@vellumai/assistant 0.3.16 → 0.3.19

package/src/__tests__/scoped-grant-security-matrix.test.ts

@@ -0,0 +1,443 @@
+/**
+ * Security test matrix for channel-agnostic scoped approval grants.
+ *
+ * This file covers scenarios NOT already tested in:
+ *   - scoped-approval-grants.test.ts (CRUD, digest, basic consume semantics)
+ *   - voice-scoped-grant-consumer.test.ts (voice bridge integration)
+ *   - guardian-grant-minting.test.ts (grant minting on approval decisions)
+ *
+ * Additional scenarios tested here:
+ *   6. Requester identity mismatch denied
+ *   8. Concurrent consume attempts: only one succeeds
+ *  12. Restart behavior remains fail-closed — grants stored in persistent DB
+ *
+ * Cross-reference:
+ *   1. Voice happy path — voice-scoped-grant-consumer.test.ts
+ *   2. Replay denied — scoped-approval-grants.test.ts + voice-scoped-grant-consumer.test.ts
+ *   3. Tool mismatch denied — scoped-approval-grants.test.ts + voice-scoped-grant-consumer.test.ts
+ *   4. Input mismatch denied — scoped-approval-grants.test.ts
+ *   5. Execution-channel mismatch denied — scoped-approval-grants.test.ts
+ *   7. Expired grant denied — scoped-approval-grants.test.ts
+ *   9. Stale decision cannot mint extra grant — guardian-grant-minting.test.ts
+ *  10. Informational ASK_GUARDIAN cannot mint grant — guardian-grant-minting.test.ts
+ *  11. Guardian identity mismatch cannot mint grant — guardian-grant-minting.test.ts
+ */
+
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+import { afterAll, beforeEach, describe, expect, mock, test } from 'bun:test';
+
+const testDir = mkdtempSync(join(tmpdir(), 'scoped-grant-security-matrix-'));
+
+mock.module('../util/platform.js', () => ({
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+  migrateToDataLayout: () => {},
+  migrateToWorkspaceLayout: () => {},
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+  isDebug: () => false,
+  truncateForLog: (value: string) => value,
+}));
+
+import {
+  type CreateScopedApprovalGrantParams,
+  consumeScopedApprovalGrantByToolSignature,
+  createScopedApprovalGrant,
+} from '../memory/scoped-approval-grants.js';
+import { getDb, initializeDb, resetDb } from '../memory/db.js';
+import { scopedApprovalGrants } from '../memory/schema.js';
+import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
+
+initializeDb();
+
+function clearTables(): void {
+  const db = getDb();
+  db.delete(scopedApprovalGrants).run();
+}
+
+afterAll(() => {
+  resetDb();
+  try {
+    rmSync(testDir, { recursive: true });
+  } catch {
+    /* best effort */
+  }
+});
+
+// ---------------------------------------------------------------------------
+// Helper to build grant params with sensible defaults
+// ---------------------------------------------------------------------------
+
+function grantParams(overrides: Partial<CreateScopedApprovalGrantParams> = {}): CreateScopedApprovalGrantParams {
+  const futureExpiry = new Date(Date.now() + 60_000).toISOString();
+  return {
+    assistantId: 'self',
+    scopeMode: 'tool_signature',
+    toolName: 'bash',
+    inputDigest: computeToolApprovalDigest('bash', { cmd: 'ls' }),
+    requestChannel: 'telegram',
+    decisionChannel: 'telegram',
+    expiresAt: futureExpiry,
+    ...overrides,
+  };
+}
+
+// ===========================================================================
+// 6. Requester identity mismatch denied
+// ===========================================================================
+
+describe('security matrix: requester identity mismatch', () => {
+  beforeEach(() => clearTables());
+
+  test('grant scoped to a specific requester cannot be consumed by a different requester', () => {
+    const digest = computeToolApprovalDigest('bash', { cmd: 'ls' });
+    createScopedApprovalGrant(
+      grantParams({
+        toolName: 'bash',
+        inputDigest: digest,
+        requesterExternalUserId: 'user-alice',
+      }),
+    );
+
+    // Attempt to consume as a different user
+    const wrongUser = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c1',
+      requesterExternalUserId: 'user-bob',
+    });
+    expect(wrongUser.ok).toBe(false);
+
+    // Correct user succeeds
+    const correctUser = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c2',
+      requesterExternalUserId: 'user-alice',
+    });
+    expect(correctUser.ok).toBe(true);
+  });
+
+  test('grant with null requesterExternalUserId allows any requester (wildcard)', () => {
+    const digest = computeToolApprovalDigest('bash', { cmd: 'ls' });
+    createScopedApprovalGrant(
+      grantParams({
+        toolName: 'bash',
+        inputDigest: digest,
+        requesterExternalUserId: null,
+      }),
+    );
+
+    // Any user can consume when requester is null (wildcard)
+    const result = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c1',
+      requesterExternalUserId: 'user-anyone',
+    });
+    expect(result.ok).toBe(true);
+  });
+
+  test('consume without providing requester only matches grants with null requester', () => {
+    const digest = computeToolApprovalDigest('bash', { cmd: 'ls' });
+
+    // Grant scoped to a specific requester
+    createScopedApprovalGrant(
+      grantParams({
+        toolName: 'bash',
+        inputDigest: digest,
+        requesterExternalUserId: 'user-alice',
+      }),
+    );
+
+    // Consume without specifying requester — should NOT match a requester-scoped grant
+    const result = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c1',
+      // No requesterExternalUserId provided
+    });
+    expect(result.ok).toBe(false);
+  });
+});
+
+// ===========================================================================
+// 8. Concurrent consume attempts: only one succeeds
+// ===========================================================================
+
+describe('security matrix: concurrent consume (CAS)', () => {
+  beforeEach(() => clearTables());
+
+  test('only one of multiple concurrent consumers succeeds for the same grant', () => {
+    const digest = computeToolApprovalDigest('bash', { cmd: 'rm -rf /' });
+    createScopedApprovalGrant(
+      grantParams({
+        toolName: 'bash',
+        inputDigest: digest,
+      }),
+    );
+
+    // Simulate concurrent consumers racing to consume the same grant.
+    // Since SQLite is synchronous in Bun, we simulate by issuing
+    // back-to-back consume calls — the CAS mechanism ensures only the
+    // first succeeds.
+    const results: boolean[] = [];
+    for (let i = 0; i < 5; i++) {
+      const result = consumeScopedApprovalGrantByToolSignature({
+        toolName: 'bash',
+        inputDigest: digest,
+        consumingRequestId: `concurrent-consumer-${i}`,
+      });
+      results.push(result.ok);
+    }
+
+    // Exactly one should succeed
+    const successes = results.filter(Boolean);
+    expect(successes.length).toBe(1);
+
+    // The first consumer should win
+    expect(results[0]).toBe(true);
+  });
+
+  test('with multiple matching grants, each consumer gets at most one grant', () => {
+    const digest = computeToolApprovalDigest('bash', { cmd: 'ls' });
+
+    // Create 3 grants for the same tool signature
+    for (let i = 0; i < 3; i++) {
+      createScopedApprovalGrant(
+        grantParams({
+          toolName: 'bash',
+          inputDigest: digest,
+        }),
+      );
+    }
+
+    // 5 consumers compete for 3 grants
+    const results: boolean[] = [];
+    for (let i = 0; i < 5; i++) {
+      const result = consumeScopedApprovalGrantByToolSignature({
+        toolName: 'bash',
+        inputDigest: digest,
+        consumingRequestId: `consumer-${i}`,
+      });
+      results.push(result.ok);
+    }
+
+    // Exactly 3 should succeed (one per grant)
+    const successes = results.filter(Boolean);
+    expect(successes.length).toBe(3);
+
+    // The last 2 should fail
+    expect(results[3]).toBe(false);
+    expect(results[4]).toBe(false);
+  });
+});
+
+// ===========================================================================
+// 12. Restart behavior remains fail-closed — grants stored in persistent DB
+// ===========================================================================
+
+describe('security matrix: persistence and fail-closed behavior', () => {
+  beforeEach(() => clearTables());
+
+  test('grants survive DB re-initialization (simulating daemon restart)', () => {
+    const digest = computeToolApprovalDigest('bash', { cmd: 'ls' });
+
+    // Create a grant
+    const grant = createScopedApprovalGrant(
+      grantParams({
+        toolName: 'bash',
+        inputDigest: digest,
+      }),
+    );
+    expect(grant.status).toBe('active');
+
+    // Re-initialize the DB (simulates daemon restart — the SQLite file persists)
+    initializeDb();
+
+    // The grant should still be consumable after restart
+    const result = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'post-restart-consumer',
+    });
+    expect(result.ok).toBe(true);
+    expect(result.grant!.id).toBe(grant.id);
+  });
+
+  test('consumed grants remain consumed after DB re-initialization', () => {
+    const digest = computeToolApprovalDigest('bash', { cmd: 'ls' });
+
+    createScopedApprovalGrant(
+      grantParams({
+        toolName: 'bash',
+        inputDigest: digest,
+      }),
+    );
+
+    // Consume the grant
+    const first = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'pre-restart-consumer',
+    });
+    expect(first.ok).toBe(true);
+
+    // Re-initialize the DB (simulates daemon restart)
+    initializeDb();
+
+    // The consumed grant must NOT be consumable again after restart
+    const second = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'post-restart-consumer',
+    });
+    expect(second.ok).toBe(false);
+  });
+
+  test('no grants means fail-closed (deny by default)', () => {
+    // Empty grant table — no grants at all
+    const digest = computeToolApprovalDigest('bash', { cmd: 'dangerous-command' });
+
+    const result = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'consumer-1',
+    });
+
+    // Must fail closed — no grant = no permission
+    expect(result.ok).toBe(false);
+    expect(result.grant).toBeNull();
+  });
+});
+
+// ===========================================================================
+// Combined cross-scope invariants
+// ===========================================================================
+
+describe('security matrix: cross-scope invariants', () => {
+  beforeEach(() => clearTables());
+
+  test('grant for one assistant cannot be consumed by another assistant', () => {
+    const digest = computeToolApprovalDigest('bash', { cmd: 'ls' });
+    createScopedApprovalGrant(
+      grantParams({
+        toolName: 'bash',
+        inputDigest: digest,
+        assistantId: 'assistant-alpha',
+      }),
+    );
+
+    // Attempt consumption from a different assistant
+    const wrongAssistant = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c1',
+      assistantId: 'assistant-beta',
+    });
+    expect(wrongAssistant.ok).toBe(false);
+
+    // Correct assistant succeeds
+    const correctAssistant = consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c2',
+      assistantId: 'assistant-alpha',
+    });
+    expect(correctAssistant.ok).toBe(true);
+  });
+
+  test('all scope fields must match simultaneously for consumption', () => {
+    const digest = computeToolApprovalDigest('bash', { cmd: 'ls' });
+
+    // Create a maximally-scoped grant
+    createScopedApprovalGrant(
+      grantParams({
+        toolName: 'bash',
+        inputDigest: digest,
+        assistantId: 'self',
+        executionChannel: 'voice',
+        conversationId: 'conv-123',
+        callSessionId: 'call-456',
+        requesterExternalUserId: 'user-alice',
+      }),
+    );
+
+    // Each field mismatch should independently cause failure:
+
+    // Wrong execution channel
+    expect(consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c-chan',
+      assistantId: 'self',
+      executionChannel: 'sms',
+      conversationId: 'conv-123',
+      callSessionId: 'call-456',
+      requesterExternalUserId: 'user-alice',
+    }).ok).toBe(false);
+
+    // Wrong conversation
+    expect(consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c-conv',
+      assistantId: 'self',
+      executionChannel: 'voice',
+      conversationId: 'conv-999',
+      callSessionId: 'call-456',
+      requesterExternalUserId: 'user-alice',
+    }).ok).toBe(false);
+
+    // Wrong call session
+    expect(consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c-call',
+      assistantId: 'self',
+      executionChannel: 'voice',
+      conversationId: 'conv-123',
+      callSessionId: 'call-999',
+      requesterExternalUserId: 'user-alice',
+    }).ok).toBe(false);
+
+    // Wrong requester
+    expect(consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c-user',
+      assistantId: 'self',
+      executionChannel: 'voice',
+      conversationId: 'conv-123',
+      callSessionId: 'call-456',
+      requesterExternalUserId: 'user-bob',
+    }).ok).toBe(false);
+
+    // All fields match — succeeds
+    expect(consumeScopedApprovalGrantByToolSignature({
+      toolName: 'bash',
+      inputDigest: digest,
+      consumingRequestId: 'c-all',
+      assistantId: 'self',
+      executionChannel: 'voice',
+      conversationId: 'conv-123',
+      callSessionId: 'call-456',
+      requesterExternalUserId: 'user-alice',
+    }).ok).toBe(true);
+  });
+});

package/src/__tests__/slack-channel-config.test.ts

@@ -105,9 +105,9 @@ mock.module('../tools/credentials/metadata-store.js', () => ({
 const originalFetch = globalThis.fetch;
 
 import {
+  clearSlackChannelConfig,
   getSlackChannelConfig,
   setSlackChannelConfig,
-  clearSlackChannelConfig,
 } from '../daemon/handlers/config-slack-channel.js';
 
 afterAll(() => {
@@ -186,7 +186,7 @@ describe('Slack channel config handler', () => {
         status: 200,
         headers: { 'content-type': 'application/json' },
       });
-    }) as typeof globalThis.fetch;
+    }) as unknown as typeof globalThis.fetch;
 
     const result = await setSlackChannelConfig('xoxb-valid-bot-token');
     expect(result.success).toBe(true);
@@ -204,7 +204,7 @@ describe('Slack channel config handler', () => {
         status: 200,
         headers: { 'content-type': 'application/json' },
       });
-    }) as typeof globalThis.fetch;
+    }) as unknown as typeof globalThis.fetch;
 
     const result = await setSlackChannelConfig('xoxb-bad-token');
     expect(result.success).toBe(false);

package/src/__tests__/trust-store.test.ts

@@ -297,15 +297,15 @@ describe('Trust Store', () => {
     });
 
     test('returns null when tool does not match', () => {
-      addRule('file_write', 'git *', '/tmp');
-      // host_bash default is 'ask' so findMatchingRule (allow-only) won't find it
-      const match = findMatchingRule('host_bash', 'git push', '/tmp');
+      addRule('file_write', 'file_write:/tmp/*', '/tmp');
+      // host_file_read default is 'ask' so findMatchingRule (allow-only) won't find it
+      const match = findMatchingRule('host_file_read', 'host_file_read:/etc/hosts', '/tmp');
       expect(match).toBeNull();
     });
 
     test('returns null when pattern does not match', () => {
-      addRule('host_bash', 'git *', '/tmp');
-      const match = findMatchingRule('host_bash', 'npm install', '/tmp');
+      addRule('host_file_read', 'host_file_read:/etc/hosts', '/tmp');
+      const match = findMatchingRule('host_file_read', 'host_file_read:/var/log/syslog', '/tmp');
       expect(match).toBeNull();
     });
 
@@ -324,8 +324,8 @@ describe('Trust Store', () => {
       });
 
       test('does not match when scope is outside rule scope', () => {
-        addRule('host_bash', 'npm *', '/home/user/project');
-        const match = findMatchingRule('host_bash', 'npm install', '/home/other');
+        addRule('host_file_read', 'host_file_read:/home/user/project/*', '/home/user/project');
+        const match = findMatchingRule('host_file_read', 'host_file_read:/home/user/project/file.txt', '/home/other');
         expect(match).toBeNull();
       });
 
@@ -342,8 +342,8 @@ describe('Trust Store', () => {
       });
 
       test('does not match sibling path with shared prefix', () => {
-        addRule('host_bash', 'npm *', '/home/user/project');
-        const match = findMatchingRule('host_bash', 'npm install', '/home/user/project-evil');
+        addRule('host_file_read', 'host_file_read:/home/user/project/*', '/home/user/project');
+        const match = findMatchingRule('host_file_read', 'host_file_read:/home/user/project/file.txt', '/home/user/project-evil');
         expect(match).toBeNull();
       });
 
@@ -360,8 +360,8 @@ describe('Trust Store', () => {
       });
 
       test('does not match sibling with glob-suffixed scope', () => {
-        addRule('host_bash', 'npm *', '/home/user/project*');
-        const match = findMatchingRule('host_bash', 'npm install', '/home/user/project-evil');
+        addRule('host_file_read', 'host_file_read:/home/user/project/*', '/home/user/project*');
+        const match = findMatchingRule('host_file_read', 'host_file_read:/home/user/project/file.txt', '/home/user/project-evil');
         expect(match).toBeNull();
       });
     });
@@ -375,9 +375,9 @@ describe('Trust Store', () => {
       });
 
       test('matches exact string', () => {
-        addRule('host_bash', 'git status', '/tmp');
-        expect(findMatchingRule('host_bash', 'git status', '/tmp')).not.toBeNull();
-        expect(findMatchingRule('host_bash', 'git push', '/tmp')).toBeNull();
+        addRule('host_file_read', 'host_file_read:/etc/hosts', '/tmp');
+        expect(findMatchingRule('host_file_read', 'host_file_read:/etc/hosts', '/tmp')).not.toBeNull();
+        expect(findMatchingRule('host_file_read', 'host_file_read:/etc/passwd', '/tmp')).toBeNull();
       });
 
       test('matches file path pattern', () => {
@@ -545,9 +545,9 @@ describe('Trust Store', () => {
     });
 
     test('findMatchingRule ignores deny rules', () => {
-      // Use host_bash — bash has a default allow rule that would match.
-      addRule('host_bash', 'rm *', '/tmp', 'deny');
-      const match = findMatchingRule('host_bash', 'rm file.txt', '/tmp');
+      // Use host_file_read — it has an 'ask' default so findMatchingRule (allow-only) won't find it.
+      addRule('host_file_read', 'host_file_read:/etc/*', '/tmp', 'deny');
+      const match = findMatchingRule('host_file_read', 'host_file_read:/etc/hosts', '/tmp');
       expect(match).toBeNull();
     });
 
@@ -806,12 +806,12 @@ describe('Trust Store', () => {
       expect(match!.priority).toBe(DEFAULT_PRIORITY_BY_ID.get('default:ask-host_file_edit-global')!);
     });
 
-    test('findHighestPriorityRule matches default ask for host_bash', () => {
+    test('findHighestPriorityRule matches default allow for host_bash', () => {
       const match = findHighestPriorityRule('host_bash', ['ls'], '/tmp');
       expect(match).not.toBeNull();
-      expect(match!.id).toBe('default:ask-host_bash-global');
-      expect(match!.decision).toBe('ask');
-      expect(match!.priority).toBe(DEFAULT_PRIORITY_BY_ID.get('default:ask-host_bash-global')!);
+      expect(match!.id).toBe('default:allow-host_bash-global');
+      expect(match!.decision).toBe('allow');
+      expect(match!.priority).toBe(DEFAULT_PRIORITY_BY_ID.get('default:allow-host_bash-global')!);
     });
 
     test('findHighestPriorityRule matches default ask for computer_use_click', () => {
@@ -838,6 +838,7 @@ describe('Trust Store', () => {
       expect(match).not.toBeNull();
       expect(match!.id).toBe('default:allow-bash-rm-bootstrap');
       expect(match!.decision).toBe('allow');
+      expect(match!.allowHighRisk).toBe(true);
       // Outside workspace, the bootstrap rule doesn't match — the global
       // default:allow-bash-global rule matches instead (not the bootstrap rule).
       const other = findHighestPriorityRule('bash', ['rm BOOTSTRAP.md'], '/tmp/other-project');
@@ -852,6 +853,7 @@ describe('Trust Store', () => {
       expect(match).not.toBeNull();
       expect(match!.id).toBe('default:allow-bash-rm-updates');
       expect(match!.decision).toBe('allow');
+      expect(match!.allowHighRisk).toBe(true);
       // Outside workspace, should NOT match the updates rule
       const other = findHighestPriorityRule('bash', ['rm UPDATES.md'], '/tmp/other-project');
       expect(other).not.toBeNull();

package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts

@@ -85,14 +85,12 @@ mock.module('../runtime/approval-message-composer.js', () => ({
 import {
   createApprovalRequest,
   createBinding,
-  findPendingAccessRequestForRequester,
-  getAllPendingApprovalsByGuardianChat,
 } from '../memory/channel-guardian-store.js';
+import { getDb, initializeDb, resetDb } from '../memory/db.js';
+import { findMember, upsertMember } from '../memory/ingress-member-store.js';
 import {
   createOutboundSession,
 } from '../runtime/channel-guardian-service.js';
-import { findMember, upsertMember } from '../memory/ingress-member-store.js';
-import { initializeDb, resetDb } from '../memory/db.js';
 import { handleChannelInbound } from '../runtime/routes/channel-routes.js';
 
 initializeDb();
@@ -110,7 +108,6 @@ const TEST_BEARER_TOKEN = 'test-token';
 const GUARDIAN_APPROVAL_TTL_MS = 5 * 60 * 1000;
 
 function resetState(): void {
-  const { getDb } = require('../memory/db.js');
   const db = getDb();
   db.run('DELETE FROM channel_guardian_approval_requests');
   db.run('DELETE FROM channel_guardian_bindings');
@@ -177,7 +174,7 @@ describe('trusted contact lifecycle notification signals', () => {
     const testRequestId = `req-deny-${Date.now()}`;
 
     // Create a pending access request approval
-    const approval = createApprovalRequest({
+    const _approval = createApprovalRequest({
       runId: `ingress-access-request-${Date.now()}`,
       requestId: testRequestId,
       conversationId: 'access-req-telegram-requester-user-456',
@@ -252,7 +249,7 @@ describe('trusted contact lifecycle notification signals', () => {
     const testRequestId = `req-approve-${Date.now()}`;
 
     // Create a pending access request approval
-    const approval = createApprovalRequest({
+    const _approval = createApprovalRequest({
       runId: `ingress-access-request-${Date.now()}`,
       requestId: testRequestId,
       conversationId: 'access-req-telegram-requester-user-456',
@@ -426,6 +423,7 @@ describe('trusted contact activated notification signal', () => {
 
   test('guardian verification does NOT emit activated signal', async () => {
     // Create an inbound challenge (guardian flow, not trusted contact)
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
     const { createVerificationChallenge } = require('../runtime/channel-guardian-service.js');
     const { secret } = createVerificationChallenge('self', 'telegram');
 

package/src/__tests__/trusted-contact-multichannel.test.ts

@@ -77,16 +77,13 @@ import {
   createBinding,
   findPendingAccessRequestForRequester,
 } from '../memory/channel-guardian-store.js';
+import { getDb, initializeDb, resetDb } from '../memory/db.js';
+import { findMember, upsertMember } from '../memory/ingress-member-store.js';
 import {
   createOutboundSession,
   validateAndConsumeChallenge,
 } from '../runtime/channel-guardian-service.js';
-import { findMember, upsertMember } from '../memory/ingress-member-store.js';
-import { initializeDb, resetDb } from '../memory/db.js';
 import { handleChannelInbound } from '../runtime/routes/channel-routes.js';
-import {
-  handleAccessRequestDecision,
-} from '../runtime/routes/access-request-decision.js';
 
 initializeDb();
 
@@ -102,7 +99,6 @@ afterAll(() => {
 const TEST_BEARER_TOKEN = 'test-token';
 
 function resetState(): void {
-  const { getDb } = require('../memory/db.js');
   const db = getDb();
   db.run('DELETE FROM channel_guardian_approval_requests');
   db.run('DELETE FROM channel_guardian_bindings');