@vellumai/assistant 0.3.13 → 0.3.15

package/src/notifications/README.md

@@ -154,9 +154,66 @@ The macOS/iOS client listens for this event and surfaces the thread in the sideb
 
 `emitNotificationSignal()` accepts an optional `onThreadCreated` callback. This lets producers run domain side effects (for example, creating cross-channel guardian delivery rows) as soon as vellum pairing occurs, without introducing a second thread-creation path.
 
+## Reminder Routing Metadata and Trigger-Time Enforcement
+
+Reminders carry optional routing metadata that controls how notifications fan out across channels when the reminder fires. This enables a single reminder to produce multi-channel delivery without requiring the user to create duplicate reminders per channel.
+
+### Routing Intent Model
+
+The `routing_intent` field on each reminder row specifies the desired channel coverage:
+
+| Intent | Behavior | When to use |
+|--------|----------|-------------|
+| `single_channel` | Default LLM-driven routing (no override) | Standard reminders where the decision engine picks the best channel |
+| `multi_channel` | Ensures delivery on 2+ channels when 2+ are connected | Important reminders the user wants on both desktop and phone |
+| `all_channels` | Forces delivery on every connected channel | Critical reminders that must reach the user everywhere |
+
+The default is `single_channel`, preserving backward compatibility. Routing intent is persisted in the `reminders` table (`routing_intent` column) and carried through the notification signal as `routingIntent`.
+
+### Routing Hints
+
+The `routing_hints` field is free-form JSON metadata passed alongside the routing intent. It flows through the signal as `routingHints` and is included in the decision engine prompt, allowing producers to communicate channel preferences or contextual hints without requiring schema changes.
+
+### Trigger-Time Enforcement Flow
+
+When a reminder fires, the routing metadata flows through the notification pipeline with a post-decision enforcement step:
+
+```
+Reminder fires (scheduler)
+  → emitNotificationSignal({ routingIntent, routingHints })
+    → Decision Engine (LLM selects channels)
+      → enforceRoutingIntent() (post-decision guard)
+        → Deterministic Checks
+          → Broadcaster → Adapters → Delivery
+```
+
+The `enforceRoutingIntent()` function in `decision-engine.ts` runs after the LLM produces its channel selection but before deterministic checks. It overrides the decision's `selectedChannels` based on the routing intent:
+
+- **`all_channels`**: Replaces `selectedChannels` with all connected channels (from `getConnectedChannels()`).
+- **`multi_channel`**: If the LLM selected fewer than 2 channels but 2+ are connected, expands `selectedChannels` to all connected channels.
+- **`single_channel`**: No override -- the LLM's selection stands.
+
+When enforcement changes the decision, the updated channel selection is re-persisted to the `notification_decisions` table so the stored decision matches what was actually dispatched. The `reasoningSummary` is annotated with the enforcement action (e.g. `[routing_intent=all_channels enforced: vellum, telegram, sms]`).
+
+### Single-Reminder Fanout
+
+A key design principle: **one reminder produces one notification signal that fans out to multiple channels**. The user never needs to create separate reminders for each channel. The routing intent metadata on the single reminder controls the fanout behavior, and the notification pipeline handles per-channel copy rendering, conversation pairing, and delivery through the existing adapter infrastructure.
+
+### Data Flow
+
+```
+reminders table (routing_intent, routing_hints_json)
+  → scheduler.ts: claimDueReminders() reads routing metadata
+    → lifecycle.ts: notifyReminder({ routingIntent, routingHints })
+      → emitNotificationSignal({ routingIntent, routingHints })
+        → signal.ts: NotificationSignal.routingIntent / routingHints
+          → decision-engine.ts: evaluateSignal() → enforceRoutingIntent()
+            → broadcaster.ts: fan-out to selected channel adapters
+```
+
 ## Channel Delivery Architecture
 
-The notification system delivers to two channel types:
+The notification system delivers to three channel types:
 
 ### Vellum (always connected)
 
@@ -172,12 +229,19 @@ The macOS/iOS client posts a native `UNUserNotificationCenter` notification from
 
 HTTP POST to the gateway's `/deliver/telegram` endpoint. The `TelegramAdapter` sends channel-native text (`deliveryText` when present) to the guardian's chat ID (resolved from the active guardian binding), with deterministic fallbacks when model copy is unavailable.
 
+### SMS (when guardian binding exists)
+
+HTTP POST to the gateway's `/deliver/sms` endpoint. The `SmsAdapter` follows the same pattern as the Telegram adapter: it resolves a phone number from the active guardian binding and sends text via the gateway, which forwards to the Twilio Messages API. The adapter resolves message text via a priority chain: `deliveryText` > `body` > `title` > humanized event name. The `assistantId` is threaded through the `ChannelDeliveryPayload` so the gateway can resolve the correct outbound phone number for multi-assistant deployments.
+
+SMS delivery is text-only (no MMS). Graceful degradation: when the gateway is unreachable or SMS is not configured, the adapter returns a failed `DeliveryResult` without throwing, so the broadcaster continues delivering to other channels.
+
 ### Channel Connectivity
 
 Connected channels are resolved at signal emission time by `getConnectedChannels()` in `emit-signal.ts`:
 
 - **Vellum** is always considered connected (IPC socket is always available when the daemon is running)
 - **Telegram** is considered connected only when an active guardian binding exists for the assistant (checked via `getActiveBinding()`)
+- **SMS** is considered connected only when an active guardian binding exists for the assistant (same check as Telegram)
 
 ## Conversation Materialization
 
@@ -211,6 +275,7 @@ For notification flows that create conversations, the conversation must be creat
 | `destination-resolver.ts` | Resolves per-channel endpoints (vellum IPC, Telegram chat ID) |
 | `adapters/macos.ts` | Vellum adapter -- broadcasts `notification_intent` via IPC with deep-link metadata |
 | `adapters/telegram.ts` | Telegram adapter -- POSTs to gateway `/deliver/telegram` |
+| `adapters/sms.ts` | SMS adapter -- POSTs to gateway `/deliver/sms` via Twilio Messages API |
 | `preference-extractor.ts` | Detects notification preferences in conversation messages |
 | `preference-summary.ts` | Builds preference context string for the decision engine prompt |
 | `preferences-store.ts` | CRUD for `notification_preferences` table |
@@ -237,6 +302,9 @@ await emitNotificationSignal({
     visibleInSourceNow: false,
   },
   contextPayload: { /* arbitrary data for the decision engine */ },
+  // Optional: control multi-channel fanout behavior
+  routingIntent: 'multi_channel',   // 'single_channel' | 'multi_channel' | 'all_channels'
+  routingHints: { preferredChannels: ['telegram', 'sms'] },
 });
 ```
 

package/src/notifications/adapters/sms.ts

@@ -0,0 +1,80 @@
+/**
+ * SMS channel adapter — delivers notifications to phone numbers
+ * via the gateway's SMS delivery endpoint (`/deliver/sms`).
+ *
+ * Follows the same delivery pattern as the Telegram adapter: POST to
+ * the gateway's `/deliver/sms` endpoint with a phone number (as chatId)
+ * and text payload. The gateway forwards the message to the Twilio
+ * Messages API.
+ *
+ * Graceful degradation: when the gateway is unreachable or SMS is not
+ * configured, the adapter returns a failed DeliveryResult without throwing,
+ * so the broadcaster continues delivering to other channels.
+ */
+
+import { getGatewayInternalBaseUrl } from '../../config/env.js';
+import { deliverChannelReply } from '../../runtime/gateway-client.js';
+import { getLogger } from '../../util/logger.js';
+import { readHttpToken } from '../../util/platform.js';
+import { nonEmpty } from '../copy-composer.js';
+import type {
+  ChannelAdapter,
+  ChannelDeliveryPayload,
+  ChannelDestination,
+  DeliveryResult,
+  NotificationChannel,
+} from '../types.js';
+
+const log = getLogger('notif-adapter-sms');
+
+function resolveSmsMessageText(payload: ChannelDeliveryPayload): string {
+  const deliveryText = nonEmpty(payload.copy.deliveryText);
+  if (deliveryText) return deliveryText;
+
+  const body = nonEmpty(payload.copy.body);
+  if (body) return body;
+
+  const title = nonEmpty(payload.copy.title);
+  if (title) return title;
+
+  return payload.sourceEventName.replace(/[._]/g, ' ');
+}
+
+export class SmsAdapter implements ChannelAdapter {
+  readonly channel: NotificationChannel = 'sms';
+
+  async send(payload: ChannelDeliveryPayload, destination: ChannelDestination): Promise<DeliveryResult> {
+    const phoneNumber = destination.endpoint;
+    if (!phoneNumber) {
+      log.warn({ sourceEventName: payload.sourceEventName }, 'SMS destination has no phone number — skipping');
+      return { success: false, error: 'No phone number configured for SMS destination' };
+    }
+
+    const gatewayBase = getGatewayInternalBaseUrl();
+    const deliverUrl = `${gatewayBase}/deliver/sms`;
+
+    const messageText = resolveSmsMessageText(payload);
+
+    try {
+      await deliverChannelReply(
+        deliverUrl,
+        { chatId: phoneNumber, text: messageText, assistantId: payload.assistantId },
+        readHttpToken() ?? undefined,
+      );
+
+      log.info(
+        { sourceEventName: payload.sourceEventName, phoneNumber },
+        'SMS notification delivered',
+      );
+
+      return { success: true };
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      log.error(
+        { err, sourceEventName: payload.sourceEventName, phoneNumber },
+        'Failed to deliver SMS notification',
+      );
+      return { success: false, error: message };
+    }
+  }
+}

package/src/notifications/broadcaster.ts

@@ -174,6 +174,7 @@ export class NotificationBroadcaster {
       const payload: ChannelDeliveryPayload = {
         deliveryId,
         sourceEventName: signal.sourceEventName,
+        assistantId: signal.assistantId,
         copy,
         deepLinkTarget,
       };

package/src/notifications/copy-composer.ts

@@ -115,14 +115,14 @@ function applyChannelDefaults(
 ): RenderedChannelCopy {
   const copy: RenderedChannelCopy = { ...baseCopy };
 
-  if (channel === 'telegram') {
-    copy.deliveryText = buildTelegramFallbackDeliveryText(baseCopy, signal);
+  if (channel === 'telegram' || channel === 'sms') {
+    copy.deliveryText = buildChatSurfaceFallbackDeliveryText(baseCopy, signal);
   }
 
   return copy;
 }
 
-function buildTelegramFallbackDeliveryText(
+function buildChatSurfaceFallbackDeliveryText(
   baseCopy: RenderedChannelCopy,
   signal: NotificationSignal,
 ): string {

package/src/notifications/decision-engine.ts

@@ -18,7 +18,7 @@ import type { ModelIntent } from '../providers/types.js';
 import { getLogger } from '../util/logger.js';
 import { createDecision } from './decisions-store.js';
 import { getPreferenceSummary } from './preference-summary.js';
-import type { NotificationSignal } from './signal.js';
+import type { NotificationSignal, RoutingIntent } from './signal.js';
 import type { NotificationChannel, NotificationDecision, RenderedChannelCopy } from './types.js';
 
 const log = getLogger('notification-decision-engine');
@@ -56,6 +56,12 @@ function buildSystemPrompt(
     `- For low-urgency background events, suppress unless they match user preferences.`,
     `- Generate a stable dedupeKey derived from the signal context so duplicate signals can be suppressed.`,
     ``,
+    `Routing intent (when present in the signal):`,
+    `- \`all_channels\`: The source explicitly requests notification on ALL connected channels.`,
+    `- \`multi_channel\`: The source prefers 2+ channels when 2+ are connected.`,
+    `- \`single_channel\`: Default routing behavior — use your best judgment (no override).`,
+    `When a routing intent is present, respect it in your channel selection. A post-decision guard will enforce the intent.`,
+    ``,
     `Copy guidelines (three distinct outputs):`,
     `- \`title\` and \`body\` are for native notification popups (e.g. vellum desktop/mobile) — keep them short and glanceable (title ≤ 8 words, body ≤ 2 sentences).`,
     `- \`deliveryText\` is the channel-native message for chat channels (e.g. telegram). It must read naturally as a standalone message.`,
@@ -91,6 +97,14 @@ function buildUserPrompt(signal: NotificationSignal): string {
     parts.push(`Deadline: ${new Date(signal.attentionHints.deadlineAt).toISOString()}`);
   }
 
+  if (signal.routingIntent && signal.routingIntent !== 'single_channel') {
+    parts.push(`Routing intent: ${signal.routingIntent}`);
+  }
+
+  if (signal.routingHints && Object.keys(signal.routingHints).length > 0) {
+    parts.push(`Routing hints: ${JSON.stringify(signal.routingHints)}`);
+  }
+
   const payloadStr = JSON.stringify(signal.contextPayload);
   if (payloadStr.length > 2) {
     parts.push(``, `Context payload:`, payloadStr);
@@ -377,6 +391,61 @@ async function classifyWithLLM(
   }
 }
 
+// ── Post-decision routing intent enforcement ───────────────────────────
+
+/**
+ * Enforce routing intent policy on a decision after the LLM has produced it.
+ * This is a fire-time guard: it overrides channel selection to match the
+ * routing intent specified by the signal source (e.g. a reminder).
+ *
+ * - `all_channels`: force selected channels to all connected channels.
+ * - `multi_channel`: ensure at least 2 channels when 2+ are connected.
+ * - `single_channel`: no override (default behavior).
+ */
+export function enforceRoutingIntent(
+  decision: NotificationDecision,
+  routingIntent: RoutingIntent | undefined,
+  connectedChannels: NotificationChannel[],
+): NotificationDecision {
+  if (!routingIntent || routingIntent === 'single_channel') {
+    return decision;
+  }
+
+  if (!decision.shouldNotify) {
+    return decision;
+  }
+
+  if (routingIntent === 'all_channels') {
+    // Force all connected channels
+    if (connectedChannels.length > 0) {
+      const enforced = { ...decision };
+      enforced.selectedChannels = [...connectedChannels];
+      enforced.reasoningSummary = `${decision.reasoningSummary} [routing_intent=all_channels enforced: ${connectedChannels.join(', ')}]`;
+      log.info(
+        { routingIntent, connectedChannels, originalChannels: decision.selectedChannels },
+        'Routing intent enforcement: all_channels → forced all connected channels',
+      );
+      return enforced;
+    }
+  }
+
+  if (routingIntent === 'multi_channel') {
+    // Ensure at least 2 channels when 2+ are connected
+    if (connectedChannels.length >= 2 && decision.selectedChannels.length < 2) {
+      const enforced = { ...decision };
+      enforced.selectedChannels = [...connectedChannels];
+      enforced.reasoningSummary = `${decision.reasoningSummary} [routing_intent=multi_channel enforced: expanded to ${connectedChannels.join(', ')}]`;
+      log.info(
+        { routingIntent, connectedChannels, originalChannels: decision.selectedChannels },
+        'Routing intent enforcement: multi_channel → expanded to all connected channels',
+      );
+      return enforced;
+    }
+  }
+
+  return decision;
+}
+
 // ── Persistence ────────────────────────────────────────────────────────
 
 function persistDecision(signal: NotificationSignal, decision: NotificationDecision): string | undefined {

package/src/notifications/decisions-store.ts

@@ -79,6 +79,30 @@ export function createDecision(params: CreateDecisionParams): NotificationDecisi
   };
 }
 
+export interface UpdateDecisionParams {
+  selectedChannels?: string[];
+  reasoningSummary?: string;
+  validationResults?: Record<string, unknown>;
+}
+
+/** Update an existing decision row (e.g. after routing intent enforcement). */
+export function updateDecision(id: string, params: UpdateDecisionParams): void {
+  const db = getDb();
+  const updates: Record<string, unknown> = {};
+  if (params.selectedChannels !== undefined) {
+    updates.selectedChannels = JSON.stringify(params.selectedChannels);
+  }
+  if (params.reasoningSummary !== undefined) {
+    updates.reasoningSummary = params.reasoningSummary;
+  }
+  if (params.validationResults !== undefined) {
+    updates.validationResults = JSON.stringify(params.validationResults);
+  }
+  if (Object.keys(updates).length === 0) return;
+
+  db.update(notificationDecisions).set(updates).where(eq(notificationDecisions.id, id)).run();
+}
+
 /** Fetch a single decision by ID. */
 export function getDecisionById(id: string): NotificationDecisionRow | null {
   const db = getDb();

package/src/notifications/destination-resolver.ts

@@ -38,7 +38,8 @@ export function resolveDestinations(
         result.set('vellum', { channel: 'vellum' });
         break;
       }
-      case 'telegram': {
+      case 'telegram':
+      case 'sms': {
         const binding = getActiveBinding(assistantId, channel);
         if (binding) {
           result.set(channel as NotificationChannel, {

package/src/notifications/emit-signal.ts

@@ -15,13 +15,15 @@ import { getDeliverableChannels } from '../channels/config.js';
 import { getActiveBinding } from '../memory/channel-guardian-store.js';
 import { getLogger } from '../util/logger.js';
 import { type BroadcastFn, VellumAdapter } from './adapters/macos.js';
+import { SmsAdapter } from './adapters/sms.js';
 import { TelegramAdapter } from './adapters/telegram.js';
 import { NotificationBroadcaster,type ThreadCreatedInfo } from './broadcaster.js';
-import { evaluateSignal } from './decision-engine.js';
+import { enforceRoutingIntent, evaluateSignal } from './decision-engine.js';
+import { updateDecision } from './decisions-store.js';
 import { type DeterministicCheckContext, runDeterministicChecks } from './deterministic-checks.js';
 import { createEvent, updateEventDedupeKey } from './events-store.js';
 import { dispatchDecision } from './runtime-dispatch.js';
-import type { AttentionHints, NotificationSignal } from './signal.js';
+import type { AttentionHints, NotificationSignal, RoutingIntent } from './signal.js';
 import type { NotificationChannel, NotificationDeliveryResult } from './types.js';
 
 const log = getLogger('emit-signal');
@@ -46,6 +48,7 @@ function getBroadcaster(): NotificationBroadcaster {
   if (!broadcasterInstance) {
     const adapters = [
       new TelegramAdapter(),
+      new SmsAdapter(),
     ];
     if (registeredBroadcastFn) {
       adapters.unshift(new VellumAdapter(registeredBroadcastFn));
@@ -90,6 +93,7 @@ function getConnectedChannels(assistantId: string): NotificationChannel[] {
         channels.push(channel);
         break;
       case 'telegram':
+      case 'sms':
         // Only report binding-based channels as connected when there is
         // an active guardian binding for this assistant. Without a
         // binding, the destination resolver will fail to resolve a
@@ -125,6 +129,10 @@ export interface EmitSignalParams {
   attentionHints: AttentionHints;
   /** Arbitrary context payload passed to the decision engine. */
   contextPayload?: Record<string, unknown>;
+  /** Routing intent from the source (e.g. reminder). Controls post-decision channel enforcement. */
+  routingIntent?: RoutingIntent;
+  /** Free-form hints from the source for the decision engine. */
+  routingHints?: Record<string, unknown>;
   /** Optional deduplication key. */
   dedupeKey?: string;
   /**
@@ -167,6 +175,8 @@ export async function emitNotificationSignal(params: EmitSignalParams): Promise<
     sourceEventName: params.sourceEventName,
     contextPayload: params.contextPayload ?? {},
     attentionHints: params.attentionHints,
+    routingIntent: params.routingIntent,
+    routingHints: params.routingHints,
   };
 
   try {
@@ -195,7 +205,29 @@ export async function emitNotificationSignal(params: EmitSignalParams): Promise<
 
     // Step 2: Evaluate the signal through the decision engine
     const connectedChannels = getConnectedChannels(assistantId);
-    const decision = await evaluateSignal(signal, connectedChannels);
+    let decision = await evaluateSignal(signal, connectedChannels);
+
+    // Step 2.5: Enforce routing intent policy (fire-time guard)
+    const preEnforcementDecision = decision;
+    decision = enforceRoutingIntent(decision, signal.routingIntent, connectedChannels);
+
+    // Re-persist the decision if routing intent enforcement changed it,
+    // so the stored decision row matches what is actually dispatched.
+    if (decision !== preEnforcementDecision && decision.persistedDecisionId) {
+      try {
+        updateDecision(decision.persistedDecisionId, {
+          selectedChannels: decision.selectedChannels,
+          reasoningSummary: decision.reasoningSummary,
+          validationResults: {
+            dedupeKey: decision.dedupeKey,
+            channelCount: decision.selectedChannels.length,
+            hasCopy: Object.keys(decision.renderedCopy).length > 0,
+          },
+        });
+      } catch (err) {
+        log.warn({ err, signalId }, 'Failed to re-persist decision after routing intent enforcement');
+      }
+    }
 
     // Persist model-generated dedupeKey back to the event row so future
     // signals can deduplicate against it (the event was created with

package/src/notifications/signal.ts

@@ -12,6 +12,8 @@ export interface AttentionHints {
   visibleInSourceNow: boolean;
 }
 
+export type RoutingIntent = 'single_channel' | 'multi_channel' | 'all_channels';
+
 export interface NotificationSignal {
   signalId: string;
   assistantId: string;
@@ -21,4 +23,8 @@ export interface NotificationSignal {
   sourceEventName: string; // free-form: 'reminder_fired', 'schedule_complete', 'guardian_question', etc.
   contextPayload: Record<string, unknown>;
   attentionHints: AttentionHints;
+  /** Routing intent from the source (e.g. reminder). Controls post-decision channel enforcement. */
+  routingIntent?: RoutingIntent;
+  /** Free-form hints from the source for the decision engine (e.g. preferred channels). */
+  routingHints?: Record<string, unknown>;
 }

package/src/notifications/types.ts

@@ -54,6 +54,9 @@ export interface ChannelDeliveryPayload {
   /** Delivery audit record ID — passed through to the client for ack correlation. */
   deliveryId?: string;
   sourceEventName: string;
+  /** Originating assistant — used by channel adapters that need assistant-specific
+   *  routing (e.g. SMS outbound number selection via the gateway). */
+  assistantId?: string;
   copy: RenderedChannelCopy;
   deepLinkTarget?: Record<string, unknown>;
 }

package/src/runtime/guardian-outbound-actions.ts

@@ -7,8 +7,16 @@
  * IPC handler (config-channels.ts) and the HTTP route layer (integration-routes.ts).
  */
 
-import { randomBytes, createHash } from 'node:crypto';
+import { createHash,randomBytes } from 'node:crypto';
 
+import { startGuardianVerificationCall } from '../calls/call-domain.js';
+import type { ChannelId } from '../channels/types.js';
+import { getGatewayInternalBaseUrl } from '../config/env.js';
+import { sendMessage as sendSms } from '../messaging/providers/sms/client.js';
+import { getCredentialMetadata } from '../tools/credentials/metadata-store.js';
+import { getLogger } from '../util/logger.js';
+import { normalizePhoneNumber } from '../util/phone.js';
+import { normalizeAssistantId, readHttpToken } from '../util/platform.js';
 import {
   countRecentSendsToDestination,
   createOutboundSession,
@@ -22,14 +30,6 @@ import {
   composeVerificationTelegram,
   GUARDIAN_VERIFY_TEMPLATE_KEYS,
 } from './guardian-verification-templates.js';
-import { startGuardianVerificationCall } from '../calls/call-domain.js';
-import { sendMessage as sendSms } from '../messaging/providers/sms/client.js';
-import { getGatewayInternalBaseUrl } from '../config/env.js';
-import { getCredentialMetadata } from '../tools/credentials/metadata-store.js';
-import { normalizePhoneNumber } from '../util/phone.js';
-import { normalizeAssistantId, readHttpToken } from '../util/platform.js';
-import { getLogger } from '../util/logger.js';
-import type { ChannelId } from '../channels/types.js';
 
 const log = getLogger('guardian-outbound-actions');
 

package/src/runtime/http-server.ts

@@ -29,7 +29,7 @@ import {
 } from '../config/env.js';
 import type { ServerMessage } from '../daemon/ipc-contract.js';
 import { PairingStore } from '../daemon/pairing-store.js';
-import { type Confidence, type SignalType, getAttentionStateByConversationIds, recordConversationSeenSignal } from '../memory/conversation-attention-store.js';
+import { type Confidence, getAttentionStateByConversationIds, recordConversationSeenSignal,type SignalType } from '../memory/conversation-attention-store.js';
 import * as conversationStore from '../memory/conversation-store.js';
 import * as externalConversationStore from '../memory/external-conversation-store.js';
 import { consumeCallback, consumeCallbackError } from '../security/oauth-callback-registry.js';
@@ -549,12 +549,12 @@ export class RuntimeHttpServer {
             const originChannel = parseChannelId(c.originChannel);
             const attn = attentionStates.get(c.id);
             const assistantAttention = attn ? {
-              hasUnseenLatestAssistantMessage: attn.latestAssistantMessageAt !== null &&
-                (attn.lastSeenAssistantMessageAt === null || attn.lastSeenAssistantMessageAt < attn.latestAssistantMessageAt),
-              ...(attn.latestAssistantMessageAt !== null ? { latestAssistantMessageAt: attn.latestAssistantMessageAt } : {}),
-              ...(attn.lastSeenAssistantMessageAt !== null ? { lastSeenAssistantMessageAt: attn.lastSeenAssistantMessageAt } : {}),
-              ...(attn.lastSeenConfidence !== null ? { lastSeenConfidence: attn.lastSeenConfidence } : {}),
-              ...(attn.lastSeenSignalType !== null ? { lastSeenSignalType: attn.lastSeenSignalType } : {}),
+              hasUnseenLatestAssistantMessage: attn.latestAssistantMessageAt != null &&
+                (attn.lastSeenAssistantMessageAt == null || attn.lastSeenAssistantMessageAt < attn.latestAssistantMessageAt),
+              ...(attn.latestAssistantMessageAt != null ? { latestAssistantMessageAt: attn.latestAssistantMessageAt } : {}),
+              ...(attn.lastSeenAssistantMessageAt != null ? { lastSeenAssistantMessageAt: attn.lastSeenAssistantMessageAt } : {}),
+              ...(attn.lastSeenConfidence != null ? { lastSeenConfidence: attn.lastSeenConfidence } : {}),
+              ...(attn.lastSeenSignalType != null ? { lastSeenSignalType: attn.lastSeenSignalType } : {}),
             } : undefined;
             return {
               id: c.id,

package/src/runtime/routes/conversation-attention-routes.ts

@@ -61,9 +61,9 @@ export function handleListConversationAttention(url: URL): Response {
   const results = pageStates.map((attn) => {
     const conv = conversationMap.get(attn.conversationId);
     const convSource = conv?.source ?? 'user';
-    const hasUnseen = attn.latestAssistantMessageAt !== null &&
-      (attn.lastSeenAssistantMessageAt === null || attn.lastSeenAssistantMessageAt < attn.latestAssistantMessageAt);
-    const state: 'seen' | 'unseen' | 'no_assistant_message' = attn.latestAssistantMessageAt === null
+    const hasUnseen = attn.latestAssistantMessageAt != null &&
+      (attn.lastSeenAssistantMessageAt == null || attn.lastSeenAssistantMessageAt < attn.latestAssistantMessageAt);
+    const state: 'seen' | 'unseen' | 'no_assistant_message' = attn.latestAssistantMessageAt == null
       ? 'no_assistant_message'
       : hasUnseen ? 'unseen' : 'seen';
 

package/src/runtime/routes/integration-routes.ts

@@ -21,11 +21,6 @@ import {
   createGuardianChallenge,
   getGuardianStatus,
 } from '../../daemon/handlers/config-channels.js';
-import {
-  startOutbound,
-  resendOutbound,
-  cancelOutbound,
-} from '../guardian-outbound-actions.js';
 import {
   clearTelegramConfig,
   getTelegramConfig,
@@ -33,6 +28,11 @@ import {
   setTelegramConfig,
   setupTelegram,
 } from '../../daemon/handlers/config-telegram.js';
+import {
+  cancelOutbound,
+  resendOutbound,
+  startOutbound,
+} from '../guardian-outbound-actions.js';
 
 /**
  * GET /v1/integrations/telegram/config

package/src/schedule/scheduler.ts

@@ -2,7 +2,7 @@ import { createConversation } from '../memory/conversation-store.js';
 import { GENERATING_TITLE, queueGenerateConversationTitle } from '../memory/conversation-title-service.js';
 import { invalidateAssistantInferredItemsForConversation } from '../memory/task-memory-cleanup.js';
 import { runSequencesOnce } from '../sequence/engine.js';
-import { claimDueReminders, completeReminder, failReminder, setReminderConversationId } from '../tools/reminder/reminder-store.js';
+import { claimDueReminders, completeReminder, failReminder, type RoutingIntent,setReminderConversationId } from '../tools/reminder/reminder-store.js';
 import { getLogger } from '../util/logger.js';
 import { runWatchersOnce, type WatcherEscalator,type WatcherNotifier } from '../watcher/engine.js';
 import { hasSetConstructs } from './recurrence-engine.js';
@@ -19,7 +19,13 @@ export type ScheduleMessageProcessor = (
   message: string,
 ) => Promise<unknown>;
 
-export type ReminderNotifier = (reminder: { id: string; label: string; message: string }) => void;
+export type ReminderNotifier = (reminder: {
+  id: string;
+  label: string;
+  message: string;
+  routingIntent: RoutingIntent;
+  routingHints: Record<string, unknown>;
+}) => void;
 
 export type ScheduleNotifier = (schedule: { id: string; name: string }) => void;
 
@@ -165,7 +171,13 @@ async function runScheduleOnce(
     } else {
       try {
         log.info({ reminderId: reminder.id, label: reminder.label }, 'Firing reminder notification');
-        notifyReminder({ id: reminder.id, label: reminder.label, message: reminder.message });
+        notifyReminder({
+          id: reminder.id,
+          label: reminder.label,
+          message: reminder.message,
+          routingIntent: reminder.routingIntent,
+          routingHints: reminder.routingHints,
+        });
         completeReminder(reminder.id);
       } catch (err) {
         log.warn({ err, reminderId: reminder.id }, 'Reminder notification failed, reverting to pending');

package/src/tools/executor.ts

@@ -16,6 +16,7 @@ import { pathExists, safeStatSync } from '../util/fs.js';
 import { getLogger } from '../util/logger.js';
 import { resolveExecutionTarget } from './execution-target.js';
 import { executeWithTimeout,safeTimeoutMs } from './execution-timeout.js';
+import { enforceGuardianOnlyPolicy } from './guardian-control-plane-policy.js';
 import { buildPolicyContext } from './policy-context.js';
 import { getAllTools,getTool } from './registry.js';
 import { applyEdit } from './shared/filesystem/edit-engine.js';
@@ -111,6 +112,34 @@ export class ToolExecutor {
       return { content: 'This tool is blocked by parental control settings.', isError: true };
     }
 
+    // Reject tool invocations targeting guardian control-plane endpoints from non-guardian actors.
+    const guardianCheck = enforceGuardianOnlyPolicy(name, input, context.guardianActorRole);
+    if (guardianCheck.denied) {
+      log.warn({
+        toolName: name,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        actorRole: context.guardianActorRole,
+        reason: 'guardian_only_policy',
+      }, 'Guardian-only policy blocked tool invocation');
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent(context, {
+        type: 'permission_denied',
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: 'deny',
+        reason: guardianCheck.reason!,
+        durationMs,
+      });
+      return { content: guardianCheck.reason!, isError: true };
+    }
+
     // Gate tools not active for the current turn
     if (context.allowedToolNames && !context.allowedToolNames.has(name)) {
       const msg = `Tool "${name}" is not currently active. Load the skill that provides this tool first.`;