@vellumai/assistant 0.10.2-dev.202606250318.5e7cfb0 → 0.10.2

package/src/contacts/guardian-delivery-reader.ts

@@ -1,223 +0,0 @@
-/**
- * Gateway-backed guardian binding + delivery reader.
- *
- * Resolves the active guardian binding(s) and their per-channel delivery
- * endpoints from the gateway via the `resolve_guardian_delivery` IPC route,
- * validating the response against {@link ResolveGuardianDeliveryResponseSchema}.
- *
- * Guardian binding is near-static — it only changes on guardian onboarding /
- * verification or revocation — yet this reader sits on many hot paths. To keep
- * those paths off the IPC, results are cached behind a minutes-scale TTL and
- * coalesced single-flight so a cold cache storms the gateway at most once.
- *
- * Freshness comes from two sources: the {@link invalidateGuardianDeliveryCache}
- * subscription to `onContactChange` (contact mutations clear the cache), and
- * {@link getGuardianDeliveryFresh} reads on existence guards (gateway-side
- * binding writes don't invalidate the daemon cache, so those paths read fresh).
- *
- * Returns `null` on ANY failure (transport failure, malformed shape, timeout,
- * or thrown error); failures are NOT cached, so a recovered gateway is retried
- * on the next call.
- */
-
-import {
-  type GuardianDelivery,
-  ResolveGuardianDeliveryResponseSchema,
-} from "@vellumai/gateway-client";
-
-import { ipcCall } from "../ipc/gateway-client.js";
-import { onContactChange } from "./contact-events.js";
-
-// Short IPC timeout so the read resolves promptly rather than stalling a hot
-// path on a gateway that accepts the socket but hangs.
-const GUARDIAN_DELIVERY_IPC_TIMEOUT_MS = 2_000;
-
-// Guardian binding is near-static, so a minutes-scale TTL is safe; freshness is
-// driven primarily by event-based invalidation, not by this backstop expiry.
-const GUARDIAN_DELIVERY_CACHE_TTL_MS = 300_000;
-
-interface CacheEntry {
-  guardians: GuardianDelivery[];
-  fetchedAt: number;
-}
-
-const cache = new Map<string, CacheEntry>();
-// Tracks whether the in-flight fetch was a force-refresh, so a fresh read never
-// coalesces with an older non-force fetch that may predate a gateway-side write.
-const inFlight = new Map<
-  string,
-  { promise: Promise<GuardianDelivery[] | null>; fresh: boolean }
->();
-
-// Bumped on every invalidation. A fetch captures the generation when it starts
-// and only writes its result to the cache if the generation is unchanged on
-// resolve, so an invalidation mid-flight can't repopulate a stale pre-change
-// result and mask a guardian-binding change.
-let cacheGeneration = 0;
-
-function cacheKey(channelTypes?: string[]): string {
-  if (!channelTypes || channelTypes.length === 0) return "ALL";
-  return [...channelTypes].sort().join(",");
-}
-
-async function fetchGuardianDelivery(
-  input: { channelTypes?: string[] },
-): Promise<GuardianDelivery[] | null> {
-  try {
-    const result = await ipcCall(
-      "resolve_guardian_delivery",
-      input,
-      GUARDIAN_DELIVERY_IPC_TIMEOUT_MS,
-    );
-    if (!result) return null;
-
-    const parsed = ResolveGuardianDeliveryResponseSchema.safeParse(result);
-    return parsed.success ? parsed.data.guardians : null;
-  } catch {
-    return null;
-  }
-}
-
-// Shared fetch path for both the cached and fresh public surfaces. When
-// `forceRefresh` is set the cached entry is bypassed; the read is still
-// single-flight and still populates the cache with the fresh result.
-async function readGuardianDelivery(
-  input: { channelTypes?: string[]; forceRefresh?: boolean },
-): Promise<GuardianDelivery[] | null> {
-  const key = cacheKey(input.channelTypes);
-
-  if (!input.forceRefresh) {
-    const cached = cache.get(key);
-    if (
-      cached &&
-      Date.now() - cached.fetchedAt < GUARDIAN_DELIVERY_CACHE_TTL_MS
-    ) {
-      return cached.guardians;
-    }
-  }
-
-  // A non-force read may coalesce with any in-flight fetch. A force read may
-  // only coalesce with another force fetch — never with a non-force fetch that
-  // could have started before a gateway-side binding write and resolve stale.
-  const pending = inFlight.get(key);
-  if (pending && (!input.forceRefresh || pending.fresh)) return pending.promise;
-
-  const startGen = cacheGeneration;
-  const promise = fetchGuardianDelivery({ channelTypes: input.channelTypes })
-    .then((guardians) => {
-      // Skip the write if an invalidation fired during the fetch: the result
-      // may predate the change. Return it to this caller (freshest it has) but
-      // leave the cache empty so the next call re-fetches.
-      if (guardians && cacheGeneration === startGen) {
-        cache.set(key, { guardians, fetchedAt: Date.now() });
-      }
-      return guardians;
-    })
-    .finally(() => {
-      // Only clear the slot if it still holds this fetch — a concurrent force
-      // read may have replaced a non-force entry (or vice versa).
-      if (inFlight.get(key)?.promise === promise) inFlight.delete(key);
-    });
-
-  inFlight.set(key, { promise, fresh: !!input.forceRefresh });
-  return promise;
-}
-
-/**
- * Resolve active guardian deliveries, optionally filtered by channel type.
- * Returns the cached list when fresh, otherwise fetches (single-flight) and
- * caches on success. Returns `null` on failure without caching.
- *
- * To force an uncached read, call {@link getGuardianDeliveryFresh} — the only
- * public fresh-read entry point.
- */
-export async function getGuardianDelivery(
-  input?: { channelTypes?: string[] },
-): Promise<GuardianDelivery[] | null> {
-  return readGuardianDelivery({ channelTypes: input?.channelTypes });
-}
-
-/**
- * Synchronous read of the already-cached guardian deliveries, without any IO.
- *
- * Returns the fresh cached list for the given channel filter, or `undefined`
- * when the cache is cold or expired. Used by sync hot paths (SSE subscribe)
- * that cannot await {@link getGuardianDelivery} but must resolve the SAME
- * gateway-owned principal the async paths land on. A cold/expired return lets
- * the caller fall back to the local store as before.
- */
-export function peekCachedGuardianDelivery(
-  input?: { channelTypes?: string[] },
-): GuardianDelivery[] | undefined {
-  const cached = cache.get(cacheKey(input?.channelTypes));
-  if (!cached) return undefined;
-  if (Date.now() - cached.fetchedAt >= GUARDIAN_DELIVERY_CACHE_TTL_MS) {
-    return undefined;
-  }
-  return cached.guardians;
-}
-
-/**
- * Fresh (uncached) variant of {@link getGuardianDelivery}. Existence guards read
- * fresh because gateway-side binding writes don't invalidate the daemon cache.
- * Still single-flight, and still populates the cache with the fresh result.
- */
-export async function getGuardianDeliveryFresh(
-  input?: { channelTypes?: string[] },
-): Promise<GuardianDelivery[] | null> {
-  return readGuardianDelivery({
-    channelTypes: input?.channelTypes,
-    forceRefresh: true,
-  });
-}
-
-/**
- * Clear ALL cached guardian deliveries. Subscribed to `onContactChange` so
- * contact mutations refetch on the next read; also exported for any caller that
- * wants to invalidate explicitly.
- */
-export function invalidateGuardianDeliveryCache(): void {
-  cacheGeneration += 1;
-  cache.clear();
-  inFlight.clear();
-}
-
-onContactChange(invalidateGuardianDeliveryCache);
-
-/** First active guardian delivery for the given channel type, if any. */
-export function guardianForChannel(
-  list: GuardianDelivery[],
-  channelType: string,
-): GuardianDelivery | undefined {
-  return list.find(
-    (g) => g.channelType === channelType && g.status === "active",
-  );
-}
-
-/** First guardian delivery overall — the `listGuardianChannels` fallback. */
-export function anyGuardian(
-  list: GuardianDelivery[],
-): GuardianDelivery | undefined {
-  return list[0];
-}
-
-/**
- * Resolve a guardian displayName for voice surfaces: prefer the phone-channel
- * guardian, falling back to any guardian. Returns `undefined` when the list is
- * absent or no guardian carries a displayName.
- */
-export function voiceGuardianDisplayName(
-  list: GuardianDelivery[] | null,
-): string | undefined {
-  const guardian = list
-    ? (guardianForChannel(list, "phone") ?? anyGuardian(list))
-    : undefined;
-  return guardian?.displayName ?? undefined;
-}
-
-/** Test-only: reset cache + in-flight state for deterministic test runs. */
-export function __resetGuardianDeliveryCacheForTest(): void {
-  cache.clear();
-  inFlight.clear();
-  cacheGeneration = 0;
-}

package/src/contacts/member-write-relay.ts

@@ -1,189 +0,0 @@
-/**
- * Gateway-first member-channel write relay.
- *
- * The gateway is the ACL source of truth. Each write goes to the gateway first;
- * the assistant-DB write in contacts-write.ts is a best-effort local mirror that
- * never throws and never gates the gateway-owned outcome.
- */
-
-import {
-  MarkChannelRevokedIpcResponseSchema,
-  UpsertVerifiedChannelIpcResponseSchema,
-} from "@vellumai/gateway-client/gateway-ipc-contracts";
-
-import { log } from "../daemon/handlers/shared.js";
-import { ipcCallPersistent } from "../ipc/gateway-client.js";
-import { revokeMember, upsertContactChannel } from "./contacts-write.js";
-import type { ContactWriteResult } from "./types.js";
-
-// ── Activate ─────────────────────────────────────────────────────────
-
-export interface ActivateMemberChannelParams {
-  sourceChannel: string;
-  externalUserId?: string;
-  externalChatId?: string;
-  contactId?: string;
-  displayName?: string;
-  username?: string;
-  inviteId?: string;
-  verifiedAt?: number;
-  verifiedVia?: string;
-  policy?: string;
-}
-
-/**
- * Outcome of a gateway-first member activation. The gateway owns the ACL
- * verdict; `activated` carries a stable memberId (gateway channel id, or the
- * local mirror's id when present) regardless of whether the best-effort local
- * mirror produced a row. `refused` means the gateway authoritatively denied the
- * actor (blocked/revoked) — callers must NOT treat it as an activation.
- */
-export type ActivateMemberOutcome =
-  | { status: "activated"; memberId: string; member: ContactWriteResult | null }
-  | { status: "refused" };
-
-/**
- * Activate a member channel gateway-first, then mirror the activation to the
- * assistant DB best-effort. The gateway owns the ACL outcome; the local mirror
- * supplies the native contact/channel callers still wire downstream.
- *
- * A gateway failure fails open with a logged warning (matching the redemption
- * service's record_invite_redemption posture) so a transient gateway outage
- * never drops a legitimate activation — the local mirror still stands.
- *
- * Returns an `activated` outcome with a stable memberId on success, or
- * `refused` when the gateway denies the actor. A best-effort local-mirror
- * failure never downgrades a verified gateway activation.
- */
-export async function activateMemberChannel(
-  params: ActivateMemberChannelParams,
-): Promise<ActivateMemberOutcome> {
-  const address = params.externalUserId ?? params.externalChatId;
-  const externalChatId = params.externalChatId ?? params.externalUserId;
-
-  let gatewayChannelId: string | undefined;
-
-  if (address && externalChatId) {
-    try {
-      const result = await ipcCallPersistent("upsert_verified_channel", {
-        type: params.sourceChannel,
-        address,
-        externalChatId,
-        displayName: params.displayName,
-        username: params.username,
-        verifiedVia: params.verifiedVia ?? "invite",
-        contactId: params.contactId,
-        // Invite redemption may reactivate a revoked member; blocked actors are
-        // still refused by the gateway guard.
-        allowRevokedReactivation: true,
-      });
-      const parsed = UpsertVerifiedChannelIpcResponseSchema.parse(result);
-      // The gateway refused the actor (blocked/revoked): do NOT mirror an
-      // active local channel for an actor the gateway has denied.
-      if (!parsed.verified) {
-        log.warn(
-          { sourceChannel: params.sourceChannel },
-          "Gateway refused the channel activation; skipping the local mirror",
-        );
-        return { status: "refused" };
-      }
-      gatewayChannelId = parsed.channel?.id;
-    } catch (err) {
-      // Fail-open: the gateway write may or may not have landed. Proceed to the
-      // local mirror so a transient outage never drops a legitimate activation.
-      log.warn(
-        { err, sourceChannel: params.sourceChannel },
-        "upsert_verified_channel relay unavailable — failing open (local mirror still applies)",
-      );
-    }
-  }
-
-  const member = mirrorLocalActivation(params);
-  const memberId = member?.channel.id ?? gatewayChannelId;
-  if (!memberId) {
-    // No gateway channel (the relay threw or was skipped) AND no local mirror —
-    // no stable id to hand the caller. Surface as refused so the caller maps it
-    // to a non-redeemed outcome instead of crashing on a missing memberId.
-    log.error(
-      { sourceChannel: params.sourceChannel },
-      "Member activation produced no gateway channel and no local mirror; no memberId to return",
-    );
-    return { status: "refused" };
-  }
-  return { status: "activated", memberId, member };
-}
-
-/** Best-effort local mirror of the activation. Swallows failures. */
-function mirrorLocalActivation(
-  params: ActivateMemberChannelParams,
-): ContactWriteResult | null {
-  try {
-    return upsertContactChannel({
-      sourceChannel: params.sourceChannel,
-      externalUserId: params.externalUserId,
-      externalChatId: params.externalChatId,
-      displayName: params.displayName,
-      username: params.username,
-      role: "contact",
-      status: "active",
-      policy: params.policy ?? "allow",
-      inviteId: params.inviteId,
-      verifiedAt: params.verifiedAt,
-      verifiedVia: params.verifiedVia ?? "invite",
-      contactId: params.contactId,
-    });
-  } catch (err) {
-    log.error(
-      { err, sourceChannel: params.sourceChannel },
-      "Local activation mirror failed after gateway activation; gateway outcome stands",
-    );
-    return null;
-  }
-}
-
-// ── Revoke ───────────────────────────────────────────────────────────
-
-/**
- * Revoke a member channel gateway-first, then mirror the downgrade to the
- * assistant DB best-effort. The memberId may be a plain channel ID or the
- * composite contactId:channelId form revokeMember accepts.
- *
- * Returns the local ContactWriteResult so callers still get the native
- * contact/channel, or null when the local mirror produces no result.
- */
-export async function revokeMemberChannel(
-  memberId: string,
-  reason?: string,
-): Promise<ContactWriteResult | null> {
-  const channelId = memberId.includes(":") ? memberId.split(":")[1] : memberId;
-
-  // Always relay; the gateway owns the ACL outcome and mark_channel_revoked is
-  // idempotent (already-revoked → didWrite:false). Skipping on the local mirror
-  // status would suppress a needed revoke when the mirror lags the gateway.
-  const result = await ipcCallPersistent("mark_channel_revoked", {
-    contactChannelId: channelId,
-    reason,
-  });
-  const parsed = MarkChannelRevokedIpcResponseSchema.parse(result);
-  if (!parsed.ok) {
-    throw new Error("mark_channel_revoked relay returned ok: false");
-  }
-
-  return mirrorLocalRevoke(memberId, reason);
-}
-
-/** Best-effort local mirror of the revoke. Swallows failures. */
-function mirrorLocalRevoke(
-  memberId: string,
-  reason?: string,
-): ContactWriteResult | null {
-  try {
-    return revokeMember(memberId, reason);
-  } catch (err) {
-    log.error(
-      { err, memberId },
-      "Local revoke mirror failed after gateway revoke; gateway downgrade stands",
-    );
-    return null;
-  }
-}

package/src/daemon/conversation-notices.ts

@@ -1,60 +0,0 @@
-import type { ConversationNoticeEvent } from "../api/events/conversation-notice.js";
-
-export type PendingConversationNotice = Omit<
-  ConversationNoticeEvent,
-  "type" | "conversationId"
->;
-
-const MAX_TRACKED_CONVERSATIONS = 256;
-
-const pendingNotices = new Map<
-  string,
-  Map<string, PendingConversationNotice>
->();
-
-function touchConversation(
-  conversationId: string,
-): Map<string, PendingConversationNotice> {
-  const existing = pendingNotices.get(conversationId);
-  if (existing) {
-    pendingNotices.delete(conversationId);
-    pendingNotices.set(conversationId, existing);
-    return existing;
-  }
-  if (pendingNotices.size >= MAX_TRACKED_CONVERSATIONS) {
-    const oldest = pendingNotices.keys().next().value;
-    if (oldest !== undefined) pendingNotices.delete(oldest);
-  }
-  const next = new Map<string, PendingConversationNotice>();
-  pendingNotices.set(conversationId, next);
-  return next;
-}
-
-export function queueConversationNotice(
-  conversationId: string,
-  key: string,
-  notice: PendingConversationNotice,
-): void {
-  touchConversation(conversationId).set(key, notice);
-}
-
-export function drainConversationNotices(
-  conversationId: string,
-): ConversationNoticeEvent[] {
-  const notices = pendingNotices.get(conversationId);
-  if (!notices) return [];
-  pendingNotices.delete(conversationId);
-  return Array.from(notices.values(), (notice) => ({
-    type: "conversation_notice" as const,
-    conversationId,
-    ...notice,
-  }));
-}
-
-export function clearConversationNotices(conversationId: string): void {
-  pendingNotices.delete(conversationId);
-}
-
-export function resetConversationNoticesForTests(): void {
-  pendingNotices.clear();
-}

package/src/daemon/handlers/__tests__/config-channels.test.ts

@@ -1,225 +0,0 @@
-import { beforeEach, describe, expect, mock, test } from "bun:test";
-
-import type { GuardianDelivery } from "@vellumai/gateway-client";
-
-import type { ContactChannel } from "../../../contacts/types.js";
-
-let mockGuardians: GuardianDelivery[] | null = null;
-let mockBinding: { guardianExternalUserId: string; guardianDeliveryChatId: string } | null = null;
-let mockContactChannel: { channel: ContactChannel } | null = null;
-let mockChannel: ContactChannel | null = null;
-let mockGwContactChannels: Array<{ id: string; status: string; verifiedAt: number | null }> | null =
-  null;
-let ipcCalls: Array<{ method: string; payload: unknown }> = [];
-
-mock.module("../../../contacts/guardian-delivery-reader.js", () => ({
-  getGuardianDelivery: async (input?: { channelTypes?: string[] }) => {
-    if (mockGuardians == null) return null;
-    if (!input?.channelTypes) return mockGuardians;
-    return mockGuardians.filter((g) =>
-      input.channelTypes!.includes(g.channelType),
-    );
-  },
-}));
-
-mock.module("../../../contacts/contact-store.js", () => ({
-  findContactChannel: () => mockContactChannel,
-  findGuardianForChannel: () => null,
-  getChannelById: () => mockChannel,
-  getContact: () => ({ id: "contact-1", displayName: "Pat" }),
-}));
-
-mock.module("../../../contacts/contact-events.js", () => ({
-  emitContactChange: () => {},
-  onContactChange: () => {},
-}));
-
-mock.module("../../../ipc/gateway-client.js", () => ({
-  ipcCallPersistent: async (method: string, payload: unknown) => {
-    ipcCalls.push({ method, payload });
-    if (method === "contacts_get_rich") {
-      if (mockGwContactChannels == null) return { ok: true, contact: null };
-      return {
-        ok: true,
-        contact: {
-          id: "contact-1",
-          displayName: "Pat",
-          role: "contact",
-          interactionCount: 0,
-          createdAt: 0,
-          updatedAt: 0,
-          channels: mockGwContactChannels.map((c) => ({
-            id: c.id,
-            contactId: "contact-1",
-            type: "telegram",
-            address: "user-123",
-            isPrimary: true,
-            externalUserId: null,
-            status: c.status,
-            policy: "allow",
-            verifiedAt: c.verifiedAt,
-            verifiedVia: null,
-            lastSeenAt: null,
-            interactionCount: 0,
-            lastInteraction: null,
-            revokedReason: null,
-            blockedReason: null,
-          })),
-        },
-      };
-    }
-    return {
-      ok: true,
-      didWrite: true,
-      channel: {
-        id: "ch-1",
-        contactId: "contact-1",
-        type: "telegram",
-        address: "user-123",
-        status: "revoked",
-        revokedReason: "guardian_binding_revoked",
-      },
-    };
-  },
-  ipcCall: async () => null,
-}));
-
-mock.module("../../../runtime/channel-verification-service.js", () => ({
-  getGuardianBinding: () => mockBinding,
-  revokeBinding: () => true,
-  revokePendingSessions: () => {},
-  createOutboundSession: () => ({
-    sessionId: "sess",
-    secret: "code",
-    expiresAt: Date.now() + 1000,
-  }),
-  countRecentSendsToDestination: () => 0,
-  isGuardianBoundForChannel: async () => false,
-  updateSessionDelivery: () => {},
-}));
-
-mock.module("../../../runtime/verification-outbound-actions.js", () => ({
-  cancelOutbound: () => {},
-  deliverVerificationEmail: () => {},
-  deliverVerificationSlack: () => {},
-  deliverVerificationTelegram: () => {},
-  DESTINATION_RATE_WINDOW_MS: 1000,
-  MAX_SENDS_PER_DESTINATION_WINDOW: 5,
-  normalizeTelegramDestination: (d: string) => d,
-  resendOutbound: () => ({}),
-  startOutbound: async () => ({}),
-}));
-
-import {
-  revokeVerificationForChannel,
-  verifyTrustedContact,
-} from "../config-channels.js";
-
-function channel(overrides: Partial<ContactChannel> = {}): ContactChannel {
-  return {
-    id: "ch-1",
-    contactId: "contact-1",
-    type: "telegram",
-    address: "user-123",
-    isPrimary: true,
-    externalChatId: "chat-123",
-    // DB columns are intentionally a terminal state to prove the gates ignore
-    // them and read from the gateway delivery instead.
-    status: "revoked",
-    policy: {} as ContactChannel["policy"],
-    verifiedAt: null,
-    verifiedVia: null,
-    inviteId: null,
-    revokedReason: null,
-    blockedReason: null,
-    lastSeenAt: null,
-    interactionCount: 0,
-    lastInteraction: null,
-    updatedAt: null,
-    createdAt: 0,
-    ...overrides,
-  };
-}
-
-function delivery(overrides: Partial<GuardianDelivery> = {}): GuardianDelivery {
-  return {
-    channelType: "telegram",
-    contactId: "contact-1",
-    address: "user-123",
-    externalChatId: "chat-123",
-    status: "active",
-    verifiedAt: 1700000000,
-    ...overrides,
-  };
-}
-
-describe("revokeVerificationForChannel", () => {
-  beforeEach(() => {
-    mockGuardians = null;
-    mockBinding = { guardianExternalUserId: "user-123", guardianDeliveryChatId: "chat-123" };
-    mockContactChannel = { channel: channel() };
-    ipcCalls = [];
-  });
-
-  test("relays mark_channel_revoked when the gateway delivery is live", async () => {
-    mockGuardians = [delivery({ status: "active" })];
-    await revokeVerificationForChannel("telegram");
-    expect(ipcCalls.map((c) => c.method)).toContain("mark_channel_revoked");
-  });
-
-  test("skips a redundant revoke when the gateway delivery is already revoked", async () => {
-    // Local DB status is the live "active" here, but the gateway (SoT) says
-    // revoked — the gate must follow the gateway and not relay.
-    mockContactChannel = { channel: channel({ status: "active" }) };
-    mockGuardians = [delivery({ status: "revoked" })];
-    await revokeVerificationForChannel("telegram");
-    expect(ipcCalls.map((c) => c.method)).not.toContain("mark_channel_revoked");
-  });
-
-  test("skips the relay when the gateway has no delivery for the channel", async () => {
-    mockGuardians = [];
-    await revokeVerificationForChannel("telegram");
-    expect(ipcCalls.map((c) => c.method)).not.toContain("mark_channel_revoked");
-  });
-
-  test("skips the relay when the gateway is unreachable", async () => {
-    mockGuardians = null;
-    await revokeVerificationForChannel("telegram");
-    expect(ipcCalls.map((c) => c.method)).not.toContain("mark_channel_revoked");
-  });
-});
-
-describe("verifyTrustedContact already-verified gate", () => {
-  beforeEach(() => {
-    mockGuardians = null;
-    mockGwContactChannels = null;
-    mockChannel = channel();
-  });
-
-  test("short-circuits when the gateway contact channel is active and verified", async () => {
-    // Arbitrary trusted contact (non-guardian) — read from the contact-channel
-    // gateway read, which covers all contacts.
-    mockGwContactChannels = [
-      { id: "ch-1", status: "active", verifiedAt: 1700000000 },
-    ];
-    const result = await verifyTrustedContact("ch-1", "assistant-1");
-    expect(result.success).toBe(false);
-    expect(result.error).toBe("already_verified");
-  });
-
-  test("does not short-circuit when the gateway channel has no verifiedAt", async () => {
-    // DB column says verified, but the gateway channel is unverified — proceed.
-    mockChannel = channel({ status: "active", verifiedAt: 1700000000 });
-    mockGwContactChannels = [
-      { id: "ch-1", status: "pending", verifiedAt: null },
-    ];
-    const result = await verifyTrustedContact("ch-1", "assistant-1");
-    expect(result.error).not.toBe("already_verified");
-  });
-
-  test("does not short-circuit when the gateway has no matching channel", async () => {
-    mockGwContactChannels = [];
-    const result = await verifyTrustedContact("ch-1", "assistant-1");
-    expect(result.error).not.toBe("already_verified");
-  });
-});