@vellumai/assistant 0.3.27 → 0.4.0

package/src/__tests__/guardian-dispatch.test.ts

@@ -42,6 +42,8 @@ mock.module('../memory/channel-guardian-store.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     calls: {
       userConsultTimeoutSeconds: 120,
     },
@@ -103,6 +105,8 @@ function ensureConversation(id: string): void {
 
 function resetTables(): void {
   const db = getDb();
+  db.run('DELETE FROM canonical_guardian_deliveries');
+  db.run('DELETE FROM canonical_guardian_requests');
   db.run('DELETE FROM guardian_action_deliveries');
   db.run('DELETE FROM guardian_action_requests');
   db.run('DELETE FROM call_pending_questions');
@@ -160,7 +164,7 @@ describe('guardian-dispatch', () => {
 
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
-    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+    const request = raw.query('SELECT * FROM canonical_guardian_requests WHERE call_session_id = ?').get(session.id) as
       | { id: string; status: string; question_text: string }
       | undefined;
     expect(request).toBeDefined();
@@ -168,7 +172,7 @@ describe('guardian-dispatch', () => {
     expect(request!.question_text).toBe('What is the gate code?');
 
     const vellumDelivery = raw.query(
-      'SELECT * FROM guardian_action_deliveries WHERE request_id = ? AND destination_channel = ?',
+      'SELECT * FROM canonical_guardian_deliveries WHERE request_id = ? AND destination_channel = ?',
     ).get(request!.id, 'vellum') as { status: string; destination_conversation_id: string | null } | undefined;
     expect(vellumDelivery).toBeDefined();
     expect(vellumDelivery!.status).toBe('sent');
@@ -224,18 +228,17 @@ describe('guardian-dispatch', () => {
 
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
-    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+    const request = raw.query('SELECT * FROM canonical_guardian_requests WHERE call_session_id = ?').get(session.id) as
       | { id: string }
       | undefined;
     const telegramDelivery = raw.query(
-      'SELECT * FROM guardian_action_deliveries WHERE request_id = ? AND destination_channel = ?',
+      'SELECT * FROM canonical_guardian_deliveries WHERE request_id = ? AND destination_channel = ?',
     ).get(request!.id, 'telegram') as
-      | { status: string; destination_chat_id: string | null; destination_external_user_id: string | null }
+      | { status: string; destination_chat_id: string | null }
       | undefined;
     expect(telegramDelivery).toBeDefined();
     expect(telegramDelivery!.status).toBe('sent');
     expect(telegramDelivery!.destination_chat_id).toBe('tg-chat-999');
-    expect(telegramDelivery!.destination_external_user_id).toBe('tg-user-888');
   });
 
   test('marks non-sent pipeline delivery results as failed', async () => {
@@ -275,15 +278,14 @@ describe('guardian-dispatch', () => {
 
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
-    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+    const request = raw.query('SELECT * FROM canonical_guardian_requests WHERE call_session_id = ?').get(session.id) as
       | { id: string }
       | undefined;
     const vellumDelivery = raw.query(
-      'SELECT * FROM guardian_action_deliveries WHERE request_id = ? AND destination_channel = ?',
-    ).get(request!.id, 'vellum') as { status: string; last_error: string | null } | undefined;
+      'SELECT * FROM canonical_guardian_deliveries WHERE request_id = ? AND destination_channel = ?',
+    ).get(request!.id, 'vellum') as { status: string } | undefined;
     expect(vellumDelivery).toBeDefined();
     expect(vellumDelivery!.status).toBe('failed');
-    expect(vellumDelivery!.last_error).toContain('IPC unavailable');
   });
 
   test('uses onThreadCreated callback conversation when delivery result omits conversationId', async () => {
@@ -326,17 +328,17 @@ describe('guardian-dispatch', () => {
 
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
-    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+    const request = raw.query('SELECT * FROM canonical_guardian_requests WHERE call_session_id = ?').get(session.id) as
       | { id: string }
       | undefined;
     const vellumDelivery = raw.query(
-      'SELECT * FROM guardian_action_deliveries WHERE request_id = ? AND destination_channel = ?',
+      'SELECT * FROM canonical_guardian_deliveries WHERE request_id = ? AND destination_channel = ?',
     ).get(request!.id, 'vellum') as { destination_conversation_id: string | null } | undefined;
     expect(vellumDelivery).toBeDefined();
     expect(vellumDelivery!.destination_conversation_id).toBe('conv-from-thread-created');
   });
 
-  test('persists toolName and inputDigest on guardian action request for tool-approval dispatches', async () => {
+  test('persists toolName and inputDigest on canonical guardian request for tool-approval dispatches', async () => {
     const convId = 'conv-dispatch-5';
     ensureConversation(convId);
 
@@ -359,7 +361,7 @@ describe('guardian-dispatch', () => {
 
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
-    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+    const request = raw.query('SELECT * FROM canonical_guardian_requests WHERE call_session_id = ?').get(session.id) as
       | { id: string; tool_name: string | null; input_digest: string | null }
       | undefined;
     expect(request).toBeDefined();
@@ -388,7 +390,7 @@ describe('guardian-dispatch', () => {
 
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
-    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+    const request = raw.query('SELECT * FROM canonical_guardian_requests WHERE call_session_id = ?').get(session.id) as
       | { id: string; tool_name: string | null; input_digest: string | null }
       | undefined;
     expect(request).toBeDefined();
@@ -485,11 +487,11 @@ describe('guardian-dispatch', () => {
       pendingQuestion: pq2,
     });
 
-    // Both dispatches should have created separate action requests
+    // Both dispatches should have created separate canonical requests
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
     const requests = raw.query(
-      'SELECT * FROM guardian_action_requests WHERE call_session_id = ? ORDER BY created_at ASC',
+      'SELECT * FROM canonical_guardian_requests WHERE call_session_id = ? ORDER BY created_at ASC',
     ).all(session.id) as Array<{ id: string; question_text: string }>;
     expect(requests).toHaveLength(2);
     expect(requests[0].question_text).toBe('What is the gate code?');
@@ -498,7 +500,7 @@ describe('guardian-dispatch', () => {
     // Each request should have its own delivery row, both pointing to the shared conversation
     for (const req of requests) {
       const delivery = raw.query(
-        'SELECT * FROM guardian_action_deliveries WHERE request_id = ? AND destination_channel = ?',
+        'SELECT * FROM canonical_guardian_deliveries WHERE request_id = ? AND destination_channel = ?',
       ).get(req.id, 'vellum') as { status: string; destination_conversation_id: string | null } | undefined;
       expect(delivery).toBeDefined();
       expect(delivery!.status).toBe('sent');
@@ -507,7 +509,7 @@ describe('guardian-dispatch', () => {
 
     // Total delivery rows should be 2 (one per request), not 1
     const allDeliveries = raw.query(
-      'SELECT * FROM guardian_action_deliveries WHERE destination_conversation_id = ?',
+      'SELECT * FROM canonical_guardian_deliveries WHERE destination_conversation_id = ?',
     ).all(sharedConversationId) as Array<{ request_id: string }>;
     expect(allDeliveries).toHaveLength(2);
 

package/src/__tests__/guardian-grant-minting.test.ts

@@ -137,7 +137,7 @@ function registerPendingInteraction(
 
 function makeGuardianContext(): GuardianContext {
   return {
-    actorRole: 'guardian',
+    trustClass: 'guardian',
     denialReason: undefined,
   };
 }
@@ -530,3 +530,70 @@ describe('guardian grant minting on tool-approval decisions', () => {
     composeSpy.mockRestore();
   });
 });
+
+describe('approval interception trust-class regression coverage', () => {
+  let deliverSpy: ReturnType<typeof spyOn>;
+  let composeSpy: ReturnType<typeof spyOn>;
+
+  beforeEach(() => {
+    resetTables();
+    deliverSpy = spyOn(gatewayClient, 'deliverChannelReply').mockResolvedValue(undefined);
+    composeSpy = spyOn(approvalMessageComposer, 'composeApprovalMessageGenerative')
+      .mockResolvedValue('test message');
+  });
+
+  test('identity-known unknown sender does not auto-deny pending approval', async () => {
+    const requestId = 'req-unknown-no-auto-deny-1';
+    const sessionMock = registerPendingInteraction(requestId, CONVERSATION_ID, TOOL_NAME, TOOL_INPUT);
+    createTestGuardianApproval(requestId);
+
+    const result = await handleApprovalInterception({
+      conversationId: CONVERSATION_ID,
+      content: 'approve',
+      externalChatId: REQUESTER_CHAT,
+      sourceChannel: 'telegram',
+      senderExternalUserId: 'intruder-user-1',
+      replyCallbackUrl: 'https://gateway.test/deliver',
+      guardianCtx: {
+        trustClass: 'unknown',
+      },
+      assistantId: ASSISTANT_ID,
+    });
+
+    expect(result.handled).toBe(true);
+    expect(result.type).toBe('assistant_turn');
+    expect(sessionMock).not.toHaveBeenCalled();
+
+    deliverSpy.mockRestore();
+    composeSpy.mockRestore();
+  });
+
+  test('legacy unverified sender still auto-denies pending approval', async () => {
+    const requestId = 'req-unknown-auto-deny-1';
+    const sessionMock = registerPendingInteraction(requestId, CONVERSATION_ID, TOOL_NAME, TOOL_INPUT);
+    createTestGuardianApproval(requestId);
+
+    const result = await handleApprovalInterception({
+      conversationId: CONVERSATION_ID,
+      content: 'approve',
+      externalChatId: REQUESTER_CHAT,
+      sourceChannel: 'telegram',
+      senderExternalUserId: undefined,
+      replyCallbackUrl: 'https://gateway.test/deliver',
+      guardianCtx: {
+        trustClass: 'unknown',
+        denialReason: 'no_identity',
+      },
+      assistantId: ASSISTANT_ID,
+    });
+
+    expect(result.handled).toBe(true);
+    expect(result.type).toBe('decision_applied');
+    expect(sessionMock).toHaveBeenCalled();
+    expect(sessionMock.mock.calls[0]?.[0]).toBe(requestId);
+    expect(sessionMock.mock.calls[0]?.[1]).toBe('deny');
+
+    deliverSpy.mockRestore();
+    composeSpy.mockRestore();
+  });
+});

package/src/__tests__/guardian-outbound-http.test.ts

@@ -364,15 +364,16 @@ describe('HTTP route: handleStartOutbound', () => {
     const req = jsonRequest({ destination: '+15551234567' });
     const resp = await handleStartOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
-    expect(body.error).toBe('missing_channel');
+    const body = await resp.json() as { error: { message: string; code: string } };
+    expect(body.error.code).toBe('BAD_REQUEST');
+    expect(body.error.message).toContain('channel');
   });
 
   test('returns 400 for missing destination (SMS)', async () => {
     const req = jsonRequest({ channel: 'sms' });
     const resp = await handleStartOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
+    const body = await resp.json() as { error?: string };
     expect(body.error).toBe('missing_destination');
   });
 
@@ -391,15 +392,16 @@ describe('HTTP route: handleResendOutbound', () => {
     const req = jsonRequest({});
     const resp = await handleResendOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
-    expect(body.error).toBe('missing_channel');
+    const body = await resp.json() as { error: { message: string; code: string } };
+    expect(body.error.code).toBe('BAD_REQUEST');
+    expect(body.error.message).toContain('channel');
   });
 
   test('returns 400 for no_active_session', async () => {
     const req = jsonRequest({ channel: 'sms', assistantId: 'resend-no-session' });
     const resp = await handleResendOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
+    const body = await resp.json() as { error?: string };
     expect(body.error).toBe('no_active_session');
   });
 
@@ -432,15 +434,16 @@ describe('HTTP route: handleCancelOutbound', () => {
     const req = jsonRequest({});
     const resp = await handleCancelOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
-    expect(body.error).toBe('missing_channel');
+    const body = await resp.json() as { error: { message: string; code: string } };
+    expect(body.error.code).toBe('BAD_REQUEST');
+    expect(body.error.message).toContain('channel');
   });
 
   test('returns 400 for no_active_session', async () => {
     const req = jsonRequest({ channel: 'sms', assistantId: 'cancel-no-session' });
     const resp = await handleCancelOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
+    const body = await resp.json() as { error?: string };
     expect(body.error).toBe('no_active_session');
   });