neoagent 2.3.1-beta.98 → 2.4.0

package/.env.example

@@ -116,12 +116,15 @@ MINIMAX_API_KEY=your-minimax-api-key-here
 # Set via: neoagent login github-copilot
 GITHUB_COPILOT_ACCESS_TOKEN=
 
-# OpenAI Codex OAuth token — used for:
-#   • Codex-backed chat/coding models (gpt-5.3-codex, gpt-4.1-codex)
-# Set via: neoagent login openai-codex
+# OpenAI Codex access token — used for:
+#   • Codex-backed chat/coding models (gpt-5.5, gpt-5.4, gpt-5.4-mini)
+# Regular OpenAI API-key usage should use OPENAI_API_KEY and the normal OpenAI provider.
 OPENAI_CODEX_ACCESS_TOKEN=
 # Optional refresh token if your login flow returns it.
 OPENAI_CODEX_REFRESH_TOKEN=
+# Optional: ChatGPT account ID for the chatgpt-account-id header.
+# If not set, it is auto-decoded from the JWT in OPENAI_CODEX_ACCESS_TOKEN.
+# OPENAI_CODEX_ACCOUNT_ID=
 
 ########################################
 # Provider endpoint overrides

package/flutter_app/lib/main.dart

@@ -6,6 +6,7 @@ import 'dart:ui' show ImageFilter;
 
 import 'package:connectivity_plus/connectivity_plus.dart';
 import 'package:hotkey_manager/hotkey_manager.dart';
+import 'package:flutter/cupertino.dart' as cupertino;
 import 'package:flutter/foundation.dart';
 import 'package:flutter/gestures.dart';
 import 'package:flutter/material.dart';

package/flutter_app/lib/main_integrations.dart

@@ -175,6 +175,12 @@ class OfficialIntegrationsTab extends StatelessWidget {
                           label: '${item.availableToolCount} tools',
                           icon: Icons.build_outlined,
                         ),
+                        _MetaPill(
+                          label: item.memoryCoverage.supported
+                              ? 'Memory ${item.memoryCoverage.statusLabel}'
+                              : 'No memory sync',
+                          icon: Icons.psychology_alt_outlined,
+                        ),
                       ],
                     ),
                     const SizedBox(height: 10),
@@ -255,6 +261,7 @@ Future<void> _showTrelloSetupDialog(
   final apiKeyController = TextEditingController(text: savedApiKey);
   final tokenInputController = TextEditingController();
 
+  if (!context.mounted) return;
   await showDialog<void>(
     context: context,
     barrierDismissible: false,
@@ -426,8 +433,7 @@ Future<void> _showTrelloSetupDialog(
                             }
                             final url = authorizeUrl.isNotEmpty
                                 ? authorizeUrl
-                                : 'https://trello.com/1/authorize?expiration=never&scope=read,write,account&response_type=token&key=' +
-                                      Uri.encodeComponent(effectiveApiKey);
+                                : 'https://trello.com/1/authorize?expiration=never&scope=read,write,account&response_type=token&key=${Uri.encodeComponent(effectiveApiKey)}';
                             final result = await controller._oauthLauncher
                                 .openExternal(url: url, label: 'Trello');
                             if (!result.launched) {
@@ -659,6 +665,12 @@ class _OfficialIntegrationAppCard extends StatelessWidget {
                               label: '${app.availableToolCount} tools',
                               icon: Icons.build_circle_outlined,
                             ),
+                            _MetaPill(
+                              label: app.memoryCoverage.supported
+                                  ? 'Memory ${app.memoryCoverage.statusLabel}'
+                                  : 'No memory sync',
+                              icon: Icons.psychology_alt_outlined,
+                            ),
                           ],
                         ),
                       ],
@@ -715,6 +727,13 @@ class _OfficialIntegrationAppCard extends StatelessWidget {
                         'Access: ${account.accessModeLabel}',
                         style: TextStyle(color: _textSecondary),
                       ),
+                      if (account.memoryCoverage.supported) ...<Widget>[
+                        const SizedBox(height: 4),
+                        Text(
+                          'Memory: ${account.memoryCoverage.statusLabel}',
+                          style: TextStyle(color: _textSecondary),
+                        ),
+                      ],
                       const SizedBox(height: 12),
                       Wrap(
                         spacing: 8,

package/flutter_app/lib/main_models.dart

@@ -2565,6 +2565,7 @@ class OfficialIntegrationAppItem {
     ),
     this.accounts = const <OfficialIntegrationAccountItem>[],
     this.availableToolCount = 0,
+    this.memoryCoverage = const OfficialIntegrationMemoryCoverage(),
   });
 
   factory OfficialIntegrationAppItem.fromJson(Map<dynamic, dynamic> json) {
@@ -2583,6 +2584,9 @@ class OfficialIntegrationAppItem {
                 .toList()
           : const <OfficialIntegrationAccountItem>[],
       availableToolCount: _asInt(json['availableToolCount']),
+      memoryCoverage: OfficialIntegrationMemoryCoverage.fromJson(
+        _jsonMap(json['memoryCoverage']),
+      ),
     );
   }
 
@@ -2592,6 +2596,7 @@ class OfficialIntegrationAppItem {
   final OfficialIntegrationConnectionStatus connection;
   final List<OfficialIntegrationAccountItem> accounts;
   final int availableToolCount;
+  final OfficialIntegrationMemoryCoverage memoryCoverage;
 
   bool get isConnected => connection.connected;
 
@@ -2676,6 +2681,51 @@ class OfficialIntegrationConnectionStatus {
   }
 }
 
+class OfficialIntegrationMemoryCoverage {
+  const OfficialIntegrationMemoryCoverage({
+    this.supported = false,
+    this.contributesToMemory = false,
+    this.contributesToTaskExecution = false,
+    this.status = 'not_supported',
+    this.dataDomains = const <String>[],
+    this.documentCount = 0,
+    this.lastRefreshAt,
+    this.nextRefreshAt,
+    this.error,
+  });
+
+  factory OfficialIntegrationMemoryCoverage.fromJson(
+    Map<dynamic, dynamic> json,
+  ) {
+    final domainsRaw = json['dataDomains'];
+    return OfficialIntegrationMemoryCoverage(
+      supported: json['supported'] == true,
+      contributesToMemory: json['contributesToMemory'] == true,
+      contributesToTaskExecution: json['contributesToTaskExecution'] == true,
+      status: json['status']?.toString() ?? 'not_supported',
+      dataDomains: domainsRaw is List
+          ? domainsRaw.map((item) => item.toString()).toList()
+          : const <String>[],
+      documentCount: _asInt(json['documentCount']),
+      lastRefreshAt: _parseOptionalTimestamp(json['lastRefreshAt']?.toString()),
+      nextRefreshAt: _parseOptionalTimestamp(json['nextRefreshAt']?.toString()),
+      error: json['error']?.toString(),
+    );
+  }
+
+  final bool supported;
+  final bool contributesToMemory;
+  final bool contributesToTaskExecution;
+  final String status;
+  final List<String> dataDomains;
+  final int documentCount;
+  final DateTime? lastRefreshAt;
+  final DateTime? nextRefreshAt;
+  final String? error;
+
+  String get statusLabel => _titleCase(status.replaceAll('_', ' '));
+}
+
 class OfficialIntegrationAccountItem {
   const OfficialIntegrationAccountItem({
     required this.id,
@@ -2684,6 +2734,7 @@ class OfficialIntegrationAccountItem {
     this.accountEmail,
     this.lastConnectedAt,
     this.accessMode = 'read_write',
+    this.memoryCoverage = const OfficialIntegrationMemoryCoverage(),
   });
 
   factory OfficialIntegrationAccountItem.fromJson(Map<dynamic, dynamic> json) {
@@ -2696,6 +2747,9 @@ class OfficialIntegrationAccountItem {
         json['lastConnectedAt']?.toString(),
       ),
       accessMode: json['accessMode']?.toString() ?? 'read_write',
+      memoryCoverage: OfficialIntegrationMemoryCoverage.fromJson(
+        _jsonMap(json['memoryCoverage']),
+      ),
     );
   }
 
@@ -2705,6 +2759,7 @@ class OfficialIntegrationAccountItem {
   final String? accountEmail;
   final DateTime? lastConnectedAt;
   final String accessMode;
+  final OfficialIntegrationMemoryCoverage memoryCoverage;
 
   bool get isExpired => status == 'expired';
 
@@ -2733,6 +2788,7 @@ class OfficialIntegrationItem {
     this.connectPrompt,
     this.supportsMultipleAccounts = true,
     this.connectionMethod = 'oauth',
+    this.memoryCoverage = const OfficialIntegrationMemoryCoverage(),
   });
 
   factory OfficialIntegrationItem.fromJson(Map<dynamic, dynamic> json) {
@@ -2756,6 +2812,9 @@ class OfficialIntegrationItem {
       connectPrompt: json['connectPrompt']?.toString(),
       supportsMultipleAccounts: json['supportsMultipleAccounts'] != false,
       connectionMethod: json['connectionMethod']?.toString() ?? 'oauth',
+      memoryCoverage: OfficialIntegrationMemoryCoverage.fromJson(
+        _jsonMap(json['memoryCoverage']),
+      ),
     );
   }
 
@@ -2770,6 +2829,7 @@ class OfficialIntegrationItem {
   final String? connectPrompt;
   final bool supportsMultipleAccounts;
   final String connectionMethod;
+  final OfficialIntegrationMemoryCoverage memoryCoverage;
 
   bool get isConnected => connection.connected;
 

package/flutter_app/lib/main_theme.dart

@@ -224,8 +224,8 @@ ThemeData _buildNeoAgentTheme(NeoAgentPalette palette, Brightness brightness) {
     pageTransitionsTheme: const PageTransitionsTheme(
       builders: <TargetPlatform, PageTransitionsBuilder>{
         TargetPlatform.android: FadeForwardsPageTransitionsBuilder(),
-        TargetPlatform.iOS: CupertinoPageTransitionsBuilder(),
-        TargetPlatform.macOS: CupertinoPageTransitionsBuilder(),
+        TargetPlatform.iOS: _NeoAgentCupertinoPageTransitionsBuilder(),
+        TargetPlatform.macOS: _NeoAgentCupertinoPageTransitionsBuilder(),
         TargetPlatform.windows: FadeForwardsPageTransitionsBuilder(),
         TargetPlatform.linux: FadeForwardsPageTransitionsBuilder(),
       },
@@ -274,3 +274,32 @@ ThemeData _buildNeoAgentTheme(NeoAgentPalette palette, Brightness brightness) {
     ),
   );
 }
+
+class _NeoAgentCupertinoPageTransitionsBuilder extends PageTransitionsBuilder {
+  const _NeoAgentCupertinoPageTransitionsBuilder();
+
+  @override
+  Duration get transitionDuration =>
+      cupertino.CupertinoRouteTransitionMixin.kTransitionDuration;
+
+  @override
+  DelegatedTransitionBuilder? get delegatedTransition =>
+      cupertino.CupertinoPageTransition.delegatedTransition;
+
+  @override
+  Widget buildTransitions<T>(
+    PageRoute<T> route,
+    BuildContext context,
+    Animation<double> animation,
+    Animation<double> secondaryAnimation,
+    Widget child,
+  ) {
+    return cupertino.CupertinoRouteTransitionMixin.buildPageTransitions<T>(
+      route,
+      context,
+      animation,
+      secondaryAnimation,
+      child,
+    );
+  }
+}

package/flutter_app/macos/Runner/AppDelegate.swift

@@ -302,7 +302,17 @@ final class DesktopCompanionNativePlugin: NSObject {
   }
 
   private func preflightScreenCapturePermission() -> Bool {
-    CGPreflightScreenCaptureAccess()
+    if CGPreflightScreenCaptureAccess() { return true }
+    // CGPreflightScreenCaptureAccess() caches the result per-process on macOS 14+
+    // and won't reflect a System Settings grant until the app restarts. Fall back to
+    // a live 1×1 capture probe which returns nil when recording is actually blocked.
+    let probe = CGWindowListCreateImage(
+      CGRect(x: 0, y: 0, width: 1, height: 1),
+      .optionOnScreenOnly,
+      kCGNullWindowID,
+      .bestResolution
+    )
+    return probe != nil
   }
 
   private func isAccessibilityTrusted() -> Bool {

package/flutter_app/macos/Runner/DebugProfile.entitlements

@@ -12,5 +12,9 @@
 	<true/>
 	<key>com.apple.security.network.server</key>
 	<true/>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
+	</array>
 </dict>
 </plist>

package/flutter_app/macos/Runner/Release.entitlements

@@ -8,5 +8,9 @@
 	<true/>
 	<key>com.apple.security.network.client</key>
 	<true/>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
+	</array>
 </dict>
 </plist>

package/flutter_app/pubspec.lock

@@ -594,10 +594,10 @@ packages:
     dependency: transitive
     description:
       name: meta
-      sha256: "23f08335362185a5ea2ad3a4e597f1375e78bce8a040df5c600c8d3552ef2394"
+      sha256: "1741988757a65eb6b36abe716829688cf01910bbf91c34354ff7ec1c3de2b349"
       url: "https://pub.dev"
     source: hosted
-    version: "1.17.0"
+    version: "1.18.0"
   mixpanel_flutter:
     dependency: "direct main"
     description:
@@ -1039,10 +1039,10 @@ packages:
     dependency: transitive
     description:
       name: test_api
-      sha256: "8161c84903fd860b26bfdefb7963b3f0b68fee7adea0f59ef805ecca346f0c7a"
+      sha256: "949a932224383300f01be9221c39180316445ecb8e7547f70a41a35bf421fb9e"
       url: "https://pub.dev"
     source: hosted
-    version: "0.7.10"
+    version: "0.7.11"
   tray_manager:
     dependency: "direct main"
     description:
@@ -1252,5 +1252,5 @@ packages:
     source: hosted
     version: "6.6.1"
 sdks:
-  dart: ">=3.9.2 <4.0.0"
+  dart: ">=3.10.0-0 <4.0.0"
   flutter: ">=3.35.0"

package/lib/manager.js

@@ -5,6 +5,7 @@ const net = require('net');
 const crypto = require('crypto');
 const readline = require('readline');
 const { spawn, spawnSync } = require('child_process');
+const { CLAUDE_CODE_SCOPES } = require('../server/services/ai/providers/claudeCode');
 const {
   buildBundledWebClientIfPossible: buildWebClient,
   commandExists: sharedCommandExists,
@@ -786,10 +787,168 @@ async function pollDeviceCode({ pollUrl, pollBody, pollHeaders = {}, intervalMs,
   throw new Error('Authentication timed out after 15 minutes.');
 }
 
+async function cmdLoginClaudeCode() {
+  heading('Claude Code Login');
+
+  // Check for Claude CLI credential file first (set by `claude login`)
+  const cliCredsPath = path.join(os.homedir(), '.claude', '.credentials.json');
+  if (fs.existsSync(cliCredsPath)) {
+    try {
+      const raw = fs.readFileSync(cliCredsPath, 'utf8');
+      const data = JSON.parse(raw);
+      const token = data?.claudeAiOauthTokens?.accessToken;
+      if (token) {
+        upsertEnvValue('CLAUDE_CODE_OAUTH_TOKEN', token);
+        logOk('Imported access token from Claude CLI credentials store');
+        logInfo('Restarting NeoAgent to apply credentials...');
+        cmdRestart();
+        return;
+      }
+    } catch { }
+  }
+
+  // Browser-based PKCE OAuth flow.
+  // client_id is the metadata URL per claude.ai's dynamic client registration.
+  // Redirect URIs registered: http://localhost/callback and http://127.0.0.1/callback (port 80).
+  // Per RFC 8252 §7.3, servers SHOULD allow any loopback port — we try high ports first
+  // and fall back to 80 if everything else is occupied.
+  const http = require('http');
+  const { URL: NodeURL } = require('url');
+
+  const clientId = '9d1c250a-e61b-44d9-88ed-5944d1962f5e';
+  const SCOPES = CLAUDE_CODE_SCOPES;
+
+  // The registered redirect URIs are http://localhost/callback and http://127.0.0.1/callback
+  // (port 80). The OAuth server validates the URI exactly, so we must use port 80.
+  // Dynamic high port — the server accepts http://localhost:{any-port}/callback per RFC 8252.
+  const redirectPort = Math.floor(Math.random() * 10000) + 49152;
+  const redirectUri = `http://localhost:${redirectPort}/callback`;
+
+  // Generate PKCE verifier and challenge
+  const codeVerifier = crypto.randomBytes(48).toString('base64url');
+  const codeChallenge = crypto
+    .createHash('sha256')
+    .update(codeVerifier)
+    .digest('base64url');
+
+  const state = crypto.randomBytes(16).toString('hex');
+
+  const authUrl = new URL('https://platform.claude.com/oauth/authorize');
+  authUrl.searchParams.set('response_type', 'code');
+  authUrl.searchParams.set('client_id', clientId);
+  authUrl.searchParams.set('redirect_uri', redirectUri);
+  authUrl.searchParams.set('scope', SCOPES);
+  authUrl.searchParams.set('code_challenge', codeChallenge);
+  authUrl.searchParams.set('code_challenge_method', 'S256');
+  authUrl.searchParams.set('state', state);
+
+  console.log(`\n  ${COLORS.cyan}Opening browser for Claude Code authorization...${COLORS.reset}`);
+  console.log(`  ${COLORS.dim}If the browser doesn't open, visit:${COLORS.reset}`);
+  console.log(`  ${authUrl.toString()}\n`);
+
+  // Open browser
+  const openCmd = process.platform === 'darwin' ? 'open'
+    : process.platform === 'win32' ? 'start'
+    : 'xdg-open';
+  spawnSync(openCmd, [authUrl.toString()], { stdio: 'ignore' });
+
+  // Start local redirect server to capture authorization code
+  const authCode = await new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      server.close();
+      reject(new Error('Claude Code authorization timed out after 5 minutes.'));
+    }, 5 * 60 * 1000);
+
+    const server = http.createServer((req, res) => {
+      try {
+        const reqUrl = new NodeURL(req.url, redirectUri);
+        const code = reqUrl.searchParams.get('code');
+        const returnedState = reqUrl.searchParams.get('state');
+        const error = reqUrl.searchParams.get('error');
+
+        if (error) {
+          res.writeHead(200, { 'Content-Type': 'text/html' });
+          res.end('<html><body><h2>Authorization failed.</h2><p>You can close this tab.</p></body></html>');
+          clearTimeout(timeout);
+          server.close();
+          reject(new Error(`OAuth error: ${error}`));
+          return;
+        }
+
+        if (returnedState && returnedState !== state) {
+          res.writeHead(200, { 'Content-Type': 'text/html' });
+          res.end('<html><body><h2>Authorization failed.</h2><p>State mismatch. You can close this tab.</p></body></html>');
+          clearTimeout(timeout);
+          server.close();
+          reject(new Error('OAuth state mismatch — possible CSRF attempt.'));
+          return;
+        }
+
+        if (code) {
+          res.writeHead(200, { 'Content-Type': 'text/html' });
+          res.end('<html><body><h2>Authorization successful!</h2><p>You can close this tab and return to the terminal.</p></body></html>');
+          clearTimeout(timeout);
+          server.close();
+          resolve(code);
+        }
+      } catch (err) {
+        res.writeHead(500);
+        res.end('Internal error');
+      }
+    });
+
+    server.listen(redirectPort, 'localhost', () => {
+      logInfo(`Waiting for OAuth callback on ${redirectUri} ...`);
+    });
+    server.on('error', (err) => {
+      clearTimeout(timeout);
+      reject(new Error(`Could not start OAuth callback server: ${err.message}`));
+    });
+  });
+
+  logInfo('Exchanging authorization code for access token...');
+  const tokenRes = await fetch('https://platform.claude.com/v1/oauth/token', {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Accept': 'application/json',
+      'anthropic-version': '2023-06-01',
+    },
+    body: JSON.stringify({
+      grant_type: 'authorization_code',
+      code: authCode,
+      redirect_uri: redirectUri,
+      client_id: clientId,
+      code_verifier: codeVerifier,
+      scope: SCOPES,
+      state,
+    }),
+  });
+
+  if (!tokenRes.ok) {
+    const text = await tokenRes.text().catch(() => 'Unknown error');
+    throw new Error(`Token exchange failed: HTTP ${tokenRes.status} — ${text}`);
+  }
+
+  const tokenData = await tokenRes.json();
+  const accessToken = tokenData.access_token;
+  if (!accessToken) {
+    throw new Error('Token exchange succeeded but no access_token was returned.');
+  }
+
+  upsertEnvValue('CLAUDE_CODE_OAUTH_TOKEN', accessToken);
+  if (tokenData.refresh_token) {
+    upsertEnvValue('CLAUDE_CODE_REFRESH_TOKEN', tokenData.refresh_token);
+  }
+  logOk('Saved Claude Code OAuth token to .env');
+  logInfo('Restarting NeoAgent to apply credentials...');
+  cmdRestart();
+}
+
 async function cmdLogin(args = []) {
   const provider = args[0];
-  if (provider !== 'github-copilot' && provider !== 'openai-codex') {
-    throw new Error(`Unsupported login provider: ${provider || 'none'}. Available: github-copilot, openai-codex`);
+  if (provider !== 'github-copilot' && provider !== 'openai-codex' && provider !== 'claude-code') {
+    throw new Error(`Unsupported login provider: ${provider || 'none'}. Available: github-copilot, openai-codex, claude-code`);
   }
 
   if (provider === 'github-copilot') {
@@ -893,6 +1052,8 @@ async function cmdLogin(args = []) {
     logOk('Saved OpenAI Codex tokens to .env');
     logInfo('Restarting NeoAgent to apply credentials...');
     cmdRestart();
+  } else if (provider === 'claude-code') {
+    await cmdLoginClaudeCode();
   }
 }
 
@@ -1471,6 +1632,7 @@ function printHelp() {
   row('update stable|beta',  'Update and switch channel');
   row('login github-copilot','Authenticate GitHub Copilot');
   row('login openai-codex',  'Authenticate OpenAI Codex');
+  row('login claude-code',   'Authenticate Claude Code');
   console.log('');
 
   console.log(`${c.bold}Maintenance${c.reset}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "neoagent",
-  "version": "2.3.1-beta.98",
+  "version": "2.4.0",
   "description": "Proactive personal AI agent with no limits",
   "license": "MIT",
   "main": "server/index.js",

package/server/db/database.js

@@ -614,6 +614,78 @@ db.exec(`
     FOREIGN KEY (agent_id) REFERENCES agents(id) ON DELETE CASCADE
   );
 
+  CREATE TABLE IF NOT EXISTS memory_ingestion_jobs (
+    id TEXT PRIMARY KEY,
+    user_id INTEGER NOT NULL,
+    agent_id TEXT,
+    source_type TEXT NOT NULL,
+    provider_key TEXT DEFAULT '',
+    connection_id INTEGER,
+    status TEXT DEFAULT 'pending',
+    freshness_policy_json TEXT DEFAULT '{}',
+    cursor_json TEXT DEFAULT '{}',
+    summary_json TEXT DEFAULT '{}',
+    metadata_json TEXT DEFAULT '{}',
+    document_count INTEGER DEFAULT 0,
+    error_text TEXT,
+    started_at TEXT DEFAULT (datetime('now')),
+    completed_at TEXT,
+    next_sync_at TEXT,
+    created_at TEXT DEFAULT (datetime('now')),
+    updated_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+    FOREIGN KEY (agent_id) REFERENCES agents(id) ON DELETE SET NULL,
+    FOREIGN KEY (connection_id) REFERENCES integration_connections(id) ON DELETE SET NULL
+  );
+
+  CREATE TABLE IF NOT EXISTS memory_ingestion_documents (
+    id TEXT PRIMARY KEY,
+    user_id INTEGER NOT NULL,
+    agent_id TEXT,
+    source_type TEXT NOT NULL,
+    normalized_type TEXT NOT NULL,
+    provider_key TEXT DEFAULT '',
+    connection_id INTEGER NOT NULL DEFAULT 0,
+    external_object_id TEXT NOT NULL,
+    source_account TEXT,
+    title TEXT,
+    content TEXT NOT NULL,
+    summary TEXT,
+    salience INTEGER DEFAULT 5,
+    source_timestamp TEXT,
+    metadata_json TEXT DEFAULT '{}',
+    payload_json TEXT DEFAULT '{}',
+    created_at TEXT DEFAULT (datetime('now')),
+    updated_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+    FOREIGN KEY (agent_id) REFERENCES agents(id) ON DELETE SET NULL,
+    UNIQUE(user_id, agent_id, source_type, provider_key, connection_id, external_object_id)
+  );
+
+  CREATE TABLE IF NOT EXISTS materialized_knowledge_views (
+    id TEXT PRIMARY KEY,
+    user_id INTEGER NOT NULL,
+    agent_id TEXT,
+    view_type TEXT NOT NULL,
+    subject_key TEXT NOT NULL,
+    title TEXT NOT NULL,
+    summary TEXT,
+    markdown_text TEXT,
+    source_memory_ids_json TEXT DEFAULT '[]',
+    source_document_ids_json TEXT DEFAULT '[]',
+    metadata_json TEXT DEFAULT '{}',
+    created_at TEXT DEFAULT (datetime('now')),
+    updated_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+    FOREIGN KEY (agent_id) REFERENCES agents(id) ON DELETE SET NULL,
+    UNIQUE(user_id, agent_id, view_type, subject_key)
+  );
+
+  CREATE INDEX IF NOT EXISTS idx_memory_ingestion_jobs_user ON memory_ingestion_jobs(user_id, agent_id, source_type, updated_at DESC);
+  CREATE INDEX IF NOT EXISTS idx_memory_ingestion_documents_user ON memory_ingestion_documents(user_id, agent_id, source_type, updated_at DESC);
+  CREATE INDEX IF NOT EXISTS idx_memory_ingestion_documents_provider ON memory_ingestion_documents(user_id, agent_id, provider_key, connection_id, updated_at DESC);
+  CREATE INDEX IF NOT EXISTS idx_materialized_knowledge_views_user ON materialized_knowledge_views(user_id, agent_id, view_type, updated_at DESC);
+
   CREATE TABLE IF NOT EXISTS agent_run_events (
     id INTEGER PRIMARY KEY AUTOINCREMENT,
     run_id TEXT NOT NULL,
@@ -1698,6 +1770,19 @@ function migrateUsersDisplayName() {
 }
 migrateUsersDisplayName();
 
+function migrateIngestionDocumentsConnectionId() {
+  // connection_id was initially nullable; NULL breaks the UNIQUE dedup constraint.
+  // Coerce any existing NULLs to 0 so the unique index works as intended.
+  try {
+    db.prepare(
+      `UPDATE memory_ingestion_documents SET connection_id = 0 WHERE connection_id IS NULL`
+    ).run();
+  } catch {
+    // Table may not exist yet on first boot; the schema DDL handles that case.
+  }
+}
+migrateIngestionDocumentsConnectionId();
+
 try {
   db.exec(`
     INSERT OR REPLACE INTO conversation_history_fts(rowid, content, role, user_id, agent_id, agent_run_id)

package/server/public/.last_build_id

@@ -1 +1 @@
-6f6cc24da974d5c068bae827d247b523
+18f90bb9a4d3bcea22e501f688e05b77