vellum 0.2.10 → 0.2.12

package/src/daemon/lifecycle.ts

@@ -1,7 +1,8 @@
 import { spawn } from 'node:child_process';
 import { randomBytes } from 'node:crypto';
-import { cpSync, mkdirSync, readFileSync, writeFileSync, unlinkSync, existsSync, openSync, closeSync, chmodSync } from 'node:fs';
-import { join, resolve } from 'node:path';
+import { mkdirSync, readFileSync, writeFileSync, unlinkSync, existsSync, openSync, closeSync, chmodSync } from 'node:fs';
+import { createRequire } from 'node:module';
+import { dirname, join, resolve } from 'node:path';
 import { config as dotenvConfig } from 'dotenv';
 import * as Sentry from '@sentry/node';
 import {
@@ -21,6 +22,7 @@ import { initializeProviders } from '../providers/registry.js';
 import { initializeTools } from '../tools/registry.js';
 import { loadConfig } from '../config/loader.js';
 import { ensurePromptFiles } from '../config/system-prompt.js';
+import { loadPrebuiltHtml } from '../home-base/prebuilt/seed.js';
 import { DaemonServer } from './server.js';
 import { listWorkItems, updateWorkItem } from '../work-items/work-item-store.js';
 import { getLogger, initLogger } from '../util/logger.js';
@@ -271,11 +273,38 @@ export async function runDaemon(): Promise<void> {
 
   log.info('Daemon startup: migrations complete');
 
-  const seedDir = process.env.INTERFACES_SEED_DIR?.trim();
-  if (seedDir && existsSync(seedDir)) {
-    const interfacesDir = getInterfacesDir();
-    cpSync(seedDir, interfacesDir, { recursive: true });
-    log.info({ seedDir, interfacesDir }, 'Seeded initial interface files');
+  // Seed the TUI main-window interface from the CLI package's DefaultMainScreen
+  // component so the remote runtime can serve it without the old INTERFACES_SEED
+  // environment variable.
+  const tuiDir = join(getInterfacesDir(), 'tui');
+  const mainWindowPath = join(tuiDir, 'main-window.tsx');
+  if (!existsSync(mainWindowPath)) {
+    try {
+      const require = createRequire(import.meta.url);
+      const cliPkgPath = require.resolve('@vellumai/cli/package.json');
+      const cliRoot = dirname(cliPkgPath);
+      const source = readFileSync(join(cliRoot, 'src', 'components', 'DefaultMainScreen.tsx'), 'utf-8');
+      mkdirSync(tuiDir, { recursive: true });
+      writeFileSync(mainWindowPath, source);
+      log.info('Seeded tui/main-window.tsx from @vellumai/cli');
+    } catch (err) {
+      log.warn({ err }, 'Could not seed tui/main-window.tsx from CLI package');
+    }
+  }
+
+  // Seed the vellum-desktop interface from the prebuilt Home Base HTML if it
+  // doesn't already exist. This ensures the Home tab renders immediately
+  // on first launch for both local and remote hatches.
+  const desktopIndexPath = join(getInterfacesDir(), 'vellum-desktop', 'index.html');
+  if (!existsSync(desktopIndexPath)) {
+    const prebuiltHtml = loadPrebuiltHtml();
+    if (prebuiltHtml) {
+      mkdirSync(join(getInterfacesDir(), 'vellum-desktop'), { recursive: true });
+      writeFileSync(desktopIndexPath, prebuiltHtml);
+      log.info('Seeded vellum-desktop/index.html from prebuilt Home Base');
+    } else {
+      log.warn('Could not seed vellum-desktop/index.html — prebuilt HTML not found (missing embedded index.html in home-base/prebuilt/)');
+    }
   }
 
   log.info('Daemon startup: installing templates and initializing DB');

package/src/home-base/prebuilt/seed.ts

@@ -31,7 +31,7 @@ function loadSeedMetadata(): SeedMetadata {
   return seedMetadataJson as SeedMetadata;
 }
 
-function loadPrebuiltHtml(): string | null {
+export function loadPrebuiltHtml(): string | null {
   try {
     return readFileSync(join(getPrebuiltDir(), 'index.html'), 'utf-8');
   } catch {

package/src/memory/db.ts

@@ -592,6 +592,42 @@ export function initializeDb(): void {
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_items_scope_id ON memory_items(scope_id)`);
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_summaries_scope_id ON memory_summaries(scope_id)`);
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_conversation_keys_key ON conversation_keys(conversation_key)`);
+  // Deduplicate before creating unique index — existing DBs may have duplicate content_hash values.
+  // Re-point message_attachments to the survivor (MIN rowid per content_hash), then delete dupes.
+  {
+    const raw = (database as unknown as { $client: Database }).$client;
+    raw.exec(/*sql*/ `
+      UPDATE message_attachments
+      SET attachment_id = (
+        SELECT a_survivor.id
+        FROM attachments a_survivor
+        WHERE a_survivor.content_hash = (
+          SELECT a_dup.content_hash FROM attachments a_dup
+          WHERE a_dup.id = message_attachments.attachment_id
+        )
+        ORDER BY a_survivor.rowid
+        LIMIT 1
+      )
+      WHERE attachment_id IN (
+        SELECT id FROM attachments
+        WHERE content_hash IS NOT NULL
+          AND rowid NOT IN (
+            SELECT MIN(rowid) FROM attachments
+            WHERE content_hash IS NOT NULL
+            GROUP BY content_hash
+          )
+      )
+    `);
+    raw.exec(/*sql*/ `
+      DELETE FROM attachments
+      WHERE content_hash IS NOT NULL
+        AND rowid NOT IN (
+          SELECT MIN(rowid) FROM attachments
+          WHERE content_hash IS NOT NULL
+          GROUP BY content_hash
+        )
+    `);
+  }
   database.run(/*sql*/ `CREATE UNIQUE INDEX IF NOT EXISTS idx_attachments_content_dedup ON attachments(content_hash) WHERE content_hash IS NOT NULL`);
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_message_attachments_message_id ON message_attachments(message_id)`);
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_message_attachments_attachment_id ON message_attachments(attachment_id)`);

package/src/security/oauth2.ts

@@ -103,7 +103,7 @@ async function exchangeCodeForTokens(
 
   if (!tokenResp.ok) {
     const rawBody = await tokenResp.text().catch(() => '');
-    let safeDetail: Record<string, unknown> = {};
+    const safeDetail: Record<string, unknown> = {};
     let errorCode = '';
     try {
       const parsed = JSON.parse(rawBody) as Record<string, unknown>;
@@ -149,9 +149,9 @@ async function runGatewayFlow(
   codeChallenge: string,
   state: string,
 ): Promise<OAuth2FlowResult> {
-  const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
-  const { getOAuthCallbackUrl } = require('../inbound/public-ingress-urls.js') as typeof import('../inbound/public-ingress-urls.js');
-  const { registerPendingCallback } = require('./oauth-callback-registry.js') as typeof import('./oauth-callback-registry.js');
+  const { loadConfig } = await import('../config/loader.js');
+  const { getOAuthCallbackUrl } = await import('../inbound/public-ingress-urls.js');
+  const { registerPendingCallback } = await import('./oauth-callback-registry.js');
 
   const appConfig = loadConfig();
   const redirectUri = getOAuthCallbackUrl(appConfig);
@@ -193,7 +193,7 @@ async function runGatewayFlow(
 export async function startOAuth2Flow(
   config: OAuth2Config,
   callbacks: OAuth2FlowCallbacks,
-  options?: OAuth2FlowOptions,
+  _options?: OAuth2FlowOptions,
 ): Promise<OAuth2FlowResult> {
   const codeVerifier = generateCodeVerifier();
   const codeChallenge = generateCodeChallenge(codeVerifier);
@@ -202,8 +202,8 @@ export async function startOAuth2Flow(
   // Always enforce gateway transport and require a public ingress URL
   let hasPublicUrl = false;
   try {
-    const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
-    const { getPublicBaseUrl } = require('../inbound/public-ingress-urls.js') as typeof import('../inbound/public-ingress-urls.js');
+    const { loadConfig } = await import('../config/loader.js');
+    const { getPublicBaseUrl } = await import('../inbound/public-ingress-urls.js');
     getPublicBaseUrl(loadConfig());
     hasPublicUrl = true;
   } catch {
@@ -248,7 +248,7 @@ export async function refreshOAuth2Token(
 
   if (!resp.ok) {
     const rawBody = await resp.text().catch(() => '');
-    let safeDetail: Record<string, unknown> = {};
+    const safeDetail: Record<string, unknown> = {};
     let errorCode = '';
     try {
       const parsed = JSON.parse(rawBody) as Record<string, unknown>;

package/src/util/logger.ts

@@ -55,7 +55,7 @@ let activeLogFileConfig: LogFileConfig | null = null;
 
 function buildRotatingLogger(config: LogFileConfig): pino.Logger {
   if (!config.dir) {
-    return pino({ name: 'assistant' });
+    return pino({ name: 'assistant' }, pinoPretty({ destination: 1 }));
   }
 
   if (!existsSync(config.dir)) {
@@ -86,7 +86,7 @@ function buildRotatingLogger(config: LogFileConfig): pino.Logger {
     { name: 'assistant', level },
     pino.multistream([
       { stream: fileStream, level: 'info' as const },
-      { stream: pino.destination(1), level: 'info' as const },
+      { stream: pinoPretty({ destination: 1 }), level: 'info' as const },
     ]),
   );
 }
@@ -142,14 +142,14 @@ function getRootLogger(): pino.Logger {
           { level: 'info' },
           pino.multistream([
             { stream: fileStream, level: 'info' as const },
-            { stream: pino.destination(1), level: 'info' as const },
+            { stream: pinoPretty({ destination: 1 }), level: 'info' as const },
           ]),
         );
       } else {
         rootLogger = pino({ level: 'info' }, fileStream);
       }
     } catch {
-      rootLogger = pino({ level: process.env.VELLUM_DEBUG === '1' ? 'debug' : 'info' }, pino.destination(2));
+      rootLogger = pino({ level: process.env.VELLUM_DEBUG === '1' ? 'debug' : 'info' }, pinoPretty({ destination: 2 }));
     }
   }
   return rootLogger;