@vellumai/assistant 0.10.1 → 0.10.2-dev.202606241651.2d2b40d

package/src/daemon/event-loop-watchdog.ts

@@ -33,6 +33,7 @@
 
 import * as Sentry from "@sentry/node";
 
+import { recordWatchdogEvent } from "../memory/watchdog-events-store.js";
 import { getLogger } from "../util/logger.js";
 
 const log = getLogger("event-loop-watchdog");
@@ -74,11 +75,37 @@ export function evaluateTick(
   return { blockedMs, exceeded: blockedMs >= thresholdMs };
 }
 
+/**
+ * Check name emitted for event-loop block events. The platform's
+ * `watchdog__event_loop_blocking_daily` admin query filters `check_name` to
+ * this exact string, so it is the primary group-by dimension downstream —
+ * keep it stable.
+ */
+export const EVENT_LOOP_BLOCKED_CHECK_NAME = "event_loop_blocked";
+
 function reportBlock(blockedMs: number, thresholdMs: number): void {
   log.warn(
     { blockedMs, thresholdMs, tickIntervalMs: TICK_INTERVAL_MS },
     "event loop blocked",
   );
+  // Persist a `watchdog` telemetry event so the platform can surface
+  // event-loop blocking in the infrastructure admin chart. `recordWatchdogEvent`
+  // no-ops when usage-data collection is disabled (the event is dropped to
+  // honor the opt-out), so the watchdog runs unconditionally without leaking
+  // health data for opted-out owners. Never let a telemetry failure escape
+  // the timer callback — wrap it alongside the Sentry capture below.
+  try {
+    recordWatchdogEvent({
+      checkName: EVENT_LOOP_BLOCKED_CHECK_NAME,
+      value: blockedMs,
+      detail: {
+        threshold_ms: thresholdMs,
+        tick_interval_ms: TICK_INTERVAL_MS,
+      },
+    });
+  } catch {
+    // Never let a telemetry failure escape the timer callback.
+  }
   try {
     Sentry.withScope((scope) => {
       scope.setLevel("warning");
@@ -88,7 +115,7 @@ function reportBlock(blockedMs: number, thresholdMs: number): void {
         threshold_ms: thresholdMs,
         tick_interval_ms: TICK_INTERVAL_MS,
       });
-      Sentry.captureMessage("event_loop_blocked");
+      Sentry.captureMessage(EVENT_LOOP_BLOCKED_CHECK_NAME);
     });
   } catch {
     // Never let a telemetry failure escape the timer callback.

package/src/daemon/external-plugins-bootstrap.ts

@@ -19,24 +19,20 @@
  *    dropped from the registry via {@link unregisterPlugin} so none of its
  *    hooks participate in the turn lifecycle. This is the primary mechanism for
  *    shipping experimental plugins behind a feature flag.
- * 4. Resolves the plugin's `manifest.requiresCredential` entries via the
- *    credential store helper ({@link getSecureKeyAsync}). In Docker mode
- *    that helper goes through the CES HTTP API transparently; in local mode
- *    it hits the encrypted file store / CES RPC backend.
- * 5. Validates the config block under `plugins.<name>` against
+ * 4. Validates the config block under `plugins.<name>` against
  *    `manifest.config` if the manifest supplies a parser-like validator
  *    (Zod schemas with `.parse()` are supported; anything else is passed
  *    through untouched).
- * 6. Creates `<workspaceDir>/plugins-data/<plugin>/` on demand for per-plugin
+ * 5. Creates `<workspaceDir>/plugins-data/<plugin>/` on demand for per-plugin
  *    writable state and exposes it via {@link PluginInitContext.pluginStorageDir}.
- * 7. For each surviving plugin, registers its contributed tools and routes
+ * 6. For each surviving plugin, registers its contributed tools and routes
  *    into their global registries via {@link registerPluginTools} and
  *    {@link registerSkillRoute}. Contributions land BEFORE `init()` so
  *    the plugin's hook can observe a registry where its own model-visible
  *    surface is already wired — useful for plugins that want to attach
  *    metadata, warm caches, or otherwise interact with their own
  *    contributions during initialization.
- * 8. Awaits `plugin.init(ctx)` sequentially. An init failure is contained to
+ * 7. Awaits `plugin.init(ctx)` sequentially. An init failure is contained to
  *    the offending plugin: its already-registered tools and routes are rolled
  *    back, it is dropped from the registry, the failure is logged, and
  *    bootstrap continues with the remaining plugins. A single plugin's failure
@@ -76,7 +72,6 @@ import {
   type SkillRouteHandle,
   unregisterSkillRoute,
 } from "../runtime/skill-route-registry.js";
-import { getSecureKeyAsync } from "../security/secure-keys.js";
 import {
   registerPluginTools,
   unregisterPluginTools,
@@ -88,25 +83,6 @@ import { registerShutdownHook } from "./shutdown-registry.js";
 
 const log = getLogger("plugins-bootstrap");
 
-/**
- * Resolve one credential value. Returns the raw secret string or throws a
- * {@link PluginExecutionError} tagged with the plugin name so the caller can
- * fail startup with clear attribution.
- */
-async function resolveCredentialOrThrow(
-  pluginName: string,
-  credentialKey: string,
-): Promise<string> {
-  const value = await getSecureKeyAsync(credentialKey);
-  if (value === undefined || value === "") {
-    throw new PluginExecutionError(
-      `plugin ${pluginName} requires credential "${credentialKey}" but the credential store returned no value`,
-      pluginName,
-    );
-  }
-  return value;
-}
-
 /**
  * Validate a plugin config block. If the manifest supplies a parser-like
  * validator (Zod schemas expose `.parse()`), use it. Otherwise pass the
@@ -346,11 +322,6 @@ async function initializePlugin(
   let initCompleted = false;
 
   try {
-    const credentials: Record<string, string> = {};
-    for (const key of plugin.manifest.requiresCredential ?? []) {
-      credentials[key] = await resolveCredentialOrThrow(name, key);
-    }
-
     const config = validatePluginConfig(
       name,
       plugin.manifest.config,
@@ -359,7 +330,6 @@ async function initializePlugin(
 
     const initContext = {
       config,
-      credentials,
       logger: log.child({ plugin: name }),
       pluginStorageDir: ensurePluginStorageDir(name),
       assistantVersion: APP_VERSION,

package/src/daemon/handlers/__tests__/config-a2a-redeem.test.ts

@@ -129,4 +129,29 @@ describe("redeemA2AInvite", () => {
     const result = redeemA2AInvite({ sender: SENDER });
     expect(result.success).toBe(true);
   });
+
+  test("activeConnections counts a2a channel existence, not status", () => {
+    const result = redeemA2AInvite({ sender: SENDER });
+    expect(result.success).toBe(true);
+
+    expect(getA2AConfig().activeConnections).toBe(1);
+
+    // Readiness is existence-based: a non-active stored status still counts.
+    const sqlite = getSqlite();
+    sqlite.run("UPDATE contact_channels SET status = 'unverified'");
+    invalidateConfigCache();
+    expect(getA2AConfig().activeConnections).toBe(1);
+  });
+
+  test("already-connected guard fires regardless of stored channel status", () => {
+    const first = redeemA2AInvite({ sender: SENDER });
+    expect(first.success).toBe(true);
+
+    const sqlite = getSqlite();
+    sqlite.run("UPDATE contact_channels SET status = 'revoked'");
+
+    const second = redeemA2AInvite({ sender: SENDER });
+    expect(second.alreadyConnected).toBe(true);
+    expect(second.contactId).toBe(first.contactId);
+  });
 });

package/src/daemon/handlers/__tests__/config-channels.test.ts

@@ -0,0 +1,225 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+import type { GuardianDelivery } from "@vellumai/gateway-client";
+
+import type { ContactChannel } from "../../../contacts/types.js";
+
+let mockGuardians: GuardianDelivery[] | null = null;
+let mockBinding: { guardianExternalUserId: string; guardianDeliveryChatId: string } | null = null;
+let mockContactChannel: { channel: ContactChannel } | null = null;
+let mockChannel: ContactChannel | null = null;
+let mockGwContactChannels: Array<{ id: string; status: string; verifiedAt: number | null }> | null =
+  null;
+let ipcCalls: Array<{ method: string; payload: unknown }> = [];
+
+mock.module("../../../contacts/guardian-delivery-reader.js", () => ({
+  getGuardianDelivery: async (input?: { channelTypes?: string[] }) => {
+    if (mockGuardians == null) return null;
+    if (!input?.channelTypes) return mockGuardians;
+    return mockGuardians.filter((g) =>
+      input.channelTypes!.includes(g.channelType),
+    );
+  },
+}));
+
+mock.module("../../../contacts/contact-store.js", () => ({
+  findContactChannel: () => mockContactChannel,
+  findGuardianForChannel: () => null,
+  getChannelById: () => mockChannel,
+  getContact: () => ({ id: "contact-1", displayName: "Pat" }),
+}));
+
+mock.module("../../../contacts/contact-events.js", () => ({
+  emitContactChange: () => {},
+  onContactChange: () => {},
+}));
+
+mock.module("../../../ipc/gateway-client.js", () => ({
+  ipcCallPersistent: async (method: string, payload: unknown) => {
+    ipcCalls.push({ method, payload });
+    if (method === "contacts_get_rich") {
+      if (mockGwContactChannels == null) return { ok: true, contact: null };
+      return {
+        ok: true,
+        contact: {
+          id: "contact-1",
+          displayName: "Pat",
+          role: "contact",
+          interactionCount: 0,
+          createdAt: 0,
+          updatedAt: 0,
+          channels: mockGwContactChannels.map((c) => ({
+            id: c.id,
+            contactId: "contact-1",
+            type: "telegram",
+            address: "user-123",
+            isPrimary: true,
+            externalUserId: null,
+            status: c.status,
+            policy: "allow",
+            verifiedAt: c.verifiedAt,
+            verifiedVia: null,
+            lastSeenAt: null,
+            interactionCount: 0,
+            lastInteraction: null,
+            revokedReason: null,
+            blockedReason: null,
+          })),
+        },
+      };
+    }
+    return {
+      ok: true,
+      didWrite: true,
+      channel: {
+        id: "ch-1",
+        contactId: "contact-1",
+        type: "telegram",
+        address: "user-123",
+        status: "revoked",
+        revokedReason: "guardian_binding_revoked",
+      },
+    };
+  },
+  ipcCall: async () => null,
+}));
+
+mock.module("../../../runtime/channel-verification-service.js", () => ({
+  getGuardianBinding: () => mockBinding,
+  revokeBinding: () => true,
+  revokePendingSessions: () => {},
+  createOutboundSession: () => ({
+    sessionId: "sess",
+    secret: "code",
+    expiresAt: Date.now() + 1000,
+  }),
+  countRecentSendsToDestination: () => 0,
+  isGuardianBoundForChannel: async () => false,
+  updateSessionDelivery: () => {},
+}));
+
+mock.module("../../../runtime/verification-outbound-actions.js", () => ({
+  cancelOutbound: () => {},
+  deliverVerificationEmail: () => {},
+  deliverVerificationSlack: () => {},
+  deliverVerificationTelegram: () => {},
+  DESTINATION_RATE_WINDOW_MS: 1000,
+  MAX_SENDS_PER_DESTINATION_WINDOW: 5,
+  normalizeTelegramDestination: (d: string) => d,
+  resendOutbound: () => ({}),
+  startOutbound: async () => ({}),
+}));
+
+import {
+  revokeVerificationForChannel,
+  verifyTrustedContact,
+} from "../config-channels.js";
+
+function channel(overrides: Partial<ContactChannel> = {}): ContactChannel {
+  return {
+    id: "ch-1",
+    contactId: "contact-1",
+    type: "telegram",
+    address: "user-123",
+    isPrimary: true,
+    externalChatId: "chat-123",
+    // DB columns are intentionally a terminal state to prove the gates ignore
+    // them and read from the gateway delivery instead.
+    status: "revoked",
+    policy: {} as ContactChannel["policy"],
+    verifiedAt: null,
+    verifiedVia: null,
+    inviteId: null,
+    revokedReason: null,
+    blockedReason: null,
+    lastSeenAt: null,
+    interactionCount: 0,
+    lastInteraction: null,
+    updatedAt: null,
+    createdAt: 0,
+    ...overrides,
+  };
+}
+
+function delivery(overrides: Partial<GuardianDelivery> = {}): GuardianDelivery {
+  return {
+    channelType: "telegram",
+    contactId: "contact-1",
+    address: "user-123",
+    externalChatId: "chat-123",
+    status: "active",
+    verifiedAt: 1700000000,
+    ...overrides,
+  };
+}
+
+describe("revokeVerificationForChannel", () => {
+  beforeEach(() => {
+    mockGuardians = null;
+    mockBinding = { guardianExternalUserId: "user-123", guardianDeliveryChatId: "chat-123" };
+    mockContactChannel = { channel: channel() };
+    ipcCalls = [];
+  });
+
+  test("relays mark_channel_revoked when the gateway delivery is live", async () => {
+    mockGuardians = [delivery({ status: "active" })];
+    await revokeVerificationForChannel("telegram");
+    expect(ipcCalls.map((c) => c.method)).toContain("mark_channel_revoked");
+  });
+
+  test("skips a redundant revoke when the gateway delivery is already revoked", async () => {
+    // Local DB status is the live "active" here, but the gateway (SoT) says
+    // revoked — the gate must follow the gateway and not relay.
+    mockContactChannel = { channel: channel({ status: "active" }) };
+    mockGuardians = [delivery({ status: "revoked" })];
+    await revokeVerificationForChannel("telegram");
+    expect(ipcCalls.map((c) => c.method)).not.toContain("mark_channel_revoked");
+  });
+
+  test("skips the relay when the gateway has no delivery for the channel", async () => {
+    mockGuardians = [];
+    await revokeVerificationForChannel("telegram");
+    expect(ipcCalls.map((c) => c.method)).not.toContain("mark_channel_revoked");
+  });
+
+  test("skips the relay when the gateway is unreachable", async () => {
+    mockGuardians = null;
+    await revokeVerificationForChannel("telegram");
+    expect(ipcCalls.map((c) => c.method)).not.toContain("mark_channel_revoked");
+  });
+});
+
+describe("verifyTrustedContact already-verified gate", () => {
+  beforeEach(() => {
+    mockGuardians = null;
+    mockGwContactChannels = null;
+    mockChannel = channel();
+  });
+
+  test("short-circuits when the gateway contact channel is active and verified", async () => {
+    // Arbitrary trusted contact (non-guardian) — read from the contact-channel
+    // gateway read, which covers all contacts.
+    mockGwContactChannels = [
+      { id: "ch-1", status: "active", verifiedAt: 1700000000 },
+    ];
+    const result = await verifyTrustedContact("ch-1", "assistant-1");
+    expect(result.success).toBe(false);
+    expect(result.error).toBe("already_verified");
+  });
+
+  test("does not short-circuit when the gateway channel has no verifiedAt", async () => {
+    // DB column says verified, but the gateway channel is unverified — proceed.
+    mockChannel = channel({ status: "active", verifiedAt: 1700000000 });
+    mockGwContactChannels = [
+      { id: "ch-1", status: "pending", verifiedAt: null },
+    ];
+    const result = await verifyTrustedContact("ch-1", "assistant-1");
+    expect(result.error).not.toBe("already_verified");
+  });
+
+  test("does not short-circuit when the gateway has no matching channel", async () => {
+    mockGwContactChannels = [];
+    const result = await verifyTrustedContact("ch-1", "assistant-1");
+    expect(result.error).not.toBe("already_verified");
+  });
+});

package/src/daemon/handlers/config-a2a.ts

@@ -96,13 +96,11 @@ export function getA2AConfig(): A2AConfigResult {
   const config = getConfig();
   const enabled = config.a2a?.enabled ?? false;
 
+  // a2a is peer binding outside the human-trust ACL model — the gateway has no
+  // canonical a2a channel status, so channel existence is the readiness signal.
   const contacts = searchContacts({ channelType: "a2a" });
   const activeConnections = contacts.reduce((count, c) => {
-    return (
-      count +
-      c.channels.filter((ch) => ch.type === "a2a" && ch.status === "active")
-        .length
-    );
+    return count + c.channels.filter((ch) => ch.type === "a2a").length;
   }, 0);
 
   return { success: true, enabled, activeConnections };
@@ -270,12 +268,9 @@ export function redeemA2AInvite(params: {
     setA2AConfig();
   }
 
-  // 2. Check for existing active contact with this sender
+  // 2. Check for existing contact with this sender (a2a binding existence)
   const existing = findContactByAddress("a2a", params.sender.assistantId);
-  if (
-    existing &&
-    existing.channels.some((ch) => ch.type === "a2a" && ch.status === "active")
-  ) {
+  if (existing && existing.channels.some((ch) => ch.type === "a2a")) {
     return { success: true, alreadyConnected: true, contactId: existing.id };
   }
 
@@ -373,10 +368,7 @@ export async function acceptA2AInvite(params: {
   // 2. Short-circuit if already connected — avoids a network round-trip
   //    and consuming a token on the sender side.
   const existing = findContactByAddress("a2a", params.senderAssistantId);
-  if (
-    existing &&
-    existing.channels.some((ch) => ch.type === "a2a" && ch.status === "active")
-  ) {
+  if (existing && existing.channels.some((ch) => ch.type === "a2a")) {
     return { success: true, alreadyConnected: true, contactId: existing.id };
   }
 

package/src/daemon/handlers/config-channels.ts

@@ -1,6 +1,10 @@
 import { createHash, randomBytes } from "node:crypto";
 
-import { MarkChannelRevokedIpcResponseSchema } from "@vellumai/gateway-client/gateway-ipc-contracts";
+import type { GuardianDelivery } from "@vellumai/gateway-client";
+import {
+  GetContactIpcResponseSchema,
+  MarkChannelRevokedIpcResponseSchema,
+} from "@vellumai/gateway-client/gateway-ipc-contracts";
 
 import { startVerificationCall } from "../../calls/call-domain.js";
 import type { ChannelId } from "../../channels/types.js";
@@ -11,7 +15,8 @@ import {
   getChannelById,
   getContact,
 } from "../../contacts/contact-store.js";
-import type { ChannelStatus } from "../../contacts/types.js";
+import { getGuardianDelivery } from "../../contacts/guardian-delivery-reader.js";
+import type { ContactChannel } from "../../contacts/types.js";
 import { ipcCallPersistent } from "../../ipc/gateway-client.js";
 import { getBindingByChannelChat } from "../../memory/external-conversation-store.js";
 import { resolveGuardianName } from "../../prompts/user-reference.js";
@@ -28,6 +33,7 @@ import {
   findActiveSession,
   getGuardianBinding,
   getPendingSession,
+  isGuardianBoundForChannel,
   revokeBinding,
   revokePendingSessions,
   updateSessionDelivery,
@@ -76,23 +82,64 @@ export function getReadinessService(): ChannelReadinessService {
   return _readinessService;
 }
 
+// ---------------------------------------------------------------------------
+// Gateway delivery lookup
+// ---------------------------------------------------------------------------
+
+/**
+ * Resolve the gateway-owned delivery (ACL source of truth) for a contact
+ * channel, matching on type and either address or externalChatId. Returns
+ * `undefined` when the gateway is unreachable or has no binding for it.
+ */
+async function deliveryForChannel(
+  channel: Pick<ContactChannel, "type" | "address" | "externalChatId">,
+): Promise<GuardianDelivery | undefined> {
+  const guardians = await getGuardianDelivery({ channelTypes: [channel.type] });
+  if (!guardians) return undefined;
+  return guardians.find(
+    (g) =>
+      g.channelType === channel.type &&
+      ((channel.address && g.address === channel.address) ||
+        (channel.externalChatId != null &&
+          g.externalChatId === channel.externalChatId)),
+  );
+}
+
+/**
+ * Read a contact channel's verified state from the gateway contact-channel read
+ * (ACL source of truth). Covers all contacts, not just guardian deliveries.
+ * Returns `undefined` when the gateway is unreachable or has no such channel.
+ */
+async function gatewayContactChannelState(
+  channel: Pick<ContactChannel, "id" | "contactId">,
+): Promise<{ status: string; verifiedAt: number | null } | undefined> {
+  const result = await ipcCallPersistent("contacts_get_rich", {
+    contactId: channel.contactId,
+  });
+  if (!result || (result as { contact?: unknown }).contact == null) {
+    return undefined;
+  }
+  const { contact } = GetContactIpcResponseSchema.parse(result);
+  const ch = contact.channels.find((c) => c.id === channel.id);
+  return ch ? { status: ch.status, verifiedAt: ch.verifiedAt } : undefined;
+}
+
 // ---------------------------------------------------------------------------
 // Extracted business logic functions
 // ---------------------------------------------------------------------------
 
-export function createInboundChallenge(
+export async function createInboundChallenge(
   channel?: ChannelId,
   rebind?: boolean,
   conversationId?: string,
-): ChannelVerificationSessionResult {
-  const resolvedAssistantId = DAEMON_INTERNAL_ASSISTANT_ID;
+): Promise<ChannelVerificationSessionResult> {
   const resolvedChannel = channel ?? "telegram";
 
-  const existingBinding = getGuardianBinding(
-    resolvedAssistantId,
-    resolvedChannel,
-  );
-  if (existingBinding && !rebind) {
+  // Gateway-backed presence guard: block re-binding when a guardian is already
+  // bound. Null-list (gateway unreachable) is treated as bound, so a transient
+  // miss blocks rather than letting a second binding through.
+  const alreadyBound = await isGuardianBoundForChannel(resolvedChannel);
+  if (alreadyBound && !rebind) {
     return {
       success: false,
       error: "already_bound",
@@ -115,13 +162,13 @@ export function createInboundChallenge(
   };
 }
 
-export function getVerificationStatus(
+export async function getVerificationStatus(
   channel?: ChannelId,
-): ChannelVerificationSessionResult {
+): Promise<ChannelVerificationSessionResult> {
   const resolvedAssistantId = DAEMON_INTERNAL_ASSISTANT_ID;
   const resolvedChannel = channel ?? "telegram";
 
-  const binding = getGuardianBinding(resolvedAssistantId, resolvedChannel);
+  const binding = await getGuardianBinding(resolvedAssistantId, resolvedChannel);
 
   // Read the contact directly to get displayName — getGuardianBinding is a
   // compatibility shim that doesn't carry metadataJson.
@@ -189,7 +236,10 @@ export async function revokeVerificationForChannel(
 
   // Capture binding before revoking so we can downgrade the guardian's
   // channel — without this, the guardian would still pass the ACL check.
-  const bindingBeforeRevoke = getGuardianBinding(assistantId, resolvedChannel);
+  const bindingBeforeRevoke = await getGuardianBinding(
+    assistantId,
+    resolvedChannel,
+  );
   if (!bindingBeforeRevoke) {
     return {
       success: true,
@@ -206,13 +256,16 @@ export async function revokeVerificationForChannel(
 
   // Relay the ACL downgrade to the gateway (source of truth). The gateway's
   // mark_channel_revoked enforces the guardian guard and dual-writes the
-  // contact-channel status back to the assistant DB.
+  // contact-channel status back to the assistant DB. Gate on the gateway
+  // delivery's live status, not the assistant DB column, so a redundant revoke
+  // is still skipped for an already-revoked binding.
   if (contactResult) {
-    const channelStatus: ChannelStatus = contactResult.channel.status;
+    const delivery = await deliveryForChannel(contactResult.channel);
+    const deliveryStatus = delivery?.status;
     if (
-      channelStatus === "active" ||
-      channelStatus === "pending" ||
-      channelStatus === "unverified"
+      deliveryStatus === "active" ||
+      deliveryStatus === "pending" ||
+      deliveryStatus === "unverified"
     ) {
       const result = await ipcCallPersistent("mark_channel_revoked", {
         contactChannelId: contactResult.channel.id,
@@ -294,7 +347,10 @@ export async function verifyTrustedContact(
     };
   }
 
-  if (channel.status === "active" && channel.verifiedAt != null) {
+  // Already-verified short-circuit derived from the gateway contact-channel read
+  // (ACL SoT), which covers all contacts — not just guardian deliveries.
+  const gwState = await gatewayContactChannelState(channel);
+  if (gwState?.status === "active" && gwState.verifiedAt != null) {
     return {
       success: false,
       error: "already_verified",
@@ -579,7 +635,7 @@ export async function handleChannelVerificationSession(
           ...publicResult,
         });
       } else {
-        const result = createInboundChallenge(
+        const result = await createInboundChallenge(
           channel,
           msg.rebind,
           msg.conversationId,
@@ -590,7 +646,7 @@ export async function handleChannelVerificationSession(
         });
       }
     } else if (msg.action === "status") {
-      const result = getVerificationStatus(channel);
+      const result = await getVerificationStatus(channel);
       broadcastMessage({
         type: "channel_verification_session_response",
         ...result,