@vellumai/assistant 0.3.28 → 0.4.1

package/src/__tests__/credential-vault-unit.test.ts

@@ -470,7 +470,7 @@ describe('credential_store tool — oauth2_connect error paths', () => {
       client_id: 'test-client-id',
     }, { ..._ctx, isInteractive: false });
     expect(result.isError).toBe(true);
-    expect(result.content).toContain('interactive client session');
+    expect(result.content).toContain('non-interactive session');
   });
 
   test('resolves gmail alias to integration:gmail', async () => {
@@ -672,7 +672,7 @@ describe('credential_store tool — tool definition', () => {
     expect(schema.required).toContain('action');
     const props = schema.properties as Record<string, Record<string, unknown>>;
     expect(props.action.enum).toEqual(
-      ['store', 'list', 'delete', 'prompt', 'oauth2_connect'],
+      ['store', 'list', 'delete', 'prompt', 'oauth2_connect', 'describe'],
     );
   });
 

package/src/__tests__/credential-vault.test.ts

@@ -406,18 +406,19 @@ describe('credential_store tool', () => {
       expect(entries[0].service).toBe('svc-b');
     });
 
-    test('returns error when secure storage is corrupt/unreadable', async () => {
+    test('recovers from corrupt secure storage by resetting and returning empty list', async () => {
       // Store a credential so metadata exists
       await credentialStoreTool.execute({
         action: 'store', service: 'svc-x', field: 'key', value: 'val-x',
       }, _ctx);
 
-      // Corrupt the encrypted store file so listKeys() throws
+      // Corrupt the encrypted store file — the store auto-recovers by
+      // backing up the corrupt file and creating a fresh store
       writeFileSync(STORE_PATH, 'not-valid-json!!!', 'utf-8');
 
       const result = await credentialStoreTool.execute({ action: 'list' }, _ctx);
-      expect(result.isError).toBe(true);
-      expect(result.content).toContain('failed to read secure storage');
+      // Store auto-recovers: list succeeds but the corrupted credentials are lost
+      expect(result.isError).toBe(false);
     });
   });
 

package/src/__tests__/daemon-lifecycle.test.ts

@@ -94,6 +94,15 @@ const conversation = {
 };
 
 mock.module('../memory/conversation-store.js', () => ({
+  setConversationOriginChannelIfUnset: () => {},
+  updateConversationContextWindow: () => {},
+  deleteMessageById: () => {},
+  updateConversationTitle: () => {},
+  updateConversationUsage: () => {},
+  addMessage: () => ({ id: 'mock-msg-id' }),
+  provenanceFromGuardianContext: () => ({ source: 'user', guardianContext: undefined }),
+  getConversationOriginInterface: () => null,
+  getConversationOriginChannel: () => null,
   getLatestConversation: () => conversation,
   createConversation: () => conversation,
   getConversation: (id: string) => (id === conversation.id ? conversation : null),

package/src/__tests__/daemon-server-session-init.test.ts

@@ -203,6 +203,8 @@ mock.module('../providers/ratelimit.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     provider: 'mock-provider',
     providerOrder: ['mock-provider'],
     maxTokens: 4096,
@@ -243,7 +245,31 @@ mock.module('../memory/external-conversation-store.js', () => ({
   getBindingsForConversations: () => new Map(),
 }));
 
+mock.module('../memory/conversation-attention-store.js', () => ({
+  getAttentionStateByConversationIds: () => new Map(),
+  recordAttentionSignal: () => {},
+  recordConversationSeenSignal: () => {},
+}));
+
+mock.module('../memory/canonical-guardian-store.js', () => ({
+  generateCanonicalRequestCode: () => 'mock-code-0000',
+  createCanonicalGuardianRequest: () => ({ requestCode: 'mock-code-0000', status: 'pending' }),
+  submitCanonicalRequest: () => ({ requestCode: 'mock-code-0000', status: 'pending' }),
+  getCanonicalRequest: () => null,
+  resolveCanonicalRequest: () => false,
+  listPendingCanonicalRequests: () => [],
+}));
+
 mock.module('../memory/conversation-store.js', () => ({
+  setConversationOriginChannelIfUnset: () => {},
+  updateConversationContextWindow: () => {},
+  deleteMessageById: () => {},
+  updateConversationTitle: () => {},
+  updateConversationUsage: () => {},
+  addMessage: () => ({ id: 'mock-msg-id' }),
+  provenanceFromGuardianContext: () => ({ source: 'user', guardianContext: undefined }),
+  getConversationOriginInterface: () => null,
+  getConversationOriginChannel: () => null,
   getLatestConversation: () => conversation,
   createConversation: (titleOrOpts?: string | { title?: string; threadType?: string }) => {
     lastCreateConversationArgs = titleOrOpts;
@@ -266,6 +292,7 @@ mock.module('../memory/conversation-store.js', () => ({
   getMessages: () => [],
   listConversations: () => [conversation],
   countConversations: () => 1,
+  getDisplayMetaForConversations: () => new Map(),
 }));
 
 mock.module('../daemon/session.js', () => ({

package/src/__tests__/elevenlabs-config.test.ts

@@ -27,6 +27,8 @@ let mockVoiceConfig = {
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     calls: { voice: mockVoiceConfig },
   }),
 }));

package/src/__tests__/encrypted-store.test.ts

@@ -253,24 +253,29 @@ describe('encrypted-store', () => {
       expect(getKey('test')).toBe('value');
     });
 
-    test('setKey refuses to overwrite a corrupt store file', () => {
+    test('setKey recovers from a corrupt store file by backing up and creating fresh store', () => {
       // Write a valid store first
       setKey('existing', 'old-secret');
       // Corrupt the store
       writeFileSync(STORE_PATH, 'corrupted data');
-      // setKey should fail rather than overwrite with new salt
+      // setKey should recover by backing up corrupt file and creating fresh store
       const result = setKey('new-key', 'new-value');
-      expect(result).toBe(false);
+      expect(result).toBe(true);
+      // Old key is lost but new key works
+      expect(getKey('new-key')).toBe('new-value');
+      expect(getKey('existing')).toBeUndefined();
     });
 
-    test('setKey refuses to overwrite a store with invalid version', () => {
+    test('setKey recovers from a store with invalid version', () => {
       writeFileSync(STORE_PATH, JSON.stringify({
         version: 99,
         salt: 'abc',
         entries: {},
       }));
+      // setKey should recover by backing up invalid store and creating fresh store
       const result = setKey('test', 'value');
-      expect(result).toBe(false);
+      expect(result).toBe(true);
+      expect(getKey('test')).toBe('value');
     });
 
     test('writeStore enforces 0600 permissions on existing files', () => {

package/src/__tests__/followup-tools.test.ts

@@ -27,7 +27,9 @@ mock.module('../util/logger.js', () => ({
 }));
 
 mock.module('../config/loader.js', () => ({
-  getConfig: () => ({ memory: {} }),
+  getConfig: () => ({
+    ui: {},
+     memory: {} }),
 }));
 
 import type { Database } from 'bun:sqlite';

package/src/__tests__/gateway-only-enforcement.test.ts

@@ -243,9 +243,9 @@ describe('gateway-only ingress enforcement', () => {
         body: makeFormBody({ CallSid: 'CA123', AccountSid: 'AC_test' }),
       });
       expect(res.status).toBe(410);
-      const body = await res.json() as { error: string; code: string };
-      expect(body.code).toBe('GATEWAY_ONLY');
-      expect(body.error).toContain('Direct webhook access disabled');
+      const body = await res.json() as { error: { code: string; message: string } };
+      expect(body.error.code).toBe('GONE');
+      expect(body.error.message).toContain('Direct webhook access disabled');
     });
 
     test('POST /webhooks/twilio/status returns 410', async () => {
@@ -255,8 +255,8 @@ describe('gateway-only ingress enforcement', () => {
         body: makeFormBody({ CallSid: 'CA123', CallStatus: 'completed' }),
       });
       expect(res.status).toBe(410);
-      const body = await res.json() as { error: string; code: string };
-      expect(body.code).toBe('GATEWAY_ONLY');
+      const body = await res.json() as { error: { code: string; message: string } };
+      expect(body.error.code).toBe('GONE');
     });
 
     test('POST /webhooks/twilio/connect-action returns 410', async () => {
@@ -266,8 +266,8 @@ describe('gateway-only ingress enforcement', () => {
         body: makeFormBody({ CallSid: 'CA123' }),
       });
       expect(res.status).toBe(410);
-      const body = await res.json() as { error: string; code: string };
-      expect(body.code).toBe('GATEWAY_ONLY');
+      const body = await res.json() as { error: { code: string; message: string } };
+      expect(body.error.code).toBe('GONE');
     });
 
     test('POST /v1/calls/twilio/voice-webhook returns 410', async () => {
@@ -277,8 +277,8 @@ describe('gateway-only ingress enforcement', () => {
         body: makeFormBody({ CallSid: 'CA123' }),
       });
       expect(res.status).toBe(410);
-      const body = await res.json() as { error: string; code: string };
-      expect(body.code).toBe('GATEWAY_ONLY');
+      const body = await res.json() as { error: { code: string; message: string } };
+      expect(body.error.code).toBe('GONE');
     });
 
     test('POST /v1/calls/twilio/status returns 410', async () => {
@@ -288,8 +288,8 @@ describe('gateway-only ingress enforcement', () => {
         body: makeFormBody({ CallSid: 'CA123', CallStatus: 'completed' }),
       });
       expect(res.status).toBe(410);
-      const body = await res.json() as { error: string; code: string };
-      expect(body.code).toBe('GATEWAY_ONLY');
+      const body = await res.json() as { error: { code: string; message: string } };
+      expect(body.error.code).toBe('GONE');
     });
   });
 
@@ -304,9 +304,9 @@ describe('gateway-only ingress enforcement', () => {
         body: makeFormBody({ Body: 'hello', From: '+15551234567', To: '+15559876543', MessageSid: 'SM123' }),
       });
       expect(res.status).toBe(410);
-      const body = await res.json() as { error: string; code: string };
-      expect(body.code).toBe('GATEWAY_ONLY');
-      expect(body.error).toContain('Direct webhook access disabled');
+      const body = await res.json() as { error: { code: string; message: string } };
+      expect(body.error.code).toBe('GONE');
+      expect(body.error.message).toContain('Direct webhook access disabled');
     });
 
     test('POST /v1/calls/twilio/sms returns 410 (legacy path also blocked)', async () => {
@@ -316,8 +316,8 @@ describe('gateway-only ingress enforcement', () => {
         body: makeFormBody({ Body: 'hello', From: '+15551234567', MessageSid: 'SM456' }),
       });
       expect(res.status).toBe(410);
-      const body = await res.json() as { error: string; code: string };
-      expect(body.code).toBe('GATEWAY_ONLY');
+      const body = await res.json() as { error: { code: string; message: string } };
+      expect(body.error.code).toBe('GONE');
     });
 
     test('POST /webhooks/twilio/sms with valid auth still returns 410 (auth does not bypass gateway-only)', async () => {
@@ -331,8 +331,8 @@ describe('gateway-only ingress enforcement', () => {
       });
       // The gateway-only guard runs before auth for Twilio webhook paths
       expect(res.status).toBe(410);
-      const body = await res.json() as { error: string; code: string };
-      expect(body.code).toBe('GATEWAY_ONLY');
+      const body = await res.json() as { error: { code: string; message: string } };
+      expect(body.error.code).toBe('GONE');
     });
   });
 
@@ -407,9 +407,9 @@ describe('gateway-only ingress enforcement', () => {
         },
       });
       expect(res.status).toBe(403);
-      const body = await res.json() as { error: string; code: string };
-      expect(body.code).toBe('GATEWAY_ONLY');
-      expect(body.error).toContain('Direct relay access disabled');
+      const body = await res.json() as { error: { code: string; message: string } };
+      expect(body.error.code).toBe('FORBIDDEN');
+      expect(body.error.message).toContain('Direct relay access disabled');
     });
 
     test('allows request with no origin header (private network peer)', async () => {

package/src/__tests__/gmail-integration.test.ts

@@ -41,7 +41,6 @@ describe('Messaging tool contract', () => {
     'messaging_read',
     'messaging_search',
     'messaging_send',
-    'send_notification',
     'messaging_reply',
     'messaging_mark_read',
     'messaging_analyze_activity',

package/src/__tests__/guardian-control-plane-policy.test.ts

@@ -1,4 +1,4 @@
-import { afterAll, beforeEach, describe, expect, mock, test } from 'bun:test';
+import { afterAll, beforeAll, beforeEach, describe, expect, mock, test } from 'bun:test';
 
 import type { ToolExecutionResult, ToolLifecycleEvent, ToolPermissionDeniedEvent } from '../tools/types.js';
 
@@ -100,7 +100,11 @@ function makePrompter(): PermissionPrompter {
   } as unknown as PermissionPrompter;
 }
 
-afterAll(() => { mock.restore(); });
+import { resetDb } from '../memory/db.js';
+import { initializeDb } from '../memory/db-init.js';
+
+beforeAll(() => { initializeDb(); });
+afterAll(() => { resetDb(); mock.restore(); });
 
 // =====================================================================
 // Unit tests: isGuardianControlPlaneInvocation
@@ -380,7 +384,7 @@ describe('enforceGuardianOnlyPolicy', () => {
   test('non-guardian actor denied for guardian endpoint', () => {
     const result = enforceGuardianOnlyPolicy('bash', {
       command: 'curl http://localhost:3000/v1/integrations/guardian/outbound/start',
-    }, 'non-guardian');
+    }, 'trusted_contact');
     expect(result.denied).toBe(true);
     expect(result.reason).toContain('restricted to guardian users');
   });
@@ -388,7 +392,7 @@ describe('enforceGuardianOnlyPolicy', () => {
   test('unverified_channel actor denied for guardian endpoint', () => {
     const result = enforceGuardianOnlyPolicy('network_request', {
       url: 'https://api.example.com/v1/integrations/guardian/challenge',
-    }, 'unverified_channel');
+    }, 'unknown');
     expect(result.denied).toBe(true);
     expect(result.reason).toContain('restricted to guardian users');
   });
@@ -419,14 +423,14 @@ describe('enforceGuardianOnlyPolicy', () => {
   test('non-guardian actor is NOT denied for unrelated endpoint', () => {
     const result = enforceGuardianOnlyPolicy('bash', {
       command: 'curl http://localhost:3000/v1/messages',
-    }, 'non-guardian');
+    }, 'trusted_contact');
     expect(result.denied).toBe(false);
   });
 
   test('non-guardian actor is NOT denied for unrelated tool', () => {
     const result = enforceGuardianOnlyPolicy('file_read', {
       path: 'README.md',
-    }, 'non-guardian');
+    }, 'trusted_contact');
     expect(result.denied).toBe(false);
   });
 });
@@ -445,7 +449,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'bash',
       { command: 'curl -X POST http://localhost:3000/v1/integrations/guardian/outbound/start' },
-      makeContext({ guardianActorRole: 'non-guardian' }),
+      makeContext({ guardianTrustClass: 'trusted_contact' }),
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain('restricted to guardian users');
@@ -456,7 +460,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'network_request',
       { url: 'https://api.example.com/v1/integrations/guardian/challenge' },
-      makeContext({ guardianActorRole: 'unverified_channel' }),
+      makeContext({ guardianTrustClass: 'unknown' }),
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain('restricted to guardian users');
@@ -467,18 +471,18 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'bash',
       { command: 'curl -X POST http://localhost:3000/v1/integrations/guardian/outbound/start' },
-      makeContext({ guardianActorRole: 'guardian' }),
+      makeContext({ guardianTrustClass: 'guardian' }),
     );
     expect(result.isError).toBe(false);
     expect(result.content).toBe('ok');
   });
 
-  test('undefined guardianActorRole is NOT blocked from guardian endpoint', async () => {
+  test('undefined guardianTrustClass is NOT blocked from guardian endpoint', async () => {
     const executor = new ToolExecutor(makePrompter());
     const result = await executor.execute(
       'bash',
       { command: 'curl http://localhost:3000/v1/integrations/guardian/status' },
-      makeContext(), // no guardianActorRole set
+      makeContext(), // no guardianTrustClass set
     );
     expect(result.isError).toBe(false);
     expect(result.content).toBe('ok');
@@ -489,7 +493,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'bash',
       { command: 'curl http://localhost:3000/v1/messages' },
-      makeContext({ guardianActorRole: 'non-guardian' }),
+      makeContext({ guardianTrustClass: 'trusted_contact' }),
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain('requires guardian approval');
@@ -500,7 +504,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'file_read',
       { path: 'README.md' },
-      makeContext({ guardianActorRole: 'non-guardian' }),
+      makeContext({ guardianTrustClass: 'trusted_contact' }),
     );
     expect(result.isError).toBe(false);
     expect(result.content).toBe('ok');
@@ -513,7 +517,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
       'bash',
       { command: 'curl http://localhost:3000/v1/integrations/guardian/outbound/cancel' },
       makeContext({
-        guardianActorRole: 'non-guardian',
+        guardianTrustClass: 'trusted_contact',
         onToolLifecycleEvent: (event: ToolLifecycleEvent) => {
           if (event.type === 'permission_denied') {
             capturedEvent = event as ToolPermissionDeniedEvent;
@@ -531,7 +535,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'web_fetch',
       { url: 'http://localhost:3000/v1/integrations/guardian/outbound/resend' },
-      makeContext({ guardianActorRole: 'non-guardian' }),
+      makeContext({ guardianTrustClass: 'trusted_contact' }),
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain('restricted to guardian users');
@@ -542,7 +546,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'browser_navigate',
       { url: 'http://localhost:3000/v1/integrations/guardian/status' },
-      makeContext({ guardianActorRole: 'non-guardian' }),
+      makeContext({ guardianTrustClass: 'trusted_contact' }),
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain('restricted to guardian users');
@@ -553,7 +557,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'host_bash',
       { command: 'curl -X POST https://internal:8080/v1/integrations/guardian/challenge' },
-      makeContext({ guardianActorRole: 'non-guardian' }),
+      makeContext({ guardianTrustClass: 'trusted_contact' }),
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain('restricted to guardian users');
@@ -573,7 +577,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
       const result = await executor.execute(
         'network_request',
         { url: `https://api.example.com${path}` },
-        makeContext({ guardianActorRole: 'non-guardian' }),
+        makeContext({ guardianTrustClass: 'trusted_contact' }),
       );
       expect(result.isError).toBe(true);
       expect(result.content).toContain('restricted to guardian users');
@@ -585,7 +589,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'host_file_read',
       { path: '/Users/noaflaherty/.ssh/config' },
-      makeContext({ guardianActorRole: 'non-guardian' }),
+      makeContext({ guardianTrustClass: 'trusted_contact' }),
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain('requires guardian approval');
@@ -596,7 +600,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'reminder_create',
       { fire_at: '2026-02-27T12:00:00-05:00', label: 'test', message: 'hello' },
-      makeContext({ guardianActorRole: 'unverified_channel' }),
+      makeContext({ guardianTrustClass: 'unknown' }),
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain('verified channel identity');
@@ -607,7 +611,7 @@ describe('ToolExecutor guardian-only policy gate', () => {
     const result = await executor.execute(
       'reminder_create',
       { fire_at: '2026-02-27T12:00:00-05:00', label: 'test', message: 'hello' },
-      makeContext({ guardianActorRole: 'guardian' }),
+      makeContext({ guardianTrustClass: 'guardian' }),
     );
     expect(result.isError).toBe(false);
     expect(result.content).toBe('ok');

package/src/__tests__/guardian-dispatch.test.ts

@@ -42,6 +42,8 @@ mock.module('../memory/channel-guardian-store.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     calls: {
       userConsultTimeoutSeconds: 120,
     },

package/src/__tests__/guardian-grant-minting.test.ts

@@ -137,7 +137,7 @@ function registerPendingInteraction(
 
 function makeGuardianContext(): GuardianContext {
   return {
-    actorRole: 'guardian',
+    trustClass: 'guardian',
     denialReason: undefined,
   };
 }
@@ -530,3 +530,70 @@ describe('guardian grant minting on tool-approval decisions', () => {
     composeSpy.mockRestore();
   });
 });
+
+describe('approval interception trust-class regression coverage', () => {
+  let deliverSpy: ReturnType<typeof spyOn>;
+  let composeSpy: ReturnType<typeof spyOn>;
+
+  beforeEach(() => {
+    resetTables();
+    deliverSpy = spyOn(gatewayClient, 'deliverChannelReply').mockResolvedValue(undefined);
+    composeSpy = spyOn(approvalMessageComposer, 'composeApprovalMessageGenerative')
+      .mockResolvedValue('test message');
+  });
+
+  test('identity-known unknown sender does not auto-deny pending approval', async () => {
+    const requestId = 'req-unknown-no-auto-deny-1';
+    const sessionMock = registerPendingInteraction(requestId, CONVERSATION_ID, TOOL_NAME, TOOL_INPUT);
+    createTestGuardianApproval(requestId);
+
+    const result = await handleApprovalInterception({
+      conversationId: CONVERSATION_ID,
+      content: 'approve',
+      externalChatId: REQUESTER_CHAT,
+      sourceChannel: 'telegram',
+      senderExternalUserId: 'intruder-user-1',
+      replyCallbackUrl: 'https://gateway.test/deliver',
+      guardianCtx: {
+        trustClass: 'unknown',
+      },
+      assistantId: ASSISTANT_ID,
+    });
+
+    expect(result.handled).toBe(true);
+    expect(result.type).toBe('assistant_turn');
+    expect(sessionMock).not.toHaveBeenCalled();
+
+    deliverSpy.mockRestore();
+    composeSpy.mockRestore();
+  });
+
+  test('legacy unverified sender still auto-denies pending approval', async () => {
+    const requestId = 'req-unknown-auto-deny-1';
+    const sessionMock = registerPendingInteraction(requestId, CONVERSATION_ID, TOOL_NAME, TOOL_INPUT);
+    createTestGuardianApproval(requestId);
+
+    const result = await handleApprovalInterception({
+      conversationId: CONVERSATION_ID,
+      content: 'approve',
+      externalChatId: REQUESTER_CHAT,
+      sourceChannel: 'telegram',
+      senderExternalUserId: undefined,
+      replyCallbackUrl: 'https://gateway.test/deliver',
+      guardianCtx: {
+        trustClass: 'unknown',
+        denialReason: 'no_identity',
+      },
+      assistantId: ASSISTANT_ID,
+    });
+
+    expect(result.handled).toBe(true);
+    expect(result.type).toBe('decision_applied');
+    expect(sessionMock).toHaveBeenCalled();
+    expect(sessionMock.mock.calls[0]?.[0]).toBe(requestId);
+    expect(sessionMock.mock.calls[0]?.[1]).toBe('deny');
+
+    deliverSpy.mockRestore();
+    composeSpy.mockRestore();
+  });
+});

package/src/__tests__/guardian-outbound-http.test.ts

@@ -364,15 +364,16 @@ describe('HTTP route: handleStartOutbound', () => {
     const req = jsonRequest({ destination: '+15551234567' });
     const resp = await handleStartOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
-    expect(body.error).toBe('missing_channel');
+    const body = await resp.json() as { error: { message: string; code: string } };
+    expect(body.error.code).toBe('BAD_REQUEST');
+    expect(body.error.message).toContain('channel');
   });
 
   test('returns 400 for missing destination (SMS)', async () => {
     const req = jsonRequest({ channel: 'sms' });
     const resp = await handleStartOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
+    const body = await resp.json() as { error?: string };
     expect(body.error).toBe('missing_destination');
   });
 
@@ -391,15 +392,16 @@ describe('HTTP route: handleResendOutbound', () => {
     const req = jsonRequest({});
     const resp = await handleResendOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
-    expect(body.error).toBe('missing_channel');
+    const body = await resp.json() as { error: { message: string; code: string } };
+    expect(body.error.code).toBe('BAD_REQUEST');
+    expect(body.error.message).toContain('channel');
   });
 
   test('returns 400 for no_active_session', async () => {
     const req = jsonRequest({ channel: 'sms', assistantId: 'resend-no-session' });
     const resp = await handleResendOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
+    const body = await resp.json() as { error?: string };
     expect(body.error).toBe('no_active_session');
   });
 
@@ -432,15 +434,16 @@ describe('HTTP route: handleCancelOutbound', () => {
     const req = jsonRequest({});
     const resp = await handleCancelOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
-    expect(body.error).toBe('missing_channel');
+    const body = await resp.json() as { error: { message: string; code: string } };
+    expect(body.error.code).toBe('BAD_REQUEST');
+    expect(body.error.message).toContain('channel');
   });
 
   test('returns 400 for no_active_session', async () => {
     const req = jsonRequest({ channel: 'sms', assistantId: 'cancel-no-session' });
     const resp = await handleCancelOutbound(req);
     expect(resp.status).toBe(400);
-    const body = await resp.json() as Record<string, unknown>;
+    const body = await resp.json() as { error?: string };
     expect(body.error).toBe('no_active_session');
   });