npm - @vellumai/assistant - Versions diffs - 0.3.28 → 0.4.0 - Mend

@vellumai/assistant 0.3.28 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (199) hide show

package/ARCHITECTURE.md +33 -3
package/bun.lock +4 -1
package/docs/trusted-contact-access.md +9 -2
package/package.json +6 -3
package/scripts/ipc/generate-swift.ts +3 -3
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +80 -0
package/src/__tests__/agent-loop-thinking.test.ts +1 -1
package/src/__tests__/approval-routes-http.test.ts +13 -5
package/src/__tests__/asset-materialize-tool.test.ts +2 -0
package/src/__tests__/asset-search-tool.test.ts +2 -0
package/src/__tests__/assistant-events-sse-hardening.test.ts +4 -2
package/src/__tests__/attachments-store.test.ts +2 -0
package/src/__tests__/browser-skill-endstate.test.ts +3 -3
package/src/__tests__/call-controller.test.ts +30 -29
package/src/__tests__/call-routes-http.test.ts +34 -32
package/src/__tests__/call-start-guardian-guard.test.ts +2 -0
package/src/__tests__/channel-invite-transport.test.ts +6 -6
package/src/__tests__/channel-reply-delivery.test.ts +19 -0
package/src/__tests__/channel-retry-sweep.test.ts +130 -0
package/src/__tests__/clarification-resolver.test.ts +2 -0
package/src/__tests__/claude-code-skill-regression.test.ts +2 -0
package/src/__tests__/claude-code-tool-profiles.test.ts +2 -0
package/src/__tests__/commit-message-enrichment-service.test.ts +9 -1
package/src/__tests__/computer-use-session-lifecycle.test.ts +2 -0
package/src/__tests__/computer-use-session-working-dir.test.ts +1 -0
package/src/__tests__/computer-use-skill-lifecycle-cleanup.test.ts +2 -0
package/src/__tests__/config-schema.test.ts +5 -5
package/src/__tests__/config-watcher.test.ts +3 -1
package/src/__tests__/connection-policy.test.ts +14 -5
package/src/__tests__/contacts-tools.test.ts +3 -1
package/src/__tests__/contradiction-checker.test.ts +2 -0
package/src/__tests__/conversation-pairing.test.ts +10 -0
package/src/__tests__/conversation-routes.test.ts +1 -1
package/src/__tests__/credential-security-invariants.test.ts +16 -6
package/src/__tests__/credential-vault-unit.test.ts +2 -2
package/src/__tests__/credential-vault.test.ts +5 -4
package/src/__tests__/daemon-lifecycle.test.ts +9 -0
package/src/__tests__/daemon-server-session-init.test.ts +27 -0
package/src/__tests__/elevenlabs-config.test.ts +2 -0
package/src/__tests__/encrypted-store.test.ts +10 -5
package/src/__tests__/followup-tools.test.ts +3 -1
package/src/__tests__/gateway-only-enforcement.test.ts +21 -21
package/src/__tests__/gmail-integration.test.ts +0 -1
package/src/__tests__/guardian-control-plane-policy.test.ts +19 -19
package/src/__tests__/guardian-dispatch.test.ts +2 -0
package/src/__tests__/guardian-grant-minting.test.ts +68 -1
package/src/__tests__/guardian-outbound-http.test.ts +12 -9
package/src/__tests__/guardian-routing-invariants.test.ts +138 -0
package/src/__tests__/handle-user-message-secret-resume.test.ts +1 -0
package/src/__tests__/handlers-slack-config.test.ts +3 -1
package/src/__tests__/handlers-telegram-config.test.ts +3 -1
package/src/__tests__/handlers-twilio-config.test.ts +3 -1
package/src/__tests__/handlers-twitter-config.test.ts +3 -1
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +318 -0
package/src/__tests__/heartbeat-service.test.ts +20 -0
package/src/__tests__/inbound-invite-redemption.test.ts +33 -0
package/src/__tests__/ingress-reconcile.test.ts +3 -1
package/src/__tests__/ingress-routes-http.test.ts +231 -4
package/src/__tests__/intent-routing.test.ts +2 -0
package/src/__tests__/ipc-snapshot.test.ts +13 -0
package/src/__tests__/media-generate-image.test.ts +21 -0
package/src/__tests__/media-reuse-story.e2e.test.ts +2 -0
package/src/__tests__/memory-regressions.test.ts +20 -20
package/src/__tests__/non-member-access-request.test.ts +183 -9
package/src/__tests__/notification-decision-fallback.test.ts +2 -0
package/src/__tests__/notification-decision-strategy.test.ts +61 -0
package/src/__tests__/notification-guardian-path.test.ts +2 -0
package/src/__tests__/oauth-connect-handler.test.ts +3 -1
package/src/__tests__/oauth2-gateway-transport.test.ts +2 -0
package/src/__tests__/onboarding-starter-tasks.test.ts +4 -4
package/src/__tests__/pairing-routes.test.ts +171 -0
package/src/__tests__/playbook-execution.test.ts +3 -1
package/src/__tests__/playbook-tools.test.ts +3 -1
package/src/__tests__/provider-error-scenarios.test.ts +59 -8
package/src/__tests__/proxy-approval-callback.test.ts +2 -0
package/src/__tests__/recording-handler.test.ts +11 -0
package/src/__tests__/recording-intent-handler.test.ts +15 -0
package/src/__tests__/recording-state-machine.test.ts +13 -2
package/src/__tests__/registry.test.ts +7 -3
package/src/__tests__/relay-server.test.ts +148 -28
package/src/__tests__/runtime-attachment-metadata.test.ts +4 -2
package/src/__tests__/runtime-events-sse-parity.test.ts +21 -0
package/src/__tests__/runtime-events-sse.test.ts +4 -2
package/src/__tests__/sandbox-diagnostics.test.ts +2 -0
package/src/__tests__/schedule-tools.test.ts +3 -1
package/src/__tests__/send-endpoint-busy.test.ts +4 -0
package/src/__tests__/session-abort-tool-results.test.ts +23 -0
package/src/__tests__/session-agent-loop.test.ts +16 -0
package/src/__tests__/session-conflict-gate.test.ts +21 -0
package/src/__tests__/session-load-history-repair.test.ts +27 -17
package/src/__tests__/session-pre-run-repair.test.ts +23 -0
package/src/__tests__/session-profile-injection.test.ts +21 -0
package/src/__tests__/session-provider-retry-repair.test.ts +20 -0
package/src/__tests__/session-queue.test.ts +23 -0
package/src/__tests__/session-runtime-assembly.test.ts +50 -12
package/src/__tests__/session-skill-tools.test.ts +27 -5
package/src/__tests__/session-slash-known.test.ts +23 -0
package/src/__tests__/session-slash-queue.test.ts +23 -0
package/src/__tests__/session-slash-unknown.test.ts +23 -0
package/src/__tests__/session-workspace-cache-state.test.ts +7 -0
package/src/__tests__/session-workspace-injection.test.ts +21 -0
package/src/__tests__/session-workspace-tool-tracking.test.ts +21 -0
package/src/__tests__/shell-credential-ref.test.ts +2 -0
package/src/__tests__/skill-feature-flags-integration.test.ts +6 -6
package/src/__tests__/skill-load-feature-flag.test.ts +5 -4
package/src/__tests__/skill-projection-feature-flag.test.ts +22 -0
package/src/__tests__/skills.test.ts +8 -4
package/src/__tests__/slack-channel-config.test.ts +3 -1
package/src/__tests__/subagent-tools.test.ts +19 -0
package/src/__tests__/swarm-recursion.test.ts +2 -0
package/src/__tests__/swarm-session-integration.test.ts +2 -0
package/src/__tests__/swarm-tool.test.ts +2 -0
package/src/__tests__/system-prompt.test.ts +3 -1
package/src/__tests__/task-compiler.test.ts +3 -1
package/src/__tests__/task-management-tools.test.ts +3 -1
package/src/__tests__/task-tools.test.ts +3 -1
package/src/__tests__/terminal-sandbox.test.ts +13 -12
package/src/__tests__/terminal-tools.test.ts +2 -0
package/src/__tests__/tool-approval-handler.test.ts +15 -15
package/src/__tests__/tool-execution-abort-cleanup.test.ts +2 -0
package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +2 -0
package/src/__tests__/tool-grant-request-escalation.test.ts +7 -7
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +48 -0
package/src/__tests__/trusted-contact-multichannel.test.ts +22 -19
package/src/__tests__/trusted-contact-verification.test.ts +91 -0
package/src/__tests__/twilio-routes-elevenlabs.test.ts +2 -0
package/src/__tests__/twitter-auth-handler.test.ts +3 -1
package/src/__tests__/twitter-cli-routing.test.ts +3 -1
package/src/__tests__/view-image-tool.test.ts +3 -1
package/src/__tests__/voice-invite-redemption.test.ts +329 -0
package/src/__tests__/voice-scoped-grant-consumer.test.ts +7 -5
package/src/__tests__/voice-session-bridge.test.ts +10 -10
package/src/__tests__/work-item-output.test.ts +3 -1
package/src/__tests__/workspace-lifecycle.test.ts +13 -2
package/src/calls/call-controller.ts +26 -23
package/src/calls/guardian-action-sweep.ts +10 -2
package/src/calls/relay-server.ts +216 -27
package/src/calls/types.ts +1 -1
package/src/calls/voice-session-bridge.ts +3 -3
package/src/cli.ts +12 -0
package/src/config/agent-schema.ts +14 -3
package/src/config/calls-schema.ts +6 -6
package/src/config/core-schema.ts +3 -3
package/src/config/feature-flag-registry.json +8 -0
package/src/config/mcp-schema.ts +1 -1
package/src/config/memory-schema.ts +27 -19
package/src/config/schema.ts +21 -21
package/src/config/skills-schema.ts +7 -7
package/src/config/vellum-skills/trusted-contacts/SKILL.md +139 -16
package/src/daemon/handlers/config-inbox.ts +4 -4
package/src/daemon/handlers/sessions.ts +148 -4
package/src/daemon/ipc-contract/messages.ts +16 -0
package/src/daemon/ipc-contract-inventory.json +1 -0
package/src/daemon/lifecycle.ts +19 -0
package/src/daemon/pairing-store.ts +86 -3
package/src/daemon/session-agent-loop.ts +5 -5
package/src/daemon/session-lifecycle.ts +25 -17
package/src/daemon/session-memory.ts +2 -2
package/src/daemon/session-process.ts +1 -20
package/src/daemon/session-runtime-assembly.ts +28 -22
package/src/daemon/session-tool-setup.ts +2 -2
package/src/daemon/session.ts +3 -3
package/src/memory/canonical-guardian-store.ts +63 -1
package/src/memory/channel-guardian-store.ts +1 -0
package/src/memory/conversation-crud.ts +7 -7
package/src/memory/db-init.ts +4 -0
package/src/memory/embedding-local.ts +257 -39
package/src/memory/embedding-runtime-manager.ts +471 -0
package/src/memory/guardian-bindings.ts +25 -1
package/src/memory/indexer.ts +3 -3
package/src/memory/ingress-invite-store.ts +45 -0
package/src/memory/job-handlers/backfill.ts +16 -9
package/src/memory/migrations/037-voice-invite-columns.ts +16 -0
package/src/memory/migrations/index.ts +1 -0
package/src/memory/qdrant-client.ts +31 -22
package/src/memory/schema.ts +4 -0
package/src/notifications/copy-composer.ts +15 -0
package/src/runtime/access-request-helper.ts +43 -7
package/src/runtime/actor-trust-resolver.ts +46 -50
package/src/runtime/channel-invite-transports/voice.ts +58 -0
package/src/runtime/channel-retry-sweep.ts +18 -6
package/src/runtime/guardian-context-resolver.ts +38 -96
package/src/runtime/guardian-reply-router.ts +31 -1
package/src/runtime/ingress-service.ts +80 -3
package/src/runtime/invite-redemption-service.ts +141 -2
package/src/runtime/routes/channel-route-shared.ts +1 -1
package/src/runtime/routes/channel-routes.ts +1 -1
package/src/runtime/routes/conversation-routes.ts +2 -2
package/src/runtime/routes/guardian-approval-interception.ts +17 -6
package/src/runtime/routes/inbound-message-handler.ts +41 -10
package/src/runtime/routes/ingress-routes.ts +52 -4
package/src/runtime/routes/pairing-routes.ts +3 -0
package/src/tools/guardian-control-plane-policy.ts +2 -2
package/src/tools/tool-approval-handler.ts +11 -11
package/src/tools/types.ts +2 -2
package/src/util/logger.ts +20 -8
package/src/util/platform.ts +10 -0
package/src/util/voice-code.ts +29 -0
package/src/daemon/guardian-invite-intent.ts +0 -124

package/src/__tests__/ingress-routes-http.test.ts CHANGED Viewed

@@ -92,7 +92,7 @@ describe('ingress member HTTP routes', () => {
     });
     const res = await handleUpsertMember(req);
-    const body = await res.json() as Record<string, unknown>;
+    const body = await res.json() as { ok: boolean; error: string };
     expect(res.status).toBe(400);
     expect(body.ok).toBe(false);
@@ -109,7 +109,7 @@ describe('ingress member HTTP routes', () => {
     });
     const res = await handleUpsertMember(req);
-    const body = await res.json() as Record<string, unknown>;
+    const body = await res.json() as { ok: boolean; error: string };
     expect(res.status).toBe(400);
     expect(body.ok).toBe(false);
@@ -278,6 +278,42 @@ describe('ingress invite HTTP routes', () => {
     expect((invite.token as string).length).toBeGreaterThan(0);
   });
+  test('POST /v1/ingress/invites — includes canonical share URL when bot username is configured', async () => {
+    const prevBotUsername = process.env.TELEGRAM_BOT_USERNAME;
+    process.env.TELEGRAM_BOT_USERNAME = 'test_invite_bot';
+    try {
+      const req = new Request('http://localhost/v1/ingress/invites', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          sourceChannel: 'telegram',
+          note: 'Share link test',
+        }),
+      });
+      const res = await handleCreateInvite(req);
+      const body = await res.json() as Record<string, unknown>;
+      const invite = body.invite as Record<string, unknown>;
+      const token = invite.token as string;
+      const share = invite.share as Record<string, unknown>;
+      expect(res.status).toBe(201);
+      expect(body.ok).toBe(true);
+      expect(typeof token).toBe('string');
+      expect(token.length).toBeGreaterThan(0);
+      expect(share).toBeDefined();
+      expect(share.url).toBe(`https://t.me/test_invite_bot?start=iv_${token}`);
+      expect(typeof share.displayText).toBe('string');
+    } finally {
+      if (prevBotUsername === undefined) {
+        delete process.env.TELEGRAM_BOT_USERNAME;
+      } else {
+        process.env.TELEGRAM_BOT_USERNAME = prevBotUsername;
+      }
+    }
+  });
   test('POST /v1/ingress/invites — missing sourceChannel returns 400', async () => {
     const req = new Request('http://localhost/v1/ingress/invites', {
       method: 'POST',
@@ -286,7 +322,7 @@ describe('ingress invite HTTP routes', () => {
     });
     const res = await handleCreateInvite(req);
-    const body = await res.json() as Record<string, unknown>;
+    const body = await res.json() as { ok: boolean; error: string };
     expect(res.status).toBe(400);
     expect(body.ok).toBe(false);
@@ -376,7 +412,7 @@ describe('ingress invite HTTP routes', () => {
     });
     const res = await handleRedeemInvite(req);
-    const body = await res.json() as Record<string, unknown>;
+    const body = await res.json() as { ok: boolean; error: string };
     expect(res.status).toBe(400);
     expect(body.ok).toBe(false);
@@ -441,3 +477,194 @@ describe('ingress service shared logic', () => {
     expect(revoked.invite.id).toBe(created.invite.id);
   });
 });
+// ---------------------------------------------------------------------------
+// Voice invite routes
+// ---------------------------------------------------------------------------
+describe('voice invite HTTP routes', () => {
+  beforeEach(resetTables);
+  test('POST /v1/ingress/invites with sourceChannel voice — creates invite with voiceCode, stores hash only', async () => {
+    const req = new Request('http://localhost/v1/ingress/invites', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sourceChannel: 'voice',
+        expectedExternalUserId: '+15551234567',
+        maxUses: 3,
+      }),
+    });
+    const res = await handleCreateInvite(req);
+    const body = await res.json() as Record<string, unknown>;
+    expect(res.status).toBe(201);
+    expect(body.ok).toBe(true);
+    const invite = body.invite as Record<string, unknown>;
+    expect(invite.sourceChannel).toBe('voice');
+    // Voice code should be returned (6 digits by default)
+    expect(typeof invite.voiceCode).toBe('string');
+    expect((invite.voiceCode as string).length).toBe(6);
+    expect(/^\d{6}$/.test(invite.voiceCode as string)).toBe(true);
+    // Hash should be stored
+    expect(typeof invite.tokenHash).toBe('string');
+    expect((invite.tokenHash as string).length).toBeGreaterThan(0);
+    // voiceCodeDigits should be recorded
+    expect(invite.voiceCodeDigits).toBe(6);
+    // expectedExternalUserId should be recorded
+    expect(invite.expectedExternalUserId).toBe('+15551234567');
+  });
+  test('voice invite creation requires expectedExternalUserId', async () => {
+    const req = new Request('http://localhost/v1/ingress/invites', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sourceChannel: 'voice',
+      }),
+    });
+    const res = await handleCreateInvite(req);
+    const body = await res.json() as Record<string, unknown>;
+    expect(res.status).toBe(400);
+    expect(body.ok).toBe(false);
+    expect(body.error).toContain('expectedExternalUserId');
+  });
+  test('voice invite creation validates E.164 format', async () => {
+    const req = new Request('http://localhost/v1/ingress/invites', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sourceChannel: 'voice',
+        expectedExternalUserId: 'not-a-phone-number',
+      }),
+    });
+    const res = await handleCreateInvite(req);
+    const body = await res.json() as Record<string, unknown>;
+    expect(res.status).toBe(400);
+    expect(body.ok).toBe(false);
+    expect(body.error).toContain('E.164');
+  });
+  test('voiceCodeDigits is always 6 — custom values are ignored', async () => {
+    const req = new Request('http://localhost/v1/ingress/invites', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sourceChannel: 'voice',
+        expectedExternalUserId: '+15551234567',
+        voiceCodeDigits: 8,
+      }),
+    });
+    const res = await handleCreateInvite(req);
+    const body = await res.json() as Record<string, unknown>;
+    expect(res.status).toBe(201);
+    expect(body.ok).toBe(true);
+    const invite = body.invite as Record<string, unknown>;
+    expect((invite.voiceCode as string).length).toBe(6);
+    expect(invite.voiceCodeDigits).toBe(6);
+  });
+  test('voice invites do NOT return token in response', async () => {
+    const req = new Request('http://localhost/v1/ingress/invites', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sourceChannel: 'voice',
+        expectedExternalUserId: '+15551234567',
+      }),
+    });
+    const res = await handleCreateInvite(req);
+    const body = await res.json() as Record<string, unknown>;
+    expect(res.status).toBe(201);
+    const invite = body.invite as Record<string, unknown>;
+    // Voice invites must not expose the raw token — callers redeem via
+    // the identity-bound voice code flow
+    expect(invite.token).toBeUndefined();
+  });
+  test('POST /v1/ingress/invites/redeem — redeems a voice invite code via unified endpoint', async () => {
+    // Create a voice invite
+    const createRes = await handleCreateInvite(new Request('http://localhost/v1/ingress/invites', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sourceChannel: 'voice',
+        expectedExternalUserId: '+15551234567',
+        maxUses: 1,
+      }),
+    }));
+    const created = await createRes.json() as { invite: { voiceCode: string } };
+    // Redeem the voice code via the unified /redeem endpoint
+    const redeemReq = new Request('http://localhost/v1/ingress/invites/redeem', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        callerExternalUserId: '+15551234567',
+        code: created.invite.voiceCode,
+      }),
+    });
+    const res = await handleRedeemInvite(redeemReq);
+    const body = await res.json() as Record<string, unknown>;
+    expect(res.status).toBe(200);
+    expect(body.ok).toBe(true);
+    expect(body.type).toBe('redeemed');
+    expect(typeof body.memberId).toBe('string');
+    expect(typeof body.inviteId).toBe('string');
+  });
+  test('POST /v1/ingress/invites/redeem — voice code missing fields returns 400', async () => {
+    const req = new Request('http://localhost/v1/ingress/invites/redeem', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ callerExternalUserId: '+15551234567' }),
+    });
+    const res = await handleRedeemInvite(req);
+    const body = await res.json() as Record<string, unknown>;
+    // No `code` and no `token` → falls through to token-based path which requires token
+    expect(res.status).toBe(400);
+    expect(body.ok).toBe(false);
+  });
+  test('POST /v1/ingress/invites/redeem — wrong voice code returns 400', async () => {
+    // Create a voice invite
+    await handleCreateInvite(new Request('http://localhost/v1/ingress/invites', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sourceChannel: 'voice',
+        expectedExternalUserId: '+15551234567',
+        maxUses: 1,
+      }),
+    }));
+    const req = new Request('http://localhost/v1/ingress/invites/redeem', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        callerExternalUserId: '+15551234567',
+        code: '000000',
+      }),
+    });
+    const res = await handleRedeemInvite(req);
+    const body = await res.json() as Record<string, unknown>;
+    expect(res.status).toBe(400);
+    expect(body.ok).toBe(false);
+  });
+});

package/src/__tests__/intent-routing.test.ts CHANGED Viewed

@@ -48,6 +48,8 @@ mock.module('../util/logger.js', () => ({
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
     sandbox: { enabled: false, backend: 'local' },
   }),
 }));

package/src/__tests__/ipc-snapshot.test.ts CHANGED Viewed

@@ -830,6 +830,12 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
       { filename: 'chart.png', mimeType: 'image/png', data: 'iVBORw0K' },
     ],
   },
+  message_request_complete: {
+    type: 'message_request_complete',
+    sessionId: 'sess-001',
+    requestId: 'req-inline-001',
+    runStillActive: true,
+  },
   session_info: {
     type: 'session_info',
     sessionId: 'sess-001',
@@ -2179,6 +2185,13 @@ describe('IPC message snapshots', () => {
       const complete = serverMessages.message_complete;
       expect(complete.type).toBe('message_complete');
     });
+    test('message_request_complete has sessionId and requestId fields', () => {
+      const complete = serverMessages.message_request_complete;
+      expect(complete.type).toBe('message_request_complete');
+      expect((complete as unknown as { sessionId: string }).sessionId).toBe('sess-001');
+      expect((complete as unknown as { requestId: string }).requestId).toBe('req-inline-001');
+    });
   });
   // Baseline: session contract includes threadType metadata

package/src/__tests__/media-generate-image.test.ts CHANGED Viewed

@@ -19,6 +19,8 @@ let mockGenerateError: Error | null = null;
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
     apiKeys: { gemini: mockApiKey },
   }),
 }));
@@ -70,6 +72,25 @@ mock.module('drizzle-orm', () => ({
 }));
 mock.module('../memory/conversation-store.js', () => ({
+  setConversationOriginChannelIfUnset: () => {},
+  updateConversationContextWindow: () => {},
+  deleteMessageById: () => {},
+  updateConversationTitle: () => {},
+  updateConversationUsage: () => {},
+  addMessage: () => ({ id: 'mock-msg-id' }),
+  getMessages: () => [],
+  getConversation: () => ({
+    id: 'conv-1',
+    contextSummary: null,
+    contextCompactedMessageCount: 0,
+    totalInputTokens: 0,
+    totalOutputTokens: 0,
+    totalEstimatedCost: 0,
+    title: null,
+  }),
+  provenanceFromGuardianContext: () => ({ source: 'user', guardianContext: undefined }),
+  getConversationOriginInterface: () => null,
+  getConversationOriginChannel: () => null,
   getConversationThreadType: () => 'standard',
 }));

package/src/__tests__/media-reuse-story.e2e.test.ts CHANGED Viewed

@@ -49,6 +49,8 @@ mock.module('../util/logger.js', () => ({
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
     model: 'test',
     provider: 'test',
     apiKeys: {},

package/src/__tests__/memory-regressions.test.ts CHANGED Viewed

@@ -4448,7 +4448,7 @@ describe('Memory regressions', () => {
       role: 'user',
       content: 'Untrusted sender says preferences should not become durable profile memory.',
       metadata: JSON.stringify({
-        provenanceActorRole: 'non-guardian',
+        provenanceTrustClass: 'trusted_contact',
         provenanceSourceChannel: 'telegram',
       }),
       createdAt: conv.createdAt + 1,
@@ -4516,7 +4516,7 @@ describe('Memory regressions', () => {
           conversationId: 'conv-relation-provenance-gate',
           role: 'user',
           content: JSON.stringify([{ type: 'text', text: 'Trusted guardian message for relation backfill.' }]),
-          metadata: JSON.stringify({ provenanceActorRole: 'guardian', provenanceSourceChannel: 'telegram' }),
+          metadata: JSON.stringify({ provenanceTrustClass: 'guardian', provenanceSourceChannel: 'telegram' }),
           createdAt: now + 1,
         },
         {
@@ -4524,7 +4524,7 @@ describe('Memory regressions', () => {
           conversationId: 'conv-relation-provenance-gate',
           role: 'user',
           content: JSON.stringify([{ type: 'text', text: 'Untrusted message that should be excluded from relation backfill extraction.' }]),
-          metadata: JSON.stringify({ provenanceActorRole: 'non-guardian', provenanceSourceChannel: 'telegram' }),
+          metadata: JSON.stringify({ provenanceTrustClass: 'trusted_contact', provenanceSourceChannel: 'telegram' }),
           createdAt: now + 2,
         },
       ]).run();
@@ -4566,7 +4566,7 @@ describe('Memory regressions', () => {
     const conv = createConversation('provenance-preserve');
     const metadata = {
       userMessageChannel: 'telegram' as const,
-      provenanceActorRole: 'non-guardian' as const,
+      provenanceTrustClass: 'trusted_contact' as const,
       provenanceSourceChannel: 'telegram' as const,
       provenanceGuardianExternalUserId: 'guardian-123',
       provenanceRequesterIdentifier: 'Alice',
@@ -4582,7 +4582,7 @@ describe('Memory regressions', () => {
     expect(stored).toBeTruthy();
     const parsed = JSON.parse(stored!.metadata!);
-    expect(parsed.provenanceActorRole).toBe('non-guardian');
+    expect(parsed.provenanceTrustClass).toBe('trusted_contact');
     expect(parsed.provenanceSourceChannel).toBe('telegram');
     expect(parsed.provenanceGuardianExternalUserId).toBe('guardian-123');
     expect(parsed.provenanceRequesterIdentifier).toBe('Alice');
@@ -4590,13 +4590,13 @@ describe('Memory regressions', () => {
   test('messageMetadataSchema validates provenance fields', () => {
     const valid = messageMetadataSchema.safeParse({
-      provenanceActorRole: 'guardian',
-      provenanceSourceChannel: 'macos',
+      provenanceTrustClass: 'guardian',
+      provenanceSourceChannel: 'vellum',
     });
     expect(valid.success).toBe(true);
     const validNonGuardian = messageMetadataSchema.safeParse({
-      provenanceActorRole: 'non-guardian',
+      provenanceTrustClass: 'trusted_contact',
       provenanceSourceChannel: 'telegram',
       provenanceGuardianExternalUserId: 'g-123',
       provenanceRequesterIdentifier: 'Bob',
@@ -4604,41 +4604,41 @@ describe('Memory regressions', () => {
     expect(validNonGuardian.success).toBe(true);
     const validUnverified = messageMetadataSchema.safeParse({
-      provenanceActorRole: 'unverified_channel',
+      provenanceTrustClass: 'unknown',
     });
     expect(validUnverified.success).toBe(true);
   });
   test('provenanceFromGuardianContext returns unverified_channel default when no context', () => {
     const result = provenanceFromGuardianContext(null);
-    expect(result.provenanceActorRole).toBe('unverified_channel');
+    expect(result.provenanceTrustClass).toBe('unknown');
     expect(result.provenanceSourceChannel).toBeUndefined();
     const result2 = provenanceFromGuardianContext(undefined);
-    expect(result2.provenanceActorRole).toBe('unverified_channel');
+    expect(result2.provenanceTrustClass).toBe('unknown');
   });
   test('provenanceFromGuardianContext extracts fields from guardian context', () => {
     const ctx = {
       sourceChannel: 'telegram' as const,
-      actorRole: 'non-guardian' as const,
+      trustClass: 'trusted_contact' as const,
       guardianExternalUserId: 'g-456',
       requesterIdentifier: 'Charlie',
     };
     const result = provenanceFromGuardianContext(ctx);
-    expect(result.provenanceActorRole).toBe('non-guardian');
+    expect(result.provenanceTrustClass).toBe('trusted_contact');
     expect(result.provenanceSourceChannel).toBe('telegram');
     expect(result.provenanceGuardianExternalUserId).toBe('g-456');
     expect(result.provenanceRequesterIdentifier).toBe('Charlie');
   });
-  test('indexMessageNow receives provenanceActorRole when metadata includes it', async () => {
+  test('indexMessageNow receives provenanceTrustClass when metadata includes it', async () => {
     const conv = createConversation('provenance-indexer');
     const metadata = {
-      provenanceActorRole: 'non-guardian' as const,
+      provenanceTrustClass: 'trusted_contact' as const,
       provenanceSourceChannel: 'telegram' as const,
     };
-    // addMessage parses metadata and passes provenanceActorRole to indexMessageNow.
+    // addMessage parses metadata and passes provenanceTrustClass to indexMessageNow.
     // We verify indirectly: the message is persisted with metadata and segments are indexed.
     const msg = await addMessage(conv.id, 'user', 'Test provenance indexing message with enough content to segment', metadata);
     expect(msg.id).toBeTruthy();
@@ -4683,7 +4683,7 @@ describe('Memory regressions', () => {
       role: 'user',
       content: JSON.stringify([{ type: 'text', text: 'Untrusted user preference for dark mode.' }]),
       createdAt: now,
-      provenanceActorRole: 'non-guardian',
+      provenanceTrustClass: 'trusted_contact',
     }, DEFAULT_CONFIG.memory);
     expect(result.indexedSegments).toBeGreaterThan(0);
@@ -4733,7 +4733,7 @@ describe('Memory regressions', () => {
       role: 'user',
       content: JSON.stringify([{ type: 'text', text: 'Trusted guardian preference for light mode.' }]),
       createdAt: now,
-      provenanceActorRole: 'guardian',
+      provenanceTrustClass: 'guardian',
     }, DEFAULT_CONFIG.memory);
     expect(result.indexedSegments).toBeGreaterThan(0);
@@ -4779,7 +4779,7 @@ describe('Memory regressions', () => {
       role: 'user',
       content: JSON.stringify([{ type: 'text', text: 'Legacy message with no provenance info.' }]),
       createdAt: now,
-      // provenanceActorRole is intentionally omitted (undefined) for backwards compat
+      // provenanceTrustClass is intentionally omitted (undefined) for backwards compat
     }, DEFAULT_CONFIG.memory);
     expect(result.indexedSegments).toBeGreaterThan(0);
@@ -4824,7 +4824,7 @@ describe('Memory regressions', () => {
       role: 'user',
       content: JSON.stringify([{ type: 'text', text: 'Unverified channel preference for compact layout.' }]),
       createdAt: now,
-      provenanceActorRole: 'unverified_channel',
+      provenanceTrustClass: 'unknown',
     }, DEFAULT_CONFIG.memory);
     expect(result.indexedSegments).toBeGreaterThan(0);