@vellumai/assistant 0.10.3 → 0.10.4-staging.1

package/src/contacts/contacts-write.ts

@@ -6,50 +6,33 @@
  * identity and access-control state.
  */
 
-import { emitContactChange } from "./contact-events.js";
 import {
   findContactChannel,
-  findGuardianForChannel,
   getChannelById,
   getContact,
   getContactInternal,
-  updateChannelStatus,
   upsertContact,
 } from "./contact-store.js";
-import type {
-  ChannelPolicy,
-  ChannelStatus,
-  ContactRole,
-  ContactWriteResult,
-} from "./types.js";
+import type { ContactWriteResult } from "./types.js";
 
 // ── Guardian operations ──────────────────────────────────────────────
 
 /**
- * Revoke a guardian binding by updating the contacts table.
- * Returns true when a guardian channel was found and revoked, false otherwise.
+ * No-op shim: the guardian channel ACL revoke is gateway-owned (relayed via
+ * mark_channel_revoked). Retained while callers still invoke it; the return is
+ * discarded.
  */
-export function revokeGuardianBinding(channel: string): boolean {
-  // Local-store read, not the gateway: this read selects the row that the
-  // updateChannelStatus write below mutates, so it must stay transactionally
-  // consistent with that write. Leave for Combo 11 / gateway-bootstrap-binding.
-  const guardian = findGuardianForChannel(channel);
-  if (!guardian) return false;
-
-  updateChannelStatus(guardian.channel.id, {
-    status: "revoked",
-    revokedReason: "binding_revoked",
-  });
-  emitContactChange();
-  return true;
+export function revokeGuardianBinding(_channel: string): boolean {
+  return false;
 }
 
 // ── Member operations ────────────────────────────────────────────────
 
 /**
- * Upsert a contact and channel by writing to the contacts table.
- * Returns the native Contact + ContactChannel, or null if no usable
- * identity was provided or the lookup failed after upsert.
+ * Upsert a contact and channel identity by writing to the contacts table.
+ * Persists only identity/INFO — the gateway owns the ACL verdict. Returns the
+ * native Contact + ContactChannel, or null if no usable identity was provided
+ * or the lookup failed after upsert.
  */
 export function upsertContactChannel(params: {
   sourceChannel: string;
@@ -57,12 +40,7 @@ export function upsertContactChannel(params: {
   externalChatId?: string;
   displayName?: string;
   username?: string;
-  policy?: string;
-  status?: string;
   inviteId?: string;
-  verifiedAt?: number;
-  verifiedVia?: string;
-  role?: ContactRole;
   contactId?: string;
 }): ContactWriteResult | null {
   let address: string;
@@ -91,19 +69,12 @@ export function upsertContactChannel(params: {
   upsertContact({
     id: params.contactId,
     displayName,
-    role: params.role,
     channels: [
       {
         type: params.sourceChannel,
         address,
         externalChatId: params.externalChatId ?? null,
-        status: (params.status as ChannelStatus) ?? undefined,
-        policy: (params.policy as ChannelPolicy) ?? undefined,
         inviteId: params.inviteId ?? null,
-        revokedReason: params.status === "active" ? null : undefined,
-        blockedReason: params.status === "active" ? null : undefined,
-        verifiedAt: params.verifiedAt ?? undefined,
-        verifiedVia: params.verifiedVia ?? undefined,
       },
     ],
     // When a specific contactId is provided, reassign conflicting channels from
@@ -132,32 +103,21 @@ export function upsertContactChannel(params: {
 }
 
 /**
- * Revoke a contact channel by updating its status.
- * The memberId may be a plain channel ID (internal callers) or a composite
- * contactId:channelId (from the API response format).
+ * Resolve the native contact/channel for a member id. The ACL downgrade is
+ * gateway-owned (relayed via mark_channel_revoked); this no longer mutates
+ * local status. The memberId may be a plain channel ID (internal callers) or a
+ * composite contactId:channelId (from the API response format).
  */
-export function revokeMember(
-  memberId: string,
-  reason?: string,
-): ContactWriteResult | null {
+export function revokeMember(memberId: string): ContactWriteResult | null {
   const channelId = memberId.includes(":") ? memberId.split(":")[1] : memberId;
 
   const channelRow = getChannelById(channelId);
   if (!channelRow) return null;
-  if (channelRow.status !== "active" && channelRow.status !== "pending")
-    return null;
-
-  updateChannelStatus(channelId, {
-    status: "revoked",
-    revokedReason: reason ?? null,
-  });
 
-  // Use unscoped lookup — the contact was already resolved via channel ID
   const contact = getContactInternal(channelRow.contactId);
   if (!contact) return null;
-  const updatedChannel = contact.channels.find((ch) => ch.id === channelId);
-  if (!updatedChannel) return null;
+  const channel = contact.channels.find((ch) => ch.id === channelId);
+  if (!channel) return null;
 
-  emitContactChange();
-  return { contact, channel: updatedChannel };
+  return { contact, channel };
 }

package/src/contacts/gateway-channel-read.ts

@@ -0,0 +1,51 @@
+import { GetContactIpcResponseSchema } from "@vellumai/gateway-client/gateway-ipc-contracts";
+
+import { ipcCallPersistent } from "../ipc/gateway-client.js";
+import { getLogger } from "../util/logger.js";
+import type { ContactChannel } from "./types.js";
+
+const log = getLogger("gateway-channel-read");
+
+/**
+ * Read a contact channel's verified state from the gateway contact-channel read
+ * (ACL source of truth). Covers all contacts, not just guardian deliveries.
+ *
+ * Matches the gateway row by logical identity — `(type, address)`,
+ * case-insensitive — not by id, so a reconcile-divergent row that the gateway
+ * write helpers re-keyed under a different UUID is still found.
+ *
+ * Returns `undefined` for unreachable reads (gateway down, IPC timeout, schema
+ * mismatch) or when no such channel exists, so callers fail open.
+ */
+export async function gatewayContactChannelState(
+  channel: Pick<ContactChannel, "contactId" | "type" | "address">,
+): Promise<{ status: string; verifiedAt: number | null } | undefined> {
+  let result: unknown;
+  try {
+    result = await ipcCallPersistent("contacts_get_rich", {
+      contactId: channel.contactId,
+    });
+  } catch (err) {
+    log.warn(
+      { err, contactId: channel.contactId },
+      "contacts_get_rich unreachable — failing open",
+    );
+    return undefined;
+  }
+  if (!result || (result as { contact?: unknown }).contact == null) {
+    return undefined;
+  }
+  const parsed = GetContactIpcResponseSchema.safeParse(result);
+  if (!parsed.success) {
+    log.warn(
+      { err: parsed.error, contactId: channel.contactId },
+      "contacts_get_rich response failed schema parse — failing open",
+    );
+    return undefined;
+  }
+  const address = channel.address.toLowerCase();
+  const ch = parsed.data.contact.channels.find(
+    (c) => c.type === channel.type && c.address.toLowerCase() === address,
+  );
+  return ch ? { status: ch.status, verifiedAt: ch.verifiedAt } : undefined;
+}

package/src/contacts/member-write-relay.ts

@@ -47,13 +47,14 @@ export type ActivateMemberOutcome =
  * assistant DB best-effort. The gateway owns the ACL outcome; the local mirror
  * supplies the native contact/channel callers still wire downstream.
  *
- * A gateway failure fails open with a logged warning (matching the redemption
- * service's record_invite_redemption posture) so a transient gateway outage
- * never drops a legitimate activation — the local mirror still stands.
+ * A gateway write failure fails closed: the mirror is identity-only, so a
+ * gateway that did not persist the activation must surface as `refused` rather
+ * than reporting success off a local row the gateway never verified.
  *
  * Returns an `activated` outcome with a stable memberId on success, or
- * `refused` when the gateway denies the actor. A best-effort local-mirror
- * failure never downgrades a verified gateway activation.
+ * `refused` when the gateway denies the actor or the gateway write fails. A
+ * best-effort local-mirror failure never downgrades a verified gateway
+ * activation.
  */
 export async function activateMemberChannel(
   params: ActivateMemberChannelParams,
@@ -89,12 +90,14 @@ export async function activateMemberChannel(
       }
       gatewayChannelId = parsed.channel?.id;
     } catch (err) {
-      // Fail-open: the gateway write may or may not have landed. Proceed to the
-      // local mirror so a transient outage never drops a legitimate activation.
+      // Fail-closed: the gateway owns the ACL verdict and the local mirror is
+      // identity-only. If the gateway write did not land, the activation is not
+      // persisted to the source of truth, so we must not report success.
       log.warn(
         { err, sourceChannel: params.sourceChannel },
-        "upsert_verified_channel relay unavailable — failing open (local mirror still applies)",
+        "upsert_verified_channel relay failed — refusing activation (gateway write did not land)",
       );
+      return { status: "refused" };
     }
   }
 
@@ -113,7 +116,10 @@ export async function activateMemberChannel(
   return { status: "activated", memberId, member };
 }
 
-/** Best-effort local mirror of the activation. Swallows failures. */
+/**
+ * Best-effort local mirror of the activation. Swallows failures. Persists only
+ * the native contact/channel identity row — the gateway owns the ACL verdict.
+ */
 function mirrorLocalActivation(
   params: ActivateMemberChannelParams,
 ): ContactWriteResult | null {
@@ -124,12 +130,7 @@ function mirrorLocalActivation(
       externalChatId: params.externalChatId,
       displayName: params.displayName,
       username: params.username,
-      role: "contact",
-      status: "active",
-      policy: params.policy ?? "allow",
       inviteId: params.inviteId,
-      verifiedAt: params.verifiedAt,
-      verifiedVia: params.verifiedVia ?? "invite",
       contactId: params.contactId,
     });
   } catch (err) {
@@ -144,12 +145,13 @@ function mirrorLocalActivation(
 // ── Revoke ───────────────────────────────────────────────────────────
 
 /**
- * Revoke a member channel gateway-first, then mirror the downgrade to the
- * assistant DB best-effort. The memberId may be a plain channel ID or the
- * composite contactId:channelId form revokeMember accepts.
+ * Revoke a member channel gateway-first. The gateway owns the ACL outcome; the
+ * memberId may be a plain channel ID or the composite contactId:channelId form
+ * revokeMember accepts.
  *
- * Returns the local ContactWriteResult so callers still get the native
- * contact/channel, or null when the local mirror produces no result.
+ * Returns the locally-resolved native contact/channel for the revoked id, or
+ * null when no local row exists. The local read is best-effort and never gates
+ * the gateway-owned downgrade.
  */
 export async function revokeMemberChannel(
   memberId: string,
@@ -158,8 +160,8 @@ export async function revokeMemberChannel(
   const channelId = memberId.includes(":") ? memberId.split(":")[1] : memberId;
 
   // Always relay; the gateway owns the ACL outcome and mark_channel_revoked is
-  // idempotent (already-revoked → didWrite:false). Skipping on the local mirror
-  // status would suppress a needed revoke when the mirror lags the gateway.
+  // idempotent (already-revoked → didWrite:false). Skipping on the local row
+  // status would suppress a needed revoke when the local read lags the gateway.
   const result = await ipcCallPersistent("mark_channel_revoked", {
     contactChannelId: channelId,
     reason,
@@ -169,20 +171,12 @@ export async function revokeMemberChannel(
     throw new Error("mark_channel_revoked relay returned ok: false");
   }
 
-  return mirrorLocalRevoke(memberId, reason);
-}
-
-/** Best-effort local mirror of the revoke. Swallows failures. */
-function mirrorLocalRevoke(
-  memberId: string,
-  reason?: string,
-): ContactWriteResult | null {
   try {
-    return revokeMember(memberId, reason);
+    return revokeMember(memberId);
   } catch (err) {
     log.error(
       { err, memberId },
-      "Local revoke mirror failed after gateway revoke; gateway downgrade stands",
+      "Local revoke read failed after gateway revoke; gateway downgrade stands",
     );
     return null;
   }

package/src/contacts/types.ts

@@ -30,20 +30,12 @@ export interface Contact {
   displayName: string;
   /** Free-text notes about this contact (e.g. relationship, communication preferences). */
   notes: string | null;
+  role: ContactRole;
   lastInteraction: number | null;
   interactionCount: number;
   createdAt: number;
   updatedAt: number;
-  role: ContactRole;
   contactType: ContactType;
-  /**
-   * Internal auth identity (e.g. "vellum-principal-<uuid>"). Only meaningful
-   * for guardian contacts — it ties the contact record to the auth layer so
-   * the system can verify "this API caller IS this guardian" via JWT
-   * actorPrincipalId. Always null for non-guardian contacts, which are
-   * identified by channel address instead.
-   */
-  principalId: string | null;
   /** Workspace-relative path to a per-user persona file for this contact. */
   userFile: string | null;
 }
@@ -63,13 +55,9 @@ export interface ContactChannel {
   address: string;
   isPrimary: boolean;
   externalChatId: string | null;
-  status: ChannelStatus;
-  policy: ChannelPolicy;
-  verifiedAt: number | null;
-  verifiedVia: string | null;
   inviteId: string | null;
-  revokedReason: string | null;
-  blockedReason: string | null;
+  // INFO telemetry (not ACL): interaction stats written locally by the gateway's
+  // handle-inbound mirror. Model-facing turn context reads these.
   lastSeenAt: number | null;
   interactionCount: number;
   lastInteraction: number | null;

package/src/daemon/__tests__/conversation-tool-setup.test.ts

@@ -47,20 +47,6 @@ mock.module("../../runtime/assistant-event-hub.js", () => ({
   broadcastMessage: () => {},
 }));
 
-// Control the advisor profile gate to verify the advisor tool is wired to it.
-// The gate's own config semantics (default-on, active-profile fallback) are
-// covered by advisor-gate.test.ts; here we only assert the wiring and the
-// profile argument isToolActiveForContext passes through.
-let advisorGateResult = true;
-const advisorGateProfiles: (string | null)[] = [];
-
-mock.module("../../plugins/defaults/advisor/advisor-gate.js", () => ({
-  advisorEnabledForProfile: (profile: string | null) => {
-    advisorGateProfiles.push(profile);
-    return advisorGateResult;
-  },
-}));
-
 // Dynamic imports after mock.module calls so the stubs take effect
 // before the modules under test are loaded.
 const { HOST_TOOL_NAMES, HOST_TOOL_TO_CAPABILITY, isToolActiveForContext } =
@@ -611,36 +597,6 @@ describe("isToolActiveForContext — ask_question macOS gating", () => {
   });
 });
 
-describe("isToolActiveForContext — advisor profile gate", () => {
-  beforeEach(() => {
-    advisorGateResult = true;
-    advisorGateProfiles.length = 0;
-  });
-
-  test("advisor is active when the profile enables it", () => {
-    advisorGateResult = true;
-    expect(isToolActiveForContext("advisor", makeCtx())).toBe(true);
-  });
-
-  test("advisor is NOT active when the profile disables it", () => {
-    advisorGateResult = false;
-    expect(isToolActiveForContext("advisor", makeCtx())).toBe(false);
-  });
-
-  test("consults the gate with the per-turn override profile", () => {
-    isToolActiveForContext(
-      "advisor",
-      makeCtx({ currentTurnOverrideProfile: "cost-optimized" }),
-    );
-    expect(advisorGateProfiles).toEqual(["cost-optimized"]);
-  });
-
-  test("consults the gate with null when no per-turn override is set", () => {
-    isToolActiveForContext("advisor", makeCtx());
-    expect(advisorGateProfiles).toEqual([null]);
-  });
-});
-
 describe("HOST_TOOL_NAMES derivation", () => {
   test("HOST_TOOL_NAMES is derived from HOST_TOOL_TO_CAPABILITY", () => {
     // Sanity check: every tool in the names set has a capability mapping.

package/src/daemon/conversation-agent-loop-handlers.ts

@@ -29,6 +29,7 @@ import {
   getMessageById,
   messageMetadataSchema,
   provenanceFromTrustContext,
+  recordConversationPersistedSeq,
   reserveMessage,
   setConversationHistoryStrippedAt,
   setLastNotifiedInferenceProfile,
@@ -57,10 +58,7 @@ import type {
   ImageContent,
   Message,
 } from "../providers/types.js";
-import {
-  getCurrentSeq,
-  recordPersistedSeq,
-} from "../runtime/assistant-stream-state.js";
+import { getCurrentSeq } from "../runtime/assistant-stream-state.js";
 import { publishSyncInvalidation } from "../runtime/sync/sync-publisher.js";
 import { redactSecrets } from "../security/secret-scanner.js";
 import { extractDomain } from "../tools/network/domain-normalize.js";
@@ -104,6 +102,12 @@ import type {
 
 const log = getLogger("agent-loop-handlers");
 
+function shouldPersistProviderErrorAsAssistantMessage(classified: {
+  code: string;
+}): boolean {
+  return classified.code !== "MANAGED_KEY_INVALID";
+}
+
 /**
  * Persist the history-stripped marker after the loop strips runtime injections
  * for compaction / overflow recovery. The marker is a durability hint, not
@@ -163,6 +167,7 @@ export interface EventHandlerState {
   readonly exchangeRawResponses: unknown[];
   model: string;
   providerErrorUserMessage: string | null;
+  persistProviderErrorAsAssistantMessage: boolean;
   lastAssistantMessageId: string | undefined;
   /**
    * True when `handleLlmCallStarted` has reserved an empty assistant row
@@ -341,6 +346,7 @@ export function createEventHandlerState(): EventHandlerState {
     exchangeRawResponses: [],
     model: "",
     providerErrorUserMessage: null,
+    persistProviderErrorAsAssistantMessage: false,
     lastAssistantMessageId: undefined,
     assistantRowAwaitingFinalization: false,
     pendingToolResults: new Map(),
@@ -530,7 +536,7 @@ async function flushAccumulatedContent(
     // Record only after the write commits, so the snapshot seq never
     // claims content that is not yet durable.
     if (flushedSeq != null) {
-      recordPersistedSeq(deps.ctx.conversationId, flushedSeq);
+      recordConversationPersistedSeq(deps.ctx.conversationId, flushedSeq);
     }
   } catch (err) {
     deps.rlog.warn(
@@ -918,7 +924,7 @@ export function handleToolUse(
   // persisted seq to it. Without this the snapshot would advertise a seq below
   // an event it already incorporates, and a client applying `seq > snapshot.seq`
   // would replay this tool start.
-  recordPersistedSeq(deps.ctx.conversationId, getCurrentSeq());
+  recordConversationPersistedSeq(deps.ctx.conversationId, getCurrentSeq());
 }
 
 export function handleToolUsePreviewStart(
@@ -1136,7 +1142,7 @@ async function persistPendingToolResultRow(
     rowId,
     JSON.stringify(buildToolResultBlocks(state.pendingToolResults)),
   );
-  recordPersistedSeq(deps.ctx.conversationId, seq);
+  recordConversationPersistedSeq(deps.ctx.conversationId, seq);
   const conv = getConversation(deps.ctx.conversationId);
   if (conv != null) {
     syncMessageToDisk(deps.ctx.conversationId, rowId, conv.createdAt);
@@ -1618,6 +1624,8 @@ function handleError(
     buildConversationErrorMessage(deps.ctx.conversationId, classified),
   );
   state.providerErrorUserMessage = classified.userMessage;
+  state.persistProviderErrorAsAssistantMessage =
+    shouldPersistProviderErrorAsAssistantMessage(classified);
 }
 
 export function handleMaxTokensReached(
@@ -1816,10 +1824,14 @@ export async function handleMessageComplete(
   // delta's seq -- the highest stamped content event this row reflects -- so
   // recording it is honest. A drained tool result was stamped earlier in the
   // turn, so this seq already covers it; a call that streams no content (a
-  // pure tool call) advances instead via `tool_use_start`. `recordPersistedSeq`
-  // clamps monotonically, so a lower value here never regresses the seq.
+  // pure tool call) advances instead via `tool_use_start`.
+  // `recordConversationPersistedSeq` clamps monotonically, so a lower value
+  // here never regresses the seq.
   if (state.lastPersistedContentSeq != null) {
-    recordPersistedSeq(deps.ctx.conversationId, state.lastPersistedContentSeq);
+    recordConversationPersistedSeq(
+      deps.ctx.conversationId,
+      state.lastPersistedContentSeq,
+    );
   }
   // Reset the partial-persist mirror so subsequent calls in this turn
   // start with an empty running view.
@@ -2127,6 +2139,13 @@ function handleProviderError(
   deps: EventHandlerDeps,
   event: Extract<AgentEvent, { type: "provider_error" }>,
 ): void {
+  const classified = classifyConversationError(event.error, {
+    phase: "agent_loop",
+  });
+  if (!shouldPersistProviderErrorAsAssistantMessage(classified)) {
+    return;
+  }
+
   try {
     recordRequestLog(
       deps.ctx.conversationId,