npm - @vellumai/assistant - Versions diffs - 0.3.15 → 0.3.18 - Mend

@vellumai/assistant 0.3.15 → 0.3.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (306) hide show

package/ARCHITECTURE.md +211 -12
package/Dockerfile +1 -1
package/README.md +11 -5
package/docs/architecture/http-token-refresh.md +274 -0
package/docs/architecture/memory.md +5 -4
package/docs/architecture/scheduling.md +4 -88
package/docs/runbook-trusted-contacts.md +283 -0
package/docs/trusted-contact-access.md +247 -0
package/package.json +1 -1
package/scripts/ipc/check-swift-decoder-drift.ts +2 -0
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +2 -6
package/src/__tests__/access-request-decision.test.ts +328 -0
package/src/__tests__/asset-materialize-tool.test.ts +7 -7
package/src/__tests__/asset-search-tool.test.ts +15 -15
package/src/__tests__/attachments-store.test.ts +13 -13
package/src/__tests__/call-controller.test.ts +150 -4
package/src/__tests__/call-conversation-messages.test.ts +2 -2
package/src/__tests__/call-pointer-messages.test.ts +28 -0
package/src/__tests__/call-start-guardian-guard.test.ts +93 -0
package/src/__tests__/channel-approval-routes.test.ts +108 -12
package/src/__tests__/channel-guardian.test.ts +19 -15
package/src/__tests__/checker.test.ts +103 -48
package/src/__tests__/computer-use-skill-manifest-regression.test.ts +2 -2
package/src/__tests__/config-watcher.test.ts +356 -0
package/src/__tests__/conversation-pairing.test.ts +127 -27
package/src/__tests__/conversation-store.test.ts +36 -36
package/src/__tests__/date-context.test.ts +179 -1
package/src/__tests__/db-migration-rollback.test.ts +4 -7
package/src/__tests__/deterministic-verification-control-plane.test.ts +5 -5
package/src/__tests__/emit-signal-routing-intent.test.ts +179 -0
package/src/__tests__/gateway-only-guard.test.ts +188 -0
package/src/__tests__/guardian-action-conversation-turn.test.ts +451 -0
package/src/__tests__/guardian-action-copy-generator.test.ts +197 -0
package/src/__tests__/guardian-action-followup-executor.test.ts +379 -0
package/src/__tests__/guardian-action-followup-store.test.ts +376 -0
package/src/__tests__/guardian-action-late-reply.test.ts +425 -0
package/src/__tests__/guardian-action-no-hardcoded-copy.test.ts +71 -0
package/src/__tests__/guardian-action-store.test.ts +182 -0
package/src/__tests__/guardian-action-sweep.test.ts +9 -9
package/src/__tests__/guardian-dispatch.test.ts +120 -0
package/src/__tests__/guardian-outbound-http.test.ts +194 -2
package/src/__tests__/guardian-verification-intent-routing.test.ts +179 -0
package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +141 -0
package/src/__tests__/handlers-telegram-config.test.ts +6 -6
package/src/__tests__/hooks-runner.test.ts +13 -4
package/src/__tests__/ingress-routes-http.test.ts +443 -0
package/src/__tests__/intent-routing.test.ts +14 -0
package/src/__tests__/ipc-snapshot.test.ts +23 -5
package/src/__tests__/media-reuse-story.e2e.test.ts +7 -7
package/src/__tests__/memory-regressions.test.ts +16 -12
package/src/__tests__/non-member-access-request.test.ts +281 -0
package/src/__tests__/notification-broadcaster.test.ts +115 -4
package/src/__tests__/notification-decision-strategy.test.ts +138 -1
package/src/__tests__/notification-deep-link.test.ts +44 -1
package/src/__tests__/notification-guardian-path.test.ts +157 -0
package/src/__tests__/notification-routing-intent.test.ts +11 -1
package/src/__tests__/notification-thread-candidate-validation.test.ts +215 -0
package/src/__tests__/notification-thread-candidates.test.ts +166 -0
package/src/__tests__/recording-intent.test.ts +1 -0
package/src/__tests__/recording-state-machine.test.ts +328 -17
package/src/__tests__/registry.test.ts +17 -8
package/src/__tests__/relay-server.test.ts +105 -0
package/src/__tests__/reminder.test.ts +13 -0
package/src/__tests__/runtime-attachment-metadata.test.ts +4 -4
package/src/__tests__/scheduler-recurrence.test.ts +50 -0
package/src/__tests__/server-history-render.test.ts +8 -8
package/src/__tests__/session-agent-loop.test.ts +1 -0
package/src/__tests__/session-runtime-assembly.test.ts +49 -0
package/src/__tests__/session-skill-tools.test.ts +1 -0
package/src/__tests__/skill-projection.benchmark.test.ts +11 -3
package/src/__tests__/slack-channel-config.test.ts +230 -0
package/src/__tests__/subagent-manager-notify.test.ts +4 -4
package/src/__tests__/swarm-session-integration.test.ts +2 -2
package/src/__tests__/system-prompt.test.ts +43 -0
package/src/__tests__/task-management-tools.test.ts +3 -3
package/src/__tests__/task-tools.test.ts +3 -3
package/src/__tests__/trust-store.test.ts +38 -22
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +489 -0
package/src/__tests__/trusted-contact-multichannel.test.ts +405 -0
package/src/__tests__/trusted-contact-verification.test.ts +360 -0
package/src/__tests__/update-bulletin-format.test.ts +119 -0
package/src/__tests__/update-bulletin-state.test.ts +129 -0
package/src/__tests__/update-bulletin.test.ts +323 -0
package/src/__tests__/update-template-contract.test.ts +24 -0
package/src/__tests__/voice-session-bridge.test.ts +109 -9
package/src/agent/loop.ts +2 -2
package/src/amazon/client.ts +2 -3
package/src/calls/call-controller.ts +241 -39
package/src/calls/call-conversation-messages.ts +2 -2
package/src/calls/call-domain.ts +10 -3
package/src/calls/call-pointer-messages.ts +17 -5
package/src/calls/guardian-action-sweep.ts +77 -36
package/src/calls/guardian-dispatch.ts +8 -0
package/src/calls/relay-server.ts +51 -12
package/src/calls/twilio-routes.ts +3 -1
package/src/calls/types.ts +1 -1
package/src/calls/voice-session-bridge.ts +8 -6
package/src/cli/core-commands.ts +43 -3
package/src/cli/map.ts +8 -5
package/src/config/bundled-skills/phone-calls/SKILL.md +16 -1
package/src/config/bundled-skills/tasks/SKILL.md +1 -1
package/src/config/bundled-skills/tasks/TOOLS.json +4 -4
package/src/config/bundled-skills/time-based-actions/SKILL.md +11 -1
package/src/config/computer-use-prompt.ts +1 -0
package/src/config/core-schema.ts +16 -0
package/src/config/env-registry.ts +1 -0
package/src/config/env.ts +16 -1
package/src/config/memory-schema.ts +5 -0
package/src/config/schema.ts +4 -0
package/src/config/system-prompt.ts +69 -2
package/src/config/templates/BOOTSTRAP.md +1 -1
package/src/config/templates/IDENTITY.md +8 -4
package/src/config/templates/SOUL.md +14 -0
package/src/config/templates/UPDATES.md +15 -0
package/src/config/templates/USER.md +5 -1
package/src/config/types.ts +1 -0
package/src/config/update-bulletin-format.ts +54 -0
package/src/config/update-bulletin-state.ts +49 -0
package/src/config/update-bulletin-template-path.ts +6 -0
package/src/config/update-bulletin.ts +97 -0
package/src/config/vellum-skills/catalog.json +6 -0
package/src/config/vellum-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
package/src/config/vellum-skills/guardian-verify-setup/SKILL.md +44 -10
package/src/config/vellum-skills/telegram-setup/SKILL.md +4 -4
package/src/config/vellum-skills/trusted-contacts/SKILL.md +147 -0
package/src/config/vellum-skills/twilio-setup/SKILL.md +2 -2
package/src/context/window-manager.ts +43 -3
package/src/daemon/config-watcher.ts +4 -2
package/src/daemon/connection-policy.ts +21 -1
package/src/daemon/daemon-control.ts +219 -8
package/src/daemon/date-context.ts +174 -1
package/src/daemon/guardian-action-generators.ts +175 -0
package/src/daemon/guardian-verification-intent.ts +120 -0
package/src/daemon/handlers/apps.ts +1 -3
package/src/daemon/handlers/config-channels.ts +2 -2
package/src/daemon/handlers/config-heartbeat.ts +1 -1
package/src/daemon/handlers/config-inbox.ts +55 -159
package/src/daemon/handlers/config-ingress.ts +1 -1
package/src/daemon/handlers/config-integrations.ts +1 -1
package/src/daemon/handlers/config-platform.ts +1 -1
package/src/daemon/handlers/config-scheduling.ts +2 -2
package/src/daemon/handlers/config-slack-channel.ts +190 -0
package/src/daemon/handlers/config-telegram.ts +1 -1
package/src/daemon/handlers/config-twilio.ts +1 -1
package/src/daemon/handlers/config-voice.ts +100 -0
package/src/daemon/handlers/config.ts +3 -0
package/src/daemon/handlers/identity.ts +45 -25
package/src/daemon/handlers/misc.ts +83 -5
package/src/daemon/handlers/navigate-settings.ts +27 -0
package/src/daemon/handlers/recording.ts +270 -144
package/src/daemon/handlers/sessions.ts +100 -17
package/src/daemon/handlers/subagents.ts +3 -3
package/src/daemon/handlers/work-items.ts +10 -7
package/src/daemon/ipc-contract/integrations.ts +9 -1
package/src/daemon/ipc-contract/messages.ts +4 -0
package/src/daemon/ipc-contract/sessions.ts +1 -1
package/src/daemon/ipc-contract/settings.ts +26 -0
package/src/daemon/ipc-contract/shared.ts +2 -0
package/src/daemon/ipc-contract/work-items.ts +1 -7
package/src/daemon/ipc-contract/workspace.ts +12 -1
package/src/daemon/ipc-contract-inventory.json +6 -1
package/src/daemon/ipc-contract.ts +5 -1
package/src/daemon/lifecycle.ts +314 -266
package/src/daemon/recording-intent.ts +0 -41
package/src/daemon/response-tier.ts +2 -2
package/src/daemon/server.ts +31 -9
package/src/daemon/session-agent-loop-handlers.ts +34 -9
package/src/daemon/session-agent-loop.ts +15 -8
package/src/daemon/session-history.ts +3 -2
package/src/daemon/session-media-retry.ts +3 -0
package/src/daemon/session-messaging.ts +38 -4
package/src/daemon/session-notifiers.ts +2 -2
package/src/daemon/session-process.ts +546 -59
package/src/daemon/session-queue-manager.ts +2 -0
package/src/daemon/session-runtime-assembly.ts +39 -0
package/src/daemon/session-skill-tools.ts +13 -4
package/src/daemon/session-tool-setup.ts +5 -6
package/src/daemon/session.ts +19 -8
package/src/daemon/tls-certs.ts +60 -13
package/src/daemon/tool-side-effects.ts +13 -5
package/src/gallery/default-gallery.ts +32 -9
package/src/influencer/client.ts +2 -1
package/src/memory/channel-delivery-store.ts +35 -567
package/src/memory/channel-guardian-store.ts +63 -1317
package/src/memory/conflict-store.ts +4 -4
package/src/memory/conversation-attention-store.ts +0 -3
package/src/memory/conversation-crud.ts +668 -0
package/src/memory/conversation-queries.ts +361 -0
package/src/memory/conversation-store.ts +44 -983
package/src/memory/db-connection.ts +3 -0
package/src/memory/db-init.ts +33 -0
package/src/memory/delivery-channels.ts +175 -0
package/src/memory/delivery-crud.ts +211 -0
package/src/memory/delivery-status.ts +199 -0
package/src/memory/embedding-backend.ts +70 -4
package/src/memory/embedding-local.ts +12 -2
package/src/memory/entity-extractor.ts +3 -8
package/src/memory/fts-reconciler.ts +136 -0
package/src/memory/guardian-action-store.ts +418 -5
package/src/memory/guardian-approvals.ts +569 -0
package/src/memory/guardian-bindings.ts +130 -0
package/src/memory/guardian-rate-limits.ts +196 -0
package/src/memory/guardian-verification.ts +521 -0
package/src/memory/job-handlers/index-maintenance.ts +2 -1
package/src/memory/job-utils.ts +8 -5
package/src/memory/jobs-store.ts +66 -6
package/src/memory/jobs-worker.ts +23 -1
package/src/memory/migrations/030-guardian-action-followup.ts +21 -0
package/src/memory/migrations/030-guardian-verification-purpose.ts +17 -0
package/src/memory/migrations/031-conversations-thread-type-index.ts +5 -0
package/src/memory/migrations/032-guardian-delivery-conversation-index.ts +15 -0
package/src/memory/migrations/032-notification-delivery-thread-decision.ts +20 -0
package/src/memory/migrations/100-core-tables.ts +1 -1
package/src/memory/migrations/101-watchers-and-logs.ts +4 -0
package/src/memory/migrations/108-tasks-and-work-items.ts +1 -1
package/src/memory/migrations/112-assistant-inbox.ts +1 -1
package/src/memory/migrations/113-late-migrations.ts +1 -1
package/src/memory/migrations/116-messages-fts.ts +13 -0
package/src/memory/migrations/119-schema-indexes-and-columns.ts +37 -0
package/src/memory/migrations/120-fk-cascade-rebuilds.ts +161 -0
package/src/memory/migrations/index.ts +10 -3
package/src/memory/migrations/validate-migration-state.ts +114 -15
package/src/memory/qdrant-circuit-breaker.ts +105 -0
package/src/memory/retriever.ts +46 -13
package/src/memory/schema-migration.ts +4 -0
package/src/memory/schema.ts +31 -8
package/src/memory/search/semantic.ts +8 -90
package/src/notifications/README.md +159 -18
package/src/notifications/broadcaster.ts +69 -33
package/src/notifications/conversation-pairing.ts +99 -21
package/src/notifications/decision-engine.ts +176 -8
package/src/notifications/deliveries-store.ts +39 -8
package/src/notifications/emit-signal.ts +1 -0
package/src/notifications/preferences-store.ts +7 -7
package/src/notifications/thread-candidates.ts +269 -0
package/src/notifications/types.ts +19 -0
package/src/permissions/checker.ts +1 -16
package/src/permissions/defaults.ts +25 -5
package/src/permissions/prompter.ts +17 -0
package/src/permissions/trust-store.ts +2 -0
package/src/providers/failover.ts +19 -0
package/src/providers/registry.ts +46 -1
package/src/runtime/approval-message-composer.ts +1 -1
package/src/runtime/channel-guardian-service.ts +15 -3
package/src/runtime/channel-retry-sweep.ts +7 -2
package/src/runtime/guardian-action-conversation-turn.ts +85 -0
package/src/runtime/guardian-action-followup-executor.ts +301 -0
package/src/runtime/guardian-action-message-composer.ts +245 -0
package/src/runtime/guardian-outbound-actions.ts +26 -6
package/src/runtime/guardian-verification-templates.ts +15 -9
package/src/runtime/http-errors.ts +93 -0
package/src/runtime/http-server.ts +133 -44
package/src/runtime/http-types.ts +53 -0
package/src/runtime/ingress-service.ts +237 -0
package/src/runtime/middleware/error-handler.ts +4 -3
package/src/runtime/middleware/rate-limiter.ts +160 -0
package/src/runtime/middleware/request-logger.ts +71 -0
package/src/runtime/middleware/twilio-validation.ts +7 -6
package/src/runtime/pending-interactions.ts +12 -0
package/src/runtime/routes/access-request-decision.ts +215 -0
package/src/runtime/routes/app-routes.ts +25 -18
package/src/runtime/routes/approval-routes.ts +18 -47
package/src/runtime/routes/attachment-routes.ts +15 -41
package/src/runtime/routes/call-routes.ts +20 -20
package/src/runtime/routes/channel-delivery-routes.ts +6 -5
package/src/runtime/routes/contact-routes.ts +4 -9
package/src/runtime/routes/conversation-attention-routes.ts +2 -1
package/src/runtime/routes/conversation-routes.ts +26 -57
package/src/runtime/routes/debug-routes.ts +71 -0
package/src/runtime/routes/events-routes.ts +3 -2
package/src/runtime/routes/guardian-approval-interception.ts +221 -0
package/src/runtime/routes/identity-routes.ts +14 -10
package/src/runtime/routes/inbound-conversation.ts +3 -2
package/src/runtime/routes/inbound-message-handler.ts +527 -62
package/src/runtime/routes/ingress-routes.ts +174 -0
package/src/runtime/routes/integration-routes.ts +78 -16
package/src/runtime/routes/pairing-routes.ts +11 -10
package/src/runtime/routes/secret-routes.ts +10 -18
package/src/runtime/verification-rate-limiter.ts +83 -0
package/src/schedule/schedule-store.ts +13 -1
package/src/schedule/scheduler.ts +1 -1
package/src/security/secret-ingress.ts +5 -2
package/src/security/secret-scanner.ts +72 -6
package/src/subagent/manager.ts +6 -4
package/src/swarm/plan-validator.ts +4 -1
package/src/tasks/task-runner.ts +3 -1
package/src/tools/browser/api-map.ts +9 -6
package/src/tools/calls/call-start.ts +20 -0
package/src/tools/executor.ts +50 -568
package/src/tools/permission-checker.ts +271 -0
package/src/tools/registry.ts +14 -6
package/src/tools/reminder/reminder-store.ts +7 -7
package/src/tools/reminder/reminder.ts +6 -3
package/src/tools/secret-detection-handler.ts +301 -0
package/src/tools/subagent/message.ts +1 -1
package/src/tools/system/voice-config.ts +62 -0
package/src/tools/tasks/index.ts +3 -3
package/src/tools/tasks/work-item-list.ts +3 -3
package/src/tools/tasks/work-item-update.ts +4 -5
package/src/tools/tool-approval-handler.ts +192 -0
package/src/tools/tool-manifest.ts +2 -0
package/src/version.ts +29 -2
package/src/watcher/watcher-store.ts +9 -9
package/src/work-items/work-item-runner.ts +9 -6
/package/src/memory/migrations/{026-embeddings-nullable-vector-json.ts → 026a-embeddings-nullable-vector-json.ts} +0 -0
/package/src/memory/migrations/{027-guardian-bootstrap-token.ts → 027a-guardian-bootstrap-token.ts} +0 -0

package/src/__tests__/trusted-contact-verification.test.ts ADDED Viewed

@@ -0,0 +1,360 @@
+/**
+ * Tests for M4: Verification success → trusted contact activation.
+ *
+ * When a requester successfully verifies their identity (enters the correct
+ * 6-digit code from an identity-bound outbound session), the system should:
+ * 1. Upsert an active member record in assistant_ingress_members
+ * 2. Allow subsequent messages through the ACL check
+ * 3. Scope the member correctly (no cross-assistant leakage)
+ * 4. Reactivate previously revoked members on re-verification
+ * 5. NOT create a guardian binding (trusted contacts are not guardians)
+ */
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { afterAll, beforeEach, describe, expect, mock, test } from 'bun:test';
+// ---------------------------------------------------------------------------
+// Test isolation: in-memory SQLite via temp directory
+// ---------------------------------------------------------------------------
+const testDir = mkdtempSync(join(tmpdir(), 'trusted-contact-verify-test-'));
+mock.module('../util/platform.js', () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+  normalizeAssistantId: (id: string) => id === 'self' ? 'self' : id,
+  readHttpToken: () => 'test-bearer-token',
+}));
+mock.module('../util/logger.js', () => ({
+  getLogger: () => new Proxy({} as Record<string, unknown>, {
+    get: () => () => {},
+  }),
+}));
+import {
+  createBinding,
+  getActiveBinding,
+} from '../memory/channel-guardian-store.js';
+import { getDb, initializeDb, resetDb } from '../memory/db.js';
+import {
+  findMember,
+  revokeMember,
+  upsertMember,
+} from '../memory/ingress-member-store.js';
+import {
+  createOutboundSession,
+  validateAndConsumeChallenge,
+} from '../runtime/channel-guardian-service.js';
+initializeDb();
+afterAll(() => {
+  resetDb();
+  try { rmSync(testDir, { recursive: true }); } catch { /* best effort */ }
+});
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function resetTables(): void {
+  const db = getDb();
+  db.run('DELETE FROM channel_guardian_verification_challenges');
+  db.run('DELETE FROM channel_guardian_bindings');
+  db.run('DELETE FROM channel_guardian_rate_limits');
+  db.run('DELETE FROM assistant_ingress_members');
+}
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+describe('trusted contact verification → member activation', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+  test('successful verification creates active member with allow policy', () => {
+    // Simulate M3: guardian approves, outbound session created for the requester
+    const session = createOutboundSession({
+      assistantId: 'self',
+      channel: 'telegram',
+      expectedExternalUserId: 'requester-user-123',
+      expectedChatId: 'requester-chat-123',
+      identityBindingStatus: 'bound',
+      destinationAddress: 'requester-chat-123',
+      verificationPurpose: 'trusted_contact',
+    });
+    // Requester enters the 6-digit code
+    const result = validateAndConsumeChallenge(
+      'self',
+      'telegram',
+      session.secret,
+      'requester-user-123',
+      'requester-chat-123',
+      'requester_username',
+      'Requester Name',
+    );
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.verificationType).toBe('trusted_contact');
+    }
+    // Simulate the member upsert that inbound-message-handler performs on success
+    upsertMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'requester-user-123',
+      externalChatId: 'requester-chat-123',
+      status: 'active',
+      policy: 'allow',
+      displayName: 'Requester Name',
+      username: 'requester_username',
+    });
+    // Verify: active member record exists
+    const member = findMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'requester-user-123',
+    });
+    expect(member).not.toBeNull();
+    expect(member!.status).toBe('active');
+    expect(member!.policy).toBe('allow');
+    expect(member!.externalUserId).toBe('requester-user-123');
+    expect(member!.externalChatId).toBe('requester-chat-123');
+    expect(member!.displayName).toBe('Requester Name');
+    expect(member!.username).toBe('requester_username');
+    expect(member!.assistantId).toBe('self');
+    expect(member!.sourceChannel).toBe('telegram');
+  });
+  test('post-verify message is accepted (ACL check passes)', () => {
+    // Create and verify a trusted contact
+    const session = createOutboundSession({
+      assistantId: 'self',
+      channel: 'telegram',
+      expectedExternalUserId: 'requester-user-456',
+      expectedChatId: 'requester-chat-456',
+      identityBindingStatus: 'bound',
+      destinationAddress: 'requester-chat-456',
+      verificationPurpose: 'trusted_contact',
+    });
+    validateAndConsumeChallenge(
+      'self', 'telegram', session.secret,
+      'requester-user-456', 'requester-chat-456',
+    );
+    // Simulate member upsert on verification success
+    upsertMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'requester-user-456',
+      externalChatId: 'requester-chat-456',
+      status: 'active',
+      policy: 'allow',
+    });
+    // Simulate the ACL check that inbound-message-handler performs
+    const member = findMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'requester-user-456',
+      externalChatId: 'requester-chat-456',
+    });
+    expect(member).not.toBeNull();
+    expect(member!.status).toBe('active');
+    expect(member!.policy).toBe('allow');
+    // ACL check passes: member exists, is active, and has allow policy
+  });
+  test('no cross-assistant leakage (member scoped correctly)', () => {
+    // Create member for assistant 'self'
+    const session = createOutboundSession({
+      assistantId: 'self',
+      channel: 'telegram',
+      expectedExternalUserId: 'user-cross-test',
+      expectedChatId: 'chat-cross-test',
+      identityBindingStatus: 'bound',
+      destinationAddress: 'chat-cross-test',
+      verificationPurpose: 'trusted_contact',
+    });
+    validateAndConsumeChallenge(
+      'self', 'telegram', session.secret,
+      'user-cross-test', 'chat-cross-test',
+    );
+    upsertMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'user-cross-test',
+      externalChatId: 'chat-cross-test',
+      status: 'active',
+      policy: 'allow',
+    });
+    // Member should be found for 'self'
+    const selfMember = findMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'user-cross-test',
+    });
+    expect(selfMember).not.toBeNull();
+    expect(selfMember!.status).toBe('active');
+    // Member should NOT be found for a different assistant
+    const otherMember = findMember({
+      assistantId: 'other-assistant',
+      sourceChannel: 'telegram',
+      externalUserId: 'user-cross-test',
+    });
+    expect(otherMember).toBeNull();
+  });
+  test('re-verification of previously revoked member reactivates them', () => {
+    // Create and activate a member
+    const member = upsertMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'user-revoked',
+      externalChatId: 'chat-revoked',
+      status: 'active',
+      policy: 'allow',
+      displayName: 'Revoked User',
+    });
+    // Revoke the member
+    const revoked = revokeMember(member.id, 'testing revocation');
+    expect(revoked).not.toBeNull();
+    expect(revoked!.status).toBe('revoked');
+    // Verify the member is indeed revoked (ACL would reject)
+    const revokedMember = findMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'user-revoked',
+    });
+    expect(revokedMember).not.toBeNull();
+    expect(revokedMember!.status).toBe('revoked');
+    // Guardian re-approves, new outbound session created
+    const session = createOutboundSession({
+      assistantId: 'self',
+      channel: 'telegram',
+      expectedExternalUserId: 'user-revoked',
+      expectedChatId: 'chat-revoked',
+      identityBindingStatus: 'bound',
+      destinationAddress: 'chat-revoked',
+      verificationPurpose: 'trusted_contact',
+    });
+    // Requester enters the new code
+    const result = validateAndConsumeChallenge(
+      'self', 'telegram', session.secret,
+      'user-revoked', 'chat-revoked',
+    );
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.verificationType).toBe('trusted_contact');
+    }
+    // upsertMember reactivates the existing record
+    upsertMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'user-revoked',
+      externalChatId: 'chat-revoked',
+      status: 'active',
+      policy: 'allow',
+    });
+    // Verify: member is now active again
+    const reactivated = findMember({
+      assistantId: 'self',
+      sourceChannel: 'telegram',
+      externalUserId: 'user-revoked',
+    });
+    expect(reactivated).not.toBeNull();
+    expect(reactivated!.status).toBe('active');
+    expect(reactivated!.policy).toBe('allow');
+  });
+  test('trusted contact verification does NOT create a guardian binding', () => {
+    // Ensure there's an existing guardian binding we want to preserve
+    createBinding({
+      assistantId: 'self',
+      channel: 'telegram',
+      guardianExternalUserId: 'guardian-user-original',
+      guardianDeliveryChatId: 'guardian-chat-original',
+      verifiedVia: 'challenge',
+      metadataJson: null,
+    });
+    // Create an outbound session for a requester (different user than guardian)
+    const session = createOutboundSession({
+      assistantId: 'self',
+      channel: 'telegram',
+      expectedExternalUserId: 'requester-user-789',
+      expectedChatId: 'requester-chat-789',
+      identityBindingStatus: 'bound',
+      destinationAddress: 'requester-chat-789',
+      verificationPurpose: 'trusted_contact',
+    });
+    const result = validateAndConsumeChallenge(
+      'self', 'telegram', session.secret,
+      'requester-user-789', 'requester-chat-789',
+    );
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.verificationType).toBe('trusted_contact');
+      // Should NOT have a bindingId — no guardian binding created
+      expect('bindingId' in result).toBe(false);
+    }
+    // The original guardian binding should remain intact
+    const binding = getActiveBinding('self', 'telegram');
+    expect(binding).not.toBeNull();
+    expect(binding!.guardianExternalUserId).toBe('guardian-user-original');
+  });
+  test('guardian inbound verification still creates binding (backward compat)', () => {
+    // Create an inbound challenge (no expected identity — guardian flow)
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const { createVerificationChallenge } = require('../runtime/channel-guardian-service.js');
+    const { secret } = createVerificationChallenge('self', 'telegram');
+    const result = validateAndConsumeChallenge(
+      'self', 'telegram', secret,
+      'guardian-user', 'guardian-chat',
+    );
+    expect(result.success).toBe(true);
+    if (result.success && result.verificationType === 'guardian') {
+      expect(result.bindingId).toBeDefined();
+    }
+    // Guardian binding should be created
+    const binding = getActiveBinding('self', 'telegram');
+    expect(binding).not.toBeNull();
+    expect(binding!.guardianExternalUserId).toBe('guardian-user');
+  });
+});

package/src/__tests__/update-bulletin-format.test.ts ADDED Viewed

@@ -0,0 +1,119 @@
+import { describe, expect, test } from 'bun:test';
+import {
+  appendReleaseBlock,
+  extractReleaseIds,
+  hasReleaseBlock,
+  releaseMarker,
+} from '../config/update-bulletin-format.js';
+describe('releaseMarker', () => {
+  test('returns an HTML comment with the version embedded', () => {
+    expect(releaseMarker('1.2.3')).toBe('<!-- vellum-update-release:1.2.3 -->');
+  });
+  test('handles pre-release / build-metadata versions', () => {
+    expect(releaseMarker('2.0.0-beta.1+build.42')).toBe(
+      '<!-- vellum-update-release:2.0.0-beta.1+build.42 -->',
+    );
+  });
+});
+describe('hasReleaseBlock', () => {
+  const content = [
+    '<!-- vellum-update-release:1.0.0 -->',
+    '## 1.0.0',
+    'Initial release.',
+    '',
+    '<!-- vellum-update-release:1.1.0 -->',
+    '## 1.1.0',
+    'Second release.',
+  ].join('\n');
+  test('returns true when the marker is present', () => {
+    expect(hasReleaseBlock(content, '1.0.0')).toBe(true);
+    expect(hasReleaseBlock(content, '1.1.0')).toBe(true);
+  });
+  test('returns false when the marker is absent', () => {
+    expect(hasReleaseBlock(content, '2.0.0')).toBe(false);
+  });
+  test('returns false for empty content', () => {
+    expect(hasReleaseBlock('', '1.0.0')).toBe(false);
+  });
+});
+describe('appendReleaseBlock', () => {
+  test('appends to empty content', () => {
+    const result = appendReleaseBlock('', '1.0.0', '## 1.0.0\nInitial release.');
+    expect(result).toBe(
+      '<!-- vellum-update-release:1.0.0 -->\n## 1.0.0\nInitial release.\n',
+    );
+  });
+  test('preserves prior blocks when appending', () => {
+    const existing =
+      '<!-- vellum-update-release:1.0.0 -->\n## 1.0.0\nFirst.\n';
+    const result = appendReleaseBlock(existing, '1.1.0', '## 1.1.0\nSecond.');
+    // Prior block is untouched
+    expect(result).toContain('<!-- vellum-update-release:1.0.0 -->');
+    expect(result).toContain('## 1.0.0\nFirst.');
+    // New block is appended
+    expect(result).toContain('<!-- vellum-update-release:1.1.0 -->');
+    expect(result).toContain('## 1.1.0\nSecond.');
+    // New block comes after old block
+    const oldIdx = result.indexOf('<!-- vellum-update-release:1.0.0 -->');
+    const newIdx = result.indexOf('<!-- vellum-update-release:1.1.0 -->');
+    expect(newIdx).toBeGreaterThan(oldIdx);
+  });
+  test('inserts separator when existing content lacks trailing newline', () => {
+    const existing = '<!-- vellum-update-release:1.0.0 -->\nFirst.';
+    const result = appendReleaseBlock(existing, '1.1.0', 'Second.');
+    // Double newline separates the blocks when there was no trailing newline
+    expect(result).toContain('First.\n\n<!-- vellum-update-release:1.1.0 -->');
+  });
+});
+describe('extractReleaseIds', () => {
+  test('returns all version strings from multiple markers', () => {
+    const content = [
+      '<!-- vellum-update-release:1.0.0 -->',
+      'Block one.',
+      '<!-- vellum-update-release:1.1.0 -->',
+      'Block two.',
+      '<!-- vellum-update-release:2.0.0-rc.1 -->',
+      'Block three.',
+    ].join('\n');
+    expect(extractReleaseIds(content)).toEqual([
+      '1.0.0',
+      '1.1.0',
+      '2.0.0-rc.1',
+    ]);
+  });
+  test('returns empty array for empty content', () => {
+    expect(extractReleaseIds('')).toEqual([]);
+  });
+  test('returns empty array when no markers are present', () => {
+    expect(extractReleaseIds('Just some text\nwith no markers.')).toEqual([]);
+  });
+  test('handles duplicate markers', () => {
+    const content = [
+      '<!-- vellum-update-release:1.0.0 -->',
+      'Block one.',
+      '<!-- vellum-update-release:1.0.0 -->',
+      'Duplicate block.',
+    ].join('\n');
+    expect(extractReleaseIds(content)).toEqual(['1.0.0', '1.0.0']);
+  });
+});

package/src/__tests__/update-bulletin-state.test.ts ADDED Viewed

@@ -0,0 +1,129 @@
+import { beforeEach, describe, expect, it, mock } from 'bun:test';
+const store = new Map<string, string>();
+mock.module('../memory/checkpoints.js', () => ({
+  getMemoryCheckpoint: mock((key: string) => store.get(key) ?? null),
+  setMemoryCheckpoint: mock((key: string, value: string) => store.set(key, value)),
+}));
+const {
+  getActiveReleases,
+  setActiveReleases,
+  getCompletedReleases,
+  setCompletedReleases,
+  isReleaseCompleted,
+  markReleasesCompleted,
+  addActiveRelease,
+} = await import('../config/update-bulletin-state.js');
+describe('update-bulletin-state', () => {
+  beforeEach(() => {
+    store.clear();
+  });
+  describe('empty/default state', () => {
+    it('returns empty array when no active releases checkpoint exists', () => {
+      expect(getActiveReleases()).toEqual([]);
+    });
+    it('returns empty array when no completed releases checkpoint exists', () => {
+      expect(getCompletedReleases()).toEqual([]);
+    });
+    it('isReleaseCompleted returns false when no completed releases exist', () => {
+      expect(isReleaseCompleted('1.0.0')).toBe(false);
+    });
+  });
+  describe('corrupt checkpoint content', () => {
+    it('returns empty array for invalid JSON in active releases', () => {
+      store.set('updates:active_releases', 'not-json{{{');
+      expect(getActiveReleases()).toEqual([]);
+    });
+    it('returns empty array for invalid JSON in completed releases', () => {
+      store.set('updates:completed_releases', '}{broken');
+      expect(getCompletedReleases()).toEqual([]);
+    });
+    it('returns empty array when checkpoint contains a non-array JSON value', () => {
+      store.set('updates:active_releases', '"just-a-string"');
+      expect(getActiveReleases()).toEqual([]);
+    });
+    it('filters out non-string values from the array', () => {
+      store.set('updates:active_releases', '["1.0.0", 42, null, "2.0.0"]');
+      expect(getActiveReleases()).toEqual(['1.0.0', '2.0.0']);
+    });
+  });
+  describe('round-trip serialization', () => {
+    it('write then read returns same data for active releases', () => {
+      const releases = ['1.0.0', '2.0.0', '3.0.0'];
+      setActiveReleases(releases);
+      expect(getActiveReleases()).toEqual(releases);
+    });
+    it('write then read returns same data for completed releases', () => {
+      const releases = ['0.9.0', '1.0.0'];
+      setCompletedReleases(releases);
+      expect(getCompletedReleases()).toEqual(releases);
+    });
+    it('isReleaseCompleted returns true for a completed release', () => {
+      setCompletedReleases(['1.0.0', '2.0.0']);
+      expect(isReleaseCompleted('1.0.0')).toBe(true);
+      expect(isReleaseCompleted('2.0.0')).toBe(true);
+      expect(isReleaseCompleted('3.0.0')).toBe(false);
+    });
+  });
+  describe('dedupe behavior', () => {
+    it('setActiveReleases deduplicates entries', () => {
+      setActiveReleases(['1.0.0', '2.0.0', '1.0.0', '2.0.0', '1.0.0']);
+      expect(getActiveReleases()).toEqual(['1.0.0', '2.0.0']);
+    });
+    it('setCompletedReleases deduplicates entries', () => {
+      setCompletedReleases(['a', 'b', 'a']);
+      expect(getCompletedReleases()).toEqual(['a', 'b']);
+    });
+    it('addActiveRelease does not duplicate an existing release', () => {
+      setActiveReleases(['1.0.0']);
+      addActiveRelease('1.0.0');
+      expect(getActiveReleases()).toEqual(['1.0.0']);
+    });
+    it('markReleasesCompleted does not duplicate existing entries', () => {
+      setCompletedReleases(['1.0.0']);
+      markReleasesCompleted(['1.0.0', '2.0.0']);
+      expect(getCompletedReleases()).toEqual(['1.0.0', '2.0.0']);
+    });
+  });
+  describe('sort behavior', () => {
+    it('active releases are sorted alphabetically', () => {
+      setActiveReleases(['c-release', 'a-release', 'b-release']);
+      expect(getActiveReleases()).toEqual(['a-release', 'b-release', 'c-release']);
+    });
+    it('completed releases are sorted alphabetically', () => {
+      setCompletedReleases(['3.0.0', '1.0.0', '2.0.0']);
+      expect(getCompletedReleases()).toEqual(['1.0.0', '2.0.0', '3.0.0']);
+    });
+    it('addActiveRelease maintains sorted order', () => {
+      setActiveReleases(['a', 'c']);
+      addActiveRelease('b');
+      expect(getActiveReleases()).toEqual(['a', 'b', 'c']);
+    });
+    it('markReleasesCompleted maintains sorted order', () => {
+      setCompletedReleases(['c']);
+      markReleasesCompleted(['a', 'b']);
+      expect(getCompletedReleases()).toEqual(['a', 'b', 'c']);
+    });
+  });
+});