@vellumai/assistant 0.3.28 → 0.4.1

package/src/calls/call-controller.ts

@@ -12,13 +12,11 @@ import { getGatewayInternalBaseUrl } from '../config/env.js';
 import type { ServerMessage } from '../daemon/ipc-contract.js';
 import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.js';
 import {
-  backfillSupersessionMetadata,
-  expireGuardianActionRequest,
-  getByPendingQuestionId,
-  getDeliveriesByRequestId,
-  getPendingRequestByCallSessionId,
-  markTimedOutWithReason,
-} from '../memory/guardian-action-store.js';
+  expireCanonicalGuardianRequest,
+  getCanonicalRequestByPendingQuestionId,
+  getPendingCanonicalRequestByCallSessionId,
+  listCanonicalGuardianDeliveries,
+} from '../memory/canonical-guardian-store.js';
 import { revokeScopedApprovalGrantsForContext } from '../memory/scoped-approval-grants.js';
 import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { getLogger } from '../util/logger.js';
@@ -709,8 +707,7 @@ export class CallController {
               effectiveToolMeta && this.pendingConsultation.toolApprovalMeta
                 ? effectiveToolMeta.toolName === this.pendingConsultation.toolApprovalMeta.toolName
                   && effectiveToolMeta.inputDigest === this.pendingConsultation.toolApprovalMeta.inputDigest
-                : !effectiveToolMeta && !this.pendingConsultation.toolApprovalMeta
-                  && questionText === this.pendingConsultation.questionText;
+                : !effectiveToolMeta && !this.pendingConsultation.toolApprovalMeta;
 
             if (isSameToolAction) {
               // Same tool/action — coalesce. Keep the existing consultation
@@ -728,11 +725,11 @@ export class CallController {
               // Expire the previous consultation's storage records so stale
               // guardian answers cannot match the old request.
               expirePendingQuestions(this.callSessionId);
-              const previousRequest = getPendingRequestByCallSessionId(this.callSessionId);
+              const previousRequest = getPendingCanonicalRequestByCallSessionId(this.callSessionId);
               if (previousRequest) {
                 // Immediately expire with 'superseded' reason to prevent
                 // stale answers from resolving the old request.
-                expireGuardianActionRequest(previousRequest.id, 'superseded');
+                expireCanonicalGuardianRequest(previousRequest.id);
                 log.info(
                   { callSessionId: this.callSessionId, requestId: previousRequest.id },
                   'Superseded guardian action request (materially different intent)',
@@ -769,9 +766,9 @@ export class CallController {
           // a completed call with a dangling pendingQuestion, and guardian
           // replies are cleanly rejected instead of hitting answerCall failures.
           expirePendingQuestions(this.callSessionId);
-          const previousRequest = getPendingRequestByCallSessionId(this.callSessionId);
+          const previousRequest = getPendingCanonicalRequestByCallSessionId(this.callSessionId);
           if (previousRequest) {
-            expireGuardianActionRequest(previousRequest.id, 'cancelled');
+            expireCanonicalGuardianRequest(previousRequest.id);
           }
 
           this.pendingConsultation = null;
@@ -857,7 +854,7 @@ export class CallController {
   }
 
   private isCallerGuardian(): boolean {
-    return this.guardianContext?.actorRole === 'guardian';
+    return this.guardianContext?.trustClass === 'guardian';
   }
 
   /**
@@ -896,11 +893,16 @@ export class CallController {
         inputDigest: effectiveToolMeta?.inputDigest,
       }).then(() => {
         // Backfill supersession chain: now that the new request exists in
-        // the store, update the old request's superseded_by_request_id.
+        // the store, link the old request to the new one.
         if (supersededRequestId) {
-          const newRequest = getByPendingQuestionId(stablePendingQuestionId);
+          const newRequest = getCanonicalRequestByPendingQuestionId(stablePendingQuestionId);
           if (newRequest) {
-            backfillSupersessionMetadata(supersededRequestId, newRequest.id);
+            // Canonical store does not track supersession metadata;
+            // the old request was already expired above.
+            log.info(
+              { callSessionId: this.callSessionId, oldRequestId: supersededRequestId, newRequestId: newRequest.id },
+              'Supersession chain: new canonical request created',
+            );
           }
         }
       });
@@ -918,17 +920,18 @@ export class CallController {
       // send expiry notices to guardian destinations. Deliveries
       // must be captured before markTimedOutWithReason changes
       // their status.
-      const pendingActionRequest = getPendingRequestByCallSessionId(this.callSessionId);
+      const pendingActionRequest = getPendingCanonicalRequestByCallSessionId(this.callSessionId);
       if (pendingActionRequest) {
-        const deliveries = getDeliveriesByRequestId(pendingActionRequest.id);
-        markTimedOutWithReason(pendingActionRequest.id, 'call_timeout');
+        const canonicalDeliveries = listCanonicalGuardianDeliveries(pendingActionRequest.id);
+        // Expire the canonical request and its deliveries
+        expireCanonicalGuardianRequest(pendingActionRequest.id);
         log.info(
           { callSessionId: this.callSessionId, requestId: pendingActionRequest.id },
-          'Marked guardian action request as timed out',
+          'Marked canonical guardian request as timed out',
         );
         void sendGuardianExpiryNotices(
-          deliveries,
-          pendingActionRequest.assistantId,
+          canonicalDeliveries,
+          this.assistantId,
           getGatewayInternalBaseUrl(),
           readHttpToken() ?? undefined,
         ).catch((err) => {

package/src/calls/guardian-action-sweep.ts

@@ -10,7 +10,6 @@
  */
 
 import { addMessage } from '../memory/conversation-store.js';
-import type { GuardianActionDelivery } from '../memory/guardian-action-store.js';
 import {
   expireGuardianActionRequest,
   getDeliveriesByRequestId,
@@ -37,8 +36,17 @@ let sweepInProgress = false;
  * Deliveries must be captured *before* their status is changed to 'expired'
  * so the sent/pending filter still matches.
  */
+/** Minimal delivery shape used by the expiry notice sender. */
+export interface ExpiryDeliveryInfo {
+  id: string;
+  status: string;
+  destinationChannel: string;
+  destinationConversationId: string | null;
+  destinationChatId: string | null;
+}
+
 export async function sendGuardianExpiryNotices(
-  deliveries: GuardianActionDelivery[],
+  deliveries: ExpiryDeliveryInfo[],
   assistantId: string,
   gatewayBaseUrl: string,
   bearerToken?: string,

package/src/calls/relay-server.ts

@@ -10,23 +10,25 @@ import { randomInt } from 'node:crypto';
 
 import type { ServerWebSocket } from 'bun';
 
+import { isAssistantFeatureFlagEnabled } from '../config/assistant-feature-flags.js';
 import { getConfig } from '../config/loader.js';
 import * as conversationStore from '../memory/conversation-store.js';
+import { findActiveVoiceInvites } from '../memory/ingress-invite-store.js';
 import { revokeScopedApprovalGrantsForContext } from '../memory/scoped-approval-grants.js';
 import { notifyGuardianOfAccessRequest } from '../runtime/access-request-helper.js';
-import { resolveActorTrust, toGuardianContextCompat } from '../runtime/actor-trust-resolver.js';
+import {
+  resolveActorTrust,
+  toGuardianRuntimeContextFromTrust,
+} from '../runtime/actor-trust-resolver.js';
 import {
   getPendingChallenge,
   validateAndConsumeChallenge,
 } from '../runtime/channel-guardian-service.js';
-import {
-  resolveGuardianContext,
-  toGuardianRuntimeContext,
-} from '../runtime/guardian-context-resolver.js';
 import {
   composeVerificationVoice,
   GUARDIAN_VERIFY_TEMPLATE_KEYS,
 } from '../runtime/guardian-verification-templates.js';
+import { redeemVoiceInviteCode } from '../runtime/ingress-service.js';
 import { parseJsonSafe } from '../util/json.js';
 import { getLogger } from '../util/logger.js';
 import { normalizeAssistantId } from '../util/platform.js';
@@ -173,6 +175,12 @@ export class RelayConnection {
   // Outbound guardian verification state (system calls the guardian)
   private outboundGuardianVerificationSessionId: string | null = null;
 
+  // Inbound voice invite redemption state
+  private inviteRedemptionActive = false;
+  private inviteRedemptionAssistantId: string | null = null;
+  private inviteRedemptionFromNumber: string | null = null;
+  private inviteRedemptionCodeLength = 6;
+
   constructor(ws: ServerWebSocket<RelayWebSocketData>, callSessionId: string) {
     this.ws = ws;
     this.callSessionId = callSessionId;
@@ -428,15 +436,13 @@ export class RelayConnection {
     // calls msg.from is the caller; for outbound calls msg.to is the
     // recipient (msg.from is the assistant's Twilio number).
     const otherPartyNumber = isInbound ? msg.from : msg.to;
-    const initialGuardianContext = toGuardianRuntimeContext(
-      'voice',
-      resolveGuardianContext({
-        assistantId,
-        sourceChannel: 'voice',
-        externalChatId: otherPartyNumber,
-        senderExternalUserId: otherPartyNumber || undefined,
-      }),
-    );
+    const initialActorTrust = resolveActorTrust({
+      assistantId,
+      sourceChannel: 'voice',
+      externalChatId: otherPartyNumber,
+      senderExternalUserId: otherPartyNumber || undefined,
+    });
+    const initialGuardianContext = toGuardianRuntimeContextFromTrust(initialActorTrust, otherPartyNumber);
 
     const controller = new CallController(this.callSessionId, this, session?.task ?? null, {
       broadcast: globalBroadcast,
@@ -494,6 +500,41 @@ export class RelayConnection {
       const pendingChallenge = getPendingChallenge(assistantId, 'voice');
 
       if (actorTrust.trustClass === 'unknown' && !pendingChallenge) {
+        // Before denying, check if there is an active voice invite bound
+        // to the caller's phone number. If so, enter the invite redemption
+        // subflow instead of denying the call outright.
+        // Gated behind the voice-invite-redemption feature flag (defaults OFF).
+        const voiceInviteEnabled = isAssistantFeatureFlagEnabled(
+          'feature_flags.voice-invite-redemption.enabled',
+          config,
+        );
+
+        if (voiceInviteEnabled) {
+          let voiceInvites: ReturnType<typeof findActiveVoiceInvites> = [];
+          try {
+            voiceInvites = findActiveVoiceInvites({
+              assistantId,
+              expectedExternalUserId: msg.from,
+            });
+          } catch (err) {
+            log.warn({ err, callSessionId: this.callSessionId }, 'Failed to check voice invites for unknown caller');
+          }
+
+          // Exclude invites that are past their expiresAt even if the DB
+          // status hasn't been lazily flipped to 'expired' yet.
+          const now = Date.now();
+          const nonExpiredInvites = voiceInvites.filter(i => !i.expiresAt || i.expiresAt > now);
+
+          if (nonExpiredInvites.length > 0) {
+            log.info(
+              { callSessionId: this.callSessionId, from: msg.from },
+              'Inbound voice ACL: unknown caller has active voice invite — entering redemption flow',
+            );
+            this.startInviteRedemption(assistantId, msg.from);
+            return;
+          }
+        }
+
         log.info(
           { callSessionId: this.callSessionId, from: msg.from, trustClass: actorTrust.trustClass },
           'Inbound voice ACL: unknown caller denied',
@@ -613,10 +654,7 @@ export class RelayConnection {
       // Update the controller's guardian context with the trust-resolved
       // context so downstream policy gates have accurate actor metadata.
       if (this.controller && actorTrust.trustClass !== 'unknown') {
-        const resolvedGuardianContext = toGuardianRuntimeContext(
-          'voice',
-          toGuardianContextCompat(actorTrust, msg.from),
-        );
+        const resolvedGuardianContext = toGuardianRuntimeContextFromTrust(actorTrust, msg.from);
         this.controller.setGuardianContext(resolvedGuardianContext);
       }
 
@@ -876,16 +914,14 @@ export class RelayConnection {
       } else {
         // Inbound: proceed to normal call flow
         if (this.controller) {
+          const verifiedActorTrust = resolveActorTrust({
+            assistantId: this.guardianChallengeAssistantId,
+            sourceChannel: 'voice',
+            externalChatId: this.guardianVerificationFromNumber,
+            senderExternalUserId: this.guardianVerificationFromNumber,
+          });
           this.controller.setGuardianContext(
-            toGuardianRuntimeContext(
-              'voice',
-              resolveGuardianContext({
-                assistantId: this.guardianChallengeAssistantId,
-                sourceChannel: 'voice',
-                externalChatId: this.guardianVerificationFromNumber,
-                senderExternalUserId: this.guardianVerificationFromNumber,
-              }),
-            ),
+            toGuardianRuntimeContextFromTrust(verifiedActorTrust, this.guardianVerificationFromNumber),
           );
           this.startNormalCallFlow(this.controller, true);
         }
@@ -960,6 +996,126 @@ export class RelayConnection {
     }
   }
 
+  /**
+   * Enter the invite redemption subflow for an inbound unknown caller
+   * who has an active voice invite. Prompts the caller to enter their
+   * invite code via DTMF or speech.
+   */
+  private startInviteRedemption(assistantId: string, fromNumber: string): void {
+    this.inviteRedemptionActive = true;
+    this.inviteRedemptionAssistantId = assistantId;
+    this.inviteRedemptionFromNumber = fromNumber;
+    this.connectionState = 'verification_pending';
+    this.verificationAttempts = 0;
+    this.verificationMaxAttempts = 3;
+    this.inviteRedemptionCodeLength = 6;
+    this.dtmfBuffer = '';
+
+    recordCallEvent(this.callSessionId, 'invite_redemption_started', {
+      assistantId,
+      codeLength: 6,
+      maxAttempts: this.verificationMaxAttempts,
+    });
+
+    this.sendTextToken(
+      'Please enter your 6-digit invite code using your keypad, or speak the digits now.',
+      true,
+    );
+
+    log.info(
+      { callSessionId: this.callSessionId, assistantId },
+      'Inbound voice invite redemption started',
+    );
+  }
+
+  /**
+   * Validate an entered invite code against active voice invites for the
+   * caller. On success, create/activate the ingress member and transition
+   * to the normal call flow. On failure, allow retries up to max attempts.
+   */
+  private attemptInviteCodeRedemption(enteredCode: string): void {
+    if (!this.inviteRedemptionAssistantId || !this.inviteRedemptionFromNumber) {
+      return;
+    }
+
+    const result = redeemVoiceInviteCode({
+      assistantId: this.inviteRedemptionAssistantId,
+      callerExternalUserId: this.inviteRedemptionFromNumber,
+      sourceChannel: 'voice',
+      code: enteredCode,
+    });
+
+    if (result.ok) {
+      this.connectionState = 'connected';
+      this.inviteRedemptionActive = false;
+      this.verificationAttempts = 0;
+      this.dtmfBuffer = '';
+
+      recordCallEvent(this.callSessionId, 'invite_redemption_succeeded', {
+        memberId: result.memberId,
+        ...(result.type === 'redeemed' ? { inviteId: result.inviteId } : {}),
+      });
+      log.info(
+        { callSessionId: this.callSessionId, memberId: result.memberId, type: result.type },
+        'Voice invite redemption succeeded',
+      );
+
+      if (this.controller) {
+        const redeemedActorTrust = resolveActorTrust({
+          assistantId: this.inviteRedemptionAssistantId,
+          sourceChannel: 'voice',
+          externalChatId: this.inviteRedemptionFromNumber,
+          senderExternalUserId: this.inviteRedemptionFromNumber,
+        });
+        this.controller.setGuardianContext(
+          toGuardianRuntimeContextFromTrust(redeemedActorTrust, this.inviteRedemptionFromNumber),
+        );
+        this.startNormalCallFlow(this.controller, true);
+      }
+    } else {
+      this.verificationAttempts++;
+
+      if (this.verificationAttempts >= this.verificationMaxAttempts) {
+        this.inviteRedemptionActive = false;
+
+        recordCallEvent(this.callSessionId, 'invite_redemption_failed', {
+          attempts: this.verificationAttempts,
+        });
+        log.warn(
+          { callSessionId: this.callSessionId, attempts: this.verificationAttempts },
+          'Voice invite redemption failed — max attempts reached',
+        );
+
+        this.sendTextToken('Too many invalid attempts. Goodbye.', true);
+
+        updateCallSession(this.callSessionId, {
+          status: 'failed',
+          endedAt: Date.now(),
+          lastError: 'Voice invite redemption failed — max attempts exceeded',
+        });
+
+        const failSession = getCallSession(this.callSessionId);
+        if (failSession) {
+          expirePendingQuestions(this.callSessionId);
+          persistCallCompletionMessage(failSession.conversationId, this.callSessionId).catch((err) => {
+            log.error({ err, conversationId: failSession.conversationId, callSessionId: this.callSessionId }, 'Failed to persist call completion message');
+          });
+          fireCallCompletionNotifier(failSession.conversationId, this.callSessionId);
+        }
+
+        setTimeout(() => {
+          this.endSession('Invite redemption failed');
+        }, 2000);
+      } else {
+        log.info(
+          { callSessionId: this.callSessionId, attempt: this.verificationAttempts, maxAttempts: this.verificationMaxAttempts },
+          'Voice invite redemption attempt failed — retrying',
+        );
+        this.sendTextToken('Invalid code. Please try again.', true);
+      }
+    }
+  }
+
   private async handlePrompt(msg: RelayPromptMessage): Promise<void> {
     if (this.connectionState === 'disconnecting') {
       return;
@@ -990,6 +1146,26 @@ export class RelayConnection {
       return;
     }
 
+    // During invite redemption, attempt to parse spoken digits from the
+    // transcript and validate against the caller's active voice invite.
+    if (this.connectionState === 'verification_pending' && this.inviteRedemptionActive) {
+      const spokenDigits = RelayConnection.parseDigitsFromSpeech(msg.voicePrompt);
+      log.info(
+        { callSessionId: this.callSessionId, transcript: msg.voicePrompt, spokenDigits },
+        'Speech received during invite redemption',
+      );
+      if (spokenDigits.length >= this.inviteRedemptionCodeLength) {
+        const enteredCode = spokenDigits.slice(0, this.inviteRedemptionCodeLength);
+        this.attemptInviteCodeRedemption(enteredCode);
+      } else if (spokenDigits.length > 0) {
+        this.sendTextToken(
+          `I heard ${spokenDigits.length} digits. Please enter all ${this.inviteRedemptionCodeLength} digits of your code.`,
+          true,
+        );
+      }
+      return;
+    }
+
     // During outbound callee verification, ignore voice prompts — the callee
     // should be entering DTMF digits, not speaking.
     if (this.connectionState === 'verification_pending') {
@@ -1102,6 +1278,19 @@ export class RelayConnection {
       return;
     }
 
+    // If invite redemption is pending, accumulate digits and validate
+    // the code against the caller's active voice invite.
+    if (this.connectionState === 'verification_pending' && this.inviteRedemptionActive) {
+      this.dtmfBuffer += msg.digit;
+
+      if (this.dtmfBuffer.length >= this.inviteRedemptionCodeLength) {
+        const enteredCode = this.dtmfBuffer.slice(0, this.inviteRedemptionCodeLength);
+        this.dtmfBuffer = '';
+        this.attemptInviteCodeRedemption(enteredCode);
+      }
+      return;
+    }
+
     // If outbound callee verification is pending, accumulate digits and check the code
     if (this.connectionState === 'verification_pending' && this.verificationCode) {
       this.dtmfBuffer += msg.digit;

package/src/calls/types.ts

@@ -1,5 +1,5 @@
 export type CallStatus = 'initiated' | 'ringing' | 'in_progress' | 'waiting_on_user' | 'completed' | 'failed' | 'cancelled';
-export type CallEventType = 'call_started' | 'call_connected' | 'caller_spoke' | 'assistant_spoke' | 'user_question_asked' | 'user_answered' | 'user_instruction_relayed' | 'call_ended' | 'call_failed' | 'callee_verification_started' | 'callee_verification_succeeded' | 'callee_verification_failed' | 'guardian_voice_verification_started' | 'guardian_voice_verification_succeeded' | 'guardian_voice_verification_failed' | 'outbound_guardian_voice_verification_started' | 'outbound_guardian_voice_verification_succeeded' | 'outbound_guardian_voice_verification_failed' | 'guardian_consultation_timed_out' | 'guardian_unavailable_skipped' | 'guardian_consult_deferred' | 'guardian_consult_coalesced' | 'inbound_acl_denied';
+export type CallEventType = 'call_started' | 'call_connected' | 'caller_spoke' | 'assistant_spoke' | 'user_question_asked' | 'user_answered' | 'user_instruction_relayed' | 'call_ended' | 'call_failed' | 'callee_verification_started' | 'callee_verification_succeeded' | 'callee_verification_failed' | 'guardian_voice_verification_started' | 'guardian_voice_verification_succeeded' | 'guardian_voice_verification_failed' | 'outbound_guardian_voice_verification_started' | 'outbound_guardian_voice_verification_succeeded' | 'outbound_guardian_voice_verification_failed' | 'guardian_consultation_timed_out' | 'guardian_unavailable_skipped' | 'guardian_consult_deferred' | 'guardian_consult_coalesced' | 'inbound_acl_denied' | 'invite_redemption_started' | 'invite_redemption_succeeded' | 'invite_redemption_failed';
 export type PendingQuestionStatus = 'pending' | 'answered' | 'expired' | 'cancelled';
 
 /**

package/src/calls/voice-session-bridge.ts

@@ -250,8 +250,8 @@ export async function startVoiceTurn(opts: VoiceTurnOptions): Promise<VoiceTurnH
   // - guardian: permission prompts auto-allow (parity with guardian chat)
   // - everyone else (including unknown): fail-closed strict side-effects
   //   with auto-deny confirmations.
-  const actorRole = opts.guardianContext?.actorRole;
-  const isGuardian = actorRole === 'guardian';
+  const trustClass = opts.guardianContext?.trustClass;
+  const isGuardian = trustClass === 'guardian';
   const forceStrictSideEffects = isGuardian ? undefined : true;
 
   // Replace the [CALL_OPENING] marker with a neutral instruction before
@@ -264,7 +264,7 @@ export async function startVoiceTurn(opts: VoiceTurnOptions): Promise<VoiceTurnH
 
   // Build the call-control protocol prompt so the model knows how to emit
   // control markers (ASK_GUARDIAN, END_CALL, etc.) and recognize opener turns.
-  const isCallerGuardian = opts.guardianContext?.actorRole === 'guardian';
+  const isCallerGuardian = opts.guardianContext?.trustClass === 'guardian';
 
   const voiceCallControlPrompt = buildVoiceCallControlPrompt({
     isInbound: opts.isInbound,

package/src/cli.ts

@@ -492,6 +492,18 @@ export async function startCli(): Promise<void> {
         break;
       }
 
+      case 'message_request_complete': {
+        // Request-level terminal for inline approval consumption.
+        // When no agent turn remains active, clear busy state and re-prompt.
+        if (msg.runStillActive !== true) {
+          spinner.stop();
+          generating = false;
+          process.stdout.write('\n\n');
+          prompt();
+        }
+        break;
+      }
+
       case 'generation_handoff': {
         // The current request's generation is done; show usage and re-prompt.
         // Always clear `generating` — this CLI client's generation is finished

package/src/config/agent-schema.ts

@@ -131,7 +131,7 @@ export const WorkspaceGitConfigSchema = z.object({
   commitMessageLLM: z.object({
     enabled: z.boolean({ error: 'workspaceGit.commitMessageLLM.enabled must be a boolean' }).default(false),
     useConfiguredProvider: z.boolean({ error: 'workspaceGit.commitMessageLLM.useConfiguredProvider must be a boolean' }).default(true),
-    providerFastModelOverrides: z.record(z.string(), z.string()).default({} as any),
+    providerFastModelOverrides: z.record(z.string(), z.string()).default({} as Record<string, string>),
     timeoutMs: z.number({ error: 'workspaceGit.commitMessageLLM.timeoutMs must be a number' })
       .int('workspaceGit.commitMessageLLM.timeoutMs must be an integer')
       .positive('workspaceGit.commitMessageLLM.timeoutMs must be a positive integer')
@@ -163,8 +163,19 @@ export const WorkspaceGitConfigSchema = z.object({
         .int().positive().default(2000),
       backoffMaxMs: z.number({ error: 'workspaceGit.commitMessageLLM.breaker.backoffMaxMs must be a number' })
         .int().positive().default(60000),
-    }).default({} as any),
-  }).default({} as any),
+    }).default({ openAfterFailures: 3, backoffBaseMs: 2000, backoffMaxMs: 60000 }),
+  }).default({
+    enabled: false,
+    useConfiguredProvider: true,
+    providerFastModelOverrides: {},
+    timeoutMs: 600,
+    maxTokens: 120,
+    temperature: 0.2,
+    maxFilesInPrompt: 30,
+    maxDiffBytes: 12000,
+    minRemainingTurnBudgetMs: 1000,
+    breaker: { openAfterFailures: 3, backoffBaseMs: 2000, backoffMaxMs: 60000 },
+  }),
 });
 
 export type HeartbeatConfig = z.infer<typeof HeartbeatConfigSchema>;

package/src/config/calls-schema.ts

@@ -76,7 +76,7 @@ export const CallsVoiceConfigSchema = z.object({
   fallbackToStandardOnError: z
     .boolean({ error: 'calls.voice.fallbackToStandardOnError must be a boolean' })
     .default(true),
-  elevenlabs: CallsElevenLabsConfigSchema.default({} as any),
+  elevenlabs: CallsElevenLabsConfigSchema.default(CallsElevenLabsConfigSchema.parse({})),
 });
 
 export const CallerIdentityConfigSchema = z.object({
@@ -125,14 +125,14 @@ export const CallsConfigSchema = z.object({
     .positive('calls.userConsultTimeoutSeconds must be a positive integer')
     .max(2_147_483, 'calls.userConsultTimeoutSeconds must be at most 2147483 (setTimeout-safe limit)')
     .default(120),
-  disclosure: CallsDisclosureConfigSchema.default({} as any),
-  safety: CallsSafetyConfigSchema.default({} as any),
-  voice: CallsVoiceConfigSchema.default({} as any),
+  disclosure: CallsDisclosureConfigSchema.default(CallsDisclosureConfigSchema.parse({})),
+  safety: CallsSafetyConfigSchema.default(CallsSafetyConfigSchema.parse({})),
+  voice: CallsVoiceConfigSchema.default(CallsVoiceConfigSchema.parse({})),
   model: z
     .string({ error: 'calls.model must be a string' })
     .optional(),
-  callerIdentity: CallerIdentityConfigSchema.default({} as any),
-  verification: CallsVerificationConfigSchema.default({} as any),
+  callerIdentity: CallerIdentityConfigSchema.default(CallerIdentityConfigSchema.parse({})),
+  verification: CallsVerificationConfigSchema.default(CallsVerificationConfigSchema.parse({})),
 });
 
 export type CallsConfig = z.infer<typeof CallsConfigSchema>;

package/src/config/core-schema.ts

@@ -231,8 +231,8 @@ const IngressBaseSchema = z.object({
       'ingress.publicBaseUrl must be an absolute URL starting with http:// or https://',
     )
     .default(''),
-  webhook: IngressWebhookConfigSchema.default({} as any),
-  rateLimit: IngressRateLimitConfigSchema.default({} as any),
+  webhook: IngressWebhookConfigSchema.default(IngressWebhookConfigSchema.parse({})),
+  rateLimit: IngressRateLimitConfigSchema.default(IngressRateLimitConfigSchema.parse({})),
   shutdownDrainMs: z
     .number({ error: 'ingress.shutdownDrainMs must be a number' })
     .int('ingress.shutdownDrainMs must be an integer')
@@ -241,7 +241,7 @@ const IngressBaseSchema = z.object({
 });
 
 export const IngressConfigSchema = IngressBaseSchema
-  .default({} as any)
+  .default(IngressBaseSchema.parse({}))
   .transform((val) => ({
     ...val,
     // Backward compatibility: if `enabled` was never explicitly set (undefined),

package/src/config/feature-flag-registry.json

@@ -49,6 +49,14 @@
       "description": "Send crash reports and error diagnostics to help improve the app",
       "defaultEnabled": true
     },
+    {
+      "id": "voice-invite-redemption",
+      "scope": "assistant",
+      "key": "feature_flags.voice-invite-redemption.enabled",
+      "label": "Voice Invite Redemption",
+      "description": "Enable voice invite code redemption for inbound callers with active voice invites",
+      "defaultEnabled": false
+    },
     {
       "id": "user-hosted-enabled",
       "scope": "macos",

package/src/config/mcp-schema.ts

@@ -37,7 +37,7 @@ export const McpServerConfigSchema = z.object({
 });
 
 export const McpConfigSchema = z.object({
-  servers: z.record(z.string(), McpServerConfigSchema).default({} as any),
+  servers: z.record(z.string(), McpServerConfigSchema).default({} as Record<string, never>),
   globalMaxTools: z.number({ error: 'mcp globalMaxTools must be a number' }).int().positive().default(50),
 });