npm - @vellumai/assistant - Versions diffs - 0.3.5 → 0.3.7 - Mend

@vellumai/assistant 0.3.5 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (487) hide show

package/README.md +51 -0
package/eslint.config.mjs +31 -0
package/package.json +1 -1
package/scripts/ipc/check-swift-decoder-drift.ts +4 -1
package/scripts/ipc/generate-swift.ts +18 -2
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +338 -1
package/src/__tests__/approval-conversation-turn.test.ts +214 -0
package/src/__tests__/browser-manager.test.ts +1 -0
package/src/__tests__/call-conversation-messages.test.ts +130 -0
package/src/__tests__/call-orchestrator.test.ts +752 -271
package/src/__tests__/call-pointer-messages.test.ts +148 -0
package/src/__tests__/call-recovery.test.ts +3 -0
package/src/__tests__/call-routes-http.test.ts +5 -0
package/src/__tests__/call-store.test.ts +3 -0
package/src/__tests__/channel-approval-routes.test.ts +1260 -85
package/src/__tests__/channel-approval.test.ts +37 -0
package/src/__tests__/channel-approvals.test.ts +4 -65
package/src/__tests__/channel-guardian.test.ts +556 -0
package/src/__tests__/channel-readiness-service.test.ts +74 -7
package/src/__tests__/checker.test.ts +14 -7
package/src/__tests__/clarification-resolver.test.ts +44 -24
package/src/__tests__/commit-message-enrichment-service.test.ts +9 -4
package/src/__tests__/computer-use-session-working-dir.test.ts +8 -0
package/src/__tests__/config-schema.test.ts +12 -7
package/src/__tests__/context-window-manager.test.ts +30 -2
package/src/__tests__/contradiction-checker.test.ts +20 -5
package/src/__tests__/credential-security-invariants.test.ts +6 -2
package/src/__tests__/db-migration-rollback.test.ts +752 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +2 -0
package/src/__tests__/fuzzy-match-property.test.ts +5 -5
package/src/__tests__/guardian-action-store.test.ts +123 -0
package/src/__tests__/guardian-action-sweep.test.ts +277 -0
package/src/__tests__/guardian-dispatch.test.ts +389 -0
package/src/__tests__/guardian-question-copy.test.ts +47 -0
package/src/__tests__/handlers-telegram-config.test.ts +4 -2
package/src/__tests__/handlers-twilio-config.test.ts +126 -0
package/src/__tests__/intent-routing.test.ts +2 -0
package/src/__tests__/ipc-snapshot.test.ts +228 -1
package/src/__tests__/memory-upsert-concurrency.test.ts +828 -0
package/src/__tests__/model-intents.test.ts +96 -0
package/src/__tests__/no-direct-anthropic-sdk-imports.test.ts +42 -0
package/src/__tests__/oauth2-gateway-transport.test.ts +130 -0
package/src/__tests__/onboarding-starter-tasks.test.ts +2 -0
package/src/__tests__/provider-commit-message-generator.test.ts +89 -13
package/src/__tests__/provider-error-scenarios.test.ts +621 -0
package/src/__tests__/provider-fail-open-selection.test.ts +119 -0
package/src/__tests__/qdrant-manager.test.ts +27 -20
package/src/__tests__/relay-server.test.ts +779 -40
package/src/__tests__/run-orchestrator-assistant-events.test.ts +2 -0
package/src/__tests__/run-orchestrator.test.ts +20 -4
package/src/__tests__/runtime-runs-http.test.ts +17 -1
package/src/__tests__/runtime-runs.test.ts +16 -0
package/src/__tests__/schedule-store.test.ts +18 -4
package/src/__tests__/scheduler-recurrence.test.ts +13 -4
package/src/__tests__/session-abort-tool-results.test.ts +6 -0
package/src/__tests__/session-agent-loop.test.ts +857 -0
package/src/__tests__/session-conflict-gate.test.ts +6 -0
package/src/__tests__/session-pre-run-repair.test.ts +6 -0
package/src/__tests__/session-profile-injection.test.ts +6 -0
package/src/__tests__/session-provider-retry-repair.test.ts +6 -0
package/src/__tests__/session-queue.test.ts +6 -0
package/src/__tests__/session-runtime-assembly.test.ts +237 -13
package/src/__tests__/session-slash-known.test.ts +6 -0
package/src/__tests__/session-slash-queue.test.ts +6 -0
package/src/__tests__/session-slash-unknown.test.ts +6 -0
package/src/__tests__/session-surfaces-task-progress.test.ts +2 -0
package/src/__tests__/session-tool-setup-app-refresh.test.ts +1 -0
package/src/__tests__/session-tool-setup-memory-scope.test.ts +1 -0
package/src/__tests__/session-tool-setup-side-effect-flag.test.ts +1 -0
package/src/__tests__/session-workspace-injection.test.ts +6 -0
package/src/__tests__/session-workspace-tool-tracking.test.ts +6 -0
package/src/__tests__/skills.test.ts +2 -0
package/src/__tests__/sms-messaging-provider.test.ts +2 -1
package/src/__tests__/starter-task-flow.test.ts +2 -0
package/src/__tests__/swarm-dag-pathological.test.ts +535 -0
package/src/__tests__/system-prompt.test.ts +2 -0
package/src/__tests__/task-management-tools.test.ts +2 -2
package/src/__tests__/task-runner.test.ts +14 -4
package/src/__tests__/terminal-tools.test.ts +25 -19
package/src/__tests__/tool-execution-abort-cleanup.test.ts +545 -0
package/src/__tests__/tool-executor-shell-integration.test.ts +11 -11
package/src/__tests__/tool-executor.test.ts +23 -24
package/src/__tests__/trust-store.test.ts +3 -3
package/src/__tests__/twilio-rest.test.ts +29 -0
package/src/__tests__/twilio-routes-elevenlabs.test.ts +3 -0
package/src/__tests__/twilio-routes-twiml.test.ts +11 -0
package/src/__tests__/twilio-routes.test.ts +141 -21
package/src/__tests__/user-reference.test.ts +2 -0
package/src/__tests__/voice-quality.test.ts +222 -0
package/src/__tests__/web-search.test.ts +45 -29
package/src/agent/loop.ts +1 -1
package/src/agent-heartbeat/agent-heartbeat-service.ts +2 -10
package/src/amazon/client.ts +1418 -0
package/src/amazon/request-extractor.ts +135 -0
package/src/amazon/session.ts +109 -0
package/src/autonomy/autonomy-store.ts +5 -5
package/src/browser-extension-relay/client.ts +124 -0
package/src/browser-extension-relay/protocol.ts +63 -0
package/src/browser-extension-relay/server.ts +177 -0
package/src/bundler/app-bundler.ts +3 -3
package/src/bundler/bundle-signer.ts +1 -1
package/src/bundler/signature-verifier.ts +1 -1
package/src/calls/call-conversation-messages.ts +33 -0
package/src/calls/call-domain.ts +106 -5
package/src/calls/call-orchestrator.ts +252 -54
package/src/calls/call-pointer-messages.ts +53 -0
package/src/calls/call-recovery.ts +3 -8
package/src/calls/call-store.ts +69 -87
package/src/calls/elevenlabs-config.ts +3 -2
package/src/calls/guardian-action-sweep.ts +105 -0
package/src/calls/guardian-dispatch.ts +203 -0
package/src/calls/guardian-question-copy.ts +133 -0
package/src/calls/relay-server.ts +466 -8
package/src/calls/speaker-identification.ts +1 -1
package/src/calls/twilio-config.ts +7 -5
package/src/calls/twilio-provider.ts +6 -4
package/src/calls/twilio-rest.ts +40 -15
package/src/calls/twilio-routes.ts +60 -45
package/src/calls/types.ts +3 -1
package/src/channels/types.ts +25 -0
package/src/cli/amazon.ts +815 -0
package/src/cli/config-commands.ts +2 -2
package/src/cli/core-commands.ts +4 -3
package/src/cli/influencer.ts +244 -0
package/src/cli/map.ts +89 -6
package/src/cli.ts +1 -1
package/src/config/agent-schema.ts +171 -0
package/src/config/bundled-skills/amazon/SKILL.md +127 -0
package/src/config/bundled-skills/amazon/icon.svg +13 -0
package/src/config/bundled-skills/api-mapping/SKILL.md +78 -0
package/src/config/bundled-skills/browser/SKILL.md +1 -0
package/src/config/bundled-skills/browser/TOOLS.json +17 -0
package/src/config/bundled-skills/browser/tools/browser-wait-for-download.ts +25 -0
package/src/config/bundled-skills/doordash/SKILL.md +51 -51
package/src/config/bundled-skills/email-setup/SKILL.md +14 -5
package/src/config/bundled-skills/google-oauth-setup/SKILL.md +183 -0
package/src/config/bundled-skills/influencer/SKILL.md +144 -0
package/src/config/bundled-skills/macos-automation/icon.svg +12 -0
package/src/config/bundled-skills/media-processing/SKILL.md +72 -95
package/src/config/bundled-skills/media-processing/TOOLS.json +57 -147
package/src/config/bundled-skills/media-processing/__tests__/concurrency-pool.test.ts +77 -0
package/src/config/bundled-skills/media-processing/__tests__/cost-tracker.test.ts +69 -0
package/src/config/bundled-skills/media-processing/__tests__/preprocess.test.ts +303 -0
package/src/config/bundled-skills/media-processing/services/concurrency-pool.ts +55 -0
package/src/config/bundled-skills/media-processing/services/cost-tracker.ts +86 -0
package/src/config/bundled-skills/media-processing/services/gemini-map.ts +339 -0
package/src/config/bundled-skills/media-processing/services/preprocess.ts +551 -0
package/src/config/bundled-skills/media-processing/services/processing-pipeline.ts +7 -9
package/src/config/bundled-skills/media-processing/services/reduce.ts +197 -0
package/src/config/bundled-skills/media-processing/tools/analyze-keyframes.ts +88 -253
package/src/config/bundled-skills/media-processing/tools/extract-keyframes.ts +22 -153
package/src/config/bundled-skills/media-processing/tools/generate-clip.ts +2 -2
package/src/config/bundled-skills/media-processing/tools/media-diagnostics.ts +28 -51
package/src/config/bundled-skills/media-processing/tools/query-media-events.ts +35 -270
package/src/config/bundled-skills/messaging/SKILL.md +12 -2
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +4 -7
package/src/config/bundled-skills/messaging/tools/messaging-reply.ts +2 -1
package/src/config/bundled-skills/phone-calls/SKILL.md +86 -21
package/src/config/bundled-skills/twitter/icon.svg +14 -0
package/src/config/bundled-tool-registry.ts +310 -0
package/src/config/calls-schema.ts +181 -0
package/src/config/core-schema.ts +309 -0
package/src/config/defaults.ts +27 -3
package/src/config/env-registry.ts +169 -0
package/src/config/env.ts +175 -0
package/src/config/loader.ts +6 -6
package/src/config/memory-schema.ts +528 -0
package/src/config/sandbox-schema.ts +55 -0
package/src/config/schema.ts +157 -1138
package/src/config/skill-state.ts +1 -1
package/src/config/skills-schema.ts +32 -0
package/src/config/skills.ts +35 -24
package/src/config/system-prompt.ts +107 -56
package/src/config/templates/SOUL.md +1 -1
package/src/config/types.ts +1 -0
package/src/config/user-reference.ts +4 -9
package/src/config/vellum-skills/catalog.json +0 -7
package/src/config/vellum-skills/chatgpt-import/tools/chatgpt-import.ts +5 -1
package/src/config/vellum-skills/slack-oauth-setup/SKILL.md +1 -0
package/src/config/vellum-skills/sms-setup/SKILL.md +112 -14
package/src/context/window-manager.ts +27 -7
package/src/daemon/approval-generators.ts +186 -0
package/src/daemon/approved-devices-store.ts +140 -0
package/src/daemon/assistant-attachments.ts +1 -1
package/src/daemon/classifier.ts +35 -32
package/src/daemon/config-watcher.ts +1 -1
package/src/daemon/daemon-control.ts +254 -0
package/src/daemon/handlers/apps.ts +2 -3
package/src/daemon/handlers/config-channels.ts +158 -0
package/src/daemon/handlers/config-inbox.ts +540 -0
package/src/daemon/handlers/config-ingress.ts +231 -0
package/src/daemon/handlers/config-integrations.ts +258 -0
package/src/daemon/handlers/config-model.ts +143 -0
package/src/daemon/handlers/config-parental.ts +163 -0
package/src/daemon/handlers/config-scheduling.ts +172 -0
package/src/daemon/handlers/config-slack.ts +92 -0
package/src/daemon/handlers/config-telegram.ts +301 -0
package/src/daemon/handlers/config-tools.ts +177 -0
package/src/daemon/handlers/config-trust.ts +104 -0
package/src/daemon/handlers/config-twilio.ts +1080 -0
package/src/daemon/handlers/config.ts +53 -2463
package/src/daemon/handlers/diagnostics.ts +1 -1
package/src/daemon/handlers/dictation.ts +4 -6
package/src/daemon/handlers/documents.ts +18 -32
package/src/daemon/handlers/index.ts +9 -0
package/src/daemon/handlers/misc.ts +3 -5
package/src/daemon/handlers/pairing.ts +98 -0
package/src/daemon/handlers/sessions.ts +74 -5
package/src/daemon/handlers/shared.ts +3 -1
package/src/daemon/handlers/skills.ts +1 -1
package/src/daemon/handlers/twitter-auth.ts +2 -0
package/src/daemon/handlers/work-items.ts +2 -2
package/src/daemon/handlers/workspace-files.ts +4 -3
package/src/daemon/install-cli-launchers.ts +113 -0
package/src/daemon/ipc-contract/apps.ts +356 -0
package/src/daemon/ipc-contract/browser.ts +74 -0
package/src/daemon/ipc-contract/computer-use.ts +151 -0
package/src/daemon/ipc-contract/diagnostics.ts +56 -0
package/src/daemon/ipc-contract/documents.ts +74 -0
package/src/daemon/ipc-contract/inbox.ts +209 -0
package/src/daemon/ipc-contract/integrations.ts +284 -0
package/src/daemon/ipc-contract/memory.ts +48 -0
package/src/daemon/ipc-contract/messages.ts +211 -0
package/src/daemon/ipc-contract/pairing.ts +45 -0
package/src/daemon/ipc-contract/parental-control.ts +95 -0
package/src/daemon/ipc-contract/schedules.ts +97 -0
package/src/daemon/ipc-contract/sessions.ts +321 -0
package/src/daemon/ipc-contract/shared.ts +42 -0
package/src/daemon/ipc-contract/skills.ts +120 -0
package/src/daemon/ipc-contract/subagents.ts +58 -0
package/src/daemon/ipc-contract/surfaces.ts +250 -0
package/src/daemon/ipc-contract/trust.ts +60 -0
package/src/daemon/ipc-contract/work-items.ts +225 -0
package/src/daemon/ipc-contract/workspace.ts +113 -0
package/src/daemon/ipc-contract-inventory.json +62 -0
package/src/daemon/ipc-contract-inventory.ts +55 -29
package/src/daemon/ipc-contract.ts +227 -2527
package/src/daemon/ipc-protocol.ts +1 -1
package/src/daemon/ipc-validate.ts +7 -0
package/src/daemon/lifecycle.ts +97 -379
package/src/daemon/pairing-store.ts +177 -0
package/src/daemon/providers-setup.ts +43 -0
package/src/daemon/ride-shotgun-handler.ts +67 -2
package/src/daemon/server.ts +60 -44
package/src/daemon/session-agent-loop-handlers.ts +421 -0
package/src/daemon/session-agent-loop.ts +113 -275
package/src/daemon/session-dynamic-profile.ts +1 -1
package/src/daemon/session-history.ts +1 -1
package/src/daemon/session-media-retry.ts +1 -1
package/src/daemon/session-messaging.ts +37 -2
package/src/daemon/session-notifiers.ts +5 -25
package/src/daemon/session-process.ts +99 -59
package/src/daemon/session-queue-manager.ts +98 -4
package/src/daemon/session-runtime-assembly.ts +149 -15
package/src/daemon/session-surfaces.ts +26 -4
package/src/daemon/session-tool-setup.ts +28 -30
package/src/daemon/session-workspace.ts +1 -1
package/src/daemon/session.ts +24 -1
package/src/daemon/shutdown-handlers.ts +122 -0
package/src/daemon/trace-emitter.ts +1 -1
package/src/daemon/watch-handler.ts +36 -33
package/src/doordash/cart-queries.ts +787 -0
package/src/doordash/client.ts +144 -127
package/src/doordash/order-queries.ts +85 -0
package/src/doordash/queries.ts +10 -1308
package/src/doordash/search-queries.ts +203 -0
package/src/doordash/session.ts +3 -2
package/src/doordash/store-queries.ts +246 -0
package/src/doordash/types.ts +367 -0
package/src/email/providers/agentmail.ts +2 -1
package/src/email/providers/index.ts +3 -2
package/src/email/service.ts +3 -2
package/src/errors.ts +43 -0
package/src/home-base/prebuilt/seed.ts +1 -1
package/src/hooks/cli.ts +6 -5
package/src/hooks/config.ts +6 -8
package/src/hooks/discovery.ts +6 -5
package/src/hooks/manager.ts +4 -3
package/src/hooks/runner.ts +2 -2
package/src/hooks/templates.ts +5 -5
package/src/inbound/public-ingress-urls.ts +3 -1
package/src/index.ts +4 -2
package/src/influencer/client.ts +1104 -0
package/src/instrument.ts +4 -3
package/src/logfire.ts +4 -3
package/src/memory/admin.ts +25 -35
package/src/memory/attachments-store.ts +4 -7
package/src/memory/channel-delivery-store.ts +30 -1
package/src/memory/channel-guardian-store.ts +200 -1
package/src/memory/clarification-resolver.ts +37 -33
package/src/memory/conflict-store.ts +67 -61
package/src/memory/contradiction-checker.ts +141 -117
package/src/memory/conversation-store.ts +335 -51
package/src/memory/db-connection.ts +27 -4
package/src/memory/db-init.ts +121 -4
package/src/memory/db.ts +14 -1
package/src/memory/embedding-backend.ts +27 -5
package/src/memory/embedding-ollama.ts +2 -1
package/src/memory/entity-extractor.ts +38 -35
package/src/memory/guardian-action-store.ts +430 -0
package/src/memory/inbox-escalation-projection.ts +59 -0
package/src/memory/inbox-thread-store.ts +218 -0
package/src/memory/ingress-invite-store.ts +338 -0
package/src/memory/ingress-member-store.ts +350 -0
package/src/memory/items-extractor.ts +91 -97
package/src/memory/job-handlers/index-maintenance.ts +3 -3
package/src/memory/job-handlers/media-processing.ts +11 -42
package/src/memory/job-handlers/summarization.ts +32 -26
package/src/memory/job-utils.ts +3 -10
package/src/memory/jobs-store.ts +6 -9
package/src/memory/jobs-worker.ts +51 -36
package/src/memory/migrations/001-job-deferrals.ts +45 -0
package/src/memory/migrations/002-tool-invocations-fk.ts +43 -0
package/src/memory/migrations/003-memory-fts-backfill.ts +24 -0
package/src/memory/migrations/004-entity-relation-dedup.ts +87 -0
package/src/memory/migrations/005-fingerprint-scope-unique.ts +80 -0
package/src/memory/migrations/006-scope-salted-fingerprints.ts +62 -0
package/src/memory/migrations/007-assistant-id-to-self.ts +254 -0
package/src/memory/migrations/008-remove-assistant-id-columns.ts +208 -0
package/src/memory/migrations/009-llm-usage-events-drop-assistant-id.ts +83 -0
package/src/memory/migrations/010-ext-conv-bindings-channel-chat-unique.ts +56 -0
package/src/memory/migrations/011-call-sessions-provider-sid-dedup.ts +63 -0
package/src/memory/migrations/012-call-sessions-add-initiated-from.ts +19 -0
package/src/memory/migrations/013-guardian-action-tables.ts +68 -0
package/src/memory/migrations/014-backfill-inbox-thread-state.ts +76 -0
package/src/memory/migrations/015-drop-active-search-index.ts +27 -0
package/src/memory/migrations/016-memory-segments-indexes.ts +11 -0
package/src/memory/migrations/017-memory-items-indexes.ts +12 -0
package/src/memory/migrations/018-remaining-table-indexes.ts +13 -0
package/src/memory/migrations/index.ts +24 -0
package/src/memory/migrations/registry.ts +79 -0
package/src/memory/migrations/validate-migration-state.ts +69 -0
package/src/memory/qdrant-manager.ts +49 -8
package/src/memory/query-builder.ts +1 -1
package/src/memory/raw-query.ts +119 -0
package/src/memory/recall-cache.ts +4 -1
package/src/memory/retriever.ts +163 -47
package/src/memory/schema-migration.ts +25 -984
package/src/memory/schema.ts +130 -7
package/src/memory/search/entity.ts +10 -19
package/src/memory/search/lexical.ts +81 -52
package/src/memory/search/ranking.ts +21 -22
package/src/memory/search/semantic.ts +157 -19
package/src/memory/shared-app-links-store.ts +4 -5
package/src/memory/validation.ts +19 -0
package/src/messaging/draft-store.ts +5 -6
package/src/messaging/providers/sms/adapter.ts +3 -6
package/src/messaging/providers/telegram-bot/adapter.ts +2 -5
package/src/messaging/providers/whatsapp/adapter.ts +136 -0
package/src/messaging/providers/whatsapp/client.ts +67 -0
package/src/messaging/style-analyzer.ts +5 -4
package/src/messaging/thread-summarizer.ts +61 -69
package/src/messaging/triage-engine.ts +62 -71
package/src/migrations/config-merge.ts +53 -0
package/src/migrations/data-layout.ts +68 -0
package/src/migrations/data-merge.ts +33 -0
package/src/migrations/hooks-merge.ts +90 -0
package/src/migrations/index.ts +6 -0
package/src/migrations/log.ts +23 -0
package/src/migrations/skills-merge.ts +33 -0
package/src/migrations/workspace-layout.ts +79 -0
package/src/permissions/checker.ts +126 -11
package/src/permissions/prompter.ts +14 -0
package/src/permissions/shell-identity.ts +31 -1
package/src/permissions/trust-store.ts +21 -1
package/src/providers/anthropic/client.ts +4 -4
package/src/providers/failover.ts +2 -2
package/src/providers/model-intents.ts +70 -0
package/src/providers/ollama/client.ts +2 -1
package/src/providers/provider-send-message.ts +176 -0
package/src/providers/registry.ts +71 -30
package/src/providers/retry.ts +35 -1
package/src/providers/types.ts +12 -1
package/src/runtime/approval-conversation-turn.ts +97 -0
package/src/runtime/approval-message-composer.ts +115 -5
package/src/runtime/assistant-event-hub.ts +3 -1
package/src/runtime/channel-approval-parser.ts +36 -2
package/src/runtime/channel-approvals.ts +0 -21
package/src/runtime/channel-guardian-service.ts +48 -7
package/src/runtime/channel-readiness-service.ts +160 -34
package/src/runtime/channel-readiness-types.ts +10 -4
package/src/runtime/channel-retry-sweep.ts +184 -0
package/src/runtime/guardian-context-resolver.ts +108 -0
package/src/runtime/http-server.ts +289 -745
package/src/runtime/http-types.ts +56 -3
package/src/runtime/middleware/auth.ts +116 -0
package/src/runtime/middleware/error-handler.ts +33 -0
package/src/runtime/middleware/twilio-validation.ts +127 -0
package/src/runtime/routes/app-routes.ts +1 -1
package/src/runtime/routes/call-routes.ts +49 -6
package/src/runtime/routes/channel-delivery-routes.ts +170 -0
package/src/runtime/routes/channel-guardian-routes.ts +1191 -0
package/src/runtime/routes/channel-inbound-routes.ts +1152 -0
package/src/runtime/routes/channel-route-shared.ts +144 -0
package/src/runtime/routes/channel-routes.ts +32 -1634
package/src/runtime/routes/conversation-routes.ts +50 -7
package/src/runtime/routes/events-routes.ts +2 -2
package/src/runtime/routes/identity-routes.ts +126 -0
package/src/runtime/routes/pairing-routes.ts +144 -0
package/src/runtime/routes/run-routes.ts +15 -1
package/src/runtime/run-orchestrator.ts +52 -34
package/src/schedule/schedule-store.ts +36 -32
package/src/schedule/scheduler.ts +3 -3
package/src/security/encrypted-store.ts +5 -7
package/src/security/oauth2.ts +45 -15
package/src/security/parental-control-store.ts +183 -0
package/src/security/secret-allowlist.ts +4 -3
package/src/security/secret-scanner.ts +5 -5
package/src/security/secure-keys.ts +1 -1
package/src/security/token-manager.ts +3 -2
package/src/services/vercel-deploy.ts +6 -2
package/src/skills/tool-manifest.ts +3 -3
package/src/skills/vellum-catalog-remote.ts +75 -16
package/src/slack/slack-webhook.ts +2 -1
package/src/swarm/orchestrator.ts +92 -1
package/src/swarm/router-planner.ts +6 -9
package/src/swarm/worker-prompts.ts +9 -12
package/src/tasks/task-compiler.ts +19 -28
package/src/tasks/task-runner.ts +1 -1
package/src/tools/assets/search.ts +15 -14
package/src/tools/browser/__tests__/auth-detector.test.ts +1 -0
package/src/tools/browser/auto-navigate.ts +1 -0
package/src/tools/browser/browser-execution.ts +13 -1
package/src/tools/browser/browser-manager.ts +119 -4
package/src/tools/browser/network-recorder.ts +5 -0
package/src/tools/credentials/broker.ts +11 -2
package/src/tools/credentials/metadata-store.ts +18 -14
package/src/tools/credentials/post-connect-hooks.ts +61 -0
package/src/tools/credentials/vault.ts +49 -23
package/src/tools/executor.ts +80 -18
package/src/tools/host-terminal/cli-discover.ts +1 -1
package/src/tools/network/script-proxy/http-forwarder.ts +1 -1
package/src/tools/network/script-proxy/mitm-handler.ts +1 -1
package/src/tools/network/script-proxy/server.ts +1 -1
package/src/tools/network/script-proxy/session-manager.ts +6 -5
package/src/tools/network/web-fetch.ts +18 -2
package/src/tools/network/web-search.ts +7 -3
package/src/tools/reminder/reminder-store.ts +14 -15
package/src/tools/schedule/create.ts +1 -0
package/src/tools/schedule/list.ts +2 -1
package/src/tools/shared/filesystem/file-ops-service.ts +5 -7
package/src/tools/skills/skill-script-runner.ts +24 -9
package/src/tools/skills/skill-tool-factory.ts +1 -0
package/src/tools/tasks/work-item-enqueue.ts +2 -2
package/src/tools/terminal/evaluate-typescript.ts +21 -12
package/src/tools/terminal/parser.ts +50 -0
package/src/tools/watcher/delete.ts +6 -0
package/src/tools/weather/service.ts +1 -1
package/src/twitter/client.ts +190 -24
package/src/twitter/session.ts +4 -3
package/src/util/clipboard.ts +1 -1
package/src/util/errors.ts +65 -8
package/src/util/fs.ts +40 -0
package/src/util/json.ts +10 -0
package/src/util/log-redact.ts +189 -0
package/src/util/logger.ts +25 -18
package/src/util/object.ts +3 -0
package/src/util/platform.ts +72 -365
package/src/util/pricing.ts +1 -1
package/src/util/promise-guard.ts +1 -1
package/src/util/retry.ts +19 -0
package/src/util/row-mapper.ts +79 -0
package/src/util/silently.ts +21 -0
package/src/watcher/engine.ts +5 -1
package/src/watcher/provider-types.ts +20 -0
package/src/watcher/providers/github.ts +156 -0
package/src/watcher/providers/gmail.ts +1 -0
package/src/watcher/providers/google-calendar.ts +1 -0
package/src/watcher/providers/linear.ts +460 -0
package/src/watcher/providers/slack.ts +1 -0
package/src/work-items/work-item-runner.ts +1 -1
package/src/workspace/git-service.ts +1 -1
package/src/workspace/provider-commit-message-generator.ts +51 -22
package/src/__tests__/call-bridge.test.ts +0 -517
package/src/__tests__/session-process-bridge.test.ts +0 -244
package/src/calls/call-bridge.ts +0 -168
package/src/config/bundled-skills/media-processing/services/capability-registry.ts +0 -137
package/src/config/bundled-skills/media-processing/services/event-detection-service.ts +0 -280
package/src/config/bundled-skills/media-processing/services/feedback-aggregation.ts +0 -144
package/src/config/bundled-skills/media-processing/services/feedback-store.ts +0 -136
package/src/config/bundled-skills/media-processing/services/retrieval-service.ts +0 -95
package/src/config/bundled-skills/media-processing/services/timeline-service.ts +0 -267
package/src/config/bundled-skills/media-processing/tools/detect-events.ts +0 -110
package/src/config/bundled-skills/media-processing/tools/recalibrate.ts +0 -235
package/src/config/bundled-skills/media-processing/tools/select-tracking-profile.ts +0 -142
package/src/config/bundled-skills/media-processing/tools/submit-feedback.ts +0 -150
package/src/config/vellum-skills/google-oauth-setup/SKILL.md +0 -199

package/src/__tests__/channel-guardian.test.ts CHANGED Viewed

@@ -36,6 +36,7 @@ import {
   revokeBinding,
   createChallenge,
   findPendingChallengeByHash,
+  findPendingChallengeForChannel,
   consumeChallenge,
   createApprovalRequest,
   getPendingApprovalForRun,
@@ -51,6 +52,7 @@ import {
   getGuardianBinding,
   isGuardian,
   revokeBinding as serviceRevokeBinding,
+  getPendingChallenge,
 } from '../runtime/channel-guardian-service.js';
 import { handleGuardianVerification } from '../daemon/handlers/config.js';
 import type { GuardianVerificationRequest, GuardianVerificationResponse } from '../daemon/ipc-contract.js';
@@ -1424,4 +1426,558 @@ describe('IPC handler channel-aware guardian status', () => {
     expect(resp!.guardianDeliveryChatId).toBeUndefined();
     expect(resp!.guardianExternalUserId).toBeUndefined();
   });
+  test('status action includes hasPendingChallenge when challenge exists', () => {
+    createVerificationChallenge('self', 'voice');
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'voice',
+      assistantId: 'self',
+    };
+    handleGuardianVerification(msg, mockSocket, ctx);
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.hasPendingChallenge).toBe(true);
+  });
+  test('status action hasPendingChallenge is false when no challenge exists', () => {
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'voice',
+      assistantId: 'self',
+    };
+    handleGuardianVerification(msg, mockSocket, ctx);
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.hasPendingChallenge).toBe(false);
+  });
+});
+// ═══════════════════════════════════════════════════════════════════════════
+// 11. Voice Guardian Challenge — Six-Digit Secret Generation
+// ═══════════════════════════════════════════════════════════════════════════
+describe('voice guardian challenge generation', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+  test('createVerificationChallenge for voice returns a six-digit numeric secret', () => {
+    const result = createVerificationChallenge('asst-1', 'voice');
+    expect(result.challengeId).toBeDefined();
+    expect(result.secret).toBeDefined();
+    expect(result.secret).toMatch(/^\d{6}$/);
+    const num = parseInt(result.secret, 10);
+    expect(num).toBeGreaterThanOrEqual(100000);
+    expect(num).toBeLessThanOrEqual(999999);
+  });
+  test('createVerificationChallenge for non-voice returns 64-char hex secret', () => {
+    const result = createVerificationChallenge('asst-1', 'telegram');
+    expect(result.secret.length).toBe(64);
+    expect(result.secret).toMatch(/^[a-f0-9]{64}$/);
+  });
+  test('voice challenge verifyCommand contains the six-digit secret', () => {
+    const result = createVerificationChallenge('asst-1', 'voice');
+    expect(result.verifyCommand).toBe(`/guardian_verify ${result.secret}`);
+  });
+  test('voice challenge instruction contains voice-specific copy', () => {
+    const result = createVerificationChallenge('asst-1', 'voice');
+    expect(result.instruction).toContain('six-digit code');
+    expect(result.instruction).toContain(result.secret);
+    expect(result.instruction).toContain('minutes');
+  });
+  test('voice challenge secrets are different across calls', () => {
+    const result1 = createVerificationChallenge('asst-1', 'voice');
+    const result2 = createVerificationChallenge('asst-2', 'voice');
+    // While technically they could collide, the probability is ~1/900000
+    // so this is a reasonable smoke test for randomness
+    expect(result1.secret).toMatch(/^\d{6}$/);
+    expect(result2.secret).toMatch(/^\d{6}$/);
+  });
+  test('voice ttlSeconds is 600 (10 minutes)', () => {
+    const result = createVerificationChallenge('asst-1', 'voice');
+    expect(result.ttlSeconds).toBe(600);
+  });
+});
+// ═══════════════════════════════════════════════════════════════════════════
+// 12. Voice Guardian Challenge Validation
+// ═══════════════════════════════════════════════════════════════════════════
+describe('voice guardian challenge validation', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+  test('validateAndConsumeChallenge succeeds with correct voice secret', () => {
+    const { secret } = createVerificationChallenge('asst-1', 'voice');
+    const result = validateAndConsumeChallenge(
+      'asst-1',
+      'voice',
+      secret,
+      'voice-user-1',
+      'voice-chat-1',
+    );
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.bindingId).toBeDefined();
+    }
+  });
+  test('validateAndConsumeChallenge creates a guardian binding for voice', () => {
+    const { secret } = createVerificationChallenge('asst-1', 'voice');
+    validateAndConsumeChallenge('asst-1', 'voice', secret, 'voice-user-1', 'voice-chat-1');
+    const binding = getActiveBinding('asst-1', 'voice');
+    expect(binding).not.toBeNull();
+    expect(binding!.guardianExternalUserId).toBe('voice-user-1');
+    expect(binding!.guardianDeliveryChatId).toBe('voice-chat-1');
+    expect(binding!.channel).toBe('voice');
+    expect(binding!.verifiedVia).toBe('challenge');
+  });
+  test('validateAndConsumeChallenge fails with wrong voice secret', () => {
+    createVerificationChallenge('asst-1', 'voice');
+    const result = validateAndConsumeChallenge(
+      'asst-1',
+      'voice',
+      '000000',
+      'voice-user-1',
+      'voice-chat-1',
+    );
+    expect(result.success).toBe(false);
+    if (!result.success) {
+      expect(result.reason).toBeDefined();
+      expect(result.reason.length).toBeGreaterThan(0);
+      expect(result.reason.toLowerCase()).toContain('failed');
+    }
+  });
+  test('voice and telegram guardian challenges are independent', () => {
+    const voiceChallenge = createVerificationChallenge('asst-1', 'voice');
+    const telegramChallenge = createVerificationChallenge('asst-1', 'telegram');
+    // Voice secret against telegram channel should fail
+    const crossResult = validateAndConsumeChallenge(
+      'asst-1',
+      'telegram',
+      voiceChallenge.secret,
+      'user-1',
+      'chat-1',
+    );
+    expect(crossResult.success).toBe(false);
+    // Voice secret against correct channel should succeed
+    const voiceResult = validateAndConsumeChallenge(
+      'asst-1',
+      'voice',
+      voiceChallenge.secret,
+      'voice-user-1',
+      'voice-chat-1',
+    );
+    expect(voiceResult.success).toBe(true);
+    // Telegram challenge should still be valid
+    const telegramResult = validateAndConsumeChallenge(
+      'asst-1',
+      'telegram',
+      telegramChallenge.secret,
+      'user-2',
+      'chat-2',
+    );
+    expect(telegramResult.success).toBe(true);
+  });
+  test('consumed voice challenge cannot be reused', () => {
+    const { secret } = createVerificationChallenge('asst-1', 'voice');
+    const result1 = validateAndConsumeChallenge(
+      'asst-1', 'voice', secret, 'voice-user-1', 'voice-chat-1',
+    );
+    expect(result1.success).toBe(true);
+    const result2 = validateAndConsumeChallenge(
+      'asst-1', 'voice', secret, 'voice-user-2', 'voice-chat-2',
+    );
+    expect(result2.success).toBe(false);
+  });
+  test('validateAndConsumeChallenge revokes existing voice binding before creating new one', () => {
+    createBinding({
+      assistantId: 'asst-1',
+      channel: 'voice',
+      guardianExternalUserId: 'old-voice-user',
+      guardianDeliveryChatId: 'old-voice-chat',
+    });
+    const oldBinding = getActiveBinding('asst-1', 'voice');
+    expect(oldBinding).not.toBeNull();
+    expect(oldBinding!.guardianExternalUserId).toBe('old-voice-user');
+    const { secret } = createVerificationChallenge('asst-1', 'voice');
+    validateAndConsumeChallenge('asst-1', 'voice', secret, 'new-voice-user', 'new-voice-chat');
+    const newBinding = getActiveBinding('asst-1', 'voice');
+    expect(newBinding).not.toBeNull();
+    expect(newBinding!.guardianExternalUserId).toBe('new-voice-user');
+    expect(newBinding!.guardianDeliveryChatId).toBe('new-voice-chat');
+  });
+});
+// ═══════════════════════════════════════════════════════════════════════════
+// 13. Voice Guardian Identity and Revocation
+// ═══════════════════════════════════════════════════════════════════════════
+describe('voice guardian identity and revocation', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+  test('isGuardian works for voice channel', () => {
+    createBinding({
+      assistantId: 'asst-1',
+      channel: 'voice',
+      guardianExternalUserId: 'voice-user-1',
+      guardianDeliveryChatId: 'voice-chat-1',
+    });
+    expect(isGuardian('asst-1', 'voice', 'voice-user-1')).toBe(true);
+    expect(isGuardian('asst-1', 'voice', 'voice-user-2')).toBe(false);
+    // Voice guardian should not match telegram channel
+    expect(isGuardian('asst-1', 'telegram', 'voice-user-1')).toBe(false);
+  });
+  test('getGuardianBinding returns voice binding', () => {
+    createBinding({
+      assistantId: 'asst-1',
+      channel: 'voice',
+      guardianExternalUserId: 'voice-user-1',
+      guardianDeliveryChatId: 'voice-chat-1',
+    });
+    const binding = getGuardianBinding('asst-1', 'voice');
+    expect(binding).not.toBeNull();
+    expect(binding!.channel).toBe('voice');
+    expect(binding!.guardianExternalUserId).toBe('voice-user-1');
+  });
+  test('revokeBinding clears active voice guardian binding', () => {
+    createBinding({
+      assistantId: 'asst-1',
+      channel: 'voice',
+      guardianExternalUserId: 'voice-user-1',
+      guardianDeliveryChatId: 'voice-chat-1',
+    });
+    const result = serviceRevokeBinding('asst-1', 'voice');
+    expect(result).toBe(true);
+    expect(getGuardianBinding('asst-1', 'voice')).toBeNull();
+  });
+  test('revokeBinding for voice does not affect telegram binding', () => {
+    createBinding({
+      assistantId: 'asst-1',
+      channel: 'voice',
+      guardianExternalUserId: 'voice-user-1',
+      guardianDeliveryChatId: 'voice-chat-1',
+    });
+    createBinding({
+      assistantId: 'asst-1',
+      channel: 'telegram',
+      guardianExternalUserId: 'tg-user-1',
+      guardianDeliveryChatId: 'tg-chat-1',
+    });
+    serviceRevokeBinding('asst-1', 'voice');
+    expect(getGuardianBinding('asst-1', 'voice')).toBeNull();
+    expect(getGuardianBinding('asst-1', 'telegram')).not.toBeNull();
+  });
+});
+// ═══════════════════════════════════════════════════════════════════════════
+// 14. Voice Guardian Rate Limiting
+// ═══════════════════════════════════════════════════════════════════════════
+describe('voice guardian rate limiting', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+  test('repeated invalid voice submissions hit rate limit', () => {
+    createVerificationChallenge('asst-1', 'voice');
+    for (let i = 0; i < 5; i++) {
+      const result = validateAndConsumeChallenge(
+        'asst-1', 'voice', `${100000 + i}`, 'voice-user-1', 'voice-chat-1',
+      );
+      expect(result.success).toBe(false);
+    }
+    // The 6th attempt should be rate-limited
+    const result = validateAndConsumeChallenge(
+      'asst-1', 'voice', '999999', 'voice-user-1', 'voice-chat-1',
+    );
+    expect(result.success).toBe(false);
+    const rl = getRateLimit('asst-1', 'voice', 'voice-user-1', 'voice-chat-1');
+    expect(rl).not.toBeNull();
+    expect(rl!.lockedUntil).not.toBeNull();
+  });
+  test('voice rate limit does not affect telegram rate limit', () => {
+    createVerificationChallenge('asst-1', 'voice');
+    for (let i = 0; i < 5; i++) {
+      validateAndConsumeChallenge('asst-1', 'voice', `${100000 + i}`, 'user-1', 'chat-1');
+    }
+    const voiceRl = getRateLimit('asst-1', 'voice', 'user-1', 'chat-1');
+    expect(voiceRl).not.toBeNull();
+    expect(voiceRl!.lockedUntil).not.toBeNull();
+    // Telegram should be unaffected
+    const telegramRl = getRateLimit('asst-1', 'telegram', 'user-1', 'chat-1');
+    expect(telegramRl).toBeNull();
+  });
+  test('successful voice verification resets rate limit', () => {
+    const { secret: _s } = createVerificationChallenge('asst-1', 'voice');
+    validateAndConsumeChallenge('asst-1', 'voice', '000000', 'voice-user-1', 'voice-chat-1');
+    validateAndConsumeChallenge('asst-1', 'voice', '111111', 'voice-user-1', 'voice-chat-1');
+    // Valid attempt should succeed (under the 5-attempt threshold)
+    const { secret } = createVerificationChallenge('asst-1', 'voice');
+    const result = validateAndConsumeChallenge(
+      'asst-1', 'voice', secret, 'voice-user-1', 'voice-chat-1',
+    );
+    expect(result.success).toBe(true);
+    const rl = getRateLimit('asst-1', 'voice', 'voice-user-1', 'voice-chat-1');
+    expect(rl).not.toBeNull();
+    expect(rl!.invalidAttempts).toBe(0);
+    expect(rl!.lockedUntil).toBeNull();
+  });
+});
+// ═══════════════════════════════════════════════════════════════════════════
+// 15. Pending Challenge Lookup (Store + Service)
+// ═══════════════════════════════════════════════════════════════════════════
+describe('pending challenge lookup', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+  test('findPendingChallengeForChannel returns pending challenge', () => {
+    createVerificationChallenge('asst-1', 'voice');
+    const pending = findPendingChallengeForChannel('asst-1', 'voice');
+    expect(pending).not.toBeNull();
+    expect(pending!.channel).toBe('voice');
+    expect(pending!.status).toBe('pending');
+  });
+  test('findPendingChallengeForChannel returns null when no challenge exists', () => {
+    const pending = findPendingChallengeForChannel('asst-1', 'voice');
+    expect(pending).toBeNull();
+  });
+  test('findPendingChallengeForChannel returns null for different channel', () => {
+    createVerificationChallenge('asst-1', 'telegram');
+    const pending = findPendingChallengeForChannel('asst-1', 'voice');
+    expect(pending).toBeNull();
+  });
+  test('findPendingChallengeForChannel returns null after challenge is consumed', () => {
+    const { secret } = createVerificationChallenge('asst-1', 'voice');
+    validateAndConsumeChallenge('asst-1', 'voice', secret, 'voice-user-1', 'voice-chat-1');
+    const pending = findPendingChallengeForChannel('asst-1', 'voice');
+    expect(pending).toBeNull();
+  });
+  test('getPendingChallenge service helper returns pending voice challenge', () => {
+    createVerificationChallenge('asst-1', 'voice');
+    const pending = getPendingChallenge('asst-1', 'voice');
+    expect(pending).not.toBeNull();
+    expect(pending!.channel).toBe('voice');
+  });
+  test('getPendingChallenge returns null when no challenge exists', () => {
+    const pending = getPendingChallenge('asst-1', 'voice');
+    expect(pending).toBeNull();
+  });
+  test('creating a new challenge revokes prior pending challenges', () => {
+    createVerificationChallenge('asst-1', 'voice');
+    const pending1 = findPendingChallengeForChannel('asst-1', 'voice');
+    expect(pending1).not.toBeNull();
+    const firstId = pending1!.id;
+    // Creating a second challenge should revoke the first
+    createVerificationChallenge('asst-1', 'voice');
+    const pending2 = findPendingChallengeForChannel('asst-1', 'voice');
+    expect(pending2).not.toBeNull();
+    expect(pending2!.id).not.toBe(firstId);
+  });
+});
+// ═══════════════════════════════════════════════════════════════════════════
+// 16. IPC handler — voice guardian verification
+// ═══════════════════════════════════════════════════════════════════════════
+describe('IPC handler voice guardian verification', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+  test('create_challenge for voice returns a six-digit secret', () => {
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'create_challenge',
+      channel: 'voice',
+      assistantId: 'self',
+    };
+    handleGuardianVerification(msg, mockSocket, ctx);
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.secret).toBeDefined();
+    expect(resp!.secret).toMatch(/^\d{6}$/);
+    expect(resp!.instruction).toBeDefined();
+    expect(resp!.instruction).toContain('six-digit code');
+    expect(resp!.channel).toBe('voice');
+  });
+  test('status for voice reflects unbound state', () => {
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'voice',
+      assistantId: 'self',
+    };
+    handleGuardianVerification(msg, mockSocket, ctx);
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.channel).toBe('voice');
+    expect(resp!.bound).toBe(false);
+    expect(resp!.guardianExternalUserId).toBeUndefined();
+  });
+  test('status for voice reflects bound state', () => {
+    createBinding({
+      assistantId: 'self',
+      channel: 'voice',
+      guardianExternalUserId: 'voice-user-1',
+      guardianDeliveryChatId: 'voice-chat-1',
+    });
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'voice',
+      assistantId: 'self',
+    };
+    handleGuardianVerification(msg, mockSocket, ctx);
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.bound).toBe(true);
+    expect(resp!.guardianExternalUserId).toBe('voice-user-1');
+    expect(resp!.guardianDeliveryChatId).toBe('voice-chat-1');
+    expect(resp!.channel).toBe('voice');
+  });
+  test('revoke for voice clears active binding', () => {
+    createBinding({
+      assistantId: 'self',
+      channel: 'voice',
+      guardianExternalUserId: 'voice-user-1',
+      guardianDeliveryChatId: 'voice-chat-1',
+    });
+    const { ctx, lastResponse } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'revoke',
+      channel: 'voice',
+      assistantId: 'self',
+    };
+    handleGuardianVerification(msg, mockSocket, ctx);
+    const resp = lastResponse();
+    expect(resp).not.toBeNull();
+    expect(resp!.success).toBe(true);
+    expect(resp!.bound).toBe(false);
+    // Verify binding is actually revoked
+    expect(getGuardianBinding('self', 'voice')).toBeNull();
+  });
+  test('revoke for voice does not affect telegram binding', () => {
+    createBinding({
+      assistantId: 'self',
+      channel: 'voice',
+      guardianExternalUserId: 'voice-user-1',
+      guardianDeliveryChatId: 'voice-chat-1',
+    });
+    createBinding({
+      assistantId: 'self',
+      channel: 'telegram',
+      guardianExternalUserId: 'tg-user-1',
+      guardianDeliveryChatId: 'tg-chat-1',
+    });
+    const { ctx } = createMockCtx();
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'revoke',
+      channel: 'voice',
+      assistantId: 'self',
+    };
+    handleGuardianVerification(msg, mockSocket, ctx);
+    expect(getGuardianBinding('self', 'voice')).toBeNull();
+    expect(getGuardianBinding('self', 'telegram')).not.toBeNull();
+  });
 });

package/src/__tests__/channel-readiness-service.test.ts CHANGED Viewed

@@ -1,11 +1,12 @@
-import { describe, test, expect, beforeEach, mock } from 'bun:test';
+import { describe, test, expect, beforeEach } from 'bun:test';
 import { ChannelReadinessService, REMOTE_TTL_MS } from '../runtime/channel-readiness-service.js';
+import type { ChannelId } from '../channels/types.js';
 import type { ChannelProbe, ReadinessCheckResult } from '../runtime/channel-readiness-types.js';
 // ── Test helpers ────────────────────────────────────────────────────────────
 function makeProbe(
-  channel: string,
+  channel: ChannelId,
   localResults: ReadinessCheckResult[],
   remoteResults?: ReadinessCheckResult[],
 ): ChannelProbe & { localCallCount: number; remoteCallCount: number } {
@@ -114,7 +115,7 @@ describe('ChannelReadinessService', () => {
     expect(probe.remoteCallCount).toBe(1);
     // Manually age the cached snapshot beyond TTL
-    const cached = (service as unknown as { snapshots: Map<string, { checkedAt: number }> }).snapshots.get('sms')!;
+    const cached = (service as unknown as { snapshots: Map<string, { checkedAt: number }> }).snapshots.get('sms::__default__')!;
     cached.checkedAt = Date.now() - REMOTE_TTL_MS - 1;
     // Second call should re-run remote checks
@@ -166,9 +167,10 @@ describe('ChannelReadinessService', () => {
   });
   test('unknown channel returns unsupported_channel reason', async () => {
-    const [snapshot] = await service.getReadiness('carrier_pigeon');
+    // Cast to exercise runtime handling of an unrecognized channel value
+    const [snapshot] = await service.getReadiness('carrier_pigeon' as ChannelId);
-    expect(snapshot.channel).toBe('carrier_pigeon');
+    expect(snapshot.channel).toBe('carrier_pigeon' as ChannelId);
     expect(snapshot.ready).toBe(false);
     expect(snapshot.reasons).toEqual([
       { code: 'unsupported_channel', text: 'Channel carrier_pigeon is not supported' },
@@ -177,13 +179,13 @@ describe('ChannelReadinessService', () => {
   });
   test('all checks passing yields ready=true', async () => {
-    const probe = makeProbe('test', [
+    const probe = makeProbe('telegram', [
       { name: 'a', passed: true, message: 'ok' },
       { name: 'b', passed: true, message: 'ok' },
     ]);
     service.registerProbe(probe);
-    const [snapshot] = await service.getReadiness('test');
+    const [snapshot] = await service.getReadiness('telegram');
     expect(snapshot.ready).toBe(true);
     expect(snapshot.reasons).toHaveLength(0);
@@ -254,4 +256,69 @@ describe('ChannelReadinessService', () => {
       { code: 'api_check', text: 'API unreachable' },
     ]);
   });
+  test('fresh cached remote failures do not affect local-only readiness', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: false, message: 'API unreachable' }],
+    );
+    service.registerProbe(probe);
+    // Prime remote cache with a failing check
+    await service.getReadiness('sms', true);
+    // Immediately call with includeRemote=false (cache is still fresh within TTL).
+    // The cached remote failure should be surfaced for visibility but must NOT
+    // affect readiness when the caller explicitly opted out of remote checks.
+    const [snapshot] = await service.getReadiness('sms', false);
+    expect(snapshot.ready).toBe(true);
+    expect(snapshot.reasons).toEqual([]);
+    // Remote checks are still visible for informational purposes
+    expect(snapshot.remoteChecks).toHaveLength(1);
+    expect(snapshot.remoteChecks![0].passed).toBe(false);
+  });
+  test('stale cached remote failures do not affect local-only readiness', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: false, message: 'API unreachable' }],
+    );
+    service.registerProbe(probe);
+    // Prime remote cache with a failing check
+    await service.getReadiness('sms', true);
+    // Age snapshot beyond TTL so remote checks are stale
+    const cached = (service as unknown as { snapshots: Map<string, { checkedAt: number }> }).snapshots.get('sms::__default__')!;
+    cached.checkedAt = Date.now() - REMOTE_TTL_MS - 1;
+    // Local-only call should not be blocked by stale remote failure
+    const [snapshot] = await service.getReadiness('sms', false);
+    expect(snapshot.stale).toBe(true);
+    expect(snapshot.ready).toBe(true);
+    expect(snapshot.reasons).toEqual([]);
+  });
+  test('remote cache is scoped per assistantId', async () => {
+    const remoteCalls: Record<string, number> = {};
+    const probe: ChannelProbe = {
+      channel: 'sms',
+      runLocalChecks: () => [{ name: 'local', passed: true, message: 'ok' }],
+      async runRemoteChecks(context) {
+        const key = context?.assistantId ?? '__default__';
+        remoteCalls[key] = (remoteCalls[key] ?? 0) + 1;
+        return [{ name: 'remote', passed: true, message: `ok-${key}` }];
+      },
+    };
+    service.registerProbe(probe);
+    await service.getReadiness('sms', true, 'ast-alpha');
+    await service.getReadiness('sms', true, 'ast-beta');
+    await service.getReadiness('sms', true, 'ast-alpha');
+    expect(remoteCalls['ast-alpha']).toBe(1);
+    expect(remoteCalls['ast-beta']).toBe(1);
+  });
 });