@vellumai/assistant 0.7.3 → 0.8.0

package/src/skills/include-graph.ts

@@ -61,14 +61,10 @@ type IncludeValidationResult =
   | IncludeValidationError
   | IncludeValidationCycleError;
 
-/**
- * Validate the include graph starting from the given root skill ID.
- * Uses three-state DFS (unseen/visiting/done) to detect both missing children
- * and cycles. Returns the first error encountered in DFS order.
- */
-export function validateIncludes(
+function validateIncludeGraph(
   rootId: string,
   catalogIndex: Map<string, SkillSummary>,
+  options: { failOnMissing: boolean },
 ): IncludeValidationResult {
   const visited: string[] = [];
   type State = "unseen" | "visiting" | "done";
@@ -97,13 +93,16 @@ export function validateIncludes(
     if (skill?.includes) {
       for (const childId of skill.includes) {
         if (!catalogIndex.has(childId)) {
-          return {
-            ok: false,
-            error: "missing",
-            missingChildId: childId,
-            parentId: id,
-            path: [...ancestry],
-          };
+          if (options.failOnMissing) {
+            return {
+              ok: false,
+              error: "missing",
+              missingChildId: childId,
+              parentId: id,
+              path: [...ancestry],
+            };
+          }
+          continue;
         }
         const childError = dfs(childId);
         if (childError) return childError;
@@ -120,6 +119,29 @@ export function validateIncludes(
   return { ok: true, visited };
 }
 
+/**
+ * Validate the include graph starting from the given root skill ID.
+ * Uses three-state DFS (unseen/visiting/done) to detect both missing children
+ * and cycles. Returns the first error encountered in DFS order.
+ */
+export function validateIncludes(
+  rootId: string,
+  catalogIndex: Map<string, SkillSummary>,
+): IncludeValidationResult {
+  return validateIncludeGraph(rootId, catalogIndex, { failOnMissing: true });
+}
+
+/**
+ * Validate only cycle safety for a graph that may intentionally have missing
+ * advisory includes. Missing child IDs are skipped during traversal.
+ */
+export function validateIncludeCycles(
+  rootId: string,
+  catalogIndex: Map<string, SkillSummary>,
+): IncludeValidationResult {
+  return validateIncludeGraph(rootId, catalogIndex, { failOnMissing: false });
+}
+
 /**
  * Recursively traverse the include graph starting from the given root skill ID.
  * Returns all visited skill IDs in DFS pre-order.

package/src/tools/document/document-tool.ts

@@ -1,5 +1,9 @@
 import { randomUUID } from "node:crypto";
 
+import {
+  saveDocument,
+  updateDocumentContent,
+} from "../../documents/document-store.js";
 import type { ToolContext, ToolExecutionResult } from "../types.js";
 
 // ── Exported execute functions ──────────────────────────────────────
@@ -12,6 +16,20 @@ export function executeDocumentCreate(
   const initialContent = (input.initial_content as string | undefined) || "";
   const surfaceId = `doc-${randomUUID()}`;
 
+  // Persist the document so any client (web or macOS) can fetch it via
+  // GET /v1/documents/:id. The macOS client may later update the row
+  // via document_save; ON CONFLICT DO UPDATE handles that.
+  const wordCount = initialContent
+    .split(/\s+/)
+    .filter((w) => w.length > 0).length;
+  saveDocument({
+    surfaceId,
+    conversationId: context.conversationId,
+    title,
+    content: initialContent,
+    wordCount,
+  });
+
   // Send document_editor_show message to open the built-in RTE
   if (context.sendToClient) {
     context.sendToClient({
@@ -67,6 +85,8 @@ export function executeDocumentUpdate(
   const content = input.content as string;
   const mode = (input.mode as string | undefined) || "append";
 
+  updateDocumentContent(surfaceId, content, mode);
+
   // Send document_editor_update message to update the built-in RTE
   if (context.sendToClient) {
     context.sendToClient({

package/src/tools/executor.ts

@@ -27,6 +27,7 @@ import { applyEdit } from "./shared/filesystem/edit-engine.js";
 import { sandboxPolicy } from "./shared/filesystem/path-policy.js";
 import { MAX_FILE_SIZE_BYTES } from "./shared/filesystem/size-guard.js";
 import { ToolApprovalHandler } from "./tool-approval-handler.js";
+import { resolveToolNameAlias } from "./tool-name-aliases.js";
 import type {
   ToolContext,
   ToolExecutionResult,
@@ -76,7 +77,12 @@ export class ToolExecutor {
     };
 
     const middlewares = getMiddlewaresFor("toolExecute");
-    const pipelineArgs: ToolExecuteArgs = { name, input, context };
+    const executionName = resolveToolNameAlias(name, context.allowedToolNames);
+    const pipelineArgs: ToolExecuteArgs = {
+      name: executionName,
+      input,
+      context,
+    };
 
     // No pipeline-level timeout: `executeInternal` already wraps the real
     // tool invocation in `executeWithTimeout`, which is the sole enforcer
@@ -107,6 +113,11 @@ export class ToolExecutor {
           riskLevel: string;
           riskReason: string;
           riskScopeOptions: Array<{ pattern: string; label: string }>;
+          riskAllowlistOptions?: Array<{
+            label: string;
+            description: string;
+            pattern: string;
+          }>;
           riskDirectoryScopeOptions?: Array<{ scope: string; label: string }>;
           isContainerized?: boolean;
         }
@@ -205,6 +216,7 @@ export class ToolExecutor {
             riskLevel: permRiskMeta?.riskLevel,
             riskReason: permRiskMeta?.riskReason,
             riskScopeOptions: permRiskMeta?.riskScopeOptions,
+            riskAllowlistOptions: permRiskMeta?.riskAllowlistOptions,
             riskDirectoryScopeOptions: permRiskMeta?.riskDirectoryScopeOptions,
             isContainerized: permRiskMeta?.isContainerized,
             matchedTrustRuleId: permMatchedTrustRuleId,
@@ -422,12 +434,16 @@ export class ToolExecutor {
           riskLevel: permRiskMeta.riskLevel,
           riskReason: permRiskMeta.riskReason,
           riskScopeOptions: permRiskMeta.riskScopeOptions,
+          riskAllowlistOptions: permRiskMeta.riskAllowlistOptions,
           riskDirectoryScopeOptions: permRiskMeta.riskDirectoryScopeOptions,
           isContainerized: permRiskMeta.isContainerized,
         };
       }
       if (permMatchedTrustRuleId) {
-        execResult = { ...execResult, matchedTrustRuleId: permMatchedTrustRuleId };
+        execResult = {
+          ...execResult,
+          matchedTrustRuleId: permMatchedTrustRuleId,
+        };
       }
       if (permApprovalMode) {
         execResult = { ...execResult, approvalMode: permApprovalMode };

package/src/tools/memory/register.test.ts

@@ -11,14 +11,16 @@ import {
   test,
 } from "bun:test";
 
-import { _setOverridesForTesting } from "../../config/assistant-feature-flags.js";
 import { PKB_WORKSPACE_SCOPE } from "../../memory/pkb/types.js";
 import type { ToolContext } from "../types.js";
 
-// This test exercises v1 PKB re-index enqueue. The `memory-v2-enabled` flag
-// (registry default `true`) makes the enqueue path skipped — disable it so
-// the v1 PKB index path stays under test.
-_setOverridesForTesting({ "memory-v2-enabled": false });
+// This test exercises v1 PKB re-index enqueue. `config.memory.v2.enabled`
+// (default `true`) makes the enqueue path skipped — force it off so the
+// v1 PKB index path stays under test.
+mock.module("../../config/loader.js", () => ({
+  getConfig: () => ({ memory: { v2: { enabled: false } } }),
+  loadConfig: () => ({ memory: { v2: { enabled: false } } }),
+}));
 
 let tmpWorkspace: string;
 let previousWorkspaceEnv: string | undefined;

package/src/tools/permission-checker.ts

@@ -32,6 +32,11 @@ export type PermissionDecision =
         riskLevel: string;
         riskReason: string;
         riskScopeOptions: Array<{ pattern: string; label: string }>;
+        riskAllowlistOptions?: Array<{
+          label: string;
+          description: string;
+          pattern: string;
+        }>;
         riskDirectoryScopeOptions?: Array<{ scope: string; label: string }>;
         isContainerized?: boolean;
       };
@@ -51,6 +56,11 @@ export type PermissionDecision =
         riskLevel: string;
         riskReason: string;
         riskScopeOptions: Array<{ pattern: string; label: string }>;
+        riskAllowlistOptions?: Array<{
+          label: string;
+          description: string;
+          pattern: string;
+        }>;
         riskDirectoryScopeOptions?: Array<{ scope: string; label: string }>;
         isContainerized?: boolean;
       };
@@ -111,7 +121,12 @@ export class PermissionChecker {
       ? {
           riskLevel: cachedAssessment.riskLevel,
           riskReason: cachedAssessment.reason,
+          // Display ladder (regex patterns — internal only, not for save).
           riskScopeOptions: cachedAssessment.scopeOptions,
+          // Save ladder (Minimatch globs — what the gateway matches against).
+          // Populated for classifiers that produce allowlist options
+          // (bash, file, skill); undefined otherwise.
+          riskAllowlistOptions: cachedAssessment.allowlistOptions,
           riskDirectoryScopeOptions: cachedAssessment.directoryScopeOptions,
           isContainerized: getIsContainerized(),
         }

package/src/tools/skills/load.ts

@@ -19,7 +19,7 @@ import {
 import {
   collectAllMissing,
   indexCatalogById,
-  validateIncludes,
+  validateIncludeCycles,
 } from "../../skills/include-graph.js";
 import { renderInlineCommands } from "../../skills/inline-command-render.js";
 import { parseToolManifestFile } from "../../skills/tool-manifest.js";
@@ -204,6 +204,7 @@ export class SkillLoadTool implements Tool {
 
     // Load catalog for include validation and child metadata output
     let catalogIndex: Map<string, SkillSummary> | undefined;
+    let missingIncludedSkillIds: string[] = [];
     if (skill.includes && skill.includes.length > 0) {
       let catalog = loadSkillCatalog();
       catalogIndex = indexCatalogById(catalog);
@@ -260,19 +261,13 @@ export class SkillLoadTool implements Tool {
         catalogIndex = indexCatalogById(catalog);
       }
 
-      // Validate (fail-closed - catches genuinely missing deps + cycles)
-      const validation = validateIncludes(skill.id, catalogIndex);
+      missingIncludedSkillIds = [...collectAllMissing(skill.id, catalogIndex)];
+
+      // Validate cycles fail closed. Missing includes are advisory: the parent
+      // skill should still load so the assistant can decide whether to search
+      // for and install the suggested dependency.
+      const validation = validateIncludeCycles(skill.id, catalogIndex);
       if (!validation.ok) {
-        if (validation.error === "missing") {
-          return {
-            content: `Error: skill "${skill.id}" includes "${
-              validation.missingChildId
-            }" which was not found (referenced by "${
-              validation.parentId
-            }" via path: ${validation.path.join(" → ")})`,
-            isError: true,
-          };
-        }
         if (validation.error === "cycle") {
           return {
             content: `Error: skill "${
@@ -283,10 +278,6 @@ export class SkillLoadTool implements Tool {
             isError: true,
           };
         }
-        return {
-          content: `Error: skill "${skill.id}" has an invalid include graph`,
-          isError: true,
-        };
       }
     }
 
@@ -444,13 +435,25 @@ export class SkillLoadTool implements Tool {
           }
         }
       }
-      immediateChildrenSection = `Included Skills (immediate):\n${childLines.join(
-        "\n",
-      )}`;
+      immediateChildrenSection =
+        childLines.length > 0
+          ? `Included Skills (immediate):\n${childLines.join("\n")}`
+          : "Included Skills (immediate): none";
     } else {
       immediateChildrenSection = "Included Skills (immediate): none";
     }
 
+    const missingIncludesSection =
+      missingIncludedSkillIds.length > 0
+        ? [
+            "Suggested Included Skills (not loaded):",
+            ...missingIncludedSkillIds.map(
+              (id) =>
+                `  - ${id}: not installed or unavailable. If this task needs it, search for and install this skill, then load it.`,
+            ),
+          ].join("\n")
+        : undefined;
+
     let versionHash: string | undefined;
     try {
       versionHash = computeSkillVersionHash(skill.directoryPath);
@@ -512,6 +515,7 @@ export class SkillLoadTool implements Tool {
           : []),
         ...includedBodies.flatMap((b) => [b, ""]),
         immediateChildrenSection,
+        ...(missingIncludesSection ? [missingIncludesSection] : []),
         "",
         `<loaded_skill id="${skill.id}"${versionAttr} />`,
         ...includeMarkers,

package/src/tools/tool-name-aliases.ts

@@ -0,0 +1,19 @@
+const TOOL_NAME_ALIASES = new Map<string, string>([
+  ["create_app", "app_create"],
+]);
+
+/**
+ * Resolve high-confidence compatibility aliases before active-tool gating.
+ * Keep this list narrow: aliases should only cover observed model drift where
+ * the canonical target is active for the turn.
+ */
+export function resolveToolNameAlias(
+  name: string,
+  allowedToolNames?: ReadonlySet<string>,
+): string {
+  if (allowedToolNames?.has(name)) return name;
+  const canonical = TOOL_NAME_ALIASES.get(name);
+  if (!canonical) return name;
+  if (allowedToolNames && !allowedToolNames.has(canonical)) return name;
+  return canonical;
+}

package/src/tools/types.ts

@@ -115,8 +115,26 @@ export interface ToolExecutionResult {
   riskThreshold?: string;
   /** Whether the daemon is running in a containerized (Docker) environment. */
   isContainerized?: boolean;
-  /** Scope options ladder for the rule editor (narrowest to broadest). */
+  /**
+   * Display-only ladder of scope option labels for the rule editor
+   * (narrowest to broadest). The `pattern` field here is a regex-style
+   * descriptor used internally by the daemon and is NOT a valid trust
+   * rule pattern. Use `riskAllowlistOptions` for the pattern that gets
+   * saved as a trust rule.
+   */
   riskScopeOptions?: Array<{ pattern: string; label: string }>;
+  /**
+   * Allowlist options for the rule editor save path (narrowest to
+   * broadest). Each `pattern` is a Minimatch-glob compatible string
+   * (e.g. raw command for exact match, `action:<program>` for command
+   * wildcards) — what the gateway actually matches against. Mirrors
+   * the `allowlistOptions` field on `ConfirmationRequest` SSE events.
+   */
+  riskAllowlistOptions?: Array<{
+    label: string;
+    description: string;
+    pattern: string;
+  }>;
   /** Directory scope ladder for the rule editor (narrowest to broadest). */
   riskDirectoryScopeOptions?: Array<{ scope: string; label: string }>;
   /**

package/src/workspace/migrations/067-release-notes-safe-storage-limits.ts

@@ -1,72 +1,14 @@
-import {
-  appendFileSync,
-  existsSync,
-  readFileSync,
-  writeFileSync,
-} from "node:fs";
-import { join } from "node:path";
-
-import { getLogger } from "../../util/logger.js";
 import type { WorkspaceMigration } from "./types.js";
 
-const log = getLogger(
-  "workspace-migration-067-release-notes-safe-storage-limits",
-);
-
 const MIGRATION_ID = "067-release-notes-safe-storage-limits";
-const MARKER = `<!-- release-note-id:${MIGRATION_ID} -->`;
-
-const RELEASE_NOTE = `${MARKER}
-## Safe storage limits
-
-A new storage protection mode is available behind the safe-storage-limits
-rollout flag. When enabled, the assistant watches workspace disk usage and
-enters cleanup mode if the volume reaches the critical 95% threshold.
-
-In cleanup mode, background processes pause and remote messages, including
-trusted-contact messages, are blocked until the guardian frees enough space or
-explicitly overrides the lock. The macOS app now shows a storage cleanup banner
-that must be acknowledged before cleanup chat continues, then keeps a status
-banner visible while cleanup mode is active.
-`;
 
 export const releaseNotesSafeStorageLimitsMigration: WorkspaceMigration = {
   id: MIGRATION_ID,
-  description: "Append release notes for safe storage limits to UPDATES.md",
-
-  run(workspaceDir: string): void {
-    const updatesPath = join(workspaceDir, "UPDATES.md");
+  description: "Reserved migration slot for safe storage limits release notes",
 
-    try {
-      if (existsSync(updatesPath)) {
-        const existing = readFileSync(updatesPath, "utf-8");
-        if (existing.includes(MARKER)) {
-          return;
-        }
-        const needsLeadingNewline = !existing.endsWith("\n\n");
-        const prefix = existing.endsWith("\n") ? "\n" : "\n\n";
-        appendFileSync(
-          updatesPath,
-          needsLeadingNewline ? `${prefix}${RELEASE_NOTE}` : RELEASE_NOTE,
-          "utf-8",
-        );
-      } else {
-        writeFileSync(updatesPath, RELEASE_NOTE, "utf-8");
-      }
-      log.info(
-        { path: updatesPath },
-        "Appended safe storage limits release note",
-      );
-    } catch (err) {
-      log.warn(
-        { err, path: updatesPath },
-        "Failed to append safe storage limits release note to UPDATES.md",
-      );
-    }
+  run(_workspaceDir: string): void {
+    // Registered no-op slot retained for workspace migration checkpoint compatibility.
   },
 
-  down(_workspaceDir: string): void {
-    // Forward-only: UPDATES.md is a user-facing bulletin the assistant
-    // processes and deletes on its own.
-  },
+  down(_workspaceDir: string): void {},
 };

package/src/workspace/migrations/069-seed-onboarding-threads.ts

@@ -0,0 +1,28 @@
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+const ONBOARDING_THREADS = `- Figure out what kind of personality would best mesh with your user. Figure out who you are and what your voice should be. Your choice should be DISTINCT and have CHARACTER. Once you've figured this out, rewrite SOUL.md and IDENTITY.md in your own voice to define who you are.
+- Work with your user to set a custom avatar for yourself. This task is done once data/avatar/avatar-image.png exists.
+- Ask your user if they use ChatGPT, Claude or another AI tool and offer to help them import memories from there.
+- Suggest connecting to available messaging services like Slack or Telegram
+`;
+
+export const seedOnboardingThreadsMigration: WorkspaceMigration = {
+  id: "069-seed-onboarding-threads",
+  description:
+    "Seed memory/threads.md with onboarding tasks for brand new assistants",
+
+  run(workspaceDir: string): void {
+    const filePath = join(workspaceDir, "memory", "threads.md");
+    if (!existsSync(filePath)) return;
+    const current = readFileSync(filePath, "utf-8");
+    if (current.trim().length > 0) return;
+    writeFileSync(filePath, ONBOARDING_THREADS, "utf-8");
+  },
+
+  down(_workspaceDir: string): void {
+    // Forward-only: never delete user-visible memory content on rollback.
+  },
+};

package/src/workspace/migrations/070-memory-v2-summary-schema-rebuild.ts

@@ -0,0 +1,31 @@
+import type { WorkspaceMigration } from "./types.js";
+
+/**
+ * Audit-only entry for the v2 concept-page schema upgrade introduced in PR
+ * #29823 (summary_dense / summary_sparse named vectors). The destructive
+ * collection rebuild and reembed enqueue both run inside the daemon at
+ * Qdrant init time — see `maybeRebuildMemoryV2Concepts` in
+ * `assistant/src/daemon/memory-v2-startup.ts`. The "exactly-once" fence is
+ * per-collection schema introspection, not per-workspace checkpoint, so
+ * users who wipe Qdrant separately still get re-rebuilt without resetting
+ * any workspace flag.
+ *
+ * This migration exists so the registry chronology records the schema
+ * upgrade alongside the release that introduced it.
+ */
+export const memoryV2SummarySchemaRebuildMigration: WorkspaceMigration = {
+  id: "070-memory-v2-summary-schema-rebuild",
+  description:
+    "Audit entry: v2 concept-page Qdrant collection now carries summary_dense / summary_sparse named vectors. Rebuild + reembed handled by the daemon's startup hook.",
+
+  run(_workspaceDir: string): void {
+    // No-op: the actual rebuild lives in the Qdrant client layer where the
+    // collection schema is owned. Workspace migrations cannot touch Qdrant
+    // (they run before it starts and must be self-contained per
+    // assistant/src/workspace/migrations/AGENTS.md).
+  },
+
+  down(_workspaceDir: string): void {
+    // Forward-only: schema rollbacks happen outside the migration system.
+  },
+};

package/src/workspace/migrations/071-remove-safe-storage-release-note.ts

@@ -0,0 +1,111 @@
+import { existsSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+const MIGRATION_ID = "071-remove-safe-storage-release-note";
+const SAFE_STORAGE_RELEASE_NOTE_ID = "067-release-notes-safe-storage-limits";
+const SAFE_STORAGE_MARKER = `<!-- release-note-id:${SAFE_STORAGE_RELEASE_NOTE_ID} -->`;
+const RELEASE_NOTE_MARKER_PREFIX = "<!-- release-note-id:";
+
+const SAFE_STORAGE_RELEASE_NOTE = `${SAFE_STORAGE_MARKER}
+## Safe storage limits
+
+A new storage protection mode is available behind the safe-storage-limits
+rollout flag. When enabled, the assistant watches workspace disk usage and
+enters cleanup mode if the volume reaches the critical 95% threshold.
+
+In cleanup mode, background processes pause and remote messages, including
+trusted-contact messages, are blocked until the guardian frees enough space or
+explicitly overrides the lock. The macOS app now shows a storage cleanup banner
+that must be acknowledged before cleanup chat continues, then keeps a status
+banner visible while cleanup mode is active.
+`;
+
+const LEADING_NEWLINES = /^(?:(?:\r\n)|\n|\r)+/;
+const TRAILING_NEWLINES = /(?:(?:\r\n)|\n|\r)+$/;
+
+function findNewlineStyle(...samples: string[]): string {
+  for (const sample of samples) {
+    const match = sample.match(/\r\n|\n|\r/);
+    if (match) {
+      return match[0];
+    }
+  }
+
+  return "\n";
+}
+
+function stitchAroundRemovedBlock(before: string, after: string): string {
+  if (before.trim() === "") {
+    return after.replace(LEADING_NEWLINES, "");
+  }
+
+  if (after.trim() === "") {
+    return `${before.replace(TRAILING_NEWLINES, "")}${findNewlineStyle(before)}`;
+  }
+
+  const newline = findNewlineStyle(before, after);
+  return `${before.replace(TRAILING_NEWLINES, "")}${newline}${newline}${after.replace(LEADING_NEWLINES, "")}`;
+}
+
+function removeRange(content: string, start: number, end: number): string {
+  return stitchAroundRemovedBlock(content.slice(0, start), content.slice(end));
+}
+
+function removeSafeStorageReleaseNote(content: string): string {
+  const exactStart = content.indexOf(SAFE_STORAGE_RELEASE_NOTE);
+  if (exactStart >= 0) {
+    return removeRange(
+      content,
+      exactStart,
+      exactStart + SAFE_STORAGE_RELEASE_NOTE.length,
+    );
+  }
+
+  const markerStart = content.indexOf(SAFE_STORAGE_MARKER);
+  if (markerStart < 0) {
+    return content;
+  }
+
+  const nextMarkerStart = content.indexOf(
+    RELEASE_NOTE_MARKER_PREFIX,
+    markerStart + SAFE_STORAGE_MARKER.length,
+  );
+
+  return removeRange(
+    content,
+    markerStart,
+    nextMarkerStart >= 0 ? nextMarkerStart : content.length,
+  );
+}
+
+export const removeSafeStorageReleaseNoteMigration: WorkspaceMigration = {
+  id: MIGRATION_ID,
+  description: "Remove safe storage release note from UPDATES.md",
+
+  run(workspaceDir: string): void {
+    const updatesPath = join(workspaceDir, "UPDATES.md");
+    if (!existsSync(updatesPath)) {
+      return;
+    }
+
+    const existing = readFileSync(updatesPath, "utf-8");
+    if (!existing.includes(SAFE_STORAGE_MARKER)) {
+      return;
+    }
+
+    const cleaned = removeSafeStorageReleaseNote(existing);
+    if (cleaned.trim() === "") {
+      rmSync(updatesPath, { force: true });
+      return;
+    }
+
+    writeFileSync(updatesPath, cleaned, "utf-8");
+  },
+
+  down(_workspaceDir: string): void {
+    // Forward-only: this removes a pending bulletin that should no longer be
+    // shown to users.
+  },
+};

package/src/workspace/migrations/registry.ts

@@ -66,6 +66,9 @@ import { bumpStaleHeartbeatIntervalMigration } from "./065-bump-stale-heartbeat-
 import { seedHeartbeatCallsiteCostDefaultMigration } from "./066-seed-heartbeat-callsite-cost-default.js";
 import { releaseNotesSafeStorageLimitsMigration } from "./067-release-notes-safe-storage-limits.js";
 import { releaseNotesLocalTimezoneMigration } from "./068-release-notes-local-timezone.js";
+import { seedOnboardingThreadsMigration } from "./069-seed-onboarding-threads.js";
+import { memoryV2SummarySchemaRebuildMigration } from "./070-memory-v2-summary-schema-rebuild.js";
+import { removeSafeStorageReleaseNoteMigration } from "./071-remove-safe-storage-release-note.js";
 import { migrateToWorkspaceVolumeMigration } from "./migrate-to-workspace-volume.js";
 import type { WorkspaceMigration } from "./types.js";
 
@@ -143,4 +146,7 @@ export const WORKSPACE_MIGRATIONS: WorkspaceMigration[] = [
   seedHeartbeatCallsiteCostDefaultMigration,
   releaseNotesSafeStorageLimitsMigration,
   releaseNotesLocalTimezoneMigration,
+  seedOnboardingThreadsMigration,
+  memoryV2SummarySchemaRebuildMigration,
+  removeSafeStorageReleaseNoteMigration,
 ];