@vellumai/assistant 0.3.3 → 0.3.4

package/src/__tests__/channel-approvals.test.ts

@@ -298,6 +298,53 @@ describe('handleChannelDecision', () => {
     expect(orchestrator.submitDecision).toHaveBeenCalledWith(run.id, 'deny');
   });
 
+  test('uses decision.runId to target the matching pending run', () => {
+    ensureConversation('conv-1');
+    const olderRun = createRun('conv-1');
+    setRunConfirmation(olderRun.id, {
+      ...sampleConfirmation,
+      toolName: 'shell',
+      toolUseId: 'req-older',
+    });
+    const newerRun = createRun('conv-1');
+    setRunConfirmation(newerRun.id, {
+      ...sampleConfirmation,
+      toolName: 'browser',
+      toolUseId: 'req-newer',
+    });
+
+    const orchestrator = makeMockOrchestrator();
+    const decision: ApprovalDecisionResult = {
+      action: 'approve_once',
+      source: 'telegram_button',
+      runId: newerRun.id,
+    };
+
+    const result = handleChannelDecision('conv-1', decision, orchestrator);
+    expect(result.applied).toBe(true);
+    expect(result.runId).toBe(newerRun.id);
+    expect(orchestrator.submitDecision).toHaveBeenCalledWith(newerRun.id, 'allow');
+    expect(orchestrator.submitDecision).not.toHaveBeenCalledWith(olderRun.id, 'allow');
+  });
+
+  test('returns applied: false when decision.runId does not match a pending run', () => {
+    ensureConversation('conv-1');
+    const run = createRun('conv-1');
+    setRunConfirmation(run.id, sampleConfirmation);
+
+    const orchestrator = makeMockOrchestrator();
+    const decision: ApprovalDecisionResult = {
+      action: 'approve_once',
+      source: 'telegram_button',
+      runId: 'run-missing',
+    };
+
+    const result = handleChannelDecision('conv-1', decision, orchestrator);
+    expect(result.applied).toBe(false);
+    expect(result.runId).toBeUndefined();
+    expect(orchestrator.submitDecision).not.toHaveBeenCalled();
+  });
+
   test('approve_always adds a trust rule and submits "allow"', () => {
     ensureConversation('conv-1');
     const run = createRun('conv-1');
@@ -319,14 +366,16 @@ describe('handleChannelDecision', () => {
     expect(result.applied).toBe(true);
     expect(result.runId).toBe(run.id);
 
-    // Trust rule added with first allowlist and scope option
+    // Trust rule added with first allowlist and scope option.
+    // executionTarget is undefined for core tools like 'shell' — only
+    // skill-origin tools persist it (see channel-approvals.ts).
     expect(addRuleSpy).toHaveBeenCalledWith(
       'shell',
       'rm -rf *',
       '/tmp/project',
       'allow',
       100,
-      { executionTarget: 'sandbox' },
+      { executionTarget: undefined },
     );
 
     // The run is still approved with a simple "allow"

package/src/__tests__/channel-delivery-store.test.ts

@@ -24,7 +24,7 @@ mock.module('../util/logger.js', () => ({
 }));
 
 import { initializeDb, getDb, resetDb } from '../memory/db.js';
-import { channelInboundEvents, conversations, messages } from '../memory/schema.js';
+import { channelInboundEvents, conversations, externalConversationBindings, messages } from '../memory/schema.js';
 import {
   recordInbound,
   linkMessage,
@@ -470,7 +470,7 @@ describe('channel-delivery-store', () => {
 
   // ── handleDeleteConversation assistantId parameter ───────────────
 
-  test('handleDeleteConversation uses route assistantId param to delete scoped key', async () => {
+  test('handleDeleteConversation with non-self assistant deletes only scoped key', async () => {
     // Set up a scoped conversation key like the one created by recordInbound
     // with a specific assistantId.
     const convId = 'conv-delete-test';
@@ -488,6 +488,13 @@ describe('channel-delivery-store', () => {
     }).run();
     setConversationKey(scopedKey, convId);
     setConversationKey(legacyKey, convId);
+    db.insert(externalConversationBindings).values({
+      conversationId: convId,
+      sourceChannel: 'telegram',
+      externalChatId: 'chat-del',
+      createdAt: now,
+      updatedAt: now,
+    }).run();
 
     // Verify both keys exist
     expect(getConversationByKey(scopedKey)).not.toBeNull();
@@ -510,9 +517,15 @@ describe('channel-delivery-store', () => {
     const json = await res.json() as { ok: boolean };
     expect(json.ok).toBe(true);
 
-    // Both the legacy key and the scoped key should be deleted
+    // Non-self delete should only remove the scoped key and preserve legacy.
     expect(getConversationByKey(scopedKey)).toBeNull();
-    expect(getConversationByKey(legacyKey)).toBeNull();
+    expect(getConversationByKey(legacyKey)).not.toBeNull();
+    // Non-self delete should not mutate assistant-agnostic external bindings.
+    const remainingBinding = db.select()
+      .from(externalConversationBindings)
+      .where(eq(externalConversationBindings.conversationId, convId))
+      .get();
+    expect(remainingBinding).not.toBeNull();
   });
 
   test('handleDeleteConversation defaults to "self" when no assistantId provided', async () => {
@@ -530,6 +543,13 @@ describe('channel-delivery-store', () => {
     }).run();
     setConversationKey(scopedKey, convId);
     setConversationKey(legacyKey, convId);
+    db.insert(externalConversationBindings).values({
+      conversationId: convId,
+      sourceChannel: 'telegram',
+      externalChatId: 'chat-def',
+      createdAt: now,
+      updatedAt: now,
+    }).run();
 
     const req = new Request('http://localhost/channels/conversation', {
       method: 'DELETE',
@@ -546,5 +566,11 @@ describe('channel-delivery-store', () => {
 
     expect(getConversationByKey(scopedKey)).toBeNull();
     expect(getConversationByKey(legacyKey)).toBeNull();
+    // Self delete should keep external bindings in sync for the canonical route.
+    const remainingBinding = db.select()
+      .from(externalConversationBindings)
+      .where(eq(externalConversationBindings.conversationId, convId))
+      .get();
+    expect(remainingBinding).toBeUndefined();
   });
 });

package/src/__tests__/channel-guardian.test.ts

@@ -52,6 +52,10 @@ import {
   isGuardian,
   revokeBinding as serviceRevokeBinding,
 } from '../runtime/channel-guardian-service.js';
+import { handleGuardianVerification } from '../daemon/handlers/config.js';
+import type { GuardianVerificationRequest, GuardianVerificationResponse } from '../daemon/ipc-contract.js';
+import type { HandlerContext } from '../daemon/handlers/shared.js';
+import type * as net from 'node:net';
 
 initializeDb();
 
@@ -1186,3 +1190,186 @@ describe('assistant-scoped approval request lookups', () => {
     expect(foundB!.toolName).toBe('browser');
   });
 });
+
+// ═══════════════════════════════════════════════════════════════════════════
+// 10. IPC handler — channel-aware guardian status response
+// ═══════════════════════════════════════════════════════════════════════════
+
+/**
+ * Creates a minimal mock HandlerContext that captures the response sent via ctx.send().
+ */
+function createMockCtx(): { ctx: HandlerContext; lastResponse: () => GuardianVerificationResponse | null } {
+  let captured: GuardianVerificationResponse | null = null;
+  const ctx = {
+    sessions: new Map(),
+    socketToSession: new Map(),
+    cuSessions: new Map(),
+    socketToCuSession: new Map(),
+    cuObservationParseSequence: new Map(),
+    socketSandboxOverride: new Map(),
+    sharedRequestTimestamps: [],
+    debounceTimers: { schedule: () => {}, cancel: () => {} } as unknown as HandlerContext['debounceTimers'],
+    suppressConfigReload: false,
+    setSuppressConfigReload: () => {},
+    updateConfigFingerprint: () => {},
+    send: (_socket: net.Socket, msg: unknown) => { captured = msg as GuardianVerificationResponse; },
+    broadcast: () => {},
+    clearAllSessions: () => 0,
+    getOrCreateSession: () => Promise.resolve({} as never),
+    touchSession: () => {},
+  } as unknown as HandlerContext;
+  return { ctx, lastResponse: () => captured };
+}
+
+const mockSocket = {} as net.Socket;
+
+describe('IPC handler channel-aware guardian status', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+
+  test('status action for telegram returns channel and assistantId fields', () => {
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'telegram',
+      assistantId: 'self',
+    };
+
+    handleGuardianVerification(msg, mockSocket, ctx);
+
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.channel).toBe('telegram');
+    expect(resp!.assistantId).toBe('self');
+    expect(resp!.bound).toBe(false);
+    expect(resp!.guardianDeliveryChatId).toBeUndefined();
+  });
+
+  test('status action for sms returns channel: sms and assistantId: self', () => {
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'sms',
+      assistantId: 'self',
+    };
+
+    handleGuardianVerification(msg, mockSocket, ctx);
+
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.channel).toBe('sms');
+    expect(resp!.assistantId).toBe('self');
+    expect(resp!.bound).toBe(false);
+  });
+
+  test('status action returns guardianDeliveryChatId when bound', () => {
+    createBinding({
+      assistantId: 'self',
+      channel: 'telegram',
+      guardianExternalUserId: 'user-42',
+      guardianDeliveryChatId: 'chat-42',
+    });
+
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'telegram',
+      assistantId: 'self',
+    };
+
+    handleGuardianVerification(msg, mockSocket, ctx);
+
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.bound).toBe(true);
+    expect(resp!.guardianExternalUserId).toBe('user-42');
+    expect(resp!.guardianDeliveryChatId).toBe('chat-42');
+    expect(resp!.channel).toBe('telegram');
+    expect(resp!.assistantId).toBe('self');
+  });
+
+  test('status action defaults channel to telegram when omitted (backward compat)', () => {
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      // channel omitted — should default to 'telegram'
+    };
+
+    handleGuardianVerification(msg, mockSocket, ctx);
+
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.channel).toBe('telegram');
+    expect(resp!.assistantId).toBe('self');
+  });
+
+  test('status action defaults assistantId to self when omitted (backward compat)', () => {
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'sms',
+      // assistantId omitted — should default to 'self'
+    };
+
+    handleGuardianVerification(msg, mockSocket, ctx);
+
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.assistantId).toBe('self');
+    expect(resp!.channel).toBe('sms');
+  });
+
+  test('status action with custom assistantId returns correct value', () => {
+    createBinding({
+      assistantId: 'asst-custom',
+      channel: 'telegram',
+      guardianExternalUserId: 'user-77',
+      guardianDeliveryChatId: 'chat-77',
+    });
+
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'telegram',
+      assistantId: 'asst-custom',
+    };
+
+    handleGuardianVerification(msg, mockSocket, ctx);
+
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.bound).toBe(true);
+    expect(resp!.assistantId).toBe('asst-custom');
+    expect(resp!.channel).toBe('telegram');
+    expect(resp!.guardianExternalUserId).toBe('user-77');
+    expect(resp!.guardianDeliveryChatId).toBe('chat-77');
+  });
+
+  test('status action for unbound sms does not return guardianDeliveryChatId', () => {
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'sms',
+    };
+
+    handleGuardianVerification(msg, mockSocket, ctx);
+
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.bound).toBe(false);
+    expect(resp!.guardianDeliveryChatId).toBeUndefined();
+    expect(resp!.guardianExternalUserId).toBeUndefined();
+  });
+});

package/src/__tests__/config-schema.test.ts

@@ -681,7 +681,7 @@ describe('AssistantConfigSchema', () => {
       userConsultTimeoutSeconds: 120,
       disclosure: {
         enabled: true,
-        text: 'At the very beginning of the call, disclose that you are an AI assistant calling on behalf of the user.',
+        text: 'At the very beginning of the call, introduce yourself as an assistant calling on behalf of the user.',
       },
       safety: {
         denyCategories: [],