npm - @vellumai/assistant - Versions diffs - 0.3.19 → 0.3.20 - Mend

@vellumai/assistant 0.3.19 → 0.3.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (189) hide show

package/ARCHITECTURE.md +151 -15
package/Dockerfile +1 -0
package/README.md +40 -4
package/docs/architecture/integrations.md +7 -11
package/package.json +1 -1
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +54 -0
package/src/__tests__/approval-primitive.test.ts +540 -0
package/src/__tests__/assistant-feature-flag-guard.test.ts +206 -0
package/src/__tests__/assistant-feature-flag-guardrails.test.ts +198 -0
package/src/__tests__/assistant-feature-flags-integration.test.ts +272 -0
package/src/__tests__/call-controller.test.ts +439 -108
package/src/__tests__/channel-invite-transport.test.ts +264 -0
package/src/__tests__/cli.test.ts +42 -1
package/src/__tests__/config-schema.test.ts +11 -127
package/src/__tests__/config-watcher.test.ts +0 -8
package/src/__tests__/daemon-lifecycle.test.ts +1 -0
package/src/__tests__/daemon-server-session-init.test.ts +8 -2
package/src/__tests__/diff.test.ts +22 -0
package/src/__tests__/guardian-action-copy-generator.test.ts +5 -0
package/src/__tests__/guardian-action-grant-mint-consume.test.ts +300 -32
package/src/__tests__/guardian-action-late-reply.test.ts +546 -1
package/src/__tests__/guardian-actions-endpoint.test.ts +774 -0
package/src/__tests__/guardian-control-plane-policy.test.ts +36 -3
package/src/__tests__/guardian-dispatch.test.ts +124 -0
package/src/__tests__/guardian-grant-minting.test.ts +6 -17
package/src/__tests__/inbound-invite-redemption.test.ts +367 -0
package/src/__tests__/invite-redemption-service.test.ts +306 -0
package/src/__tests__/ipc-snapshot.test.ts +57 -0
package/src/__tests__/notification-decision-fallback.test.ts +88 -0
package/src/__tests__/sandbox-diagnostics.test.ts +6 -249
package/src/__tests__/sandbox-host-parity.test.ts +6 -13
package/src/__tests__/scoped-approval-grants.test.ts +6 -6
package/src/__tests__/scoped-grant-security-matrix.test.ts +5 -4
package/src/__tests__/script-proxy-session-manager.test.ts +1 -19
package/src/__tests__/session-load-history-repair.test.ts +169 -2
package/src/__tests__/session-runtime-assembly.test.ts +33 -5
package/src/__tests__/skill-feature-flags-integration.test.ts +171 -0
package/src/__tests__/skill-feature-flags.test.ts +188 -0
package/src/__tests__/skill-load-feature-flag.test.ts +141 -0
package/src/__tests__/skill-mirror-parity.test.ts +1 -0
package/src/__tests__/skill-projection-feature-flag.test.ts +363 -0
package/src/__tests__/system-prompt.test.ts +1 -1
package/src/__tests__/terminal-sandbox.test.ts +142 -9
package/src/__tests__/terminal-tools.test.ts +2 -93
package/src/__tests__/thread-seed-composer.test.ts +18 -0
package/src/__tests__/tool-approval-handler.test.ts +350 -0
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +8 -10
package/src/__tests__/voice-scoped-grant-consumer.test.ts +46 -84
package/src/agent/loop.ts +36 -1
package/src/approvals/approval-primitive.ts +381 -0
package/src/approvals/guardian-decision-primitive.ts +191 -0
package/src/calls/call-controller.ts +252 -209
package/src/calls/call-domain.ts +44 -6
package/src/calls/guardian-dispatch.ts +48 -0
package/src/calls/types.ts +1 -1
package/src/calls/voice-session-bridge.ts +46 -30
package/src/cli/core-commands.ts +0 -4
package/src/cli.ts +76 -34
package/src/config/__tests__/feature-flag-registry-guard.test.ts +179 -0
package/src/config/assistant-feature-flags.ts +162 -0
package/src/config/bundled-skills/api-mapping/icon.svg +18 -0
package/src/config/bundled-skills/messaging/TOOLS.json +30 -0
package/src/config/bundled-skills/messaging/tools/slack-delete-message.ts +24 -0
package/src/config/bundled-skills/notifications/SKILL.md +1 -1
package/src/config/bundled-skills/reminder/SKILL.md +49 -2
package/src/config/bundled-skills/time-based-actions/SKILL.md +49 -2
package/src/config/bundled-skills/voice-setup/SKILL.md +122 -0
package/src/config/core-schema.ts +1 -1
package/src/config/env-registry.ts +10 -0
package/src/config/feature-flag-registry.json +61 -0
package/src/config/loader.ts +22 -1
package/src/config/sandbox-schema.ts +0 -39
package/src/config/schema.ts +6 -2
package/src/config/skill-state.ts +34 -0
package/src/config/skills-schema.ts +0 -1
package/src/config/skills.ts +9 -0
package/src/config/system-prompt.ts +110 -46
package/src/config/templates/SOUL.md +1 -1
package/src/config/types.ts +19 -1
package/src/config/vellum-skills/catalog.json +1 -1
package/src/config/vellum-skills/guardian-verify-setup/SKILL.md +1 -0
package/src/config/vellum-skills/sms-setup/SKILL.md +1 -1
package/src/config/vellum-skills/telegram-setup/SKILL.md +1 -1
package/src/config/vellum-skills/trusted-contacts/SKILL.md +104 -3
package/src/config/vellum-skills/twilio-setup/SKILL.md +1 -1
package/src/daemon/config-watcher.ts +0 -1
package/src/daemon/daemon-control.ts +1 -1
package/src/daemon/guardian-invite-intent.ts +124 -0
package/src/daemon/handlers/avatar.ts +68 -0
package/src/daemon/handlers/browser.ts +2 -2
package/src/daemon/handlers/guardian-actions.ts +120 -0
package/src/daemon/handlers/index.ts +4 -0
package/src/daemon/handlers/sessions.ts +19 -0
package/src/daemon/handlers/shared.ts +3 -1
package/src/daemon/install-cli-launchers.ts +58 -13
package/src/daemon/ipc-contract/guardian-actions.ts +53 -0
package/src/daemon/ipc-contract/sessions.ts +8 -2
package/src/daemon/ipc-contract/settings.ts +25 -2
package/src/daemon/ipc-contract-inventory.json +10 -0
package/src/daemon/ipc-contract.ts +4 -0
package/src/daemon/lifecycle.ts +6 -2
package/src/daemon/main.ts +1 -0
package/src/daemon/server.ts +1 -0
package/src/daemon/session-lifecycle.ts +52 -7
package/src/daemon/session-memory.ts +45 -0
package/src/daemon/session-process.ts +258 -432
package/src/daemon/session-runtime-assembly.ts +12 -0
package/src/daemon/session-skill-tools.ts +14 -1
package/src/daemon/session-tool-setup.ts +5 -0
package/src/daemon/session.ts +11 -0
package/src/daemon/tool-side-effects.ts +35 -9
package/src/index.ts +0 -2
package/src/memory/conversation-display-order-migration.ts +44 -0
package/src/memory/conversation-queries.ts +2 -0
package/src/memory/conversation-store.ts +91 -0
package/src/memory/db-init.ts +5 -1
package/src/memory/embedding-local.ts +13 -8
package/src/memory/guardian-action-store.ts +125 -2
package/src/memory/ingress-invite-store.ts +95 -1
package/src/memory/migrations/035-guardian-action-supersession.ts +23 -0
package/src/memory/migrations/index.ts +2 -1
package/src/memory/schema.ts +5 -1
package/src/memory/scoped-approval-grants.ts +14 -5
package/src/messaging/providers/slack/client.ts +12 -0
package/src/messaging/providers/slack/types.ts +5 -0
package/src/notifications/decision-engine.ts +49 -12
package/src/notifications/emit-signal.ts +7 -0
package/src/notifications/signal.ts +7 -0
package/src/notifications/thread-seed-composer.ts +2 -1
package/src/runtime/channel-approval-types.ts +16 -6
package/src/runtime/channel-approvals.ts +19 -15
package/src/runtime/channel-invite-transport.ts +85 -0
package/src/runtime/channel-invite-transports/telegram.ts +105 -0
package/src/runtime/guardian-action-grant-minter.ts +92 -35
package/src/runtime/guardian-action-message-composer.ts +30 -0
package/src/runtime/guardian-decision-types.ts +91 -0
package/src/runtime/http-server.ts +23 -1
package/src/runtime/ingress-service.ts +22 -0
package/src/runtime/invite-redemption-service.ts +181 -0
package/src/runtime/invite-redemption-templates.ts +39 -0
package/src/runtime/routes/call-routes.ts +2 -1
package/src/runtime/routes/guardian-action-routes.ts +206 -0
package/src/runtime/routes/guardian-approval-interception.ts +66 -190
package/src/runtime/routes/inbound-message-handler.ts +486 -394
package/src/runtime/routes/pairing-routes.ts +4 -0
package/src/security/encrypted-store.ts +31 -17
package/src/security/keychain.ts +176 -2
package/src/security/secure-keys.ts +97 -0
package/src/security/tool-approval-digest.ts +1 -1
package/src/tools/browser/browser-execution.ts +2 -2
package/src/tools/browser/browser-manager.ts +46 -32
package/src/tools/browser/browser-screencast.ts +2 -2
package/src/tools/calls/call-start.ts +1 -1
package/src/tools/executor.ts +22 -17
package/src/tools/network/script-proxy/session-manager.ts +1 -5
package/src/tools/skills/load.ts +22 -8
package/src/tools/system/avatar-generator.ts +119 -0
package/src/tools/system/navigate-settings.ts +65 -0
package/src/tools/system/open-system-settings.ts +75 -0
package/src/tools/system/voice-config.ts +121 -32
package/src/tools/terminal/backends/native.ts +40 -19
package/src/tools/terminal/backends/types.ts +3 -3
package/src/tools/terminal/parser.ts +1 -1
package/src/tools/terminal/sandbox-diagnostics.ts +6 -87
package/src/tools/terminal/sandbox.ts +1 -12
package/src/tools/terminal/shell.ts +3 -31
package/src/tools/tool-approval-handler.ts +141 -3
package/src/tools/tool-manifest.ts +6 -0
package/src/tools/types.ts +6 -0
package/src/util/diff.ts +36 -13
package/Dockerfile.sandbox +0 -5
package/src/__tests__/doordash-client.test.ts +0 -187
package/src/__tests__/doordash-session.test.ts +0 -154
package/src/__tests__/signup-e2e.test.ts +0 -354
package/src/__tests__/terminal-sandbox-docker.test.ts +0 -1065
package/src/__tests__/terminal-sandbox.integration.test.ts +0 -180
package/src/cli/doordash.ts +0 -1057
package/src/config/bundled-skills/doordash/SKILL.md +0 -163
package/src/config/templates/LOOKS.md +0 -25
package/src/doordash/cart-queries.ts +0 -787
package/src/doordash/client.ts +0 -1016
package/src/doordash/order-queries.ts +0 -85
package/src/doordash/queries.ts +0 -13
package/src/doordash/query-extractor.ts +0 -94
package/src/doordash/search-queries.ts +0 -203
package/src/doordash/session.ts +0 -84
package/src/doordash/store-queries.ts +0 -246
package/src/doordash/types.ts +0 -367
package/src/tools/terminal/backends/docker.ts +0 -379

package/src/runtime/routes/guardian-approval-interception.ts CHANGED Viewed

@@ -2,6 +2,7 @@
  * Approval interception: checks for pending approvals and handles inbound
  * messages as decisions, reminders, or conversational follow-ups.
  */
+import { applyGuardianDecision } from '../../approvals/guardian-decision-primitive.js';
 import type { ChannelId } from '../../channels/types.js';
 import {
   getAllPendingApprovalsByGuardianChat,
@@ -11,9 +12,7 @@ import {
   type GuardianApprovalRequest,
   updateApprovalDecision,
 } from '../../memory/channel-guardian-store.js';
-import { createScopedApprovalGrant } from '../../memory/scoped-approval-grants.js';
 import { emitNotificationSignal } from '../../notifications/emit-signal.js';
-import { computeToolApprovalDigest } from '../../security/tool-approval-digest.js';
 import { getLogger } from '../../util/logger.js';
 import { runApprovalConversationTurn } from '../approval-conversation-turn.js';
 import { composeApprovalMessageGenerative } from '../approval-message-composer.js';
@@ -25,7 +24,6 @@ import {
   getApprovalInfoByConversation,
   getChannelApprovalPrompt,
   handleChannelDecision,
-  type PendingApprovalInfo,
 } from '../channel-approvals.js';
 import { deliverChannelReply } from '../gateway-client.js';
 import type {
@@ -49,68 +47,6 @@ import {
 const log = getLogger('runtime-http');
-/** TTL for scoped approval grants minted on guardian approve_once decisions. */
-export const GRANT_TTL_MS = 5 * 60 * 1000;
-// ---------------------------------------------------------------------------
-// Scoped grant minting on guardian tool-approval decisions
-// ---------------------------------------------------------------------------
-/**
- * Mint a `tool_signature` scoped grant when a guardian approves a tool-approval
- * request.  Only mints when the approval info contains a tool invocation with
- * input (so we can compute the input digest).  Informational ASK_GUARDIAN
- * requests that lack tool input are skipped.
- *
- * Fails silently on error — grant minting is best-effort and must never block
- * the approval flow.
- */
-function tryMintToolApprovalGrant(params: {
-  approvalInfo: PendingApprovalInfo;
-  approval: GuardianApprovalRequest;
-  decisionChannel: ChannelId;
-  guardianExternalUserId: string;
-}): void {
-  const { approvalInfo, approval, decisionChannel, guardianExternalUserId } = params;
-  // Only mint for requests that carry a tool name — the presence of toolName
-  // distinguishes tool-approval requests from informational ones.
-  // computeToolApprovalDigest can deterministically hash {} so zero-argument
-  // tool invocations must still receive a grant.
-  if (!approvalInfo.toolName) {
-    return;
-  }
-  try {
-    const inputDigest = computeToolApprovalDigest(approvalInfo.toolName, approvalInfo.input);
-    createScopedApprovalGrant({
-      assistantId: approval.assistantId,
-      scopeMode: 'tool_signature',
-      toolName: approvalInfo.toolName,
-      inputDigest,
-      requestChannel: approval.channel,
-      decisionChannel,
-      executionChannel: null,
-      conversationId: approval.conversationId,
-      callSessionId: null,
-      guardianExternalUserId,
-      requesterExternalUserId: approval.requesterExternalUserId,
-      expiresAt: new Date(Date.now() + GRANT_TTL_MS).toISOString(),
-    });
-    log.info(
-      { toolName: approvalInfo.toolName, conversationId: approval.conversationId },
-      'Minted scoped approval grant for guardian tool-approval decision',
-    );
-  } catch (err) {
-    log.error(
-      { err, toolName: approvalInfo.toolName, conversationId: approval.conversationId },
-      'Failed to mint scoped approval grant (non-fatal)',
-    );
-  }
-}
 export interface ApprovalInterceptionParams {
   conversationId: string;
   callbackData?: string;
@@ -250,13 +186,6 @@ export async function handleApprovalInterception(
       }
       if (callbackDecision) {
-        // approve_always is not available for guardian approvals — guardians
-        // should not be able to permanently allowlist tools on behalf of the
-        // requester. Downgrade to approve_once.
-        if (callbackDecision.action === 'approve_always') {
-          callbackDecision = { ...callbackDecision, action: 'approve_once' };
-        }
         // Access request approvals don't have a pending interaction in the
         // session tracker, so they need a separate decision path that creates
         // a verification session instead of resuming an agent loop.
@@ -272,44 +201,22 @@ export async function handleApprovalInterception(
           return accessResult;
         }
-        // Capture pending approval info before handleChannelDecision resolves
-        // (and removes) the pending interaction. Needed for grant minting.
-        const cbApprovalInfo = getApprovalInfoByConversation(guardianApproval.conversationId);
-        const cbMatchedInfo = callbackDecision.requestId
-          ? cbApprovalInfo.find(a => a.requestId === callbackDecision!.requestId)
-          : cbApprovalInfo[0];
-        // Apply the decision to the underlying session using the requester's
-        // conversation context
-        const result = handleChannelDecision(
-          guardianApproval.conversationId,
-          callbackDecision,
-        );
+        // Apply the decision through the unified guardian decision primitive.
+        // The primitive handles approve_always downgrade, approval info capture,
+        // record update, and scoped grant minting.
+        const result = applyGuardianDecision({
+          approval: guardianApproval,
+          decision: callbackDecision,
+          actorExternalUserId: senderExternalUserId,
+          actorChannel: sourceChannel,
+        });
         if (result.applied) {
-          // Update the guardian approval request record only when the decision
-          // was actually applied. If the request was already resolved (race with
-          // expiry sweep or concurrent callback), skip to avoid inconsistency.
-          const approvalStatus = callbackDecision.action === 'reject' ? 'denied' as const : 'approved' as const;
-          updateApprovalDecision(guardianApproval.id, {
-            status: approvalStatus,
-            decidedByExternalUserId: senderExternalUserId,
-          });
-          // Mint a scoped grant when a guardian approves a tool-approval request
-          if (callbackDecision.action !== 'reject' && cbMatchedInfo) {
-            tryMintToolApprovalGrant({
-              approvalInfo: cbMatchedInfo,
-              approval: guardianApproval,
-              decisionChannel: sourceChannel,
-              guardianExternalUserId: senderExternalUserId,
-            });
-          }
           // Notify the requester's chat about the outcome with the tool name
+          const effectiveAction = callbackDecision.action === 'approve_always' ? 'approve_once' : callbackDecision.action;
           const outcomeText = await composeApprovalMessageGenerative({
             scenario: 'guardian_decision_outcome',
-            decision: callbackDecision.action === 'reject' ? 'denied' : 'approved',
+            decision: effectiveAction === 'reject' ? 'denied' : 'approved',
             toolName: guardianApproval.toolName,
             channel: sourceChannel,
           }, {}, approvalCopyGenerator);
@@ -428,38 +335,15 @@ export async function handleApprovalInterception(
           ...(engineResult.targetRequestId ? { requestId: engineResult.targetRequestId } : {}),
         };
-        // Capture pending approval info before handleChannelDecision resolves
-        // (and removes) the pending interaction. Needed for grant minting.
-        const engineApprovalInfo = getApprovalInfoByConversation(targetApproval.conversationId);
-        const engineMatchedInfo = engineDecision.requestId
-          ? engineApprovalInfo.find(a => a.requestId === engineDecision.requestId)
-          : engineApprovalInfo[0];
-        const result = handleChannelDecision(
-          targetApproval.conversationId,
-          engineDecision,
-        );
+        // Apply the decision through the unified guardian decision primitive.
+        const result = applyGuardianDecision({
+          approval: targetApproval,
+          decision: engineDecision,
+          actorExternalUserId: senderExternalUserId,
+          actorChannel: sourceChannel,
+        });
         if (result.applied) {
-          // Update the guardian approval request record only when the decision
-          // was actually applied. If the request was already resolved (race with
-          // expiry sweep or concurrent callback), skip to avoid inconsistency.
-          const approvalStatus = decisionAction === 'reject' ? 'denied' as const : 'approved' as const;
-          updateApprovalDecision(targetApproval.id, {
-            status: approvalStatus,
-            decidedByExternalUserId: senderExternalUserId,
-          });
-          // Mint a scoped grant when a guardian approves a tool-approval request
-          if (decisionAction !== 'reject' && engineMatchedInfo) {
-            tryMintToolApprovalGrant({
-              approvalInfo: engineMatchedInfo,
-              approval: targetApproval,
-              decisionChannel: sourceChannel,
-              guardianExternalUserId: senderExternalUserId,
-            });
-          }
           // Notify the requester's chat about the outcome
           const outcomeText = await composeApprovalMessageGenerative({
             scenario: 'guardian_decision_outcome',
@@ -591,35 +475,15 @@ export async function handleApprovalInterception(
             return accessResult;
           }
-          // Capture pending approval info before handleChannelDecision resolves
-          // (and removes) the pending interaction. Needed for grant minting.
-          const legacyApprovalInfo = getApprovalInfoByConversation(targetLegacyApproval.conversationId);
-          const legacyMatchedInfo = legacyGuardianDecision.requestId
-            ? legacyApprovalInfo.find(a => a.requestId === legacyGuardianDecision.requestId)
-            : legacyApprovalInfo[0];
-          const result = handleChannelDecision(
-            targetLegacyApproval.conversationId,
-            legacyGuardianDecision,
-          );
+          // Apply the decision through the unified guardian decision primitive.
+          const result = applyGuardianDecision({
+            approval: targetLegacyApproval,
+            decision: legacyGuardianDecision,
+            actorExternalUserId: senderExternalUserId,
+            actorChannel: sourceChannel,
+          });
           if (result.applied) {
-            const approvalStatus = legacyGuardianDecision.action === 'reject' ? 'denied' as const : 'approved' as const;
-            updateApprovalDecision(targetLegacyApproval.id, {
-              status: approvalStatus,
-              decidedByExternalUserId: senderExternalUserId,
-            });
-            // Mint a scoped grant when a guardian approves a tool-approval request
-            if (legacyGuardianDecision.action !== 'reject' && legacyMatchedInfo) {
-              tryMintToolApprovalGrant({
-                approvalInfo: legacyMatchedInfo,
-                approval: targetLegacyApproval,
-                decisionChannel: sourceChannel,
-                guardianExternalUserId: senderExternalUserId,
-              });
-            }
             // Notify the requester's chat about the outcome
             const outcomeText = await composeApprovalMessageGenerative({
               scenario: 'guardian_decision_outcome',
@@ -742,13 +606,15 @@ export async function handleApprovalInterception(
               action: 'reject',
               source: 'plain_text',
             };
-            const cancelApplyResult = handleChannelDecision(conversationId, rejectDecision);
+            // Apply the cancel decision through the unified primitive.
+            // The primitive handles record update and (no-op) grant logic.
+            const cancelApplyResult = applyGuardianDecision({
+              approval: guardianApprovalForRequest,
+              decision: rejectDecision,
+              actorExternalUserId: senderExternalUserId,
+              actorChannel: sourceChannel,
+            });
             if (cancelApplyResult.applied) {
-              updateApprovalDecision(guardianApprovalForRequest.id, {
-                status: 'denied',
-                decidedByExternalUserId: senderExternalUserId,
-              });
               // Notify requester
               const replyText = cancelReplyText ?? await composeApprovalMessageGenerative({
                 scenario: 'requester_cancel',
@@ -1152,29 +1018,39 @@ async function handleAccessRequestApproval(
     });
   }
-  // Emit guardian_decision (approved) signal
-  void emitNotificationSignal({
-    sourceEventName: 'ingress.trusted_contact.guardian_decision',
-    sourceChannel: approval.channel,
-    sourceSessionId: approval.conversationId,
-    assistantId,
-    attentionHints: {
-      requiresAction: false,
-      urgency: 'medium',
-      isAsyncBackground: false,
-      visibleInSourceNow: false,
-    },
-    contextPayload: {
+  // Don't emit guardian_decision for approvals that still require code
+  // verification — the guardian already received the code, and emitting
+  // this signal prematurely causes the notification pipeline to deliver
+  // a confusing "approved" message before the requester has verified.
+  // The guardian_decision signal should only fire once access is fully granted
+  // (i.e. after code consumption), which is handled in the verification path.
+  if (!decisionResult.verificationSessionId) {
+    void emitNotificationSignal({
+      sourceEventName: 'ingress.trusted_contact.guardian_decision',
       sourceChannel: approval.channel,
-      requesterExternalUserId: approval.requesterExternalUserId,
-      requesterChatId: approval.requesterChatId,
-      decidedByExternalUserId,
-      decision: 'approved',
-    },
-    dedupeKey: `trusted-contact:guardian-decision:${approval.id}`,
-  });
+      sourceSessionId: approval.conversationId,
+      assistantId,
+      attentionHints: {
+        requiresAction: false,
+        urgency: 'medium',
+        isAsyncBackground: false,
+        visibleInSourceNow: false,
+      },
+      contextPayload: {
+        sourceChannel: approval.channel,
+        requesterExternalUserId: approval.requesterExternalUserId,
+        requesterChatId: approval.requesterChatId,
+        decidedByExternalUserId,
+        decision: 'approved',
+      },
+      dedupeKey: `trusted-contact:guardian-decision:${approval.id}`,
+    });
+  }
-  // Only emit verification_sent when the code was actually delivered to the guardian.
+  // Emit verification_sent with visibleInSourceNow=true so the notification
+  // pipeline suppresses delivery — the guardian already received the
+  // verification code directly. Without this flag, the pipeline generates
+  // a redundant LLM message like "Good news! Your request has been approved."
   if (decisionResult.verificationSessionId && codeDelivered) {
     void emitNotificationSignal({
       sourceEventName: 'ingress.trusted_contact.verification_sent',
@@ -1185,7 +1061,7 @@ async function handleAccessRequestApproval(
         requiresAction: false,
         urgency: 'low',
         isAsyncBackground: true,
-        visibleInSourceNow: false,
+        visibleInSourceNow: true,
       },
       contextPayload: {
         sourceChannel: approval.channel,