vellum 0.2.11 → 0.2.12

package/src/memory/db.ts

@@ -592,6 +592,42 @@ export function initializeDb(): void {
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_items_scope_id ON memory_items(scope_id)`);
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_summaries_scope_id ON memory_summaries(scope_id)`);
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_conversation_keys_key ON conversation_keys(conversation_key)`);
+  // Deduplicate before creating unique index — existing DBs may have duplicate content_hash values.
+  // Re-point message_attachments to the survivor (MIN rowid per content_hash), then delete dupes.
+  {
+    const raw = (database as unknown as { $client: Database }).$client;
+    raw.exec(/*sql*/ `
+      UPDATE message_attachments
+      SET attachment_id = (
+        SELECT a_survivor.id
+        FROM attachments a_survivor
+        WHERE a_survivor.content_hash = (
+          SELECT a_dup.content_hash FROM attachments a_dup
+          WHERE a_dup.id = message_attachments.attachment_id
+        )
+        ORDER BY a_survivor.rowid
+        LIMIT 1
+      )
+      WHERE attachment_id IN (
+        SELECT id FROM attachments
+        WHERE content_hash IS NOT NULL
+          AND rowid NOT IN (
+            SELECT MIN(rowid) FROM attachments
+            WHERE content_hash IS NOT NULL
+            GROUP BY content_hash
+          )
+      )
+    `);
+    raw.exec(/*sql*/ `
+      DELETE FROM attachments
+      WHERE content_hash IS NOT NULL
+        AND rowid NOT IN (
+          SELECT MIN(rowid) FROM attachments
+          WHERE content_hash IS NOT NULL
+          GROUP BY content_hash
+        )
+    `);
+  }
   database.run(/*sql*/ `CREATE UNIQUE INDEX IF NOT EXISTS idx_attachments_content_dedup ON attachments(content_hash) WHERE content_hash IS NOT NULL`);
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_message_attachments_message_id ON message_attachments(message_id)`);
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_message_attachments_attachment_id ON message_attachments(attachment_id)`);

package/src/security/oauth2.ts

@@ -103,7 +103,7 @@ async function exchangeCodeForTokens(
 
   if (!tokenResp.ok) {
     const rawBody = await tokenResp.text().catch(() => '');
-    let safeDetail: Record<string, unknown> = {};
+    const safeDetail: Record<string, unknown> = {};
     let errorCode = '';
     try {
       const parsed = JSON.parse(rawBody) as Record<string, unknown>;
@@ -149,9 +149,9 @@ async function runGatewayFlow(
   codeChallenge: string,
   state: string,
 ): Promise<OAuth2FlowResult> {
-  const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
-  const { getOAuthCallbackUrl } = require('../inbound/public-ingress-urls.js') as typeof import('../inbound/public-ingress-urls.js');
-  const { registerPendingCallback } = require('./oauth-callback-registry.js') as typeof import('./oauth-callback-registry.js');
+  const { loadConfig } = await import('../config/loader.js');
+  const { getOAuthCallbackUrl } = await import('../inbound/public-ingress-urls.js');
+  const { registerPendingCallback } = await import('./oauth-callback-registry.js');
 
   const appConfig = loadConfig();
   const redirectUri = getOAuthCallbackUrl(appConfig);
@@ -193,7 +193,7 @@ async function runGatewayFlow(
 export async function startOAuth2Flow(
   config: OAuth2Config,
   callbacks: OAuth2FlowCallbacks,
-  options?: OAuth2FlowOptions,
+  _options?: OAuth2FlowOptions,
 ): Promise<OAuth2FlowResult> {
   const codeVerifier = generateCodeVerifier();
   const codeChallenge = generateCodeChallenge(codeVerifier);
@@ -202,8 +202,8 @@ export async function startOAuth2Flow(
   // Always enforce gateway transport and require a public ingress URL
   let hasPublicUrl = false;
   try {
-    const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
-    const { getPublicBaseUrl } = require('../inbound/public-ingress-urls.js') as typeof import('../inbound/public-ingress-urls.js');
+    const { loadConfig } = await import('../config/loader.js');
+    const { getPublicBaseUrl } = await import('../inbound/public-ingress-urls.js');
     getPublicBaseUrl(loadConfig());
     hasPublicUrl = true;
   } catch {
@@ -248,7 +248,7 @@ export async function refreshOAuth2Token(
 
   if (!resp.ok) {
     const rawBody = await resp.text().catch(() => '');
-    let safeDetail: Record<string, unknown> = {};
+    const safeDetail: Record<string, unknown> = {};
     let errorCode = '';
     try {
       const parsed = JSON.parse(rawBody) as Record<string, unknown>;

package/src/util/logger.ts

@@ -55,7 +55,7 @@ let activeLogFileConfig: LogFileConfig | null = null;
 
 function buildRotatingLogger(config: LogFileConfig): pino.Logger {
   if (!config.dir) {
-    return pino({ name: 'assistant' });
+    return pino({ name: 'assistant' }, pinoPretty({ destination: 1 }));
   }
 
   if (!existsSync(config.dir)) {
@@ -86,7 +86,7 @@ function buildRotatingLogger(config: LogFileConfig): pino.Logger {
     { name: 'assistant', level },
     pino.multistream([
       { stream: fileStream, level: 'info' as const },
-      { stream: pino.destination(1), level: 'info' as const },
+      { stream: pinoPretty({ destination: 1 }), level: 'info' as const },
     ]),
   );
 }
@@ -142,14 +142,14 @@ function getRootLogger(): pino.Logger {
           { level: 'info' },
           pino.multistream([
             { stream: fileStream, level: 'info' as const },
-            { stream: pino.destination(1), level: 'info' as const },
+            { stream: pinoPretty({ destination: 1 }), level: 'info' as const },
           ]),
         );
       } else {
         rootLogger = pino({ level: 'info' }, fileStream);
       }
     } catch {
-      rootLogger = pino({ level: process.env.VELLUM_DEBUG === '1' ? 'debug' : 'info' }, pino.destination(2));
+      rootLogger = pino({ level: process.env.VELLUM_DEBUG === '1' ? 'debug' : 'info' }, pinoPretty({ destination: 2 }));
     }
   }
   return rootLogger;