@vellumai/assistant 0.5.7 → 0.5.8

package/src/tools/memory/definitions.ts

@@ -46,9 +46,10 @@ const memoryManageProperties = {
       "decision",
       "constraint",
       "event",
+      "journal",
     ],
     description:
-      'Category of the memory item (required for save). Use "constraint" for mistakes, gotchas, discoveries, and working solutions - write as advice to your future self.',
+      'Category of the memory item (required for save). Use "constraint" for mistakes, gotchas, discoveries, and working solutions - write as advice to your future self. Use "journal" for journal-style memories — experiential snapshots, upcoming events, things to carry forward.',
   },
   subject: {
     type: "string" as const,
@@ -59,7 +60,7 @@ const memoryManageProperties = {
 export const memoryManageDefinition: ToolDefinition = {
   name: "memory_manage",
   description:
-    "Save, update, or delete memory items. Memory does not survive session restarts - if you want to remember something, save it now. Use 'save' for new information worth remembering (facts, preferences, mistakes, discoveries, gotchas), 'update' to correct existing items, 'delete' to remove outdated items. When a user says 'remember this', save immediately. For user profile or personality changes, update workspace files (USER.md, SOUL.md) instead.",
+    "Save, update, or delete memory items. If you want to remember something, save it now. Use 'save' for new information worth remembering (facts, preferences, mistakes, discoveries, gotchas), 'update' to correct existing items, 'delete' to remove outdated items. When a user says 'remember this', save immediately. Be proactive: if you learn something important that may be useful in the future, always call this tool — don't just say or hope you'll remember it. This is not a substitute for updating workspace files when relevant - do both.",
   input_schema: {
     type: "object",
     properties: memoryManageProperties,

package/src/tools/memory/handlers.ts

@@ -9,7 +9,6 @@ import { buildMemoryRecall } from "../../memory/retriever.js";
 import { memoryItems } from "../../memory/schema.js";
 import type { ScopePolicyOverride } from "../../memory/search/types.js";
 import { getLogger } from "../../util/logger.js";
-import { truncate } from "../../util/truncate.js";
 import type { ToolExecutionResult } from "../types.js";
 
 const log = getLogger("memory-tools");
@@ -39,6 +38,7 @@ export async function handleMemorySave(
     "decision",
     "constraint",
     "event",
+    "journal",
   ]);
   if (typeof rawKind !== "string") {
     return {
@@ -60,14 +60,14 @@ export async function handleMemorySave(
 
   const subject =
     typeof args.subject === "string" && args.subject.trim().length > 0
-      ? truncate(args.subject.trim(), 80, "")
+      ? args.subject.trim()
       : inferSubjectFromStatement(statement.trim());
 
   try {
     const db = getDb();
     const id = uuid();
     const now = Date.now();
-    const trimmedStatement = truncate(statement.trim(), 500, "");
+    const trimmedStatement = statement.trim();
 
     const fingerprint = computeMemoryFingerprint(
       scopeId,
@@ -93,6 +93,7 @@ export async function handleMemorySave(
           status: "active",
           importance: 0.8,
           lastSeenAt: now,
+          sourceType: "tool",
           verificationState: "user_confirmed",
         })
         .where(eq(memoryItems.id, existing.id))
@@ -115,6 +116,7 @@ export async function handleMemorySave(
         confidence: 0.95, // explicit saves have high confidence
         importance: 0.8, // explicit saves are high importance
         fingerprint,
+        sourceType: "tool",
         verificationState: "user_confirmed",
         scopeId,
         firstSeenAt: now,
@@ -187,7 +189,7 @@ export async function handleMemoryUpdate(
     }
 
     const now = Date.now();
-    const trimmedStatement = truncate(statement.trim(), 500, "");
+    const trimmedStatement = statement.trim();
 
     const fingerprint = computeMemoryFingerprint(
       scopeId,
@@ -221,6 +223,7 @@ export async function handleMemoryUpdate(
         fingerprint,
         lastSeenAt: now,
         importance: 0.8,
+        sourceType: "tool",
         verificationState: "user_confirmed",
       })
       .where(eq(memoryItems.id, existing.id))
@@ -308,7 +311,7 @@ export async function handleMemoryRecall(
         items: [],
         sources: {
           semantic: recall.semanticHits,
-          recency: recall.recencyHits,
+          recency: 0,
         },
       };
       return {
@@ -328,7 +331,7 @@ export async function handleMemoryRecall(
       })),
       sources: {
         semantic: recall.semanticHits,
-        recency: recall.recencyHits,
+        recency: 0,
       },
     };
 
@@ -416,7 +419,7 @@ export async function handleMemoryDelete(
 function inferSubjectFromStatement(statement: string): string {
   // Take first few words as a subject label
   const words = statement.split(/\s+/).slice(0, 6).join(" ");
-  return truncate(words, 80, "");
+  return words;
 }
 
 /**

package/src/tools/terminal/safe-env.ts

@@ -28,6 +28,7 @@ const SAFE_ENV_VARS = [
   "GPG_TTY",
   "GNUPGHOME",
   "VELLUM_DEV",
+  "VELLUM_WORKSPACE_DIR",
 ] as const;
 
 export function buildSanitizedEnv(): Record<string, string> {

package/src/util/browser.ts

@@ -0,0 +1,15 @@
+import { isLinux, isMacOS } from "./platform.js";
+
+/**
+ * Open a URL in the user's default browser, falling back to printing the URL
+ * to stderr on unsupported platforms.
+ */
+export function openInBrowser(url: string): void {
+  if (isMacOS()) {
+    Bun.spawn(["open", url], { stdout: "ignore", stderr: "ignore" });
+  } else if (isLinux()) {
+    Bun.spawn(["xdg-open", url], { stdout: "ignore", stderr: "ignore" });
+  } else {
+    process.stderr.write(`Open this URL to authorize:\n\n${url}\n`);
+  }
+}

package/src/util/platform.ts

@@ -324,7 +324,7 @@ export function getSignalsDir(): string {
 /**
  * Returns the workspace root for user-facing state.
  *
- * When the WORKSPACE_DIR env var is set, returns that value (used in
+ * When the VELLUM_WORKSPACE_DIR env var is set, returns that value (used in
  * containerized deployments where the workspace is a separate volume).
  * Otherwise falls back to ~/.vellum/workspace.
  *

package/src/workspace/migrations/016-migrate-credentials-from-keychain.ts

@@ -105,10 +105,10 @@ export const migrateCredentialsFromKeychainMigration: WorkspaceMigration = {
     }
 
     if (!brokerAvailable) {
-      // Unlike migration 015, we return silently here. If the broker is not
-      // available, credentials may already be in the encrypted store from
-      // before migration 015 ran, or from a non-desktop environment.
-      return;
+      throw new Error(
+        "Keychain broker not available after waiting — credential migration " +
+          "will be retried on next startup",
+      );
     }
 
     const { setKey } = await import("../../security/encrypted-store.js");

package/src/workspace/migrations/017-seed-persona-dirs.ts

@@ -8,7 +8,7 @@ import {
 } from "node:fs";
 import { join } from "node:path";
 
-import { eq } from "drizzle-orm";
+import { desc, eq } from "drizzle-orm";
 
 import { generateUserFileSlug } from "../../contacts/contact-store.js";
 import { getDb } from "../../memory/db.js";
@@ -68,6 +68,7 @@ export const seedPersonaDirsMigration: WorkspaceMigration = {
         .select()
         .from(contacts)
         .where(eq(contacts.role, "guardian"))
+        .orderBy(desc(contacts.createdAt))
         .limit(1)
         .get();
 

package/src/workspace/migrations/018-rekey-compound-credential-keys.ts

@@ -0,0 +1,184 @@
+import { credentialKey } from "../../security/credential-key.js";
+import { getLogger } from "../../util/logger.js";
+import type { WorkspaceMigration } from "./types.js";
+
+const log = getLogger("workspace-migrations");
+const CREDENTIAL_PREFIX = "credential/";
+
+/**
+ * Re-key compound credential storage keys from the old indexOf-based split
+ * to the new lastIndexOf-based split.
+ *
+ * The old code split "integration:google:access_token" at the first colon:
+ *   service = "integration", field = "google:access_token"
+ *   → key = "credential/integration/google:access_token"
+ *
+ * The new code splits at the last colon:
+ *   service = "integration:google", field = "access_token"
+ *   → key = "credential/integration:google/access_token"
+ *
+ * Detection heuristic: if the field portion of a stored key contains a colon,
+ * it was stored with the old indexOf logic and needs re-keying. Simple
+ * service:field names (single colon) produce the same key with both methods
+ * and don't need migration.
+ */
+export const rekeyCompoundCredentialKeysMigration: WorkspaceMigration = {
+  id: "018-rekey-compound-credential-keys",
+  description:
+    "Re-key compound credential keys from indexOf to lastIndexOf split format",
+
+  async run(_workspaceDir: string): Promise<void> {
+    const {
+      listSecureKeysAsync,
+      getSecureKeyAsync,
+      setSecureKeyAsync,
+      deleteSecureKeyAsync,
+    } = await import("../../security/secure-keys.js");
+
+    const { accounts, unreachable } = await listSecureKeysAsync();
+    if (unreachable) {
+      throw new Error(
+        "Credential store unreachable — migration will be retried on next startup",
+      );
+    }
+
+    let migratedCount = 0;
+    let failedCount = 0;
+
+    for (const account of accounts) {
+      if (!account.startsWith(CREDENTIAL_PREFIX)) continue;
+
+      const rest = account.slice(CREDENTIAL_PREFIX.length);
+      const slashIdx = rest.indexOf("/");
+      if (slashIdx < 1 || slashIdx >= rest.length - 1) continue;
+
+      const oldService = rest.slice(0, slashIdx);
+      const oldField = rest.slice(slashIdx + 1);
+
+      // Only migrate keys where the field contains a colon — these were
+      // stored using the old indexOf(":") split and need re-keying.
+      if (!oldField.includes(":")) continue;
+
+      // Reconstruct the original "service:field" name and re-split with lastIndexOf
+      const originalName = `${oldService}:${oldField}`;
+      const lastColonIdx = originalName.lastIndexOf(":");
+      const newService = originalName.slice(0, lastColonIdx);
+      const newField = originalName.slice(lastColonIdx + 1);
+      const newKey = credentialKey(newService, newField);
+
+      // Skip if the key format didn't actually change
+      if (account === newKey) continue;
+
+      // Skip if the new key already exists (idempotent — may have been
+      // partially migrated or the user already stored under the new format)
+      const existingNewValue = await getSecureKeyAsync(newKey);
+      if (existingNewValue !== undefined) {
+        // New key exists — just clean up the old orphaned key
+        await deleteSecureKeyAsync(account);
+        log.info(
+          { oldKey: account, newKey },
+          "Deleted orphaned old-format credential key (new key already exists)",
+        );
+        migratedCount++;
+        continue;
+      }
+
+      const value = await getSecureKeyAsync(account);
+      if (value === undefined) continue;
+
+      // Write new key first, then delete old key (crash-safe order)
+      const stored = await setSecureKeyAsync(newKey, value);
+      if (!stored) {
+        log.warn(
+          { oldKey: account, newKey },
+          "Failed to write re-keyed credential — skipping",
+        );
+        failedCount++;
+        continue;
+      }
+
+      await deleteSecureKeyAsync(account);
+      migratedCount++;
+      log.info({ oldKey: account, newKey }, "Re-keyed compound credential");
+    }
+
+    if (migratedCount > 0 || failedCount > 0) {
+      log.info(
+        { migratedCount, failedCount },
+        "Compound credential key migration complete",
+      );
+    }
+  },
+
+  async down(_workspaceDir: string): Promise<void> {
+    // Reverse: re-key from lastIndexOf format back to indexOf format.
+    // Keys where the service contains ":" were migrated from old format.
+    const {
+      listSecureKeysAsync,
+      getSecureKeyAsync,
+      setSecureKeyAsync,
+      deleteSecureKeyAsync,
+    } = await import("../../security/secure-keys.js");
+
+    const { accounts, unreachable } = await listSecureKeysAsync();
+    if (unreachable) {
+      throw new Error(
+        "Credential store unreachable — rollback will be retried on next startup",
+      );
+    }
+
+    let rolledBackCount = 0;
+    let failedCount = 0;
+
+    for (const account of accounts) {
+      if (!account.startsWith(CREDENTIAL_PREFIX)) continue;
+
+      const rest = account.slice(CREDENTIAL_PREFIX.length);
+      const slashIdx = rest.indexOf("/");
+      if (slashIdx < 1 || slashIdx >= rest.length - 1) continue;
+
+      const service = rest.slice(0, slashIdx);
+      const field = rest.slice(slashIdx + 1);
+
+      // Only rollback keys where the service contains ":" — these are in
+      // the new lastIndexOf format and need reverting to indexOf format.
+      if (!service.includes(":")) continue;
+
+      // Reconstruct the original name and re-split with indexOf (old format)
+      const originalName = `${service}:${field}`;
+      const firstColonIdx = originalName.indexOf(":");
+      const oldService = originalName.slice(0, firstColonIdx);
+      const oldField = originalName.slice(firstColonIdx + 1);
+      const oldKey = credentialKey(oldService, oldField);
+
+      if (account === oldKey) continue;
+
+      const value = await getSecureKeyAsync(account);
+      if (value === undefined) continue;
+
+      const stored = await setSecureKeyAsync(oldKey, value);
+      if (!stored) {
+        log.warn(
+          { newKey: account, oldKey },
+          "Failed to rollback re-keyed credential — skipping",
+        );
+        failedCount++;
+        continue;
+      }
+
+      await deleteSecureKeyAsync(account);
+      rolledBackCount++;
+      log.info(
+        { newKey: account, oldKey },
+        "Rolled back compound credential key",
+      );
+    }
+
+    if (rolledBackCount > 0 || failedCount > 0) {
+      log.info(
+        { rolledBackCount, failedCount },
+        "Compound credential key rollback complete",
+      );
+    }
+  },
+};

package/src/workspace/migrations/019-scope-journal-to-guardian.ts

@@ -0,0 +1,103 @@
+import {
+  existsSync,
+  mkdirSync,
+  readdirSync,
+  renameSync,
+  rmdirSync,
+  statSync,
+} from "node:fs";
+import { join } from "node:path";
+
+import { desc, eq } from "drizzle-orm";
+
+import { getDb } from "../../memory/db.js";
+import { contacts } from "../../memory/schema/contacts.js";
+import type { WorkspaceMigration } from "./types.js";
+
+export const scopeJournalToGuardianMigration: WorkspaceMigration = {
+  id: "019-scope-journal-to-guardian",
+  description:
+    "Move root journal entries into per-user subdirectory for guardian",
+
+  run(workspaceDir: string): void {
+    const journalDir = join(workspaceDir, "journal");
+    if (!existsSync(journalDir)) return;
+
+    // Find .md files in the root journal directory (not in subdirs)
+    let entries: string[];
+    try {
+      entries = readdirSync(journalDir);
+    } catch {
+      return;
+    }
+    const mdFiles = entries.filter((f) => {
+      if (!f.endsWith(".md") || f.toLowerCase() === "readme.md") return false;
+      try {
+        return statSync(join(journalDir, f)).isFile();
+      } catch {
+        return false;
+      }
+    });
+    if (mdFiles.length === 0) return;
+
+    // Resolve guardian user slug (same pattern as 017-seed-persona-dirs)
+    let slug = "guardian";
+    try {
+      const db = getDb();
+      const guardian = db
+        .select()
+        .from(contacts)
+        .where(eq(contacts.role, "guardian"))
+        .orderBy(desc(contacts.createdAt))
+        .limit(1)
+        .get();
+      if (guardian?.userFile) {
+        slug = guardian.userFile.replace(/\.md$/, "");
+      }
+    } catch {
+      // DB not ready — use fallback "guardian"
+    }
+
+    // Create per-user directory and move files (renameSync preserves birthtimes)
+    const destDir = join(journalDir, slug);
+    mkdirSync(destDir, { recursive: true });
+    for (const f of mdFiles) {
+      const src = join(journalDir, f);
+      const dest = join(destDir, f);
+      if (!existsSync(dest)) {
+        renameSync(src, dest);
+      }
+    }
+  },
+
+  down(workspaceDir: string): void {
+    const journalDir = join(workspaceDir, "journal");
+    if (!existsSync(journalDir)) return;
+    let entries: string[];
+    try {
+      entries = readdirSync(journalDir);
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      const subdir = join(journalDir, entry);
+      try {
+        if (!statSync(subdir).isDirectory()) continue;
+      } catch {
+        continue;
+      }
+      for (const f of readdirSync(subdir)) {
+        if (!f.endsWith(".md")) continue;
+        const dest = join(journalDir, f);
+        if (!existsSync(dest)) {
+          renameSync(join(subdir, f), dest);
+        }
+      }
+      try {
+        rmdirSync(subdir);
+      } catch {
+        // not empty — leave it
+      }
+    }
+  },
+};

package/src/workspace/migrations/migrate-to-workspace-volume.ts

@@ -2,13 +2,13 @@
  * Workspace migration: Migrate workspace data from /data to /workspace volume.
  *
  * In the old Docker volume layout, workspace data lived at
- * `$BASE_DATA_DIR/.vellum/workspace`. In the new layout, WORKSPACE_DIR points
+ * `$BASE_DATA_DIR/.vellum/workspace`. In the new layout, VELLUM_WORKSPACE_DIR points
  * to a dedicated volume (e.g. `/workspace`). On first boot with the new layout,
  * this migration copies existing workspace data from the old location to the
  * new volume so nothing is lost.
  *
  * Idempotent:
- * - Skips if WORKSPACE_DIR is not set (non-Docker or old layout).
+ * - Skips if VELLUM_WORKSPACE_DIR is not set (non-Docker or old layout).
  * - Skips if the workspace volume already has data (config.json exists).
  * - Skips if the sentinel file exists (already migrated).
  * - Skips if the old workspace directory doesn't exist or is empty.
@@ -34,7 +34,7 @@ const SENTINEL_FILENAME = ".workspace-volume-migrated";
 export const migrateToWorkspaceVolumeMigration: WorkspaceMigration = {
   id: "014-migrate-to-workspace-volume",
   description:
-    "Copy workspace data from old /data/.vellum/workspace to new WORKSPACE_DIR volume on first boot",
+    "Copy workspace data from old /data/.vellum/workspace to new VELLUM_WORKSPACE_DIR volume on first boot",
 
   down(workspaceDir: string): void {
     // This migration copies data between volumes. Actually reversing the copy
@@ -55,7 +55,7 @@ export const migrateToWorkspaceVolumeMigration: WorkspaceMigration = {
   run(workspaceDir: string): void {
     const workspaceDirOverride = getWorkspaceDirOverride();
 
-    // Only relevant when WORKSPACE_DIR is explicitly set (Docker with separate volume)
+    // Only relevant when VELLUM_WORKSPACE_DIR is explicitly set (Docker with separate volume)
     if (!workspaceDirOverride) return;
 
     const sentinelPath = join(workspaceDir, SENTINEL_FILENAME);

package/src/workspace/migrations/registry.ts

@@ -14,6 +14,8 @@ import { migrateCredentialsToKeychainMigration } from "./015-migrate-credentials
 import { extractFeatureFlagsToProtectedMigration } from "./016-extract-feature-flags-to-protected.js";
 import { migrateCredentialsFromKeychainMigration } from "./016-migrate-credentials-from-keychain.js";
 import { seedPersonaDirsMigration } from "./017-seed-persona-dirs.js";
+import { rekeyCompoundCredentialKeysMigration } from "./018-rekey-compound-credential-keys.js";
+import { scopeJournalToGuardianMigration } from "./019-scope-journal-to-guardian.js";
 import { migrateToWorkspaceVolumeMigration } from "./migrate-to-workspace-volume.js";
 import type { WorkspaceMigration } from "./types.js";
 
@@ -39,4 +41,6 @@ export const WORKSPACE_MIGRATIONS: WorkspaceMigration[] = [
   migrateCredentialsFromKeychainMigration,
   seedPersonaDirsMigration,
   extractFeatureFlagsToProtectedMigration,
+  rekeyCompoundCredentialKeysMigration,
+  scopeJournalToGuardianMigration,
 ];

package/src/workspace/provider-commit-message-generator.ts

@@ -52,15 +52,7 @@ const KEYLESS_PROVIDERS = new Set(["ollama"]);
 const deterministicProvider = new DefaultCommitMessageProvider();
 
 function getProviderCandidates(config: ReturnType<typeof getConfig>): string[] {
-  const order = Array.isArray(config.providerOrder) ? config.providerOrder : [];
-  const seen = new Set<string>();
-  const out: string[] = [];
-  for (const name of [config.services.inference.provider, ...order]) {
-    if (seen.has(name)) continue;
-    seen.add(name);
-    out.push(name);
-  }
-  return out;
+  return [config.services.inference.provider];
 }
 
 function buildDeterministicResult(
@@ -121,7 +113,7 @@ export class ProviderCommitMessageGenerator {
 
     // ── Fallback check order (canonical) ──────────────────────────────
     // 1. disabled
-    // 2. resolve configured provider via fail-open selection:
+    // 2. resolve configured provider:
     //    - missing_provider_api_key OR provider_not_initialized
     // 3. selected-provider API key preflight (except keyless providers)
     // 4. breaker_open
@@ -138,7 +130,7 @@ export class ProviderCommitMessageGenerator {
       return buildDeterministicResult(context, "disabled");
     }
 
-    // Step 2: Resolve configured provider using fail-open semantics.
+    // Step 2: Resolve configured provider.
     // If nothing is resolvable, differentiate likely missing-key cases from
     // true registry/init failures.
     const resolved = await resolveConfiguredProvider();
@@ -168,18 +160,17 @@ export class ProviderCommitMessageGenerator {
     }
 
     const provider = resolved.provider;
-    const selectedProviderName = resolved.selectedProviderName;
+    const providerName = resolved.configuredProviderName;
 
-    // Step 2b: API key preflight for the selected provider (skip keyless).
-    if (!KEYLESS_PROVIDERS.has(selectedProviderName)) {
-      const providerApiKey = await getSecureKeyAsync(selectedProviderName);
+    // Step 2b: API key preflight for the configured provider (skip keyless).
+    if (!KEYLESS_PROVIDERS.has(providerName)) {
+      const providerApiKey = await getSecureKeyAsync(providerName);
       if (!providerApiKey) {
         log.debug(
           {
-            selectedProvider: selectedProviderName,
-            configuredProvider: config.services.inference.provider,
+            provider: providerName,
           },
-          "Selected provider API key missing; falling back to deterministic",
+          "Provider API key missing; falling back to deterministic",
         );
         return buildDeterministicResult(context, "missing_provider_api_key");
       }
@@ -211,13 +202,13 @@ export class ProviderCommitMessageGenerator {
 
     // Step 5: Fast model preflight — resolve before any provider call
     const fastModel =
-      llmConfig.providerFastModelOverrides[selectedProviderName] ??
-      PROVIDER_DEFAULT_FAST_MODELS[selectedProviderName];
+      llmConfig.providerFastModelOverrides[providerName] ??
+      PROVIDER_DEFAULT_FAST_MODELS[providerName];
 
     if (!fastModel) {
       log.debug(
         {
-          provider: selectedProviderName,
+          provider: providerName,
           configuredProvider: config.services.inference.provider,
         },
         "No fast model resolvable for provider; falling back to deterministic",