@vellumai/assistant 0.3.4 → 0.3.5

package/src/__tests__/call-routes-http.test.ts

@@ -80,10 +80,10 @@ mock.module('../calls/twilio-provider.js', () => ({
 
 // Mock Twilio config
 mock.module('../calls/twilio-config.js', () => ({
-  getTwilioConfig: () => ({
+  getTwilioConfig: (assistantId?: string) => ({
     accountSid: 'AC_test',
     authToken: 'test_token',
-    phoneNumber: '+15550001111',
+    phoneNumber: assistantId === 'asst-alpha' ? '+15550009999' : '+15550001111',
     webhookBaseUrl: 'https://test.example.com',
     wssBaseUrl: 'wss://test.example.com',
   }),
@@ -168,6 +168,10 @@ describe('runtime call routes — HTTP layer', () => {
     return `http://127.0.0.1:${port}/v1/calls${path}`;
   }
 
+  function assistantCallsUrl(assistantId: string, path = ''): string {
+    return `http://127.0.0.1:${port}/v1/assistants/${assistantId}/calls${path}`;
+  }
+
   // ── POST /v1/calls/start ────────────────────────────────────────────
 
   test('POST /v1/calls/start returns 201 with call session', async () => {
@@ -222,6 +226,27 @@ describe('runtime call routes — HTTP layer', () => {
     await stopServer();
   });
 
+  test('POST /v1/assistants/:assistantId/calls/start uses assistant-scoped caller number', async () => {
+    await startServer();
+    ensureConversation('conv-start-scoped-1');
+
+    const res = await fetch(assistantCallsUrl('asst-alpha', '/start'), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        phoneNumber: '+15559997777',
+        task: 'Check order status',
+        conversationId: 'conv-start-scoped-1',
+      }),
+    });
+
+    expect(res.status).toBe(201);
+    const body = await res.json() as { fromNumber: string };
+    expect(body.fromNumber).toBe('+15550009999');
+
+    await stopServer();
+  });
+
   test('POST /v1/calls/start returns 400 for invalid phone number', async () => {
     await startServer();
     ensureConversation('conv-start-2');

package/src/__tests__/channel-approval-routes.test.ts

@@ -1635,7 +1635,9 @@ describe('SMS guardian verify intercept', () => {
     const replyArgs = deliverSpy.mock.calls[0];
     const replyPayload = replyArgs[1] as { chatId: string; text: string };
     expect(replyPayload.chatId).toBe('sms-chat-verify');
-    expect(replyPayload.text).toContain('Guardian verified successfully');
+    expect(typeof replyPayload.text).toBe('string');
+    expect(replyPayload.text.toLowerCase()).toContain('guardian');
+    expect(replyPayload.text.toLowerCase()).toContain('verif');
 
     deliverSpy.mockRestore();
   });
@@ -1668,7 +1670,9 @@ describe('SMS guardian verify intercept', () => {
     expect(deliverSpy).toHaveBeenCalled();
     const replyArgs = deliverSpy.mock.calls[0];
     const replyPayload = replyArgs[1] as { chatId: string; text: string };
-    expect(replyPayload.text).toContain('Verification failed');
+    expect(typeof replyPayload.text).toBe('string');
+    expect(replyPayload.text.toLowerCase()).toContain('verif');
+    expect(replyPayload.text.toLowerCase()).toContain('failed');
 
     deliverSpy.mockRestore();
   });
@@ -1944,11 +1948,11 @@ describe('fail-closed guardian gate — unverified channel', () => {
 
     // The deny decision should carry guardian setup context for assistant reply generation.
     expect(typeof decisionArgs[2]).toBe('string');
-    expect((decisionArgs[2] as string)).toContain('no guardian is configured');
+    expect((decisionArgs[2] as string).toLowerCase()).toContain('no guardian');
 
     // The runtime should not send a second deterministic denial notice.
     const deterministicNoticeCalls = deliverSpy.mock.calls.filter(
-      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.includes('no guardian has been set up'),
+      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.toLowerCase().includes('no guardian'),
     );
     expect(deterministicNoticeCalls.length).toBe(0);
 
@@ -2045,11 +2049,11 @@ describe('fail-closed guardian gate — unverified channel', () => {
     const lastDecision = submitCalls[submitCalls.length - 1];
     expect(lastDecision[1]).toBe('deny');
     expect(typeof lastDecision[2]).toBe('string');
-    expect((lastDecision[2] as string)).toContain('no guardian is configured');
+    expect((lastDecision[2] as string).toLowerCase()).toContain('no guardian');
 
     // Interception should not emit a separate deterministic denial notice.
     const denialCalls = deliverSpy.mock.calls.filter(
-      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.includes('no guardian has been set up'),
+      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.toLowerCase().includes('no guardian'),
     );
     expect(denialCalls.length).toBe(0);
 
@@ -2092,9 +2096,9 @@ describe('guardian-with-binding path regression', () => {
     const approvalArgs = approvalSpy.mock.calls[0];
     expect(approvalArgs[1]).toBe('guardian-chat-1');
 
-    // Requester should have been notified the request was sent to the guardian
+    // Requester should have been notified the request was forwarded to the guardian
     const notifyCalls = deliverSpy.mock.calls.filter(
-      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.includes('has been sent to the guardian for approval'),
+      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.toLowerCase().includes('guardian'),
     );
     expect(notifyCalls.length).toBeGreaterThanOrEqual(1);
 
@@ -2223,14 +2227,14 @@ describe('guardian delivery failure → denial', () => {
 
     // Requester should have been notified that delivery failed
     const failureCalls = deliverSpy.mock.calls.filter(
-      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.includes('could not be sent to the guardian for approval'),
+      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.toLowerCase().includes('denied'),
     );
     expect(failureCalls.length).toBeGreaterThanOrEqual(1);
 
-    // The "has been sent to the guardian for approval" success notice should
-    // NOT have been delivered (since delivery failed).
+    // The guardian_request_forwarded success notice should NOT have been
+    // delivered (since delivery failed).
     const successCalls = deliverSpy.mock.calls.filter(
-      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.includes('has been sent to the guardian for approval'),
+      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.toLowerCase().includes('forwarded'),
     );
     expect(successCalls.length).toBe(0);
 
@@ -2487,7 +2491,7 @@ describe('ambiguous plain-text decision with multiple pending requests', () => {
 
     // A disambiguation message should have been sent to the guardian
     const disambigCalls = deliverSpy.mock.calls.filter(
-      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.includes('pending approval requests'),
+      (call) => typeof call[1] === 'object' && (call[1] as { text?: string }).text?.toLowerCase().includes('pending'),
     );
     expect(disambigCalls.length).toBeGreaterThanOrEqual(1);
 
@@ -3178,12 +3182,12 @@ describe('guardian enforcement behavior', () => {
     const lastDecision = submitCalls[submitCalls.length - 1];
     expect(lastDecision[1]).toBe('deny');
     expect(typeof lastDecision[2]).toBe('string');
-    expect((lastDecision[2] as string)).toContain('identity could not be verified');
+    expect((lastDecision[2] as string).toLowerCase()).toContain('identity');
 
     // No separate deterministic denial notice should be emitted here.
     const denialCalls = deliverSpy.mock.calls.filter(
       (call) => typeof call[1] === 'object'
-        && ((call[1] as { text?: string }).text ?? '').includes('identity could not be determined'),
+        && ((call[1] as { text?: string }).text ?? '').toLowerCase().includes('identity'),
     );
     expect(denialCalls.length).toBe(0);
 
@@ -3217,11 +3221,11 @@ describe('guardian enforcement behavior', () => {
     const lastDecision = submitCalls[submitCalls.length - 1];
     expect(lastDecision[1]).toBe('deny');
     expect(typeof lastDecision[2]).toBe('string');
-    expect((lastDecision[2] as string)).toContain('identity could not be verified');
+    expect((lastDecision[2] as string).toLowerCase()).toContain('identity');
 
     const denialCalls = deliverSpy.mock.calls.filter(
       (call) => typeof call[1] === 'object'
-        && ((call[1] as { text?: string }).text ?? '').includes('identity could not be determined'),
+        && ((call[1] as { text?: string }).text ?? '').toLowerCase().includes('identity'),
     );
     expect(denialCalls.length).toBe(0);
     expect(approvalSpy).not.toHaveBeenCalled();

package/src/__tests__/channel-approvals.test.ts

@@ -41,6 +41,7 @@ import {
   buildApprovalUIMetadata,
   handleChannelDecision,
   buildReminderPrompt,
+  buildGuardianApprovalPrompt,
   channelSupportsRichApprovalUI,
 } from '../runtime/channel-approvals.js';
 import type { ApprovalDecisionResult, ChannelApprovalPrompt } from '../runtime/channel-approval-types.js';
@@ -547,7 +548,53 @@ describe('buildReminderPrompt', () => {
 });
 
 // ═══════════════════════════════════════════════════════════════════════════
-// 5. channelSupportsRichApprovalUI
+// 5. buildGuardianApprovalPrompt
+// ═══════════════════════════════════════════════════════════════════════════
+
+describe('buildGuardianApprovalPrompt', () => {
+  test('prompt includes requester identifier and tool name', () => {
+    const runInfo: PendingRunInfo = {
+      runId: 'run-g1',
+      requestId: 'req-g1',
+      toolName: 'deploy',
+      input: {},
+      riskLevel: 'high',
+    };
+    const prompt = buildGuardianApprovalPrompt(runInfo, 'alice');
+    expect(prompt.promptText).toContain('alice');
+    expect(prompt.promptText).toContain('deploy');
+  });
+
+  test('excludes approve_always action', () => {
+    const runInfo: PendingRunInfo = {
+      runId: 'run-g2',
+      requestId: 'req-g2',
+      toolName: 'shell',
+      input: {},
+      riskLevel: 'medium',
+    };
+    const prompt = buildGuardianApprovalPrompt(runInfo, 'bob');
+    expect(prompt.actions.map((a) => a.id)).not.toContain('approve_always');
+    expect(prompt.actions.map((a) => a.id)).toContain('approve_once');
+    expect(prompt.actions.map((a) => a.id)).toContain('reject');
+  });
+
+  test('plainTextFallback contains parser-compatible keywords', () => {
+    const runInfo: PendingRunInfo = {
+      runId: 'run-g3',
+      requestId: 'req-g3',
+      toolName: 'write_file',
+      input: {},
+      riskLevel: 'high',
+    };
+    const prompt = buildGuardianApprovalPrompt(runInfo, 'charlie');
+    expect(prompt.plainTextFallback).toContain('yes');
+    expect(prompt.plainTextFallback).toContain('no');
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════
+// 6. channelSupportsRichApprovalUI
 // ═══════════════════════════════════════════════════════════════════════════
 
 describe('channelSupportsRichApprovalUI', () => {

package/src/__tests__/channel-guardian.test.ts

@@ -311,28 +311,32 @@ describe('guardian service challenge validation', () => {
     resetTables();
   });
 
-  test('createVerificationChallenge returns a secret and instruction', () => {
+  test('createVerificationChallenge returns a secret, verifyCommand, ttlSeconds, and instruction', () => {
     const result = createVerificationChallenge('asst-1', 'telegram');
 
     expect(result.challengeId).toBeDefined();
     expect(result.secret).toBeDefined();
     expect(result.secret.length).toBe(64); // 32 bytes hex-encoded
+    expect(result.verifyCommand).toBe(`/guardian_verify ${result.secret}`);
+    expect(result.ttlSeconds).toBe(600);
+    expect(result.instruction).toBeDefined();
+    expect(result.instruction.length).toBeGreaterThan(0);
     expect(result.instruction).toContain('/guardian_verify');
-    expect(result.instruction).toContain(result.secret);
   });
 
-  test('createVerificationChallenge instruction mentions Telegram for telegram channel', () => {
+  test('createVerificationChallenge produces a non-empty instruction for telegram channel', () => {
     const result = createVerificationChallenge('asst-1', 'telegram');
-    expect(result.instruction).toContain('via Telegram');
-    expect(result.instruction).not.toContain('via SMS');
+    expect(result.instruction).toBeDefined();
+    expect(result.instruction.length).toBeGreaterThan(0);
+    expect(result.instruction).toContain(result.verifyCommand);
   });
 
-  test('createVerificationChallenge instruction mentions SMS for sms channel', () => {
+  test('createVerificationChallenge produces a non-empty instruction for sms channel', () => {
     const result = createVerificationChallenge('asst-1', 'sms');
-    expect(result.instruction).toContain('via SMS');
-    expect(result.instruction).not.toContain('via Telegram');
+    expect(result.instruction).toBeDefined();
+    expect(result.instruction.length).toBeGreaterThan(0);
     expect(result.instruction).toContain('/guardian_verify');
-    expect(result.instruction).toContain(result.secret);
+    expect(result.instruction).toContain(result.verifyCommand);
   });
 
   test('validateAndConsumeChallenge succeeds with correct secret', () => {
@@ -377,8 +381,10 @@ describe('guardian service challenge validation', () => {
 
     expect(result.success).toBe(false);
     if (!result.success) {
-      // Generic message to prevent oracle leakage
-      expect(result.reason).toContain('try again later');
+      // Composed failure message — check it is non-empty and contains "failed"
+      expect(result.reason).toBeDefined();
+      expect(result.reason.length).toBeGreaterThan(0);
+      expect(result.reason.toLowerCase()).toContain('failed');
     }
   });
 
@@ -404,8 +410,10 @@ describe('guardian service challenge validation', () => {
 
     expect(result.success).toBe(false);
     if (!result.success) {
-      // Generic message to prevent oracle leakage
-      expect(result.reason).toContain('try again later');
+      // Composed failure message — check it is non-empty and contains "failed"
+      expect(result.reason).toBeDefined();
+      expect(result.reason.length).toBeGreaterThan(0);
+      expect(result.reason.toLowerCase()).toContain('failed');
     }
   });
 
@@ -943,7 +951,9 @@ describe('guardian service rate limiting', () => {
       'asst-1', 'telegram', 'another-wrong', 'user-42', 'chat-42',
     );
     expect(result.success).toBe(false);
-    expect((result as { reason: string }).reason).toContain('try again later');
+    expect((result as { reason: string }).reason).toBeDefined();
+    expect((result as { reason: string }).reason.length).toBeGreaterThan(0);
+    expect((result as { reason: string }).reason.toLowerCase()).toContain('failed');
 
     // Verify the rate limit record
     const rl = getRateLimit('asst-1', 'telegram', 'user-42', 'chat-42');
@@ -975,21 +985,38 @@ describe('guardian service rate limiting', () => {
   test('rate-limit uses generic failure message (no oracle leakage)', () => {
     createVerificationChallenge('asst-1', 'telegram');
 
-    // Trigger rate limit
-    for (let i = 0; i < 5; i++) {
+    // Capture a normal invalid-code failure response
+    const normalFailure = validateAndConsumeChallenge(
+      'asst-1', 'telegram', 'wrong-first', 'user-42', 'chat-42',
+    );
+    expect(normalFailure.success).toBe(false);
+    const normalReason = (normalFailure as { reason: string }).reason;
+
+    // Trigger rate limit (4 more attempts to reach 5 total)
+    for (let i = 0; i < 4; i++) {
       validateAndConsumeChallenge(
         'asst-1', 'telegram', `wrong-${i}`, 'user-42', 'chat-42',
       );
     }
 
-    const result = validateAndConsumeChallenge(
+    // Verify lockout is actually active before testing the rate-limited response
+    const rl = getRateLimit('asst-1', 'telegram', 'user-42', 'chat-42');
+    expect(rl).not.toBeNull();
+    expect(rl!.lockedUntil).toBeGreaterThan(Date.now());
+
+    // The rate-limited response should be indistinguishable from normal failure
+    const rateLimitedResult = validateAndConsumeChallenge(
       'asst-1', 'telegram', 'anything', 'user-42', 'chat-42',
     );
-    expect(result.success).toBe(false);
-    // Must NOT reveal "invalid", "expired", or "rate limit" specifically
-    expect((result as { reason: string }).reason).not.toContain('Invalid');
-    expect((result as { reason: string }).reason).not.toContain('expired');
-    expect((result as { reason: string }).reason).not.toContain('rate limit');
+    expect(rateLimitedResult.success).toBe(false);
+    const rateLimitedReason = (rateLimitedResult as { reason: string }).reason;
+
+    // Anti-oracle: both responses must be identical
+    expect(rateLimitedReason).toBe(normalReason);
+
+    // Neither should reveal rate-limiting info
+    expect(rateLimitedReason).not.toContain('rate limit');
+    expect(normalReason).not.toContain('rate limit');
   });
 
   test('rate limit does not affect different actors', () => {
@@ -1295,6 +1322,31 @@ describe('IPC handler channel-aware guardian status', () => {
     expect(resp!.assistantId).toBe('self');
   });
 
+  test('status action returns guardian username/displayName from binding metadata', () => {
+    createBinding({
+      assistantId: 'self',
+      channel: 'telegram',
+      guardianExternalUserId: 'user-43',
+      guardianDeliveryChatId: 'chat-43',
+      metadataJson: JSON.stringify({ username: 'guardian_handle', displayName: 'Guardian Name' }),
+    });
+
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'telegram',
+      assistantId: 'self',
+    };
+
+    handleGuardianVerification(msg, mockSocket, ctx);
+
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.guardianUsername).toBe('guardian_handle');
+    expect(resp!.guardianDisplayName).toBe('Guardian Name');
+  });
+
   test('status action defaults channel to telegram when omitted (backward compat)', () => {
     const { ctx, lastResponse } = createMockCtx();
     const msg: GuardianVerificationRequest = {

package/src/__tests__/channel-readiness-service.test.ts

@@ -0,0 +1,257 @@
+import { describe, test, expect, beforeEach, mock } from 'bun:test';
+import { ChannelReadinessService, REMOTE_TTL_MS } from '../runtime/channel-readiness-service.js';
+import type { ChannelProbe, ReadinessCheckResult } from '../runtime/channel-readiness-types.js';
+
+// ── Test helpers ────────────────────────────────────────────────────────────
+
+function makeProbe(
+  channel: string,
+  localResults: ReadinessCheckResult[],
+  remoteResults?: ReadinessCheckResult[],
+): ChannelProbe & { localCallCount: number; remoteCallCount: number } {
+  const probe = {
+    channel,
+    localCallCount: 0,
+    remoteCallCount: 0,
+    runLocalChecks(): ReadinessCheckResult[] {
+      probe.localCallCount++;
+      return localResults;
+    },
+    ...(remoteResults !== undefined
+      ? {
+          async runRemoteChecks(): Promise<ReadinessCheckResult[]> {
+            probe.remoteCallCount++;
+            return remoteResults;
+          },
+        }
+      : {}),
+  };
+  return probe;
+}
+
+// ── Tests ───────────────────────────────────────────────────────────────────
+
+describe('ChannelReadinessService', () => {
+  let service: ChannelReadinessService;
+
+  beforeEach(() => {
+    service = new ChannelReadinessService();
+  });
+
+  test('local checks run on every call (no caching of local results)', async () => {
+    const probe = makeProbe('sms', [
+      { name: 'creds', passed: true, message: 'ok' },
+    ]);
+    service.registerProbe(probe);
+
+    await service.getReadiness('sms');
+    await service.getReadiness('sms');
+
+    expect(probe.localCallCount).toBe(2);
+  });
+
+  test('cache miss runs local checks and returns snapshot', async () => {
+    const probe = makeProbe('sms', [
+      { name: 'creds', passed: true, message: 'ok' },
+      { name: 'phone', passed: false, message: 'missing' },
+    ]);
+    service.registerProbe(probe);
+
+    const [snapshot] = await service.getReadiness('sms');
+
+    expect(probe.localCallCount).toBe(1);
+    expect(snapshot.channel).toBe('sms');
+    expect(snapshot.ready).toBe(false);
+    expect(snapshot.localChecks).toHaveLength(2);
+    expect(snapshot.reasons).toEqual([
+      { code: 'phone', text: 'missing' },
+    ]);
+  });
+
+  test('includeRemote=true runs remote checks on cache miss', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+
+    const [snapshot] = await service.getReadiness('sms', true);
+
+    expect(probe.remoteCallCount).toBe(1);
+    expect(snapshot.remoteChecks).toHaveLength(1);
+    expect(snapshot.remoteChecks![0].passed).toBe(true);
+  });
+
+  test('cached remote checks reused within TTL', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+
+    // First call populates cache
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+
+    // Second call within TTL should reuse cache
+    const [snapshot] = await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    expect(snapshot.remoteChecks).toHaveLength(1);
+  });
+
+  test('stale cache triggers remote check re-run', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+
+    // First call
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+
+    // Manually age the cached snapshot beyond TTL
+    const cached = (service as unknown as { snapshots: Map<string, { checkedAt: number }> }).snapshots.get('sms')!;
+    cached.checkedAt = Date.now() - REMOTE_TTL_MS - 1;
+
+    // Second call should re-run remote checks
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(2);
+  });
+
+  test('invalidateChannel clears cache for specific channel', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+
+    service.invalidateChannel('sms');
+
+    // After invalidation, remote checks should run again
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(2);
+  });
+
+  test('invalidateAll clears all cached snapshots', async () => {
+    const smsProbe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api', passed: true, message: 'ok' }],
+    );
+    const telegramProbe = makeProbe(
+      'telegram',
+      [{ name: 'token', passed: true, message: 'ok' }],
+      [{ name: 'webhook', passed: true, message: 'ok' }],
+    );
+    service.registerProbe(smsProbe);
+    service.registerProbe(telegramProbe);
+
+    await service.getReadiness(undefined, true);
+    expect(smsProbe.remoteCallCount).toBe(1);
+    expect(telegramProbe.remoteCallCount).toBe(1);
+
+    service.invalidateAll();
+
+    await service.getReadiness(undefined, true);
+    expect(smsProbe.remoteCallCount).toBe(2);
+    expect(telegramProbe.remoteCallCount).toBe(2);
+  });
+
+  test('unknown channel returns unsupported_channel reason', async () => {
+    const [snapshot] = await service.getReadiness('carrier_pigeon');
+
+    expect(snapshot.channel).toBe('carrier_pigeon');
+    expect(snapshot.ready).toBe(false);
+    expect(snapshot.reasons).toEqual([
+      { code: 'unsupported_channel', text: 'Channel carrier_pigeon is not supported' },
+    ]);
+    expect(snapshot.localChecks).toHaveLength(0);
+  });
+
+  test('all checks passing yields ready=true', async () => {
+    const probe = makeProbe('test', [
+      { name: 'a', passed: true, message: 'ok' },
+      { name: 'b', passed: true, message: 'ok' },
+    ]);
+    service.registerProbe(probe);
+
+    const [snapshot] = await service.getReadiness('test');
+
+    expect(snapshot.ready).toBe(true);
+    expect(snapshot.reasons).toHaveLength(0);
+  });
+
+  test('getReadiness with no channel returns all registered channels', async () => {
+    service.registerProbe(makeProbe('sms', [{ name: 'a', passed: true, message: 'ok' }]));
+    service.registerProbe(makeProbe('telegram', [{ name: 'b', passed: true, message: 'ok' }]));
+
+    const snapshots = await service.getReadiness();
+
+    expect(snapshots).toHaveLength(2);
+    const channels = snapshots.map((s) => s.channel).sort();
+    expect(channels).toEqual(['sms', 'telegram']);
+  });
+
+  test('cached remote checks preserve original checkedAt (TTL not reset on reuse)', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+
+    // First call populates cache with freshly fetched remote checks
+    const [first] = await service.getReadiness('sms', true);
+    const originalCheckedAt = first.checkedAt;
+    expect(probe.remoteCallCount).toBe(1);
+
+    // Second call within TTL reuses cache — checkedAt must stay at the original value
+    const [second] = await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    expect(second.checkedAt).toBe(originalCheckedAt);
+  });
+
+  test('includeRemote runs remote checks when cache exists without remote data', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+
+    // First call without includeRemote — cache has no remote data
+    await service.getReadiness('sms', false);
+    expect(probe.remoteCallCount).toBe(0);
+
+    // Second call with includeRemote — should run remote checks even though
+    // the cached snapshot exists (because it has no remoteChecks)
+    const [snapshot] = await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    expect(snapshot.remoteChecks).toHaveLength(1);
+    expect(snapshot.remoteChecks![0].passed).toBe(true);
+  });
+
+  test('failed remote check makes channel not ready', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: false, message: 'API unreachable' }],
+    );
+    service.registerProbe(probe);
+
+    const [snapshot] = await service.getReadiness('sms', true);
+
+    expect(snapshot.ready).toBe(false);
+    expect(snapshot.reasons).toEqual([
+      { code: 'api_check', text: 'API unreachable' },
+    ]);
+  });
+});

package/src/__tests__/config-schema.test.ts

@@ -206,6 +206,7 @@ describe('AssistantConfigSchema', () => {
       maxEdges: 40,
       neighborScoreMultiplier: 0.7,
       maxDepth: 3,
+      depthDecay: true,
     });
   });
 
@@ -681,7 +682,7 @@ describe('AssistantConfigSchema', () => {
       userConsultTimeoutSeconds: 120,
       disclosure: {
         enabled: true,
-        text: 'At the very beginning of the call, introduce yourself as an assistant calling on behalf of the user.',
+        text: 'At the very beginning of the call, introduce yourself as an assistant calling on behalf of the person you represent. Do not say "AI assistant".',
       },
       safety: {
         denyCategories: [],