@vellumai/assistant 0.10.2-dev.202606250318.5e7cfb0 → 0.10.2

package/src/providers/openai/api-error-normalization.ts

@@ -1,270 +0,0 @@
-import type OpenAI from "openai";
-
-/**
- * Normalized view of an OpenAI-compatible `APIError`. The SDK reads
- * `error.message` and renders bodies it can't parse as "(no body)", so
- * Django `{"detail": "..."}` payloads from the managed runtime proxy and
- * OpenRouter's nested `error.metadata.raw` get dropped. We capture the raw
- * non-2xx body in a `fetch` wrapper and reconstruct the useful fields here.
- */
-export interface NormalizedOpenAIAPIError {
-  message: string;
-  detail?: string;
-  requestId?: string;
-  apiErrorCode?: string;
-  apiErrorType?: string;
-  apiErrorParam?: string;
-  /**
-   * The captured raw upstream non-2xx body, verbatim (possibly truncated to
-   * MAX_CAPTURED_BODY_CHARS). Carried so callers can persist the actual
-   * provider payload for the inspector's Raw tab instead of only the
-   * extracted fields. Absent for retryable (429/5xx) errors, whose bodies
-   * `captureRawErrorBodyFetch` intentionally doesn't drain.
-   */
-  rawBody?: string;
-}
-
-const MAX_DETAIL_CHARS = 2000;
-const REQUEST_ID_HEADERS = [
-  "x-request-id",
-  "x-openrouter-request-id",
-  "openai-request-id",
-  "x-amzn-requestid",
-] as const;
-
-// The OpenAI SDK keeps only the `.error` key of a parsed JSON error body and
-// discards the rest, so a Django-proxy `{ "detail": … }` payload never reaches
-// the thrown APIError. captureRawErrorBodyFetch stashes the raw body in a
-// WeakMap keyed by the response's headers object — which the SDK passes through
-// to `APIError.headers` by reference — so it stays correlated to its own
-// request, with no shared provider state for concurrent calls to clobber. A
-// WeakMap (rather than a synthetic header) keeps the body out of the SDK's
-// debug header logging and is reclaimed automatically with the response.
-const capturedErrorBodies = new WeakMap<object, string>();
-// Bound the stored body so a huge HTML error page can't balloon memory; the
-// message is re-truncated to MAX_DETAIL_CHARS downstream anyway.
-const MAX_CAPTURED_BODY_CHARS = 16_384;
-
-/**
- * SDK `fetch` option that captures non-2xx response bodies. Install via the
- * OpenAI client `fetch` option; safe to share across requests and instances
- * because the captured body is keyed per-response in a WeakMap, not stored on
- * any shared field.
- */
-export const captureRawErrorBodyFetch = async (
-  url: RequestInfo | URL,
-  init?: RequestInit,
-): Promise<Response> => {
-  const res = await globalThis.fetch(url, init);
-  if (res.ok) return res;
-  // Don't drain bodies the SDK will retry: reading a large or slow upstream
-  // error page on every attempt would delay those retries and buffer the whole
-  // body. We still capture terminal (non-retryable) errors — that's where the
-  // actionable upstream detail lives (unsupported model, invalid key, malformed
-  // request, etc.).
-  if (sdkWillRetry(res)) return res;
-  // clone() so reading the body leaves the SDK's own read of `res` intact.
-  const body = await res
-    .clone()
-    .text()
-    .catch(() => undefined);
-  if (!body) return res;
-  capturedErrorBodies.set(
-    res.headers,
-    body.length > MAX_CAPTURED_BODY_CHARS
-      ? body.slice(0, MAX_CAPTURED_BODY_CHARS)
-      : body,
-  );
-  return res;
-};
-
-/**
- * Mirror the OpenAI SDK's `shouldRetry` predicate so this wrapper never drains
- * a body the SDK is about to retry. The SDK retries more than 429/5xx: an
- * explicit `x-should-retry` header (which also overrides 429/5xx to *not*
- * retry), plus 408 (request timeout) and 409 (lock timeout). Keep in sync with
- * `openai/client.js` `shouldRetry`.
- */
-function sdkWillRetry(res: Response): boolean {
-  const shouldRetryHeader = res.headers.get("x-should-retry");
-  if (shouldRetryHeader === "true") return true;
-  if (shouldRetryHeader === "false") return false;
-  return (
-    res.status === 408 ||
-    res.status === 409 ||
-    res.status === 429 ||
-    res.status >= 500
-  );
-}
-
-export function normalizeOpenAIAPIError(
-  error: InstanceType<typeof OpenAI.APIError>,
-  rawBody: string | undefined = readCapturedErrorBody(error.headers),
-): NormalizedOpenAIAPIError {
-  // Prefer the captured raw body (intact upstream payload) over the SDK's
-  // already-parsed `error.error`, which may have collapsed the detail. But if
-  // the captured body didn't parse as a JSON object — e.g. it was truncated
-  // past MAX_CAPTURED_BODY_CHARS into an invalid prefix — fall back to the
-  // SDK's parsed object so we don't drop code/type/param it already extracted.
-  const parsedRaw = parseBody(rawBody);
-  const sdkError = (error as { error?: unknown }).error;
-  const parsed = asRecord(parsedRaw) ?? sdkError ?? parsedRaw;
-  const body = extractBody(parsed);
-
-  const message =
-    body.message ||
-    stripLeadingStatus(error.message ?? "", error.status) ||
-    "Request failed";
-
-  const out: NormalizedOpenAIAPIError = { message };
-  if (body.detail && body.detail !== message) out.detail = body.detail;
-  const code = body.apiErrorCode ?? scalar((error as { code?: unknown }).code);
-  const type = body.apiErrorType ?? scalar((error as { type?: unknown }).type);
-  const param =
-    body.apiErrorParam ?? scalar((error as { param?: unknown }).param);
-  if (code) out.apiErrorCode = code;
-  if (type) out.apiErrorType = type;
-  if (param) out.apiErrorParam = param;
-  const requestId = readHeader(error.headers);
-  if (requestId) out.requestId = requestId;
-  if (rawBody) out.rawBody = rawBody;
-  return out;
-}
-
-export function formatNormalizedOpenAIAPIError(
-  providerLabel: string,
-  status: number | undefined,
-  n: NormalizedOpenAIAPIError,
-): string {
-  const statusLabel =
-    typeof status === "number" ? String(status) : "unknown status";
-  const extras = [
-    n.detail,
-    n.apiErrorCode && `code=${n.apiErrorCode}`,
-    n.apiErrorType && `type=${n.apiErrorType}`,
-    n.apiErrorParam && `param=${n.apiErrorParam}`,
-    n.requestId && `request_id=${n.requestId}`,
-  ].filter((v): v is string => Boolean(v));
-  const suffix = extras.length > 0 ? ` [${extras.join("; ")}]` : "";
-  return `${providerLabel} API error (${statusLabel}): ${n.message}${suffix}`;
-}
-
-interface BodyDetails {
-  message?: string;
-  detail?: string;
-  apiErrorCode?: string;
-  apiErrorType?: string;
-  apiErrorParam?: string;
-}
-
-function extractBody(body: unknown): BodyDetails {
-  if (typeof body === "string") return { message: trunc(body.trim()) };
-  const rec = asRecord(body);
-  if (!rec) return {};
-
-  // OpenAI/OpenRouter nest under `error`; Django puts `detail` at the top.
-  // A plain `error: "string"` is the whole message but may still carry
-  // sibling code/type/param, so fall through to the metadata extraction below.
-  const err = asRecord(rec.error) ?? rec;
-
-  let message =
-    str(rec.error) ?? str(err.message) ?? str(err.detail) ?? str(rec.detail);
-  let detail: string | undefined;
-
-  // OpenRouter: the real downstream error lives in metadata.raw while the
-  // top-level message is a generic "Provider returned error".
-  const meta = asRecord(err.metadata);
-  const raw = str(meta?.raw);
-  const provider = str(meta?.provider_name);
-  if (raw && message && /^provider returned error$/i.test(message)) {
-    message = raw;
-  } else if (raw && raw !== message) {
-    detail = raw;
-  }
-  if (provider) {
-    detail = detail
-      ? `${detail}; provider=${provider}`
-      : `provider=${provider}`;
-  }
-
-  return {
-    ...(message ? { message: trunc(message) } : {}),
-    ...(detail ? { detail: trunc(detail) } : {}),
-    ...withScalar("apiErrorCode", err.code ?? rec.code),
-    ...withScalar("apiErrorType", err.type ?? rec.type),
-    ...withScalar("apiErrorParam", err.param ?? rec.param),
-  };
-}
-
-function parseBody(raw: string | undefined): unknown {
-  const trimmed = raw?.trim();
-  if (!trimmed) return undefined;
-  try {
-    return JSON.parse(trimmed);
-  } catch {
-    return trimmed; // non-JSON body (HTML error page, plain text)
-  }
-}
-
-function stripLeadingStatus(
-  message: string,
-  status: number | undefined,
-): string {
-  const trimmed = message.trim();
-  // SDK sentinel for an unparseable/empty body — carries no signal, so let the
-  // caller fall back to "Request failed" rather than surface SDK phrasing.
-  if (/^\d*\s*status code \(no body\)$/i.test(trimmed)) return "";
-  if (typeof status !== "number") return trimmed;
-  return trimmed.replace(new RegExp(`^${status}\\s+`), "").trim() || trimmed;
-}
-
-function trunc(s: string): string {
-  return s.length > MAX_DETAIL_CHARS ? `${s.slice(0, MAX_DETAIL_CHARS)}…` : s;
-}
-
-function withScalar(key: keyof BodyDetails, value: unknown): BodyDetails {
-  const s = scalar(value);
-  return s ? { [key]: s } : {};
-}
-
-function scalar(value: unknown): string | undefined {
-  if (typeof value === "string" && value.length > 0) return value;
-  if (typeof value === "number" && Number.isFinite(value)) return String(value);
-  return undefined;
-}
-
-function str(value: unknown): string | undefined {
-  return typeof value === "string" && value.length > 0 ? value : undefined;
-}
-
-function asRecord(value: unknown): Record<string, unknown> | undefined {
-  return value && typeof value === "object"
-    ? (value as Record<string, unknown>)
-    : undefined;
-}
-
-function readHeader(headers: unknown): string | undefined {
-  return readHeaderValue(headers, REQUEST_ID_HEADERS);
-}
-
-function readHeaderValue(
-  headers: unknown,
-  names: readonly string[],
-): string | undefined {
-  if (!headers) return undefined;
-  const get = (headers as { get?: unknown }).get;
-  const getter = typeof get === "function" ? get.bind(headers) : undefined;
-  for (const name of names) {
-    const raw = getter
-      ? (getter(name) as string | null)
-      : (asRecord(headers)?.[name] ?? asRecord(headers)?.[name.toLowerCase()]);
-    if (typeof raw === "string" && raw.length > 0) return raw;
-  }
-  return undefined;
-}
-
-function readCapturedErrorBody(headers: unknown): string | undefined {
-  return headers && typeof headers === "object"
-    ? capturedErrorBodies.get(headers)
-    : undefined;
-}

package/src/runtime/__tests__/channel-verification-service.test.ts

@@ -1,133 +0,0 @@
-import { beforeEach, describe, expect, mock, test } from "bun:test";
-
-// Gateway guardian-delivery list drives both getGuardianBinding and isGuardian:
-// null = couldn't determine, [] = authoritative unbound, one active entry =
-// bound. Tests set this to mirror the gateway-owned ACL state.
-let mockGuardianList: Array<Record<string, unknown>> | null = [];
-const cachedCalls: Array<{ channelTypes?: string[] } | undefined> = [];
-
-const resolveList = (input?: { channelTypes?: string[] }) => {
-  cachedCalls.push(input);
-  return Promise.resolve(mockGuardianList);
-};
-
-mock.module("../../contacts/guardian-delivery-reader.js", () => ({
-  getGuardianDelivery: resolveList,
-  getGuardianDeliveryFresh: resolveList,
-  guardianForChannel: (
-    list: Array<{ channelType: string; status: string }>,
-    channelType: string,
-  ) => list.find((g) => g.channelType === channelType && g.status === "active"),
-}));
-
-const { getGuardianBinding, isGuardian } = await import(
-  "../channel-verification-service.js"
-);
-
-const TELEGRAM_DELIVERY = {
-  channelType: "telegram",
-  contactId: "contact-1",
-  principalId: "principal-1",
-  displayName: "Guardian",
-  address: "guardian-handle",
-  externalChatId: "chat-1",
-  status: "active",
-  verifiedAt: 1700,
-};
-
-describe("getGuardianBinding", () => {
-  beforeEach(() => {
-    mockGuardianList = [];
-    cachedCalls.length = 0;
-  });
-
-  test("filters delivery by the requested channel type", async () => {
-    await getGuardianBinding("asst-1", "telegram");
-    expect(cachedCalls).toEqual([{ channelTypes: ["telegram"] }]);
-  });
-
-  test("returns null when no guardian is bound", async () => {
-    mockGuardianList = [];
-    expect(await getGuardianBinding("asst-1", "telegram")).toBeNull();
-  });
-
-  test("returns null when the gateway is unreachable", async () => {
-    mockGuardianList = null;
-    expect(await getGuardianBinding("asst-1", "telegram")).toBeNull();
-  });
-
-  test("synthesizes the binding from the gateway delivery", async () => {
-    mockGuardianList = [TELEGRAM_DELIVERY];
-
-    const binding = await getGuardianBinding("asst-1", "telegram");
-
-    expect(binding).not.toBeNull();
-    expect(binding?.assistantId).toBe("asst-1");
-    expect(binding?.channel).toBe("telegram");
-    expect(binding?.id).toBe("contact-1");
-    expect(binding?.guardianPrincipalId).toBe("principal-1");
-    expect(binding?.guardianExternalUserId).toBe("guardian-handle");
-    expect(binding?.guardianDeliveryChatId).toBe("chat-1");
-    expect(binding?.verifiedAt).toBe(1700);
-    expect(binding?.status).toBe("active");
-    expect(binding?.verifiedVia).toBe("verified");
-  });
-
-  test("falls back to empty strings for absent optional delivery fields", async () => {
-    mockGuardianList = [
-      {
-        channelType: "telegram",
-        contactId: "contact-2",
-        address: "addr",
-        status: "active",
-      },
-    ];
-
-    const binding = await getGuardianBinding("asst-1", "telegram");
-
-    expect(binding?.guardianPrincipalId).toBe("");
-    expect(binding?.guardianDeliveryChatId).toBe("");
-    expect(binding?.verifiedAt).toBe(0);
-  });
-
-  test("ignores deliveries for a different channel", async () => {
-    mockGuardianList = [TELEGRAM_DELIVERY];
-    expect(await getGuardianBinding("asst-1", "phone")).toBeNull();
-  });
-});
-
-describe("isGuardian", () => {
-  beforeEach(() => {
-    mockGuardianList = [];
-    cachedCalls.length = 0;
-  });
-
-  test("returns true when the address matches the gateway guardian", async () => {
-    mockGuardianList = [TELEGRAM_DELIVERY];
-    expect(await isGuardian("asst-1", "telegram", "guardian-handle")).toBe(true);
-  });
-
-  test("compares case-insensitively", async () => {
-    mockGuardianList = [TELEGRAM_DELIVERY];
-    expect(await isGuardian("asst-1", "telegram", "GUARDIAN-HANDLE")).toBe(true);
-  });
-
-  test("returns false for a non-matching address", async () => {
-    mockGuardianList = [TELEGRAM_DELIVERY];
-    expect(await isGuardian("asst-1", "telegram", "someone-else")).toBe(false);
-  });
-
-  test("returns false when no guardian is bound", async () => {
-    mockGuardianList = [];
-    expect(await isGuardian("asst-1", "telegram", "guardian-handle")).toBe(
-      false,
-    );
-  });
-
-  test("returns false when the gateway is unreachable", async () => {
-    mockGuardianList = null;
-    expect(await isGuardian("asst-1", "telegram", "guardian-handle")).toBe(
-      false,
-    );
-  });
-});

package/src/runtime/__tests__/guardian-vellum-migration.test.ts

@@ -1,181 +0,0 @@
-/**
- * Unit tests for the narrow reset-drift trust-recovery helper
- * `reResolveTrustOnResetDrift`.
- *
- * The real helper runs against mocked leaf deps: the gateway guardian read
- * (`getGuardianDelivery`/`guardianForChannel`), the local-mirror heal
- * (`findGuardianForChannel`/`updateContactPrincipalAndChannel`, which the real
- * `healGuardianBindingDrift` drives), and the local trust resolver
- * (`resolveTrustContext`). Heal invocations are observed via the contact-store
- * write mock.
- */
-import { beforeEach, describe, expect, mock, test } from "bun:test";
-
-mock.module("../../util/logger.js", () => ({
-  getLogger: () =>
-    new Proxy({} as Record<string, unknown>, { get: () => () => {} }),
-}));
-
-let mockGuardianList: Array<Record<string, unknown>> | null = [];
-
-mock.module("../../contacts/guardian-delivery-reader.js", () => ({
-  getGuardianDelivery: async () => mockGuardianList,
-  guardianForChannel: (
-    list: Array<Record<string, unknown>>,
-    channelType: string,
-  ) => list.find((g) => g.channelType === channelType && g.status === "active"),
-}));
-
-// Local mirror the real heal reads/writes. `findGuardianForChannel` returns the
-// stored guardian; `updateContactPrincipalAndChannel` records heal writes.
-let mockLocalGuardian: {
-  contact: { id: string; principalId: string };
-  channel: { id: string };
-} | null = null;
-const healWrites: Array<{ principalId: string }> = [];
-
-mock.module("../../contacts/contact-store.js", () => ({
-  findGuardianForChannel: () => mockLocalGuardian,
-  updateContactPrincipalAndChannel: (
-    _contactId: string,
-    _channelId: string,
-    principalId: string,
-  ) => {
-    healWrites.push({ principalId });
-    return true;
-  },
-}));
-
-// The local trust resolver returns guardian for the actor; the gate threads
-// sourceChannel via the real withSourceChannel wrapper.
-mock.module("../../runtime/trust-context-resolver.js", () => ({
-  resolveTrustContext: (input: { actorExternalId?: string }) => ({
-    trustClass: "guardian",
-    sourceChannel: "vellum",
-    resolvedActor: input.actorExternalId,
-  }),
-  withSourceChannel: (sourceChannel: unknown, ctx: Record<string, unknown>) => ({
-    ...ctx,
-    sourceChannel,
-  }),
-}));
-
-const { reResolveTrustOnResetDrift } = await import(
-  "../guardian-vellum-migration.js"
-);
-
-function gatewayGuardian(principalId: string): Record<string, unknown> {
-  return {
-    channelType: "vellum",
-    contactId: "guardian-contact",
-    principalId,
-    address: principalId,
-    status: "active",
-  };
-}
-
-function localGuardian(principalId: string) {
-  return {
-    contact: { id: "contact-1", principalId },
-    channel: { id: "channel-1" },
-  };
-}
-
-describe("reResolveTrustOnResetDrift", () => {
-  beforeEach(() => {
-    mockGuardianList = [];
-    mockLocalGuardian = null;
-    healWrites.length = 0;
-  });
-
-  test("reset drift: heals and returns the re-resolved guardian ctx", async () => {
-    // Stale local mirror still holds the pre-reset principal; the incoming JWT
-    // carries the old one. Heal repairs the mirror toward the incoming actor.
-    mockGuardianList = [gatewayGuardian("vellum-principal-new")];
-    mockLocalGuardian = localGuardian("vellum-principal-stale");
-
-    const ctx = await reResolveTrustOnResetDrift(
-      "vellum-principal-old",
-      "vellum",
-    );
-
-    expect(ctx?.trustClass).toBe("guardian");
-    expect(healWrites).toEqual([{ principalId: "vellum-principal-old" }]);
-  });
-
-  test("repeat drift where heal no-ops still returns the guardian ctx", async () => {
-    // Local mirror already matches the incoming principal, so heal's write is
-    // skipped, but the gate still passes and the re-resolve yields guardian.
-    mockGuardianList = [gatewayGuardian("vellum-principal-new")];
-    mockLocalGuardian = localGuardian("vellum-principal-old");
-
-    const ctx = await reResolveTrustOnResetDrift(
-      "vellum-principal-old",
-      "vellum",
-    );
-
-    expect(ctx?.trustClass).toBe("guardian");
-    expect(healWrites).toEqual([]);
-  });
-
-  test("gateway unreachable (null): returns null, heal not called", async () => {
-    mockGuardianList = null;
-    mockLocalGuardian = localGuardian("vellum-principal-old");
-
-    const ctx = await reResolveTrustOnResetDrift(
-      "vellum-principal-old",
-      "vellum",
-    );
-
-    expect(ctx).toBeNull();
-    expect(healWrites).toEqual([]);
-  });
-
-  test("empty/revoked gateway (no active guardian): returns null, heal not called", async () => {
-    mockGuardianList = [];
-    mockLocalGuardian = localGuardian("vellum-principal-old");
-
-    const ctx = await reResolveTrustOnResetDrift(
-      "vellum-principal-old",
-      "vellum",
-    );
-
-    expect(ctx).toBeNull();
-    expect(healWrites).toEqual([]);
-  });
-
-  test("gateway guardian is a real (non vellum-principal-*) id: returns null", async () => {
-    mockGuardianList = [gatewayGuardian("user@example.com")];
-    mockLocalGuardian = localGuardian("vellum-principal-old");
-
-    const ctx = await reResolveTrustOnResetDrift(
-      "vellum-principal-old",
-      "vellum",
-    );
-
-    expect(ctx).toBeNull();
-    expect(healWrites).toEqual([]);
-  });
-
-  test("incoming principal is not vellum-principal-*: returns null", async () => {
-    mockGuardianList = [gatewayGuardian("vellum-principal-new")];
-    mockLocalGuardian = localGuardian("vellum-principal-old");
-
-    const ctx = await reResolveTrustOnResetDrift("user@example.com", "vellum");
-
-    expect(ctx).toBeNull();
-    expect(healWrites).toEqual([]);
-  });
-
-  test("threads sourceChannel into the returned ctx", async () => {
-    mockGuardianList = [gatewayGuardian("vellum-principal-new")];
-    mockLocalGuardian = localGuardian("vellum-principal-old");
-
-    const ctx = await reResolveTrustOnResetDrift(
-      "vellum-principal-old",
-      "telegram",
-    );
-
-    expect(ctx?.sourceChannel).toBe("telegram");
-  });
-});

package/src/runtime/__tests__/is-guardian-bound-for-channel.test.ts

@@ -1,66 +0,0 @@
-import { beforeEach, describe, expect, mock, test } from "bun:test";
-
-// Gateway guardian-delivery list: null = couldn't determine (transport failure
-// OR gateway-side resolver/DB error), [] = authoritative unbound, one active
-// entry = bound.
-let mockGuardianList: Array<Record<string, unknown>> | null = [];
-const freshCalls: Array<{ channelTypes?: string[] } | undefined> = [];
-
-mock.module("../../contacts/guardian-delivery-reader.js", () => ({
-  // Existence guard reads fresh (uncached); the binding/identity reads use the
-  // cached variant. The service imports both, so both must be stubbed.
-  getGuardianDeliveryFresh: (input?: { channelTypes?: string[] }) => {
-    freshCalls.push(input);
-    return Promise.resolve(mockGuardianList);
-  },
-  getGuardianDelivery: () => Promise.resolve(mockGuardianList),
-  guardianForChannel: (
-    list: Array<{ channelType: string; status: string }>,
-    channelType: string,
-  ) => list.find((g) => g.channelType === channelType && g.status === "active"),
-}));
-
-const { isGuardianBoundForChannel } = await import(
-  "../channel-verification-service.js"
-);
-
-describe("isGuardianBoundForChannel", () => {
-  beforeEach(() => {
-    mockGuardianList = [];
-    freshCalls.length = 0;
-  });
-
-  test("reads fresh so a stale cached empty list can't mask a present guardian", async () => {
-    await isGuardianBoundForChannel("telegram");
-    expect(freshCalls).toEqual([{ channelTypes: ["telegram"] }]);
-  });
-
-  test("returns false when no guardian is bound", async () => {
-    mockGuardianList = [];
-    expect(await isGuardianBoundForChannel("telegram")).toBe(false);
-  });
-
-  test("returns true when a guardian is bound", async () => {
-    mockGuardianList = [{ channelType: "telegram", status: "active" }];
-    expect(await isGuardianBoundForChannel("telegram")).toBe(true);
-  });
-
-  test("null list (gateway unreachable) is treated as bound", async () => {
-    mockGuardianList = null;
-    expect(await isGuardianBoundForChannel("telegram")).toBe(true);
-  });
-
-  test("gateway resolver error (null, not []) is treated as bound — no duplicate", async () => {
-    // A gateway-side DB/resolver error now reaches the reader as null (the
-    // handler no longer swallows it into an empty list), so the guard's
-    // null fail-safe applies and reports bound instead of mis-reading the
-    // error as "no guardian" and allowing a duplicate binding.
-    mockGuardianList = null;
-    expect(await isGuardianBoundForChannel("telegram")).toBe(true);
-  });
-
-  test("genuine empty ([], not null) reports unbound so first-bind is allowed", async () => {
-    mockGuardianList = [];
-    expect(await isGuardianBoundForChannel("telegram")).toBe(false);
-  });
-});