@vellumai/assistant 0.4.1 → 0.4.2

package/src/__tests__/handlers-user-message-approval-consumption.test.ts

@@ -3,7 +3,7 @@ import * as net from 'node:net';
 import { beforeEach, describe, expect, mock, test } from 'bun:test';
 
 import type { HandlerContext } from '../daemon/handlers.js';
-import type { UserMessage } from '../daemon/ipc-contract.js';
+import type { ConfirmationResponse, UserMessage } from '../daemon/ipc-contract.js';
 import type { ServerMessage } from '../daemon/ipc-protocol.js';
 import { DebouncerMap } from '../util/debounce.js';
 
@@ -12,8 +12,13 @@ const routeGuardianReplyMock = mock(async () => ({
   decisionApplied: false,
   type: 'not_consumed' as const,
 })) as any;
+const createCanonicalGuardianRequestMock = mock(() => ({
+  id: 'canonical-id',
+}));
+const generateCanonicalRequestCodeMock = mock(() => 'ABC123');
 const listPendingByDestinationMock = mock(() => [] as Array<{ id: string; kind?: string }>);
 const listCanonicalMock = mock(() => [] as Array<{ id: string }>);
+const resolveCanonicalGuardianRequestMock = mock(() => null as { id: string } | null);
 const getByConversationMock = mock(
   () => [] as Array<{
     requestId: string;
@@ -21,6 +26,7 @@ const getByConversationMock = mock(
     session?: unknown;
   }>,
 );
+const registerMock = mock(() => {});
 const resolveMock = mock(() => undefined as unknown);
 const addMessageMock = mock(async () => ({ id: 'persisted-message-id' }));
 const getConfigMock = mock(() => ({
@@ -33,11 +39,15 @@ mock.module('../runtime/guardian-reply-router.js', () => ({
 }));
 
 mock.module('../memory/canonical-guardian-store.js', () => ({
+  createCanonicalGuardianRequest: createCanonicalGuardianRequestMock,
+  generateCanonicalRequestCode: generateCanonicalRequestCodeMock,
   listPendingCanonicalGuardianRequestsByDestinationConversation: listPendingByDestinationMock,
   listCanonicalGuardianRequests: listCanonicalMock,
+  resolveCanonicalGuardianRequest: resolveCanonicalGuardianRequestMock,
 }));
 
 mock.module('../runtime/pending-interactions.js', () => ({
+  register: registerMock,
   getByConversation: getByConversationMock,
   resolve: resolveMock,
 }));
@@ -72,7 +82,7 @@ mock.module('../util/logger.js', () => ({
   }),
 }));
 
-import { handleUserMessage } from '../daemon/handlers/sessions.js';
+import { handleConfirmationResponse, handleUserMessage } from '../daemon/handlers/sessions.js';
 
 interface TestSession {
   messages: Array<{ role: string; content: unknown[] }>;
@@ -151,8 +161,12 @@ function makeSession(overrides: Partial<TestSession> = {}): TestSession {
 describe('handleUserMessage pending-confirmation reply interception', () => {
   beforeEach(() => {
     routeGuardianReplyMock.mockClear();
+    createCanonicalGuardianRequestMock.mockClear();
+    generateCanonicalRequestCodeMock.mockClear();
     listPendingByDestinationMock.mockClear();
     listCanonicalMock.mockClear();
+    resolveCanonicalGuardianRequestMock.mockClear();
+    registerMock.mockClear();
     getByConversationMock.mockClear();
     resolveMock.mockClear();
     addMessageMock.mockClear();
@@ -224,6 +238,28 @@ describe('handleUserMessage pending-confirmation reply interception', () => {
     expect(requestComplete?.runStillActive).toBe(false);
   });
 
+  test('consumes decision replies even when queue depth is non-zero', async () => {
+    listPendingByDestinationMock.mockReturnValue([{ id: 'req-1', kind: 'tool_approval' }]);
+    listCanonicalMock.mockReturnValue([{ id: 'req-1' }]);
+    routeGuardianReplyMock.mockResolvedValue({
+      consumed: true,
+      decisionApplied: true,
+      type: 'canonical_decision_applied',
+      requestId: 'req-1',
+    });
+
+    const session = makeSession({
+      getQueueDepth: () => 2,
+    });
+    const { ctx } = createContext(session);
+
+    await handleUserMessage(makeMessage('approve'), {} as net.Socket, ctx);
+
+    expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
+    expect((session.denyAllPendingConfirmations as any).mock.calls.length).toBe(0);
+    expect((session.enqueueMessage as any).mock.calls.length).toBe(0);
+  });
+
   test('does not mutate in-memory history while processing', async () => {
     listPendingByDestinationMock.mockReturnValue([{ id: 'req-1', kind: 'tool_approval' }]);
     listCanonicalMock.mockReturnValue([{ id: 'req-1' }]);
@@ -314,5 +350,128 @@ describe('handleUserMessage pending-confirmation reply interception', () => {
     // session-scoped interaction should be resolved.
     expect(resolveMock).toHaveBeenCalledTimes(1);
     expect(resolveMock).toHaveBeenCalledWith('req-live');
+    expect(resolveCanonicalGuardianRequestMock).toHaveBeenCalledTimes(1);
+    expect(resolveCanonicalGuardianRequestMock).toHaveBeenCalledWith(
+      'req-live',
+      'pending',
+      { status: 'denied' },
+    );
+  });
+
+  test('registers IPC confirmation events for NL approval routing', async () => {
+    const session = makeSession({
+      hasAnyPendingConfirmation: () => false,
+      enqueueMessage: mock(() => ({ queued: false, requestId: 'direct-id' })),
+      processMessage: async (_content, _attachments, onEvent) => {
+        (onEvent as (msg: ServerMessage) => void)({
+          type: 'confirmation_request',
+          requestId: 'req-confirm-1',
+          toolName: 'call_start',
+          input: { phone_number: '+18084436762' },
+          riskLevel: 'high',
+          executionTarget: 'host',
+          allowlistOptions: [],
+          scopeOptions: [],
+          persistentDecisionsAllowed: false,
+        } as ServerMessage);
+        return 'msg-id';
+      },
+    });
+    const { ctx, sent } = createContext(session);
+
+    await handleUserMessage(makeMessage('please call now'), {} as net.Socket, ctx);
+
+    expect(registerMock).toHaveBeenCalledTimes(1);
+    expect(registerMock).toHaveBeenCalledWith(
+      'req-confirm-1',
+      expect.objectContaining({
+        conversationId: 'conv-1',
+        kind: 'confirmation',
+        session,
+        confirmationDetails: expect.objectContaining({
+          toolName: 'call_start',
+          riskLevel: 'high',
+          executionTarget: 'host',
+        }),
+      }),
+    );
+    expect(createCanonicalGuardianRequestMock).toHaveBeenCalledTimes(1);
+    expect(createCanonicalGuardianRequestMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        id: 'req-confirm-1',
+        kind: 'tool_approval',
+        sourceType: 'desktop',
+        sourceChannel: 'vellum',
+        conversationId: 'conv-1',
+        toolName: 'call_start',
+        status: 'pending',
+        requestCode: 'ABC123',
+      }),
+    );
+    expect(sent.some((event) => event.type === 'confirmation_request')).toBe(true);
+  });
+
+  test('syncs canonical status to approved for IPC allow decisions', () => {
+    const session = {
+      hasPendingConfirmation: (requestId: string) => requestId === 'req-confirm-allow',
+      handleConfirmationResponse: mock(() => {}),
+    };
+    const { ctx } = createContext(makeSession());
+    ctx.sessions.set('conv-1', session as any);
+
+    const msg: ConfirmationResponse = {
+      type: 'confirmation_response',
+      requestId: 'req-confirm-allow',
+      decision: 'always_allow',
+    };
+
+    handleConfirmationResponse(msg, {} as net.Socket, ctx);
+
+    expect((session.handleConfirmationResponse as any).mock.calls.length).toBe(1);
+    expect((session.handleConfirmationResponse as any).mock.calls[0]).toEqual([
+      'req-confirm-allow',
+      'always_allow',
+      undefined,
+      undefined,
+    ]);
+    expect(resolveCanonicalGuardianRequestMock).toHaveBeenCalledWith(
+      'req-confirm-allow',
+      'pending',
+      { status: 'approved' },
+    );
+    expect(resolveMock).toHaveBeenCalledWith('req-confirm-allow');
+  });
+
+  test('syncs canonical status to denied for IPC deny decisions in CU sessions', () => {
+    const cuSession = {
+      hasPendingConfirmation: (requestId: string) => requestId === 'req-confirm-deny',
+      handleConfirmationResponse: mock(() => {}),
+    };
+    const { ctx } = createContext(makeSession({
+      hasPendingConfirmation: () => false,
+    }));
+    ctx.cuSessions.set('cu-1', cuSession as any);
+
+    const msg: ConfirmationResponse = {
+      type: 'confirmation_response',
+      requestId: 'req-confirm-deny',
+      decision: 'always_deny',
+    };
+
+    handleConfirmationResponse(msg, {} as net.Socket, ctx);
+
+    expect((cuSession.handleConfirmationResponse as any).mock.calls.length).toBe(1);
+    expect((cuSession.handleConfirmationResponse as any).mock.calls[0]).toEqual([
+      'req-confirm-deny',
+      'always_deny',
+      undefined,
+      undefined,
+    ]);
+    expect(resolveCanonicalGuardianRequestMock).toHaveBeenCalledWith(
+      'req-confirm-deny',
+      'pending',
+      { status: 'denied' },
+    );
+    expect(resolveMock).toHaveBeenCalledWith('req-confirm-deny');
   });
 });

package/src/__tests__/send-endpoint-busy.test.ts

@@ -55,6 +55,7 @@ import { getDb, initializeDb, resetDb } from '../memory/db.js';
 import type { AssistantEvent } from '../runtime/assistant-event.js';
 import { AssistantEventHub } from '../runtime/assistant-event-hub.js';
 import { RuntimeHttpServer } from '../runtime/http-server.js';
+import type { ApprovalConversationGenerator } from '../runtime/http-types.js';
 import * as pendingInteractions from '../runtime/pending-interactions.js';
 
 initializeDb();
@@ -135,13 +136,18 @@ function makeHangingSession(): Session {
   } as unknown as Session;
 }
 
-function makePendingApprovalSession(requestId: string, processing: boolean): {
+function makePendingApprovalSession(
+  requestId: string,
+  processing: boolean,
+  options?: { queueDepth?: number },
+): {
   session: Session;
   runAgentLoopMock: ReturnType<typeof mock>;
   enqueueMessageMock: ReturnType<typeof mock>;
   denyAllPendingConfirmationsMock: ReturnType<typeof mock>;
   handleConfirmationResponseMock: ReturnType<typeof mock>;
 } {
+  const queueDepth = options?.queueDepth ?? 0;
   const pending = new Set([requestId]);
   const messages: unknown[] = [];
   const runAgentLoopMock = mock(async () => {});
@@ -170,7 +176,7 @@ function makePendingApprovalSession(requestId: string, processing: boolean): {
     hasAnyPendingConfirmation: () => pending.size > 0,
     hasPendingConfirmation: (candidateRequestId: string) => pending.has(candidateRequestId),
     denyAllPendingConfirmations: denyAllPendingConfirmationsMock,
-    getQueueDepth: () => 0,
+    getQueueDepth: () => queueDepth,
     enqueueMessage: enqueueMessageMock,
     runAgentLoop: runAgentLoopMock,
     handleConfirmationResponse: handleConfirmationResponseMock,
@@ -215,11 +221,15 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
     try { rmSync(testDir, { recursive: true, force: true }); } catch { /* best effort */ }
   });
 
-  async function startServer(sessionFactory: () => Session): Promise<void> {
+  async function startServer(
+    sessionFactory: () => Session,
+    options?: { approvalConversationGenerator?: ApprovalConversationGenerator },
+  ): Promise<void> {
     port = 19000 + Math.floor(Math.random() * 1000);
     server = new RuntimeHttpServer({
       port,
       bearerToken: TEST_TOKEN,
+      approvalConversationGenerator: options?.approvalConversationGenerator,
       sendMessageDeps: {
         getOrCreateSession: async () => sessionFactory(),
         assistantEventHub: eventHub,
@@ -349,6 +359,67 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
     await stopServer();
   });
 
+  test('consumes natural-language approval text when approval conversation generator is configured', async () => {
+    const conversationKey = 'conv-inline-nl';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-nl';
+    const {
+      session,
+      runAgentLoopMock,
+      enqueueMessageMock,
+      denyAllPendingConfirmationsMock,
+      handleConfirmationResponseMock,
+    } = makePendingApprovalSession(requestId, false);
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'C0FFEE',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    const approvalConversationGenerator: ApprovalConversationGenerator = async (context) => ({
+      disposition: 'approve_once',
+      replyText: 'Approved.',
+      targetRequestId: context.pendingApprovals[0]?.requestId,
+    });
+
+    await startServer(() => session, { approvalConversationGenerator });
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: "sure let's do that",
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    expect(body.queued).toBeUndefined();
+    expect(handleConfirmationResponseMock).toHaveBeenCalledTimes(1);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(0);
+    expect(enqueueMessageMock).toHaveBeenCalledTimes(0);
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(0);
+
+    await stopServer();
+  });
+
   test('consumes explicit approval text while busy instead of auto-denying and queueing', async () => {
     const conversationKey = 'conv-inline-busy';
     const { conversationId } = getOrCreateConversation(conversationKey);
@@ -404,6 +475,61 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
     await stopServer();
   });
 
+  test('consumes explicit approval text while busy even when queue depth is non-zero', async () => {
+    const conversationKey = 'conv-inline-busy-queued';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-busy-queued';
+    const {
+      session,
+      runAgentLoopMock,
+      enqueueMessageMock,
+      denyAllPendingConfirmationsMock,
+      handleConfirmationResponseMock,
+    } = makePendingApprovalSession(requestId, true, { queueDepth: 2 });
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'Q2D456',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    await startServer(() => session);
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: 'approve',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    expect(body.queued).toBeUndefined();
+    expect(handleConfirmationResponseMock).toHaveBeenCalledTimes(1);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(0);
+    expect(enqueueMessageMock).toHaveBeenCalledTimes(0);
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(0);
+
+    await stopServer();
+  });
+
   test('consumes explicit rejection text when a single pending confirmation exists (idle)', async () => {
     const conversationKey = 'conv-inline-reject';
     const { conversationId } = getOrCreateConversation(conversationKey);

package/src/approvals/guardian-decision-primitive.ts

@@ -349,7 +349,28 @@ export async function applyCanonicalGuardianDecision(
   }
 
   // 2c. Validate identity: actor must match guardian_external_user_id
-  // unless the actor is trusted (desktop) or the request has no guardian binding.
+  // unless the actor is trusted (desktop).
+  //
+  // Channel tool-approval requests must always be identity-bound. Treat
+  // missing guardianExternalUserId as unauthorized (fail-closed) so a
+  // non-guardian actor can never approve an unbound request.
+  if (
+    !actorContext.isTrusted &&
+    request.kind === 'tool_approval' &&
+    !request.guardianExternalUserId
+  ) {
+    log.warn(
+      {
+        event: 'canonical_decision_missing_guardian_binding',
+        requestId,
+        kind: request.kind,
+        sourceType: request.sourceType,
+      },
+      'Canonical tool approval missing guardian binding; rejecting decision',
+    );
+    return { applied: false, reason: 'identity_mismatch', detail: 'missing guardian binding' };
+  }
+
   if (
     request.guardianExternalUserId &&
     !actorContext.isTrusted &&

package/src/daemon/handlers/sessions.ts

@@ -7,8 +7,11 @@ import { type InterfaceId,isChannelId, parseChannelId, parseInterfaceId } from '
 import { getConfig } from '../../config/loader.js';
 import { getAttachmentsForMessage, getFilePathForAttachment, setAttachmentThumbnail } from '../../memory/attachments-store.js';
 import {
+  createCanonicalGuardianRequest,
+  generateCanonicalRequestCode,
   listCanonicalGuardianRequests,
   listPendingCanonicalGuardianRequestsByDestinationConversation,
+  resolveCanonicalGuardianRequest,
 } from '../../memory/canonical-guardian-store.js';
 import { getAttentionStateByConversationIds } from '../../memory/conversation-attention-store.js';
 import * as conversationStore from '../../memory/conversation-store.js';
@@ -47,6 +50,7 @@ import { normalizeThreadType } from '../ipc-protocol.js';
 import { executeRecordingIntent } from '../recording-executor.js';
 import { resolveRecordingIntent } from '../recording-intent.js';
 import { classifyRecordingIntentFallback, containsRecordingKeywords } from '../recording-intent-fallback.js';
+import type { Session } from '../session.js';
 import { buildSessionErrorMessage,classifySessionError } from '../session-error.js';
 import { resolveChannelCapabilities } from '../session-runtime-assembly.js';
 import { generateVideoThumbnail } from '../video-thumbnail.js';
@@ -66,6 +70,86 @@ import {
 
 const desktopApprovalConversationGenerator = createApprovalConversationGenerator();
 
+function syncCanonicalStatusFromIpcConfirmationDecision(
+  requestId: string,
+  decision: ConfirmationResponse['decision'],
+): void {
+  const targetStatus = decision === 'deny' || decision === 'always_deny'
+    ? 'denied' as const
+    : 'approved' as const;
+
+  try {
+    resolveCanonicalGuardianRequest(requestId, 'pending', { status: targetStatus });
+  } catch (err) {
+    log.debug(
+      { err, requestId, targetStatus },
+      'Failed to resolve canonical request from IPC confirmation response',
+    );
+  }
+}
+
+function makeIpcEventSender(params: {
+  ctx: HandlerContext;
+  socket: net.Socket;
+  session: Session;
+  conversationId: string;
+  sourceChannel: string;
+}): (event: ServerMessage) => void {
+  const {
+    ctx,
+    socket,
+    session,
+    conversationId,
+    sourceChannel,
+  } = params;
+
+  return (event: ServerMessage) => {
+    if (event.type === 'confirmation_request') {
+      pendingInteractions.register(event.requestId, {
+        session,
+        conversationId,
+        kind: 'confirmation',
+        confirmationDetails: {
+          toolName: event.toolName,
+          input: event.input,
+          riskLevel: event.riskLevel,
+          executionTarget: event.executionTarget,
+          allowlistOptions: event.allowlistOptions,
+          scopeOptions: event.scopeOptions,
+          persistentDecisionsAllowed: event.persistentDecisionsAllowed,
+        },
+      });
+
+      try {
+        createCanonicalGuardianRequest({
+          id: event.requestId,
+          kind: 'tool_approval',
+          sourceType: 'desktop',
+          sourceChannel,
+          conversationId,
+          toolName: event.toolName,
+          status: 'pending',
+          requestCode: generateCanonicalRequestCode(),
+          expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+        });
+      } catch (err) {
+        log.debug(
+          { err, requestId: event.requestId, conversationId },
+          'Failed to create canonical request from IPC confirmation event',
+        );
+      }
+    } else if (event.type === 'secret_request') {
+      pendingInteractions.register(event.requestId, {
+        session,
+        conversationId,
+        kind: 'secret',
+      });
+    }
+
+    ctx.send(socket, event);
+  };
+}
+
 export async function handleUserMessage(
   msg: UserMessage,
   socket: net.Socket,
@@ -83,8 +167,14 @@ export async function handleUserMessage(
       wireEscalationHandler(session, socket, ctx);
     }
 
-    const sendEvent = (event: ServerMessage) => ctx.send(socket, event);
     const ipcChannel = parseChannelId(msg.channel) ?? 'vellum';
+    const sendEvent = makeIpcEventSender({
+      ctx,
+      socket,
+      session,
+      conversationId: msg.sessionId,
+      sourceChannel: ipcChannel,
+    });
     const ipcInterface = parseInterfaceId(msg.interface);
     if (!ipcInterface) {
       ctx.send(socket, {
@@ -461,11 +551,13 @@ export async function handleUserMessage(
       }
     }
 
-    // If exactly one live turn is waiting on confirmation (no queued turns),
-    // try to consume this text as an inline approval decision first.
+    // If a live turn is waiting on confirmation, try to consume this text as
+    // an inline approval decision before auto-deny. We intentionally do not
+    // gate on queue depth: users often retry "approve"/"yes" while the queue
+    // is draining after a prior denial, and requiring an empty queue causes a
+    // deny/retry cascade where natural-language approvals never land.
     if (
       session.hasAnyPendingConfirmation()
-      && session.getQueueDepth() === 0
       && messageText.trim().length > 0
     ) {
       try {
@@ -598,6 +690,7 @@ export async function handleUserMessage(
       // stale request IDs are not reused as routing candidates.
       for (const interaction of pendingInteractions.getByConversation(msg.sessionId)) {
         if (interaction.session === session && interaction.kind === 'confirmation') {
+          syncCanonicalStatusFromIpcConfirmationDecision(interaction.requestId, 'deny');
           pendingInteractions.resolve(interaction.requestId);
         }
       }
@@ -638,6 +731,8 @@ export function handleConfirmationResponse(
         msg.selectedPattern,
         msg.selectedScope,
       );
+      syncCanonicalStatusFromIpcConfirmationDecision(msg.requestId, msg.decision);
+      pendingInteractions.resolve(msg.requestId);
       return;
     }
   }
@@ -651,6 +746,8 @@ export function handleConfirmationResponse(
         msg.selectedPattern,
         msg.selectedScope,
       );
+      syncCanonicalStatusFromIpcConfirmationDecision(msg.requestId, msg.decision);
+      pendingInteractions.resolve(msg.requestId);
       return;
     }
   }
@@ -670,6 +767,7 @@ export function handleSecretResponse(
     clearTimeout(standalone.timer);
     pendingStandaloneSecrets.delete(msg.requestId);
     standalone.resolve({ value: msg.value ?? null, delivery: msg.delivery ?? 'store' });
+    pendingInteractions.resolve(msg.requestId);
     return;
   }
 
@@ -680,6 +778,7 @@ export function handleSecretResponse(
     if (session.hasPendingSecret(msg.requestId)) {
       ctx.touchSession(sessionId);
       session.handleSecretResponse(msg.requestId, msg.value, msg.delivery);
+      pendingInteractions.resolve(msg.requestId);
       return;
     }
   }
@@ -780,11 +879,11 @@ export async function handleSessionCreate(
 
   // Auto-send the initial message if provided, kick-starting the skill.
   if (msg.initialMessage) {
-    // Queue title generation immediately (matches all other creation paths).
-    // The agent loop success path will also attempt title generation, but
-    // queueGenerateConversationTitle is safe to call redundantly — the
-    // replaceability check prevents double-writes. This ensures the title
-    // is generated even if the agent loop fails or is cancelled.
+    // Queue title generation eagerly — some processMessage paths (guardian
+    // replies, unknown slash commands) bypass the agent loop entirely, so
+    // we can't rely on the agent loop's early title generation alone.
+    // The agent loop also queues title generation, but isReplaceableTitle
+    // prevents double-writes since the first to complete sets a real title.
     if (title === GENERATING_TITLE) {
       queueGenerateConversationTitle({
         conversationId: conversation.id,
@@ -801,9 +900,15 @@ export async function handleSessionCreate(
     }
 
     ctx.socketToSession.set(socket, conversation.id);
-    const sendEvent = (event: ServerMessage) => ctx.send(socket, event);
     const requestId = uuid();
     const transportChannel = parseChannelId(msg.transport?.channelId) ?? 'vellum';
+    const sendEvent = makeIpcEventSender({
+      ctx,
+      socket,
+      session,
+      conversationId: conversation.id,
+      sourceChannel: transportChannel,
+    });
     session.setTurnChannelContext({
       userMessageChannel: transportChannel,
       assistantMessageChannel: transportChannel,
@@ -1136,7 +1241,16 @@ export async function handleRegenerate(
   }
   ctx.touchSession(msg.sessionId);
 
-  const sendEvent = (event: ServerMessage) => ctx.send(socket, event);
+  const regenerateChannel = parseChannelId(
+    session.getTurnChannelContext()?.assistantMessageChannel,
+  ) ?? 'vellum';
+  const sendEvent = makeIpcEventSender({
+    ctx,
+    socket,
+    session,
+    conversationId: msg.sessionId,
+    sourceChannel: regenerateChannel,
+  });
   const requestId = uuid();
   session.traceEmitter.emit('request_received', 'Regenerate requested', {
     requestId,