npm - @vellumai/assistant - Versions diffs - 0.3.5 → 0.3.7 - Mend

@vellumai/assistant 0.3.5 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (487) hide show

package/README.md +51 -0
package/eslint.config.mjs +31 -0
package/package.json +1 -1
package/scripts/ipc/check-swift-decoder-drift.ts +4 -1
package/scripts/ipc/generate-swift.ts +18 -2
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +338 -1
package/src/__tests__/approval-conversation-turn.test.ts +214 -0
package/src/__tests__/browser-manager.test.ts +1 -0
package/src/__tests__/call-conversation-messages.test.ts +130 -0
package/src/__tests__/call-orchestrator.test.ts +752 -271
package/src/__tests__/call-pointer-messages.test.ts +148 -0
package/src/__tests__/call-recovery.test.ts +3 -0
package/src/__tests__/call-routes-http.test.ts +5 -0
package/src/__tests__/call-store.test.ts +3 -0
package/src/__tests__/channel-approval-routes.test.ts +1260 -85
package/src/__tests__/channel-approval.test.ts +37 -0
package/src/__tests__/channel-approvals.test.ts +4 -65
package/src/__tests__/channel-guardian.test.ts +556 -0
package/src/__tests__/channel-readiness-service.test.ts +74 -7
package/src/__tests__/checker.test.ts +14 -7
package/src/__tests__/clarification-resolver.test.ts +44 -24
package/src/__tests__/commit-message-enrichment-service.test.ts +9 -4
package/src/__tests__/computer-use-session-working-dir.test.ts +8 -0
package/src/__tests__/config-schema.test.ts +12 -7
package/src/__tests__/context-window-manager.test.ts +30 -2
package/src/__tests__/contradiction-checker.test.ts +20 -5
package/src/__tests__/credential-security-invariants.test.ts +6 -2
package/src/__tests__/db-migration-rollback.test.ts +752 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +2 -0
package/src/__tests__/fuzzy-match-property.test.ts +5 -5
package/src/__tests__/guardian-action-store.test.ts +123 -0
package/src/__tests__/guardian-action-sweep.test.ts +277 -0
package/src/__tests__/guardian-dispatch.test.ts +389 -0
package/src/__tests__/guardian-question-copy.test.ts +47 -0
package/src/__tests__/handlers-telegram-config.test.ts +4 -2
package/src/__tests__/handlers-twilio-config.test.ts +126 -0
package/src/__tests__/intent-routing.test.ts +2 -0
package/src/__tests__/ipc-snapshot.test.ts +228 -1
package/src/__tests__/memory-upsert-concurrency.test.ts +828 -0
package/src/__tests__/model-intents.test.ts +96 -0
package/src/__tests__/no-direct-anthropic-sdk-imports.test.ts +42 -0
package/src/__tests__/oauth2-gateway-transport.test.ts +130 -0
package/src/__tests__/onboarding-starter-tasks.test.ts +2 -0
package/src/__tests__/provider-commit-message-generator.test.ts +89 -13
package/src/__tests__/provider-error-scenarios.test.ts +621 -0
package/src/__tests__/provider-fail-open-selection.test.ts +119 -0
package/src/__tests__/qdrant-manager.test.ts +27 -20
package/src/__tests__/relay-server.test.ts +779 -40
package/src/__tests__/run-orchestrator-assistant-events.test.ts +2 -0
package/src/__tests__/run-orchestrator.test.ts +20 -4
package/src/__tests__/runtime-runs-http.test.ts +17 -1
package/src/__tests__/runtime-runs.test.ts +16 -0
package/src/__tests__/schedule-store.test.ts +18 -4
package/src/__tests__/scheduler-recurrence.test.ts +13 -4
package/src/__tests__/session-abort-tool-results.test.ts +6 -0
package/src/__tests__/session-agent-loop.test.ts +857 -0
package/src/__tests__/session-conflict-gate.test.ts +6 -0
package/src/__tests__/session-pre-run-repair.test.ts +6 -0
package/src/__tests__/session-profile-injection.test.ts +6 -0
package/src/__tests__/session-provider-retry-repair.test.ts +6 -0
package/src/__tests__/session-queue.test.ts +6 -0
package/src/__tests__/session-runtime-assembly.test.ts +237 -13
package/src/__tests__/session-slash-known.test.ts +6 -0
package/src/__tests__/session-slash-queue.test.ts +6 -0
package/src/__tests__/session-slash-unknown.test.ts +6 -0
package/src/__tests__/session-surfaces-task-progress.test.ts +2 -0
package/src/__tests__/session-tool-setup-app-refresh.test.ts +1 -0
package/src/__tests__/session-tool-setup-memory-scope.test.ts +1 -0
package/src/__tests__/session-tool-setup-side-effect-flag.test.ts +1 -0
package/src/__tests__/session-workspace-injection.test.ts +6 -0
package/src/__tests__/session-workspace-tool-tracking.test.ts +6 -0
package/src/__tests__/skills.test.ts +2 -0
package/src/__tests__/sms-messaging-provider.test.ts +2 -1
package/src/__tests__/starter-task-flow.test.ts +2 -0
package/src/__tests__/swarm-dag-pathological.test.ts +535 -0
package/src/__tests__/system-prompt.test.ts +2 -0
package/src/__tests__/task-management-tools.test.ts +2 -2
package/src/__tests__/task-runner.test.ts +14 -4
package/src/__tests__/terminal-tools.test.ts +25 -19
package/src/__tests__/tool-execution-abort-cleanup.test.ts +545 -0
package/src/__tests__/tool-executor-shell-integration.test.ts +11 -11
package/src/__tests__/tool-executor.test.ts +23 -24
package/src/__tests__/trust-store.test.ts +3 -3
package/src/__tests__/twilio-rest.test.ts +29 -0
package/src/__tests__/twilio-routes-elevenlabs.test.ts +3 -0
package/src/__tests__/twilio-routes-twiml.test.ts +11 -0
package/src/__tests__/twilio-routes.test.ts +141 -21
package/src/__tests__/user-reference.test.ts +2 -0
package/src/__tests__/voice-quality.test.ts +222 -0
package/src/__tests__/web-search.test.ts +45 -29
package/src/agent/loop.ts +1 -1
package/src/agent-heartbeat/agent-heartbeat-service.ts +2 -10
package/src/amazon/client.ts +1418 -0
package/src/amazon/request-extractor.ts +135 -0
package/src/amazon/session.ts +109 -0
package/src/autonomy/autonomy-store.ts +5 -5
package/src/browser-extension-relay/client.ts +124 -0
package/src/browser-extension-relay/protocol.ts +63 -0
package/src/browser-extension-relay/server.ts +177 -0
package/src/bundler/app-bundler.ts +3 -3
package/src/bundler/bundle-signer.ts +1 -1
package/src/bundler/signature-verifier.ts +1 -1
package/src/calls/call-conversation-messages.ts +33 -0
package/src/calls/call-domain.ts +106 -5
package/src/calls/call-orchestrator.ts +252 -54
package/src/calls/call-pointer-messages.ts +53 -0
package/src/calls/call-recovery.ts +3 -8
package/src/calls/call-store.ts +69 -87
package/src/calls/elevenlabs-config.ts +3 -2
package/src/calls/guardian-action-sweep.ts +105 -0
package/src/calls/guardian-dispatch.ts +203 -0
package/src/calls/guardian-question-copy.ts +133 -0
package/src/calls/relay-server.ts +466 -8
package/src/calls/speaker-identification.ts +1 -1
package/src/calls/twilio-config.ts +7 -5
package/src/calls/twilio-provider.ts +6 -4
package/src/calls/twilio-rest.ts +40 -15
package/src/calls/twilio-routes.ts +60 -45
package/src/calls/types.ts +3 -1
package/src/channels/types.ts +25 -0
package/src/cli/amazon.ts +815 -0
package/src/cli/config-commands.ts +2 -2
package/src/cli/core-commands.ts +4 -3
package/src/cli/influencer.ts +244 -0
package/src/cli/map.ts +89 -6
package/src/cli.ts +1 -1
package/src/config/agent-schema.ts +171 -0
package/src/config/bundled-skills/amazon/SKILL.md +127 -0
package/src/config/bundled-skills/amazon/icon.svg +13 -0
package/src/config/bundled-skills/api-mapping/SKILL.md +78 -0
package/src/config/bundled-skills/browser/SKILL.md +1 -0
package/src/config/bundled-skills/browser/TOOLS.json +17 -0
package/src/config/bundled-skills/browser/tools/browser-wait-for-download.ts +25 -0
package/src/config/bundled-skills/doordash/SKILL.md +51 -51
package/src/config/bundled-skills/email-setup/SKILL.md +14 -5
package/src/config/bundled-skills/google-oauth-setup/SKILL.md +183 -0
package/src/config/bundled-skills/influencer/SKILL.md +144 -0
package/src/config/bundled-skills/macos-automation/icon.svg +12 -0
package/src/config/bundled-skills/media-processing/SKILL.md +72 -95
package/src/config/bundled-skills/media-processing/TOOLS.json +57 -147
package/src/config/bundled-skills/media-processing/__tests__/concurrency-pool.test.ts +77 -0
package/src/config/bundled-skills/media-processing/__tests__/cost-tracker.test.ts +69 -0
package/src/config/bundled-skills/media-processing/__tests__/preprocess.test.ts +303 -0
package/src/config/bundled-skills/media-processing/services/concurrency-pool.ts +55 -0
package/src/config/bundled-skills/media-processing/services/cost-tracker.ts +86 -0
package/src/config/bundled-skills/media-processing/services/gemini-map.ts +339 -0
package/src/config/bundled-skills/media-processing/services/preprocess.ts +551 -0
package/src/config/bundled-skills/media-processing/services/processing-pipeline.ts +7 -9
package/src/config/bundled-skills/media-processing/services/reduce.ts +197 -0
package/src/config/bundled-skills/media-processing/tools/analyze-keyframes.ts +88 -253
package/src/config/bundled-skills/media-processing/tools/extract-keyframes.ts +22 -153
package/src/config/bundled-skills/media-processing/tools/generate-clip.ts +2 -2
package/src/config/bundled-skills/media-processing/tools/media-diagnostics.ts +28 -51
package/src/config/bundled-skills/media-processing/tools/query-media-events.ts +35 -270
package/src/config/bundled-skills/messaging/SKILL.md +12 -2
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +4 -7
package/src/config/bundled-skills/messaging/tools/messaging-reply.ts +2 -1
package/src/config/bundled-skills/phone-calls/SKILL.md +86 -21
package/src/config/bundled-skills/twitter/icon.svg +14 -0
package/src/config/bundled-tool-registry.ts +310 -0
package/src/config/calls-schema.ts +181 -0
package/src/config/core-schema.ts +309 -0
package/src/config/defaults.ts +27 -3
package/src/config/env-registry.ts +169 -0
package/src/config/env.ts +175 -0
package/src/config/loader.ts +6 -6
package/src/config/memory-schema.ts +528 -0
package/src/config/sandbox-schema.ts +55 -0
package/src/config/schema.ts +157 -1138
package/src/config/skill-state.ts +1 -1
package/src/config/skills-schema.ts +32 -0
package/src/config/skills.ts +35 -24
package/src/config/system-prompt.ts +107 -56
package/src/config/templates/SOUL.md +1 -1
package/src/config/types.ts +1 -0
package/src/config/user-reference.ts +4 -9
package/src/config/vellum-skills/catalog.json +0 -7
package/src/config/vellum-skills/chatgpt-import/tools/chatgpt-import.ts +5 -1
package/src/config/vellum-skills/slack-oauth-setup/SKILL.md +1 -0
package/src/config/vellum-skills/sms-setup/SKILL.md +112 -14
package/src/context/window-manager.ts +27 -7
package/src/daemon/approval-generators.ts +186 -0
package/src/daemon/approved-devices-store.ts +140 -0
package/src/daemon/assistant-attachments.ts +1 -1
package/src/daemon/classifier.ts +35 -32
package/src/daemon/config-watcher.ts +1 -1
package/src/daemon/daemon-control.ts +254 -0
package/src/daemon/handlers/apps.ts +2 -3
package/src/daemon/handlers/config-channels.ts +158 -0
package/src/daemon/handlers/config-inbox.ts +540 -0
package/src/daemon/handlers/config-ingress.ts +231 -0
package/src/daemon/handlers/config-integrations.ts +258 -0
package/src/daemon/handlers/config-model.ts +143 -0
package/src/daemon/handlers/config-parental.ts +163 -0
package/src/daemon/handlers/config-scheduling.ts +172 -0
package/src/daemon/handlers/config-slack.ts +92 -0
package/src/daemon/handlers/config-telegram.ts +301 -0
package/src/daemon/handlers/config-tools.ts +177 -0
package/src/daemon/handlers/config-trust.ts +104 -0
package/src/daemon/handlers/config-twilio.ts +1080 -0
package/src/daemon/handlers/config.ts +53 -2463
package/src/daemon/handlers/diagnostics.ts +1 -1
package/src/daemon/handlers/dictation.ts +4 -6
package/src/daemon/handlers/documents.ts +18 -32
package/src/daemon/handlers/index.ts +9 -0
package/src/daemon/handlers/misc.ts +3 -5
package/src/daemon/handlers/pairing.ts +98 -0
package/src/daemon/handlers/sessions.ts +74 -5
package/src/daemon/handlers/shared.ts +3 -1
package/src/daemon/handlers/skills.ts +1 -1
package/src/daemon/handlers/twitter-auth.ts +2 -0
package/src/daemon/handlers/work-items.ts +2 -2
package/src/daemon/handlers/workspace-files.ts +4 -3
package/src/daemon/install-cli-launchers.ts +113 -0
package/src/daemon/ipc-contract/apps.ts +356 -0
package/src/daemon/ipc-contract/browser.ts +74 -0
package/src/daemon/ipc-contract/computer-use.ts +151 -0
package/src/daemon/ipc-contract/diagnostics.ts +56 -0
package/src/daemon/ipc-contract/documents.ts +74 -0
package/src/daemon/ipc-contract/inbox.ts +209 -0
package/src/daemon/ipc-contract/integrations.ts +284 -0
package/src/daemon/ipc-contract/memory.ts +48 -0
package/src/daemon/ipc-contract/messages.ts +211 -0
package/src/daemon/ipc-contract/pairing.ts +45 -0
package/src/daemon/ipc-contract/parental-control.ts +95 -0
package/src/daemon/ipc-contract/schedules.ts +97 -0
package/src/daemon/ipc-contract/sessions.ts +321 -0
package/src/daemon/ipc-contract/shared.ts +42 -0
package/src/daemon/ipc-contract/skills.ts +120 -0
package/src/daemon/ipc-contract/subagents.ts +58 -0
package/src/daemon/ipc-contract/surfaces.ts +250 -0
package/src/daemon/ipc-contract/trust.ts +60 -0
package/src/daemon/ipc-contract/work-items.ts +225 -0
package/src/daemon/ipc-contract/workspace.ts +113 -0
package/src/daemon/ipc-contract-inventory.json +62 -0
package/src/daemon/ipc-contract-inventory.ts +55 -29
package/src/daemon/ipc-contract.ts +227 -2527
package/src/daemon/ipc-protocol.ts +1 -1
package/src/daemon/ipc-validate.ts +7 -0
package/src/daemon/lifecycle.ts +97 -379
package/src/daemon/pairing-store.ts +177 -0
package/src/daemon/providers-setup.ts +43 -0
package/src/daemon/ride-shotgun-handler.ts +67 -2
package/src/daemon/server.ts +60 -44
package/src/daemon/session-agent-loop-handlers.ts +421 -0
package/src/daemon/session-agent-loop.ts +113 -275
package/src/daemon/session-dynamic-profile.ts +1 -1
package/src/daemon/session-history.ts +1 -1
package/src/daemon/session-media-retry.ts +1 -1
package/src/daemon/session-messaging.ts +37 -2
package/src/daemon/session-notifiers.ts +5 -25
package/src/daemon/session-process.ts +99 -59
package/src/daemon/session-queue-manager.ts +98 -4
package/src/daemon/session-runtime-assembly.ts +149 -15
package/src/daemon/session-surfaces.ts +26 -4
package/src/daemon/session-tool-setup.ts +28 -30
package/src/daemon/session-workspace.ts +1 -1
package/src/daemon/session.ts +24 -1
package/src/daemon/shutdown-handlers.ts +122 -0
package/src/daemon/trace-emitter.ts +1 -1
package/src/daemon/watch-handler.ts +36 -33
package/src/doordash/cart-queries.ts +787 -0
package/src/doordash/client.ts +144 -127
package/src/doordash/order-queries.ts +85 -0
package/src/doordash/queries.ts +10 -1308
package/src/doordash/search-queries.ts +203 -0
package/src/doordash/session.ts +3 -2
package/src/doordash/store-queries.ts +246 -0
package/src/doordash/types.ts +367 -0
package/src/email/providers/agentmail.ts +2 -1
package/src/email/providers/index.ts +3 -2
package/src/email/service.ts +3 -2
package/src/errors.ts +43 -0
package/src/home-base/prebuilt/seed.ts +1 -1
package/src/hooks/cli.ts +6 -5
package/src/hooks/config.ts +6 -8
package/src/hooks/discovery.ts +6 -5
package/src/hooks/manager.ts +4 -3
package/src/hooks/runner.ts +2 -2
package/src/hooks/templates.ts +5 -5
package/src/inbound/public-ingress-urls.ts +3 -1
package/src/index.ts +4 -2
package/src/influencer/client.ts +1104 -0
package/src/instrument.ts +4 -3
package/src/logfire.ts +4 -3
package/src/memory/admin.ts +25 -35
package/src/memory/attachments-store.ts +4 -7
package/src/memory/channel-delivery-store.ts +30 -1
package/src/memory/channel-guardian-store.ts +200 -1
package/src/memory/clarification-resolver.ts +37 -33
package/src/memory/conflict-store.ts +67 -61
package/src/memory/contradiction-checker.ts +141 -117
package/src/memory/conversation-store.ts +335 -51
package/src/memory/db-connection.ts +27 -4
package/src/memory/db-init.ts +121 -4
package/src/memory/db.ts +14 -1
package/src/memory/embedding-backend.ts +27 -5
package/src/memory/embedding-ollama.ts +2 -1
package/src/memory/entity-extractor.ts +38 -35
package/src/memory/guardian-action-store.ts +430 -0
package/src/memory/inbox-escalation-projection.ts +59 -0
package/src/memory/inbox-thread-store.ts +218 -0
package/src/memory/ingress-invite-store.ts +338 -0
package/src/memory/ingress-member-store.ts +350 -0
package/src/memory/items-extractor.ts +91 -97
package/src/memory/job-handlers/index-maintenance.ts +3 -3
package/src/memory/job-handlers/media-processing.ts +11 -42
package/src/memory/job-handlers/summarization.ts +32 -26
package/src/memory/job-utils.ts +3 -10
package/src/memory/jobs-store.ts +6 -9
package/src/memory/jobs-worker.ts +51 -36
package/src/memory/migrations/001-job-deferrals.ts +45 -0
package/src/memory/migrations/002-tool-invocations-fk.ts +43 -0
package/src/memory/migrations/003-memory-fts-backfill.ts +24 -0
package/src/memory/migrations/004-entity-relation-dedup.ts +87 -0
package/src/memory/migrations/005-fingerprint-scope-unique.ts +80 -0
package/src/memory/migrations/006-scope-salted-fingerprints.ts +62 -0
package/src/memory/migrations/007-assistant-id-to-self.ts +254 -0
package/src/memory/migrations/008-remove-assistant-id-columns.ts +208 -0
package/src/memory/migrations/009-llm-usage-events-drop-assistant-id.ts +83 -0
package/src/memory/migrations/010-ext-conv-bindings-channel-chat-unique.ts +56 -0
package/src/memory/migrations/011-call-sessions-provider-sid-dedup.ts +63 -0
package/src/memory/migrations/012-call-sessions-add-initiated-from.ts +19 -0
package/src/memory/migrations/013-guardian-action-tables.ts +68 -0
package/src/memory/migrations/014-backfill-inbox-thread-state.ts +76 -0
package/src/memory/migrations/015-drop-active-search-index.ts +27 -0
package/src/memory/migrations/016-memory-segments-indexes.ts +11 -0
package/src/memory/migrations/017-memory-items-indexes.ts +12 -0
package/src/memory/migrations/018-remaining-table-indexes.ts +13 -0
package/src/memory/migrations/index.ts +24 -0
package/src/memory/migrations/registry.ts +79 -0
package/src/memory/migrations/validate-migration-state.ts +69 -0
package/src/memory/qdrant-manager.ts +49 -8
package/src/memory/query-builder.ts +1 -1
package/src/memory/raw-query.ts +119 -0
package/src/memory/recall-cache.ts +4 -1
package/src/memory/retriever.ts +163 -47
package/src/memory/schema-migration.ts +25 -984
package/src/memory/schema.ts +130 -7
package/src/memory/search/entity.ts +10 -19
package/src/memory/search/lexical.ts +81 -52
package/src/memory/search/ranking.ts +21 -22
package/src/memory/search/semantic.ts +157 -19
package/src/memory/shared-app-links-store.ts +4 -5
package/src/memory/validation.ts +19 -0
package/src/messaging/draft-store.ts +5 -6
package/src/messaging/providers/sms/adapter.ts +3 -6
package/src/messaging/providers/telegram-bot/adapter.ts +2 -5
package/src/messaging/providers/whatsapp/adapter.ts +136 -0
package/src/messaging/providers/whatsapp/client.ts +67 -0
package/src/messaging/style-analyzer.ts +5 -4
package/src/messaging/thread-summarizer.ts +61 -69
package/src/messaging/triage-engine.ts +62 -71
package/src/migrations/config-merge.ts +53 -0
package/src/migrations/data-layout.ts +68 -0
package/src/migrations/data-merge.ts +33 -0
package/src/migrations/hooks-merge.ts +90 -0
package/src/migrations/index.ts +6 -0
package/src/migrations/log.ts +23 -0
package/src/migrations/skills-merge.ts +33 -0
package/src/migrations/workspace-layout.ts +79 -0
package/src/permissions/checker.ts +126 -11
package/src/permissions/prompter.ts +14 -0
package/src/permissions/shell-identity.ts +31 -1
package/src/permissions/trust-store.ts +21 -1
package/src/providers/anthropic/client.ts +4 -4
package/src/providers/failover.ts +2 -2
package/src/providers/model-intents.ts +70 -0
package/src/providers/ollama/client.ts +2 -1
package/src/providers/provider-send-message.ts +176 -0
package/src/providers/registry.ts +71 -30
package/src/providers/retry.ts +35 -1
package/src/providers/types.ts +12 -1
package/src/runtime/approval-conversation-turn.ts +97 -0
package/src/runtime/approval-message-composer.ts +115 -5
package/src/runtime/assistant-event-hub.ts +3 -1
package/src/runtime/channel-approval-parser.ts +36 -2
package/src/runtime/channel-approvals.ts +0 -21
package/src/runtime/channel-guardian-service.ts +48 -7
package/src/runtime/channel-readiness-service.ts +160 -34
package/src/runtime/channel-readiness-types.ts +10 -4
package/src/runtime/channel-retry-sweep.ts +184 -0
package/src/runtime/guardian-context-resolver.ts +108 -0
package/src/runtime/http-server.ts +289 -745
package/src/runtime/http-types.ts +56 -3
package/src/runtime/middleware/auth.ts +116 -0
package/src/runtime/middleware/error-handler.ts +33 -0
package/src/runtime/middleware/twilio-validation.ts +127 -0
package/src/runtime/routes/app-routes.ts +1 -1
package/src/runtime/routes/call-routes.ts +49 -6
package/src/runtime/routes/channel-delivery-routes.ts +170 -0
package/src/runtime/routes/channel-guardian-routes.ts +1191 -0
package/src/runtime/routes/channel-inbound-routes.ts +1152 -0
package/src/runtime/routes/channel-route-shared.ts +144 -0
package/src/runtime/routes/channel-routes.ts +32 -1634
package/src/runtime/routes/conversation-routes.ts +50 -7
package/src/runtime/routes/events-routes.ts +2 -2
package/src/runtime/routes/identity-routes.ts +126 -0
package/src/runtime/routes/pairing-routes.ts +144 -0
package/src/runtime/routes/run-routes.ts +15 -1
package/src/runtime/run-orchestrator.ts +52 -34
package/src/schedule/schedule-store.ts +36 -32
package/src/schedule/scheduler.ts +3 -3
package/src/security/encrypted-store.ts +5 -7
package/src/security/oauth2.ts +45 -15
package/src/security/parental-control-store.ts +183 -0
package/src/security/secret-allowlist.ts +4 -3
package/src/security/secret-scanner.ts +5 -5
package/src/security/secure-keys.ts +1 -1
package/src/security/token-manager.ts +3 -2
package/src/services/vercel-deploy.ts +6 -2
package/src/skills/tool-manifest.ts +3 -3
package/src/skills/vellum-catalog-remote.ts +75 -16
package/src/slack/slack-webhook.ts +2 -1
package/src/swarm/orchestrator.ts +92 -1
package/src/swarm/router-planner.ts +6 -9
package/src/swarm/worker-prompts.ts +9 -12
package/src/tasks/task-compiler.ts +19 -28
package/src/tasks/task-runner.ts +1 -1
package/src/tools/assets/search.ts +15 -14
package/src/tools/browser/__tests__/auth-detector.test.ts +1 -0
package/src/tools/browser/auto-navigate.ts +1 -0
package/src/tools/browser/browser-execution.ts +13 -1
package/src/tools/browser/browser-manager.ts +119 -4
package/src/tools/browser/network-recorder.ts +5 -0
package/src/tools/credentials/broker.ts +11 -2
package/src/tools/credentials/metadata-store.ts +18 -14
package/src/tools/credentials/post-connect-hooks.ts +61 -0
package/src/tools/credentials/vault.ts +49 -23
package/src/tools/executor.ts +80 -18
package/src/tools/host-terminal/cli-discover.ts +1 -1
package/src/tools/network/script-proxy/http-forwarder.ts +1 -1
package/src/tools/network/script-proxy/mitm-handler.ts +1 -1
package/src/tools/network/script-proxy/server.ts +1 -1
package/src/tools/network/script-proxy/session-manager.ts +6 -5
package/src/tools/network/web-fetch.ts +18 -2
package/src/tools/network/web-search.ts +7 -3
package/src/tools/reminder/reminder-store.ts +14 -15
package/src/tools/schedule/create.ts +1 -0
package/src/tools/schedule/list.ts +2 -1
package/src/tools/shared/filesystem/file-ops-service.ts +5 -7
package/src/tools/skills/skill-script-runner.ts +24 -9
package/src/tools/skills/skill-tool-factory.ts +1 -0
package/src/tools/tasks/work-item-enqueue.ts +2 -2
package/src/tools/terminal/evaluate-typescript.ts +21 -12
package/src/tools/terminal/parser.ts +50 -0
package/src/tools/watcher/delete.ts +6 -0
package/src/tools/weather/service.ts +1 -1
package/src/twitter/client.ts +190 -24
package/src/twitter/session.ts +4 -3
package/src/util/clipboard.ts +1 -1
package/src/util/errors.ts +65 -8
package/src/util/fs.ts +40 -0
package/src/util/json.ts +10 -0
package/src/util/log-redact.ts +189 -0
package/src/util/logger.ts +25 -18
package/src/util/object.ts +3 -0
package/src/util/platform.ts +72 -365
package/src/util/pricing.ts +1 -1
package/src/util/promise-guard.ts +1 -1
package/src/util/retry.ts +19 -0
package/src/util/row-mapper.ts +79 -0
package/src/util/silently.ts +21 -0
package/src/watcher/engine.ts +5 -1
package/src/watcher/provider-types.ts +20 -0
package/src/watcher/providers/github.ts +156 -0
package/src/watcher/providers/gmail.ts +1 -0
package/src/watcher/providers/google-calendar.ts +1 -0
package/src/watcher/providers/linear.ts +460 -0
package/src/watcher/providers/slack.ts +1 -0
package/src/work-items/work-item-runner.ts +1 -1
package/src/workspace/git-service.ts +1 -1
package/src/workspace/provider-commit-message-generator.ts +51 -22
package/src/__tests__/call-bridge.test.ts +0 -517
package/src/__tests__/session-process-bridge.test.ts +0 -244
package/src/calls/call-bridge.ts +0 -168
package/src/config/bundled-skills/media-processing/services/capability-registry.ts +0 -137
package/src/config/bundled-skills/media-processing/services/event-detection-service.ts +0 -280
package/src/config/bundled-skills/media-processing/services/feedback-aggregation.ts +0 -144
package/src/config/bundled-skills/media-processing/services/feedback-store.ts +0 -136
package/src/config/bundled-skills/media-processing/services/retrieval-service.ts +0 -95
package/src/config/bundled-skills/media-processing/services/timeline-service.ts +0 -267
package/src/config/bundled-skills/media-processing/tools/detect-events.ts +0 -110
package/src/config/bundled-skills/media-processing/tools/recalibrate.ts +0 -235
package/src/config/bundled-skills/media-processing/tools/select-tracking-profile.ts +0 -142
package/src/config/bundled-skills/media-processing/tools/submit-feedback.ts +0 -150
package/src/config/vellum-skills/google-oauth-setup/SKILL.md +0 -199

package/src/runtime/routes/channel-guardian-routes.ts ADDED Viewed

@@ -0,0 +1,1191 @@
+/**
+ * Guardian/approval routes: approval interception, approval prompt delivery,
+ * and guardian expiry sweep.
+ */
+import type { ChannelId } from '../../channels/types.js';
+import { getPendingConfirmationsByConversation } from '../../memory/runs-store.js';
+import { getLogger } from '../../util/logger.js';
+import {
+  getPendingApprovalByRunAndGuardianChat,
+  getAllPendingApprovalsByGuardianChat,
+  getPendingApprovalForRun,
+  getUnresolvedApprovalForRun,
+  getExpiredPendingApprovals,
+  updateApprovalDecision,
+} from '../../memory/channel-guardian-store.js';
+import { deliverChannelReply, deliverApprovalPrompt } from '../gateway-client.js';
+import { parseApprovalDecision } from '../channel-approval-parser.js';
+import {
+  getChannelApprovalPrompt,
+  handleChannelDecision,
+  channelSupportsRichApprovalUI,
+} from '../channel-approvals.js';
+import { runApprovalConversationTurn } from '../approval-conversation-turn.js';
+import type {
+  ApprovalDecisionResult,
+  ApprovalUIMetadata,
+  ChannelApprovalPrompt,
+} from '../channel-approval-types.js';
+import type { RunOrchestrator } from '../run-orchestrator.js';
+import type {
+  ApprovalCopyGenerator,
+  ApprovalConversationGenerator,
+  ApprovalConversationContext,
+} from '../http-types.js';
+import { composeApprovalMessageGenerative } from '../approval-message-composer.js';
+import type { ApprovalMessageContext } from '../approval-message-composer.js';
+import {
+  type GuardianContext,
+  parseCallbackData,
+  requiredDecisionKeywords,
+  buildGuardianDenyContext,
+} from './channel-route-shared.js';
+import { schedulePostDecisionDelivery } from './channel-delivery-routes.js';
+const log = getLogger('runtime-http');
+// ---------------------------------------------------------------------------
+// Approval prompt delivery
+// ---------------------------------------------------------------------------
+interface DeliverGeneratedApprovalPromptParams {
+  replyCallbackUrl: string;
+  chatId: string;
+  sourceChannel: ChannelId;
+  assistantId: string;
+  bearerToken?: string;
+  prompt: ChannelApprovalPrompt;
+  uiMetadata: ApprovalUIMetadata;
+  messageContext: ApprovalMessageContext;
+  approvalCopyGenerator?: ApprovalCopyGenerator;
+}
+/**
+ * Deliver approval prompts with best-available UX:
+ * 1) Rich UI (buttons) when supported
+ * 2) Plain-text fallback if rich delivery fails
+ * 3) Plain-text path for channels without rich UI
+ */
+export async function deliverGeneratedApprovalPrompt(params: DeliverGeneratedApprovalPromptParams): Promise<boolean> {
+  const {
+    replyCallbackUrl,
+    chatId,
+    sourceChannel,
+    assistantId,
+    bearerToken,
+    prompt,
+    uiMetadata,
+    messageContext,
+    approvalCopyGenerator,
+  } = params;
+  const keywords = requiredDecisionKeywords(uiMetadata.actions);
+  if (channelSupportsRichApprovalUI(sourceChannel)) {
+    const richText = await composeApprovalMessageGenerative(
+      { ...messageContext, channel: sourceChannel, richUi: true },
+      { fallbackText: prompt.promptText },
+      approvalCopyGenerator,
+    );
+    try {
+      await deliverApprovalPrompt(
+        replyCallbackUrl,
+        chatId,
+        richText,
+        uiMetadata,
+        assistantId,
+        bearerToken,
+      );
+      return true;
+    } catch (err) {
+      log.error(
+        { err, chatId, sourceChannel },
+        'Failed to deliver rich approval prompt, attempting plain-text fallback',
+      );
+    }
+    const plainTextFallback = await composeApprovalMessageGenerative(
+      { ...messageContext, channel: sourceChannel, richUi: false },
+      { fallbackText: prompt.plainTextFallback, requiredKeywords: keywords },
+      approvalCopyGenerator,
+    );
+    // Embed the run reference so plain-text replies can disambiguate when
+    // multiple approvals are pending for the same guardian chat.
+    const taggedFallback = `${plainTextFallback}\n[ref:${uiMetadata.runId}]`;
+    try {
+      await deliverChannelReply(replyCallbackUrl, {
+        chatId,
+        text: taggedFallback,
+        assistantId,
+      }, bearerToken);
+      return true;
+    } catch (err) {
+      log.error(
+        { err, chatId, sourceChannel },
+        'Failed to deliver plain-text fallback approval prompt',
+      );
+      return false;
+    }
+  }
+  const plainText = await composeApprovalMessageGenerative(
+    { ...messageContext, channel: sourceChannel, richUi: false },
+    { fallbackText: prompt.plainTextFallback, requiredKeywords: keywords },
+    approvalCopyGenerator,
+  );
+  // Embed the run reference for disambiguation in multi-pending scenarios.
+  const taggedPlainText = `${plainText}\n[ref:${uiMetadata.runId}]`;
+  try {
+    await deliverChannelReply(replyCallbackUrl, {
+      chatId,
+      text: taggedPlainText,
+      assistantId,
+    }, bearerToken);
+    return true;
+  } catch (err) {
+    log.error({ err, chatId, sourceChannel }, 'Failed to deliver plain-text approval prompt');
+    return false;
+  }
+}
+// ---------------------------------------------------------------------------
+// Approval interception
+// ---------------------------------------------------------------------------
+export interface ApprovalInterceptionParams {
+  conversationId: string;
+  callbackData?: string;
+  content: string;
+  externalChatId: string;
+  sourceChannel: ChannelId;
+  senderExternalUserId?: string;
+  replyCallbackUrl: string;
+  bearerToken?: string;
+  orchestrator: RunOrchestrator;
+  guardianCtx: GuardianContext;
+  assistantId: string;
+  approvalCopyGenerator?: ApprovalCopyGenerator;
+  approvalConversationGenerator?: ApprovalConversationGenerator;
+}
+export interface ApprovalInterceptionResult {
+  handled: boolean;
+  type?: 'decision_applied' | 'assistant_turn' | 'guardian_decision_applied' | 'stale_ignored';
+}
+/**
+ * Check for pending approvals and handle inbound messages accordingly.
+ *
+ * Returns `{ handled: true }` when the message was consumed by the approval
+ * flow (either as a decision or a reminder), so the caller should NOT proceed
+ * to normal message processing.
+ *
+ * When the sender is a guardian responding from their chat, also checks for
+ * pending guardian approval requests and routes the decision accordingly.
+ */
+export async function handleApprovalInterception(
+  params: ApprovalInterceptionParams,
+): Promise<ApprovalInterceptionResult> {
+  const {
+    conversationId,
+    callbackData,
+    content,
+    externalChatId,
+    sourceChannel,
+    senderExternalUserId,
+    replyCallbackUrl,
+    bearerToken,
+    orchestrator,
+    guardianCtx,
+    assistantId,
+    approvalCopyGenerator,
+    approvalConversationGenerator,
+  } = params;
+  // ── Guardian approval decision path ──
+  // When the sender is the guardian and there's a pending guardian approval
+  // request targeting this chat, the message might be a decision on behalf
+  // of a non-guardian requester.
+  if (
+    guardianCtx.actorRole === 'guardian' &&
+    senderExternalUserId
+  ) {
+    // Callback/button path: deterministic and takes priority.
+    let callbackDecision: ApprovalDecisionResult | null = null;
+    if (callbackData) {
+      callbackDecision = parseCallbackData(callbackData);
+    }
+    // When a callback button provides a run ID, use the scoped lookup so
+    // the decision resolves to exactly the right approval even when
+    // multiple approvals target the same guardian chat.
+    let guardianApproval = callbackDecision?.runId
+      ? getPendingApprovalByRunAndGuardianChat(callbackDecision.runId, sourceChannel, externalChatId, assistantId)
+      : null;
+    // When the scoped lookup didn't resolve an approval (either because
+    // there was no callback or the runId pointed to a stale/expired run),
+    // fall back to checking all pending approvals for this guardian chat.
+    if (!guardianApproval && callbackDecision) {
+      const allPending = getAllPendingApprovalsByGuardianChat(sourceChannel, externalChatId, assistantId);
+      if (allPending.length === 1) {
+        guardianApproval = allPending[0];
+      } else if (allPending.length > 1) {
+        // The callback targeted a stale/expired run but the guardian has other
+        // pending approvals. Inform them the clicked approval is no longer valid.
+        try {
+          const staleText = await composeApprovalMessageGenerative({
+            scenario: 'guardian_disambiguation',
+            pendingCount: allPending.length,
+            channel: sourceChannel,
+          }, {}, approvalCopyGenerator);
+          await deliverChannelReply(replyCallbackUrl, {
+            chatId: externalChatId,
+            text: staleText,
+            assistantId,
+          }, bearerToken);
+        } catch (err) {
+          log.error({ err, externalChatId }, 'Failed to deliver stale callback disambiguation notice');
+        }
+        return { handled: true, type: 'stale_ignored' };
+      }
+    }
+    // For plain-text messages (no callback), check if there are any pending
+    // approvals for this guardian chat to route through the conversation engine.
+    if (!guardianApproval && !callbackDecision) {
+      const allPending = getAllPendingApprovalsByGuardianChat(sourceChannel, externalChatId, assistantId);
+      if (allPending.length === 1) {
+        guardianApproval = allPending[0];
+      } else if (allPending.length > 1) {
+        // Multiple pending — pick the first approval matching this sender as
+        // primary context. The conversation engine sees all matching approvals
+        // via pendingApprovals and can disambiguate.
+        guardianApproval = allPending.find(a => a.guardianExternalUserId === senderExternalUserId) ?? allPending[0];
+      }
+    }
+    if (guardianApproval) {
+      // Validate that the sender is the specific guardian who was assigned
+      // this approval request. This is a defense-in-depth check — the
+      // actorRole check above already verifies the sender is a guardian,
+      // but this catches edge cases like binding rotation between request
+      // creation and decision.
+      if (senderExternalUserId !== guardianApproval.guardianExternalUserId) {
+        log.warn(
+          { externalChatId, senderExternalUserId, expectedGuardian: guardianApproval.guardianExternalUserId },
+          'Non-guardian sender attempted to act on guardian approval request',
+        );
+        try {
+          const mismatchText = await composeApprovalMessageGenerative({
+            scenario: 'guardian_identity_mismatch',
+            channel: sourceChannel,
+          }, {}, approvalCopyGenerator);
+          await deliverChannelReply(replyCallbackUrl, {
+            chatId: externalChatId,
+            text: mismatchText,
+            assistantId,
+          }, bearerToken);
+        } catch (err) {
+          log.error({ err, externalChatId }, 'Failed to deliver guardian identity rejection notice');
+        }
+        return { handled: true, type: 'guardian_decision_applied' };
+      }
+      if (callbackDecision) {
+        // approve_always is not available for guardian approvals — guardians
+        // should not be able to permanently allowlist tools on behalf of the
+        // requester. Downgrade to approve_once.
+        if (callbackDecision.action === 'approve_always') {
+          callbackDecision = { ...callbackDecision, action: 'approve_once' };
+        }
+        // Apply the decision to the underlying run using the requester's
+        // conversation context
+        const result = handleChannelDecision(
+          guardianApproval.conversationId,
+          callbackDecision,
+          orchestrator,
+        );
+        if (result.applied) {
+          // Update the guardian approval request record only when the decision
+          // was actually applied. If the run was already resolved (race with
+          // expiry sweep or concurrent callback), skip to avoid inconsistency.
+          const approvalStatus = callbackDecision.action === 'reject' ? 'denied' as const : 'approved' as const;
+          updateApprovalDecision(guardianApproval.id, {
+            status: approvalStatus,
+            decidedByExternalUserId: senderExternalUserId,
+          });
+          // Notify the requester's chat about the outcome with the tool name
+          const outcomeText = await composeApprovalMessageGenerative({
+            scenario: 'guardian_decision_outcome',
+            decision: callbackDecision.action === 'reject' ? 'denied' : 'approved',
+            toolName: guardianApproval.toolName,
+            channel: sourceChannel,
+          }, {}, approvalCopyGenerator);
+          try {
+            await deliverChannelReply(replyCallbackUrl, {
+              chatId: guardianApproval.requesterChatId,
+              text: outcomeText,
+              assistantId,
+            }, bearerToken);
+          } catch (err) {
+            log.error({ err, conversationId: guardianApproval.conversationId }, 'Failed to notify requester of guardian decision');
+          }
+          // Schedule post-decision delivery to the requester's chat in case
+          // the original poll has already exited.
+          if (result.runId) {
+            schedulePostDecisionDelivery(
+              orchestrator,
+              result.runId,
+              guardianApproval.conversationId,
+              guardianApproval.requesterChatId,
+              replyCallbackUrl,
+              bearerToken,
+              assistantId,
+            );
+          }
+          return { handled: true, type: 'guardian_decision_applied' };
+        }
+        // Race condition: callback arrived after run was already resolved.
+        return { handled: true, type: 'stale_ignored' };
+      }
+      // ── Conversational engine for guardian plain-text messages ──
+      // Gather all pending guardian approvals for this chat so the engine
+      // can handle disambiguation when multiple are pending.
+      const allGuardianPending = getAllPendingApprovalsByGuardianChat(sourceChannel, externalChatId, assistantId);
+      // Only present approvals that belong to this sender so the engine
+      // does not offer disambiguation for requests assigned to a rotated
+      // guardian the sender cannot act on.
+      const senderPending = allGuardianPending.filter(a => a.guardianExternalUserId === senderExternalUserId);
+      const effectivePending = senderPending.length > 0 ? senderPending : allGuardianPending;
+      if (effectivePending.length > 0 && approvalConversationGenerator && content) {
+        const guardianAllowedActions = ['approve_once', 'reject'];
+        const engineContext: ApprovalConversationContext = {
+          toolName: guardianApproval.toolName,
+          allowedActions: guardianAllowedActions,
+          role: 'guardian',
+          pendingApprovals: effectivePending.map((a) => ({ runId: a.runId, toolName: a.toolName })),
+          userMessage: content,
+        };
+        const engineResult = await runApprovalConversationTurn(engineContext, approvalConversationGenerator);
+        if (engineResult.disposition === 'keep_pending') {
+          // Non-decision follow-up (clarification, disambiguation, etc.)
+          try {
+            await deliverChannelReply(replyCallbackUrl, {
+              chatId: externalChatId,
+              text: engineResult.replyText,
+              assistantId,
+            }, bearerToken);
+          } catch (err) {
+            log.error({ err, conversationId: guardianApproval.conversationId }, 'Failed to deliver guardian conversation reply');
+          }
+          return { handled: true, type: 'assistant_turn' };
+        }
+        // Decision-bearing disposition from the engine
+        let decisionAction = engineResult.disposition as 'approve_once' | 'approve_always' | 'reject';
+        // Belt-and-suspenders: guardians cannot approve_always even if the
+        // engine returns it (the engine's allowedActions validation should
+        // already prevent this, but enforce it here too).
+        if (decisionAction === 'approve_always') {
+          decisionAction = 'approve_once';
+        }
+        // Resolve the target approval: use targetRunId from the engine if
+        // provided, otherwise use the single guardian approval.
+        const targetApproval = engineResult.targetRunId
+          ? allGuardianPending.find((a) => a.runId === engineResult.targetRunId) ?? guardianApproval
+          : guardianApproval;
+        // Re-validate guardian identity against the resolved target. The
+        // engine may select a different pending approval (via targetRunId)
+        // that was assigned to a different guardian. Without this check a
+        // currently bound guardian could act on a request assigned to a
+        // previous guardian after a binding rotation.
+        if (senderExternalUserId !== targetApproval.guardianExternalUserId) {
+          log.warn(
+            { externalChatId, senderExternalUserId, expectedGuardian: targetApproval.guardianExternalUserId, targetRunId: engineResult.targetRunId },
+            'Guardian identity mismatch on engine-selected target approval',
+          );
+          try {
+            const mismatchText = await composeApprovalMessageGenerative({
+              scenario: 'guardian_identity_mismatch',
+              channel: sourceChannel,
+            }, {}, approvalCopyGenerator);
+            await deliverChannelReply(replyCallbackUrl, {
+              chatId: externalChatId,
+              text: mismatchText,
+              assistantId,
+            }, bearerToken);
+          } catch (err) {
+            log.error({ err, externalChatId }, 'Failed to deliver guardian identity mismatch notice for engine target');
+          }
+          return { handled: true, type: 'guardian_decision_applied' };
+        }
+        const engineDecision: ApprovalDecisionResult = {
+          action: decisionAction,
+          source: 'plain_text',
+          ...(engineResult.targetRunId ? { runId: engineResult.targetRunId } : {}),
+        };
+        const result = handleChannelDecision(
+          targetApproval.conversationId,
+          engineDecision,
+          orchestrator,
+        );
+        if (result.applied) {
+          // Update the guardian approval request record only when the decision
+          // was actually applied. If the run was already resolved (race with
+          // expiry sweep or concurrent callback), skip to avoid inconsistency.
+          const approvalStatus = decisionAction === 'reject' ? 'denied' as const : 'approved' as const;
+          updateApprovalDecision(targetApproval.id, {
+            status: approvalStatus,
+            decidedByExternalUserId: senderExternalUserId,
+          });
+          // Notify the requester's chat about the outcome
+          const outcomeText = await composeApprovalMessageGenerative({
+            scenario: 'guardian_decision_outcome',
+            decision: decisionAction === 'reject' ? 'denied' : 'approved',
+            toolName: targetApproval.toolName,
+            channel: sourceChannel,
+          }, {}, approvalCopyGenerator);
+          try {
+            await deliverChannelReply(replyCallbackUrl, {
+              chatId: targetApproval.requesterChatId,
+              text: outcomeText,
+              assistantId,
+            }, bearerToken);
+          } catch (err) {
+            log.error({ err, conversationId: targetApproval.conversationId }, 'Failed to notify requester of guardian decision');
+          }
+          // Schedule post-decision delivery to the requester's chat
+          if (result.runId) {
+            schedulePostDecisionDelivery(
+              orchestrator,
+              result.runId,
+              targetApproval.conversationId,
+              targetApproval.requesterChatId,
+              replyCallbackUrl,
+              bearerToken,
+              assistantId,
+            );
+          }
+          // Deliver the engine's reply to the guardian
+          try {
+            await deliverChannelReply(replyCallbackUrl, {
+              chatId: externalChatId,
+              text: engineResult.replyText,
+              assistantId,
+            }, bearerToken);
+          } catch (err) {
+            log.error({ err, conversationId: targetApproval.conversationId }, 'Failed to deliver guardian decision reply');
+          }
+          return { handled: true, type: 'guardian_decision_applied' };
+        }
+        // Race condition: run was already resolved. Deliver a stale notice
+        // instead of the engine's optimistic reply.
+        try {
+          const staleText = await composeApprovalMessageGenerative({
+            scenario: 'approval_already_resolved',
+            channel: sourceChannel,
+          }, {}, approvalCopyGenerator);
+          await deliverChannelReply(replyCallbackUrl, {
+            chatId: externalChatId,
+            text: staleText,
+            assistantId,
+          }, bearerToken);
+        } catch (err) {
+          log.error({ err, conversationId: targetApproval.conversationId }, 'Failed to deliver stale guardian approval notice');
+        }
+        return { handled: true, type: 'stale_ignored' };
+      }
+      // ── Legacy fallback when no conversational engine is available ──
+      // Use the deterministic parser to handle guardian plain-text so that
+      // simple yes/no replies still work when the engine is not injected.
+      if (content && !approvalConversationGenerator) {
+        const legacyGuardianDecision = parseApprovalDecision(content);
+        if (legacyGuardianDecision) {
+          // Guardians cannot approve_always — downgrade to approve_once.
+          if (legacyGuardianDecision.action === 'approve_always') {
+            legacyGuardianDecision.action = 'approve_once';
+          }
+          // Resolve the target approval: when a [ref:<runId>] tag is
+          // present, look up the specific pending approval by that runId
+          // so the decision applies to the correct conversation even when
+          // multiple guardian approvals are pending.
+          let targetLegacyApproval = guardianApproval;
+          if (legacyGuardianDecision.runId) {
+            const resolvedByRun = getPendingApprovalByRunAndGuardianChat(
+              legacyGuardianDecision.runId,
+              sourceChannel,
+              externalChatId,
+              assistantId,
+            );
+            if (!resolvedByRun) {
+              // The referenced run doesn't match any pending guardian
+              // approval — it may have expired or already been resolved.
+              try {
+                const staleText = await composeApprovalMessageGenerative({
+                  scenario: 'guardian_disambiguation',
+                  channel: sourceChannel,
+                }, {}, approvalCopyGenerator);
+                await deliverChannelReply(replyCallbackUrl, {
+                  chatId: externalChatId,
+                  text: staleText,
+                  assistantId,
+                }, bearerToken);
+              } catch (err) {
+                log.error({ err, externalChatId }, 'Failed to deliver stale approval notice (legacy path)');
+              }
+              return { handled: true, type: 'stale_ignored' };
+            }
+            targetLegacyApproval = resolvedByRun;
+          }
+          // Re-validate guardian identity against the resolved target.
+          // The default guardianApproval was already checked, but a
+          // runId-resolved approval may belong to a different guardian.
+          if (senderExternalUserId !== targetLegacyApproval.guardianExternalUserId) {
+            log.warn(
+              { externalChatId, senderExternalUserId, expectedGuardian: targetLegacyApproval.guardianExternalUserId, runId: legacyGuardianDecision.runId },
+              'Guardian identity mismatch on legacy run-ref resolved target approval',
+            );
+            try {
+              const mismatchText = await composeApprovalMessageGenerative({
+                scenario: 'guardian_identity_mismatch',
+                channel: sourceChannel,
+              }, {}, approvalCopyGenerator);
+              await deliverChannelReply(replyCallbackUrl, {
+                chatId: externalChatId,
+                text: mismatchText,
+                assistantId,
+              }, bearerToken);
+            } catch (err) {
+              log.error({ err, externalChatId }, 'Failed to deliver guardian identity mismatch notice (legacy path)');
+            }
+            return { handled: true, type: 'guardian_decision_applied' };
+          }
+          const result = handleChannelDecision(
+            targetLegacyApproval.conversationId,
+            legacyGuardianDecision,
+            orchestrator,
+          );
+          if (result.applied) {
+            const approvalStatus = legacyGuardianDecision.action === 'reject' ? 'denied' as const : 'approved' as const;
+            updateApprovalDecision(targetLegacyApproval.id, {
+              status: approvalStatus,
+              decidedByExternalUserId: senderExternalUserId,
+            });
+            // Notify the requester's chat about the outcome
+            const outcomeText = await composeApprovalMessageGenerative({
+              scenario: 'guardian_decision_outcome',
+              decision: legacyGuardianDecision.action === 'reject' ? 'denied' : 'approved',
+              toolName: targetLegacyApproval.toolName,
+              channel: sourceChannel,
+            }, {}, approvalCopyGenerator);
+            try {
+              await deliverChannelReply(replyCallbackUrl, {
+                chatId: targetLegacyApproval.requesterChatId,
+                text: outcomeText,
+                assistantId,
+              }, bearerToken);
+            } catch (err) {
+              log.error({ err, conversationId: targetLegacyApproval.conversationId }, 'Failed to notify requester of guardian decision (legacy path)');
+            }
+            if (result.runId) {
+              schedulePostDecisionDelivery(
+                orchestrator,
+                result.runId,
+                targetLegacyApproval.conversationId,
+                targetLegacyApproval.requesterChatId,
+                replyCallbackUrl,
+                bearerToken,
+                assistantId,
+              );
+            }
+            return { handled: true, type: 'guardian_decision_applied' };
+          }
+          // Race condition: run was already resolved. Deliver stale notice.
+          try {
+            const staleText = await composeApprovalMessageGenerative({
+              scenario: 'approval_already_resolved',
+              channel: sourceChannel,
+            }, {}, approvalCopyGenerator);
+            await deliverChannelReply(replyCallbackUrl, {
+              chatId: externalChatId,
+              text: staleText,
+              assistantId,
+            }, bearerToken);
+          } catch (err) {
+            log.error({ err, conversationId: targetLegacyApproval.conversationId }, 'Failed to deliver stale guardian legacy fallback notice');
+          }
+          return { handled: true, type: 'stale_ignored' };
+        }
+        // No decision could be parsed — send a generic reminder to the guardian
+        try {
+          const reminderText = await composeApprovalMessageGenerative({
+            scenario: 'reminder_prompt',
+            toolName: guardianApproval.toolName,
+            channel: sourceChannel,
+          }, {}, approvalCopyGenerator);
+          await deliverChannelReply(replyCallbackUrl, {
+            chatId: externalChatId,
+            text: reminderText,
+            assistantId,
+          }, bearerToken);
+        } catch (err) {
+          log.error({ err, conversationId: guardianApproval.conversationId }, 'Failed to deliver guardian reminder (legacy path)');
+        }
+        return { handled: true, type: 'assistant_turn' };
+      }
+      // No content and no engine — nothing to do, fall through to standard
+      // approval interception below.
+    }
+  }
+  // ── Standard approval interception (existing flow) ──
+  const pendingPrompt = getChannelApprovalPrompt(conversationId);
+  if (!pendingPrompt) return { handled: false };
+  // When the sender is from an unverified channel, auto-deny any pending
+  // confirmation and block self-approval.
+  if (guardianCtx.actorRole === 'unverified_channel') {
+    const pending = getPendingConfirmationsByConversation(conversationId);
+    if (pending.length > 0) {
+      const denyResult = handleChannelDecision(
+        conversationId,
+        { action: 'reject', source: 'plain_text' },
+        orchestrator,
+        buildGuardianDenyContext(
+          pending[0].toolName,
+          guardianCtx.denialReason ?? 'no_binding',
+          sourceChannel,
+        ),
+      );
+      if (denyResult.applied && denyResult.runId) {
+        schedulePostDecisionDelivery(
+          orchestrator,
+          denyResult.runId,
+          conversationId,
+          externalChatId,
+          replyCallbackUrl,
+          bearerToken,
+          assistantId,
+        );
+      }
+      return { handled: true, type: 'decision_applied' };
+    }
+  }
+  // When the sender is a non-guardian and there's a pending guardian approval
+  // for this conversation's run, block self-approval. The non-guardian must
+  // wait for the guardian to decide.
+  if (guardianCtx.actorRole === 'non-guardian') {
+    const pending = getPendingConfirmationsByConversation(conversationId);
+    if (pending.length > 0) {
+      const guardianApprovalForRun = getPendingApprovalForRun(pending[0].runId);
+      if (guardianApprovalForRun) {
+        // Allow the requester to cancel their own pending guardian request.
+        // Only reject/cancel is permitted — self-approval is still blocked.
+        if (content) {
+          let requesterCancelIntent = false;
+          let cancelReplyText: string | undefined;
+          let requesterFollowupReplyText: string | undefined;
+          // Interpret requester follow-ups through the conversation engine so
+          // "nevermind/cancel" resolves naturally while clarifying questions
+          // remain conversational turns.
+          if (approvalConversationGenerator) {
+            const cancelContext: ApprovalConversationContext = {
+              toolName: pending[0].toolName,
+              allowedActions: ['reject'],
+              role: 'requester',
+              pendingApprovals: pending.map(p => ({ runId: p.runId, toolName: p.toolName })),
+              userMessage: content,
+            };
+            const cancelResult = await runApprovalConversationTurn(cancelContext, approvalConversationGenerator);
+            if (cancelResult.disposition === 'reject') {
+              requesterCancelIntent = true;
+              cancelReplyText = cancelResult.replyText;
+            } else if (cancelResult.disposition === 'keep_pending') {
+              requesterFollowupReplyText = cancelResult.replyText;
+            }
+          }
+          if (requesterCancelIntent) {
+            const rejectDecision: ApprovalDecisionResult = {
+              action: 'reject',
+              source: 'plain_text',
+            };
+            const cancelApplyResult = handleChannelDecision(conversationId, rejectDecision, orchestrator);
+            if (cancelApplyResult.applied) {
+              updateApprovalDecision(guardianApprovalForRun.id, {
+                status: 'denied',
+                decidedByExternalUserId: senderExternalUserId,
+              });
+              // Notify requester
+              const replyText = cancelReplyText ?? await composeApprovalMessageGenerative({
+                scenario: 'requester_cancel',
+                toolName: pending[0].toolName,
+                channel: sourceChannel,
+              }, {}, approvalCopyGenerator);
+              try {
+                await deliverChannelReply(replyCallbackUrl, {
+                  chatId: externalChatId,
+                  text: replyText,
+                  assistantId,
+                }, bearerToken);
+              } catch (err) {
+                log.error({ err, conversationId }, 'Failed to deliver requester cancel notice');
+              }
+              // Notify guardian that the request was cancelled
+              try {
+                const guardianNotice = await composeApprovalMessageGenerative({
+                  scenario: 'guardian_decision_outcome',
+                  decision: 'denied',
+                  toolName: pending[0].toolName,
+                  channel: sourceChannel,
+                }, {}, approvalCopyGenerator);
+                await deliverChannelReply(replyCallbackUrl, {
+                  chatId: guardianApprovalForRun.guardianChatId,
+                  text: guardianNotice,
+                  assistantId,
+                }, bearerToken);
+              } catch (err) {
+                log.error({ err, conversationId }, 'Failed to notify guardian of requester cancellation');
+              }
+              if (cancelApplyResult.runId) {
+                schedulePostDecisionDelivery(
+                  orchestrator, cancelApplyResult.runId, conversationId, externalChatId,
+                  replyCallbackUrl, bearerToken, assistantId,
+                );
+              }
+              return { handled: true, type: 'decision_applied' };
+            }
+            // Race condition: approval was already resolved elsewhere.
+            try {
+              const staleText = await composeApprovalMessageGenerative({
+                scenario: 'approval_already_resolved',
+                channel: sourceChannel,
+              }, {}, approvalCopyGenerator);
+              await deliverChannelReply(replyCallbackUrl, {
+                chatId: externalChatId,
+                text: staleText,
+                assistantId,
+              }, bearerToken);
+            } catch (err) {
+              log.error({ err, conversationId }, 'Failed to deliver stale requester-cancel notice');
+            }
+            return { handled: true, type: 'stale_ignored' };
+          }
+          if (requesterFollowupReplyText) {
+            try {
+              await deliverChannelReply(replyCallbackUrl, {
+                chatId: externalChatId,
+                text: requesterFollowupReplyText,
+                assistantId,
+              }, bearerToken);
+            } catch (err) {
+              log.error({ err, conversationId }, 'Failed to deliver requester follow-up reply while awaiting guardian');
+            }
+            return { handled: true, type: 'assistant_turn' };
+          }
+        }
+        // Not a cancel intent — tell the requester their request is pending
+        try {
+          const pendingText = await composeApprovalMessageGenerative({
+            scenario: 'request_pending_guardian',
+            channel: sourceChannel,
+          }, {}, approvalCopyGenerator);
+          await deliverChannelReply(replyCallbackUrl, {
+            chatId: externalChatId,
+            text: pendingText,
+            assistantId,
+          }, bearerToken);
+        } catch (err) {
+          log.error({ err, conversationId }, 'Failed to deliver guardian-pending notice to requester');
+        }
+        return { handled: true, type: 'assistant_turn' };
+      }
+      // Check for an expired-but-unresolved guardian approval. If the approval
+      // expired without a guardian decision, auto-deny the run and transition
+      // the approval to 'expired'. Without this, the requester could bypass
+      // guardian-only controls by simply waiting for the TTL to elapse.
+      const unresolvedApproval = getUnresolvedApprovalForRun(pending[0].runId);
+      if (unresolvedApproval) {
+        updateApprovalDecision(unresolvedApproval.id, { status: 'expired' });
+        // Auto-deny the underlying run so it does not remain actionable
+        const expiredDecision: ApprovalDecisionResult = {
+          action: 'reject',
+          source: 'plain_text',
+        };
+        handleChannelDecision(conversationId, expiredDecision, orchestrator);
+        try {
+          const expiredText = await composeApprovalMessageGenerative({
+            scenario: 'guardian_expired_requester',
+            toolName: pending[0].toolName,
+            channel: sourceChannel,
+          }, {}, approvalCopyGenerator);
+          await deliverChannelReply(replyCallbackUrl, {
+            chatId: externalChatId,
+            text: expiredText,
+            assistantId,
+          }, bearerToken);
+        } catch (err) {
+          log.error({ err, conversationId }, 'Failed to deliver guardian-expiry notice to requester');
+        }
+        return { handled: true, type: 'decision_applied' };
+      }
+    }
+  }
+  // Try to extract a decision from callback data (button press) first.
+  // Callback/button path remains deterministic and takes priority.
+  if (callbackData) {
+    const cbDecision = parseCallbackData(callbackData);
+    if (cbDecision) {
+      // When the decision came from a callback button, validate that the embedded
+      // run ID matches the currently pending run. A stale button (from a previous
+      // approval prompt) must not apply to a different pending run.
+      if (cbDecision.runId) {
+        const pending = getPendingConfirmationsByConversation(conversationId);
+        if (pending.length === 0 || pending[0].runId !== cbDecision.runId) {
+          log.warn(
+            { conversationId, callbackRunId: cbDecision.runId, pendingRunId: pending[0]?.runId },
+            'Callback run ID does not match pending run, ignoring stale button press',
+          );
+          return { handled: true, type: 'stale_ignored' };
+        }
+      }
+      const result = handleChannelDecision(conversationId, cbDecision, orchestrator);
+      if (result.applied) {
+        // Schedule a background poll for run terminal state and deliver the reply.
+        // This handles the case where the original poll in
+        // processChannelMessageWithApprovals has already exited due to timeout.
+        // The claimRunDelivery guard ensures at-most-once delivery when both
+        // pollers race to terminal state.
+        if (result.runId) {
+          schedulePostDecisionDelivery(
+            orchestrator,
+            result.runId,
+            conversationId,
+            externalChatId,
+            replyCallbackUrl,
+            bearerToken,
+            assistantId,
+          );
+        }
+        return { handled: true, type: 'decision_applied' };
+      }
+      // Race condition: run was already resolved between the stale check
+      // above and the decision attempt.
+      return { handled: true, type: 'stale_ignored' };
+    }
+  }
+  // ── Conversational approval engine for plain-text messages ──
+  // Instead of deterministic keyword matching and reminder prompts, delegate
+  // to the conversational approval engine which can classify natural language
+  // and respond conversationally.
+  const pending = getPendingConfirmationsByConversation(conversationId);
+  if (pending.length > 0 && approvalConversationGenerator && content) {
+    const allowedActions = pendingPrompt.actions.map((a) => a.id);
+    const engineContext: ApprovalConversationContext = {
+      toolName: pending[0].toolName,
+      allowedActions,
+      role: 'requester',
+      pendingApprovals: pending.map((p) => ({ runId: p.runId, toolName: p.toolName })),
+      userMessage: content,
+    };
+    const engineResult = await runApprovalConversationTurn(engineContext, approvalConversationGenerator);
+    if (engineResult.disposition === 'keep_pending') {
+      // Non-decision follow-up — deliver the engine's reply and keep the run pending
+      try {
+        await deliverChannelReply(replyCallbackUrl, {
+          chatId: externalChatId,
+          text: engineResult.replyText,
+          assistantId,
+        }, bearerToken);
+      } catch (err) {
+        log.error({ err, conversationId }, 'Failed to deliver approval conversation reply');
+      }
+      return { handled: true, type: 'assistant_turn' };
+    }
+    // Decision-bearing disposition — map to ApprovalDecisionResult and apply
+    const decisionAction = engineResult.disposition as 'approve_once' | 'approve_always' | 'reject';
+    const engineDecision: ApprovalDecisionResult = {
+      action: decisionAction,
+      source: 'plain_text',
+      ...(engineResult.targetRunId ? { runId: engineResult.targetRunId } : {}),
+    };
+    const result = handleChannelDecision(conversationId, engineDecision, orchestrator);
+    if (result.applied) {
+      if (result.runId) {
+        schedulePostDecisionDelivery(
+          orchestrator,
+          result.runId,
+          conversationId,
+          externalChatId,
+          replyCallbackUrl,
+          bearerToken,
+          assistantId,
+        );
+      }
+      // Deliver the engine's reply text to the user
+      try {
+        await deliverChannelReply(replyCallbackUrl, {
+          chatId: externalChatId,
+          text: engineResult.replyText,
+          assistantId,
+        }, bearerToken);
+      } catch (err) {
+        log.error({ err, conversationId }, 'Failed to deliver approval decision reply');
+      }
+      return { handled: true, type: 'decision_applied' };
+    }
+    // Race condition: run was already resolved by expiry sweep or
+    // concurrent callback. Deliver a stale notice instead of the
+    // engine's optimistic reply.
+    try {
+      const staleText = await composeApprovalMessageGenerative({
+        scenario: 'approval_already_resolved',
+        channel: sourceChannel,
+      }, {}, approvalCopyGenerator);
+      await deliverChannelReply(replyCallbackUrl, {
+        chatId: externalChatId,
+        text: staleText,
+        assistantId,
+      }, bearerToken);
+    } catch (err) {
+      log.error({ err, conversationId }, 'Failed to deliver stale approval notice');
+    }
+    return { handled: true, type: 'stale_ignored' };
+  }
+  // Fallback: no conversational generator available or no content — use
+  // the legacy deterministic path as a safety net. This preserves backward
+  // compatibility when the generator is not injected.
+  if (content) {
+    const legacyDecision = parseApprovalDecision(content);
+    if (legacyDecision) {
+      if (legacyDecision.runId) {
+        if (pending.length === 0 || pending[0].runId !== legacyDecision.runId) {
+          return { handled: true, type: 'stale_ignored' };
+        }
+      }
+      const result = handleChannelDecision(conversationId, legacyDecision, orchestrator);
+      if (result.applied) {
+        if (result.runId) {
+          schedulePostDecisionDelivery(
+            orchestrator,
+            result.runId,
+            conversationId,
+            externalChatId,
+            replyCallbackUrl,
+            bearerToken,
+            assistantId,
+          );
+        }
+        return { handled: true, type: 'decision_applied' };
+      }
+      // Race condition: run was already resolved.
+      try {
+        const staleText = await composeApprovalMessageGenerative({
+          scenario: 'approval_already_resolved',
+          channel: sourceChannel,
+        }, {}, approvalCopyGenerator);
+        await deliverChannelReply(replyCallbackUrl, {
+          chatId: externalChatId,
+          text: staleText,
+          assistantId,
+        }, bearerToken);
+      } catch (err) {
+        log.error({ err, conversationId }, 'Failed to deliver stale approval notice (legacy path)');
+      }
+      return { handled: true, type: 'stale_ignored' };
+    }
+  }
+  // No decision could be extracted and no conversational engine is available —
+  // deliver a simple status reply rather than a reminder prompt.
+  try {
+    const statusText = await composeApprovalMessageGenerative({
+      scenario: 'reminder_prompt',
+      channel: sourceChannel,
+      toolName: pending.length > 0 ? pending[0].toolName : undefined,
+    }, {}, approvalCopyGenerator);
+    await deliverChannelReply(replyCallbackUrl, {
+      chatId: externalChatId,
+      text: statusText,
+      assistantId,
+    }, bearerToken);
+  } catch (err) {
+    log.error({ err, conversationId }, 'Failed to deliver approval status reply');
+  }
+  return { handled: true, type: 'assistant_turn' };
+}
+// ---------------------------------------------------------------------------
+// Proactive guardian approval expiry sweep
+// ---------------------------------------------------------------------------
+/** Interval at which the expiry sweep runs (60 seconds). */
+const GUARDIAN_EXPIRY_SWEEP_INTERVAL_MS = 60_000;
+/** Timer handle for the expiry sweep so it can be stopped in tests. */
+let expirySweepTimer: ReturnType<typeof setInterval> | null = null;
+/**
+ * Sweep expired guardian approval requests, auto-deny the underlying runs,
+ * and notify both the requester and guardian. This runs proactively on a
+ * timer so expired approvals are closed without waiting for follow-up
+ * traffic from either party.
+ *
+ * Accepts a `gatewayBaseUrl` rather than a fixed delivery URL so that
+ * each approval's notification is routed to the correct channel-specific
+ * endpoint (e.g. `/deliver/telegram`, `/deliver/sms`).
+ */
+export function sweepExpiredGuardianApprovals(
+  orchestrator: RunOrchestrator,
+  gatewayBaseUrl: string,
+  bearerToken?: string,
+  approvalCopyGenerator?: ApprovalCopyGenerator,
+): void {
+  const expired = getExpiredPendingApprovals();
+  for (const approval of expired) {
+    // Mark the approval as expired
+    updateApprovalDecision(approval.id, { status: 'expired' });
+    // Auto-deny the underlying run
+    const expiredDecision: ApprovalDecisionResult = {
+      action: 'reject',
+      source: 'plain_text',
+    };
+    handleChannelDecision(approval.conversationId, expiredDecision, orchestrator);
+    // Construct the per-channel delivery URL from the approval's channel
+    const deliverUrl = `${gatewayBaseUrl}/deliver/${approval.channel}`;
+    // Notify the requester that the approval expired
+    void (async () => {
+      const requesterText = await composeApprovalMessageGenerative({
+        scenario: 'guardian_expired_requester',
+        toolName: approval.toolName,
+        channel: approval.channel,
+      }, {}, approvalCopyGenerator);
+      await deliverChannelReply(deliverUrl, {
+        chatId: approval.requesterChatId,
+        text: requesterText,
+        assistantId: approval.assistantId,
+      }, bearerToken);
+    })().catch((err) => {
+      log.error({ err, runId: approval.runId }, 'Failed to notify requester of guardian approval expiry');
+    });
+    // Notify the guardian that the approval expired
+    void (async () => {
+      const guardianText = await composeApprovalMessageGenerative({
+        scenario: 'guardian_expired_guardian',
+        toolName: approval.toolName,
+        requesterIdentifier: approval.requesterExternalUserId,
+        channel: approval.channel,
+      }, {}, approvalCopyGenerator);
+      await deliverChannelReply(deliverUrl, {
+        chatId: approval.guardianChatId,
+        text: guardianText,
+        assistantId: approval.assistantId,
+      }, bearerToken);
+    })().catch((err) => {
+      log.error({ err, runId: approval.runId }, 'Failed to notify guardian of approval expiry');
+    });
+    log.info(
+      { runId: approval.runId, approvalId: approval.id },
+      'Auto-denied expired guardian approval request',
+    );
+  }
+}
+/**
+ * Start the periodic expiry sweep. Idempotent — calling it multiple times
+ * re-uses the same timer.
+ */
+export function startGuardianExpirySweep(
+  orchestrator: RunOrchestrator,
+  gatewayBaseUrl: string,
+  bearerToken?: string,
+  approvalCopyGenerator?: ApprovalCopyGenerator,
+): void {
+  if (expirySweepTimer) return;
+  expirySweepTimer = setInterval(() => {
+    try {
+      sweepExpiredGuardianApprovals(orchestrator, gatewayBaseUrl, bearerToken, approvalCopyGenerator);
+    } catch (err) {
+      log.error({ err }, 'Guardian expiry sweep failed');
+    }
+  }, GUARDIAN_EXPIRY_SWEEP_INTERVAL_MS);
+}
+/**
+ * Stop the periodic expiry sweep. Used in tests and shutdown.
+ */
+export function stopGuardianExpirySweep(): void {
+  if (expirySweepTimer) {
+    clearInterval(expirySweepTimer);
+    expirySweepTimer = null;
+  }
+}