@vellumai/assistant 0.10.2-dev.202606250318.5e7cfb0 → 0.10.2

package/src/runtime/routes/host-transfer-routes.ts

@@ -39,10 +39,10 @@ function findProxyByTransferId(transferId: string) {
 // GET /v1/transfers/:transferId/content
 // ---------------------------------------------------------------------------
 
-async function handleTransferContentGet({
+function handleTransferContentGet({
   pathParams = {},
   headers = {},
-}: RouteHandlerArgs): Promise<Uint8Array> {
+}: RouteHandlerArgs): Uint8Array {
   const transferId = pathParams.transferId;
   if (!transferId) {
     throw new BadRequestError("transferId path parameter is required");
@@ -72,7 +72,7 @@ async function handleTransferContentGet({
     // the value persisted at registration time so a brief reconnect does
     // not 403 a legitimate fetch.
     enforceSameActorOrThrow({
-      sourceActorPrincipalId: await resolveActorPrincipalIdForLocalGuardian(
+      sourceActorPrincipalId: resolveActorPrincipalIdForLocalGuardian(
         headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
       ),
       targetActorPrincipalId:
@@ -151,7 +151,7 @@ async function handleTransferContentPut({
       );
 
     enforceSameActorOrThrow({
-      sourceActorPrincipalId: await resolveActorPrincipalIdForLocalGuardian(
+      sourceActorPrincipalId: resolveActorPrincipalIdForLocalGuardian(
         headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
       ),
       targetActorPrincipalId:
@@ -181,7 +181,7 @@ async function handleTransferContentPut({
 // POST /v1/host-transfer-result
 // ---------------------------------------------------------------------------
 
-async function handleTransferResult({ body, headers }: RouteHandlerArgs) {
+function handleTransferResult({ body, headers }: RouteHandlerArgs) {
   if (!body || typeof body !== "object") {
     throw new BadRequestError("Request body is required");
   }
@@ -222,7 +222,7 @@ async function handleTransferResult({ body, headers }: RouteHandlerArgs) {
       );
 
     enforceSameActorOrThrow({
-      sourceActorPrincipalId: await resolveActorPrincipalIdForLocalGuardian(
+      sourceActorPrincipalId: resolveActorPrincipalIdForLocalGuardian(
         headerMap["x-vellum-actor-principal-id"]?.trim() || undefined,
       ),
       targetActorPrincipalId: peeked.targetActorPrincipalId,

package/src/runtime/routes/http-adapter.ts

@@ -51,7 +51,7 @@ export function routeDefinitionsToHTTPRoutes(
     handler: async ({ req, url, params, authContext }) => {
       try {
         if (r.requireGuardian) {
-          const guardianError = await requireBoundGuardian(authContext);
+          const guardianError = requireBoundGuardian(authContext);
           if (guardianError) return guardianError;
         }
 

package/src/runtime/routes/identity-routes.ts

@@ -10,8 +10,7 @@ import { z } from "zod";
 import { getCpuLimit, getIsPlatform } from "../../config/env-registry.js";
 import { parseIdentityFields } from "../../daemon/handlers/identity.js";
 import { getProfilerRuntimeStatus } from "../../daemon/profiler-run-store.js";
-import { getMaxRollbackVersion } from "../../memory/migrations/run-migrations.js";
-import { migrationSteps } from "../../memory/steps.js";
+import { getMaxMigrationVersion } from "../../memory/migrations/registry.js";
 import { getCesClient } from "../../security/secure-keys.js";
 import {
   getDiskUsageInfo,
@@ -336,7 +335,7 @@ function getDetailedHealth() {
     memory: getMemoryInfo(),
     cpu: getCpuInfo(),
     migrations: {
-      dbVersion: getMaxRollbackVersion(migrationSteps),
+      dbVersion: getMaxMigrationVersion(),
       lastWorkspaceMigrationId:
         getLastWorkspaceMigrationId(WORKSPACE_MIGRATIONS),
     },

package/src/runtime/routes/inbound-message-handler.ts

@@ -680,7 +680,7 @@ export async function handleChannelInbound({
       canonicalAssistantId,
       assistantId,
       content,
-      channelId: resolvedMember?.channelId,
+      channelId: resolvedMember?.channel.id,
     });
   }
 
@@ -761,7 +761,7 @@ export async function handleChannelInbound({
       : enforceAdmissionPolicy({
           sourceChannel,
           trustClass: trustCtx.trustClass,
-          memberStatus: resolvedMember?.status,
+          memberStatus: resolvedMember?.channel.status,
           policy: admissionPolicyFromGateway,
         });
   if (!admissionResult.admitted) {
@@ -801,7 +801,7 @@ export async function handleChannelInbound({
     // guardian sees "previously pending" etc.
     let guardianNotified = false;
     try {
-      const accessResult = await notifyGuardianOfAccessRequest({
+      const accessResult = notifyGuardianOfAccessRequest({
         canonicalAssistantId,
         sourceChannel,
         conversationExternalId,
@@ -811,7 +811,7 @@ export async function handleChannelInbound({
         ...(resolvedMember
           ? {
               previousMemberStatus: channelStatusToMemberStatus(
-                resolvedMember.status,
+                resolvedMember.channel.status,
               ),
             }
           : {}),
@@ -935,7 +935,7 @@ export async function handleChannelInbound({
   }
 
   // ── Ingress escalation ──
-  const escalationResponse = await handleEscalationIntercept({
+  const escalationResponse = handleEscalationIntercept({
     resolvedMember,
     canonicalAssistantId,
     sourceChannel,

package/src/runtime/routes/inbound-stages/acl-enforcement.test.ts

@@ -19,28 +19,14 @@ mock.module("../../../util/logger.js", () => ({
 }));
 
 // Track contact-store reads to prove findContactChannel is NOT used on the
-// verdict path.
+// verdict path. findGuardianForChannel is still called by resolveGuardianLabel.
 const findContactChannelCalls: unknown[] = [];
 mock.module("../../../contacts/contact-store.js", () => ({
   findContactChannel: (params: unknown) => {
     findContactChannelCalls.push(params);
     return null;
   },
-}));
-
-// resolveGuardianLabel resolves the guardian via the gateway delivery reader.
-let guardianDeliveryList: Array<Record<string, unknown>> = [];
-mock.module("../../../contacts/guardian-delivery-reader.js", () => ({
-  getGuardianDelivery: async () => guardianDeliveryList,
-  guardianForChannel: (
-    list: Array<Record<string, unknown>>,
-    channelType: string,
-  ) => list.find((g) => g.channelType === channelType && g.status === "active"),
-}));
-
-mock.module("../../../prompts/user-reference.js", () => ({
-  resolveGuardianName: (displayName?: string | null) =>
-    displayName && displayName.trim().length > 0 ? displayName.trim() : "my human",
+  findGuardianForChannel: () => null,
 }));
 
 const deliverReplyCalls: Array<{ url: string; payload: unknown }> = [];
@@ -140,7 +126,6 @@ beforeEach(() => {
   deliverReplyCalls.length = 0;
   accessRequestCalls.length = 0;
   inviteTokenForTest = undefined;
-  guardianDeliveryList = [];
 });
 
 afterEach(() => {
@@ -155,8 +140,8 @@ describe("enforceIngressAcl — verdict-sourced member resolution", () => {
 
     expect(result.earlyResponse).toBeUndefined();
     expect(result.resolvedMember).not.toBeNull();
-    expect(result.resolvedMember!.status).toBe("active");
-    expect(result.resolvedMember!.policy).toBe("allow");
+    expect(result.resolvedMember!.channel.status).toBe("active");
+    expect(result.resolvedMember!.channel.policy).toBe("allow");
     // Member came from the verdict, never the local contact store.
     expect(findContactChannelCalls.length).toBe(0);
   });
@@ -171,8 +156,7 @@ describe("enforceIngressAcl — verdict-sourced member resolution", () => {
     );
 
     expect(result.earlyResponse).toBeUndefined();
-    expect(result.resolvedMember).not.toBeNull();
-    expect(result.resolvedMember!.status).toBe("active");
+    expect(result.resolvedMember!.contact.role).toBe("guardian");
     expect(findContactChannelCalls.length).toBe(0);
   });
 });
@@ -265,82 +249,6 @@ describe("enforceIngressAcl — fail-closed on absent verdict", () => {
   });
 });
 
-describe("enforceIngressAcl — fail-closed on resolutionFailed verdict", () => {
-  test("resolutionFailed verdict → not_a_member deny, does not flow to intercepts", async () => {
-    inviteTokenForTest = "iv_token123";
-    const result = await enforceIngressAcl(
-      makeParams({
-        sourceMetadata: withVerdict({
-          trustClass: "unknown",
-          canonicalSenderId: "sender-1",
-          resolutionFailed: true,
-        }),
-        effectiveAdmissionPolicy: "strangers",
-      }),
-    );
-
-    expect(result.earlyResponse).toBeDefined();
-    expect(result.earlyResponse!.reason).toBe("not_a_member");
-    expect(result.resolvedMember).toBeNull();
-    // Distinct from a stranger: no invite redemption, onboarding, or
-    // guardian notification fires.
-    expect(result.earlyResponse!.inviteRedemption).toBeUndefined();
-    expect(deliverReplyCalls.length).toBe(0);
-    expect(accessRequestCalls.length).toBe(0);
-    expect(findContactChannelCalls.length).toBe(0);
-  });
-
-  test("real unknown stranger (no resolutionFailed) still redeems via intercept", async () => {
-    inviteTokenForTest = "iv_token123";
-    const result = await enforceIngressAcl(
-      makeParams({
-        sourceMetadata: withVerdict({
-          trustClass: "unknown",
-          canonicalSenderId: "sender-1",
-        }),
-      }),
-    );
-
-    expect(result.earlyResponse!.inviteRedemption).toBe("redeemed");
-    expect(result.resolvedMember).toBeNull();
-  });
-});
-
-describe("enforceIngressAcl — deny copy names the gateway guardian", () => {
-  test("non-member deny reply uses the guardian displayName from the gateway list", async () => {
-    guardianDeliveryList = [
-      {
-        channelType: "vellum",
-        contactId: "c-1",
-        principalId: "p-anchor",
-        displayName: "Alice Guardian",
-        address: "p-anchor",
-        status: "active",
-      },
-    ];
-
-    const result = await enforceIngressAcl(
-      makeParams({
-        sourceMetadata: withVerdict({
-          trustClass: "unknown",
-          canonicalSenderId: "stranger-1",
-        }),
-      }),
-    );
-
-    expect(result.earlyResponse!.reason).toBe("not_a_member");
-    const denyReply = deliverReplyCalls.find((c) =>
-      String((c.payload as { text?: string }).text ?? "").includes(
-        "tried talking to me",
-      ),
-    );
-    expect(denyReply).toBeDefined();
-    expect((denyReply!.payload as { text: string }).text).toContain(
-      "Alice Guardian",
-    );
-  });
-});
-
 describe("enforceIngressAcl — fail-closed on malformed member verdict", () => {
   test("member identity + unknown policy → not_a_member deny even under strangers", async () => {
     const result = await enforceIngressAcl(

package/src/runtime/routes/inbound-stages/acl-enforcement.ts

@@ -7,7 +7,7 @@ import type { AdmissionPolicy, SourceMetadata } from "@vellumai/gateway-client";
 
 import { isInviteCodeRedemptionEnabled } from "../../../channels/config.js";
 import type { ChannelId } from "../../../channels/types.js";
-import { getGuardianDelivery } from "../../../contacts/guardian-delivery-reader.js";
+import { findGuardianForChannel } from "../../../contacts/contact-store.js";
 import { channelStatusToMemberStatus } from "../../../contacts/member-status.js";
 import type {
   ContactChannel,
@@ -25,7 +25,6 @@ import { getLogger } from "../../../util/logger.js";
 import { truncate } from "../../../util/truncate.js";
 import { hashVoiceCode } from "../../../util/voice-code.js";
 import { notifyGuardianOfAccessRequest } from "../../access-request-helper.js";
-import { resolveAnchoredGuardian } from "../../anchored-guardian.js";
 import { getInviteAdapterRegistry } from "../../channel-invite-transport.js";
 import {
   createOutboundSession,
@@ -39,8 +38,7 @@ import {
   redeemInviteByCode,
 } from "../../invite-redemption-service.js";
 import { getInviteRedemptionReply } from "../../invite-redemption-templates.js";
-import type { VerdictMember } from "../../trust-verdict-consumer.js";
-import { verdictMemberFromVerdict } from "../../trust-verdict-consumer.js";
+import { resolvedMemberFromVerdict } from "../../trust-verdict-consumer.js";
 
 const log = getLogger("runtime-http");
 
@@ -48,20 +46,28 @@ const log = getLogger("runtime-http");
  * Resolve the guardian's display name for use in requester-facing messages.
  *
  * Uses the assistant's anchored vellum principal to validate the guardian
- * binding, matching the same strategy used by `notifyGuardianOfAccessRequest`.
- * This prevents stale or cross-assistant bindings from leaking a wrong name.
- * Cosmetic copy, not an admission decision, so a null gateway list degrades
- * gracefully to the default reference.
+ * contact, matching the same strategy used by `notifyGuardianOfAccessRequest`.
+ * This prevents stale or cross-assistant contacts from leaking a wrong name.
  */
-async function resolveGuardianLabel(sourceChannel: ChannelId): Promise<string> {
-  // Cosmetic copy, not an admission decision: no local-store fallback, and a
-  // missing anchor principal degrades to the default reference.
-  const anchored = resolveAnchoredGuardian({
-    guardians: await getGuardianDelivery(),
-    sourceChannel,
-    requireAnchorPrincipal: true,
-  });
-  return resolveGuardianName(anchored?.displayName);
+function resolveGuardianLabel(sourceChannel: ChannelId): string {
+  const vellumGuardian = findGuardianForChannel("vellum");
+  const anchoredPrincipalId = vellumGuardian?.contact.principalId;
+
+  if (!anchoredPrincipalId) {
+    return resolveGuardianName(undefined);
+  }
+
+  // Try source-channel guardian, but only accept it when the principal
+  // matches the assistant's anchor.
+  const sourceGuardian = findGuardianForChannel(sourceChannel);
+  if (
+    sourceGuardian &&
+    sourceGuardian.contact.principalId === anchoredPrincipalId
+  ) {
+    return resolveGuardianName(sourceGuardian.contact.displayName);
+  }
+
+  return resolveGuardianName(vellumGuardian.contact.displayName);
 }
 
 // ---------------------------------------------------------------------------
@@ -103,7 +109,7 @@ export type ResolvedMember = {
 };
 
 export interface AclResult {
-  resolvedMember: VerdictMember | null;
+  resolvedMember: ResolvedMember | null;
   /** When set, the caller must return this response immediately. */
   earlyResponse?: Record<string, unknown>;
   /**
@@ -167,27 +173,9 @@ export async function enforceIngressAcl(
     };
   }
 
-  // Gateway attempted resolution but failed (DB error) → fail-closed deny,
-  // distinct from an absent verdict and from a real stranger. TEXT does not
-  // fall back to local ACL reads; the sender can retry.
-  if (verdict.resolutionFailed === true) {
-    log.warn(
-      { sourceChannel, externalUserId: canonicalSenderId },
-      "Ingress ACL: gateway trust resolution failed, denying fail-closed",
-    );
-    return {
-      resolvedMember: null,
-      earlyResponse: {
-        accepted: true,
-        denied: true,
-        reason: "not_a_member",
-      },
-    };
-  }
-
   // Member resolved from the gateway verdict (ACL + identity only); null for a
   // stranger verdict, which falls through to the non-member intercepts.
-  const resolvedMember: VerdictMember | null = verdictMemberFromVerdict(verdict);
+  const resolvedMember: ResolvedMember | null = resolvedMemberFromVerdict(verdict);
 
   // A verdict carrying member identity but no resolvable member
   // (malformed/unknown ACL) fails closed, not treated as a stranger.
@@ -341,7 +329,7 @@ export async function enforceIngressAcl(
           if (slackVerifyResult.initiated) {
             // Still notify the guardian about the access attempt
             try {
-              await notifyGuardianOfAccessRequest({
+              notifyGuardianOfAccessRequest({
                 canonicalAssistantId,
                 sourceChannel,
                 conversationExternalId,
@@ -381,7 +369,7 @@ export async function enforceIngressAcl(
               try {
                 await deliverChannelReply(dmCallbackUrl, {
                   chatId: senderUserId,
-                  text: `I don't recognize you yet! I've let ${await resolveGuardianLabel(sourceChannel)} know you're trying to reach me. They'll need to share a 6-digit verification code with you — ask them directly if you know them. Once you have the code, reply here with it.`,
+                  text: `I don't recognize you yet! I've let ${resolveGuardianLabel(sourceChannel)} know you're trying to reach me. They'll need to share a 6-digit verification code with you — ask them directly if you know them. Once you have the code, reply here with it.`,
                   assistantId,
                 });
               } catch (err) {
@@ -416,7 +404,7 @@ export async function enforceIngressAcl(
 
           if (emailVerifyResult.initiated) {
             try {
-              await notifyGuardianOfAccessRequest({
+              notifyGuardianOfAccessRequest({
                 canonicalAssistantId,
                 sourceChannel,
                 conversationExternalId,
@@ -455,7 +443,7 @@ export async function enforceIngressAcl(
         // deduplication, canonical request creation, and notification emission.
         let guardianNotified = false;
         try {
-          const accessResult = await notifyGuardianOfAccessRequest({
+          const accessResult = notifyGuardianOfAccessRequest({
             canonicalAssistantId,
             sourceChannel,
             conversationExternalId,
@@ -479,7 +467,7 @@ export async function enforceIngressAcl(
         }
 
         const replyText = guardianNotified
-          ? `Hmm looks like you don't have access to talk to me. I'll let ${await resolveGuardianLabel(sourceChannel)} know you tried talking to me and get back to you.`
+          ? `Hmm looks like you don't have access to talk to me. I'll let ${resolveGuardianLabel(sourceChannel)} know you tried talking to me and get back to you.`
           : "Sorry, you haven't been approved to message this assistant.";
         let replyDelivered = false;
         if (replyCallbackUrl) {
@@ -519,8 +507,8 @@ export async function enforceIngressAcl(
     }
 
     if (resolvedMember) {
-      if (resolvedMember.status !== "active") {
-        const isBlockedMember = resolvedMember.status === "blocked";
+      if (resolvedMember.channel.status !== "active") {
+        const isBlockedMember = resolvedMember.channel.status === "blocked";
         // Bootstrap commands must pass through for re-verifiable states
         // (pending/revoked), but never for blocked members.
         let denyInactiveMember = true;
@@ -541,7 +529,7 @@ export async function enforceIngressAcl(
             log.info(
               {
                 sourceChannel,
-                channelId: resolvedMember.channelId,
+                channelId: resolvedMember.channel.id,
                 hasValidBootstrapSession: false,
               },
               "Ingress ACL: inactive member bootstrap bypass denied",
@@ -626,11 +614,11 @@ export async function enforceIngressAcl(
         if (!isBlockedMember && denyInactiveMember) {
           if (
             (effectiveAdmissionPolicy === "strangers" &&
-              resolvedMember.status !== "revoked") ||
+              resolvedMember.channel.status !== "revoked") ||
             ((effectiveAdmissionPolicy === "any_contact" ||
               effectiveAdmissionPolicy === "guardian_only") &&
-              (resolvedMember.status === "pending" ||
-                resolvedMember.status === "unverified"))
+              (resolvedMember.channel.status === "pending" ||
+                resolvedMember.channel.status === "unverified"))
           ) {
             denyInactiveMember = false;
           }
@@ -640,8 +628,8 @@ export async function enforceIngressAcl(
           log.info(
             {
               sourceChannel,
-              channelId: resolvedMember.channelId,
-              status: resolvedMember.status,
+              channelId: resolvedMember.channel.id,
+              status: resolvedMember.channel.status,
             },
             "Ingress ACL: member not active, denying",
           );
@@ -651,7 +639,7 @@ export async function enforceIngressAcl(
           // the guardian made an explicit decision to block them.
           if (
             sourceChannel === "slack" &&
-            resolvedMember.status !== "blocked" &&
+            resolvedMember.channel.status !== "blocked" &&
             (canonicalSenderId ?? rawSenderId)
           ) {
             const slackVerifyResult = initiateSlackVerificationChallenge({
@@ -661,7 +649,7 @@ export async function enforceIngressAcl(
 
             if (slackVerifyResult.initiated) {
               try {
-                await notifyGuardianOfAccessRequest({
+                notifyGuardianOfAccessRequest({
                   canonicalAssistantId,
                   sourceChannel,
                   conversationExternalId,
@@ -669,7 +657,7 @@ export async function enforceIngressAcl(
                   actorDisplayName,
                   actorUsername,
                   previousMemberStatus: channelStatusToMemberStatus(
-                    resolvedMember.status,
+                    resolvedMember.channel.status,
                   ),
                   messagePreview: truncate(
                     trimmedContent,
@@ -700,7 +688,7 @@ export async function enforceIngressAcl(
                 try {
                   await deliverChannelReply(dmCallbackUrl, {
                     chatId: senderUserId,
-                    text: `I don't recognize you yet! I've let ${await resolveGuardianLabel(sourceChannel)} know you're trying to reach me. They'll need to share a 6-digit verification code with you — ask them directly if you know them. Once you have the code, reply here with it.`,
+                    text: `I don't recognize you yet! I've let ${resolveGuardianLabel(sourceChannel)} know you're trying to reach me. They'll need to share a 6-digit verification code with you — ask them directly if you know them. Once you have the code, reply here with it.`,
                     assistantId,
                   });
                 } catch (err) {
@@ -727,9 +715,9 @@ export async function enforceIngressAcl(
           // re-approve. Blocked members are intentionally excluded — the
           // guardian already made an explicit decision to block them.
           let guardianNotified = false;
-          if (resolvedMember.status !== "blocked") {
+          if (resolvedMember.channel.status !== "blocked") {
             try {
-              const accessResult = await notifyGuardianOfAccessRequest({
+              const accessResult = notifyGuardianOfAccessRequest({
                 canonicalAssistantId,
                 sourceChannel,
                 conversationExternalId,
@@ -737,7 +725,7 @@ export async function enforceIngressAcl(
                 actorDisplayName,
                 actorUsername,
                 previousMemberStatus: channelStatusToMemberStatus(
-                  resolvedMember.status,
+                  resolvedMember.channel.status,
                 ),
                 messagePreview: truncate(
                   trimmedContent,
@@ -757,7 +745,7 @@ export async function enforceIngressAcl(
           }
 
           const inactiveReplyText = guardianNotified
-            ? `Hmm looks like you don't have access to talk to me. I'll let ${await resolveGuardianLabel(sourceChannel)} know you tried talking to me and get back to you.`
+            ? `Hmm looks like you don't have access to talk to me. I'll let ${resolveGuardianLabel(sourceChannel)} know you tried talking to me and get back to you.`
             : "Sorry, you haven't been approved to message this assistant.";
           let inactiveReplyDelivered = false;
           if (replyCallbackUrl) {
@@ -791,16 +779,16 @@ export async function enforceIngressAcl(
             earlyResponse: {
               accepted: true,
               denied: true,
-              reason: `member_${channelStatusToMemberStatus(resolvedMember.status)}`,
+              reason: `member_${channelStatusToMemberStatus(resolvedMember.channel.status)}`,
               ...(!inactiveReplyDelivered && { replyText: inactiveReplyText }),
             },
           };
         }
       }
 
-      if (resolvedMember.policy === "deny") {
+      if (resolvedMember.channel.policy === "deny") {
         log.info(
-          { sourceChannel, channelId: resolvedMember.channelId },
+          { sourceChannel, channelId: resolvedMember.channel.id },
           "Ingress ACL: member policy deny",
         );
         const denyReplyText =

package/src/runtime/routes/inbound-stages/background-dispatch.ts

@@ -9,10 +9,6 @@
  */
 import type { ChannelId, InterfaceId } from "../../../channels/types.js";
 import { findGuardianForChannel } from "../../../contacts/contact-store.js";
-import {
-  getGuardianDelivery,
-  guardianForChannel,
-} from "../../../contacts/guardian-delivery-reader.js";
 import type { ServerMessage } from "../../../daemon/message-protocol.js";
 import type { TrustContext } from "../../../daemon/trust-context.js";
 import {
@@ -964,18 +960,10 @@ function startTrustedContactApprovalNotifier(params: {
 
         if (info && !globalNotifiedApprovalRequestIds.has(info.requestId)) {
           globalNotifiedApprovalRequestIds.set(info.requestId, conversationId);
-          // Gateway-resolved guardian display name with the transitional
-          // local fallback on null/no-match (display-only). Removed in Combo 11.
-          const guardians = await getGuardianDelivery({
-            channelTypes: [sourceChannel],
-          });
-          const gatewayDisplayName = guardians
-            ? guardianForChannel(guardians, sourceChannel)?.displayName
-            : undefined;
-          const displayName =
-            gatewayDisplayName ??
-            findGuardianForChannel(sourceChannel)?.contact.displayName;
-          const guardianName = resolveGuardianName(displayName);
+          const guardian = findGuardianForChannel(sourceChannel);
+          const guardianName = resolveGuardianName(
+            guardian?.contact.displayName,
+          );
           const waitingText = `Waiting for ${guardianName}'s approval...`;
           try {
             await deliverChannelReply(replyCallbackUrl, {

package/src/runtime/routes/inbound-stages/escalation-intercept.ts

@@ -13,8 +13,8 @@ import { storePayload } from "../../../memory/delivery-crud.js";
 import { emitNotificationSignal } from "../../../notifications/emit-signal.js";
 import { getLogger } from "../../../util/logger.js";
 import { getGuardianBinding } from "../../channel-verification-service.js";
-import type { VerdictMember } from "../../trust-verdict-consumer.js";
 import { GUARDIAN_APPROVAL_TTL_MS } from "../channel-route-shared.js";
+import type { ResolvedMember } from "./acl-enforcement.js";
 
 const log = getLogger("runtime-http");
 
@@ -23,7 +23,7 @@ const log = getLogger("runtime-http");
 // ---------------------------------------------------------------------------
 
 export interface EscalationInterceptParams {
-  resolvedMember: VerdictMember | null;
+  resolvedMember: ResolvedMember | null;
   canonicalAssistantId: string;
   sourceChannel: ChannelId;
   sourceInterface: InterfaceId;
@@ -49,9 +49,9 @@ export interface EscalationInterceptParams {
  * Returns a Response if the escalation was handled (the pipeline should
  * short-circuit), or null to continue the pipeline.
  */
-export async function handleEscalationIntercept(
+export function handleEscalationIntercept(
   params: EscalationInterceptParams,
-): Promise<Record<string, unknown> | null> {
+): Record<string, unknown> | null {
   const {
     resolvedMember,
     canonicalAssistantId,
@@ -72,15 +72,15 @@ export async function handleEscalationIntercept(
     rawSenderId,
   } = params;
 
-  if (resolvedMember?.policy !== "escalate") {
+  if (resolvedMember?.channel.policy !== "escalate") {
     return null;
   }
 
-  const binding = await getGuardianBinding(canonicalAssistantId, sourceChannel);
+  const binding = getGuardianBinding(canonicalAssistantId, sourceChannel);
   if (!binding) {
     // Fail-closed: can't escalate without a guardian to route to
     log.info(
-      { sourceChannel, channelId: resolvedMember.channelId },
+      { sourceChannel, channelId: resolvedMember.channel.id },
       "Ingress ACL: escalate policy but no guardian binding, denying",
     );
     return {