bloby-bot 0.46.2 → 0.47.0

package/supervisor/harnesses/pi/auth-storage.ts

@@ -0,0 +1,56 @@
+/**
+ * Pi auth storage — persistent credentials for the Bloby (pi) harness.
+ *
+ * Stored in ~/.bloby/pi-auth.json (separate from the main config.json so we
+ * can wipe/rotate the LLM credentials without touching the rest of the bot
+ * config). Iteration 1: a single active sub-provider at a time.
+ */
+import fs from 'fs';
+import path from 'path';
+import { DATA_DIR } from '../../../shared/paths.js';
+
+export interface PiAuth {
+  subProvider: string;
+  apiKey?: string;
+  baseUrl?: string;
+  modelId?: string;
+  savedAt: number;
+}
+
+const PI_AUTH_PATH = path.join(DATA_DIR, 'pi-auth.json');
+
+export function readPiAuth(): PiAuth | null {
+  try {
+    if (!fs.existsSync(PI_AUTH_PATH)) return null;
+    const raw = fs.readFileSync(PI_AUTH_PATH, 'utf-8');
+    const parsed = JSON.parse(raw);
+    if (!parsed?.subProvider) return null;
+    return parsed as PiAuth;
+  } catch {
+    return null;
+  }
+}
+
+export function writePiAuth(auth: Omit<PiAuth, 'savedAt'>): PiAuth {
+  fs.mkdirSync(DATA_DIR, { recursive: true });
+  const full: PiAuth = { ...auth, savedAt: Date.now() };
+  fs.writeFileSync(PI_AUTH_PATH, JSON.stringify(full, null, 2), { mode: 0o600 });
+  return full;
+}
+
+export function clearPiAuth(): void {
+  try {
+    fs.rmSync(PI_AUTH_PATH, { force: true });
+  } catch {}
+}
+
+export function getPiAuthStatus(): { configured: boolean; subProvider?: string; modelId?: string; baseUrl?: string } {
+  const auth = readPiAuth();
+  if (!auth) return { configured: false };
+  return {
+    configured: true,
+    subProvider: auth.subProvider,
+    modelId: auth.modelId,
+    baseUrl: auth.baseUrl,
+  };
+}

package/supervisor/harnesses/pi/sub-providers.ts

@@ -0,0 +1,205 @@
+/**
+ * Pi sub-provider catalog.
+ *
+ * The Bloby (pi) harness is a meta-provider: the user picks an underlying LLM
+ * vendor and supplies their own credentials. This file enumerates the set we
+ * currently support in the onboarding wizard plus enough metadata to drive the
+ * test-completion call without per-provider branching at the call site.
+ *
+ * Iteration 1 scope: API-key flows only. OAuth-based sub-providers (Anthropic
+ * Pro/Max, GitHub Copilot, OpenAI Codex) are deliberately out of scope — they
+ * duplicate auth flows we already ship under the dedicated Claude and OpenAI
+ * Codex harnesses.
+ */
+export type PiApiFlavor = 'openai-completions' | 'anthropic-messages' | 'google-gemini';
+
+export interface PiSubProviderModel {
+  id: string;
+  label: string;
+}
+
+export interface PiSubProvider {
+  id: string;
+  name: string;
+  subtitle: string;
+  flavor: PiApiFlavor;
+  /** Default base URL — Ollama / LM Studio / custom let the user override it. */
+  baseUrl?: string;
+  /** Whether the user must supply a base URL (Ollama, LM Studio, custom). */
+  needsBaseUrl?: boolean;
+  /** Whether the user must supply an API key. Ollama defaults to false. */
+  needsApiKey?: boolean;
+  /** Optional: where to obtain a key (shown as a help link). */
+  apiKeyUrl?: string;
+  /** Hand-curated model list. `dynamic` ⇒ free-form ID input. */
+  models: PiSubProviderModel[] | 'dynamic';
+  /** Default model selection when the user hasn't picked one. */
+  defaultModel?: string;
+}
+
+export const PI_SUB_PROVIDERS: PiSubProvider[] = [
+  {
+    id: 'google',
+    name: 'Google Gemini',
+    subtitle: 'Gemini 2.x via AI Studio',
+    flavor: 'google-gemini',
+    baseUrl: 'https://generativelanguage.googleapis.com/v1beta',
+    needsApiKey: true,
+    apiKeyUrl: 'https://aistudio.google.com/apikey',
+    models: [
+      { id: 'gemini-2.5-pro', label: 'Gemini 2.5 Pro' },
+      { id: 'gemini-2.5-flash', label: 'Gemini 2.5 Flash' },
+      { id: 'gemini-2.0-flash', label: 'Gemini 2.0 Flash' },
+    ],
+    defaultModel: 'gemini-2.5-pro',
+  },
+  {
+    id: 'deepseek',
+    name: 'DeepSeek',
+    subtitle: 'deepseek.com API',
+    flavor: 'openai-completions',
+    baseUrl: 'https://api.deepseek.com/v1',
+    needsApiKey: true,
+    apiKeyUrl: 'https://platform.deepseek.com/api_keys',
+    models: [
+      { id: 'deepseek-chat', label: 'DeepSeek V3 (chat)' },
+      { id: 'deepseek-reasoner', label: 'DeepSeek R1 (reasoner)' },
+    ],
+    defaultModel: 'deepseek-chat',
+  },
+  {
+    id: 'groq',
+    name: 'Groq',
+    subtitle: 'Fast inference for Llama / Mixtral',
+    flavor: 'openai-completions',
+    baseUrl: 'https://api.groq.com/openai/v1',
+    needsApiKey: true,
+    apiKeyUrl: 'https://console.groq.com/keys',
+    models: [
+      { id: 'llama-3.3-70b-versatile', label: 'Llama 3.3 70B Versatile' },
+      { id: 'llama-3.1-8b-instant', label: 'Llama 3.1 8B Instant' },
+      { id: 'moonshotai/kimi-k2-instruct', label: 'Kimi K2 Instruct' },
+    ],
+    defaultModel: 'llama-3.3-70b-versatile',
+  },
+  {
+    id: 'xai',
+    name: 'xAI (Grok)',
+    subtitle: 'x.ai API',
+    flavor: 'openai-completions',
+    baseUrl: 'https://api.x.ai/v1',
+    needsApiKey: true,
+    apiKeyUrl: 'https://console.x.ai/',
+    models: [
+      { id: 'grok-4', label: 'Grok 4' },
+      { id: 'grok-code-fast-1', label: 'Grok Code Fast 1' },
+      { id: 'grok-3', label: 'Grok 3' },
+    ],
+    defaultModel: 'grok-4',
+  },
+  {
+    id: 'cerebras',
+    name: 'Cerebras',
+    subtitle: 'Wafer-scale inference',
+    flavor: 'openai-completions',
+    baseUrl: 'https://api.cerebras.ai/v1',
+    needsApiKey: true,
+    apiKeyUrl: 'https://cloud.cerebras.ai/?tab=api-keys',
+    models: [
+      { id: 'qwen-3-coder-480b', label: 'Qwen 3 Coder 480B' },
+      { id: 'llama-3.3-70b', label: 'Llama 3.3 70B' },
+    ],
+    defaultModel: 'qwen-3-coder-480b',
+  },
+  {
+    id: 'openrouter',
+    name: 'OpenRouter',
+    subtitle: 'Aggregator: 300+ models, one key',
+    flavor: 'openai-completions',
+    baseUrl: 'https://openrouter.ai/api/v1',
+    needsApiKey: true,
+    apiKeyUrl: 'https://openrouter.ai/keys',
+    models: 'dynamic',
+    defaultModel: 'anthropic/claude-sonnet-4',
+  },
+  {
+    id: 'mistral',
+    name: 'Mistral',
+    subtitle: 'mistral.ai API',
+    flavor: 'openai-completions',
+    baseUrl: 'https://api.mistral.ai/v1',
+    needsApiKey: true,
+    apiKeyUrl: 'https://console.mistral.ai/api-keys/',
+    models: [
+      { id: 'mistral-large-latest', label: 'Mistral Large' },
+      { id: 'codestral-latest', label: 'Codestral' },
+    ],
+    defaultModel: 'mistral-large-latest',
+  },
+  {
+    id: 'openai-api',
+    name: 'OpenAI (API key)',
+    subtitle: 'platform.openai.com',
+    flavor: 'openai-completions',
+    baseUrl: 'https://api.openai.com/v1',
+    needsApiKey: true,
+    apiKeyUrl: 'https://platform.openai.com/api-keys',
+    models: [
+      { id: 'gpt-5', label: 'GPT-5' },
+      { id: 'gpt-5-mini', label: 'GPT-5 Mini' },
+      { id: 'gpt-4.1', label: 'GPT-4.1' },
+      { id: 'o3', label: 'o3' },
+    ],
+    defaultModel: 'gpt-5',
+  },
+  {
+    id: 'anthropic-api',
+    name: 'Anthropic (API key)',
+    subtitle: 'console.anthropic.com',
+    flavor: 'anthropic-messages',
+    baseUrl: 'https://api.anthropic.com/v1',
+    needsApiKey: true,
+    apiKeyUrl: 'https://console.anthropic.com/settings/keys',
+    models: [
+      { id: 'claude-opus-4-5', label: 'Claude Opus 4.5' },
+      { id: 'claude-sonnet-4-5', label: 'Claude Sonnet 4.5' },
+      { id: 'claude-haiku-4-5', label: 'Claude Haiku 4.5' },
+    ],
+    defaultModel: 'claude-sonnet-4-5',
+  },
+  {
+    id: 'ollama',
+    name: 'Ollama',
+    subtitle: 'Local — http://localhost:11434',
+    flavor: 'openai-completions',
+    baseUrl: 'http://localhost:11434/v1',
+    needsBaseUrl: true,
+    needsApiKey: false,
+    apiKeyUrl: 'https://ollama.com/library',
+    models: 'dynamic',
+    defaultModel: 'llama3.1',
+  },
+  {
+    id: 'lm-studio',
+    name: 'LM Studio',
+    subtitle: 'Local — http://localhost:1234',
+    flavor: 'openai-completions',
+    baseUrl: 'http://localhost:1234/v1',
+    needsBaseUrl: true,
+    needsApiKey: false,
+    models: 'dynamic',
+  },
+  {
+    id: 'custom',
+    name: 'Custom (OpenAI-compatible)',
+    subtitle: 'Any /v1/chat/completions endpoint',
+    flavor: 'openai-completions',
+    needsBaseUrl: true,
+    needsApiKey: true,
+    models: 'dynamic',
+  },
+];
+
+export function getPiSubProvider(id: string): PiSubProvider | undefined {
+  return PI_SUB_PROVIDERS.find((p) => p.id === id);
+}

package/supervisor/harnesses/pi/test-completion.ts

@@ -0,0 +1,196 @@
+/**
+ * Pi test-completion — single-shot, non-streaming completion call.
+ *
+ * Iteration 1 of the pi harness: just enough to verify the saved sub-provider
+ * + credentials actually reach an LLM and return text. Replaces the full
+ * pi-ai streaming stack until we vendor it alongside the agent loop.
+ *
+ * Supported API flavors:
+ *   - openai-completions  → POST {baseUrl}/chat/completions
+ *   - anthropic-messages  → POST {baseUrl}/messages
+ *   - google-gemini       → POST {baseUrl}/models/{modelId}:generateContent
+ */
+import { getPiSubProvider, type PiApiFlavor } from './sub-providers.js';
+
+export interface PiTestCompletionInput {
+  subProvider: string;
+  apiKey?: string;
+  baseUrl?: string;
+  modelId?: string;
+  prompt: string;
+}
+
+export interface PiTestCompletionResult {
+  ok: boolean;
+  text?: string;
+  error?: string;
+  status?: number;
+  modelId?: string;
+  subProvider?: string;
+}
+
+const REQUEST_TIMEOUT_MS = 30_000;
+
+async function timedFetch(url: string, init: RequestInit): Promise<Response> {
+  const ctl = new AbortController();
+  const timer = setTimeout(() => ctl.abort(), REQUEST_TIMEOUT_MS);
+  try {
+    return await fetch(url, { ...init, signal: ctl.signal });
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+function pickBaseUrl(input: PiTestCompletionInput): string | undefined {
+  if (input.baseUrl?.trim()) return input.baseUrl.replace(/\/+$/, '');
+  const def = getPiSubProvider(input.subProvider)?.baseUrl;
+  return def?.replace(/\/+$/, '');
+}
+
+function pickModelId(input: PiTestCompletionInput): string | undefined {
+  if (input.modelId?.trim()) return input.modelId.trim();
+  return getPiSubProvider(input.subProvider)?.defaultModel;
+}
+
+export async function runPiTestCompletion(input: PiTestCompletionInput): Promise<PiTestCompletionResult> {
+  const provider = getPiSubProvider(input.subProvider);
+  if (!provider) {
+    return { ok: false, error: `Unknown sub-provider: ${input.subProvider}` };
+  }
+
+  const baseUrl = pickBaseUrl(input);
+  if (!baseUrl) return { ok: false, error: 'Missing base URL' };
+
+  const modelId = pickModelId(input);
+  if (!modelId) return { ok: false, error: 'Missing model ID' };
+
+  if (provider.needsApiKey && !input.apiKey?.trim()) {
+    return { ok: false, error: 'Missing API key' };
+  }
+
+  try {
+    const text = await callByFlavor(provider.flavor, {
+      baseUrl,
+      modelId,
+      apiKey: input.apiKey?.trim() || '',
+      prompt: input.prompt,
+    });
+    return { ok: true, text, modelId, subProvider: provider.id };
+  } catch (err: any) {
+    return {
+      ok: false,
+      error: err?.message || String(err),
+      status: err?.status,
+      modelId,
+      subProvider: provider.id,
+    };
+  }
+}
+
+interface DispatchArgs {
+  baseUrl: string;
+  modelId: string;
+  apiKey: string;
+  prompt: string;
+}
+
+async function callByFlavor(flavor: PiApiFlavor, args: DispatchArgs): Promise<string> {
+  switch (flavor) {
+    case 'openai-completions':
+      return callOpenAICompletions(args);
+    case 'anthropic-messages':
+      return callAnthropicMessages(args);
+    case 'google-gemini':
+      return callGoogleGemini(args);
+  }
+}
+
+/* ── OpenAI / OpenAI-compatible ── */
+
+async function callOpenAICompletions({ baseUrl, modelId, apiKey, prompt }: DispatchArgs): Promise<string> {
+  const headers: Record<string, string> = { 'content-type': 'application/json' };
+  if (apiKey) headers['authorization'] = `Bearer ${apiKey}`;
+
+  const res = await timedFetch(`${baseUrl}/chat/completions`, {
+    method: 'POST',
+    headers,
+    body: JSON.stringify({
+      model: modelId,
+      messages: [{ role: 'user', content: prompt }],
+      max_tokens: 256,
+      stream: false,
+    }),
+  });
+
+  if (!res.ok) throw await httpError(res);
+
+  const body: any = await res.json();
+  const text = body?.choices?.[0]?.message?.content;
+  if (typeof text !== 'string' || !text.trim()) {
+    throw new Error(`Empty response (${JSON.stringify(body).slice(0, 200)})`);
+  }
+  return text.trim();
+}
+
+/* ── Anthropic Messages API ── */
+
+async function callAnthropicMessages({ baseUrl, modelId, apiKey, prompt }: DispatchArgs): Promise<string> {
+  const res = await timedFetch(`${baseUrl}/messages`, {
+    method: 'POST',
+    headers: {
+      'content-type': 'application/json',
+      'x-api-key': apiKey,
+      'anthropic-version': '2023-06-01',
+    },
+    body: JSON.stringify({
+      model: modelId,
+      max_tokens: 256,
+      messages: [{ role: 'user', content: prompt }],
+    }),
+  });
+
+  if (!res.ok) throw await httpError(res);
+
+  const body: any = await res.json();
+  const block = Array.isArray(body?.content)
+    ? body.content.find((b: any) => b?.type === 'text')
+    : null;
+  const text = block?.text;
+  if (typeof text !== 'string' || !text.trim()) {
+    throw new Error(`Empty response (${JSON.stringify(body).slice(0, 200)})`);
+  }
+  return text.trim();
+}
+
+/* ── Google Gemini ── */
+
+async function callGoogleGemini({ baseUrl, modelId, apiKey, prompt }: DispatchArgs): Promise<string> {
+  const url = `${baseUrl}/models/${encodeURIComponent(modelId)}:generateContent?key=${encodeURIComponent(apiKey)}`;
+  const res = await timedFetch(url, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({
+      contents: [{ role: 'user', parts: [{ text: prompt }] }],
+      generationConfig: { maxOutputTokens: 256 },
+    }),
+  });
+
+  if (!res.ok) throw await httpError(res);
+
+  const body: any = await res.json();
+  const parts: any[] = body?.candidates?.[0]?.content?.parts || [];
+  const text = parts.map((p) => p?.text).filter(Boolean).join('\n').trim();
+  if (!text) throw new Error(`Empty response (${JSON.stringify(body).slice(0, 200)})`);
+  return text;
+}
+
+/* ── Helpers ── */
+
+async function httpError(res: Response): Promise<Error> {
+  let detail = '';
+  try { detail = await res.text(); } catch {}
+  const trimmed = detail.length > 400 ? `${detail.slice(0, 400)}…` : detail;
+  const err: any = new Error(`HTTP ${res.status} ${res.statusText}${trimmed ? `: ${trimmed}` : ''}`);
+  err.status = res.status;
+  return err;
+}

package/supervisor/index.ts

@@ -351,6 +351,12 @@ export async function startSupervisor() {
     'POST /api/auth/codex/start',
     'POST /api/auth/codex/cancel',
     'GET /api/auth/codex/status',
+    'GET /api/auth/pi/providers',
+    'GET /api/auth/pi/status',
+    'POST /api/auth/pi/test',
+    'POST /api/auth/pi/save',
+    'DELETE /api/auth/pi',
+    'POST /api/auth/pi/completion',
     'POST /api/portal/totp/setup',
     'POST /api/portal/totp/verify-setup',
     'POST /api/portal/totp/disable',
@@ -1327,7 +1333,11 @@ ${!connected ? `<script>
         const data = msg.data || {};
         const content = data.content;
         if (!content) return;
-        if (data.conversationId) convId = data.conversationId;
+        // Note: we intentionally ignore data.conversationId from the client.
+        // The server is the authority on which DB conversation this WS belongs to —
+        // honoring a client-supplied id let stale browser state drive messages into
+        // an orphan conv whose row had been deleted, causing FK failures on every
+        // INSERT. Server resolution below (clientConvs → context.current → create).
 
         // Re-read config on each message so post-onboard changes are picked up
         const freshConfig = loadConfig();
@@ -1396,6 +1406,10 @@ ${!connected ? `<script>
               });
             } catch (err: any) {
               log.warn(`[bloby] DB persist error: ${err.message}`);
+              // Surface to all clients so they can flag the missing user bubble
+              // instead of pretending it's saved. addMessage() in worker/db.ts is
+              // self-healing for orphan convIds, so this should now be rare.
+              broadcastBloby('chat:persist-error', { conversationId: convId, role: 'user', error: err.message });
             }
 
             // Fetch agent/user names and recent messages in parallel
@@ -1438,7 +1452,7 @@ ${!connected ? `<script>
               // the self-chat mirror (the user's own number).
               const waState = channelManager.createWaStreamState();
 
-              await startConversation(convId, freshConfig.ai.model, (type, eventData) => {
+              await startConversation(convId, freshConfig.ai.model, async (type, eventData) => {
                 // Track stream buffer for reconnecting clients
                 if (type === 'bot:typing') {
                   currentStreamConvId = convId;
@@ -1493,19 +1507,23 @@ ${!connected ? `<script>
                   return;
                 }
 
-                // Save assistant response to DB
+                // Save assistant response to DB BEFORE broadcasting so a refresh
+                // immediately after the bubble appears can't race the INSERT and lose
+                // the message. addMessage() in worker/db.ts is self-healing —
+                // it INSERT OR IGNOREs the parent conversation row first, so even an
+                // orphan convId persists cleanly.
                 if (type === 'bot:response') {
                   currentStreamBuffer = '';
-
-                  (async () => {
-                    try {
-                      await workerApi(`/api/conversations/${convId}/messages`, 'POST', {
-                        role: 'assistant', content: eventData.content, meta: { model: freshConfig.ai.model },
-                      });
-                    } catch (err: any) {
-                      log.warn(`[bloby] DB persist bot response error: ${err.message}`);
-                    }
-                  })();
+                  try {
+                    await workerApi(`/api/conversations/${convId}/messages`, 'POST', {
+                      role: 'assistant', content: eventData.content, meta: { model: freshConfig.ai.model },
+                    });
+                  } catch (err: any) {
+                    log.warn(`[bloby] DB persist bot response error: ${err.message}`);
+                    // Tell clients the bubble they're about to see is not durable —
+                    // they can flag/retry rather than silently losing it on refresh.
+                    broadcastBloby('chat:persist-error', { conversationId: convId, role: 'assistant', error: err.message });
+                  }
                 }
 
                 // Stream all events to every connected client

package/worker/db.ts

@@ -93,10 +93,18 @@ export function deleteConversation(id: string) {
 
 // Messages
 export function addMessage(convId: string, role: string, content: string, meta?: { tokens_in?: number; tokens_out?: number; model?: string; audio_data?: string; attachments?: string }) {
-  const msg = db.prepare('INSERT INTO messages (conversation_id, role, content, tokens_in, tokens_out, model, audio_data, attachments) VALUES (?, ?, ?, ?, ?, ?, ?, ?) RETURNING *')
-    .get(convId, role, content, meta?.tokens_in ?? null, meta?.tokens_out ?? null, meta?.model ?? null, meta?.audio_data ?? null, meta?.attachments ?? null);
-  db.prepare('UPDATE conversations SET updated_at = CURRENT_TIMESTAMP WHERE id = ?').run(convId);
-  return msg as any;
+  // Self-heal: if the conversation row is missing (orphan live convId, harness session
+  // drift, deleted parent, etc.), create it so the FK constraint never fires.
+  // Use the first user message as title; assistant-first stays NULL (filled by UI).
+  const tx = db.transaction(() => {
+    db.prepare('INSERT OR IGNORE INTO conversations (id, title, model) VALUES (?, ?, ?)')
+      .run(convId, role === 'user' ? content.slice(0, 80) : null, meta?.model ?? null);
+    const msg = db.prepare('INSERT INTO messages (conversation_id, role, content, tokens_in, tokens_out, model, audio_data, attachments) VALUES (?, ?, ?, ?, ?, ?, ?, ?) RETURNING *')
+      .get(convId, role, content, meta?.tokens_in ?? null, meta?.tokens_out ?? null, meta?.model ?? null, meta?.audio_data ?? null, meta?.attachments ?? null);
+    db.prepare('UPDATE conversations SET updated_at = CURRENT_TIMESTAMP WHERE id = ?').run(convId);
+    return msg;
+  });
+  return tx() as any;
 }
 export function getMessages(convId: string) {
   return db.prepare('SELECT * FROM messages WHERE conversation_id = ? ORDER BY created_at ASC').all(convId);
@@ -177,22 +185,29 @@ export function deleteAllTrustedDevices() {
   db.prepare('DELETE FROM trusted_devices').run();
 }
 
-// Recent messages (for context injection)
+// Recent messages (for context injection).
+// Order by rowid (monotonic insertion order) — created_at has 1-second resolution
+// so rapid-fire messages can collide. rowid never does.
+// rowid is a hidden column, so `SELECT *` omits it — we must alias it explicitly
+// in the inner query for the outer ORDER BY to reach it.
 export function getRecentMessages(convId: string, limit = 20) {
   return db.prepare(`
     SELECT * FROM (
-      SELECT * FROM messages WHERE conversation_id = ? ORDER BY created_at DESC LIMIT ?
-    ) sub ORDER BY created_at ASC
+      SELECT messages.*, messages.rowid AS _rid FROM messages
+      WHERE conversation_id = ? ORDER BY messages.rowid DESC LIMIT ?
+    ) sub ORDER BY _rid ASC
   `).all(convId, limit);
 }
 
-// Cursor-based pagination: messages before a given ID
+// Cursor-based pagination: messages before a given message id.
+// Use rowid for comparison — message.id is random hex so `id < ?` is meaningless.
 export function getMessagesBefore(convId: string, beforeId: string, limit = 20) {
   return db.prepare(`
     SELECT * FROM (
-      SELECT * FROM messages
-      WHERE conversation_id = ? AND id < ?
-      ORDER BY id DESC LIMIT ?
-    ) sub ORDER BY id ASC
+      SELECT messages.*, messages.rowid AS _rid FROM messages
+      WHERE conversation_id = ?
+        AND messages.rowid < (SELECT rowid FROM messages WHERE id = ?)
+      ORDER BY messages.rowid DESC LIMIT ?
+    ) sub ORDER BY _rid ASC
   `).all(convId, beforeId, limit);
 }