@vellumai/assistant 0.3.28 → 0.4.0

package/src/__tests__/non-member-access-request.test.ts

@@ -85,6 +85,7 @@ import {
   createBinding,
 } from '../memory/channel-guardian-store.js';
 import { getDb, initializeDb, resetDb } from '../memory/db.js';
+import { notifyGuardianOfAccessRequest } from '../runtime/access-request-helper.js';
 import { handleChannelInbound } from '../runtime/routes/channel-routes.js';
 
 initializeDb();
@@ -154,9 +155,10 @@ describe('non-member access request notification', () => {
     expect(json.denied).toBe(true);
     expect(json.reason).toBe('not_a_member');
 
-    // Rejection reply was delivered
+    // Rejection reply was delivered — always-notify behavior means the reply
+    // indicates the guardian will be notified, even without a same-channel binding.
     expect(deliverReplyCalls.length).toBe(1);
-    expect((deliverReplyCalls[0].payload as Record<string, unknown>).text).toContain("you haven't been approved");
+    expect((deliverReplyCalls[0].payload as Record<string, unknown>).text).toContain("let them know");
   });
 
   test('guardian is notified when a non-member messages and a guardian binding exists', async () => {
@@ -236,8 +238,9 @@ describe('non-member access request notification', () => {
     expect(pending.length).toBe(1);
   });
 
-  test('deny works without error when no guardian binding exists', async () => {
-    // No guardian binding — should deny without notification
+  test('access request is created and signal emitted even without same-channel guardian binding', async () => {
+    // No guardian binding on any channel — access request should still be
+    // created and notification signal emitted (null guardianExternalUserId).
     const req = buildInboundRequest();
     const resp = await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
     const json = await resp.json() as Record<string, unknown>;
@@ -245,20 +248,55 @@ describe('non-member access request notification', () => {
     expect(json.denied).toBe(true);
     expect(json.reason).toBe('not_a_member');
 
-    // Rejection reply was still delivered
+    // Rejection reply indicates guardian was notified
     expect(deliverReplyCalls.length).toBe(1);
+    expect((deliverReplyCalls[0].payload as Record<string, unknown>).text).toContain("let them know");
 
-    // No notification signal was emitted
-    expect(emitSignalCalls.length).toBe(0);
+    // Notification signal was emitted
+    expect(emitSignalCalls.length).toBe(1);
+    expect(emitSignalCalls[0].sourceEventName).toBe('ingress.access_request');
 
-    // No canonical request was created
+    // Canonical request was created with null guardianExternalUserId
     const pending = listCanonicalGuardianRequests({
       status: 'pending',
       requesterExternalUserId: 'user-unknown-456',
       sourceChannel: 'telegram',
       kind: 'access_request',
     });
-    expect(pending.length).toBe(0);
+    expect(pending.length).toBe(1);
+    expect(pending[0].guardianExternalUserId).toBeNull();
+  });
+
+  test('cross-channel fallback: SMS guardian binding resolves for Telegram access request', async () => {
+    // Only an SMS guardian binding exists — no Telegram binding
+    createBinding({
+      assistantId: 'self',
+      channel: 'sms',
+      guardianExternalUserId: 'guardian-sms-user',
+      guardianDeliveryChatId: 'guardian-sms-chat',
+    });
+
+    const req = buildInboundRequest();
+    const resp = await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
+    const json = await resp.json() as Record<string, unknown>;
+
+    expect(json.denied).toBe(true);
+    expect(json.reason).toBe('not_a_member');
+
+    // Notification signal emitted
+    expect(emitSignalCalls.length).toBe(1);
+    const payload = emitSignalCalls[0].contextPayload as Record<string, unknown>;
+    expect(payload.guardianBindingChannel).toBe('sms');
+
+    // Canonical request has the SMS guardian's external user ID
+    const pending = listCanonicalGuardianRequests({
+      status: 'pending',
+      requesterExternalUserId: 'user-unknown-456',
+      sourceChannel: 'telegram',
+      kind: 'access_request',
+    });
+    expect(pending.length).toBe(1);
+    expect(pending[0].guardianExternalUserId).toBe('guardian-sms-user');
   });
 
   test('no notification when senderExternalUserId is absent', async () => {
@@ -281,3 +319,139 @@ describe('non-member access request notification', () => {
     expect(emitSignalCalls.length).toBe(0);
   });
 });
+
+describe('access-request-helper unit tests', () => {
+  beforeEach(() => {
+    resetState();
+  });
+
+  test('notifyGuardianOfAccessRequest returns no_sender_id when senderExternalUserId is absent', () => {
+    const result = notifyGuardianOfAccessRequest({
+      canonicalAssistantId: 'self',
+      sourceChannel: 'telegram',
+      externalChatId: 'chat-123',
+      senderExternalUserId: undefined,
+    });
+
+    expect(result.notified).toBe(false);
+    if (!result.notified) {
+      expect(result.reason).toBe('no_sender_id');
+    }
+
+    // No canonical request created
+    const pending = listCanonicalGuardianRequests({ status: 'pending', kind: 'access_request' });
+    expect(pending.length).toBe(0);
+  });
+
+  test('notifyGuardianOfAccessRequest creates request with null guardianExternalUserId when no binding exists', () => {
+    const result = notifyGuardianOfAccessRequest({
+      canonicalAssistantId: 'self',
+      sourceChannel: 'telegram',
+      externalChatId: 'chat-123',
+      senderExternalUserId: 'unknown-user',
+      senderName: 'Bob',
+    });
+
+    expect(result.notified).toBe(true);
+    if (result.notified) {
+      expect(result.created).toBe(true);
+    }
+
+    const pending = listCanonicalGuardianRequests({
+      status: 'pending',
+      requesterExternalUserId: 'unknown-user',
+      kind: 'access_request',
+    });
+    expect(pending.length).toBe(1);
+    expect(pending[0].guardianExternalUserId).toBeNull();
+
+    // Signal was emitted
+    expect(emitSignalCalls.length).toBe(1);
+  });
+
+  test('notifyGuardianOfAccessRequest uses cross-channel binding when source-channel binding is missing', () => {
+    // Only SMS binding exists
+    createBinding({
+      assistantId: 'self',
+      channel: 'sms',
+      guardianExternalUserId: 'guardian-sms',
+      guardianDeliveryChatId: 'sms-chat',
+    });
+
+    const result = notifyGuardianOfAccessRequest({
+      canonicalAssistantId: 'self',
+      sourceChannel: 'telegram',
+      externalChatId: 'tg-chat',
+      senderExternalUserId: 'unknown-tg-user',
+    });
+
+    expect(result.notified).toBe(true);
+
+    const pending = listCanonicalGuardianRequests({
+      status: 'pending',
+      requesterExternalUserId: 'unknown-tg-user',
+      kind: 'access_request',
+    });
+    expect(pending.length).toBe(1);
+    expect(pending[0].guardianExternalUserId).toBe('guardian-sms');
+
+    // Signal payload includes fallback channel
+    const payload = emitSignalCalls[0].contextPayload as Record<string, unknown>;
+    expect(payload.guardianBindingChannel).toBe('sms');
+  });
+
+  test('notifyGuardianOfAccessRequest prefers source-channel binding over cross-channel fallback', () => {
+    // Both Telegram and SMS bindings exist
+    createBinding({
+      assistantId: 'self',
+      channel: 'telegram',
+      guardianExternalUserId: 'guardian-tg',
+      guardianDeliveryChatId: 'tg-chat',
+    });
+    createBinding({
+      assistantId: 'self',
+      channel: 'sms',
+      guardianExternalUserId: 'guardian-sms',
+      guardianDeliveryChatId: 'sms-chat',
+    });
+
+    const result = notifyGuardianOfAccessRequest({
+      canonicalAssistantId: 'self',
+      sourceChannel: 'telegram',
+      externalChatId: 'chat-123',
+      senderExternalUserId: 'unknown-user',
+    });
+
+    expect(result.notified).toBe(true);
+
+    const pending = listCanonicalGuardianRequests({
+      status: 'pending',
+      requesterExternalUserId: 'unknown-user',
+      kind: 'access_request',
+    });
+    expect(pending.length).toBe(1);
+    // Should use the Telegram binding, not SMS fallback
+    expect(pending[0].guardianExternalUserId).toBe('guardian-tg');
+
+    const payload = emitSignalCalls[0].contextPayload as Record<string, unknown>;
+    expect(payload.guardianBindingChannel).toBe('telegram');
+  });
+
+  test('notifyGuardianOfAccessRequest includes requestCode in contextPayload', () => {
+    const result = notifyGuardianOfAccessRequest({
+      canonicalAssistantId: 'self',
+      sourceChannel: 'telegram',
+      externalChatId: 'chat-123',
+      senderExternalUserId: 'unknown-user',
+      senderName: 'Test User',
+    });
+
+    expect(result.notified).toBe(true);
+    expect(emitSignalCalls.length).toBe(1);
+
+    const payload = emitSignalCalls[0].contextPayload as Record<string, unknown>;
+    expect(payload.requestCode).toBeDefined();
+    expect(typeof payload.requestCode).toBe('string');
+    expect((payload.requestCode as string).length).toBe(6);
+  });
+});

package/src/__tests__/notification-decision-fallback.test.ts

@@ -13,6 +13,8 @@ mock.module('../channels/config.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     notifications: {
       decisionModelIntent: 'latency-optimized',
     },

package/src/__tests__/notification-decision-strategy.test.ts

@@ -151,6 +151,67 @@ describe('notification decision strategy', () => {
       expect(copy.vellum!.deliveryText).toBeUndefined();
     });
 
+    test('ingress.access_request template includes requester identifier', () => {
+      const signal = makeSignal({
+        sourceEventName: 'ingress.access_request',
+        contextPayload: {
+          senderIdentifier: 'Alice',
+          requestCode: 'A1B2C3',
+        },
+      });
+
+      const copy = composeFallbackCopy(signal, channels);
+      expect(copy.vellum).toBeDefined();
+      expect(copy.vellum!.title).toBe('Access Request');
+      expect(copy.vellum!.body).toContain('Alice');
+      expect(copy.vellum!.body).toContain('requesting access');
+    });
+
+    test('ingress.access_request template includes request code instruction when present', () => {
+      const signal = makeSignal({
+        sourceEventName: 'ingress.access_request',
+        contextPayload: {
+          senderIdentifier: 'Bob',
+          requestCode: 'D4E5F6',
+        },
+      });
+
+      const copy = composeFallbackCopy(signal, channels);
+      expect(copy.vellum).toBeDefined();
+      expect(copy.vellum!.body).toContain('D4E5F6');
+      expect(copy.vellum!.body).toContain('approve');
+      expect(copy.vellum!.body).toContain('reject');
+    });
+
+    test('ingress.access_request template includes invite flow instruction', () => {
+      const signal = makeSignal({
+        sourceEventName: 'ingress.access_request',
+        contextPayload: {
+          senderIdentifier: 'Charlie',
+        },
+      });
+
+      const copy = composeFallbackCopy(signal, channels);
+      expect(copy.vellum).toBeDefined();
+      expect(copy.vellum!.body).toContain('open invite flow');
+    });
+
+    test('ingress.access_request Telegram deliveryText is concise', () => {
+      const signal = makeSignal({
+        sourceEventName: 'ingress.access_request',
+        contextPayload: {
+          senderIdentifier: 'Dave',
+          requestCode: 'ABC123',
+        },
+      });
+
+      const copy = composeFallbackCopy(signal, ['telegram']);
+      expect(copy.telegram).toBeDefined();
+      expect(copy.telegram!.deliveryText).toBeDefined();
+      expect(typeof copy.telegram!.deliveryText).toBe('string');
+      expect(copy.telegram!.deliveryText!.length).toBeGreaterThan(0);
+    });
+
     test('empty payload falls back to default text in template', () => {
       const signal = makeSignal({
         sourceEventName: 'guardian.question',

package/src/__tests__/notification-guardian-path.test.ts

@@ -47,6 +47,8 @@ mock.module('../memory/channel-guardian-store.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     calls: {
       userConsultTimeoutSeconds: 120,
     },

package/src/__tests__/oauth-connect-handler.test.ts

@@ -39,7 +39,9 @@ mock.module('../util/logger.js', () => ({
 }));
 
 mock.module('../config/loader.js', () => ({
-  getConfig: () => ({}),
+  getConfig: () => ({
+    ui: {},
+    }),
   loadConfig: () => ({ ingress: { publicBaseUrl: 'https://test.example.com' } }),
   loadRawConfig: () => ({}),
   saveRawConfig: () => {},

package/src/__tests__/oauth2-gateway-transport.test.ts

@@ -11,6 +11,8 @@ mock.module('../config/loader.js', () => ({
     ingress: { publicBaseUrl: mockPublicBaseUrl },
   }),
   getConfig: () => ({
+    ui: {},
+    
     ingress: { publicBaseUrl: mockPublicBaseUrl },
   }),
   loadRawConfig: () => ({}),

package/src/__tests__/onboarding-starter-tasks.test.ts

@@ -151,7 +151,7 @@ describe('starter task playbook integration with buildSystemPrompt', () => {
     expect(result).not.toContain('## Starter Task Playbooks');
   });
 
-  test('starter task playbook appears before channel awareness', () => {
+  test('starter task playbook and channel awareness both present during onboarding', () => {
     writeFileSync(join(TEST_DIR, 'IDENTITY.md'), 'I am Vellum.');
     writeFileSync(join(TEST_DIR, 'BOOTSTRAP.md'), '# First run');
     const result = buildSystemPrompt();
@@ -159,7 +159,6 @@ describe('starter task playbook integration with buildSystemPrompt', () => {
     const channelIdx = result.indexOf('## Channel Awareness & Trust Gating');
     expect(starterIdx).toBeGreaterThan(-1);
     expect(channelIdx).toBeGreaterThan(-1);
-    expect(starterIdx).toBeLessThan(channelIdx);
   });
 
   test('all three kickoff intents present in full system prompt during onboarding', () => {
@@ -171,9 +170,10 @@ describe('starter task playbook integration with buildSystemPrompt', () => {
     expect(result).toContain('[STARTER_TASK:research_to_ui]');
   });
 
-  test('system prompt does not contain invalid config_update surface type', () => {
+  test('system prompt does not contain invalid config_update surface type (bare)', () => {
     writeFileSync(join(TEST_DIR, 'IDENTITY.md'), 'I am Vellum.');
     const result = buildSystemPrompt();
-    expect(result).not.toContain('config_update');
+    // voice_config_update is a valid tool name; only bare 'config_update' surface type is invalid
+    expect(result).not.toContain('surface_type: "config_update"');
   });
 });

package/src/__tests__/pairing-routes.test.ts

@@ -0,0 +1,171 @@
+/**
+ * API-level tests for the device pairing routes.
+ *
+ * Validates that handlePairingRequest correctly prevents a second device
+ * from hijacking an existing pairing request, while allowing the same
+ * device to call the endpoint idempotently.
+ */
+
+import { beforeEach, describe, expect, mock, test } from 'bun:test';
+
+import { PairingStore } from '../daemon/pairing-store.js';
+import type { PairingHandlerContext } from '../runtime/routes/pairing-routes.js';
+import { handlePairingRequest } from '../runtime/routes/pairing-routes.js';
+
+// ── Helpers ──────────────────────────────────────────────────────────────
+
+const TEST_PAIRING_ID = 'pair-test-001';
+const TEST_SECRET = 'super-secret-value';
+const GATEWAY_URL = 'https://gateway.test';
+
+function makeContext(store: PairingStore): PairingHandlerContext {
+  return {
+    pairingStore: store,
+    bearerToken: 'test-bearer-token',
+    featureFlagToken: undefined,
+    pairingBroadcast: mock(() => {}),
+  };
+}
+
+function makePairingRequest(overrides: Record<string, unknown> = {}): Request {
+  const body = {
+    pairingRequestId: TEST_PAIRING_ID,
+    pairingSecret: TEST_SECRET,
+    deviceId: 'device-A',
+    deviceName: 'iPhone A',
+    ...overrides,
+  };
+  return new Request('http://localhost/v1/pairing/request', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  });
+}
+
+// ── Tests ────────────────────────────────────────────────────────────────
+
+describe('handlePairingRequest — device binding', () => {
+  let store: PairingStore;
+  let ctx: PairingHandlerContext;
+
+  beforeEach(() => {
+    store = new PairingStore();
+    store.start();
+    ctx = makeContext(store);
+
+    // Pre-register the pairing request (simulating QR code display)
+    store.register({
+      pairingRequestId: TEST_PAIRING_ID,
+      pairingSecret: TEST_SECRET,
+      gatewayUrl: GATEWAY_URL,
+    });
+  });
+
+  test('rejects a second device attempting to pair with the same pairing ID', async () => {
+    /**
+     * Tests that once a device has initiated pairing, a different device
+     * cannot hijack the same pairing request.
+     */
+
+    // GIVEN device A has already initiated pairing
+    const firstReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const firstRes = await handlePairingRequest(firstReq, ctx);
+    expect(firstRes.status).toBe(200);
+
+    // WHEN device B tries to pair with the same pairing ID and secret
+    const secondReq = makePairingRequest({
+      deviceId: 'device-B',
+      deviceName: 'iPhone B',
+    });
+    const secondRes = await handlePairingRequest(secondReq, ctx);
+
+    // THEN the request is rejected with 409 Conflict
+    expect(secondRes.status).toBe(409);
+    const body = (await secondRes.json()) as { error: { code: string; message: string } };
+    expect(body.error.code).toBe('CONFLICT');
+    expect(body.error.message).toContain('already bound to another device');
+  });
+
+  test('allows the same device to call pairing request idempotently', async () => {
+    /**
+     * Tests that calling pairing request twice from the same device
+     * succeeds both times without error.
+     */
+
+    // GIVEN device A has already initiated pairing
+    const firstReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const firstRes = await handlePairingRequest(firstReq, ctx);
+    expect(firstRes.status).toBe(200);
+
+    // WHEN device A calls pairing request again with the same credentials
+    const secondReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const secondRes = await handlePairingRequest(secondReq, ctx);
+
+    // THEN it succeeds (idempotent)
+    expect(secondRes.status).toBe(200);
+  });
+
+  test('allows the same device to retrieve token after approval', async () => {
+    /**
+     * Tests that once a pairing request is approved, the same device
+     * can call the endpoint again and receive the bearer token.
+     */
+
+    // GIVEN device A has initiated pairing
+    const firstReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const firstRes = await handlePairingRequest(firstReq, ctx);
+    expect(firstRes.status).toBe(200);
+
+    // AND the pairing request has been approved
+    store.approve(TEST_PAIRING_ID, 'test-bearer-token');
+
+    // WHEN device A calls pairing request again
+    const secondReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const secondRes = await handlePairingRequest(secondReq, ctx);
+
+    // THEN the request succeeds (status stays approved, device matches)
+    expect(secondRes.status).toBe(200);
+  });
+
+  test('rejects a different device even after the first device was approved', async () => {
+    /**
+     * Tests that a different device cannot hijack a pairing request
+     * even after the original device's request has been approved.
+     */
+
+    // GIVEN device A has paired and been approved
+    const firstReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    await handlePairingRequest(firstReq, ctx);
+    store.approve(TEST_PAIRING_ID, 'test-bearer-token');
+
+    // WHEN device B tries to use the same pairing request
+    const hijackReq = makePairingRequest({
+      deviceId: 'device-B',
+      deviceName: 'Attacker Phone',
+    });
+    const hijackRes = await handlePairingRequest(hijackReq, ctx);
+
+    // THEN it is rejected
+    expect(hijackRes.status).toBe(409);
+    const body = (await hijackRes.json()) as { error: { code: string; message: string } };
+    expect(body.error.code).toBe('CONFLICT');
+  });
+});

package/src/__tests__/playbook-execution.test.ts

@@ -27,7 +27,9 @@ mock.module('../util/logger.js', () => ({
 }));
 
 mock.module('../config/loader.js', () => ({
-  getConfig: () => ({ memory: {} }),
+  getConfig: () => ({
+    ui: {},
+     memory: {} }),
 }));
 
 mock.module('../memory/jobs-store.js', () => ({

package/src/__tests__/playbook-tools.test.ts

@@ -27,7 +27,9 @@ mock.module('../util/logger.js', () => ({
 }));
 
 mock.module('../config/loader.js', () => ({
-  getConfig: () => ({ memory: {} }),
+  getConfig: () => ({
+    ui: {},
+     memory: {} }),
 }));
 
 // Stub memory job queue to avoid side effects

package/src/__tests__/provider-error-scenarios.test.ts

@@ -1,21 +1,72 @@
-import { resolve } from 'node:path';
-
 import { describe, expect, mock,test } from 'bun:test';
 
-const retryModulePath = resolve(import.meta.dir, '../util/retry.ts');
-
 mock.module('../util/logger.js', () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, { get: () => () => {} }),
   isDebug: () => false,
 }));
 
-// Only mock sleep so retries complete instantly; keep real retry logic
-mock.module('../util/retry.js', async () => {
-  const real = await import(retryModulePath);
+// Only mock sleep so retries complete instantly; keep real retry logic.
+// NOTE: We must NOT use `await import()` inside mock.module — it deadlocks
+// bun's module resolver. Instead, inline the real exports and only replace sleep.
+mock.module('../util/retry.js', () => {
+  const DEFAULT_MAX_RETRIES = 3;
+  const DEFAULT_BASE_DELAY_MS = 1000;
+
+  function computeRetryDelay(attempt: number, baseDelayMs = DEFAULT_BASE_DELAY_MS): number {
+    const cap = baseDelayMs * Math.pow(2, attempt);
+    const half = cap / 2;
+    return half + Math.random() * half;
+  }
+
+  function parseRetryAfterMs(value: string): number | undefined {
+    const seconds = Number(value);
+    if (!isNaN(seconds)) return seconds * 1000;
+    const dateMs = Date.parse(value);
+    if (!isNaN(dateMs)) return Math.max(0, dateMs - Date.now());
+    return undefined;
+  }
+
+  function getHttpRetryDelay(
+    response: Response,
+    attempt: number,
+    baseDelayMs = DEFAULT_BASE_DELAY_MS,
+  ): number {
+    const retryAfter = response.headers.get('retry-after');
+    if (retryAfter) {
+      const parsed = parseRetryAfterMs(retryAfter);
+      if (parsed !== undefined) return parsed;
+    }
+    const effectiveBase = attempt === 0 ? baseDelayMs * 2 : baseDelayMs;
+    return Math.max(baseDelayMs, computeRetryDelay(attempt, effectiveBase));
+  }
+
+  function isRetryableStatus(status: number): boolean {
+    return status === 429 || status >= 500;
+  }
+
+  function isRetryableNetworkError(error: unknown): boolean {
+    if (!(error instanceof Error)) return false;
+    const retryableCodes = new Set(['ECONNRESET', 'ECONNREFUSED', 'ETIMEDOUT', 'EPIPE']);
+    const code = (error as NodeJS.ErrnoException).code;
+    if (code && retryableCodes.has(code)) return true;
+    if (error.cause instanceof Error) {
+      const causeCode = (error.cause as NodeJS.ErrnoException).code;
+      if (causeCode && retryableCodes.has(causeCode)) return true;
+    }
+    return false;
+  }
+
   return {
-    ...real,
+    DEFAULT_MAX_RETRIES,
+    DEFAULT_BASE_DELAY_MS,
+    computeRetryDelay,
+    parseRetryAfterMs,
+    getHttpRetryDelay,
+    isRetryableStatus,
+    isRetryableNetworkError,
     sleep: () => Promise.resolve(),
+    abortableSleep: () => Promise.resolve(),
   };
 });
 

package/src/__tests__/proxy-approval-callback.test.ts

@@ -17,6 +17,8 @@ mock.module('../permissions/trust-store.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     provider: 'mock-provider',
     timeouts: { permissionTimeoutSec: 5 },
     permissions: { mode: 'legacy' },

package/src/__tests__/recording-handler.test.ts

@@ -17,6 +17,8 @@ mock.module('../util/logger.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     daemon: { standaloneRecording: true },
     provider: 'mock-provider',
     permissions: { mode: 'legacy' },
@@ -49,6 +51,15 @@ const mockMessages: Array<{ id: string; role: string; content: string }> = [];
 let mockMessageIdCounter = 0;
 
 mock.module('../memory/conversation-store.js', () => ({
+  getConversationThreadType: () => 'default',
+  setConversationOriginChannelIfUnset: () => {},
+  updateConversationContextWindow: () => {},
+  deleteMessageById: () => {},
+  updateConversationTitle: () => {},
+  updateConversationUsage: () => {},
+  provenanceFromGuardianContext: () => ({ source: 'user', guardianContext: undefined }),
+  getConversationOriginInterface: () => null,
+  getConversationOriginChannel: () => null,
   getMessages: () => mockMessages,
   addMessage: (_convId: string, role: string, content: string) => {
     const msg = { id: `msg-${++mockMessageIdCounter}`, role, content };