+    }
+  },
+
+  run(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return; // Malformed config — skip
+    }
+
+    const flagValues = config.assistantFeatureFlagValues as
+      | Record<string, boolean>
+      | undefined;
+    if (
+      !flagValues ||
+      typeof flagValues !== "object" ||
+      Object.keys(flagValues).length === 0
+    ) {
+      return; // Nothing to migrate
+    }
+
+    // Write feature flags to protected directory
+    const protectedDir = join(getRootDir(), "protected");
+    mkdirSync(protectedDir, { recursive: true });
+
+    const featureFlagsPath = join(protectedDir, "feature-flags.json");
+
+    // Read existing feature-flags.json if present (may have been written by
+    // the gateway in a rolling deployment) so we merge rather than overwrite.
+    let existingValues: Record<string, boolean> = {};
+    if (existsSync(featureFlagsPath)) {
+      try {
+        const existing = JSON.parse(readFileSync(featureFlagsPath, "utf-8"));
+        if (
+          existing.version === 1 &&
+          existing.values &&
+          typeof existing.values === "object"
+        ) {
+          existingValues = existing.values;
+        }
+      } catch {
+        // Malformed file — start fresh
+      }
+    }
+
+    // Merge: config values take precedence, existing keys preserved
+    const mergedValues = { ...existingValues, ...flagValues };
+
+    const featureFlagsContent = JSON.stringify(
+      { version: 1, values: mergedValues },
+      null,
+      2,
+    );
+
+    const tmpFeatureFlagsPath = featureFlagsPath + ".tmp";
+    writeFileSync(tmpFeatureFlagsPath, featureFlagsContent + "\n", "utf-8");
+    chmodSync(tmpFeatureFlagsPath, 0o600);
+    renameSync(tmpFeatureFlagsPath, featureFlagsPath);
+
+    // Remove assistantFeatureFlagValues from config.json
+    delete config.assistantFeatureFlagValues;
+
+    const tmpConfigPath = configPath + ".tmp";
+    writeFileSync(
+      tmpConfigPath,
+      JSON.stringify(config, null, 2) + "\n",
+      "utf-8",
+    );
+    renameSync(tmpConfigPath, configPath);
+  },
+};

package/src/workspace/migrations/016-migrate-credentials-from-keychain.ts

@@ -0,0 +1,150 @@
+import { getLogger } from "../../util/logger.js";
+import type { WorkspaceMigration } from "./types.js";
+
+const log = getLogger("workspace-migrations");
+
+const BROKER_WAIT_INTERVAL_MS = 500;
+const BROKER_WAIT_MAX_ATTEMPTS = 10; // 5 seconds total
+
+export const migrateCredentialsFromKeychainMigration: WorkspaceMigration = {
+  id: "016-migrate-credentials-from-keychain",
+  description:
+    "Copy keychain credentials back to encrypted store for CES unification",
+
+  async down(_workspaceDir: string): Promise<void> {
+    // Reverse: copy credentials from encrypted store back to keychain.
+    // Mirrors the forward logic of 015-migrate-credentials-to-keychain.
+    if (
+      process.env.VELLUM_DESKTOP_APP !== "1" ||
+      process.env.VELLUM_DEV === "1"
+    ) {
+      return;
+    }
+
+    const { createBrokerClient } =
+      await import("../../security/keychain-broker-client.js");
+    const client = createBrokerClient();
+
+    let brokerAvailable = false;
+    for (let i = 0; i < BROKER_WAIT_MAX_ATTEMPTS; i++) {
+      if (client.isAvailable()) {
+        brokerAvailable = true;
+        break;
+      }
+      await new Promise((r) => setTimeout(r, BROKER_WAIT_INTERVAL_MS));
+    }
+
+    if (!brokerAvailable) {
+      throw new Error(
+        "Keychain broker not available after waiting — credential rollback " +
+          "will be retried on next startup",
+      );
+    }
+
+    const { listKeys, getKey, deleteKey } =
+      await import("../../security/encrypted-store.js");
+
+    const accounts = listKeys();
+    if (accounts.length === 0) return;
+
+    let rolledBackCount = 0;
+    let failedCount = 0;
+
+    for (const account of accounts) {
+      const value = getKey(account);
+      if (value === undefined) {
+        log.warn(
+          { account },
+          "Failed to read key from encrypted store during rollback — skipping",
+        );
+        failedCount++;
+        continue;
+      }
+
+      const result = await client.set(account, value);
+      if (result.status === "ok") {
+        deleteKey(account);
+        rolledBackCount++;
+      } else {
+        log.warn(
+          { account, status: result.status },
+          "Failed to write key to keychain during rollback — skipping",
+        );
+        failedCount++;
+      }
+    }
+
+    log.info(
+      { rolledBackCount, failedCount },
+      "Credential rollback from encrypted store to keychain complete",
+    );
+  },
+
+  async run(_workspaceDir: string): Promise<void> {
+    // Only run on mac production builds (desktop app, non-dev).
+    if (
+      process.env.VELLUM_DESKTOP_APP !== "1" ||
+      process.env.VELLUM_DEV === "1"
+    ) {
+      return;
+    }
+
+    const { createBrokerClient } =
+      await import("../../security/keychain-broker-client.js");
+    const client = createBrokerClient();
+
+    // Wait for the broker to become available (up to 5 seconds), matching
+    // the retry strategy in secure-keys.ts waitForBrokerAvailability().
+    let brokerAvailable = false;
+    for (let i = 0; i < BROKER_WAIT_MAX_ATTEMPTS; i++) {
+      if (client.isAvailable()) {
+        brokerAvailable = true;
+        break;
+      }
+      await new Promise((r) => setTimeout(r, BROKER_WAIT_INTERVAL_MS));
+    }
+
+    if (!brokerAvailable) {
+      throw new Error(
+        "Keychain broker not available after waiting — credential migration " +
+          "will be retried on next startup",
+      );
+    }
+
+    const { setKey } = await import("../../security/encrypted-store.js");
+
+    const accounts = await client.list();
+    if (accounts.length === 0) {
+      return;
+    }
+
+    let migratedCount = 0;
+    let failedCount = 0;
+
+    for (const account of accounts) {
+      const result = await client.get(account);
+      if (!result || !result.found || result.value === undefined) {
+        log.warn({ account }, "Failed to read key from keychain — skipping");
+        failedCount++;
+        continue;
+      }
+
+      const written = setKey(account, result.value);
+      if (written) {
+        await client.del(account);
+        migratedCount++;
+      } else {
+        log.warn(
+          { account },
+          "Failed to write key to encrypted store — skipping",
+        );
+        failedCount++;
+      }
+    }
+
+    log.info(
+      { migratedCount, failedCount },
+      "Credential migration from keychain complete",
+    );
+  },
+};

package/src/workspace/migrations/017-seed-persona-dirs.ts

@@ -0,0 +1,96 @@
+import {
+  copyFileSync,
+  existsSync,
+  mkdirSync,
+  readdirSync,
+  readFileSync,
+  rmdirSync,
+} from "node:fs";
+import { join } from "node:path";
+
+import { desc, eq } from "drizzle-orm";
+
+import { generateUserFileSlug } from "../../contacts/contact-store.js";
+import { getDb } from "../../memory/db.js";
+import { contacts } from "../../memory/schema/contacts.js";
+import {
+  isTemplateContent,
+  stripCommentLines,
+} from "../../prompts/system-prompt.js";
+import type { WorkspaceMigration } from "./types.js";
+
+export const seedPersonaDirsMigration: WorkspaceMigration = {
+  id: "017-seed-persona-dirs",
+  description:
+    "Create users/ and channels/ persona directories and migrate customized USER.md",
+
+  down(workspaceDir: string): void {
+    // Remove the seeded persona directories only if they are empty.
+    // We don't delete user-created content — only clean up the empty
+    // directories that the forward migration created.
+    const usersDir = join(workspaceDir, "users");
+    const channelsDir = join(workspaceDir, "channels");
+
+    for (const dir of [usersDir, channelsDir]) {
+      if (!existsSync(dir)) continue;
+      try {
+        const entries = readdirSync(dir);
+        if (entries.length === 0) {
+          rmdirSync(dir);
+        }
+      } catch {
+        // Best-effort: skip if we can't read or remove
+      }
+    }
+  },
+
+  run(workspaceDir: string): void {
+    // Create persona directories
+    mkdirSync(join(workspaceDir, "users"), { recursive: true });
+    mkdirSync(join(workspaceDir, "channels"), { recursive: true });
+
+    // Check if USER.md exists and has been customized
+    const userMdPath = join(workspaceDir, "USER.md");
+    if (!existsSync(userMdPath)) return;
+
+    const rawContent = readFileSync(userMdPath, "utf-8");
+    const content = stripCommentLines(rawContent);
+    if (!content) return;
+
+    // Skip if the content is the unmodified template
+    if (isTemplateContent(content, "USER.md")) return;
+
+    // Determine destination filename based on guardian contact
+    let destFilename = "guardian.md";
+    try {
+      const db = getDb();
+      const guardian = db
+        .select()
+        .from(contacts)
+        .where(eq(contacts.role, "guardian"))
+        .orderBy(desc(contacts.createdAt))
+        .limit(1)
+        .get();
+
+      if (guardian) {
+        if (guardian.userFile) {
+          destFilename = guardian.userFile;
+        } else {
+          const slug = generateUserFileSlug(guardian.displayName);
+          db.update(contacts)
+            .set({ userFile: slug })
+            .where(eq(contacts.id, guardian.id))
+            .run();
+          destFilename = slug;
+        }
+      }
+    } catch {
+      // DB might not be initialized yet — fall back to guardian.md
+    }
+
+    const destPath = join(workspaceDir, "users", destFilename);
+    if (!existsSync(destPath)) {
+      copyFileSync(userMdPath, destPath);
+    }
+  },
+};