@vellumai/assistant 0.10.3 → 0.10.4-staging.1

package/src/__tests__/trusted-contact-approval-notifier.test.ts

@@ -57,12 +57,9 @@ mock.module("../runtime/gateway-client.js", () => ({
 }));
 
 // ── Guardian binding mock ──
-// mockGuardianContact controls what findGuardianForChannel returns.
-// When non-null, it should look like { contact: { displayName: "..." }, channel: { ... } }.
-let mockGuardianContact: {
-  contact: { displayName: string };
-  channel: Record<string, unknown>;
-} | null = null;
+// mockGuardianDelivery controls what the gateway guardian-delivery reader
+// returns for the source channel; non-null carries at least a displayName.
+let mockGuardianDelivery: { displayName: string } | null = null;
 
 mock.module("../runtime/channel-verification-service.js", () => ({
   getGuardianBinding: () => null,
@@ -82,9 +79,17 @@ mock.module("../runtime/channel-verification-service.js", () => ({
   }),
 }));
 
-// ── Contact store mock ──
-mock.module("../contacts/contact-store.js", () => ({
-  findGuardianForChannel: () => mockGuardianContact,
+// ── Guardian delivery reader mock ──
+mock.module("../contacts/guardian-delivery-reader.js", () => ({
+  getGuardianDelivery: async (input?: { channelTypes?: string[] }) => {
+    if (!mockGuardianDelivery) return [];
+    const channelType = input?.channelTypes?.[0] ?? "telegram";
+    return [{ channelType, status: "active", ...mockGuardianDelivery }];
+  },
+  guardianForChannel: (
+    list: Array<{ channelType: string; status: string }>,
+    channelType: string,
+  ) => list.find((g) => g.channelType === channelType && g.status === "active"),
 }));
 
 // ── Pending interactions mock ──
@@ -126,7 +131,10 @@ mock.module("../prompts/user-reference.js", () => ({
 
 // Import module under test AFTER mocks are set up
 import type { ChannelId } from "../channels/types.js";
-import { findGuardianForChannel } from "../contacts/contact-store.js";
+import {
+  getGuardianDelivery,
+  guardianForChannel,
+} from "../contacts/guardian-delivery-reader.js";
 import type { TrustContext } from "../daemon/trust-context.js";
 import { resolveGuardianName } from "../prompts/user-reference.js";
 
@@ -197,9 +205,14 @@ async function simulateNotifierPoll(params: {
 
   notifiedRequestIds.set(info.requestId, conversationId);
 
-  // Resolve guardian name via the contacts-based approach
-  const guardian = findGuardianForChannel(params.sourceChannel);
-  const guardianName = resolveGuardianName(guardian?.contact.displayName);
+  // Resolve guardian name via the gateway guardian-delivery reader
+  const guardians = await getGuardianDelivery({
+    channelTypes: [params.sourceChannel],
+  });
+  const guardian = guardians
+    ? guardianForChannel(guardians, params.sourceChannel)
+    : undefined;
+  const guardianName = resolveGuardianName(guardian?.displayName ?? undefined);
 
   const waitingText = `Waiting for ${guardianName}'s approval...`;
 
@@ -225,7 +238,7 @@ describe("trusted-contact pending-approval notifier", () => {
     deliveredReplies.length = 0;
     deliverShouldFail = false;
     mockPendingApprovals = [];
-    mockGuardianContact = null;
+    mockGuardianDelivery = null;
   });
 
   test("sends waiting message to trusted contact when pending approval exists", async () => {
@@ -238,10 +251,7 @@ describe("trusted-contact pending-approval notifier", () => {
       },
     ];
 
-    mockGuardianContact = {
-      contact: { displayName: "Mom" },
-      channel: {},
-    };
+    mockGuardianDelivery = { displayName: "Mom" };
 
     const notified = new Map<string, string>();
     const sent = await simulateNotifierPoll({
@@ -273,10 +283,7 @@ describe("trusted-contact pending-approval notifier", () => {
       },
     ];
 
-    mockGuardianContact = {
-      contact: { displayName: "Guardian User" },
-      channel: {},
-    };
+    mockGuardianDelivery = { displayName: "Guardian User" };
 
     const notified = new Map<string, string>();
     await simulateNotifierPoll({
@@ -306,10 +313,7 @@ describe("trusted-contact pending-approval notifier", () => {
     ];
 
     // Guardian contact exists but has an empty displayName
-    mockGuardianContact = {
-      contact: { displayName: "" },
-      channel: {},
-    };
+    mockGuardianDelivery = { displayName: "" };
 
     const notified = new Map<string, string>();
     await simulateNotifierPoll({
@@ -338,7 +342,7 @@ describe("trusted-contact pending-approval notifier", () => {
       },
     ];
 
-    mockGuardianContact = null;
+    mockGuardianDelivery = null;
 
     const notified = new Map<string, string>();
     await simulateNotifierPoll({
@@ -367,10 +371,7 @@ describe("trusted-contact pending-approval notifier", () => {
       },
     ];
 
-    mockGuardianContact = {
-      contact: { displayName: "Guardian" },
-      channel: {},
-    };
+    mockGuardianDelivery = { displayName: "Guardian" };
 
     const notified = new Map<string, string>();
     const baseParams = {
@@ -395,10 +396,7 @@ describe("trusted-contact pending-approval notifier", () => {
   });
 
   test("sends separate messages for different requestIds", async () => {
-    mockGuardianContact = {
-      contact: { displayName: "Guardian" },
-      channel: {},
-    };
+    mockGuardianDelivery = { displayName: "Guardian" };
 
     const notified = new Map<string, string>();
     const baseParams = {
@@ -437,10 +435,7 @@ describe("trusted-contact pending-approval notifier", () => {
   });
 
   test("concurrent pollers for different conversations do not evict each other", async () => {
-    mockGuardianContact = {
-      contact: { displayName: "Guardian" },
-      channel: {},
-    };
+    mockGuardianDelivery = { displayName: "Guardian" };
 
     // Shared dedupe map simulating the module-level global
     const notified = new Map<string, string>();
@@ -589,10 +584,7 @@ describe("trusted-contact pending-approval notifier", () => {
       },
     ];
 
-    mockGuardianContact = {
-      contact: { displayName: "Guardian" },
-      channel: {},
-    };
+    mockGuardianDelivery = { displayName: "Guardian" };
 
     const notified = new Map<string, string>();
     const baseParams = {
@@ -647,10 +639,7 @@ describe("trusted-contact pending-approval notifier", () => {
       },
     ];
 
-    mockGuardianContact = {
-      contact: { displayName: "Sarah" },
-      channel: {},
-    };
+    mockGuardianDelivery = { displayName: "Sarah" };
 
     const notified = new Map<string, string>();
     await simulateNotifierPoll({
@@ -679,10 +668,7 @@ describe("trusted-contact pending-approval notifier", () => {
       },
     ];
 
-    mockGuardianContact = {
-      contact: { displayName: "   " },
-      channel: {},
-    };
+    mockGuardianDelivery = { displayName: "   " };
 
     const notified = new Map<string, string>();
     await simulateNotifierPoll({

package/src/__tests__/trusted-contact-inline-approval-integration.test.ts

@@ -157,7 +157,6 @@ mock.module("../config/env.js", () => ({
 import { applyCanonicalGuardianDecision } from "../approvals/guardian-decision-primitive.js";
 import type { ActorContext } from "../approvals/guardian-request-resolvers.js";
 import { getResolver } from "../approvals/guardian-request-resolvers.js";
-import { upsertContactChannel } from "../contacts/contacts-write.js";
 import type { TrustContext } from "../daemon/trust-context.js";
 import {
   createCanonicalGuardianRequest,
@@ -176,6 +175,7 @@ import {
   waitForInlineGrant,
 } from "../tools/tool-approval-handler.js";
 import type { ToolContext, ToolLifecycleEvent } from "../tools/types.js";
+import { seedContactChannel } from "./helpers/seed-contact-channel.js";
 
 await initializeDb();
 
@@ -1352,7 +1352,7 @@ describe("(g) access_request resolver: requester code delivery", () => {
 
   test("guardian-facing reply uses the requester's display name, not the raw ID", async () => {
     // Seed a contact so the resolver can resolve a display name.
-    upsertContactChannel({
+    seedContactChannel({
       sourceChannel: "slack",
       externalUserId: REQUESTER_UID,
       displayName: "Alice",

package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts

@@ -65,11 +65,13 @@ mock.module("../runtime/approval-message-composer.js", () => ({
 }));
 
 import { getResolver } from "../approvals/guardian-request-resolvers.js";
-import { upsertContactChannel } from "../contacts/contacts-write.js";
 import { createCanonicalGuardianRequest } from "../memory/canonical-guardian-store.js";
 import { getDb } from "../memory/db-connection.js";
 import { initializeDb } from "../memory/db-init.js";
-import { handleChannelInbound } from "./helpers/channel-test-adapter.js";
+import {
+  handleChannelInbound,
+  seedContactChannel,
+} from "./helpers/channel-test-adapter.js";
 import { createGuardianBinding } from "./helpers/create-guardian-binding.js";
 
 await initializeDb();
@@ -140,7 +142,7 @@ describe("trusted contact lifecycle notification signals", () => {
       guardianPrincipalId: "guardian-user-789",
       verifiedVia: "test",
     });
-    upsertContactChannel({
+    seedContactChannel({
       sourceChannel: "telegram",
       externalUserId: "guardian-user-789",
       externalChatId: "guardian-chat-789",
@@ -150,7 +152,7 @@ describe("trusted contact lifecycle notification signals", () => {
     });
 
     // Set up requester contact with a display name so payloads are enriched
-    upsertContactChannel({
+    seedContactChannel({
       sourceChannel: "telegram",
       externalUserId: "requester-user-456",
       externalChatId: "requester-chat-456",
@@ -234,7 +236,7 @@ describe("trusted contact lifecycle notification signals", () => {
       guardianPrincipalId: "guardian-user-789",
       verifiedVia: "test",
     });
-    upsertContactChannel({
+    seedContactChannel({
       sourceChannel: "telegram",
       externalUserId: "guardian-user-789",
       externalChatId: "guardian-chat-789",
@@ -244,7 +246,7 @@ describe("trusted contact lifecycle notification signals", () => {
     });
 
     // Set up requester contact with a display name
-    upsertContactChannel({
+    seedContactChannel({
       sourceChannel: "telegram",
       externalUserId: "requester-user-456",
       externalChatId: "requester-chat-456",
@@ -322,7 +324,7 @@ describe("trusted contact lifecycle notification signals", () => {
       guardianPrincipalId: "guardian-user-789",
       verifiedVia: "test",
     });
-    upsertContactChannel({
+    seedContactChannel({
       sourceChannel: "telegram",
       externalUserId: "guardian-user-789",
       externalChatId: "guardian-chat-789",

package/src/__tests__/trusted-contact-multichannel.test.ts

@@ -73,14 +73,16 @@ mock.module("../runtime/approval-message-composer.js", () => ({
 }));
 
 import { findContactChannel } from "../contacts/contact-store.js";
-import { upsertContactChannel } from "../contacts/contacts-write.js";
-import { getDb } from "../memory/db-connection.js";
+import { getDb, getSqlite } from "../memory/db-connection.js";
 import { initializeDb } from "../memory/db-init.js";
 import {
   createOutboundSession,
   validateAndConsumeVerification,
 } from "../runtime/channel-verification-service.js";
-import { handleChannelInbound } from "./helpers/channel-test-adapter.js";
+import {
+  handleChannelInbound,
+  seedContactChannel,
+} from "./helpers/channel-test-adapter.js";
 import { createGuardianBinding } from "./helpers/create-guardian-binding.js";
 
 await initializeDb();
@@ -253,7 +255,7 @@ for (const config of CHANNEL_CONFIGS) {
         expect(challengeResult.verificationType).toBe("trusted_contact");
       }
 
-      upsertContactChannel({
+      seedContactChannel({
         sourceChannel: config.channel,
         externalUserId: config.senderExternalUserId,
         externalChatId: config.externalChatId,
@@ -269,14 +271,21 @@ for (const config of CHANNEL_CONFIGS) {
       });
 
       expect(contactResult).not.toBeNull();
-      expect(contactResult!.channel.status).toBe("active");
-      expect(contactResult!.channel.policy).toBe("allow");
+      // Assert the gateway dual-write landed in the local ACL columns.
+      const acl = getSqlite()
+        .query("SELECT status, policy FROM contact_channels WHERE id = ?")
+        .get(contactResult!.channel.id) as {
+        status: string;
+        policy: string;
+      } | null;
+      expect(acl!.status).toBe("active");
+      expect(acl!.policy).toBe("allow");
       expect(contactResult!.channel.type).toBe(config.channel);
     });
 
     test("no cross-channel leakage between member records", () => {
       // Create a member for this channel
-      upsertContactChannel({
+      seedContactChannel({
         sourceChannel: config.channel,
         externalUserId: config.senderExternalUserId,
         externalChatId: config.externalChatId,

package/src/__tests__/trusted-contact-verification.test.ts

@@ -22,21 +22,27 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-import {
-  findContactChannel,
-  findGuardianForChannel,
-} from "../contacts/contact-store.js";
+import { and, desc, eq } from "drizzle-orm";
+
+import type { ChannelId } from "../channels/types.js";
+import { findContactChannel } from "../contacts/contact-store.js";
 import {
   revokeMember,
   upsertContactChannel,
 } from "../contacts/contacts-write.js";
+import type { ChannelStatus } from "../contacts/types.js";
 import { getDb } from "../memory/db-connection.js";
 import { initializeDb } from "../memory/db-init.js";
+import { contactChannels, contacts } from "../memory/schema.js";
 import { resolveActorTrust } from "../runtime/actor-trust-resolver.js";
 import {
   createOutboundSession,
   validateAndConsumeVerification,
 } from "../runtime/channel-verification-service.js";
+import {
+  __resetMemberVerdictCacheForTest,
+  setMemberVerdict,
+} from "../runtime/member-verdict-cache.js";
 import { createGuardianBinding } from "./helpers/create-guardian-binding.js";
 
 await initializeDb();
@@ -53,6 +59,48 @@ function resetTables(): void {
   db.run("DELETE FROM contacts");
 }
 
+// Mirror a warmed gateway verdict so the sync resolveActorTrust fallback
+// resolves the member with the given status; the local ACL columns are no
+// longer read.
+function warmMemberVerdict(
+  channelType: ChannelId,
+  address: string,
+  status: ChannelStatus = "unverified",
+): void {
+  const found = findContactChannel({ channelType, address });
+  if (!found) return;
+  setMemberVerdict(channelType, address, {
+    trustClass: "unknown",
+    canonicalSenderId: address,
+    contactId: found.contact.id,
+    channelId: found.channel.id,
+    status,
+    policy: "allow",
+  });
+}
+
+/**
+ * Read the local active guardian channel for a channel type, mirroring the
+ * gateway's role/status resolution. Used by assertions that confirm the local
+ * guardian binding state after verification flows.
+ */
+function localGuardianForChannel(channelType: string) {
+  const row = getDb()
+    .select({ contact: contacts, channel: contactChannels })
+    .from(contacts)
+    .innerJoin(contactChannels, eq(contacts.id, contactChannels.contactId))
+    .where(
+      and(
+        eq(contacts.role, "guardian"),
+        eq(contactChannels.type, channelType),
+        eq(contactChannels.status, "active"),
+      ),
+    )
+    .orderBy(desc(contactChannels.verifiedAt))
+    .get();
+  return row ? { contact: row.contact, channel: row.channel } : null;
+}
+
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -60,6 +108,7 @@ function resetTables(): void {
 describe("trusted contact verification → member activation", () => {
   beforeEach(() => {
     resetTables();
+    __resetMemberVerdictCacheForTest();
   });
 
   test("successful verification creates active member with allow policy", () => {
@@ -88,26 +137,24 @@ describe("trusted contact verification → member activation", () => {
       expect(result.verificationType).toBe("trusted_contact");
     }
 
-    // Simulate the member upsert that inbound-message-handler performs on success
+    // Simulate the member upsert that inbound-message-handler performs on
+    // success. The local mirror persists identity only; the gateway owns the
+    // ACL verdict, so the channel lands at the schema-default status.
     upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "requester-user-123",
       externalChatId: "requester-chat-123",
-      status: "active",
-      policy: "allow",
       displayName: "Requester Name",
       username: "requester_username",
     });
 
-    // Verify: active member record exists
+    // Verify: member identity record exists
     const contactResult = findContactChannel({
       channelType: "telegram",
       address: "requester-user-123",
     });
 
     expect(contactResult).not.toBeNull();
-    expect(contactResult!.channel.status).toBe("active");
-    expect(contactResult!.channel.policy).toBe("allow");
     expect(contactResult!.channel.address).toBe("requester-user-123");
     expect(contactResult!.channel.externalChatId).toBe("requester-chat-123");
     expect(contactResult!.contact.displayName).toBe("Requester Name");
@@ -119,11 +166,10 @@ describe("trusted contact verification → member activation", () => {
       sourceChannel: "telegram",
       externalUserId: "requester-user-jeff",
       externalChatId: "requester-chat-jeff",
-      status: "active",
-      policy: "allow",
       displayName: "Jeff",
       username: "jeff_handle",
     });
+    warmMemberVerdict("telegram", "requester-user-jeff");
 
     const trust = resolveActorTrust({
       assistantId: "self",
@@ -132,7 +178,9 @@ describe("trusted contact verification → member activation", () => {
       actorExternalId: "requester-user-jeff",
     });
 
-    expect(trust.trustClass).toBe("trusted_contact");
+    // The local mirror persists identity only; the schema-default status places
+    // the contact in the unverified_contact tier (gateway owns elevation).
+    expect(trust.trustClass).toBe("unverified_contact");
     expect(trust.actorMetadata.displayName).toBe("Jeff");
     expect(trust.actorMetadata.senderDisplayName).toBeUndefined();
     expect(trust.actorMetadata.memberDisplayName).toBe("Jeff");
@@ -147,11 +195,10 @@ describe("trusted contact verification → member activation", () => {
       sourceChannel: "telegram",
       externalUserId: "requester-user-jeff-priority",
       externalChatId: "requester-chat-jeff-priority",
-      status: "active",
-      policy: "allow",
       displayName: "Jeff",
       username: "jeff_handle",
     });
+    warmMemberVerdict("telegram", "requester-user-jeff-priority");
 
     const trust = resolveActorTrust({
       assistantId: "self",
@@ -162,7 +209,7 @@ describe("trusted contact verification → member activation", () => {
       actorDisplayName: "Jeffrey",
     });
 
-    expect(trust.trustClass).toBe("trusted_contact");
+    expect(trust.trustClass).toBe("unverified_contact");
     expect(trust.actorMetadata.displayName).toBe("Jeff");
     expect(trust.actorMetadata.senderDisplayName).toBe("Jeffrey");
     expect(trust.actorMetadata.memberDisplayName).toBe("Jeff");
@@ -179,8 +226,6 @@ describe("trusted contact verification → member activation", () => {
       sourceChannel: "telegram",
       externalUserId: "other-user-in-group",
       externalChatId: "shared-group-chat",
-      status: "active",
-      policy: "allow",
       displayName: "Other User",
       username: "other_handle",
     });
@@ -229,20 +274,17 @@ describe("trusted contact verification → member activation", () => {
       sourceChannel: "telegram",
       externalUserId: "requester-user-456",
       externalChatId: "requester-chat-456",
-      status: "active",
-      policy: "allow",
     });
 
-    // Simulate the ACL check that inbound-message-handler performs
+    // The local mirror persists the member identity; the gateway owns the ACL
+    // verdict the inbound handler enforces.
     const contactResult = findContactChannel({
       channelType: "telegram",
       address: "requester-user-456",
     });
 
     expect(contactResult).not.toBeNull();
-    expect(contactResult!.channel.status).toBe("active");
-    expect(contactResult!.channel.policy).toBe("allow");
-    // ACL check passes: member exists, is active, and has allow policy
+    expect(contactResult!.channel.address).toBe("requester-user-456");
   });
 
   test("member lookup is scoped by channel type", () => {
@@ -267,8 +309,6 @@ describe("trusted contact verification → member activation", () => {
       sourceChannel: "telegram",
       externalUserId: "user-cross-test",
       externalChatId: "chat-cross-test",
-      status: "active",
-      policy: "allow",
     });
 
     // Member should be found via contacts
@@ -277,7 +317,7 @@ describe("trusted contact verification → member activation", () => {
       address: "user-cross-test",
     });
     expect(contactResult).not.toBeNull();
-    expect(contactResult!.channel.status).toBe("active");
+    expect(contactResult!.channel.address).toBe("user-cross-test");
 
     // Member should NOT be found for a different channel type
     const otherChannel = findContactChannel({
@@ -287,31 +327,22 @@ describe("trusted contact verification → member activation", () => {
     expect(otherChannel).toBeNull();
   });
 
-  test("re-verification of previously revoked member reactivates them", () => {
-    // Create and activate a member
+  test("revokeMember resolves the member identity without mutating local ACL", () => {
+    // Create a member identity row.
     const member = upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "user-revoked",
       externalChatId: "chat-revoked",
-      status: "active",
-      policy: "allow",
       displayName: "Revoked User",
     });
 
-    // Revoke the member
-    const revoked = revokeMember(member!.channel.id, "testing revocation");
+    // The local revoke is a pure resolver now — the gateway owns the ACL
+    // downgrade; revokeMember returns the resolved native contact/channel.
+    const revoked = revokeMember(member!.channel.id);
     expect(revoked).not.toBeNull();
-    expect(revoked!.channel.status).toBe("revoked");
-
-    // Verify the member is indeed revoked (ACL would reject)
-    const revokedResult = findContactChannel({
-      channelType: "telegram",
-      address: "user-revoked",
-    });
-    expect(revokedResult).not.toBeNull();
-    expect(revokedResult!.channel.status).toBe("revoked");
+    expect(revoked!.channel.id).toBe(member!.channel.id);
 
-    // Guardian re-approves, new outbound session created
+    // Re-upsert on the same identity is idempotent on the identity row.
     const session = createOutboundSession({
       channel: "telegram",
       expectedExternalUserId: "user-revoked",
@@ -321,7 +352,6 @@ describe("trusted contact verification → member activation", () => {
       verificationPurpose: "trusted_contact",
     });
 
-    // Requester enters the new code
     const result = validateAndConsumeVerification(
       "telegram",
       session.secret,
@@ -333,23 +363,18 @@ describe("trusted contact verification → member activation", () => {
       expect(result.verificationType).toBe("trusted_contact");
     }
 
-    // upsertContactChannel reactivates the existing record
     upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "user-revoked",
       externalChatId: "chat-revoked",
-      status: "active",
-      policy: "allow",
     });
 
-    // Verify: member is now active again
-    const reactivatedResult = findContactChannel({
+    const reResolved = findContactChannel({
       channelType: "telegram",
       address: "user-revoked",
     });
-    expect(reactivatedResult).not.toBeNull();
-    expect(reactivatedResult!.channel.status).toBe("active");
-    expect(reactivatedResult!.channel.policy).toBe("allow");
+    expect(reResolved).not.toBeNull();
+    expect(reResolved!.channel.id).toBe(member!.channel.id);
   });
 
   test("trusted contact verification does NOT create a guardian binding", () => {
@@ -388,7 +413,7 @@ describe("trusted contact verification → member activation", () => {
     }
 
     // The original guardian binding should remain intact
-    const guardianResult = findGuardianForChannel("telegram");
+    const guardianResult = localGuardianForChannel("telegram");
     expect(guardianResult).not.toBeNull();
     expect(guardianResult!.channel.address).toBe("guardian-user-original");
   });
@@ -412,7 +437,7 @@ describe("trusted contact verification → member activation", () => {
       expect(result.verificationType).toBe("guardian");
     }
 
-    const guardianResult = findGuardianForChannel("telegram");
+    const guardianResult = localGuardianForChannel("telegram");
     expect(guardianResult).toBeNull();
   });
 });