npm - @vellumai/assistant - Versions diffs - 0.3.19 → 0.3.20 - Mend

@vellumai/assistant 0.3.19 → 0.3.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (189) hide show

package/ARCHITECTURE.md +151 -15
package/Dockerfile +1 -0
package/README.md +40 -4
package/docs/architecture/integrations.md +7 -11
package/package.json +1 -1
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +54 -0
package/src/__tests__/approval-primitive.test.ts +540 -0
package/src/__tests__/assistant-feature-flag-guard.test.ts +206 -0
package/src/__tests__/assistant-feature-flag-guardrails.test.ts +198 -0
package/src/__tests__/assistant-feature-flags-integration.test.ts +272 -0
package/src/__tests__/call-controller.test.ts +439 -108
package/src/__tests__/channel-invite-transport.test.ts +264 -0
package/src/__tests__/cli.test.ts +42 -1
package/src/__tests__/config-schema.test.ts +11 -127
package/src/__tests__/config-watcher.test.ts +0 -8
package/src/__tests__/daemon-lifecycle.test.ts +1 -0
package/src/__tests__/daemon-server-session-init.test.ts +8 -2
package/src/__tests__/diff.test.ts +22 -0
package/src/__tests__/guardian-action-copy-generator.test.ts +5 -0
package/src/__tests__/guardian-action-grant-mint-consume.test.ts +300 -32
package/src/__tests__/guardian-action-late-reply.test.ts +546 -1
package/src/__tests__/guardian-actions-endpoint.test.ts +774 -0
package/src/__tests__/guardian-control-plane-policy.test.ts +36 -3
package/src/__tests__/guardian-dispatch.test.ts +124 -0
package/src/__tests__/guardian-grant-minting.test.ts +6 -17
package/src/__tests__/inbound-invite-redemption.test.ts +367 -0
package/src/__tests__/invite-redemption-service.test.ts +306 -0
package/src/__tests__/ipc-snapshot.test.ts +57 -0
package/src/__tests__/notification-decision-fallback.test.ts +88 -0
package/src/__tests__/sandbox-diagnostics.test.ts +6 -249
package/src/__tests__/sandbox-host-parity.test.ts +6 -13
package/src/__tests__/scoped-approval-grants.test.ts +6 -6
package/src/__tests__/scoped-grant-security-matrix.test.ts +5 -4
package/src/__tests__/script-proxy-session-manager.test.ts +1 -19
package/src/__tests__/session-load-history-repair.test.ts +169 -2
package/src/__tests__/session-runtime-assembly.test.ts +33 -5
package/src/__tests__/skill-feature-flags-integration.test.ts +171 -0
package/src/__tests__/skill-feature-flags.test.ts +188 -0
package/src/__tests__/skill-load-feature-flag.test.ts +141 -0
package/src/__tests__/skill-mirror-parity.test.ts +1 -0
package/src/__tests__/skill-projection-feature-flag.test.ts +363 -0
package/src/__tests__/system-prompt.test.ts +1 -1
package/src/__tests__/terminal-sandbox.test.ts +142 -9
package/src/__tests__/terminal-tools.test.ts +2 -93
package/src/__tests__/thread-seed-composer.test.ts +18 -0
package/src/__tests__/tool-approval-handler.test.ts +350 -0
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +8 -10
package/src/__tests__/voice-scoped-grant-consumer.test.ts +46 -84
package/src/agent/loop.ts +36 -1
package/src/approvals/approval-primitive.ts +381 -0
package/src/approvals/guardian-decision-primitive.ts +191 -0
package/src/calls/call-controller.ts +252 -209
package/src/calls/call-domain.ts +44 -6
package/src/calls/guardian-dispatch.ts +48 -0
package/src/calls/types.ts +1 -1
package/src/calls/voice-session-bridge.ts +46 -30
package/src/cli/core-commands.ts +0 -4
package/src/cli.ts +76 -34
package/src/config/__tests__/feature-flag-registry-guard.test.ts +179 -0
package/src/config/assistant-feature-flags.ts +162 -0
package/src/config/bundled-skills/api-mapping/icon.svg +18 -0
package/src/config/bundled-skills/messaging/TOOLS.json +30 -0
package/src/config/bundled-skills/messaging/tools/slack-delete-message.ts +24 -0
package/src/config/bundled-skills/notifications/SKILL.md +1 -1
package/src/config/bundled-skills/reminder/SKILL.md +49 -2
package/src/config/bundled-skills/time-based-actions/SKILL.md +49 -2
package/src/config/bundled-skills/voice-setup/SKILL.md +122 -0
package/src/config/core-schema.ts +1 -1
package/src/config/env-registry.ts +10 -0
package/src/config/feature-flag-registry.json +61 -0
package/src/config/loader.ts +22 -1
package/src/config/sandbox-schema.ts +0 -39
package/src/config/schema.ts +6 -2
package/src/config/skill-state.ts +34 -0
package/src/config/skills-schema.ts +0 -1
package/src/config/skills.ts +9 -0
package/src/config/system-prompt.ts +110 -46
package/src/config/templates/SOUL.md +1 -1
package/src/config/types.ts +19 -1
package/src/config/vellum-skills/catalog.json +1 -1
package/src/config/vellum-skills/guardian-verify-setup/SKILL.md +1 -0
package/src/config/vellum-skills/sms-setup/SKILL.md +1 -1
package/src/config/vellum-skills/telegram-setup/SKILL.md +1 -1
package/src/config/vellum-skills/trusted-contacts/SKILL.md +104 -3
package/src/config/vellum-skills/twilio-setup/SKILL.md +1 -1
package/src/daemon/config-watcher.ts +0 -1
package/src/daemon/daemon-control.ts +1 -1
package/src/daemon/guardian-invite-intent.ts +124 -0
package/src/daemon/handlers/avatar.ts +68 -0
package/src/daemon/handlers/browser.ts +2 -2
package/src/daemon/handlers/guardian-actions.ts +120 -0
package/src/daemon/handlers/index.ts +4 -0
package/src/daemon/handlers/sessions.ts +19 -0
package/src/daemon/handlers/shared.ts +3 -1
package/src/daemon/install-cli-launchers.ts +58 -13
package/src/daemon/ipc-contract/guardian-actions.ts +53 -0
package/src/daemon/ipc-contract/sessions.ts +8 -2
package/src/daemon/ipc-contract/settings.ts +25 -2
package/src/daemon/ipc-contract-inventory.json +10 -0
package/src/daemon/ipc-contract.ts +4 -0
package/src/daemon/lifecycle.ts +6 -2
package/src/daemon/main.ts +1 -0
package/src/daemon/server.ts +1 -0
package/src/daemon/session-lifecycle.ts +52 -7
package/src/daemon/session-memory.ts +45 -0
package/src/daemon/session-process.ts +258 -432
package/src/daemon/session-runtime-assembly.ts +12 -0
package/src/daemon/session-skill-tools.ts +14 -1
package/src/daemon/session-tool-setup.ts +5 -0
package/src/daemon/session.ts +11 -0
package/src/daemon/tool-side-effects.ts +35 -9
package/src/index.ts +0 -2
package/src/memory/conversation-display-order-migration.ts +44 -0
package/src/memory/conversation-queries.ts +2 -0
package/src/memory/conversation-store.ts +91 -0
package/src/memory/db-init.ts +5 -1
package/src/memory/embedding-local.ts +13 -8
package/src/memory/guardian-action-store.ts +125 -2
package/src/memory/ingress-invite-store.ts +95 -1
package/src/memory/migrations/035-guardian-action-supersession.ts +23 -0
package/src/memory/migrations/index.ts +2 -1
package/src/memory/schema.ts +5 -1
package/src/memory/scoped-approval-grants.ts +14 -5
package/src/messaging/providers/slack/client.ts +12 -0
package/src/messaging/providers/slack/types.ts +5 -0
package/src/notifications/decision-engine.ts +49 -12
package/src/notifications/emit-signal.ts +7 -0
package/src/notifications/signal.ts +7 -0
package/src/notifications/thread-seed-composer.ts +2 -1
package/src/runtime/channel-approval-types.ts +16 -6
package/src/runtime/channel-approvals.ts +19 -15
package/src/runtime/channel-invite-transport.ts +85 -0
package/src/runtime/channel-invite-transports/telegram.ts +105 -0
package/src/runtime/guardian-action-grant-minter.ts +92 -35
package/src/runtime/guardian-action-message-composer.ts +30 -0
package/src/runtime/guardian-decision-types.ts +91 -0
package/src/runtime/http-server.ts +23 -1
package/src/runtime/ingress-service.ts +22 -0
package/src/runtime/invite-redemption-service.ts +181 -0
package/src/runtime/invite-redemption-templates.ts +39 -0
package/src/runtime/routes/call-routes.ts +2 -1
package/src/runtime/routes/guardian-action-routes.ts +206 -0
package/src/runtime/routes/guardian-approval-interception.ts +66 -190
package/src/runtime/routes/inbound-message-handler.ts +486 -394
package/src/runtime/routes/pairing-routes.ts +4 -0
package/src/security/encrypted-store.ts +31 -17
package/src/security/keychain.ts +176 -2
package/src/security/secure-keys.ts +97 -0
package/src/security/tool-approval-digest.ts +1 -1
package/src/tools/browser/browser-execution.ts +2 -2
package/src/tools/browser/browser-manager.ts +46 -32
package/src/tools/browser/browser-screencast.ts +2 -2
package/src/tools/calls/call-start.ts +1 -1
package/src/tools/executor.ts +22 -17
package/src/tools/network/script-proxy/session-manager.ts +1 -5
package/src/tools/skills/load.ts +22 -8
package/src/tools/system/avatar-generator.ts +119 -0
package/src/tools/system/navigate-settings.ts +65 -0
package/src/tools/system/open-system-settings.ts +75 -0
package/src/tools/system/voice-config.ts +121 -32
package/src/tools/terminal/backends/native.ts +40 -19
package/src/tools/terminal/backends/types.ts +3 -3
package/src/tools/terminal/parser.ts +1 -1
package/src/tools/terminal/sandbox-diagnostics.ts +6 -87
package/src/tools/terminal/sandbox.ts +1 -12
package/src/tools/terminal/shell.ts +3 -31
package/src/tools/tool-approval-handler.ts +141 -3
package/src/tools/tool-manifest.ts +6 -0
package/src/tools/types.ts +6 -0
package/src/util/diff.ts +36 -13
package/Dockerfile.sandbox +0 -5
package/src/__tests__/doordash-client.test.ts +0 -187
package/src/__tests__/doordash-session.test.ts +0 -154
package/src/__tests__/signup-e2e.test.ts +0 -354
package/src/__tests__/terminal-sandbox-docker.test.ts +0 -1065
package/src/__tests__/terminal-sandbox.integration.test.ts +0 -180
package/src/cli/doordash.ts +0 -1057
package/src/config/bundled-skills/doordash/SKILL.md +0 -163
package/src/config/templates/LOOKS.md +0 -25
package/src/doordash/cart-queries.ts +0 -787
package/src/doordash/client.ts +0 -1016
package/src/doordash/order-queries.ts +0 -85
package/src/doordash/queries.ts +0 -13
package/src/doordash/query-extractor.ts +0 -94
package/src/doordash/search-queries.ts +0 -203
package/src/doordash/session.ts +0 -84
package/src/doordash/store-queries.ts +0 -246
package/src/doordash/types.ts +0 -367
package/src/tools/terminal/backends/docker.ts +0 -379

package/src/__tests__/approval-primitive.test.ts ADDED Viewed

@@ -0,0 +1,540 @@
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { afterAll, beforeEach, describe, expect, mock, test } from 'bun:test';
+const testDir = mkdtempSync(join(tmpdir(), 'approval-primitive-test-'));
+mock.module('../util/platform.js', () => ({
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+  migrateToDataLayout: () => {},
+  migrateToWorkspaceLayout: () => {},
+}));
+mock.module('../util/logger.js', () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+  isDebug: () => false,
+  truncateForLog: (value: string) => value,
+}));
+import {
+  consumeGrantForInvocation,
+  mintGrantFromDecision,
+  type MintGrantParams,
+} from '../approvals/approval-primitive.js';
+import { getDb, initializeDb, resetDb } from '../memory/db.js';
+import { scopedApprovalGrants } from '../memory/schema.js';
+import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
+initializeDb();
+function clearTables(): void {
+  const db = getDb();
+  db.delete(scopedApprovalGrants).run();
+}
+afterAll(() => {
+  resetDb();
+  try {
+    rmSync(testDir, { recursive: true });
+  } catch {
+    /* best effort */
+  }
+});
+// ---------------------------------------------------------------------------
+// Helper to build mint params with sensible defaults
+// ---------------------------------------------------------------------------
+function mintParams(overrides: Partial<MintGrantParams> = {}): MintGrantParams {
+  const futureExpiry = new Date(Date.now() + 60_000).toISOString();
+  return {
+    assistantId: 'self',
+    scopeMode: 'request_id',
+    requestChannel: 'telegram',
+    decisionChannel: 'telegram',
+    expiresAt: futureExpiry,
+    ...overrides,
+  };
+}
+// ===========================================================================
+// MINT TESTS
+// ===========================================================================
+describe('approval-primitive / mintGrantFromDecision', () => {
+  beforeEach(() => clearTables());
+  test('mints a request_id scoped grant successfully', () => {
+    const result = mintGrantFromDecision(
+      mintParams({ scopeMode: 'request_id', requestId: 'req-1' }),
+    );
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.grant.status).toBe('active');
+    expect(result.grant.requestId).toBe('req-1');
+    expect(result.grant.scopeMode).toBe('request_id');
+  });
+  test('mints a tool_signature scoped grant successfully', () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'ls' });
+    const result = mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: digest,
+      }),
+    );
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.grant.toolName).toBe('shell');
+    expect(result.grant.inputDigest).toBe(digest);
+    expect(result.grant.scopeMode).toBe('tool_signature');
+  });
+  test('rejects request_id scope when requestId is missing', () => {
+    const result = mintGrantFromDecision(
+      mintParams({ scopeMode: 'request_id', requestId: null }),
+    );
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('missing_request_id');
+  });
+  test('rejects tool_signature scope when toolName is missing', () => {
+    const result = mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: null,
+        inputDigest: 'abc123',
+      }),
+    );
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('missing_tool_fields');
+  });
+  test('rejects tool_signature scope when inputDigest is missing', () => {
+    const result = mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: null,
+      }),
+    );
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('missing_tool_fields');
+  });
+  test('mints grant with full scope context fields', () => {
+    const result = mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'request_id',
+        requestId: 'req-full',
+        conversationId: 'conv-1',
+        callSessionId: 'call-1',
+        requesterExternalUserId: 'user-1',
+        guardianExternalUserId: 'guardian-1',
+        executionChannel: 'voice',
+      }),
+    );
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.grant.conversationId).toBe('conv-1');
+    expect(result.grant.callSessionId).toBe('call-1');
+    expect(result.grant.requesterExternalUserId).toBe('user-1');
+    expect(result.grant.guardianExternalUserId).toBe('guardian-1');
+    expect(result.grant.executionChannel).toBe('voice');
+  });
+});
+// ===========================================================================
+// CONSUME TESTS
+// ===========================================================================
+describe('approval-primitive / consumeGrantForInvocation', () => {
+  beforeEach(() => clearTables());
+  test('consumes a request_id grant when requestId matches', async () => {
+    mintGrantFromDecision(mintParams({ scopeMode: 'request_id', requestId: 'req-100' }));
+    const result = await consumeGrantForInvocation({
+      requestId: 'req-100',
+      toolName: 'shell',
+      inputDigest: computeToolApprovalDigest('shell', { command: 'ls' }),
+      consumingRequestId: 'consumer-1',
+      assistantId: 'self',
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.grant.status).toBe('consumed');
+    expect(result.grant.consumedByRequestId).toBe('consumer-1');
+  });
+  test('consumes a tool_signature grant when tool+input matches', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'ls' });
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: digest,
+      }),
+    );
+    const result = await consumeGrantForInvocation({
+      toolName: 'shell',
+      inputDigest: digest,
+      consumingRequestId: 'consumer-2',
+      assistantId: 'self',
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.grant.status).toBe('consumed');
+  });
+  test('falls back to tool_signature when request_id does not match', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'ls' });
+    // Mint a tool_signature grant (not request_id)
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: digest,
+      }),
+    );
+    const result = await consumeGrantForInvocation({
+      requestId: 'nonexistent-req',
+      toolName: 'shell',
+      inputDigest: digest,
+      consumingRequestId: 'consumer-3',
+      assistantId: 'self',
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.grant.scopeMode).toBe('tool_signature');
+  });
+  // ---------------------------------------------------------------------------
+  // Consume miss scenarios
+  // ---------------------------------------------------------------------------
+  test('miss: no grants exist at all', async () => {
+    const result = await consumeGrantForInvocation({
+      toolName: 'shell',
+      inputDigest: computeToolApprovalDigest('shell', { command: 'ls' }),
+      consumingRequestId: 'consumer-miss',
+      assistantId: 'self',
+    }, { maxWaitMs: 0 });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('no_match');
+  });
+  test('miss: tool name mismatch', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'ls' });
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: digest,
+      }),
+    );
+    const result = await consumeGrantForInvocation({
+      toolName: 'file_write',
+      inputDigest: digest,
+      consumingRequestId: 'consumer-mismatch-tool',
+      assistantId: 'self',
+    }, { maxWaitMs: 0 });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('no_match');
+  });
+  test('miss: input digest mismatch', async () => {
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: computeToolApprovalDigest('shell', { command: 'ls' }),
+      }),
+    );
+    const result = await consumeGrantForInvocation({
+      toolName: 'shell',
+      inputDigest: computeToolApprovalDigest('shell', { command: 'rm -rf /' }),
+      consumingRequestId: 'consumer-mismatch-input',
+      assistantId: 'self',
+    }, { maxWaitMs: 0 });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('no_match');
+  });
+  test('miss: assistant ID mismatch', async () => {
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'request_id',
+        requestId: 'req-assist',
+        assistantId: 'assistant-A',
+      }),
+    );
+    const result = await consumeGrantForInvocation({
+      requestId: 'req-assist',
+      toolName: 'shell',
+      inputDigest: computeToolApprovalDigest('shell', {}),
+      consumingRequestId: 'consumer-assist-mismatch',
+      assistantId: 'assistant-B',
+    }, { maxWaitMs: 0 });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('no_match');
+  });
+  test('miss: grant expired', async () => {
+    const pastExpiry = new Date(Date.now() - 60_000).toISOString();
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'request_id',
+        requestId: 'req-expired',
+        expiresAt: pastExpiry,
+      }),
+    );
+    const result = await consumeGrantForInvocation({
+      requestId: 'req-expired',
+      toolName: 'shell',
+      inputDigest: computeToolApprovalDigest('shell', {}),
+      consumingRequestId: 'consumer-expired',
+      assistantId: 'self',
+    }, { maxWaitMs: 0 });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('no_match');
+  });
+  // ---------------------------------------------------------------------------
+  // One-time consume semantics
+  // ---------------------------------------------------------------------------
+  test('one-time consume: second consume of the same grant fails', async () => {
+    mintGrantFromDecision(
+      mintParams({ scopeMode: 'request_id', requestId: 'req-once' }),
+    );
+    const first = await consumeGrantForInvocation({
+      requestId: 'req-once',
+      toolName: 'shell',
+      inputDigest: computeToolApprovalDigest('shell', {}),
+      consumingRequestId: 'consumer-first',
+      assistantId: 'self',
+    });
+    expect(first.ok).toBe(true);
+    const second = await consumeGrantForInvocation({
+      requestId: 'req-once',
+      toolName: 'shell',
+      inputDigest: computeToolApprovalDigest('shell', {}),
+      consumingRequestId: 'consumer-second',
+      assistantId: 'self',
+    }, { maxWaitMs: 0 });
+    expect(second.ok).toBe(false);
+    if (second.ok) return;
+    expect(second.reason).toBe('no_match');
+  });
+  test('one-time consume: tool_signature grant is consumed only once', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'deploy' });
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: digest,
+      }),
+    );
+    const first = await consumeGrantForInvocation({
+      toolName: 'shell',
+      inputDigest: digest,
+      consumingRequestId: 'consumer-sig-first',
+      assistantId: 'self',
+    });
+    expect(first.ok).toBe(true);
+    const second = await consumeGrantForInvocation({
+      toolName: 'shell',
+      inputDigest: digest,
+      consumingRequestId: 'consumer-sig-second',
+      assistantId: 'self',
+    }, { maxWaitMs: 0 });
+    expect(second.ok).toBe(false);
+    if (second.ok) return;
+    expect(second.reason).toBe('no_match');
+  });
+  // ---------------------------------------------------------------------------
+  // Context-scoped consume
+  // ---------------------------------------------------------------------------
+  test('consumes tool_signature grant with matching conversation context', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'test' });
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: digest,
+        conversationId: 'conv-ctx',
+        callSessionId: 'call-ctx',
+      }),
+    );
+    const result = await consumeGrantForInvocation({
+      toolName: 'shell',
+      inputDigest: digest,
+      consumingRequestId: 'consumer-ctx',
+      assistantId: 'self',
+      conversationId: 'conv-ctx',
+      callSessionId: 'call-ctx',
+    });
+    expect(result.ok).toBe(true);
+  });
+  test('miss: conversation context mismatch on tool_signature grant', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'test' });
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: digest,
+        conversationId: 'conv-A',
+      }),
+    );
+    const result = await consumeGrantForInvocation({
+      toolName: 'shell',
+      inputDigest: digest,
+      consumingRequestId: 'consumer-ctx-mismatch',
+      assistantId: 'self',
+      conversationId: 'conv-B',
+    }, { maxWaitMs: 0 });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('no_match');
+  });
+});
+// ===========================================================================
+// RETRY POLLING TESTS
+// ===========================================================================
+describe('approval-primitive / consumeGrantForInvocation retry', () => {
+  beforeEach(() => clearTables());
+  test('succeeds immediately when grant already exists (no retry needed)', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'ls' });
+    mintGrantFromDecision(
+      mintParams({
+        scopeMode: 'tool_signature',
+        toolName: 'shell',
+        inputDigest: digest,
+      }),
+    );
+    const start = Date.now();
+    const result = await consumeGrantForInvocation({
+      toolName: 'shell',
+      inputDigest: digest,
+      consumingRequestId: 'consumer-async-immediate',
+      assistantId: 'self',
+    });
+    const elapsed = Date.now() - start;
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.grant.status).toBe('consumed');
+    // Should return nearly instantly — well under the retry interval
+    expect(elapsed).toBeLessThan(200);
+  });
+  test('retries and succeeds when grant appears after a delay', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'delayed' });
+    // Mint the grant after 300ms — the async consumer should retry and find it
+    setTimeout(() => {
+      mintGrantFromDecision(
+        mintParams({
+          scopeMode: 'tool_signature',
+          toolName: 'shell',
+          inputDigest: digest,
+        }),
+      );
+    }, 300);
+    const start = Date.now();
+    const result = await consumeGrantForInvocation(
+      {
+        toolName: 'shell',
+        inputDigest: digest,
+        consumingRequestId: 'consumer-async-delayed',
+        assistantId: 'self',
+      },
+      { maxWaitMs: 5_000, intervalMs: 100 },
+    );
+    const elapsed = Date.now() - start;
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.grant.status).toBe('consumed');
+    // Should have taken at least ~300ms (the delay) but less than the max wait
+    expect(elapsed).toBeGreaterThanOrEqual(250);
+    expect(elapsed).toBeLessThan(5_000);
+  });
+  test('returns failure after timeout when no grant appears', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'never-minted' });
+    const start = Date.now();
+    const result = await consumeGrantForInvocation(
+      {
+        toolName: 'shell',
+        inputDigest: digest,
+        consumingRequestId: 'consumer-async-timeout',
+        assistantId: 'self',
+      },
+      { maxWaitMs: 500, intervalMs: 100 },
+    );
+    const elapsed = Date.now() - start;
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('no_match');
+    // Should have waited approximately the max wait time
+    expect(elapsed).toBeGreaterThanOrEqual(450);
+    expect(elapsed).toBeLessThan(1_500);
+  });
+});