@vellumai/assistant 0.3.28 → 0.4.1

package/src/memory/migrations/index.ts

@@ -38,6 +38,7 @@ export { createScopedApprovalGrantsTable } from './033-scoped-approval-grants.js
 export { migrateGuardianActionToolMetadata } from './034-guardian-action-tool-metadata.js';
 export { migrateGuardianActionSupersession } from './035-guardian-action-supersession.js';
 export { migrateNormalizePhoneIdentities } from './036-normalize-phone-identities.js';
+export { migrateVoiceInviteColumns } from './037-voice-invite-columns.js';
 export { createCoreTables } from './100-core-tables.js';
 export { createWatchersAndLogsTables } from './101-watchers-and-logs.js';
 export { addCoreColumns } from './102-alter-table-columns.js';

package/src/memory/qdrant-client.ts

@@ -80,28 +80,37 @@ export class VellumQdrantClient {
 
     log.info({ collection: this.collection, vectorSize: this.vectorSize }, 'Creating Qdrant collection');
 
-    await this.client.createCollection(this.collection, {
-      vectors: {
-        size: this.vectorSize,
-        distance: 'Cosine',
-        on_disk: this.onDisk,
-      },
-      hnsw_config: {
-        on_disk: this.onDisk,
-        m: 16,
-        ef_construct: 100,
-      },
-      quantization_config: this.quantization === 'scalar'
-        ? {
-          scalar: {
-            type: 'int8',
-            quantile: 0.99,
-            always_ram: true,
-          },
-        }
-        : undefined,
-      on_disk_payload: this.onDisk,
-    });
+    try {
+      await this.client.createCollection(this.collection, {
+        vectors: {
+          size: this.vectorSize,
+          distance: 'Cosine',
+          on_disk: this.onDisk,
+        },
+        hnsw_config: {
+          on_disk: this.onDisk,
+          m: 16,
+          ef_construct: 100,
+        },
+        quantization_config: this.quantization === 'scalar'
+          ? {
+            scalar: {
+              type: 'int8',
+              quantile: 0.99,
+              always_ram: true,
+            },
+          }
+          : undefined,
+        on_disk_payload: this.onDisk,
+      });
+    } catch (err) {
+      // 409 = collection was created by a concurrent caller — that's fine
+      if (err instanceof Error && 'status' in err && (err as { status: number }).status === 409) {
+        this.collectionReady = true;
+        return;
+      }
+      throw err;
+    }
 
     // Create payload indexes for efficient filtering
     await Promise.all([

package/src/memory/schema.ts

@@ -942,6 +942,10 @@ export const assistantIngressInvites = sqliteTable('assistant_ingress_invites',
   redeemedByExternalUserId: text('redeemed_by_external_user_id'),
   redeemedByExternalChatId: text('redeemed_by_external_chat_id'),
   redeemedAt: integer('redeemed_at'),
+  // Voice invite fields (nullable — non-voice invites leave these NULL)
+  expectedExternalUserId: text('expected_external_user_id'),
+  voiceCodeHash: text('voice_code_hash'),
+  voiceCodeDigits: integer('voice_code_digits'),
   createdAt: integer('created_at').notNull(),
   updatedAt: integer('updated_at').notNull(),
 });

package/src/notifications/copy-composer.ts

@@ -54,6 +54,21 @@ const TEMPLATES: Record<string, CopyTemplate> = {
     };
   },
 
+  'ingress.access_request': (payload) => {
+    const requester = str(payload.senderIdentifier, 'Someone');
+    const requestCode = nonEmpty(typeof payload.requestCode === 'string' ? payload.requestCode : undefined);
+    const lines: string[] = [`${requester} is requesting access to the assistant.`];
+    if (requestCode) {
+      const code = requestCode.toUpperCase();
+      lines.push(`Reply "${code} approve" to grant access or "${code} reject" to deny.`);
+    }
+    lines.push('Reply "open invite flow" to start Trusted Contacts invite flow.');
+    return {
+      title: 'Access Request',
+      body: lines.join('\n'),
+    };
+  },
+
   'ingress.escalation': (payload) => ({
     title: 'Escalation',
     body: str(payload.senderIdentifier, 'An incoming message') + ' needs attention',

package/src/runtime/access-request-helper.ts

@@ -4,6 +4,13 @@
  * Encapsulates the "create/dedupe canonical access request + emit notification"
  * logic so both text-channel and voice-channel ingress paths use identical
  * guardian notification flows.
+ *
+ * Access requests are a special case: they always create a canonical request
+ * and emit a notification signal, even when no same-channel guardian binding
+ * exists. Guardian binding resolution uses a fallback strategy:
+ *   1. Source-channel active binding first.
+ *   2. Any active binding for the assistant (deterministic, most-recently-verified).
+ *   3. No guardian identity (trusted/vellum-only resolution path).
  */
 
 import type { ChannelId } from '../channels/types.js';
@@ -11,6 +18,7 @@ import {
   createCanonicalGuardianRequest,
   listCanonicalGuardianRequests,
 } from '../memory/canonical-guardian-store.js';
+import { listActiveBindingsByAssistant } from '../memory/channel-guardian-store.js';
 import { emitNotificationSignal } from '../notifications/emit-signal.js';
 import { getLogger } from '../util/logger.js';
 import { getGuardianBinding } from './channel-guardian-service.js';
@@ -33,7 +41,7 @@ export interface AccessRequestParams {
 
 export type AccessRequestResult =
   | { notified: true; created: boolean; requestId: string }
-  | { notified: false; reason: 'no_sender_id' | 'no_guardian_binding' };
+  | { notified: false; reason: 'no_sender_id' };
 
 // ---------------------------------------------------------------------------
 // Helper
@@ -46,6 +54,10 @@ export type AccessRequestResult =
  * Returns a result indicating whether the guardian was notified and whether
  * a new request was created or an existing one was deduped.
  *
+ * Guardian binding resolution: source-channel first, then any active binding
+ * for the assistant, then null (notification pipeline handles delivery via
+ * trusted/vellum channels when no binding exists).
+ *
  * This is intentionally synchronous with respect to the canonical store writes
  * and fire-and-forget for the notification signal emission.
  */
@@ -65,10 +77,32 @@ export function notifyGuardianOfAccessRequest(
     return { notified: false, reason: 'no_sender_id' };
   }
 
-  const binding = getGuardianBinding(canonicalAssistantId, sourceChannel);
-  if (!binding) {
-    log.debug({ sourceChannel, canonicalAssistantId }, 'No guardian binding for access request notification');
-    return { notified: false, reason: 'no_guardian_binding' };
+  // Resolve guardian binding with fallback strategy:
+  // 1. Source-channel active binding
+  // 2. Any active binding for the assistant (deterministic order)
+  // 3. null (no guardian identity — notification pipeline uses trusted channels)
+  const sourceBinding = getGuardianBinding(canonicalAssistantId, sourceChannel);
+  let guardianExternalUserId: string | null = null;
+  let guardianBindingChannel: string | null = null;
+
+  if (sourceBinding) {
+    guardianExternalUserId = sourceBinding.guardianExternalUserId;
+    guardianBindingChannel = sourceBinding.channel;
+  } else {
+    const allBindings = listActiveBindingsByAssistant(canonicalAssistantId);
+    if (allBindings.length > 0) {
+      guardianExternalUserId = allBindings[0].guardianExternalUserId;
+      guardianBindingChannel = allBindings[0].channel;
+      log.debug(
+        { sourceChannel, fallbackChannel: guardianBindingChannel, canonicalAssistantId },
+        'Using cross-channel guardian binding fallback for access request',
+      );
+    } else {
+      log.debug(
+        { sourceChannel, canonicalAssistantId },
+        'No guardian binding for access request — proceeding without guardian identity',
+      );
+    }
   }
 
   // Deduplicate: skip creation if there is already a pending canonical request
@@ -99,7 +133,7 @@ export function notifyGuardianOfAccessRequest(
     conversationId: `access-req-${sourceChannel}-${senderExternalUserId}`,
     requesterExternalUserId: senderExternalUserId,
     requesterChatId: externalChatId,
-    guardianExternalUserId: binding.guardianExternalUserId,
+    guardianExternalUserId: guardianExternalUserId ?? undefined,
     toolName: 'ingress_access_request',
     questionText: `${senderIdentifier} is requesting access to the assistant`,
     expiresAt: new Date(Date.now() + GUARDIAN_APPROVAL_TTL_MS).toISOString(),
@@ -118,18 +152,20 @@ export function notifyGuardianOfAccessRequest(
     },
     contextPayload: {
       requestId,
+      requestCode: canonicalRequest.requestCode,
       sourceChannel,
       externalChatId,
       senderExternalUserId,
       senderName: senderName ?? null,
       senderUsername: senderUsername ?? null,
       senderIdentifier,
+      guardianBindingChannel,
     },
     dedupeKey: `access-request:${canonicalRequest.id}`,
   });
 
   log.info(
-    { sourceChannel, senderExternalUserId, senderIdentifier },
+    { sourceChannel, senderExternalUserId, senderIdentifier, guardianBindingChannel },
     'Guardian notified of access request',
   );
 

package/src/runtime/actor-trust-resolver.ts

@@ -10,25 +10,22 @@
  * - `guardian`: sender matches the active guardian binding for this channel.
  * - `trusted_contact`: sender is an active ingress member (not the guardian).
  * - `unknown`: sender has no member record or no identity could be established.
- *
- * The legacy `ActorRole` enum (`guardian` / `non-guardian` / `unverified_channel`)
- * is still required by existing policy gates. The `toLegacyActorRole()` mapper
- * converts the new trust classification to the legacy enum.
  */
 
 import type { ChannelId } from '../channels/types.js';
+import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.js';
 import type { IngressMember } from '../memory/ingress-member-store.js';
 import { findMember } from '../memory/ingress-member-store.js';
 import { canonicalizeInboundIdentity } from '../util/canonicalize-identity.js';
 import { normalizeAssistantId } from '../util/platform.js';
 import { getGuardianBinding } from './channel-guardian-service.js';
-import type { ActorRole, DenialReason, GuardianContext } from './guardian-context-resolver.js';
 
 // ---------------------------------------------------------------------------
 // Types
 // ---------------------------------------------------------------------------
 
 export type TrustClass = 'guardian' | 'trusted_contact' | 'unknown';
+export type DenialReason = 'no_binding' | 'no_identity';
 
 export interface ActorTrustContext {
   /** Canonical (normalized) sender identity. Null when identity could not be established. */
@@ -46,6 +43,8 @@ export interface ActorTrustContext {
   actorMetadata: {
     identifier: string | undefined;
     displayName: string | undefined;
+    senderDisplayName: string | undefined;
+    memberDisplayName: string | undefined;
     username: string | undefined;
     channel: ChannelId;
     trustStatus: TrustClass;
@@ -108,6 +107,8 @@ export function resolveActorTrust(input: ResolveActorTrustInput): ActorTrustCont
       actorMetadata: {
         identifier,
         displayName: senderDisplayName,
+        senderDisplayName,
+        memberDisplayName: undefined,
         username: senderUsername,
         channel: input.sourceChannel,
         trustStatus: 'unknown',
@@ -139,11 +140,33 @@ export function resolveActorTrust(input: ResolveActorTrustInput): ActorTrustCont
     externalChatId: input.externalChatId,
   });
 
+  // In group chats, findMember may match on externalChatId and return a
+  // record for a different user. Only use member metadata when the record's
+  // externalUserId matches the current sender to avoid misidentification.
+  // Canonicalize the stored member ID to handle formatting variance (e.g.
+  // phone numbers stored without E.164 normalization).
+  const memberMatchesSender = memberRecord?.externalUserId
+    ? canonicalizeInboundIdentity(input.sourceChannel, memberRecord.externalUserId) === canonicalSenderId
+    : false;
+
+  const memberUsername = memberMatchesSender && typeof memberRecord?.username === 'string' && memberRecord.username.trim().length > 0
+    ? memberRecord.username.trim()
+    : undefined;
+  const memberDisplayName = memberMatchesSender && typeof memberRecord?.displayName === 'string' && memberRecord.displayName.trim().length > 0
+    ? memberRecord.displayName.trim()
+    : undefined;
+  // Prefer member profile metadata over transient sender metadata so guardian-
+  // curated contact details are canonical for assistant-facing identity —
+  // but only when the member record actually belongs to the current sender.
+  const resolvedUsername = memberUsername ?? senderUsername;
+  const resolvedDisplayName = memberDisplayName ?? senderDisplayName;
+  const resolvedIdentifier = resolvedUsername ? `@${resolvedUsername}` : canonicalSenderId ?? undefined;
+
   // Trust classification
   let trustClass: TrustClass;
   if (isGuardian) {
     trustClass = 'guardian';
-  } else if (memberRecord && memberRecord.status === 'active') {
+  } else if (memberMatchesSender && memberRecord && memberRecord.status === 'active') {
     trustClass = 'trusted_contact';
   } else {
     trustClass = 'unknown';
@@ -161,9 +184,11 @@ export function resolveActorTrust(input: ResolveActorTrustInput): ActorTrustCont
     memberRecord,
     trustClass,
     actorMetadata: {
-      identifier,
-      displayName: senderDisplayName,
-      username: senderUsername,
+      identifier: resolvedIdentifier,
+      displayName: resolvedDisplayName,
+      senderDisplayName,
+      memberDisplayName,
+      username: resolvedUsername,
       channel: input.sourceChannel,
       trustStatus: trustClass,
     },
@@ -171,53 +196,24 @@ export function resolveActorTrust(input: ResolveActorTrustInput): ActorTrustCont
   };
 }
 
-// ---------------------------------------------------------------------------
-// Legacy compatibility mapper
-// ---------------------------------------------------------------------------
-
-/**
- * Map the new trust classification to the legacy ActorRole enum used by
- * existing policy gates. This preserves backward compatibility while the
- * codebase migrates to the unified trust model.
- *
- * Mapping:
- * - guardian => 'guardian'
- * - trusted_contact => 'non-guardian' (existing gates treat active members as non-guardian)
- * - unknown (no_identity) => 'unverified_channel'
- * - unknown (no_binding) => 'unverified_channel'
- * - unknown (with binding, not guardian) => 'non-guardian'
- */
-export function toLegacyActorRole(ctx: ActorTrustContext): ActorRole {
-  if (ctx.trustClass === 'guardian') return 'guardian';
-  if (ctx.trustClass === 'trusted_contact') return 'non-guardian';
-
-  // unknown: distinguish between unverified_channel and non-guardian
-  if (ctx.denialReason === 'no_identity' || ctx.denialReason === 'no_binding') {
-    return 'unverified_channel';
-  }
-
-  // Has a binding, has identity, but not guardian and not a member => non-guardian
-  if (ctx.guardianBindingMatch && ctx.canonicalSenderId) {
-    return 'non-guardian';
-  }
-
-  return 'unverified_channel';
-}
-
 /**
- * Convert an ActorTrustContext into the legacy GuardianContext shape that
- * existing route-level code expects. This is a bridge for incremental
- * migration — new code should consume ActorTrustContext directly.
+ * Convert an ActorTrustContext into the runtime trust context shape used by
+ * sessions/tooling.
  */
-export function toGuardianContextCompat(ctx: ActorTrustContext, externalChatId: string): GuardianContext {
-  const actorRole = toLegacyActorRole(ctx);
-
+export function toGuardianRuntimeContextFromTrust(
+  ctx: ActorTrustContext,
+  externalChatId: string,
+): GuardianRuntimeContext {
   return {
-    actorRole,
+    sourceChannel: ctx.actorMetadata.channel,
+    trustClass: ctx.trustClass,
     guardianChatId: ctx.guardianBindingMatch?.guardianDeliveryChatId ??
-      (actorRole === 'guardian' ? externalChatId : undefined),
+      (ctx.trustClass === 'guardian' ? externalChatId : undefined),
     guardianExternalUserId: ctx.guardianBindingMatch?.guardianExternalUserId,
     requesterIdentifier: ctx.actorMetadata.identifier,
+    requesterDisplayName: ctx.actorMetadata.displayName,
+    requesterSenderDisplayName: ctx.actorMetadata.senderDisplayName,
+    requesterMemberDisplayName: ctx.actorMetadata.memberDisplayName,
     requesterExternalUserId: ctx.canonicalSenderId ?? undefined,
     requesterChatId: externalChatId,
     denialReason: ctx.denialReason,

package/src/runtime/channel-invite-transports/voice.ts

@@ -0,0 +1,58 @@
+/**
+ * Voice channel invite transport adapter.
+ *
+ * Voice invites are identity-bound: the invitee must call from a specific
+ * phone number and enter a numeric code. Unlike Telegram invites, there is
+ * no shareable deep link — the guardian relays the code and calling
+ * instructions verbally or via another channel.
+ *
+ * The transport builds human-readable instruction text and provides a
+ * no-op token extractor since voice invite redemption uses the dedicated
+ * voice-code path rather than generic token extraction.
+ */
+
+import type { ChannelId } from '../../channels/types.js';
+import {
+  type ChannelInviteTransport,
+  type InviteSharePayload,
+  registerTransport,
+} from '../channel-invite-transport.js';
+
+// ---------------------------------------------------------------------------
+// Transport implementation
+// ---------------------------------------------------------------------------
+
+export const voiceInviteTransport: ChannelInviteTransport = {
+  channel: 'voice' as ChannelId,
+
+  buildShareableInvite(_params: {
+    rawToken: string;
+    sourceChannel: ChannelId;
+  }): InviteSharePayload {
+    // Voice invites do not produce a clickable URL. The "url" field contains
+    // a placeholder — callers should use displayText for presentation.
+    return {
+      url: '',
+      displayText: [
+        'Voice invite created.',
+        'The invitee must call the assistant\'s phone number from the authorized number and enter their invite code when prompted.',
+      ].join(' '),
+    };
+  },
+
+  extractInboundToken(_params: {
+    commandIntent?: Record<string, unknown>;
+    content: string;
+    sourceMetadata?: Record<string, unknown>;
+  }): string | undefined {
+    // Voice invite redemption bypasses generic token extraction — it uses
+    // the identity-bound voice-code flow in invite-redemption-service.ts.
+    return undefined;
+  },
+};
+
+// ---------------------------------------------------------------------------
+// Auto-register on import
+// ---------------------------------------------------------------------------
+
+registerTransport(voiceInviteTransport);

package/src/runtime/channel-retry-sweep.ts

@@ -14,11 +14,20 @@ const log = getLogger('runtime-http');
 function parseGuardianRuntimeContext(value: unknown): GuardianRuntimeContext | undefined {
   if (!value || typeof value !== 'object') return undefined;
   const raw = value as Record<string, unknown>;
-  const actorRole = raw.actorRole;
+  const trustClass = raw.trustClass
+    ?? (
+      raw.actorRole === 'guardian'
+        ? 'guardian'
+        : raw.actorRole === 'non-guardian'
+          ? 'trusted_contact'
+          : raw.actorRole === 'unverified_channel'
+            ? 'unknown'
+            : undefined
+    );
   if (
-    actorRole !== 'guardian'
-    && actorRole !== 'non-guardian'
-    && actorRole !== 'unverified_channel'
+    trustClass !== 'guardian'
+    && trustClass !== 'trusted_contact'
+    && trustClass !== 'unknown'
   ) {
     return undefined;
   }
@@ -33,10 +42,13 @@ function parseGuardianRuntimeContext(value: unknown): GuardianRuntimeContext | u
       : undefined;
   return {
     sourceChannel,
-    actorRole,
+    trustClass,
     guardianChatId: typeof raw.guardianChatId === 'string' ? raw.guardianChatId : undefined,
     guardianExternalUserId: typeof raw.guardianExternalUserId === 'string' ? raw.guardianExternalUserId : undefined,
     requesterIdentifier: typeof raw.requesterIdentifier === 'string' ? raw.requesterIdentifier : undefined,
+    requesterDisplayName: typeof raw.requesterDisplayName === 'string' ? raw.requesterDisplayName : undefined,
+    requesterSenderDisplayName: typeof raw.requesterSenderDisplayName === 'string' ? raw.requesterSenderDisplayName : undefined,
+    requesterMemberDisplayName: typeof raw.requesterMemberDisplayName === 'string' ? raw.requesterMemberDisplayName : undefined,
     requesterExternalUserId: typeof raw.requesterExternalUserId === 'string' ? raw.requesterExternalUserId : undefined,
     requesterChatId: typeof raw.requesterChatId === 'string' ? raw.requesterChatId : undefined,
     denialReason,
@@ -117,7 +129,7 @@ export async function sweepFailedEvents(
           },
           assistantId,
           guardianContext,
-          isInteractive: guardianContext?.actorRole === 'guardian',
+          isInteractive: guardianContext?.trustClass === 'guardian',
         },
         sourceChannel,
         sourceInterface,

package/src/runtime/guardian-context-resolver.ts

@@ -1,131 +1,73 @@
 /**
- * Shared guardian actor-role resolution for inbound channels.
+ * Shared inbound trust resolution for channel actors.
  *
- * This module centralizes how we classify an inbound actor as
- * guardian/non-guardian/unverified so every channel path uses the same
- * source-of-truth logic.
- *
- * Guardian binding comparisons now use canonicalized identities (E.164 for
- * phone-like channels) to eliminate formatting-variance mismatches.
+ * This module provides a compact route-level shape used by channel routes
+ * while delegating canonical classification to the unified actor trust
+ * resolver.
  */
 import type { ChannelId } from '../channels/types.js';
 import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.js';
-import { canonicalizeInboundIdentity } from '../util/canonicalize-identity.js';
-import { normalizeAssistantId } from '../util/platform.js';
-import { getGuardianBinding } from './channel-guardian-service.js';
+import {
+  type DenialReason,
+  resolveActorTrust,
+  type ResolveActorTrustInput,
+  type TrustClass,
+} from './actor-trust-resolver.js';
+export type { DenialReason } from './actor-trust-resolver.js';
 
-/** Sub-reason for unverified-channel denials. */
-export type DenialReason = 'no_binding' | 'no_identity';
-export type ActorRole = 'guardian' | 'non-guardian' | 'unverified_channel';
+/** Trust classification used by route-level channel logic. */
+export type ActorTrustClass = TrustClass;
 
 /** Guardian actor context used by route-level approval logic. */
 export interface GuardianContext {
-  actorRole: ActorRole;
+  trustClass: ActorTrustClass;
   guardianChatId?: string;
   guardianExternalUserId?: string;
   requesterIdentifier?: string;
+  requesterDisplayName?: string;
+  requesterSenderDisplayName?: string;
+  requesterMemberDisplayName?: string;
   requesterExternalUserId?: string;
   requesterChatId?: string;
+  memberStatus?: string;
+  memberPolicy?: string;
   denialReason?: DenialReason;
 }
 
-export interface ResolveGuardianContextInput {
-  assistantId: string;
-  sourceChannel: ChannelId;
-  externalChatId: string;
-  senderExternalUserId?: string;
-  senderUsername?: string;
-}
+export type ResolveGuardianContextInput = ResolveActorTrustInput;
 
 /**
- * Resolve guardian actor role from canonical binding state + sender identity.
- *
- * Behavior:
- * - sender matches active binding -> guardian
- * - active binding exists but sender differs -> non-guardian
- * - no sender identity -> unverified_channel (no_identity)
- * - no binding -> unverified_channel (no_binding)
- *
- * Identity comparison is normalization-safe: both the sender ID and the
- * guardian binding ID are canonicalized for the source channel before
- * comparison, so formatting differences (e.g. `+1 (555) 123-4567` vs
- * `+15551234567`) do not cause false non-guardian classifications.
+ * Resolve route-level trust context from canonical identity state.
  */
 export function resolveGuardianContext(input: ResolveGuardianContextInput): GuardianContext {
-  const assistantId = normalizeAssistantId(input.assistantId);
-  const rawUserId = typeof input.senderExternalUserId === 'string' && input.senderExternalUserId.trim().length > 0
-    ? input.senderExternalUserId.trim()
-    : undefined;
-  const senderUsername = typeof input.senderUsername === 'string' && input.senderUsername.trim().length > 0
-    ? input.senderUsername.trim()
-    : undefined;
-
-  // Canonicalize sender identity for normalization-safe comparisons.
-  // canonicalizeInboundIdentity returns string | null; coerce to
-  // string | undefined so assignments to optional (string | undefined)
-  // fields in GuardianContext don't produce a type mismatch.
-  const canonicalSenderId = rawUserId
-    ? (canonicalizeInboundIdentity(input.sourceChannel, rawUserId) ?? undefined)
-    : undefined;
-
-  const requesterIdentifier = senderUsername ? `@${senderUsername}` : canonicalSenderId;
-
-  if (!canonicalSenderId) {
-    return {
-      actorRole: 'unverified_channel',
-      denialReason: 'no_identity',
-      requesterIdentifier,
-      requesterExternalUserId: undefined,
-      requesterChatId: input.externalChatId,
-    };
-  }
-
-  const binding = getGuardianBinding(assistantId, input.sourceChannel);
-  if (!binding) {
-    return {
-      actorRole: 'unverified_channel',
-      denialReason: 'no_binding',
-      requesterIdentifier,
-      requesterExternalUserId: canonicalSenderId,
-      requesterChatId: input.externalChatId,
-    };
-  }
-
-  // Canonicalize the stored guardian identity for the same channel so
-  // phone-format variance in the binding record doesn't cause mismatches.
-  const canonicalGuardianId = canonicalizeInboundIdentity(
-    input.sourceChannel,
-    binding.guardianExternalUserId,
-  ) ?? undefined;
-
-  if (canonicalGuardianId === canonicalSenderId) {
-    return {
-      actorRole: 'guardian',
-      guardianChatId: binding.guardianDeliveryChatId || input.externalChatId,
-      guardianExternalUserId: binding.guardianExternalUserId,
-      requesterIdentifier,
-      requesterExternalUserId: canonicalSenderId,
-      requesterChatId: input.externalChatId,
-    };
-  }
-
+  const trust = resolveActorTrust(input);
   return {
-    actorRole: 'non-guardian',
-    guardianChatId: binding.guardianDeliveryChatId,
-    guardianExternalUserId: binding.guardianExternalUserId,
-    requesterIdentifier,
-    requesterExternalUserId: canonicalSenderId,
+    trustClass: trust.trustClass,
+    guardianChatId: trust.guardianBindingMatch?.guardianDeliveryChatId ??
+      (trust.trustClass === 'guardian' ? input.externalChatId : undefined),
+    guardianExternalUserId: trust.guardianBindingMatch?.guardianExternalUserId,
+    requesterIdentifier: trust.actorMetadata.identifier,
+    requesterDisplayName: trust.actorMetadata.displayName,
+    requesterSenderDisplayName: trust.actorMetadata.senderDisplayName,
+    requesterMemberDisplayName: trust.actorMetadata.memberDisplayName,
+    requesterExternalUserId: trust.canonicalSenderId ?? undefined,
     requesterChatId: input.externalChatId,
+    memberStatus: trust.memberRecord?.status ?? undefined,
+    memberPolicy: trust.memberRecord?.policy ?? undefined,
+    denialReason: trust.denialReason,
   };
 }
 
 export function toGuardianRuntimeContext(sourceChannel: ChannelId, ctx: GuardianContext): GuardianRuntimeContext {
   return {
     sourceChannel,
-    actorRole: ctx.actorRole,
+    trustClass: ctx.trustClass,
     guardianChatId: ctx.guardianChatId,
     guardianExternalUserId: ctx.guardianExternalUserId,
     requesterIdentifier: ctx.requesterIdentifier,
+    requesterDisplayName: ctx.requesterDisplayName,
+    requesterSenderDisplayName: ctx.requesterSenderDisplayName,
+    requesterMemberDisplayName: ctx.requesterMemberDisplayName,
     requesterExternalUserId: ctx.requesterExternalUserId,
     requesterChatId: ctx.requesterChatId,
     denialReason: ctx.denialReason,