@vellumai/assistant 0.10.2-dev.202606250318.5e7cfb0 → 0.10.2

package/src/runtime/routes/conversation-list-routes.ts

@@ -10,6 +10,7 @@
 
 import { z } from "zod";
 
+import { findConversation } from "../../daemon/conversation-registry.js";
 import {
   type Confidence,
   getAttentionStateByConversationIds,
@@ -17,7 +18,6 @@ import {
   recordConversationSeenSignal,
   type SignalType,
 } from "../../memory/conversation-attention-store.js";
-import { isConversationProcessing } from "../../memory/conversation-crud.js";
 import {
   type ConversationRow,
   getDisplayMetaForConversations,
@@ -270,9 +270,12 @@ function handleListConversations({ queryParams = {} }: RouteHandlerArgs) {
         attentionState: attentionStates.get(conversation.id),
         displayMeta: displayMeta.get(conversation.id),
         parentCache,
-        // Checks in-memory flag first (hot path), falls back to the
-        // persisted `processing_started_at` column for cold conversations.
-        isProcessing: isConversationProcessing(conversation.id),
+        // Cold (evicted / never-loaded) rows aren't in the in-memory
+        // store, so `findConversation` returns `undefined` and they
+        // report `isProcessing: false` — by definition they aren't
+        // mid-turn since the agent loop only runs on resident convs.
+        isProcessing:
+          findConversation(conversation.id)?.isProcessing() ?? false,
       }),
     ),
     nextOffset,

package/src/runtime/routes/conversation-query-routes.ts

@@ -486,74 +486,6 @@ function readPlainObject(value: unknown): Record<string, unknown> | undefined {
   return value as Record<string, unknown>;
 }
 
-function stripTransportHeadersRecursively(value: unknown): void {
-  if (Array.isArray(value)) {
-    for (const item of value) {
-      stripTransportHeadersRecursively(item);
-    }
-    return;
-  }
-
-  const object = readPlainObject(value);
-  if (!object) return;
-  const transport = readPlainObject(object.transport);
-  if (transport) delete transport.headers;
-  for (const child of Object.values(object)) {
-    stripTransportHeadersRecursively(child);
-  }
-}
-
-function containsTransportHeadersRecursively(value: unknown): boolean {
-  if (Array.isArray(value)) {
-    return value.some((item) => containsTransportHeadersRecursively(item));
-  }
-
-  const object = readPlainObject(value);
-  if (!object) return false;
-  const transport = readPlainObject(object.transport);
-  if (transport && Object.hasOwn(transport, "headers")) return true;
-  return Object.values(object).some((child) =>
-    containsTransportHeadersRecursively(child),
-  );
-}
-
-function sanitizeMcpTransportHeadersForSettingsRead(config: unknown): void {
-  const root = readPlainObject(config);
-  if (!root) return;
-  const mcp = readPlainObject(root.mcp);
-  if (!mcp || !Object.hasOwn(mcp, "servers")) return;
-  if (Array.isArray(mcp.servers)) {
-    stripTransportHeadersRecursively(mcp.servers);
-    return;
-  }
-  const servers = readPlainObject(mcp.servers);
-  if (!servers) return;
-  for (const server of Object.values(servers)) {
-    stripTransportHeadersRecursively(server);
-  }
-}
-
-function patchContainsMcpTransportHeaders(patch: unknown): boolean {
-  const root = readPlainObject(patch);
-  const mcp = readPlainObject(root?.mcp);
-  if (!mcp || !Object.hasOwn(mcp, "servers")) return false;
-  if (Array.isArray(mcp.servers)) {
-    return containsTransportHeadersRecursively(mcp.servers);
-  }
-  const servers = readPlainObject(mcp.servers);
-  if (!servers) return false;
-  return Object.values(servers).some((server) =>
-    containsTransportHeadersRecursively(server),
-  );
-}
-
-function rejectMcpTransportHeaderWrite(patch: unknown): void {
-  if (!patchContainsMcpTransportHeaders(patch)) return;
-  throw new BadRequestError(
-    "MCP authentication headers must be managed through MCP server add/update APIs, not generic config writes.",
-  );
-}
-
 const WireProfileEntry = ProfileEntry.extend({
   supportsVision: z.boolean().optional(),
 })
@@ -756,7 +688,6 @@ const ConfigPatchRequestSchema = z
 function handleGetConfig() {
   try {
     const config = applyContextDefaultsToRawConfig(loadRawConfig());
-    sanitizeMcpTransportHeadersForSettingsRead(config);
     enrichProfilesWithVisionFlag(config);
     return config;
   } catch (err) {
@@ -909,7 +840,6 @@ async function handlePatchConfig({ body }: RouteHandlerArgs) {
     throw new BadRequestError("Body must be a non-empty JSON object");
   }
   rejectManagedProfileDeletion(body as Record<string, unknown>);
-  rejectMcpTransportHeaderWrite(body);
 
   const raw = loadRawConfig();
   const patch = body as Record<string, unknown>;
@@ -918,7 +848,6 @@ async function handlePatchConfig({ body }: RouteHandlerArgs) {
   await commitConfigWrite(raw, "patch");
 
   const merged = applyContextDefaultsToRawConfig(loadRawConfig());
-  sanitizeMcpTransportHeadersForSettingsRead(merged);
   enrichProfilesWithVisionFlag(merged);
   return merged;
 }
@@ -963,7 +892,6 @@ async function handleSetConfig({ body }: RouteHandlerArgs) {
   const patchShape: Record<string, unknown> = {};
   setNestedValue(patchShape, path, value);
   rejectManagedProfileDeletion(patchShape);
-  rejectMcpTransportHeaderWrite(patchShape);
 
   const raw = loadRawConfig();
   setNestedValue(raw, path, value);

package/src/runtime/routes/conversation-routes.ts

@@ -50,7 +50,6 @@ import {
   getCannedFirstGreeting,
   isWakeUpGreeting,
 } from "../../daemon/first-greeting.js";
-import { supersedePendingInteractionsOnEnqueue } from "../../daemon/handlers/conversations.js";
 import {
   collectAttachmentRefs,
   type HistoryAttachmentRef,
@@ -68,7 +67,6 @@ import type {
   HostProxyTransportMetadata,
   NonHostProxyTransportMetadata,
 } from "../../daemon/message-types/conversations.js";
-import type { TrustContext } from "../../daemon/trust-context.js";
 import { HeartbeatService } from "../../heartbeat/heartbeat-service.js";
 import {
   writeOnboardingSidecar,
@@ -122,30 +120,30 @@ import {
 } from "../../util/platform.js";
 import { silentlyWithLog } from "../../util/silently.js";
 import { assistantEventHub, broadcastMessage } from "../assistant-event-hub.js";
+import { DAEMON_INTERNAL_ASSISTANT_ID } from "../assistant-scope.js";
 import { getPersistedSeq } from "../assistant-stream-state.js";
 import { ACTOR_PRINCIPALS } from "../auth/route-policy.js";
 import {
   type GuardianPendingScope,
   routeGuardianReply,
 } from "../guardian-reply-router.js";
-import { reResolveTrustOnResetDrift } from "../guardian-vellum-migration.js";
+import { healGuardianBindingDrift } from "../guardian-vellum-migration.js";
 import type {
   ApprovalConversationGenerator,
   RuntimeAttachmentMetadata,
   RuntimeMessagePayload,
   SendMessageDeps,
 } from "../http-types.js";
-import {
-  findLocalGuardianPrincipalId,
-  resolveActorPrincipalIdForLocalGuardian,
-} from "../local-actor-identity.js";
-import { resolveLocalPrincipalTrustContext } from "../local-principal-trust.js";
+import { resolveLocalTrustContext } from "../local-actor-identity.js";
 import * as pendingInteractions from "../pending-interactions.js";
 import {
   publishConversationListAndMetadataChanged,
   publishConversationMessagesChanged,
 } from "../sync/resource-sync-events.js";
-import { withSourceChannel } from "../trust-context-resolver.js";
+import {
+  resolveTrustContext,
+  withSourceChannel,
+} from "../trust-context-resolver.js";
 import {
   BadRequestError,
   InternalError,
@@ -948,28 +946,25 @@ export function handleListMessages({
         .filter((block) => block.type !== "text" || block.text.length > 0);
     }
 
-    // Ensure every hydrated attachment has a corresponding content block.
-    // renderHistoryContent inlines attachment blocks only when it has
-    // file-block refs with matching DB rows; directives (assistant-authored
-    // <vellum-attachment/> tags) don't leave a file block after stripping,
-    // so their attachments end up in the flat `attachments` array but not in
-    // `contentBlocks`. Append any that are missing so the canonical
-    // projection is complete.
-    const existingAttachmentIds = new Set(
-      contentBlocks
-        .filter(
-          (b): b is Extract<ConversationContentBlock, { type: "attachment" }> =>
-            b.type === "attachment",
-        )
-        .map((b) => b.attachment.id),
-    );
-    for (const att of msgAttachments) {
-      if (!existingAttachmentIds.has(att.id)) {
-        contentBlocks.push({ type: "attachment", attachment: att });
-      }
+  // Ensure every hydrated attachment has a corresponding content block.
+  // renderHistoryContent inlines attachment blocks only when it has
+  // file-block refs with matching DB rows; directives (assistant-authored
+  // <vellum-attachment/> tags) don't leave a file block after stripping,
+  // so their attachments end up in the flat `attachments` array but not in
+  // `contentBlocks`. Append any that are missing so the canonical
+  // projection is complete.
+  const existingAttachmentIds = new Set(
+    contentBlocks
+      .filter((b): b is Extract<ConversationContentBlock, { type: "attachment" }> => b.type === "attachment")
+      .map((b) => b.attachment.id),
+  );
+  for (const att of msgAttachments) {
+    if (!existingAttachmentIds.has(att.id)) {
+      contentBlocks.push({ type: "attachment", attachment: att });
     }
+  }
 
-    const alignedContentOrder = aligned.rewriteContentOrder(contentOrder);
+  const alignedContentOrder = aligned.rewriteContentOrder(contentOrder);
 
     // Use sentAt (actual event time) for the display timestamp when available,
     // falling back to createdAt (persistence time). Clients use this display
@@ -1445,65 +1440,56 @@ export async function handleSendMessage(
     conversation.setOnboardingContext(body.onboarding!);
   }
 
-  // Resolve guardian context from the AuthContext's actorPrincipalId via the
-  // gateway guardian binding: a vellum principal is the guardian or nobody.
+  // Resolve guardian context from the AuthContext's actorPrincipalId.
+  // The JWT-verified principal is used as the sender identity through
+  // the same trust resolution pipeline that channel ingress uses.
   if (actorPrincipalId) {
     // Dev bypass (HTTP auth disabled): the synthetic "dev-bypass" principal
-    // won't match any guardian binding. Resolve the real guardian principal and
-    // map that through, failing closed to unknown on an empty gateway.
+    // won't match any guardian binding. Resolve from the local guardian
+    // binding instead, which produces the correct guardian trust context.
     if (isHttpAuthDisabled() && actorPrincipalId === "dev-bypass") {
-      const guardianPrincipalId = await findLocalGuardianPrincipalId();
-      let trustCtx: TrustContext = guardianPrincipalId
-        ? withSourceChannel(
-            sourceChannel,
-            await resolveLocalPrincipalTrustContext({
-              actorPrincipalId: guardianPrincipalId,
-              sourceChannel: "vellum",
-              conversationExternalId: "local",
-            }),
-          )
-        : { trustClass: "unknown", sourceChannel };
-      if (guardianPrincipalId && trustCtx.trustClass === "unknown") {
-        const healed = await reResolveTrustOnResetDrift(
-          guardianPrincipalId,
-          sourceChannel,
-        );
-        if (healed) trustCtx = healed;
-      }
-      conversation.setTrustContext(trustCtx);
+      conversation.setTrustContext(resolveLocalTrustContext(sourceChannel));
     } else {
-      let trustCtx = withSourceChannel(
-        sourceChannel,
-        await resolveLocalPrincipalTrustContext({
-          actorPrincipalId,
-          sourceChannel: "vellum",
-          conversationExternalId: "local",
-        }),
-      );
+      const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
+      let trustCtx = resolveTrustContext({
+        assistantId,
+        sourceChannel: "vellum",
+        conversationExternalId: "local",
+        actorExternalId: actorPrincipalId,
+      });
       if (trustCtx.trustClass === "unknown") {
-        const healed = await reResolveTrustOnResetDrift(
-          actorPrincipalId,
-          sourceChannel,
-        );
-        if (healed && healed.trustClass !== "unknown") {
-          trustCtx = healed;
+        // Attempt to heal guardian binding drift: after a DB reset the
+        // guardian binding gets a new vellum-principal-* UUID while the
+        // client still holds a valid JWT with the old one. The signing
+        // key survives the reset, so the JWT is authentic — just stale.
+        const healed = healGuardianBindingDrift(actorPrincipalId);
+        if (healed) {
+          trustCtx = resolveTrustContext({
+            assistantId,
+            sourceChannel: "vellum",
+            conversationExternalId: "local",
+            actorExternalId: actorPrincipalId,
+          });
           log.info(
-            { actorPrincipalId, trustClass: trustCtx.trustClass },
-            "Trust re-resolved from local mirror after gateway returned unknown",
+            {
+              actorPrincipalId: actorPrincipalId,
+              trustClass: trustCtx.trustClass,
+            },
+            "Trust re-resolved after guardian binding drift heal",
           );
         } else {
           log.warn(
             {
-              actorPrincipalId,
+              actorPrincipalId: actorPrincipalId,
               sourceChannel,
-              trustClass: "unknown",
-              principalType,
+              trustClass: trustCtx.trustClass,
+              principalType: principalType,
             },
             "JWT-verified actor resolved to unknown trust class — possible guardian binding drift (e.g. DB reset without re-bootstrap)",
           );
         }
       }
-      conversation.setTrustContext(trustCtx);
+      conversation.setTrustContext(withSourceChannel(sourceChannel, trustCtx));
     }
   } else {
     // Service principals (svc_gateway) or tokens without an actor ID
@@ -1512,13 +1498,10 @@ export async function handleSendMessage(
   }
 
   const isInteractive = isInteractiveInterface(sourceInterface);
-  // Translate the dev-bypass actor principal to the real guardian principal
-  // before the same-actor host-proxy gate so web/iOS turns match the macOS
-  // client's SSE-registered principal. No-op for real JWT principals in
-  // non-dev-bypass deployments.
-  const sourceActorPrincipalId = await resolveActorPrincipalIdForLocalGuardian(
-    actorPrincipalId ?? undefined,
-  );
+  // Use the JWT-verified requester principal — not guardianPrincipalId,
+  // which is the workspace owner and would let a trusted contact's web
+  // turn match against the guardian's macOS client.
+  const sourceActorPrincipalId = actorPrincipalId ?? undefined;
   // Bash/File/Transfer singletons are globally available via isAvailable() —
   // no per-conversation gating needed. CU is per-conversation (owns step
   // count, AX tree history, loop detection).
@@ -1831,11 +1814,29 @@ export async function handleSendMessage(
     // the client showing "Failed to send" for a message the daemon will
     // process from the queue.
     try {
-      // Supersede interactions left pending by the in-flight turn: auto-deny
-      // confirmations (with canonical/client sync) and steer to the enqueued
-      // message if an ask_question is parked. Centralized so the CLI signal
-      // path (signals/user-message.ts) gets identical handling.
-      supersedePendingInteractionsOnEnqueue(mapping.conversationId, requestId);
+      if (conversation.hasAnyPendingConfirmation()) {
+        // Emit authoritative denial state for each pending request.
+        // sendToClient (wired to the SSE hub) delivers these to the client.
+        for (const interaction of pendingInteractions.getByConversation(
+          mapping.conversationId,
+        )) {
+          if (interaction.kind === "confirmation") {
+            conversation.emitConfirmationStateChanged({
+              conversationId: mapping.conversationId,
+              requestId: interaction.requestId,
+              state: "denied" as const,
+              source: "auto_deny" as const,
+            });
+            // Sync canonical guardian request status so stale "pending" DB
+            // records don't get matched by later guardian reply routing.
+            resolveCanonicalGuardianRequest(interaction.requestId, "pending", {
+              status: "denied",
+            });
+          }
+        }
+        conversation.denyAllPendingConfirmations();
+        pendingInteractions.removeByConversation(mapping.conversationId);
+      }
 
       // Expire any orphaned canonical requests that survived without a
       // matching in-memory pending interaction (e.g. prompter timeouts).

package/src/runtime/routes/events-routes.ts

@@ -43,7 +43,7 @@ import type { ReplaySubscriber } from "../assistant-stream-state.js";
 import { getReplayWindow } from "../assistant-stream-state.js";
 import { ACTOR_PRINCIPALS, GATEWAY_PRINCIPALS } from "../auth/route-policy.js";
 import { DEFAULT_HEARTBEAT_INTERVAL_MS } from "../client-health.js";
-import { resolveActorPrincipalIdForLocalGuardianSync } from "../local-actor-identity.js";
+import { resolveActorPrincipalIdForLocalGuardian } from "../local-actor-identity.js";
 import {
   BadRequestError,
   NotFoundError,
@@ -311,7 +311,7 @@ export function handleSubscribeAssistantEvents(
   // bearer token's AuthContext. May be absent for legacy / service-token
   // connections that have no principal. See `resolveActorPrincipalId` for the
   // dev-bypass translation rationale.
-  const actorPrincipalId = resolveActorPrincipalIdForLocalGuardianSync(
+  const actorPrincipalId = resolveActorPrincipalIdForLocalGuardian(
     rawActorPrincipalId?.trim() || undefined,
   );
 

package/src/runtime/routes/global-search-routes.ts

@@ -263,9 +263,7 @@ async function handleGlobalSearch({
       id: c.id,
       displayName: c.displayName,
       notes: c.notes,
-      // Daemon-native search has no gateway-relayed read; recency orders on
-      // contacts.updatedAt, not the channel-derived lastInteraction column.
-      lastInteraction: c.updatedAt,
+      lastInteraction: c.lastInteraction,
     }));
   }
 

package/src/runtime/routes/guardian-action-routes.ts

@@ -14,6 +14,7 @@
 import { z } from "zod";
 
 import { isHttpAuthDisabled } from "../../config/env.js";
+import { findGuardianForChannel } from "../../contacts/contact-store.js";
 import {
   type CanonicalGuardianRequest,
   listPendingRequestsByConversationScope,
@@ -22,7 +23,6 @@ import { ACTOR_PRINCIPALS } from "../auth/route-policy.js";
 import { processGuardianDecision } from "../guardian-action-service.js";
 import type { GuardianDecisionPrompt } from "../guardian-decision-types.js";
 import { buildOneTimeDecisionActions } from "../guardian-decision-types.js";
-import { findLocalGuardianPrincipalId } from "../local-actor-identity.js";
 import { BadRequestError, NotFoundError } from "./errors.js";
 import type { RouteDefinition, RouteHandlerArgs } from "./types.js";
 
@@ -73,15 +73,16 @@ async function handleGuardianActionDecision({
   // Resolve the actor's guardian principal ID. The HTTP adapter injects it
   // from the AuthContext via the x-vellum-actor-principal-id header.
   // For dev bypass (HTTP auth disabled) the synthetic "dev-bypass" principal
-  // won't match the real guardian binding, so resolve the local guardian
-  // principal to avoid identity_mismatch.
+  // won't match the real guardian binding, so fall back to the local guardian
+  // binding to avoid identity_mismatch.
   let guardianPrincipalId: string | undefined =
     headers["x-vellum-actor-principal-id"] ?? undefined;
   if (
     isHttpAuthDisabled() &&
     headers["x-vellum-actor-principal-id"] === "dev-bypass"
   ) {
-    guardianPrincipalId = (await findLocalGuardianPrincipalId()) ?? undefined;
+    const binding = findGuardianForChannel("vellum");
+    guardianPrincipalId = binding?.contact.principalId ?? undefined;
   }
 
   const result = await processGuardianDecision({

package/src/runtime/routes/host-app-control-routes.ts

@@ -39,7 +39,7 @@ const VALID_STATES: ReadonlySet<HostAppControlState> = new Set([
 // POST /v1/host-app-control-result
 // ---------------------------------------------------------------------------
 
-async function handleHostAppControlResult({ body, headers }: RouteHandlerArgs) {
+function handleHostAppControlResult({ body, headers }: RouteHandlerArgs) {
   if (!body || typeof body !== "object") {
     throw new BadRequestError("Request body is required");
   }
@@ -95,10 +95,9 @@ async function handleHostAppControlResult({ body, headers }: RouteHandlerArgs) {
         `Client "${submittingClientId}" is not the target for this request (expected "${peeked.targetClientId}"). The targeted client must submit the result.`,
       );
     }
-    const submittingActorPrincipalId =
-      await resolveActorPrincipalIdForLocalGuardian(
-        headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
-      );
+    const submittingActorPrincipalId = resolveActorPrincipalIdForLocalGuardian(
+      headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
+    );
     enforceSameActorOrThrow({
       sourceActorPrincipalId: submittingActorPrincipalId,
       targetActorPrincipalId: peeked.targetActorPrincipalId,

package/src/runtime/routes/host-bash-routes.ts

@@ -26,7 +26,7 @@ import type { RouteDefinition, RouteHandlerArgs } from "./types.js";
 // POST /v1/host-bash-result
 // ---------------------------------------------------------------------------
 
-async function handleHostBashResult({ body, headers }: RouteHandlerArgs) {
+function handleHostBashResult({ body, headers }: RouteHandlerArgs) {
   if (!body || typeof body !== "object") {
     throw new BadRequestError("Request body is required");
   }
@@ -45,10 +45,9 @@ async function handleHostBashResult({ body, headers }: RouteHandlerArgs) {
 
   const submittingClientId =
     headers?.["x-vellum-client-id"]?.trim() || undefined;
-  const submittingActorPrincipalId =
-    await resolveActorPrincipalIdForLocalGuardian(
-      headers?.["x-vellum-actor-principal-id"]?.trim() || undefined,
-    );
+  const submittingActorPrincipalId = resolveActorPrincipalIdForLocalGuardian(
+    headers?.["x-vellum-actor-principal-id"]?.trim() || undefined,
+  );
 
   const peeked = pendingInteractions.get(requestId);
   if (!peeked) {

package/src/runtime/routes/host-browser-routes.ts

@@ -61,14 +61,14 @@ export type HostBrowserResultResolution =
  * already authenticated the caller (the HTTP route uses
  * `requireBoundGuardian`).
  */
-export async function resolveHostBrowserResultByRequestId(
+export function resolveHostBrowserResultByRequestId(
   frame: {
     requestId?: unknown;
     content?: unknown;
     isError?: unknown;
   },
   headers?: Record<string, string | undefined>,
-): Promise<HostBrowserResultResolution> {
+): HostBrowserResultResolution {
   const { requestId, content, isError } = frame;
 
   if (!requestId || typeof requestId !== "string") {
@@ -127,10 +127,9 @@ export async function resolveHostBrowserResultByRequestId(
     // stream. This prevents a different authenticated user with knowledge of
     // both the requestId and target clientId from submitting a result on
     // behalf of the targeted client.
-    const submittingActorPrincipalId =
-      await resolveActorPrincipalIdForLocalGuardian(
-        headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
-      );
+    const submittingActorPrincipalId = resolveActorPrincipalIdForLocalGuardian(
+      headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
+    );
     try {
       enforceSameActorOrThrow({
         sourceActorPrincipalId: submittingActorPrincipalId,
@@ -261,12 +260,12 @@ export function resolveHostBrowserSessionInvalidated(frame: {
 // POST /v1/host-browser-result
 // ---------------------------------------------------------------------------
 
-async function handleHostBrowserResult({ body, headers }: RouteHandlerArgs) {
+function handleHostBrowserResult({ body, headers }: RouteHandlerArgs) {
   if (!body || typeof body !== "object") {
     throw new BadRequestError("Request body is required");
   }
 
-  const resolution = await resolveHostBrowserResultByRequestId(
+  const resolution = resolveHostBrowserResultByRequestId(
     body,
     headers as Record<string, string | undefined> | undefined,
   );
@@ -400,7 +399,10 @@ export const ROUTES: RouteDefinition[] = [
       "Marks the target as invalidated in the runtime-side browser session registry.",
     tags: ["host"],
     requestBody: z.object({
-      targetId: z.string().optional().describe("CDP target that was detached"),
+      targetId: z
+        .string()
+        .optional()
+        .describe("CDP target that was detached"),
       reason: z.string().optional().describe("Detach reason"),
       clientId: z
         .string()

package/src/runtime/routes/host-cu-routes.ts

@@ -26,7 +26,7 @@ import type { RouteDefinition, RouteHandlerArgs } from "./types.js";
 // POST /v1/host-cu-result
 // ---------------------------------------------------------------------------
 
-async function handleHostCuResult({ body, headers }: RouteHandlerArgs) {
+function handleHostCuResult({ body, headers }: RouteHandlerArgs) {
   if (!body || typeof body !== "object") {
     throw new BadRequestError("Request body is required");
   }
@@ -95,10 +95,9 @@ async function handleHostCuResult({ body, headers }: RouteHandlerArgs) {
     // stream. This prevents a different authenticated user with knowledge of
     // both the requestId and target clientId from submitting a result on
     // behalf of the targeted client.
-    const submittingActorPrincipalId =
-      await resolveActorPrincipalIdForLocalGuardian(
-        headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
-      );
+    const submittingActorPrincipalId = resolveActorPrincipalIdForLocalGuardian(
+      headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
+    );
     enforceSameActorOrThrow({
       sourceActorPrincipalId: submittingActorPrincipalId,
       targetActorPrincipalId: peeked.targetActorPrincipalId,

package/src/runtime/routes/host-file-routes.ts

@@ -26,7 +26,7 @@ import type { RouteDefinition, RouteHandlerArgs } from "./types.js";
 // POST /v1/host-file-result
 // ---------------------------------------------------------------------------
 
-async function handleHostFileResult({ body, headers }: RouteHandlerArgs) {
+function handleHostFileResult({ body, headers }: RouteHandlerArgs) {
   if (!body || typeof body !== "object") {
     throw new BadRequestError("Request body is required");
   }
@@ -76,10 +76,9 @@ async function handleHostFileResult({ body, headers }: RouteHandlerArgs) {
     // match the actor that opened the target client's SSE stream. This blocks
     // cross-user submissions even if a different user somehow obtains the
     // target client id.
-    const submittingActorPrincipalId =
-      await resolveActorPrincipalIdForLocalGuardian(
-        headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
-      );
+    const submittingActorPrincipalId = resolveActorPrincipalIdForLocalGuardian(
+      headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
+    );
     enforceSameActorOrThrow({
       sourceActorPrincipalId: submittingActorPrincipalId,
       targetActorPrincipalId: peeked.targetActorPrincipalId,