npm - @vellumai/assistant - Versions diffs - 0.3.15 → 0.3.18 - Mend

@vellumai/assistant 0.3.15 → 0.3.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (306) hide show

package/ARCHITECTURE.md +211 -12
package/Dockerfile +1 -1
package/README.md +11 -5
package/docs/architecture/http-token-refresh.md +274 -0
package/docs/architecture/memory.md +5 -4
package/docs/architecture/scheduling.md +4 -88
package/docs/runbook-trusted-contacts.md +283 -0
package/docs/trusted-contact-access.md +247 -0
package/package.json +1 -1
package/scripts/ipc/check-swift-decoder-drift.ts +2 -0
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +2 -6
package/src/__tests__/access-request-decision.test.ts +328 -0
package/src/__tests__/asset-materialize-tool.test.ts +7 -7
package/src/__tests__/asset-search-tool.test.ts +15 -15
package/src/__tests__/attachments-store.test.ts +13 -13
package/src/__tests__/call-controller.test.ts +150 -4
package/src/__tests__/call-conversation-messages.test.ts +2 -2
package/src/__tests__/call-pointer-messages.test.ts +28 -0
package/src/__tests__/call-start-guardian-guard.test.ts +93 -0
package/src/__tests__/channel-approval-routes.test.ts +108 -12
package/src/__tests__/channel-guardian.test.ts +19 -15
package/src/__tests__/checker.test.ts +103 -48
package/src/__tests__/computer-use-skill-manifest-regression.test.ts +2 -2
package/src/__tests__/config-watcher.test.ts +356 -0
package/src/__tests__/conversation-pairing.test.ts +127 -27
package/src/__tests__/conversation-store.test.ts +36 -36
package/src/__tests__/date-context.test.ts +179 -1
package/src/__tests__/db-migration-rollback.test.ts +4 -7
package/src/__tests__/deterministic-verification-control-plane.test.ts +5 -5
package/src/__tests__/emit-signal-routing-intent.test.ts +179 -0
package/src/__tests__/gateway-only-guard.test.ts +188 -0
package/src/__tests__/guardian-action-conversation-turn.test.ts +451 -0
package/src/__tests__/guardian-action-copy-generator.test.ts +197 -0
package/src/__tests__/guardian-action-followup-executor.test.ts +379 -0
package/src/__tests__/guardian-action-followup-store.test.ts +376 -0
package/src/__tests__/guardian-action-late-reply.test.ts +425 -0
package/src/__tests__/guardian-action-no-hardcoded-copy.test.ts +71 -0
package/src/__tests__/guardian-action-store.test.ts +182 -0
package/src/__tests__/guardian-action-sweep.test.ts +9 -9
package/src/__tests__/guardian-dispatch.test.ts +120 -0
package/src/__tests__/guardian-outbound-http.test.ts +194 -2
package/src/__tests__/guardian-verification-intent-routing.test.ts +179 -0
package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +141 -0
package/src/__tests__/handlers-telegram-config.test.ts +6 -6
package/src/__tests__/hooks-runner.test.ts +13 -4
package/src/__tests__/ingress-routes-http.test.ts +443 -0
package/src/__tests__/intent-routing.test.ts +14 -0
package/src/__tests__/ipc-snapshot.test.ts +23 -5
package/src/__tests__/media-reuse-story.e2e.test.ts +7 -7
package/src/__tests__/memory-regressions.test.ts +16 -12
package/src/__tests__/non-member-access-request.test.ts +281 -0
package/src/__tests__/notification-broadcaster.test.ts +115 -4
package/src/__tests__/notification-decision-strategy.test.ts +138 -1
package/src/__tests__/notification-deep-link.test.ts +44 -1
package/src/__tests__/notification-guardian-path.test.ts +157 -0
package/src/__tests__/notification-routing-intent.test.ts +11 -1
package/src/__tests__/notification-thread-candidate-validation.test.ts +215 -0
package/src/__tests__/notification-thread-candidates.test.ts +166 -0
package/src/__tests__/recording-intent.test.ts +1 -0
package/src/__tests__/recording-state-machine.test.ts +328 -17
package/src/__tests__/registry.test.ts +17 -8
package/src/__tests__/relay-server.test.ts +105 -0
package/src/__tests__/reminder.test.ts +13 -0
package/src/__tests__/runtime-attachment-metadata.test.ts +4 -4
package/src/__tests__/scheduler-recurrence.test.ts +50 -0
package/src/__tests__/server-history-render.test.ts +8 -8
package/src/__tests__/session-agent-loop.test.ts +1 -0
package/src/__tests__/session-runtime-assembly.test.ts +49 -0
package/src/__tests__/session-skill-tools.test.ts +1 -0
package/src/__tests__/skill-projection.benchmark.test.ts +11 -3
package/src/__tests__/slack-channel-config.test.ts +230 -0
package/src/__tests__/subagent-manager-notify.test.ts +4 -4
package/src/__tests__/swarm-session-integration.test.ts +2 -2
package/src/__tests__/system-prompt.test.ts +43 -0
package/src/__tests__/task-management-tools.test.ts +3 -3
package/src/__tests__/task-tools.test.ts +3 -3
package/src/__tests__/trust-store.test.ts +38 -22
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +489 -0
package/src/__tests__/trusted-contact-multichannel.test.ts +405 -0
package/src/__tests__/trusted-contact-verification.test.ts +360 -0
package/src/__tests__/update-bulletin-format.test.ts +119 -0
package/src/__tests__/update-bulletin-state.test.ts +129 -0
package/src/__tests__/update-bulletin.test.ts +323 -0
package/src/__tests__/update-template-contract.test.ts +24 -0
package/src/__tests__/voice-session-bridge.test.ts +109 -9
package/src/agent/loop.ts +2 -2
package/src/amazon/client.ts +2 -3
package/src/calls/call-controller.ts +241 -39
package/src/calls/call-conversation-messages.ts +2 -2
package/src/calls/call-domain.ts +10 -3
package/src/calls/call-pointer-messages.ts +17 -5
package/src/calls/guardian-action-sweep.ts +77 -36
package/src/calls/guardian-dispatch.ts +8 -0
package/src/calls/relay-server.ts +51 -12
package/src/calls/twilio-routes.ts +3 -1
package/src/calls/types.ts +1 -1
package/src/calls/voice-session-bridge.ts +8 -6
package/src/cli/core-commands.ts +43 -3
package/src/cli/map.ts +8 -5
package/src/config/bundled-skills/phone-calls/SKILL.md +16 -1
package/src/config/bundled-skills/tasks/SKILL.md +1 -1
package/src/config/bundled-skills/tasks/TOOLS.json +4 -4
package/src/config/bundled-skills/time-based-actions/SKILL.md +11 -1
package/src/config/computer-use-prompt.ts +1 -0
package/src/config/core-schema.ts +16 -0
package/src/config/env-registry.ts +1 -0
package/src/config/env.ts +16 -1
package/src/config/memory-schema.ts +5 -0
package/src/config/schema.ts +4 -0
package/src/config/system-prompt.ts +69 -2
package/src/config/templates/BOOTSTRAP.md +1 -1
package/src/config/templates/IDENTITY.md +8 -4
package/src/config/templates/SOUL.md +14 -0
package/src/config/templates/UPDATES.md +15 -0
package/src/config/templates/USER.md +5 -1
package/src/config/types.ts +1 -0
package/src/config/update-bulletin-format.ts +54 -0
package/src/config/update-bulletin-state.ts +49 -0
package/src/config/update-bulletin-template-path.ts +6 -0
package/src/config/update-bulletin.ts +97 -0
package/src/config/vellum-skills/catalog.json +6 -0
package/src/config/vellum-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
package/src/config/vellum-skills/guardian-verify-setup/SKILL.md +44 -10
package/src/config/vellum-skills/telegram-setup/SKILL.md +4 -4
package/src/config/vellum-skills/trusted-contacts/SKILL.md +147 -0
package/src/config/vellum-skills/twilio-setup/SKILL.md +2 -2
package/src/context/window-manager.ts +43 -3
package/src/daemon/config-watcher.ts +4 -2
package/src/daemon/connection-policy.ts +21 -1
package/src/daemon/daemon-control.ts +219 -8
package/src/daemon/date-context.ts +174 -1
package/src/daemon/guardian-action-generators.ts +175 -0
package/src/daemon/guardian-verification-intent.ts +120 -0
package/src/daemon/handlers/apps.ts +1 -3
package/src/daemon/handlers/config-channels.ts +2 -2
package/src/daemon/handlers/config-heartbeat.ts +1 -1
package/src/daemon/handlers/config-inbox.ts +55 -159
package/src/daemon/handlers/config-ingress.ts +1 -1
package/src/daemon/handlers/config-integrations.ts +1 -1
package/src/daemon/handlers/config-platform.ts +1 -1
package/src/daemon/handlers/config-scheduling.ts +2 -2
package/src/daemon/handlers/config-slack-channel.ts +190 -0
package/src/daemon/handlers/config-telegram.ts +1 -1
package/src/daemon/handlers/config-twilio.ts +1 -1
package/src/daemon/handlers/config-voice.ts +100 -0
package/src/daemon/handlers/config.ts +3 -0
package/src/daemon/handlers/identity.ts +45 -25
package/src/daemon/handlers/misc.ts +83 -5
package/src/daemon/handlers/navigate-settings.ts +27 -0
package/src/daemon/handlers/recording.ts +270 -144
package/src/daemon/handlers/sessions.ts +100 -17
package/src/daemon/handlers/subagents.ts +3 -3
package/src/daemon/handlers/work-items.ts +10 -7
package/src/daemon/ipc-contract/integrations.ts +9 -1
package/src/daemon/ipc-contract/messages.ts +4 -0
package/src/daemon/ipc-contract/sessions.ts +1 -1
package/src/daemon/ipc-contract/settings.ts +26 -0
package/src/daemon/ipc-contract/shared.ts +2 -0
package/src/daemon/ipc-contract/work-items.ts +1 -7
package/src/daemon/ipc-contract/workspace.ts +12 -1
package/src/daemon/ipc-contract-inventory.json +6 -1
package/src/daemon/ipc-contract.ts +5 -1
package/src/daemon/lifecycle.ts +314 -266
package/src/daemon/recording-intent.ts +0 -41
package/src/daemon/response-tier.ts +2 -2
package/src/daemon/server.ts +31 -9
package/src/daemon/session-agent-loop-handlers.ts +34 -9
package/src/daemon/session-agent-loop.ts +15 -8
package/src/daemon/session-history.ts +3 -2
package/src/daemon/session-media-retry.ts +3 -0
package/src/daemon/session-messaging.ts +38 -4
package/src/daemon/session-notifiers.ts +2 -2
package/src/daemon/session-process.ts +546 -59
package/src/daemon/session-queue-manager.ts +2 -0
package/src/daemon/session-runtime-assembly.ts +39 -0
package/src/daemon/session-skill-tools.ts +13 -4
package/src/daemon/session-tool-setup.ts +5 -6
package/src/daemon/session.ts +19 -8
package/src/daemon/tls-certs.ts +60 -13
package/src/daemon/tool-side-effects.ts +13 -5
package/src/gallery/default-gallery.ts +32 -9
package/src/influencer/client.ts +2 -1
package/src/memory/channel-delivery-store.ts +35 -567
package/src/memory/channel-guardian-store.ts +63 -1317
package/src/memory/conflict-store.ts +4 -4
package/src/memory/conversation-attention-store.ts +0 -3
package/src/memory/conversation-crud.ts +668 -0
package/src/memory/conversation-queries.ts +361 -0
package/src/memory/conversation-store.ts +44 -983
package/src/memory/db-connection.ts +3 -0
package/src/memory/db-init.ts +33 -0
package/src/memory/delivery-channels.ts +175 -0
package/src/memory/delivery-crud.ts +211 -0
package/src/memory/delivery-status.ts +199 -0
package/src/memory/embedding-backend.ts +70 -4
package/src/memory/embedding-local.ts +12 -2
package/src/memory/entity-extractor.ts +3 -8
package/src/memory/fts-reconciler.ts +136 -0
package/src/memory/guardian-action-store.ts +418 -5
package/src/memory/guardian-approvals.ts +569 -0
package/src/memory/guardian-bindings.ts +130 -0
package/src/memory/guardian-rate-limits.ts +196 -0
package/src/memory/guardian-verification.ts +521 -0
package/src/memory/job-handlers/index-maintenance.ts +2 -1
package/src/memory/job-utils.ts +8 -5
package/src/memory/jobs-store.ts +66 -6
package/src/memory/jobs-worker.ts +23 -1
package/src/memory/migrations/030-guardian-action-followup.ts +21 -0
package/src/memory/migrations/030-guardian-verification-purpose.ts +17 -0
package/src/memory/migrations/031-conversations-thread-type-index.ts +5 -0
package/src/memory/migrations/032-guardian-delivery-conversation-index.ts +15 -0
package/src/memory/migrations/032-notification-delivery-thread-decision.ts +20 -0
package/src/memory/migrations/100-core-tables.ts +1 -1
package/src/memory/migrations/101-watchers-and-logs.ts +4 -0
package/src/memory/migrations/108-tasks-and-work-items.ts +1 -1
package/src/memory/migrations/112-assistant-inbox.ts +1 -1
package/src/memory/migrations/113-late-migrations.ts +1 -1
package/src/memory/migrations/116-messages-fts.ts +13 -0
package/src/memory/migrations/119-schema-indexes-and-columns.ts +37 -0
package/src/memory/migrations/120-fk-cascade-rebuilds.ts +161 -0
package/src/memory/migrations/index.ts +10 -3
package/src/memory/migrations/validate-migration-state.ts +114 -15
package/src/memory/qdrant-circuit-breaker.ts +105 -0
package/src/memory/retriever.ts +46 -13
package/src/memory/schema-migration.ts +4 -0
package/src/memory/schema.ts +31 -8
package/src/memory/search/semantic.ts +8 -90
package/src/notifications/README.md +159 -18
package/src/notifications/broadcaster.ts +69 -33
package/src/notifications/conversation-pairing.ts +99 -21
package/src/notifications/decision-engine.ts +176 -8
package/src/notifications/deliveries-store.ts +39 -8
package/src/notifications/emit-signal.ts +1 -0
package/src/notifications/preferences-store.ts +7 -7
package/src/notifications/thread-candidates.ts +269 -0
package/src/notifications/types.ts +19 -0
package/src/permissions/checker.ts +1 -16
package/src/permissions/defaults.ts +25 -5
package/src/permissions/prompter.ts +17 -0
package/src/permissions/trust-store.ts +2 -0
package/src/providers/failover.ts +19 -0
package/src/providers/registry.ts +46 -1
package/src/runtime/approval-message-composer.ts +1 -1
package/src/runtime/channel-guardian-service.ts +15 -3
package/src/runtime/channel-retry-sweep.ts +7 -2
package/src/runtime/guardian-action-conversation-turn.ts +85 -0
package/src/runtime/guardian-action-followup-executor.ts +301 -0
package/src/runtime/guardian-action-message-composer.ts +245 -0
package/src/runtime/guardian-outbound-actions.ts +26 -6
package/src/runtime/guardian-verification-templates.ts +15 -9
package/src/runtime/http-errors.ts +93 -0
package/src/runtime/http-server.ts +133 -44
package/src/runtime/http-types.ts +53 -0
package/src/runtime/ingress-service.ts +237 -0
package/src/runtime/middleware/error-handler.ts +4 -3
package/src/runtime/middleware/rate-limiter.ts +160 -0
package/src/runtime/middleware/request-logger.ts +71 -0
package/src/runtime/middleware/twilio-validation.ts +7 -6
package/src/runtime/pending-interactions.ts +12 -0
package/src/runtime/routes/access-request-decision.ts +215 -0
package/src/runtime/routes/app-routes.ts +25 -18
package/src/runtime/routes/approval-routes.ts +18 -47
package/src/runtime/routes/attachment-routes.ts +15 -41
package/src/runtime/routes/call-routes.ts +20 -20
package/src/runtime/routes/channel-delivery-routes.ts +6 -5
package/src/runtime/routes/contact-routes.ts +4 -9
package/src/runtime/routes/conversation-attention-routes.ts +2 -1
package/src/runtime/routes/conversation-routes.ts +26 -57
package/src/runtime/routes/debug-routes.ts +71 -0
package/src/runtime/routes/events-routes.ts +3 -2
package/src/runtime/routes/guardian-approval-interception.ts +221 -0
package/src/runtime/routes/identity-routes.ts +14 -10
package/src/runtime/routes/inbound-conversation.ts +3 -2
package/src/runtime/routes/inbound-message-handler.ts +527 -62
package/src/runtime/routes/ingress-routes.ts +174 -0
package/src/runtime/routes/integration-routes.ts +78 -16
package/src/runtime/routes/pairing-routes.ts +11 -10
package/src/runtime/routes/secret-routes.ts +10 -18
package/src/runtime/verification-rate-limiter.ts +83 -0
package/src/schedule/schedule-store.ts +13 -1
package/src/schedule/scheduler.ts +1 -1
package/src/security/secret-ingress.ts +5 -2
package/src/security/secret-scanner.ts +72 -6
package/src/subagent/manager.ts +6 -4
package/src/swarm/plan-validator.ts +4 -1
package/src/tasks/task-runner.ts +3 -1
package/src/tools/browser/api-map.ts +9 -6
package/src/tools/calls/call-start.ts +20 -0
package/src/tools/executor.ts +50 -568
package/src/tools/permission-checker.ts +271 -0
package/src/tools/registry.ts +14 -6
package/src/tools/reminder/reminder-store.ts +7 -7
package/src/tools/reminder/reminder.ts +6 -3
package/src/tools/secret-detection-handler.ts +301 -0
package/src/tools/subagent/message.ts +1 -1
package/src/tools/system/voice-config.ts +62 -0
package/src/tools/tasks/index.ts +3 -3
package/src/tools/tasks/work-item-list.ts +3 -3
package/src/tools/tasks/work-item-update.ts +4 -5
package/src/tools/tool-approval-handler.ts +192 -0
package/src/tools/tool-manifest.ts +2 -0
package/src/version.ts +29 -2
package/src/watcher/watcher-store.ts +9 -9
package/src/work-items/work-item-runner.ts +9 -6
/package/src/memory/migrations/{026-embeddings-nullable-vector-json.ts → 026a-embeddings-nullable-vector-json.ts} +0 -0
/package/src/memory/migrations/{027-guardian-bootstrap-token.ts → 027a-guardian-bootstrap-token.ts} +0 -0

package/src/memory/channel-delivery-store.ts CHANGED Viewed

@@ -1,570 +1,38 @@
 /**
  * Channel inbound idempotency + delivery state tracking.
  *
- * Ensures duplicate channel messages (e.g. Telegram webhook retries)
- * don't produce duplicate replies. Tracks delivery acknowledgement
- * so the runtime owns the full lifecycle instead of web Postgres.
- *
- * Dead-letter support: when processMessage fails, the event is marked
- * with processing_status='failed' (retryable) or 'dead_letter' (fatal
- * or max attempts exceeded). A periodic sweep retries failed events,
- * and a replay endpoint allows manual recovery of dead-lettered ones.
- */
-import { and, desc, eq, isNotNull,lte } from 'drizzle-orm';
-import { v4 as uuid } from 'uuid';
-import { getConversationByKey, getOrCreateConversation, setConversationKeyIfAbsent } from './conversation-key-store.js';
-import { getDb } from './db.js';
-import {
-  classifyError,
-  RETRY_MAX_ATTEMPTS,
-  retryDelayForAttempt,
-} from './job-utils.js';
-import { channelInboundEvents, conversations } from './schema.js';
-export interface InboundResult {
-  accepted: boolean;
-  eventId: string;
-  conversationId: string;
-  duplicate: boolean;
-}
-export interface RecordInboundOptions {
-  sourceMessageId?: string;
-  assistantId?: string;
-}
-/**
- * Record an inbound channel event. Returns `duplicate: true` if this
- * exact (channel, chat, message) combination was already seen.
- */
-export function recordInbound(
-  sourceChannel: string,
-  externalChatId: string,
-  externalMessageId: string,
-  options?: RecordInboundOptions,
-): InboundResult {
-  const db = getDb();
-  const existing = db
-    .select({
-      id: channelInboundEvents.id,
-      conversationId: channelInboundEvents.conversationId,
-    })
-    .from(channelInboundEvents)
-    .where(
-      and(
-        eq(channelInboundEvents.sourceChannel, sourceChannel),
-        eq(channelInboundEvents.externalChatId, externalChatId),
-        eq(channelInboundEvents.externalMessageId, externalMessageId),
-      ),
-    )
-    .get();
-  if (existing) {
-    return {
-      accepted: true,
-      eventId: existing.id,
-      conversationId: existing.conversationId,
-      duplicate: true,
-    };
-  }
-  const assistantId = options?.assistantId;
-  const legacyKey = `${sourceChannel}:${externalChatId}`;
-  const scopedKey = assistantId ? `asst:${assistantId}:${sourceChannel}:${externalChatId}` : legacyKey;
-  // Resolve conversation mapping with assistant-scoped keying:
-  // 1. If scoped key exists, use it directly.
-  // 2. If assistantId is "self" and legacy key exists, reuse the legacy
-  //    conversation and create a scoped alias to prevent future bleed.
-  // 3. Otherwise, create/get conversation from the scoped key.
-  let mapping: { conversationId: string; created: boolean };
-  const scopedMapping = assistantId ? getConversationByKey(scopedKey) : null;
-  if (scopedMapping) {
-    mapping = { conversationId: scopedMapping.conversationId, created: false };
-  } else if (assistantId === 'self') {
-    const legacyMapping = getConversationByKey(legacyKey);
-    if (legacyMapping) {
-      mapping = { conversationId: legacyMapping.conversationId, created: false };
-      setConversationKeyIfAbsent(scopedKey, legacyMapping.conversationId);
-    } else {
-      mapping = getOrCreateConversation(scopedKey);
-    }
-  } else {
-    mapping = getOrCreateConversation(scopedKey);
-  }
-  const now = Date.now();
-  const eventId = uuid();
-  db.transaction((tx) => {
-    tx.update(conversations)
-      .set({ updatedAt: now })
-      .where(eq(conversations.id, mapping.conversationId))
-      .run();
-    tx.insert(channelInboundEvents)
-      .values({
-        id: eventId,
-        sourceChannel,
-        externalChatId,
-        externalMessageId,
-        sourceMessageId: options?.sourceMessageId ?? null,
-        conversationId: mapping.conversationId,
-        deliveryStatus: 'pending',
-        createdAt: now,
-        updatedAt: now,
-      })
-      .run();
-  });
-  return {
-    accepted: true,
-    eventId,
-    conversationId: mapping.conversationId,
-    duplicate: false,
-  };
-}
-/**
- * Link an inbound event to the user message it created, so edits can
- * later find the correct message by source_message_id → message_id.
- */
-export function linkMessage(eventId: string, messageId: string): void {
-  const db = getDb();
-  db.update(channelInboundEvents)
-    .set({ messageId, updatedAt: Date.now() })
-    .where(eq(channelInboundEvents.id, eventId))
-    .run();
-}
-/**
- * Find the message ID linked to the original inbound event for a given
- * platform-level message identifier (e.g. Telegram message_id).
- */
-export function findMessageBySourceId(
-  sourceChannel: string,
-  externalChatId: string,
-  sourceMessageId: string,
-): { messageId: string; conversationId: string } | null {
-  const db = getDb();
-  const row = db
-    .select({
-      messageId: channelInboundEvents.messageId,
-      conversationId: channelInboundEvents.conversationId,
-    })
-    .from(channelInboundEvents)
-    .where(
-      and(
-        eq(channelInboundEvents.sourceChannel, sourceChannel),
-        eq(channelInboundEvents.externalChatId, externalChatId),
-        eq(channelInboundEvents.sourceMessageId, sourceMessageId),
-        isNotNull(channelInboundEvents.messageId),
-      ),
-    )
-    .get();
-  if (!row || !row.messageId) return null;
-  return { messageId: row.messageId, conversationId: row.conversationId };
-}
-/**
- * Acknowledge delivery of an outbound message for a channel event.
- */
-export function acknowledgeDelivery(
-  sourceChannel: string,
-  externalChatId: string,
-  externalMessageId: string,
-): boolean {
-  const db = getDb();
-  const now = Date.now();
-  const existing = db
-    .select({ id: channelInboundEvents.id })
-    .from(channelInboundEvents)
-    .where(
-      and(
-        eq(channelInboundEvents.sourceChannel, sourceChannel),
-        eq(channelInboundEvents.externalChatId, externalChatId),
-        eq(channelInboundEvents.externalMessageId, externalMessageId),
-      ),
-    )
-    .get();
-  if (!existing) return false;
-  db.update(channelInboundEvents)
-    .set({
-      deliveryStatus: 'delivered',
-      updatedAt: now,
-    })
-    .where(eq(channelInboundEvents.id, existing.id))
-    .run();
-  return true;
-}
-// ── Pending verification reply helpers ───────────────────────────────
-//
-// When a guardian verification succeeds but the confirmation reply fails
-// to deliver, we persist the reply details on the inbound event so that
-// gateway retries (which arrive as duplicates) can re-attempt delivery.
-export interface PendingVerificationReply {
-  __pendingVerificationReply: true;
-  chatId: string;
-  text: string;
-  assistantId: string;
-}
-/**
- * Store a pending verification reply on an inbound event. Called when
- * `deliverChannelReply` fails after challenge consumption so the reply
- * can be retried on subsequent duplicate deliveries.
- */
-export function storePendingVerificationReply(
-  eventId: string,
-  reply: Omit<PendingVerificationReply, '__pendingVerificationReply'>,
-): void {
-  const db = getDb();
-  const payload: PendingVerificationReply = { __pendingVerificationReply: true, ...reply };
-  db.update(channelInboundEvents)
-    .set({ rawPayload: JSON.stringify(payload), updatedAt: Date.now() })
-    .where(eq(channelInboundEvents.id, eventId))
-    .run();
-}
-/**
- * Retrieve a pending verification reply for a given event, if one exists.
- */
-export function getPendingVerificationReply(
-  eventId: string,
-): PendingVerificationReply | null {
-  const db = getDb();
-  const row = db
-    .select({ rawPayload: channelInboundEvents.rawPayload })
-    .from(channelInboundEvents)
-    .where(eq(channelInboundEvents.id, eventId))
-    .get();
-  if (!row?.rawPayload) return null;
-  try {
-    const parsed = JSON.parse(row.rawPayload);
-    if (parsed && parsed.__pendingVerificationReply === true) {
-      return parsed as PendingVerificationReply;
-    }
-    return null;
-  } catch {
-    return null;
-  }
-}
-/**
- * Clear a pending verification reply after successful delivery.
- */
-export function clearPendingVerificationReply(eventId: string): void {
-  const db = getDb();
-  db.update(channelInboundEvents)
-    .set({ rawPayload: null, updatedAt: Date.now() })
-    .where(eq(channelInboundEvents.id, eventId))
-    .run();
-}
-// ── Per-segment delivery progress ──────────────────────────────────
-//
-// When a split reply (multiple text segments from tool boundaries) fails
-// partway through delivery, we persist how many segments were sent so
-// the retry can resume from where it left off.
-/**
- * Read the number of reply segments already delivered for an event.
- */
-export function getDeliveredSegmentCount(eventId: string): number {
-  const db = getDb();
-  const row = db
-    .select({ count: channelInboundEvents.deliveredSegmentCount })
-    .from(channelInboundEvents)
-    .where(eq(channelInboundEvents.id, eventId))
-    .get();
-  return row?.count ?? 0;
-}
-/**
- * Update the delivered segment count after successful delivery of one
- * or more segments. Called incrementally as segments are sent.
- */
-export function updateDeliveredSegmentCount(eventId: string, count: number): void {
-  const db = getDb();
-  db.update(channelInboundEvents)
-    .set({ deliveredSegmentCount: count, updatedAt: Date.now() })
-    .where(eq(channelInboundEvents.id, eventId))
-    .run();
-}
-// ── Dead-letter queue helpers ───────────────────────────────────────
-/**
- * Store the raw request payload on an inbound event so it can be
- * replayed later if processing fails.
- */
-export function storePayload(eventId: string, payload: Record<string, unknown>): void {
-  const db = getDb();
-  db.update(channelInboundEvents)
-    .set({ rawPayload: JSON.stringify(payload), updatedAt: Date.now() })
-    .where(eq(channelInboundEvents.id, eventId))
-    .run();
-}
-/**
- * Clear a previously stored payload. Used when the ingress check
- * detects secret-bearing content — the payload must not remain on disk.
- */
-export function clearPayload(eventId: string): void {
-  const db = getDb();
-  db.update(channelInboundEvents)
-    .set({ rawPayload: null, updatedAt: Date.now() })
-    .where(eq(channelInboundEvents.id, eventId))
-    .run();
-}
-/**
- * Retrieve the stored raw payload for a given conversation's most recent
- * inbound event. Used by the escalation decide flow to recover the
- * original message content after an approve/deny decision.
- */
-export function getLatestStoredPayload(conversationId: string): Record<string, unknown> | null {
-  const db = getDb();
-  const row = db
-    .select({
-      rawPayload: channelInboundEvents.rawPayload,
-    })
-    .from(channelInboundEvents)
-    .where(
-      and(
-        eq(channelInboundEvents.conversationId, conversationId),
-        isNotNull(channelInboundEvents.rawPayload),
-      ),
-    )
-    .orderBy(desc(channelInboundEvents.createdAt))
-    .get();
-  if (!row?.rawPayload) return null;
-  try {
-    return JSON.parse(row.rawPayload) as Record<string, unknown>;
-  } catch {
-    return null;
-  }
-}
-/** Mark an event as successfully processed. */
-export function markProcessed(eventId: string): void {
-  const db = getDb();
-  db.update(channelInboundEvents)
-    .set({ processingStatus: 'processed', updatedAt: Date.now() })
-    .where(eq(channelInboundEvents.id, eventId))
-    .run();
-}
-/**
- * Record a processing failure. Classifies the error to decide whether
- * the event should be retried (status='failed') or dead-lettered
- * (status='dead_letter') when the error is fatal or max attempts
- * are exhausted.
- */
-export function recordProcessingFailure(eventId: string, err: unknown): void {
-  const db = getDb();
-  const now = Date.now();
-  const row = db
-    .select({ attempts: channelInboundEvents.processingAttempts })
-    .from(channelInboundEvents)
-    .where(eq(channelInboundEvents.id, eventId))
-    .get();
-  const attempts = (row?.attempts ?? 0) + 1;
-  const category = classifyError(err);
-  const errorMsg = err instanceof Error ? err.message : String(err);
-  if (category === 'fatal' || attempts >= RETRY_MAX_ATTEMPTS) {
-    db.update(channelInboundEvents)
-      .set({
-        processingStatus: 'dead_letter',
-        processingAttempts: attempts,
-        lastProcessingError: errorMsg,
-        retryAfter: null,
-        updatedAt: now,
-      })
-      .where(eq(channelInboundEvents.id, eventId))
-      .run();
-  } else {
-    const delay = retryDelayForAttempt(attempts);
-    db.update(channelInboundEvents)
-      .set({
-        processingStatus: 'failed',
-        processingAttempts: attempts,
-        lastProcessingError: errorMsg,
-        retryAfter: now + delay,
-        updatedAt: now,
-      })
-      .where(eq(channelInboundEvents.id, eventId))
-      .run();
-  }
-}
-/** Fetch events eligible for automatic retry (failed + past their backoff). */
-export function getRetryableEvents(limit = 20): Array<{
-  id: string;
-  conversationId: string;
-  processingAttempts: number;
-  rawPayload: string | null;
-}> {
-  const db = getDb();
-  const now = Date.now();
-  return db
-    .select({
-      id: channelInboundEvents.id,
-      conversationId: channelInboundEvents.conversationId,
-      processingAttempts: channelInboundEvents.processingAttempts,
-      rawPayload: channelInboundEvents.rawPayload,
-    })
-    .from(channelInboundEvents)
-    .where(
-      and(
-        eq(channelInboundEvents.processingStatus, 'failed'),
-        lte(channelInboundEvents.retryAfter, now),
-      ),
-    )
-    .limit(limit)
-    .all();
-}
-/** Fetch dead-lettered events. */
-export function getDeadLetterEvents(): Array<{
-  id: string;
-  sourceChannel: string;
-  externalChatId: string;
-  externalMessageId: string;
-  conversationId: string;
-  processingAttempts: number;
-  lastProcessingError: string | null;
-  createdAt: number;
-}> {
-  const db = getDb();
-  return db
-    .select({
-      id: channelInboundEvents.id,
-      sourceChannel: channelInboundEvents.sourceChannel,
-      externalChatId: channelInboundEvents.externalChatId,
-      externalMessageId: channelInboundEvents.externalMessageId,
-      conversationId: channelInboundEvents.conversationId,
-      processingAttempts: channelInboundEvents.processingAttempts,
-      lastProcessingError: channelInboundEvents.lastProcessingError,
-      createdAt: channelInboundEvents.createdAt,
-    })
-    .from(channelInboundEvents)
-    .where(eq(channelInboundEvents.processingStatus, 'dead_letter'))
-    .all();
-}
-// ── Deliver-once guard for terminal reply idempotency ────────────────
-//
-// When both the main poll (processChannelMessageWithApprovals) and the
-// post-decision poll (schedulePostDecisionDelivery) race to deliver the
-// final assistant reply for the same run, this guard ensures only one
-// of them actually sends the message. The guard is run-scoped so old
-// assistant messages from previous runs are not affected.
-/** Map from runId to insertion timestamp (ms). */
-const deliveredRuns = new Map<string, number>();
-/** TTL for delivery claims — 10 minutes, well beyond the poll max-wait. */
-const CLAIM_TTL_MS = 10 * 60 * 1000;
-/** Hard cap to bound memory even under sustained high throughput within the TTL window. */
-const MAX_DELIVERED_RUNS = 10_000;
-/**
- * Atomically claim the right to deliver the final reply for a run.
- * Returns `true` if this caller won the claim (and should proceed with
- * delivery). Returns `false` if another caller already claimed it.
- *
- * This is an in-memory guard — sufficient because both racing pollers
- * execute within the same process. The Map is never persisted; on restart
- * there are no in-flight pollers to race.
- *
- * Claims are evicted after CLAIM_TTL_MS. When the hard cap is reached,
- * only TTL-expired entries are evicted — active claims are never removed
- * early, preserving the at-most-once delivery guarantee.
- */
-export function claimRunDelivery(runId: string): boolean {
-  if (deliveredRuns.has(runId)) return false;
-  if (deliveredRuns.size >= MAX_DELIVERED_RUNS) {
-    // Only evict entries whose TTL has expired. Map iteration order
-    // matches insertion order, so oldest entries come first.
-    const now = Date.now();
-    for (const [id, insertedAt] of deliveredRuns) {
-      if (now - insertedAt >= CLAIM_TTL_MS) {
-        deliveredRuns.delete(id);
-      } else {
-        // Remaining entries are newer; stop scanning.
-        break;
-      }
-    }
-  }
-  const now = Date.now();
-  deliveredRuns.set(runId, now);
-  setTimeout(() => deliveredRuns.delete(runId), CLAIM_TTL_MS);
-  return true;
-}
-/**
- * Reset the deliver-once guard for a run. Used to release a claim when
- * delivery fails (so the other racing poller can retry) and in tests
- * for isolation between test cases.
- */
-export function resetRunDeliveryClaim(runId: string): void {
-  deliveredRuns.delete(runId);
-}
-/**
- * Clear all delivery claims. Used in tests for full isolation.
- */
-export function resetAllRunDeliveryClaims(): void {
-  deliveredRuns.clear();
-}
-/**
- * Reset dead-lettered events back to 'failed' so the sweep can retry
- * them. Resets attempt counter and sets an immediate retry_after.
- */
-export function replayDeadLetters(eventIds: string[]): number {
-  const db = getDb();
-  const now = Date.now();
-  let count = 0;
-  for (const id of eventIds) {
-    const existing = db
-      .select({ id: channelInboundEvents.id })
-      .from(channelInboundEvents)
-      .where(
-        and(
-          eq(channelInboundEvents.id, id),
-          eq(channelInboundEvents.processingStatus, 'dead_letter'),
-        ),
-      )
-      .get();
-    if (!existing) continue;
-    db.update(channelInboundEvents)
-      .set({
-        processingStatus: 'failed',
-        processingAttempts: 0,
-        lastProcessingError: null,
-        retryAfter: now,
-        updatedAt: now,
-      })
-      .where(eq(channelInboundEvents.id, id))
-      .run();
-    count++;
-  }
-  return count;
-}
+ * This module re-exports from focused sub-modules for backward compatibility.
+ * New code should import directly from the relevant sub-module:
+ *   - delivery-crud.ts    — inbound event CRUD and payload management
+ *   - delivery-status.ts  — processing status tracking and dead-letter queue
+ *   - delivery-channels.ts — verification replies, segment progress, delivery guards
+ */
+export type { PendingVerificationReply } from './delivery-channels.js';
+export {
+  claimRunDelivery,
+  clearPendingVerificationReply,
+  getDeliveredSegmentCount,
+  getPendingVerificationReply,
+  resetAllRunDeliveryClaims,
+  resetRunDeliveryClaim,
+  storePendingVerificationReply,
+  updateDeliveredSegmentCount,
+} from './delivery-channels.js';
+export type { InboundResult, RecordInboundOptions } from './delivery-crud.js';
+export {
+  clearPayload,
+  findMessageBySourceId,
+  getLatestStoredPayload,
+  linkMessage,
+  recordInbound,
+  storePayload,
+} from './delivery-crud.js';
+export {
+  acknowledgeDelivery,
+  getDeadLetterEvents,
+  getRetryableEvents,
+  markProcessed,
+  recordProcessingFailure,
+  replayDeadLetters,
+} from './delivery-status.js';