npm - @vellumai/assistant - Versions diffs - 0.7.2 → 0.7.3 - Mend

@vellumai/assistant 0.7.2 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (347) hide show

package/ARCHITECTURE.md +16 -1
package/docs/architecture/memory.md +5 -2
package/node_modules/@vellumai/gateway-client/src/ipc-client.ts +13 -4
package/node_modules/@vellumai/skill-host-contracts/src/assistant-event.ts +0 -9
package/node_modules/@vellumai/slack-text/src/index.test.ts +18 -35
package/node_modules/@vellumai/slack-text/src/index.ts +2 -48
package/openapi.yaml +449 -22
package/package.json +1 -1
package/src/__tests__/app-control-flow.test.ts +21 -11
package/src/__tests__/assistant-event-hub.test.ts +48 -0
package/src/__tests__/assistant-event.test.ts +0 -10
package/src/__tests__/assistant-events-sse-hardening.test.ts +2 -7
package/src/__tests__/assistant-feature-flags-integration.test.ts +18 -0
package/src/__tests__/auto-analysis-end-to-end.test.ts +62 -1
package/src/__tests__/background-workers-disk-pressure.test.ts +268 -0
package/src/__tests__/call-conversation-messages.test.ts +8 -2
package/src/__tests__/channel-inbound-disk-pressure.test.ts +537 -0
package/src/__tests__/channel-readiness-service.test.ts +4 -2
package/src/__tests__/config-loader-backfill.test.ts +379 -0
package/src/__tests__/config-schema.test.ts +1 -0
package/src/__tests__/config-watcher-cleanup-throttle.test.ts +18 -9
package/src/__tests__/config-watcher.test.ts +140 -69
package/src/__tests__/context-search-agent-runner.test.ts +61 -3
package/src/__tests__/context-search-conversations-source.test.ts +0 -24
package/src/__tests__/context-search-fanout.test.ts +0 -1
package/src/__tests__/context-search-memory-source.test.ts +3 -7
package/src/__tests__/context-search-memory-v2-source.test.ts +0 -2
package/src/__tests__/context-search-pkb-source.test.ts +0 -1
package/src/__tests__/context-search-workspace-source.test.ts +0 -1
package/src/__tests__/conversation-abort-tool-results.test.ts +6 -0
package/src/__tests__/conversation-agent-loop-disk-pressure.test.ts +223 -0
package/src/__tests__/conversation-agent-loop.test.ts +454 -5
package/src/__tests__/conversation-error.test.ts +150 -3
package/src/__tests__/conversation-process-callsite.test.ts +43 -0
package/src/__tests__/conversation-provider-retry-repair.test.ts +6 -0
package/src/__tests__/conversation-runtime-assembly.test.ts +65 -0
package/src/__tests__/conversation-slash-unknown.test.ts +6 -0
package/src/__tests__/conversation-speed-override.test.ts +0 -3
package/src/__tests__/conversation-store.test.ts +0 -18
package/src/__tests__/conversation-surfaces-app-control.test.ts +15 -4
package/src/__tests__/conversation-surfaces-data-persist.test.ts +404 -0
package/src/__tests__/conversation-tool-setup-app-refresh.test.ts +2 -5
package/src/__tests__/conversation-workspace-injection.test.ts +6 -0
package/src/__tests__/conversation-workspace-tool-tracking.test.ts +6 -0
package/src/__tests__/credentials-cli.test.ts +7 -0
package/src/__tests__/cu-unified-flow.test.ts +176 -10
package/src/__tests__/date-context.test.ts +164 -2
package/src/__tests__/disk-pressure-guard.test.ts +262 -0
package/src/__tests__/disk-pressure-lifecycle.test.ts +168 -0
package/src/__tests__/disk-pressure-policy.test.ts +241 -0
package/src/__tests__/disk-pressure-routes.test.ts +379 -0
package/src/__tests__/disk-pressure-tools.test.ts +277 -0
package/src/__tests__/disk-usage.test.ts +150 -0
package/src/__tests__/events-client-registration.test.ts +52 -0
package/src/__tests__/events-dev-bypass-actor.test.ts +162 -0
package/src/__tests__/file-write-tool.test.ts +4 -10
package/src/__tests__/filing-service.test.ts +3 -4
package/src/__tests__/heartbeat-disk-pressure.test.ts +183 -0
package/src/__tests__/heartbeat-service.test.ts +260 -11
package/src/__tests__/host-app-control-proxy.test.ts +195 -25
package/src/__tests__/host-bash-proxy.test.ts +227 -34
package/src/__tests__/host-bash-routes.test.ts +178 -13
package/src/__tests__/host-cu-proxy.test.ts +210 -3
package/src/__tests__/host-cu-routes-targeted.test.ts +141 -12
package/src/__tests__/host-file-proxy-targeted.test.ts +48 -9
package/src/__tests__/host-file-proxy.test.ts +268 -6
package/src/__tests__/host-file-routes-targeted.test.ts +175 -17
package/src/__tests__/host-transfer-proxy-targeted.test.ts +408 -59
package/src/__tests__/host-transfer-routes-targeted.test.ts +232 -17
package/src/__tests__/http-user-message-parity.test.ts +107 -1
package/src/__tests__/injector-chain.test.ts +18 -6
package/src/__tests__/injector-disk-pressure.test.ts +224 -0
package/src/__tests__/managed-profile-guard.test.ts +18 -0
package/src/__tests__/mcp-abort-signal.test.ts +130 -0
package/src/__tests__/memory-admin-recall.test.ts +3 -11
package/src/__tests__/memory-retrieval-pipeline.test.ts +22 -1
package/src/__tests__/normalize-onboarding.test.ts +180 -0
package/src/__tests__/oauth-connect-routes.test.ts +316 -0
package/src/__tests__/oauth-provider-seed-logos.test.ts +24 -2
package/src/__tests__/onboarding-persona-write.test.ts +308 -0
package/src/__tests__/openai-provider.test.ts +45 -8
package/src/__tests__/persist-onboarding-artifacts.test.ts +44 -64
package/src/__tests__/platform-callback-registration.test.ts +21 -4
package/src/__tests__/platform.test.ts +2 -1
package/src/__tests__/playbook-execution.test.ts +0 -43
package/src/__tests__/plugin-tool-contribution.test.ts +47 -0
package/src/__tests__/prechat-onboarding-contract.test.ts +214 -27
package/src/__tests__/provider-tool-name.test.ts +23 -0
package/src/__tests__/relay-server.test.ts +15 -4
package/src/__tests__/runtime-events-sse.test.ts +4 -8
package/src/__tests__/scheduler-disk-pressure.test.ts +148 -0
package/src/__tests__/secret-ingress-http.test.ts +0 -1
package/src/__tests__/suggestion-routes.test.ts +46 -0
package/src/__tests__/twilio-validation.test.ts +2 -2
package/src/__tests__/workspace-migration-065-bump-stale-heartbeat-interval.test.ts +122 -0
package/src/__tests__/workspace-migration-066-seed-heartbeat-callsite-cost-default.test.ts +285 -0
package/src/__tests__/workspace-migration-068-release-notes-local-timezone.test.ts +90 -0
package/src/__tests__/workspace-migration-safe-storage-limits-release.test.ts +90 -0
package/src/approvals/guardian-decision-primitive.ts +13 -0
package/src/approvals/guardian-request-resolvers.ts +16 -17
package/src/backup/snapshot-lock.ts +2 -27
package/src/bundler/compiler-tools.ts +3 -2
package/src/calls/call-conversation-messages.ts +46 -10
package/src/cli/commands/__tests__/webhooks.test.ts +0 -4
package/src/cli/commands/bash.ts +35 -108
package/src/cli/commands/contacts.ts +64 -25
package/src/cli/commands/credentials.ts +56 -0
package/src/cli/commands/memory-v2.ts +7 -6
package/src/cli/commands/oauth/__tests__/connect.test.ts +437 -1
package/src/cli/commands/oauth/connect.ts +127 -1
package/src/cli/commands/platform/__tests__/callback-routes-list.test.ts +0 -3
package/src/cli/commands/platform/__tests__/connect.test.ts +7 -1
package/src/cli/commands/platform/__tests__/disconnect.test.ts +7 -1
package/src/cli/commands/platform/__tests__/status.test.ts +103 -6
package/src/cli/commands/platform/index.ts +16 -7
package/src/cli/commands/status.ts +57 -0
package/src/cli/program.ts +4 -2
package/src/config/assistant-feature-flags.ts +13 -3
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +4 -3
package/src/config/bundled-skills/phone-calls/references/TROUBLESHOOTING.md +13 -7
package/src/config/bundled-skills/playbooks/tools/playbook-create.ts +2 -2
package/src/config/bundled-skills/playbooks/tools/playbook-delete.ts +2 -2
package/src/config/bundled-skills/playbooks/tools/playbook-list.ts +2 -2
package/src/config/bundled-skills/playbooks/tools/playbook-update.ts +2 -2
package/src/config/env.ts +0 -8
package/src/config/feature-flag-registry.json +27 -3
package/src/config/loader.ts +127 -8
package/src/config/schemas/__tests__/memory-v2.test.ts +10 -5
package/src/config/schemas/call-site-catalog.ts +14 -0
package/src/config/schemas/channels.ts +0 -5
package/src/config/schemas/heartbeat.ts +1 -1
package/src/config/schemas/llm.ts +2 -0
package/src/config/schemas/memory-lifecycle.ts +13 -0
package/src/config/schemas/memory-v2.ts +75 -11
package/src/config/schemas/platform.ts +43 -3
package/src/config/schemas/services.ts +28 -0
package/src/config/seed-inference-profiles.ts +230 -33
package/src/contacts/contact-store.ts +0 -25
package/src/daemon/__tests__/conversation-tool-setup.test.ts +86 -25
package/src/daemon/assistant-attachments.ts +4 -4
package/src/daemon/config-watcher.ts +85 -57
package/src/daemon/conversation-agent-loop-handlers.ts +6 -0
package/src/daemon/conversation-agent-loop.ts +170 -33
package/src/daemon/conversation-error.ts +87 -15
package/src/daemon/conversation-lifecycle.ts +1 -3
package/src/daemon/conversation-process.ts +8 -0
package/src/daemon/conversation-runtime-assembly.ts +26 -0
package/src/daemon/conversation-store.ts +2 -2
package/src/daemon/conversation-surfaces.ts +195 -15
package/src/daemon/conversation-tool-setup.ts +57 -14
package/src/daemon/conversation.ts +17 -22
package/src/daemon/date-context.ts +71 -22
package/src/daemon/disk-pressure-background-gate.ts +73 -0
package/src/daemon/disk-pressure-guard.ts +343 -0
package/src/daemon/disk-pressure-policy.ts +163 -0
package/src/daemon/handlers/shared.ts +0 -1
package/src/daemon/handlers/skills.ts +3 -4
package/src/daemon/host-app-control-proxy.ts +137 -41
package/src/daemon/host-bash-proxy.ts +46 -21
package/src/daemon/host-cu-proxy.ts +49 -3
package/src/daemon/host-file-proxy.ts +43 -7
package/src/daemon/host-transfer-proxy.ts +95 -4
package/src/daemon/lifecycle.ts +79 -28
package/src/daemon/meet-host-supervisor.ts +4 -4
package/src/daemon/meet-manifest-loader.ts +0 -1
package/src/daemon/memory-v2-startup.ts +14 -4
package/src/daemon/message-protocol.ts +3 -0
package/src/daemon/message-types/conversations.ts +4 -0
package/src/daemon/message-types/disk-pressure.ts +9 -0
package/src/daemon/message-types/messages.ts +3 -0
package/src/daemon/profiler-run-store.ts +5 -5
package/src/daemon/tool-setup-types.ts +2 -2
package/src/documents/document-store.ts +85 -0
package/src/filing/filing-service.ts +30 -5
package/src/heartbeat/__tests__/heartbeat-feed-event.test.ts +9 -16
package/src/heartbeat/__tests__/heartbeat-run-store.test.ts +36 -0
package/src/heartbeat/heartbeat-run-store.ts +13 -0
package/src/heartbeat/heartbeat-service.ts +205 -31
package/src/home/feed-scheduler.ts +18 -0
package/src/inbound/platform-callback-registration.ts +8 -15
package/src/ipc/__tests__/clients-list-ipc.test.ts +169 -0
package/src/ipc/assistant-server.ts +56 -2
package/src/ipc/gateway-client.ts +37 -3
package/src/live-voice/live-voice-archive.ts +4 -4
package/src/live-voice/protocol.ts +5 -7
package/src/media/image-service.ts +1 -7
package/src/memory/__tests__/fixtures/memory-v2-activation-fixtures.ts +21 -13
package/src/memory/__tests__/jobs-worker-v2-schedule.test.ts +52 -22
package/src/memory/__tests__/memory-v2-activation-log-store.test.ts +0 -6
package/src/memory/__tests__/memory-v2-concept-frequency.test.ts +272 -0
package/src/memory/admin.ts +5 -9
package/src/memory/context-search/agent-runner.ts +19 -2
package/src/memory/context-search/sources/conversations.ts +2 -11
package/src/memory/context-search/sources/memory-v2.ts +5 -4
package/src/memory/context-search/sources/memory.ts +0 -1
package/src/memory/context-search/types.ts +0 -1
package/src/memory/conversation-crud.ts +4 -12
package/src/memory/db-init.ts +2 -0
package/src/memory/embedding-runtime-manager.ts +119 -5
package/src/memory/graph/__tests__/conversation-graph-memory-v2-routing.test.ts +32 -21
package/src/memory/graph/conversation-graph-memory.ts +42 -54
package/src/memory/graph/extraction.ts +1 -3
package/src/memory/graph/graph-search.test.ts +10 -67
package/src/memory/graph/graph-search.ts +1 -20
package/src/memory/graph/retriever.test.ts +6 -0
package/src/memory/graph/retriever.ts +6 -10
package/src/memory/indexer.ts +54 -45
package/src/memory/job-handlers/backfill.ts +2 -11
package/src/memory/job-handlers/cleanup.ts +43 -0
package/src/memory/job-handlers/embedding.ts +6 -8
package/src/memory/job-handlers/summarization.ts +2 -7
package/src/memory/jobs-store.ts +48 -0
package/src/memory/jobs-worker.ts +81 -43
package/src/memory/memory-v2-activation-log-store.ts +32 -14
package/src/memory/memory-v2-concept-frequency.ts +169 -0
package/src/memory/migrations/239-trace-events-created-at-index.ts +18 -0
package/src/memory/migrations/index.ts +1 -0
package/src/memory/pkb/pkb-search.test.ts +6 -0
package/src/memory/qdrant-client.ts +0 -13
package/src/memory/rerank-local.ts +374 -0
package/src/memory/search/semantic.ts +6 -67
package/src/memory/trace-event-store.ts +1 -17
package/src/memory/v2/__tests__/activation.test.ts +311 -250
package/src/memory/v2/__tests__/consolidation-job.test.ts +40 -8
package/src/memory/v2/__tests__/injection.test.ts +157 -167
package/src/memory/v2/__tests__/prompts-consolidation.test.ts +61 -2
package/src/memory/v2/__tests__/qdrant.test.ts +16 -0
package/src/memory/v2/__tests__/reranker.test.ts +338 -0
package/src/memory/v2/__tests__/sim.test.ts +5 -199
package/src/memory/v2/__tests__/skill-store.test.ts +71 -65
package/src/memory/v2/__tests__/static-context.test.ts +76 -1
package/src/memory/v2/activation.ts +149 -156
package/src/memory/v2/consolidation-job.ts +62 -12
package/src/memory/v2/injection.ts +47 -60
package/src/memory/v2/prompts/consolidation.ts +36 -1
package/src/memory/v2/qdrant.ts +99 -0
package/src/memory/v2/reranker.ts +177 -0
package/src/memory/v2/sim.ts +10 -84
package/src/memory/v2/skill-content.ts +4 -3
package/src/memory/v2/skill-store.ts +82 -59
package/src/memory/v2/static-context.ts +22 -0
package/src/memory/v2/types.ts +10 -10
package/src/notifications/copy-composer.ts +13 -0
package/src/notifications/signal.ts +4 -0
package/src/oauth/AGENTS.md +3 -1
package/src/oauth/__tests__/oauth-connect-state.test.ts +137 -0
package/src/oauth/connect-orchestrator.ts +2 -0
package/src/oauth/connection-resolver.test.ts +66 -1
package/src/oauth/connection-resolver.ts +55 -1
package/src/oauth/oauth-connect-state.ts +77 -0
package/src/oauth/seed-providers.ts +58 -1
package/src/plugins/defaults/injectors.ts +35 -2
package/src/plugins/defaults/memory-retrieval.ts +5 -6
package/src/plugins/types.ts +7 -0
package/src/proactive-artifact/aux-message-injector.ts +74 -0
package/src/proactive-artifact/decision.test.ts +226 -0
package/src/proactive-artifact/decision.ts +165 -0
package/src/proactive-artifact/index.ts +7 -0
package/src/proactive-artifact/job.test.ts +867 -0
package/src/proactive-artifact/job.ts +352 -0
package/src/proactive-artifact/message-copy.ts +41 -0
package/src/proactive-artifact/trigger-state.test.ts +277 -0
package/src/proactive-artifact/trigger-state.ts +119 -0
package/src/prompts/normalize-onboarding.ts +80 -0
package/src/prompts/persona-resolver.ts +101 -9
package/src/prompts/system-prompt.ts +21 -7
package/src/prompts/templates/BOOTSTRAP.md +13 -5
package/src/providers/__tests__/retry-callsite.test.ts +222 -1
package/src/providers/model-intents.ts +7 -0
package/src/providers/openrouter/client.ts +8 -0
package/src/providers/retry.ts +50 -0
package/src/providers/types.ts +1 -0
package/src/runtime/__tests__/agent-wake.test.ts +456 -3
package/src/runtime/agent-wake.ts +238 -100
package/src/runtime/assistant-event-hub.ts +36 -6
package/src/runtime/assistant-event.ts +0 -1
package/src/runtime/auth/__tests__/route-policy.test.ts +64 -0
package/src/runtime/auth/route-policy.ts +14 -1
package/src/runtime/auth/same-actor.ts +216 -0
package/src/runtime/channel-retry-sweep.ts +65 -1
package/src/runtime/guardian-reply-router.ts +10 -0
package/src/runtime/local-actor-identity.ts +52 -11
package/src/runtime/pending-interactions.ts +8 -0
package/src/runtime/routes/__tests__/client-routes.test.ts +155 -0
package/src/runtime/routes/__tests__/conversation-query-routes.test.ts +0 -5
package/src/runtime/routes/__tests__/heartbeat-routes.test.ts +1 -1
package/src/runtime/routes/client-routes.ts +20 -2
package/src/runtime/routes/contact-routes.ts +0 -25
package/src/runtime/routes/conversation-routes.ts +35 -26
package/src/runtime/routes/debug-bash-routes.ts +163 -0
package/src/runtime/routes/disk-pressure-routes.ts +121 -0
package/src/runtime/routes/document-pdf-renderer.ts +6 -2
package/src/runtime/routes/documents-routes.ts +2 -75
package/src/runtime/routes/events-routes.ts +41 -9
package/src/runtime/routes/host-bash-routes.ts +23 -3
package/src/runtime/routes/host-cu-routes.ts +33 -6
package/src/runtime/routes/host-file-routes.ts +32 -6
package/src/runtime/routes/host-transfer-routes.ts +79 -16
package/src/runtime/routes/identity-routes.ts +7 -138
package/src/runtime/routes/inbound-message-handler.ts +77 -12
package/src/runtime/routes/inbound-stages/guardian-reply-intercept.ts +3 -0
package/src/runtime/routes/index.ts +6 -0
package/src/runtime/routes/memory-item-routes.test.ts +41 -15
package/src/runtime/routes/memory-v2-routes.ts +33 -0
package/src/runtime/routes/oauth-connect-routes.ts +153 -0
package/src/runtime/verification-outbound-actions.ts +4 -4
package/src/schedule/run-script.ts +37 -5
package/src/schedule/scheduler.ts +20 -1
package/src/security/encrypted-store.ts +2 -0
package/src/security/secure-keys.ts +55 -0
package/src/skills/remote-skill-policy.ts +4 -10
package/src/subagent/index.ts +1 -7
package/src/subagent/manager.ts +1 -15
package/src/tasks/task-runner.ts +0 -1
package/src/tasks/task-store.ts +0 -3
package/src/tools/background-tool-registry.ts +17 -3
package/src/tools/host-filesystem/edit.test.ts +151 -0
package/src/tools/host-filesystem/edit.ts +43 -1
package/src/tools/host-filesystem/read.test.ts +129 -0
package/src/tools/host-filesystem/read.ts +43 -1
package/src/tools/host-filesystem/transfer.test.ts +127 -2
package/src/tools/host-filesystem/transfer.ts +56 -11
package/src/tools/host-filesystem/write.test.ts +134 -0
package/src/tools/host-filesystem/write.ts +43 -1
package/src/tools/host-terminal/host-shell.ts +13 -6
package/src/tools/mcp/mcp-tool-factory.ts +2 -1
package/src/tools/memory/register.test.ts +12 -9
package/src/tools/memory/register.ts +1 -2
package/src/tools/provider-tool-name.ts +28 -0
package/src/tools/registry.ts +30 -9
package/src/tools/terminal/shell.ts +9 -1
package/src/tools/tool-approval-handler.ts +31 -6
package/src/tools/types.ts +24 -2
package/src/tts/provider-catalog.ts +3 -5
package/src/util/disk-usage.ts +138 -0
package/src/util/platform.ts +21 -11
package/src/util/process-liveness.ts +26 -0
package/src/workspace/heartbeat-service.ts +19 -0
package/src/workspace/migrations/065-bump-stale-heartbeat-interval.ts +60 -0
package/src/workspace/migrations/066-seed-heartbeat-callsite-cost-default.ts +146 -0
package/src/workspace/migrations/067-release-notes-safe-storage-limits.ts +72 -0
package/src/workspace/migrations/068-release-notes-local-timezone.ts +65 -0
package/src/workspace/migrations/registry.ts +8 -0
package/src/__tests__/conversation-tool-setup-memory-scope.test.ts +0 -167
package/src/memory/v2/__tests__/skill-qdrant.test.ts +0 -657
package/src/memory/v2/skill-qdrant.ts +0 -404
package/src/signals/bash.ts +0 -198

package/src/memory/v2/sim.ts CHANGED Viewed

@@ -30,7 +30,6 @@ import { applyCorrectionIfCalibrated } from "../anisotropy.js";
 import { embedWithBackend } from "../embedding-backend.js";
 import { clampUnitInterval } from "../validation.js";
 import { hybridQueryConceptPages } from "./qdrant.js";
-import { hybridQuerySkills } from "./skill-qdrant.js";
 import { generateBm25QueryEmbedding } from "./sparse-bm25.js";
 /**
@@ -147,6 +146,7 @@ export async function simBatch(
   text: string,
   candidateSlugs: readonly string[],
   config: AssistantConfig,
+  options?: { signal?: AbortSignal },
 ): Promise<Map<string, number>> {
   if (candidateSlugs.length === 0) {
     return new Map();
@@ -158,12 +158,16 @@ export async function simBatch(
   // Sparse uses BM25: the query side encodes binary occurrences per token,
   // and the stored doc vectors carry the IDF · TF-saturated weights — Qdrant
   // dot product then yields the BM25 score directly.
-  const denseResult = await embedWithBackend(config, [text]);
+  throwIfAborted(options?.signal);
+  const denseResult = await embedWithBackend(config, [text], {
+    signal: options?.signal,
+  });
   const denseVector = await applyCorrectionIfCalibrated(
     denseResult.vectors[0],
     denseResult.provider,
     denseResult.model,
   );
+  throwIfAborted(options?.signal);
   const sparseVector = generateBm25QueryEmbedding(text);
   const hits = await hybridQueryConceptPages(
@@ -192,92 +196,14 @@ export async function simBatch(
   for (const hit of hits) {
     scores.set(hit.slug, fuseHit(hit, maxSparse, denseWeight, sparseWeight));
   }
   return scores;
 }
-/**
- * Compute hybrid (dense + sparse) similarity scores between a query text and
- * a fixed set of candidate skill ids. Mirrors `simBatch` but targets the
- * dedicated `memory_v2_skills` Qdrant collection via `hybridQuerySkills`.
- *
- * Differences from `simBatch`:
- *   - Keys are skill `id` values (not concept-page slugs).
- *   - Restricts the query to the caller's candidate ids server-side via
- *     `hybridQuerySkills`'s `restrictToIds` parameter. Without this, when the
- *     skills collection has more skills than `ids.length`, Qdrant would
- *     return its global top-K and candidate ids absent from that top-K would
- *     silently score 0 — corrupting the activation calculation.
- *
- * Returns a `Map<id, score>` of fused scores in [0, 1]. Ids that did not hit
- * either channel are absent from the map.
- *
- * Edge cases:
- *   - Empty `ids` → returns an empty map without touching Qdrant or the
- *     embedding backend.
- *   - Empty / whitespace-only `text` → returns an empty map without touching
- *     Qdrant or the embedding backend. Same rationale as {@link simBatch}:
- *     Gemini rejects empty content with HTTP 400, so the activation pipeline
- *     would otherwise fail on turn 1 (where the assistant-text channel is
- *     `""`). Treating the channel's contribution as 0 matches a no-hit
- *     query.
- */
-export async function simSkillBatch(
-  text: string,
-  ids: readonly string[],
-  config: AssistantConfig,
-): Promise<Map<string, number>> {
-  if (ids.length === 0) {
-    return new Map();
-  }
-  if (text.trim().length === 0) {
-    return new Map();
+function throwIfAborted(signal: AbortSignal | undefined): void {
+  if (signal?.aborted) {
+    throw new DOMException("Aborted", "AbortError");
   }
-  const denseResult = await embedWithBackend(config, [text]);
-  const denseVector = await applyCorrectionIfCalibrated(
-    denseResult.vectors[0],
-    denseResult.provider,
-    denseResult.model,
-  );
-  const sparseVector = generateBm25QueryEmbedding(text);
-  const hits = await hybridQuerySkills(
-    denseVector,
-    sparseVector,
-    ids.length,
-    ids,
-  );
-  if (hits.length === 0) {
-    return new Map();
-  }
-  // Defensive post-filter — `hybridQuerySkills` restricts server-side, so
-  // every hit should already be in `ids`, but keep this guard so a buggy
-  // payload (e.g. a missing/typoed id index) can't silently inject
-  // out-of-set ids into the score map.
-  const idSet = new Set(ids);
-  const filtered = hits.filter((h) => idSet.has(h.id));
-  if (filtered.length === 0) {
-    return new Map();
-  }
-  const maxSparse = computeMaxSparse(filtered);
-  const { dense_weight: baseDense, sparse_weight: baseSparse } =
-    config.memory.v2;
-  const { dense: denseWeight, sparse: sparseWeight } = effectiveWeights(
-    filtered,
-    maxSparse,
-    baseDense,
-    baseSparse,
-    config,
-  );
-  const scores = new Map<string, number>();
-  for (const hit of filtered) {
-    scores.set(hit.id, fuseHit(hit, maxSparse, denseWeight, sparseWeight));
-  }
-  return scores;
 }
 /**

package/src/memory/v2/skill-content.ts CHANGED Viewed

@@ -2,9 +2,10 @@ import { getConfig } from "../../config/loader.js";
 import type { SkillCapabilityInput } from "../../skills/skill-memory.js";
 /**
- * Render the prose-style capability statement embedded into the
- * `memory_v2_skills` Qdrant collection and rendered in
- * `### Skills You Can Use`. Capped at 500 chars to match v1's behavior.
+ * Render the prose-style capability statement embedded into the unified
+ * `memory_v2_concept_pages` Qdrant collection (under the `skills/<id>` slug
+ * prefix) and rendered in `### Skills You Can Use`. Capped at 500 chars to
+ * match v1's behavior.
  */
 export function buildSkillContent(input: SkillCapabilityInput): string {
   let content = `The "${input.displayName}" skill (${input.id}) is available. ${input.description}.`;

package/src/memory/v2/skill-store.ts CHANGED Viewed

@@ -2,18 +2,22 @@
 // Memory v2 — Skill catalog → embedded skill entries
 // ---------------------------------------------------------------------------
 //
-// Mirrors v1's `seedSkillGraphNodes` + `seedUninstalledCatalogSkillMemories`
-// (capability-seed.ts) for the v2 pipeline: enumerate the enabled-skill
-// catalog AND uninstalled catalog skills, render each skill's prose statement
-// via `buildSkillContent`, embed dense + sparse, upsert into the dedicated
-// `memory_v2_skills` Qdrant collection, and prune stale points from prior
-// catalog state. Including uninstalled catalog skills ensures their activation
-// hints are discoverable by intent so the model can auto-install them.
+// Enumerate the enabled-skill catalog AND uninstalled catalog skills, render
+// each skill's prose statement via `buildSkillContent`, embed dense + sparse,
+// and upsert into `memory_v2_concept_pages` under the slug `skills/<id>`.
+// Including uninstalled catalog skills ensures their activation hints are
+// discoverable by intent so the model can auto-install them.
 //
-// Unlike v1, skill entries are kept in a small in-process cache so the render
-// path can fetch a `SkillEntry` synchronously by id without round-tripping to
-// Qdrant. The cache is replaced atomically at the end of a successful seed
-// run; on error the prior cache stays intact (skills are best-effort).
+// Skills share the concept-page collection rather than living in a dedicated
+// one so the per-turn activation pipeline scores them against the same
+// candidate ANN as concept pages, with the same decay and spread machinery.
+// The render path branches on the `skills/` slug prefix to surface them as
+// the `### Skills You Can Use` subsection.
+//
+// Skill entries are kept in a small in-process cache so the render path can
+// fetch a `SkillEntry` synchronously by id without round-tripping to Qdrant.
+// The cache is replaced atomically at the end of a successful seed run; on
+// error the prior cache stays intact (skills are best-effort).
 import { isAssistantFeatureFlagEnabled } from "../../config/assistant-feature-flags.js";
 import { getConfig } from "../../config/loader.js";
@@ -30,15 +34,31 @@ import {
   embedWithBackend,
   generateSparseEmbedding,
 } from "../embedding-backend.js";
+import {
+  pruneSlugsWithPrefixExcept,
+  upsertConceptPageEmbedding,
+} from "./qdrant.js";
 import {
   augmentMcpSetupDescription,
   buildSkillContent,
 } from "./skill-content.js";
-import { pruneSkillsExcept, upsertSkillEmbedding } from "./skill-qdrant.js";
 import type { SkillEntry } from "./types.js";
 const log = getLogger("memory-v2-skill-store");
+/**
+ * Slug prefix under which skill embeddings are indexed in
+ * `memory_v2_concept_pages`. Concept-page slugs must match
+ * `[a-z0-9][a-z0-9-]*(/...)*`, and `skills` matches that pattern, so the
+ * prefix coexists with hand-authored concept pages without escape work.
+ */
+export const SKILL_SLUG_PREFIX = "skills/";
+/** Compose the unified-collection slug for a skill id. */
+export function skillSlugFor(id: string): string {
+  return `${SKILL_SLUG_PREFIX}${id}`;
+}
 /**
  * Module-level cache of rendered skill entries keyed by skill id. `null` until
  * the first successful seed run completes; replaced atomically on each
@@ -47,30 +67,27 @@ const log = getLogger("memory-v2-skill-store");
 let entries: Map<string, SkillEntry> | null = null;
 /**
- * Seed (or re-seed) the v2 skill embedding collection from the live skill
- * catalog. Idempotent: safe to call repeatedly. Best-effort: never throws —
- * any failure leaves the prior `entries` cache in place and logs a warning.
+ * Seed (or re-seed) skill embeddings into the unified concept-page collection.
+ * Idempotent: safe to call repeatedly. Best-effort: never throws — any
+ * failure leaves the prior `entries` cache in place and logs a warning.
  *
  * Steps:
- *   1. Enumerate the local skill catalog and resolve each skill's enabled state
- *      (`resolveSkillStates`).
- *   2. Build a `SkillCapabilityInput` per enabled skill, applying the
- *      mcp-setup augmentation (mirrors v1) and the prose-style content render
- *      (`buildSkillContent`, capped at 500 chars).
+ *   1. Enumerate the local skill catalog and resolve each skill's enabled
+ *      state (`resolveSkillStates`).
+ *   2. Build a `SkillEntry` per enabled skill, applying the mcp-setup
+ *      augmentation and the prose-style content render (`buildSkillContent`,
+ *      capped at 500 chars).
  *   3. Defense-in-depth feature-flag filter: drop any skill whose declared
- *      `metadata.vellum.feature-flag` is currently disabled. `resolveSkillStates`
- *      already enforces this, but we mirror v1's enforcement point so the v2
- *      collection never holds an embedding for a flag-gated skill if the two
- *      ever drift.
- *   3b. Fetch the full remote catalog and seed any uninstalled skills so their
- *      activation hints are discoverable by semantic search. Best-effort: if
- *      the catalog fetch fails, only installed skills are seeded.
+ *      `metadata.vellum.feature-flag` is currently disabled.
+ *   3b. Fetch the full remote catalog and seed any uninstalled skills so
+ *      their activation hints are discoverable by semantic search. Best-effort:
+ *      if the catalog fetch fails, only installed skills are seeded.
  *   4. Embed all `content` strings in a single dense `embedWithBackend` call,
  *      and a per-skill synchronous `generateSparseEmbedding`.
- *   5. Upsert one Qdrant point per skill via `upsertSkillEmbedding` (keyed
- *      deterministically on id so re-runs replace in place).
- *   6. Call `pruneSkillsExcept` with the active id list to drop any stale
- *      points from prior catalog state (e.g. uninstalled skills).
+ *   5. Upsert one Qdrant point per skill via `upsertConceptPageEmbedding`
+ *      keyed deterministically on slug `skills/<id>`.
+ *   6. Call `pruneSlugsWithPrefixExcept(SKILL_SLUG_PREFIX, ...)` to drop any
+ *      stale points from prior catalog state (e.g. uninstalled skills).
  *   7. Replace the module-level `entries` cache with the freshly built map.
  */
 export async function seedV2SkillEntries(): Promise<void> {
@@ -83,8 +100,7 @@ export async function seedV2SkillEntries(): Promise<void> {
     // Track every locally-installed skill id (regardless of enabled/disabled
     // state) so the catalog-seeding loop below treats them all as "installed"
     // and never re-seeds a disabled skill from `getCatalog()` as if it were
-    // uninstalled. Mirrors v1's `seedUninstalledCatalogSkillMemories`, which
-    // keys off `loadSkillCatalog()` (the installed set) for the same reason.
+    // uninstalled.
     const installedIds = new Set<string>(catalog.map((s) => s.id));
     // Build the input list, applying the mcp-setup description augmentation
@@ -100,8 +116,8 @@ export async function seedV2SkillEntries(): Promise<void> {
     }
     // Seed uninstalled catalog skills so their activation hints are
-    // discoverable by intent (mirrors v1's seedUninstalledCatalogSkillMemories).
-    // Track whether the catalog was available so we can guard pruning below.
+    // discoverable by intent. Track whether the catalog was available so we
+    // can guard pruning below.
     let catalogAvailable = false;
     try {
       const fullCatalog = await getCatalog();
@@ -135,24 +151,29 @@ export async function seedV2SkillEntries(): Promise<void> {
     const now = Date.now();
     const nextEntries = new Map<string, SkillEntry>();
-    for (let i = 0; i < seeds.length; i++) {
-      const seed = seeds[i];
-      await upsertSkillEmbedding({
-        ...seed,
-        dense: denseVectors[i],
-        sparse: generateSparseEmbedding(seed.content),
-        updatedAt: now,
-      });
+    await Promise.all(
+      seeds.map((seed, i) =>
+        upsertConceptPageEmbedding({
+          slug: skillSlugFor(seed.id),
+          dense: denseVectors[i],
+          sparse: generateSparseEmbedding(seed.content),
+          updatedAt: now,
+        }),
+      ),
+    );
+    for (const seed of seeds) {
       nextEntries.set(seed.id, seed);
     }
-    // Prune stale points. When the catalog is unavailable (empty array from
-    // network failure or cold cache), we cannot enumerate which uninstalled
-    // catalog skills should exist, so skip pruning entirely to avoid
-    // aggressively removing previously-seeded catalog skill embeddings.
-    // Mirrors v1's safeguard in capability-seed.ts (lines 124–143).
+    // Prune stale skill slugs. When the catalog is unavailable (empty array
+    // from network failure or cold cache), we cannot enumerate which
+    // uninstalled catalog skills should exist, so skip pruning entirely to
+    // avoid aggressively removing previously-seeded catalog skill embeddings.
     if (catalogAvailable) {
-      await pruneSkillsExcept(seeds.map((s) => s.id));
+      await pruneSlugsWithPrefixExcept(
+        SKILL_SLUG_PREFIX,
+        seeds.map((s) => s.id),
+      );
     } else {
       log.info(
         "Catalog unavailable — skipping skill pruning to preserve prior catalog embeddings",
@@ -169,20 +190,22 @@ export async function seedV2SkillEntries(): Promise<void> {
 /**
  * Synchronous lookup of a previously-seeded `SkillEntry` by skill id. Returns
  * `null` when the cache has not yet been populated, when the id is unknown,
- * or when a prior seed run dropped the id (e.g. the skill was disabled). Used
- * by the render path to attach skill-related content to outgoing prompts.
+ * or when a prior seed run dropped the id (e.g. the skill was disabled).
+ *
+ * Accepts either a bare skill id (`example-skill`) or its unified-collection
+ * slug (`skills/example-skill`) so render-side callers can pass through what
+ * they have without a manual prefix strip.
  */
-export function getSkillCapability(id: string): SkillEntry | null {
+export function getSkillCapability(idOrSlug: string): SkillEntry | null {
+  const id = idOrSlug.startsWith(SKILL_SLUG_PREFIX)
+    ? idOrSlug.slice(SKILL_SLUG_PREFIX.length)
+    : idOrSlug;
   return entries?.get(id) ?? null;
 }
-/**
- * Every skill id in the cache — both installed-and-enabled skills and
- * uninstalled-catalog skills. Empty before the first `seedV2SkillEntries`
- * run completes.
- */
-export function getAllSkillIds(): string[] {
-  return entries ? [...entries.keys()] : [];
+/** True iff the slug refers to a skill entry in the unified collection. */
+export function isSkillSlug(slug: string): boolean {
+  return slug.startsWith(SKILL_SLUG_PREFIX);
 }
 /** @internal Test-only: clear the module-level cache. */

package/src/memory/v2/static-context.ts CHANGED Viewed

@@ -17,6 +17,7 @@
 // content through when `mode === "full"` (first turn / post-compaction),
 // matching the existing PKB auto-inject pattern.
+import type { ChannelId } from "../../channels/types.js";
 import { isAssistantFeatureFlagEnabled } from "../../config/assistant-feature-flags.js";
 import { loadConfig } from "../../config/loader.js";
 import { readPromptFile } from "../../prompts/system-prompt.js";
@@ -61,3 +62,24 @@ export function readMemoryV2StaticContent(): string | null {
   }
   return sections.length > 0 ? sections.join("\n\n") : null;
 }
+/**
+ * Static memory holds the user's aggregate personal pages
+ * (essentials/threads/recent/buffer). Block injection when a non-guardian
+ * actor reaches the assistant over a remote channel — otherwise the model
+ * can be prompt-injected into reciting private memory. Internal flows
+ * (`sourceChannel: "vellum"`) and turns with no trust context pass through
+ * unchanged; this gate exists only to keep remote untrusted actors out.
+ */
+export function shouldLoadMemoryV2Static(args: {
+  shouldInjectNowAndPkb: boolean;
+  sourceChannel: ChannelId | undefined;
+  isTrustedActor: boolean;
+}): boolean {
+  if (!args.shouldInjectNowAndPkb) return false;
+  const isRemoteUntrustedActor =
+    args.sourceChannel !== undefined &&
+    args.sourceChannel !== "vellum" &&
+    !args.isTrustedActor;
+  return !isRemoteUntrustedActor;
+}

package/src/memory/v2/types.ts CHANGED Viewed

@@ -85,20 +85,20 @@ export const ActivationStateSchema = z.object({
 export type ActivationState = z.infer<typeof ActivationStateSchema>;
 // ---------------------------------------------------------------------------
-// Skill autoinjection (synthetic in-memory entries, not on-disk pages)
+// Skill entries (synthetic concept-collection rows, not on-disk pages)
 // ---------------------------------------------------------------------------
 /**
- * Per-skill capability snapshot held in-process and embedded into the
- * `memory_v2_skills` Qdrant collection. `content` is the rendered
- * `buildSkillContent` string — already capped at 500 chars upstream and
- * already containing the skill's display name — and is what we embed and
- * what we render verbatim in `### Skills You Can Use`.
+ * Per-skill capability snapshot held in-process and embedded into the unified
+ * `memory_v2_concept_pages` Qdrant collection under the slug `skills/<id>`.
+ * `content` is the rendered `buildSkillContent` string — already capped at
+ * 500 chars upstream and already containing the skill's display name — and
+ * is what we embed and what we render verbatim in `### Skills You Can Use`.
  *
- * Plain interface (no Zod) because skill data does not cross a
- * serialization boundary: it is built in-process by `seedV2SkillEntries`
- * and read in-process by `renderInjectionBlock`. The Qdrant payload is
- * not parsed back through this type.
+ * Plain interface (no Zod) because skill data does not cross a serialization
+ * boundary: it is built in-process by `seedV2SkillEntries` and read in-process
+ * by `renderInjectionBlock`. The Qdrant payload is not parsed back through
+ * this type.
  */
 export interface SkillEntry {
   id: string;

package/src/notifications/copy-composer.ts CHANGED Viewed

@@ -505,6 +505,19 @@ const TEMPLATES: Partial<Record<NotificationSourceEventName, CopyTemplate>> = {
     body: str(payload.body, "A watcher event requires your attention"),
   }),
+  "heartbeat.alert": (payload) => {
+    const body = str(
+      payload.summary,
+      str(payload.body, "Your assistant found something worth your attention."),
+    );
+    return {
+      title: str(payload.title, "Heartbeat Alert"),
+      body,
+      conversationTitle: str(payload.conversationTitle, "Heartbeat"),
+      conversationSeedMessage: body,
+    };
+  },
   "tool_confirmation.required_action": (payload) => ({
     title: "Tool Confirmation",
     body: str(payload.toolName, "A tool") + " requires your confirmation",

package/src/notifications/signal.ts CHANGED Viewed

@@ -101,6 +101,10 @@ export const NOTIFICATION_SOURCE_EVENT_NAMES = [
     description:
       "OAuth credential health issue detected (expired, revoked, missing scopes)",
   },
+  {
+    id: "heartbeat.alert",
+    description: "Heartbeat found something worth surfacing to the guardian",
+  },
 ] as const;
 export type NotificationSourceEventName =

package/src/oauth/AGENTS.md CHANGED Viewed

@@ -54,7 +54,9 @@ Most existing logos come from [Simple Icons](https://simpleicons.org) (CC0-licen
 If the service is not on Simple Icons, source or create an SVG and convert it the same way. The result must be a true vector PDF (not a rasterized image wrapped in PDF) so it scales cleanly.
-The `logoUrl` field in `seed-providers.ts` still serves as the remote fallback (typically a Simple Icons CDN URL like `https://cdn.simpleicons.org/acme`). The client renders the local PDF first, then falls back to `logoUrl`, then to an initials avatar.
+The `logoUrl` field in `seed-providers.ts` serves as the remote fallback (most providers use a Simple Icons CDN URL like `https://cdn.simpleicons.org/acme`). The client renders the local PDF first, then falls back to `logoUrl`, then to an initials avatar.
+For brands Simple Icons doesn't host (e.g. Salesforce, which Simple Icons removed for trademark reasons), use the same `glincker/thesvg` source via jsDelivr — `https://cdn.jsdelivr.net/gh/glincker/thesvg@main/public/icons/<key>/default.svg`. The recognised `logoUrl` prefixes are enforced by `oauth-provider-seed-logos.test.ts`; if you need a third source, extend that allowlist alongside the manifest in `clients/shared/Resources/integration-logos-manifest.json`.
 ### 5. Secret patterns (if applicable) — `../security/secret-patterns.ts`

package/src/oauth/__tests__/oauth-connect-state.test.ts ADDED Viewed

@@ -0,0 +1,137 @@
+import { beforeEach, describe, expect, test } from "bun:test";
+import {
+  _clearAllOAuthConnectStates,
+  clearExpiredOAuthConnectStates,
+  getOAuthConnectState,
+  setOAuthConnectComplete,
+  setOAuthConnectError,
+  setOAuthConnectPending,
+} from "../oauth-connect-state.js";
+describe("oauth-connect-state", () => {
+  beforeEach(() => {
+    _clearAllOAuthConnectStates();
+  });
+  test("setOAuthConnectPending → getOAuthConnectState returns pending", () => {
+    setOAuthConnectPending("state-1", "google");
+    const result = getOAuthConnectState("state-1");
+    expect(result).toMatchObject({ status: "pending", service: "google" });
+  });
+  test("setOAuthConnectComplete without accountInfo → returns complete", () => {
+    setOAuthConnectComplete("state-1", "google");
+    const result = getOAuthConnectState("state-1");
+    expect(result).toMatchObject({ status: "complete", service: "google" });
+  });
+  test("setOAuthConnectComplete with accountInfo → returns complete with accountInfo", () => {
+    setOAuthConnectComplete("state-1", "google", "user@example.com");
+    const result = getOAuthConnectState("state-1");
+    expect(result).toMatchObject({
+      status: "complete",
+      service: "google",
+      accountInfo: "user@example.com",
+    });
+  });
+  test("setOAuthConnectComplete with grantedScopes → returns complete with grantedScopes", () => {
+    setOAuthConnectComplete("state-1", "google", "user@example.com", ["scope:read", "scope:write"]);
+    const result = getOAuthConnectState("state-1");
+    expect(result).toMatchObject({
+      status: "complete",
+      service: "google",
+      accountInfo: "user@example.com",
+      grantedScopes: ["scope:read", "scope:write"],
+    });
+  });
+  test("setOAuthConnectError → returns error with message", () => {
+    setOAuthConnectError("state-1", "google", "token exchange failed");
+    const result = getOAuthConnectState("state-1");
+    expect(result).toMatchObject({
+      status: "error",
+      service: "google",
+      error: "token exchange failed",
+    });
+  });
+  test("re-setting same state token overwrites previous", () => {
+    setOAuthConnectPending("state-1", "google");
+    setOAuthConnectComplete("state-1", "google", "user@example.com");
+    const result = getOAuthConnectState("state-1");
+    expect(result?.status).toBe("complete");
+  });
+  test("getOAuthConnectState returns null for unknown state", () => {
+    expect(getOAuthConnectState("nonexistent")).toBeNull();
+  });
+  test("_clearAllOAuthConnectStates removes all entries", () => {
+    setOAuthConnectPending("state-1", "google");
+    setOAuthConnectPending("state-2", "github");
+    _clearAllOAuthConnectStates();
+    expect(getOAuthConnectState("state-1")).toBeNull();
+    expect(getOAuthConnectState("state-2")).toBeNull();
+  });
+  test("clearExpiredOAuthConnectStates removes expired pending entries", () => {
+    setOAuthConnectPending("state-1", "google");
+    // Advance Date.now by 6 minutes past PENDING_TTL_MS (5 min)
+    const originalNow = Date.now;
+    Date.now = () => originalNow() + 6 * 60 * 1000;
+    clearExpiredOAuthConnectStates();
+    Date.now = originalNow;
+    expect(getOAuthConnectState("state-1")).toBeNull();
+  });
+  test("clearExpiredOAuthConnectStates removes expired complete entries (past 60s grace)", () => {
+    setOAuthConnectComplete("state-1", "google");
+    const originalNow = Date.now;
+    Date.now = () => originalNow() + 2 * 60 * 1000; // advance 2 minutes past 60s grace
+    clearExpiredOAuthConnectStates();
+    Date.now = originalNow;
+    expect(getOAuthConnectState("state-1")).toBeNull();
+  });
+  test("clearExpiredOAuthConnectStates removes expired error entries (past 60s grace)", () => {
+    setOAuthConnectError("state-1", "google", "token exchange failed");
+    const originalNow = Date.now;
+    Date.now = () => originalNow() + 2 * 60 * 1000; // advance 2 minutes past 60s grace
+    clearExpiredOAuthConnectStates();
+    Date.now = originalNow;
+    expect(getOAuthConnectState("state-1")).toBeNull();
+  });
+  test("clearExpiredOAuthConnectStates does not remove non-expired pending entries", () => {
+    setOAuthConnectPending("state-1", "google");
+    clearExpiredOAuthConnectStates(); // called without advancing time
+    expect(getOAuthConnectState("state-1")).not.toBeNull();
+  });
+  test("sweep-on-insert: setOAuthConnectPending purges expired entries before inserting new one", () => {
+    // 1. Add an entry that will expire
+    setOAuthConnectPending("expired-state", "google");
+    // 2. Advance Date.now past the PENDING_TTL_MS (5 min)
+    const originalNow = Date.now;
+    Date.now = () => originalNow() + 6 * 60 * 1000;
+    // 3. Insert a new entry — this should trigger clearExpiredOAuthConnectStates() internally
+    setOAuthConnectPending("new-state", "github");
+    // 4. Restore Date.now before assertions (getOAuthConnectState also calls clearExpiredOAuthConnectStates)
+    Date.now = originalNow;
+    // The expired entry must have been swept out during the insert
+    // Use the map directly via getOAuthConnectState — expired-state is gone
+    // We call _clearAllOAuthConnectStates in beforeEach so we know the map started empty.
+    // After the insert the map should only contain "new-state".
+    const expiredResult = getOAuthConnectState("expired-state");
+    expect(expiredResult).toBeNull();
+    const newResult = getOAuthConnectState("new-state");
+    expect(newResult).toMatchObject({ status: "pending", service: "github" });
+  });
+});

package/src/oauth/connect-orchestrator.ts CHANGED Viewed

@@ -81,6 +81,7 @@ export interface OAuthConnectOptions {
     success: boolean;
     service: string;
     accountInfo?: string;
+    grantedScopes?: string[];
     error?: string;
   }) => void;
 }
@@ -256,6 +257,7 @@ export async function orchestrateOAuthConnect(
               success: true,
               service: options.service,
               accountInfo: stored.accountInfo ?? parsedAccountIdentifier,
+              grantedScopes: result.grantedScopes,
             });
           } catch (err) {
             log.error(