@vellumai/assistant 0.3.28 → 0.4.1

package/src/daemon/lifecycle.ts

@@ -377,6 +377,25 @@ export async function runDaemon(): Promise<void> {
       socketPath: getSocketPath(),
     });
 
+    // Download embedding runtime in background (non-blocking).
+    // If download fails, local embeddings gracefully fall back to cloud backends.
+    void (async () => {
+      try {
+        const { EmbeddingRuntimeManager } = await import('../memory/embedding-runtime-manager.js');
+        const runtimeManager = new EmbeddingRuntimeManager();
+        if (!runtimeManager.isReady()) {
+          log.info('Downloading embedding runtime in background...');
+          await runtimeManager.ensureInstalled();
+          // Reset the localBackendBroken flag so auto mode retries local embeddings
+          const { clearEmbeddingBackendCache } = await import('../memory/embedding-backend.js');
+          clearEmbeddingBackendCache();
+          log.info('Embedding runtime download complete');
+        }
+      } catch (err) {
+        log.warn({ err }, 'Embedding runtime download failed — local embeddings will use cloud fallback');
+      }
+    })();
+
     if (config.auditLog.retentionDays > 0) {
       try {
         rotateToolInvocations(config.auditLog.retentionDays);

package/src/daemon/pairing-store.ts

@@ -1,14 +1,21 @@
 /**
- * In-memory pairing request store with TTL.
+ * Pairing request store with TTL and disk persistence.
  *
  * Each pairing request lives for at most TTL_MS (5 minutes) before
  * being swept as expired. Status transitions:
  *   registered → pending → approved | denied | expired
+ *
+ * Entries are persisted to ~/.vellum/protected/pairing-requests.json
+ * using the same atomic-write pattern as approved-devices-store.ts
+ * so that device bindings survive daemon restarts.
  */
 
 import { createHash, timingSafeEqual } from 'node:crypto';
+import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
 
 import { getLogger } from '../util/logger.js';
+import { getRootDir } from '../util/platform.js';
 
 const log = getLogger('pairing-store');
 
@@ -40,11 +47,60 @@ function timingSafeCompare(a: string, b: string): boolean {
   return timingSafeEqual(bufA, bufB);
 }
 
+interface PairingStoreFile {
+  version: 1;
+  requests: PairingRequest[];
+}
+
+function getStorePath(): string {
+  return join(getRootDir(), 'protected', 'pairing-requests.json');
+}
+
+function loadFromDisk(): Map<string, PairingRequest> {
+  const path = getStorePath();
+  if (!existsSync(path)) {
+    return new Map();
+  }
+  try {
+    const raw = readFileSync(path, 'utf-8');
+    const data = JSON.parse(raw) as PairingStoreFile;
+    if (data.version !== 1 || !Array.isArray(data.requests)) {
+      log.warn('Invalid pairing-requests.json format, starting fresh');
+      return new Map();
+    }
+    const map = new Map<string, PairingRequest>();
+    for (const entry of data.requests) {
+      map.set(entry.pairingRequestId, entry);
+    }
+    return map;
+  } catch (err) {
+    log.error({ err }, 'Failed to load pairing-requests.json');
+    return new Map();
+  }
+}
+
+function saveToDisk(requests: Map<string, PairingRequest>): void {
+  const path = getStorePath();
+  const dir = dirname(path);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  const data: PairingStoreFile = {
+    version: 1,
+    requests: Array.from(requests.values()),
+  };
+  const tmpPath = path + '.tmp.' + process.pid;
+  writeFileSync(tmpPath, JSON.stringify(data, null, 2), { mode: 0o600 });
+  renameSync(tmpPath, path);
+  chmodSync(path, 0o600);
+}
+
 export class PairingStore {
   private requests = new Map<string, PairingRequest>();
   private sweepTimer: ReturnType<typeof setInterval> | null = null;
 
   start(): void {
+    this.requests = loadFromDisk();
     this.sweepTimer = setInterval(() => this.sweep(), SWEEP_INTERVAL_MS);
   }
 
@@ -84,6 +140,7 @@ export class PairingStore {
       localLanUrl: params.localLanUrl ?? null,
       createdAt: Date.now(),
     });
+    this.persist();
 
     log.info({ pairingRequestId: params.pairingRequestId }, 'Pairing request registered');
     return { ok: true };
@@ -98,7 +155,7 @@ export class PairingStore {
     pairingSecret: string;
     deviceId: string;
     deviceName: string;
-  }): { ok: true; entry: PairingRequest } | { ok: false; reason: 'not_found' | 'invalid_secret' | 'expired' } {
+  }): { ok: true; entry: PairingRequest } | { ok: false; reason: 'not_found' | 'invalid_secret' | 'expired' | 'already_paired' } {
     const entry = this.requests.get(params.pairingRequestId);
     if (!entry) {
       return { ok: false, reason: 'not_found' };
@@ -113,11 +170,21 @@ export class PairingStore {
       return { ok: false, reason: 'invalid_secret' };
     }
 
-    entry.hashedDeviceId = hashValue(params.deviceId);
+    const hashedDeviceId = hashValue(params.deviceId);
+
+    // If a device has already been bound to this pairing request, reject
+    // attempts from a different device to prevent hijacking.
+    if (entry.hashedDeviceId && !timingSafeCompare(entry.hashedDeviceId, hashedDeviceId)) {
+      log.warn({ pairingRequestId: params.pairingRequestId }, 'Pairing request already bound to a different device');
+      return { ok: false, reason: 'already_paired' };
+    }
+
+    entry.hashedDeviceId = hashedDeviceId;
     entry.deviceName = params.deviceName;
     if (entry.status === 'registered') {
       entry.status = 'pending';
     }
+    this.persist();
 
     return { ok: true, entry };
   }
@@ -130,6 +197,7 @@ export class PairingStore {
     if (!entry) return null;
     entry.status = 'approved';
     entry.bearerToken = bearerToken;
+    this.persist();
     return entry;
   }
 
@@ -140,6 +208,7 @@ export class PairingStore {
     const entry = this.requests.get(pairingRequestId);
     if (!entry) return null;
     entry.status = 'denied';
+    this.persist();
     return entry;
   }
 
@@ -160,19 +229,33 @@ export class PairingStore {
     return timingSafeCompare(entry.hashedPairingSecret, hashedSecret);
   }
 
+  private persist(): void {
+    try {
+      saveToDisk(this.requests);
+    } catch (err) {
+      log.error({ err }, 'Failed to persist pairing requests to disk');
+    }
+  }
+
   private sweep(): void {
     const now = Date.now();
+    let changed = false;
     for (const [id, entry] of this.requests) {
       if (now - entry.createdAt > TTL_MS) {
         if (entry.status !== 'approved') {
           entry.status = 'expired';
+          changed = true;
         }
         // Remove entries older than 2x TTL regardless of status
         if (now - entry.createdAt > TTL_MS * 2) {
           this.requests.delete(id);
+          changed = true;
           log.debug({ pairingRequestId: id }, 'Pairing request swept');
         }
       }
     }
+    if (changed) {
+      this.persist();
+    }
   }
 }

package/src/daemon/response-tier.ts

@@ -145,15 +145,16 @@ const TIER_SYSTEM_PROMPT =
 
 /**
  * Fire-and-forget Haiku call to classify the conversation trajectory.
- * Returns the classified tier or null on any failure.
+ * Returns the classified tier, or undefined when no provider is configured
+ * or on any failure.
  */
 export async function classifyResponseTierAsync(
   recentUserTexts: string[],
-): Promise<ResponseTier | null> {
+): Promise<ResponseTier | undefined> {
   const provider = getConfiguredProvider();
   if (!provider) {
     log.debug('No provider available for async tier classification');
-    return null;
+    return undefined;
   }
 
   const combined = recentUserTexts
@@ -186,14 +187,14 @@ export async function classifyResponseTierAsync(
       }
 
       log.debug({ raw }, 'Async tier classification returned unexpected value');
-      return null;
+      return undefined;
     } finally {
       cleanup();
     }
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
     log.debug({ err: message }, 'Async tier classification failed');
-    return null;
+    return undefined;
   }
 }
 

package/src/daemon/session-agent-loop.ts

@@ -258,7 +258,7 @@ export async function runAgentLoopImpl(
         conflictGate: ctx.conflictGate,
         scopeId: ctx.memoryPolicy.scopeId,
         includeDefaultFallback: ctx.memoryPolicy.includeDefaultFallback,
-        guardianActorRole: ctx.guardianContext?.actorRole,
+        guardianTrustClass: ctx.guardianContext?.trustClass,
         isInteractive: options?.isInteractive ?? (!ctx.hasNoClient && !ctx.headlessLock),
       },
       content,
@@ -355,10 +355,9 @@ export async function runAgentLoopImpl(
 
     // Resolve the inbound actor context for the model's <inbound_actor_context>
     // block. When the session carries enough identity info, use the unified
-    // actor trust resolver so trusted_contact classifications propagate
-    // correctly (the legacy guardian-context path collapses non-guardian to
-    // 'unknown'). The guardian context is still used for policy gating — only
-    // the model context block uses the trust-resolved output.
+    // actor trust resolver so member status/policy and guardian binding details
+    // are fresh for this turn. The session runtime context remains the source
+    // for policy gating; this block is model-facing grounding metadata.
     let resolvedInboundActorContext: InboundActorContext | null = null;
     if (ctx.guardianContext) {
       const gc = ctx.guardianContext;
@@ -368,6 +367,7 @@ export async function runAgentLoopImpl(
           sourceChannel: gc.sourceChannel,
           externalChatId: gc.requesterChatId,
           senderExternalUserId: gc.requesterExternalUserId,
+          senderDisplayName: gc.requesterSenderDisplayName,
         });
         resolvedInboundActorContext = inboundActorContextFromTrust(actorTrust);
       } else {

package/src/daemon/session-lifecycle.ts

@@ -24,30 +24,38 @@ import { resetSkillToolProjection } from './session-skill-tools.js';
 
 const log = getLogger('session-lifecycle');
 
-type GuardianActorRole = GuardianRuntimeContext['actorRole'];
+type GuardianTrustClass = GuardianRuntimeContext['trustClass'];
 
-function parseProvenanceActorRole(metadata: string | null): GuardianActorRole | undefined {
+function parseProvenanceTrustClass(metadata: string | null): GuardianTrustClass | undefined {
   if (!metadata) return undefined;
   try {
-    const parsed = JSON.parse(metadata) as { provenanceActorRole?: unknown };
-    const role = parsed?.provenanceActorRole;
-    if (role === 'guardian' || role === 'non-guardian' || role === 'unverified_channel') {
-      return role;
+    const parsed = JSON.parse(metadata) as {
+      provenanceTrustClass?: unknown;
+      provenanceActorRole?: unknown;
+    };
+    const trustClass = parsed?.provenanceTrustClass;
+    if (trustClass === 'guardian' || trustClass === 'trusted_contact' || trustClass === 'unknown') {
+      return trustClass;
     }
+    // Legacy fallback for rows persisted before provenanceTrustClass existed.
+    const legacyRole = parsed?.provenanceActorRole;
+    if (legacyRole === 'guardian') return 'guardian';
+    if (legacyRole === 'non-guardian') return 'trusted_contact';
+    if (legacyRole === 'unverified_channel') return 'unknown';
   } catch {
     // Ignore malformed metadata and treat as unknown provenance.
   }
   return undefined;
 }
 
-function isUntrustedActorRole(role: GuardianActorRole | undefined): boolean {
-  return role === 'non-guardian' || role === 'unverified_channel';
+function isUntrustedTrustClass(trustClass: GuardianTrustClass | undefined): boolean {
+  return trustClass === 'trusted_contact' || trustClass === 'unknown';
 }
 
 function filterMessagesForUntrustedActor(messages: conversationStore.MessageRow[]): conversationStore.MessageRow[] {
   return messages.filter((m) => {
-    const provenanceRole = parseProvenanceActorRole(m.metadata);
-    return provenanceRole === 'non-guardian' || provenanceRole === 'unverified_channel';
+    const provenanceTrustClass = parseProvenanceTrustClass(m.metadata);
+    return provenanceTrustClass === 'trusted_contact' || provenanceTrustClass === 'unknown';
   });
 }
 
@@ -59,8 +67,8 @@ export interface LoadFromDbContext {
   usageStats: UsageStats;
   contextCompactedMessageCount: number;
   contextCompactedAt: number | null;
-  guardianContext?: { actorRole: GuardianActorRole };
-  loadedHistoryActorRole?: GuardianActorRole;
+  guardianContext?: { trustClass: GuardianTrustClass };
+  loadedHistoryTrustClass?: GuardianTrustClass;
 }
 
 export interface AbortContext {
@@ -89,17 +97,17 @@ export interface DisposeContext extends AbortContext {
 // ── loadFromDb ───────────────────────────────────────────────────────
 
 export async function loadFromDb(ctx: LoadFromDbContext): Promise<void> {
-  const actorRole = ctx.guardianContext?.actorRole;
+  const trustClass = ctx.guardianContext?.trustClass;
   const allDbMessages = conversationStore.getMessages(ctx.conversationId);
-  const dbMessages = isUntrustedActorRole(actorRole)
+  const dbMessages = isUntrustedTrustClass(trustClass)
     ? filterMessagesForUntrustedActor(allDbMessages)
     : allDbMessages;
 
   const conv = conversationStore.getConversation(ctx.conversationId);
-  const contextSummary = !isUntrustedActorRole(actorRole)
+  const contextSummary = !isUntrustedTrustClass(trustClass)
     ? conv?.contextSummary?.trim() || null
     : null;
-  if (isUntrustedActorRole(actorRole)) {
+  if (isUntrustedTrustClass(trustClass)) {
     // Compacted summaries may include trusted/guardian-only details, so we
     // disable summary-based context for untrusted actor views.
     ctx.contextCompactedMessageCount = 0;
@@ -145,7 +153,7 @@ export async function loadFromDb(ctx: LoadFromDbContext): Promise<void> {
     };
   }
 
-  ctx.loadedHistoryActorRole = actorRole;
+  ctx.loadedHistoryTrustClass = trustClass;
 
   log.info({ conversationId: ctx.conversationId, count: ctx.messages.length }, 'Loaded messages from DB');
 }

package/src/daemon/session-memory.ts

@@ -34,7 +34,7 @@ export interface MemoryPrepareContext {
   conflictGate: ConflictGate;
   scopeId: string;
   includeDefaultFallback: boolean;
-  guardianActorRole?: 'guardian' | 'non-guardian' | 'unverified_channel';
+  guardianTrustClass?: 'guardian' | 'trusted_contact' | 'unknown';
   /** When false (e.g. scheduled tasks), skip conflict clarification prompts. */
   isInteractive?: boolean;
 }
@@ -64,7 +64,7 @@ export async function prepareMemoryContext(
   // Provenance-based trust gating: untrusted actors skip all memory operations
   // (recall, dynamic profile, conflict gate) to prevent untrusted content from
   // influencing memory-augmented responses.
-  const isTrustedActor = ctx.guardianActorRole === 'guardian' || ctx.guardianActorRole === undefined;
+  const isTrustedActor = ctx.guardianTrustClass === 'guardian' || ctx.guardianTrustClass === undefined;
 
   if (!isTrustedActor) {
     return {

package/src/daemon/session-process.ts

@@ -21,7 +21,6 @@ import { createPreference } from '../notifications/preferences-store.js';
 import type { Message } from '../providers/types.js';
 import { routeGuardianReply } from '../runtime/guardian-reply-router.js';
 import { getLogger } from '../util/logger.js';
-import { resolveGuardianInviteIntent } from './guardian-invite-intent.js';
 import { resolveGuardianVerificationIntent } from './guardian-verification-intent.js';
 import type { UsageStats } from './ipc-contract.js';
 import type { ServerMessage, UserMessageAttachment } from './ipc-protocol.js';
@@ -266,15 +265,6 @@ export async function drainQueue(session: ProcessSessionContext, reason: QueueDr
       log.info({ conversationId: session.conversationId, channelHint: guardianIntent.channelHint }, 'Guardian verification intent intercepted in queue — forcing skill flow');
       agentLoopContent = guardianIntent.rewrittenContent;
       session.preactivatedSkillIds = ['guardian-verify-setup'];
-    } else {
-      // Guardian invite intent interception — force invite management
-      // requests into the trusted-contacts skill flow.
-      const inviteIntent = resolveGuardianInviteIntent(resolvedContent);
-      if (inviteIntent.kind === 'invite_management') {
-        log.info({ conversationId: session.conversationId, action: inviteIntent.action }, 'Guardian invite intent intercepted in queue — forcing skill flow');
-        agentLoopContent = inviteIntent.rewrittenContent;
-        session.preactivatedSkillIds = ['trusted-contacts'];
-      }
     }
   }
 
@@ -402,7 +392,7 @@ export async function processMessage(
         assistantMessageChannel: 'vellum' as const,
         userMessageInterface: guardianIfCtx?.userMessageInterface ?? 'vellum',
         assistantMessageInterface: guardianIfCtx?.assistantMessageInterface ?? 'vellum',
-        provenanceActorRole: 'guardian' as const,
+        provenanceTrustClass: 'guardian' as const,
       };
 
       const userMsg = createUserMessage(content, attachments);
@@ -520,15 +510,6 @@ export async function processMessage(
       log.info({ conversationId: session.conversationId, channelHint: guardianIntent.channelHint }, 'Guardian verification intent intercepted — forcing skill flow');
       agentLoopContent = guardianIntent.rewrittenContent;
       session.preactivatedSkillIds = ['guardian-verify-setup'];
-    } else {
-      // Guardian invite intent interception — force invite management
-      // requests into the trusted-contacts skill flow.
-      const inviteIntent = resolveGuardianInviteIntent(resolvedContent);
-      if (inviteIntent.kind === 'invite_management') {
-        log.info({ conversationId: session.conversationId, action: inviteIntent.action }, 'Guardian invite intent intercepted — forcing skill flow');
-        agentLoopContent = inviteIntent.rewrittenContent;
-        session.preactivatedSkillIds = ['trusted-contacts'];
-      }
     }
   }
 

package/src/daemon/session-runtime-assembly.ts

@@ -35,10 +35,13 @@ export interface ChannelCapabilities {
 /** Guardian identity/trust context for external chat channels. */
 export interface GuardianRuntimeContext {
   sourceChannel: ChannelId;
-  actorRole: 'guardian' | 'non-guardian' | 'unverified_channel';
+  trustClass: 'guardian' | 'trusted_contact' | 'unknown';
   guardianChatId?: string;
   guardianExternalUserId?: string;
   requesterIdentifier?: string;
+  requesterDisplayName?: string;
+  requesterSenderDisplayName?: string;
+  requesterMemberDisplayName?: string;
   requesterExternalUserId?: string;
   requesterChatId?: string;
   denialReason?: 'no_binding' | 'no_identity';
@@ -58,6 +61,12 @@ export interface InboundActorContext {
   canonicalActorIdentity: string | null;
   /** Human-readable actor identifier (e.g. @username or phone). */
   actorIdentifier?: string;
+  /** Human-readable actor display name (e.g. "Jeff"). */
+  actorDisplayName?: string;
+  /** Raw sender display name as provided by the channel transport. */
+  actorSenderDisplayName?: string;
+  /** Guardian-managed member display name from ingress membership. */
+  actorMemberDisplayName?: string;
   /** Trust classification: guardian, trusted_contact, or unknown. */
   trustClass: 'guardian' | 'trusted_contact' | 'unknown';
   /** Guardian identity for this (assistant, channel) binding. */
@@ -73,33 +82,17 @@ export interface InboundActorContext {
 /**
  * Construct an InboundActorContext from a legacy GuardianRuntimeContext.
  *
- * Maps the legacy actor role to the new trust classification:
- * - guardian -> guardian
- * - non-guardian -> unknown (the legacy context carries no membership
- *   evidence, so we cannot distinguish known members from arbitrary
- *   non-guardian senders; default to unknown for safety)
- * - unverified_channel -> unknown
- *
- * The new ActorTrustContext path (via `inboundActorContextFromTrust`)
- * resolves `trusted_contact` correctly using ingress member records.
+ * Maps the runtime trust class into the model-facing inbound actor context.
  */
 export function inboundActorContextFromGuardian(ctx: GuardianRuntimeContext): InboundActorContext {
-  let trustClass: InboundActorContext['trustClass'];
-  switch (ctx.actorRole) {
-    case 'guardian':
-      trustClass = 'guardian';
-      break;
-    case 'non-guardian':
-    case 'unverified_channel':
-      trustClass = 'unknown';
-      break;
-  }
-
   return {
     sourceChannel: ctx.sourceChannel,
     canonicalActorIdentity: ctx.requesterExternalUserId ?? null,
     actorIdentifier: ctx.requesterIdentifier,
-    trustClass,
+    actorDisplayName: ctx.requesterDisplayName,
+    actorSenderDisplayName: ctx.requesterSenderDisplayName,
+    actorMemberDisplayName: ctx.requesterMemberDisplayName,
+    trustClass: ctx.trustClass,
     guardianIdentity: ctx.guardianExternalUserId,
     denialReason: ctx.denialReason,
   };
@@ -114,6 +107,9 @@ export function inboundActorContextFromTrust(ctx: ActorTrustContext): InboundAct
     sourceChannel: ctx.actorMetadata.channel,
     canonicalActorIdentity: ctx.canonicalSenderId,
     actorIdentifier: ctx.actorMetadata.identifier,
+    actorDisplayName: ctx.actorMetadata.displayName,
+    actorSenderDisplayName: ctx.actorMetadata.senderDisplayName,
+    actorMemberDisplayName: ctx.actorMetadata.memberDisplayName,
     trustClass: ctx.trustClass,
     guardianIdentity: ctx.guardianBindingMatch?.guardianExternalUserId,
     memberStatus: ctx.memberRecord?.status ?? undefined,
@@ -552,6 +548,9 @@ export function buildInboundActorContextBlock(ctx: InboundActorContext): string
   lines.push(`source_channel: ${ctx.sourceChannel}`);
   lines.push(`canonical_actor_identity: ${ctx.canonicalActorIdentity ?? 'unknown'}`);
   lines.push(`actor_identifier: ${ctx.actorIdentifier ?? 'unknown'}`);
+  lines.push(`actor_display_name: ${ctx.actorDisplayName ?? 'unknown'}`);
+  lines.push(`actor_sender_display_name: ${ctx.actorSenderDisplayName ?? 'unknown'}`);
+  lines.push(`actor_member_display_name: ${ctx.actorMemberDisplayName ?? 'unknown'}`);
   lines.push(`trust_class: ${ctx.trustClass}`);
   lines.push(`guardian_identity: ${ctx.guardianIdentity ?? 'unknown'}`);
   if (ctx.memberStatus) {
@@ -561,6 +560,13 @@ export function buildInboundActorContextBlock(ctx: InboundActorContext): string
     lines.push(`member_policy: ${ctx.memberPolicy}`);
   }
   lines.push(`denial_reason: ${ctx.denialReason ?? 'none'}`);
+  if (
+    ctx.actorMemberDisplayName
+    && ctx.actorSenderDisplayName
+    && ctx.actorMemberDisplayName !== ctx.actorSenderDisplayName
+  ) {
+    lines.push('name_preference_note: actor_member_display_name is the guardian-preferred nickname for this person; actor_sender_display_name is the channel-provided display name.');
+  }
 
   // Behavioral guidance — injected per-turn so it only appears when relevant.
   lines.push('');

package/src/daemon/session-tool-setup.ts

@@ -56,7 +56,7 @@ export interface ToolSetupContext extends SurfaceSessionContext {
   headlessLock?: boolean;
   /** When set, this session is executing a task run. Used to retrieve ephemeral permission rules. */
   taskRunId?: string;
-  /** Guardian runtime context for the session — actorRole is propagated into ToolContext for control-plane policy enforcement. */
+  /** Guardian runtime context for the session — trustClass is propagated into ToolContext for control-plane policy enforcement. */
   guardianContext?: GuardianRuntimeContext;
   /** Voice/call session ID, if the session originates from a call. Propagated into ToolContext for scoped grant consumption. */
   callSessionId?: string;
@@ -110,7 +110,7 @@ export function createToolExecutor(
       assistantId: ctx.assistantId,
       requestId: ctx.currentRequestId,
       taskRunId: ctx.taskRunId,
-      guardianActorRole: ctx.guardianContext?.actorRole,
+      guardianTrustClass: ctx.guardianContext?.trustClass,
       executionChannel: ctx.guardianContext?.sourceChannel,
       callSessionId: ctx.callSessionId,
       requesterExternalUserId: ctx.guardianContext?.requesterExternalUserId,

package/src/daemon/session.ts

@@ -140,7 +140,7 @@ export class Session {
   /** @internal */ currentPage?: string;
   /** @internal */ channelCapabilities?: ChannelCapabilities;
   /** @internal */ guardianContext?: GuardianRuntimeContext;
-  /** @internal */ loadedHistoryActorRole?: GuardianRuntimeContext['actorRole'];
+  /** @internal */ loadedHistoryTrustClass?: GuardianRuntimeContext['trustClass'];
   /** @internal */ voiceCallControlPrompt?: string;
   /** @internal */ assistantId?: string;
   /** @internal */ commandIntent?: { type: string; payload?: string; languageCode?: string };
@@ -338,8 +338,8 @@ export class Session {
   }
 
   async ensureActorScopedHistory(): Promise<void> {
-    const currentRole = this.guardianContext?.actorRole;
-    if (this.loadedHistoryActorRole === currentRole) return;
+    const currentTrustClass = this.guardianContext?.trustClass;
+    if (this.loadedHistoryTrustClass === currentTrustClass) return;
     await this.loadFromDb();
   }
 

package/src/memory/canonical-guardian-store.ts

@@ -7,7 +7,7 @@
  * request from the expected status wins.
  */
 
-import { and, eq } from 'drizzle-orm';
+import { and, desc, eq } from 'drizzle-orm';
 import { v4 as uuid } from 'uuid';
 
 import { getDb, rawChanges } from './db.js';
@@ -498,6 +498,68 @@ export interface UpdateCanonicalGuardianDeliveryParams {
   destinationMessageId?: string;
 }
 
+// ---------------------------------------------------------------------------
+// Call-controller convenience functions
+// ---------------------------------------------------------------------------
+
+/**
+ * Find the most recent pending canonical guardian request for a given call session.
+ * Used by the call-controller's consultation timeout handler.
+ */
+export function getPendingCanonicalRequestByCallSessionId(callSessionId: string): CanonicalGuardianRequest | null {
+  const db = getDb();
+  const row = db
+    .select()
+    .from(canonicalGuardianRequests)
+    .where(
+      and(
+        eq(canonicalGuardianRequests.callSessionId, callSessionId),
+        eq(canonicalGuardianRequests.status, 'pending'),
+      ),
+    )
+    .orderBy(desc(canonicalGuardianRequests.createdAt))
+    .get();
+  return row ? rowToRequest(row) : null;
+}
+
+/**
+ * Find a canonical guardian request by its linked pending question ID.
+ * Used after async dispatch completes to locate the newly created request.
+ */
+export function getCanonicalRequestByPendingQuestionId(questionId: string): CanonicalGuardianRequest | null {
+  const db = getDb();
+  const row = db
+    .select()
+    .from(canonicalGuardianRequests)
+    .where(eq(canonicalGuardianRequests.pendingQuestionId, questionId))
+    .get();
+  return row ? rowToRequest(row) : null;
+}
+
+/**
+ * Expire a canonical guardian request and all its deliveries.
+ * Atomically transitions the request from 'pending' to 'expired'.
+ */
+export function expireCanonicalGuardianRequest(id: string): void {
+  const db = getDb();
+  const now = new Date().toISOString();
+
+  db.update(canonicalGuardianRequests)
+    .set({ status: 'expired', updatedAt: now })
+    .where(
+      and(
+        eq(canonicalGuardianRequests.id, id),
+        eq(canonicalGuardianRequests.status, 'pending'),
+      ),
+    )
+    .run();
+
+  db.update(canonicalGuardianDeliveries)
+    .set({ status: 'expired', updatedAt: now })
+    .where(eq(canonicalGuardianDeliveries.requestId, id))
+    .run();
+}
+
 export function updateCanonicalGuardianDelivery(
   id: string,
   updates: UpdateCanonicalGuardianDeliveryParams,

package/src/memory/channel-guardian-store.ts

@@ -37,6 +37,7 @@ export {
   createBinding,
   getActiveBinding,
   type GuardianBinding,
+  listActiveBindingsByAssistant,
   revokeBinding,
 } from './guardian-bindings.js';
 export {