@vellumai/assistant 0.3.28 → 0.4.0

package/src/__tests__/voice-invite-redemption.test.ts

@@ -0,0 +1,329 @@
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+import { afterAll, beforeEach, describe, expect, mock, test } from 'bun:test';
+
+const testDir = mkdtempSync(join(tmpdir(), 'voice-invite-redemption-test-'));
+
+mock.module('../util/platform.js', () => ({
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () => new Proxy({} as Record<string, unknown>, {
+    get: () => () => {},
+  }),
+}));
+
+import { getSqlite, initializeDb, resetDb } from '../memory/db.js';
+import { createInvite, revokeInvite } from '../memory/ingress-invite-store.js';
+import { upsertMember } from '../memory/ingress-member-store.js';
+import { redeemVoiceInviteCode } from '../runtime/invite-redemption-service.js';
+import { generateVoiceCode, hashVoiceCode } from '../util/voice-code.js';
+
+initializeDb();
+
+afterAll(() => {
+  resetDb();
+  try { rmSync(testDir, { recursive: true }); } catch { /* best effort */ }
+});
+
+function resetTables() {
+  getSqlite().run('DELETE FROM assistant_ingress_members');
+  getSqlite().run('DELETE FROM assistant_ingress_invites');
+}
+
+// ---------------------------------------------------------------------------
+// generateVoiceCode
+// ---------------------------------------------------------------------------
+
+describe('generateVoiceCode', () => {
+  test('generates a code with the default 6 digits', () => {
+    const code = generateVoiceCode();
+    expect(code.length).toBe(6);
+    expect(/^\d{6}$/.test(code)).toBe(true);
+  });
+
+  test('generates a code with the requested digit count', () => {
+    for (const digits of [4, 5, 6, 7, 8, 9, 10]) {
+      const code = generateVoiceCode(digits);
+      expect(code.length).toBe(digits);
+      expect(new RegExp(`^\\d{${digits}}$`).test(code)).toBe(true);
+    }
+  });
+
+  test('throws for digit count below 4', () => {
+    expect(() => generateVoiceCode(3)).toThrow(/between 4 and 10/);
+  });
+
+  test('throws for digit count above 10', () => {
+    expect(() => generateVoiceCode(11)).toThrow(/between 4 and 10/);
+  });
+
+  test('produces different codes across multiple calls (randomness)', () => {
+    // Generate many codes and check that we don't get the same one every time.
+    // With 6 digits there are 900,000 possibilities, so getting 10 identical
+    // codes would be astronomically unlikely.
+    const codes = new Set<string>();
+    for (let i = 0; i < 10; i++) {
+      codes.add(generateVoiceCode());
+    }
+    // At least 2 distinct values in 10 tries
+    expect(codes.size).toBeGreaterThanOrEqual(2);
+  });
+
+  test('generated code is within the valid numeric range', () => {
+    for (let i = 0; i < 20; i++) {
+      const code = generateVoiceCode(6);
+      const num = parseInt(code, 10);
+      // 6 digits: range [100000, 999999]
+      expect(num).toBeGreaterThanOrEqual(100000);
+      expect(num).toBeLessThanOrEqual(999999);
+    }
+  });
+});
+
+// ---------------------------------------------------------------------------
+// hashVoiceCode
+// ---------------------------------------------------------------------------
+
+describe('hashVoiceCode', () => {
+  test('produces a deterministic hash', () => {
+    const code = '123456';
+    const hash1 = hashVoiceCode(code);
+    const hash2 = hashVoiceCode(code);
+    expect(hash1).toBe(hash2);
+  });
+
+  test('produces a hex-encoded SHA-256 hash (64 chars)', () => {
+    const hash = hashVoiceCode('654321');
+    expect(hash.length).toBe(64);
+    expect(/^[0-9a-f]{64}$/.test(hash)).toBe(true);
+  });
+
+  test('different codes produce different hashes', () => {
+    const hash1 = hashVoiceCode('111111');
+    const hash2 = hashVoiceCode('222222');
+    expect(hash1).not.toBe(hash2);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// redeemVoiceInviteCode
+// ---------------------------------------------------------------------------
+
+describe('redeemVoiceInviteCode', () => {
+  beforeEach(resetTables);
+
+  /**
+   * Helper: create a voice invite with a known code and return the
+   * invite record plus the plaintext code.
+   */
+  function createVoiceInvite(opts: {
+    callerPhone?: string;
+    maxUses?: number;
+    expiresInMs?: number;
+    voiceCodeDigits?: number;
+    assistantId?: string;
+  } = {}) {
+    const digits = opts.voiceCodeDigits ?? 6;
+    const code = generateVoiceCode(digits);
+    const codeHash = hashVoiceCode(code);
+
+    const { invite } = createInvite({
+      assistantId: opts.assistantId ?? 'self',
+      sourceChannel: 'voice',
+      maxUses: opts.maxUses ?? 1,
+      expiresInMs: opts.expiresInMs,
+      expectedExternalUserId: opts.callerPhone ?? '+15551234567',
+      voiceCodeHash: codeHash,
+      voiceCodeDigits: digits,
+    });
+
+    return { invite, code };
+  }
+
+  test('happy path: correct caller + correct code redeems successfully', () => {
+    const phone = '+15551234567';
+    const { code } = createVoiceInvite({ callerPhone: phone });
+
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: phone,
+      sourceChannel: 'voice',
+      code,
+    });
+
+    expect(result.ok).toBe(true);
+    expect(result).toMatchObject({
+      ok: true,
+      type: 'redeemed',
+      memberId: expect.any(String),
+      inviteId: expect.any(String),
+    });
+  });
+
+  test('wrong caller identity fails with generic error', () => {
+    const { code } = createVoiceInvite({ callerPhone: '+15551234567' });
+
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: '+19999999999',
+      sourceChannel: 'voice',
+      code,
+    });
+
+    expect(result).toEqual({ ok: false, reason: 'invalid_or_expired' });
+  });
+
+  test('wrong code fails with generic error', () => {
+    createVoiceInvite({ callerPhone: '+15551234567' });
+
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: '+15551234567',
+      sourceChannel: 'voice',
+      code: '000000',
+    });
+
+    expect(result).toEqual({ ok: false, reason: 'invalid_or_expired' });
+  });
+
+  test('expired invite fails', () => {
+    const phone = '+15551234567';
+    const { code } = createVoiceInvite({ callerPhone: phone, expiresInMs: -1 });
+
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: phone,
+      sourceChannel: 'voice',
+      code,
+    });
+
+    expect(result).toEqual({ ok: false, reason: 'invalid_or_expired' });
+  });
+
+  test('max uses exhausted fails', () => {
+    const phone = '+15551234567';
+    const { code } = createVoiceInvite({ callerPhone: phone, maxUses: 1 });
+
+    // First redemption succeeds
+    const first = redeemVoiceInviteCode({
+      callerExternalUserId: phone,
+      sourceChannel: 'voice',
+      code,
+    });
+    expect(first.ok).toBe(true);
+
+    // Second redemption fails — max uses exhausted
+    const second = redeemVoiceInviteCode({
+      callerExternalUserId: phone,
+      sourceChannel: 'voice',
+      code,
+    });
+    expect(second).toEqual({ ok: false, reason: 'invalid_or_expired' });
+  });
+
+  test('revoked invite fails', () => {
+    const phone = '+15551234567';
+    const { invite, code } = createVoiceInvite({ callerPhone: phone });
+
+    revokeInvite(invite.id);
+
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: phone,
+      sourceChannel: 'voice',
+      code,
+    });
+
+    expect(result).toEqual({ ok: false, reason: 'invalid_or_expired' });
+  });
+
+  test('voice-only invite cannot be redeemed if sourceChannel on invite is not voice', () => {
+    // Create a non-voice invite with voice code metadata to simulate a
+    // hypothetical misconfiguration. The redemption service filters by
+    // sourceChannel='voice', so non-voice invites are invisible.
+    const code = generateVoiceCode(6);
+    const codeHash = hashVoiceCode(code);
+
+    createInvite({
+      sourceChannel: 'telegram',
+      maxUses: 1,
+      expectedExternalUserId: '+15551234567',
+      voiceCodeHash: codeHash,
+      voiceCodeDigits: 6,
+    });
+
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: '+15551234567',
+      sourceChannel: 'voice',
+      code,
+    });
+
+    // findActiveVoiceInvites filters by sourceChannel='voice', so the
+    // telegram invite won't be found.
+    expect(result).toEqual({ ok: false, reason: 'invalid_or_expired' });
+  });
+
+  test('already-member caller gets already_member outcome', () => {
+    const phone = '+15551234567';
+    const { code } = createVoiceInvite({ callerPhone: phone });
+
+    // Pre-create an active member for this phone on voice channel
+    upsertMember({
+      sourceChannel: 'voice',
+      externalUserId: phone,
+      status: 'active',
+      policy: 'allow',
+    });
+
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: phone,
+      sourceChannel: 'voice',
+      code,
+    });
+
+    expect(result.ok).toBe(true);
+    expect(result).toMatchObject({
+      ok: true,
+      type: 'already_member',
+      memberId: expect.any(String),
+    });
+  });
+
+  test('blocked member gets generic failure to avoid leaking membership status', () => {
+    const phone = '+15551234567';
+    const { code } = createVoiceInvite({ callerPhone: phone });
+
+    upsertMember({
+      sourceChannel: 'voice',
+      externalUserId: phone,
+      status: 'blocked',
+      policy: 'deny',
+    });
+
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: phone,
+      sourceChannel: 'voice',
+      code,
+    });
+
+    expect(result).toEqual({ ok: false, reason: 'invalid_or_expired' });
+  });
+
+  test('empty callerExternalUserId fails', () => {
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: '',
+      sourceChannel: 'voice',
+      code: '123456',
+    });
+
+    expect(result).toEqual({ ok: false, reason: 'invalid_or_expired' });
+  });
+
+});

package/src/__tests__/voice-scoped-grant-consumer.test.ts

@@ -53,6 +53,8 @@ mock.module('../util/logger.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     provider: 'anthropic',
     providerOrder: ['anthropic'],
     apiKeys: { anthropic: 'test-key' },
@@ -266,7 +268,7 @@ describe('voice bridge confirmation handling (grant consumption via primitive)',
 
     const guardianContext: GuardianRuntimeContext = {
       sourceChannel: 'voice',
-      actorRole: 'non-guardian',
+      trustClass: 'trusted_contact',
       requesterExternalUserId: 'caller-123',
     };
 
@@ -307,7 +309,7 @@ describe('voice bridge confirmation handling (grant consumption via primitive)',
 
     const guardianContext: GuardianRuntimeContext = {
       sourceChannel: 'voice',
-      actorRole: 'non-guardian',
+      trustClass: 'trusted_contact',
       requesterExternalUserId: 'caller-123',
     };
 
@@ -343,7 +345,7 @@ describe('voice bridge confirmation handling (grant consumption via primitive)',
 
     const guardianContext: GuardianRuntimeContext = {
       sourceChannel: 'voice',
-      actorRole: 'non-guardian',
+      trustClass: 'trusted_contact',
     };
 
     await startVoiceTurn({
@@ -373,7 +375,7 @@ describe('voice bridge confirmation handling (grant consumption via primitive)',
 
     const guardianContext: GuardianRuntimeContext = {
       sourceChannel: 'voice',
-      actorRole: 'guardian',
+      trustClass: 'guardian',
     };
 
     await startVoiceTurn({
@@ -407,7 +409,7 @@ describe('voice bridge confirmation handling (grant consumption via primitive)',
 
     const guardianContext: GuardianRuntimeContext = {
       sourceChannel: 'voice',
-      actorRole: 'non-guardian',
+      trustClass: 'trusted_contact',
       requesterExternalUserId: 'caller-123',
     };
 

package/src/__tests__/voice-session-bridge.test.ts

@@ -304,7 +304,7 @@ describe('voice-session-bridge', () => {
       isInbound: true,
       guardianContext: {
         sourceChannel: 'voice',
-        actorRole: 'non-guardian',
+        trustClass: 'trusted_contact',
         guardianExternalUserId: '+15550009999',
         guardianChatId: '+15550009999',
         requesterExternalUserId: '+15550002222',
@@ -340,7 +340,7 @@ describe('voice-session-bridge', () => {
       isInbound: true,
       guardianContext: {
         sourceChannel: 'voice',
-        actorRole: 'unverified_channel',
+        trustClass: 'unknown',
         denialReason: 'no_binding',
       },
       onTextDelta: () => {},
@@ -374,7 +374,7 @@ describe('voice-session-bridge', () => {
       isInbound: true,
       guardianContext: {
         sourceChannel: 'voice',
-        actorRole: 'guardian',
+        trustClass: 'guardian',
         guardianExternalUserId: '+15550001111',
         guardianChatId: '+15550001111',
       },
@@ -407,7 +407,7 @@ describe('voice-session-bridge', () => {
 
     const guardianCtx = {
       sourceChannel: 'voice' as const,
-      actorRole: 'guardian' as const,
+      trustClass: 'guardian' as const,
       guardianExternalUserId: '+15550001111',
       guardianChatId: '+15550001111',
     };
@@ -450,7 +450,7 @@ describe('voice-session-bridge', () => {
       isInbound: true,
       guardianContext: {
         sourceChannel: 'voice',
-        actorRole: 'non-guardian',
+        trustClass: 'trusted_contact',
       },
       onTextDelta: () => {},
       onComplete: () => {},
@@ -499,7 +499,7 @@ describe('voice-session-bridge', () => {
       isInbound: true,
       guardianContext: {
         sourceChannel: 'voice',
-        actorRole: 'non-guardian',
+        trustClass: 'trusted_contact',
       },
       onTextDelta: () => {},
       onComplete: () => {},
@@ -574,7 +574,7 @@ describe('voice-session-bridge', () => {
       isInbound: true,
       guardianContext: {
         sourceChannel: 'voice',
-        actorRole: 'non-guardian',
+        trustClass: 'trusted_contact',
         guardianExternalUserId: '+15550009999',
         guardianChatId: '+15550009999',
         requesterExternalUserId: '+15550002222',
@@ -644,7 +644,7 @@ describe('voice-session-bridge', () => {
       isInbound: true,
       guardianContext: {
         sourceChannel: 'voice',
-        actorRole: 'unverified_channel',
+        trustClass: 'unknown',
         denialReason: 'no_binding',
       },
       onTextDelta: () => {},
@@ -768,7 +768,7 @@ describe('voice-session-bridge', () => {
       isInbound: true,
       guardianContext: {
         sourceChannel: 'voice',
-        actorRole: 'guardian',
+        trustClass: 'guardian',
         guardianExternalUserId: '+15550001111',
         guardianChatId: '+15550001111',
       },
@@ -835,7 +835,7 @@ describe('voice-session-bridge', () => {
       isInbound: true,
       guardianContext: {
         sourceChannel: 'voice',
-        actorRole: 'guardian',
+        trustClass: 'guardian',
         guardianExternalUserId: '+15550001111',
         guardianChatId: '+15550001111',
       },

package/src/__tests__/work-item-output.test.ts

@@ -29,7 +29,9 @@ mock.module('../util/logger.js', () => ({
 }));
 
 mock.module('../config/loader.js', () => ({
-  getConfig: () => ({ memory: {} }),
+  getConfig: () => ({
+    ui: {},
+     memory: {} }),
 }));
 
 mock.module('./indexer.js', () => ({

package/src/__tests__/workspace-lifecycle.test.ts

@@ -10,8 +10,12 @@ import { existsSync,mkdirSync, rmSync, writeFileSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 
-import { afterEach,beforeEach, describe, expect, test } from 'bun:test';
+import { afterAll, afterEach, beforeEach, describe, expect, test } from 'bun:test';
 
+import {
+  _resetEnrichmentService,
+  getEnrichmentService,
+} from '../workspace/commit-message-enrichment-service.js';
 import {
   _resetGitServiceRegistry,
   getWorkspaceGitService,
@@ -36,12 +40,19 @@ describe('Workspace git lifecycle (integration)', () => {
     _resetHeartbeatState();
   });
 
-  afterEach(() => {
+  afterEach(async () => {
+    try { await getEnrichmentService().shutdown(); } catch { /* ignore */ }
+    _resetEnrichmentService();
     if (existsSync(testDir)) {
       rmSync(testDir, { recursive: true, force: true });
     }
   });
 
+  afterAll(async () => {
+    try { await getEnrichmentService().shutdown(); } catch { /* ignore */ }
+    _resetEnrichmentService();
+  });
+
   // Build a clean git env: strip all GIT_* env vars that CI runners
   // inject, then set GIT_CEILING_DIRECTORIES to isolate test repos.
   function gitEnv(cwd: string): Record<string, string> {

package/src/calls/call-controller.ts

@@ -12,13 +12,11 @@ import { getGatewayInternalBaseUrl } from '../config/env.js';
 import type { ServerMessage } from '../daemon/ipc-contract.js';
 import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.js';
 import {
-  backfillSupersessionMetadata,
-  expireGuardianActionRequest,
-  getByPendingQuestionId,
-  getDeliveriesByRequestId,
-  getPendingRequestByCallSessionId,
-  markTimedOutWithReason,
-} from '../memory/guardian-action-store.js';
+  expireCanonicalGuardianRequest,
+  getCanonicalRequestByPendingQuestionId,
+  getPendingCanonicalRequestByCallSessionId,
+  listCanonicalGuardianDeliveries,
+} from '../memory/canonical-guardian-store.js';
 import { revokeScopedApprovalGrantsForContext } from '../memory/scoped-approval-grants.js';
 import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { getLogger } from '../util/logger.js';
@@ -709,8 +707,7 @@ export class CallController {
               effectiveToolMeta && this.pendingConsultation.toolApprovalMeta
                 ? effectiveToolMeta.toolName === this.pendingConsultation.toolApprovalMeta.toolName
                   && effectiveToolMeta.inputDigest === this.pendingConsultation.toolApprovalMeta.inputDigest
-                : !effectiveToolMeta && !this.pendingConsultation.toolApprovalMeta
-                  && questionText === this.pendingConsultation.questionText;
+                : !effectiveToolMeta && !this.pendingConsultation.toolApprovalMeta;
 
             if (isSameToolAction) {
               // Same tool/action — coalesce. Keep the existing consultation
@@ -728,11 +725,11 @@ export class CallController {
               // Expire the previous consultation's storage records so stale
               // guardian answers cannot match the old request.
               expirePendingQuestions(this.callSessionId);
-              const previousRequest = getPendingRequestByCallSessionId(this.callSessionId);
+              const previousRequest = getPendingCanonicalRequestByCallSessionId(this.callSessionId);
               if (previousRequest) {
                 // Immediately expire with 'superseded' reason to prevent
                 // stale answers from resolving the old request.
-                expireGuardianActionRequest(previousRequest.id, 'superseded');
+                expireCanonicalGuardianRequest(previousRequest.id);
                 log.info(
                   { callSessionId: this.callSessionId, requestId: previousRequest.id },
                   'Superseded guardian action request (materially different intent)',
@@ -769,9 +766,9 @@ export class CallController {
           // a completed call with a dangling pendingQuestion, and guardian
           // replies are cleanly rejected instead of hitting answerCall failures.
           expirePendingQuestions(this.callSessionId);
-          const previousRequest = getPendingRequestByCallSessionId(this.callSessionId);
+          const previousRequest = getPendingCanonicalRequestByCallSessionId(this.callSessionId);
           if (previousRequest) {
-            expireGuardianActionRequest(previousRequest.id, 'cancelled');
+            expireCanonicalGuardianRequest(previousRequest.id);
           }
 
           this.pendingConsultation = null;
@@ -857,7 +854,7 @@ export class CallController {
   }
 
   private isCallerGuardian(): boolean {
-    return this.guardianContext?.actorRole === 'guardian';
+    return this.guardianContext?.trustClass === 'guardian';
   }
 
   /**
@@ -896,11 +893,16 @@ export class CallController {
         inputDigest: effectiveToolMeta?.inputDigest,
       }).then(() => {
         // Backfill supersession chain: now that the new request exists in
-        // the store, update the old request's superseded_by_request_id.
+        // the store, link the old request to the new one.
         if (supersededRequestId) {
-          const newRequest = getByPendingQuestionId(stablePendingQuestionId);
+          const newRequest = getCanonicalRequestByPendingQuestionId(stablePendingQuestionId);
           if (newRequest) {
-            backfillSupersessionMetadata(supersededRequestId, newRequest.id);
+            // Canonical store does not track supersession metadata;
+            // the old request was already expired above.
+            log.info(
+              { callSessionId: this.callSessionId, oldRequestId: supersededRequestId, newRequestId: newRequest.id },
+              'Supersession chain: new canonical request created',
+            );
           }
         }
       });
@@ -918,17 +920,18 @@ export class CallController {
       // send expiry notices to guardian destinations. Deliveries
       // must be captured before markTimedOutWithReason changes
       // their status.
-      const pendingActionRequest = getPendingRequestByCallSessionId(this.callSessionId);
+      const pendingActionRequest = getPendingCanonicalRequestByCallSessionId(this.callSessionId);
       if (pendingActionRequest) {
-        const deliveries = getDeliveriesByRequestId(pendingActionRequest.id);
-        markTimedOutWithReason(pendingActionRequest.id, 'call_timeout');
+        const canonicalDeliveries = listCanonicalGuardianDeliveries(pendingActionRequest.id);
+        // Expire the canonical request and its deliveries
+        expireCanonicalGuardianRequest(pendingActionRequest.id);
         log.info(
           { callSessionId: this.callSessionId, requestId: pendingActionRequest.id },
-          'Marked guardian action request as timed out',
+          'Marked canonical guardian request as timed out',
         );
         void sendGuardianExpiryNotices(
-          deliveries,
-          pendingActionRequest.assistantId,
+          canonicalDeliveries,
+          this.assistantId,
           getGatewayInternalBaseUrl(),
           readHttpToken() ?? undefined,
         ).catch((err) => {

package/src/calls/guardian-action-sweep.ts

@@ -10,7 +10,6 @@
  */
 
 import { addMessage } from '../memory/conversation-store.js';
-import type { GuardianActionDelivery } from '../memory/guardian-action-store.js';
 import {
   expireGuardianActionRequest,
   getDeliveriesByRequestId,
@@ -37,8 +36,17 @@ let sweepInProgress = false;
  * Deliveries must be captured *before* their status is changed to 'expired'
  * so the sent/pending filter still matches.
  */
+/** Minimal delivery shape used by the expiry notice sender. */
+export interface ExpiryDeliveryInfo {
+  id: string;
+  status: string;
+  destinationChannel: string;
+  destinationConversationId: string | null;
+  destinationChatId: string | null;
+}
+
 export async function sendGuardianExpiryNotices(
-  deliveries: GuardianActionDelivery[],
+  deliveries: ExpiryDeliveryInfo[],
   assistantId: string,
   gatewayBaseUrl: string,
   bearerToken?: string,