@vellumai/assistant 0.4.1 → 0.4.3

package/src/__tests__/guardian-routing-invariants.test.ts

@@ -271,7 +271,7 @@ describe('routing invariant: identity checks enforced before decisions', () => {
     expect(result.applied).toBe(true);
   });
 
-  test('request with no guardian binding accepts any actor', async () => {
+  test('request with no guardian binding rejects non-trusted actor', async () => {
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'channel',
@@ -286,7 +286,9 @@ describe('routing invariant: identity checks enforced before decisions', () => {
       actorContext: guardianActor({ externalUserId: 'anyone' }),
     });
 
-    expect(result.applied).toBe(true);
+    expect(result.applied).toBe(false);
+    if (result.applied) return;
+    expect(result.reason).toBe('identity_mismatch');
   });
 
   test('identity mismatch on code-only message blocks detail leakage', async () => {
@@ -759,6 +761,45 @@ describe('routing invariant: disambiguation stays fail-closed', () => {
     const resolved = getCanonicalGuardianRequest(req.id);
     expect(resolved!.status).toBe('approved');
   });
+
+  test('code-based routing is constrained to caller-provided pendingRequestIds scope', async () => {
+    const inScope = createCanonicalGuardianRequest({
+      kind: 'tool_approval',
+      sourceType: 'channel',
+      conversationId: 'conv-1',
+      guardianExternalUserId: 'guardian-1',
+      requestCode: '111AAA',
+      toolName: 'shell',
+      expiresAt: new Date(Date.now() + 60_000).toISOString(),
+    });
+    const outOfScope = createCanonicalGuardianRequest({
+      kind: 'tool_approval',
+      sourceType: 'channel',
+      conversationId: 'conv-2',
+      guardianExternalUserId: 'guardian-1',
+      requestCode: '222BBB',
+      toolName: 'shell',
+      expiresAt: new Date(Date.now() + 60_000).toISOString(),
+    });
+    registerPendingToolApprovalInteraction(inScope.id, 'conv-1', 'shell');
+    registerPendingToolApprovalInteraction(outOfScope.id, 'conv-2', 'shell');
+
+    const result = await routeGuardianReply(replyCtx({
+      messageText: '222BBB approve',
+      conversationId: 'conv-guardian-thread',
+      pendingRequestIds: [inScope.id],
+      approvalConversationGenerator: undefined,
+    }));
+
+    expect(result.consumed).toBe(false);
+    expect(result.type).toBe('not_consumed');
+    expect(result.decisionApplied).toBe(false);
+
+    const inScopeAfter = getCanonicalGuardianRequest(inScope.id);
+    const outOfScopeAfter = getCanonicalGuardianRequest(outOfScope.id);
+    expect(inScopeAfter!.status).toBe('pending');
+    expect(outOfScopeAfter!.status).toBe('pending');
+  });
 });
 
 // ===========================================================================
@@ -907,14 +948,14 @@ describe('routing invariant: callback buttons route through canonical primitive'
 });
 
 // ===========================================================================
-// SECTION 9: Destination hint-based NL approval for missing guardianExternalUserId
+// SECTION 9: Destination hints do not bypass identity binding for tool_approval
 // ===========================================================================
 
-describe('routing invariant: destination hints enable NL approval without guardianExternalUserId', () => {
+describe('routing invariant: destination hints do not bypass tool_approval identity binding', () => {
   beforeEach(() => resetTables());
 
-  test('explicit pendingRequestIds from destination hints allows deterministic plain-text approval when guardianExternalUserId is missing', async () => {
-    // Voice-originated pending_question: no guardianExternalUserId
+  test('explicit pendingRequestIds still fail closed when guardianExternalUserId is missing', async () => {
+    // Voice-originated tool approval with missing guardian identity binding.
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
@@ -939,11 +980,11 @@ describe('routing invariant: destination hints enable NL approval without guardi
     }));
 
     expect(result.consumed).toBe(true);
-    expect(result.type).toBe('canonical_decision_applied');
-    expect(result.decisionApplied).toBe(true);
+    expect(result.type).toBe('canonical_decision_stale');
+    expect(result.decisionApplied).toBe(false);
 
     const resolved = getCanonicalGuardianRequest(req.id);
-    expect(resolved!.status).toBe('approved');
+    expect(resolved!.status).toBe('pending');
   });
 
   test('without destination hints, missing guardianExternalUserId means no pending requests found', async () => {

package/src/__tests__/handlers-user-message-approval-consumption.test.ts

@@ -3,7 +3,7 @@ import * as net from 'node:net';
 import { beforeEach, describe, expect, mock, test } from 'bun:test';
 
 import type { HandlerContext } from '../daemon/handlers.js';
-import type { UserMessage } from '../daemon/ipc-contract.js';
+import type { ConfirmationResponse, UserMessage } from '../daemon/ipc-contract.js';
 import type { ServerMessage } from '../daemon/ipc-protocol.js';
 import { DebouncerMap } from '../util/debounce.js';
 
@@ -12,8 +12,13 @@ const routeGuardianReplyMock = mock(async () => ({
   decisionApplied: false,
   type: 'not_consumed' as const,
 })) as any;
+const createCanonicalGuardianRequestMock = mock(() => ({
+  id: 'canonical-id',
+}));
+const generateCanonicalRequestCodeMock = mock(() => 'ABC123');
 const listPendingByDestinationMock = mock(() => [] as Array<{ id: string; kind?: string }>);
 const listCanonicalMock = mock(() => [] as Array<{ id: string }>);
+const resolveCanonicalGuardianRequestMock = mock(() => null as { id: string } | null);
 const getByConversationMock = mock(
   () => [] as Array<{
     requestId: string;
@@ -21,6 +26,7 @@ const getByConversationMock = mock(
     session?: unknown;
   }>,
 );
+const registerMock = mock(() => {});
 const resolveMock = mock(() => undefined as unknown);
 const addMessageMock = mock(async () => ({ id: 'persisted-message-id' }));
 const getConfigMock = mock(() => ({
@@ -33,11 +39,15 @@ mock.module('../runtime/guardian-reply-router.js', () => ({
 }));
 
 mock.module('../memory/canonical-guardian-store.js', () => ({
+  createCanonicalGuardianRequest: createCanonicalGuardianRequestMock,
+  generateCanonicalRequestCode: generateCanonicalRequestCodeMock,
   listPendingCanonicalGuardianRequestsByDestinationConversation: listPendingByDestinationMock,
   listCanonicalGuardianRequests: listCanonicalMock,
+  resolveCanonicalGuardianRequest: resolveCanonicalGuardianRequestMock,
 }));
 
 mock.module('../runtime/pending-interactions.js', () => ({
+  register: registerMock,
   getByConversation: getByConversationMock,
   resolve: resolveMock,
 }));
@@ -72,7 +82,7 @@ mock.module('../util/logger.js', () => ({
   }),
 }));
 
-import { handleUserMessage } from '../daemon/handlers/sessions.js';
+import { handleConfirmationResponse, handleUserMessage } from '../daemon/handlers/sessions.js';
 
 interface TestSession {
   messages: Array<{ role: string; content: unknown[] }>;
@@ -151,8 +161,12 @@ function makeSession(overrides: Partial<TestSession> = {}): TestSession {
 describe('handleUserMessage pending-confirmation reply interception', () => {
   beforeEach(() => {
     routeGuardianReplyMock.mockClear();
+    createCanonicalGuardianRequestMock.mockClear();
+    generateCanonicalRequestCodeMock.mockClear();
     listPendingByDestinationMock.mockClear();
     listCanonicalMock.mockClear();
+    resolveCanonicalGuardianRequestMock.mockClear();
+    registerMock.mockClear();
     getByConversationMock.mockClear();
     resolveMock.mockClear();
     addMessageMock.mockClear();
@@ -224,6 +238,28 @@ describe('handleUserMessage pending-confirmation reply interception', () => {
     expect(requestComplete?.runStillActive).toBe(false);
   });
 
+  test('consumes decision replies even when queue depth is non-zero', async () => {
+    listPendingByDestinationMock.mockReturnValue([{ id: 'req-1', kind: 'tool_approval' }]);
+    listCanonicalMock.mockReturnValue([{ id: 'req-1' }]);
+    routeGuardianReplyMock.mockResolvedValue({
+      consumed: true,
+      decisionApplied: true,
+      type: 'canonical_decision_applied',
+      requestId: 'req-1',
+    });
+
+    const session = makeSession({
+      getQueueDepth: () => 2,
+    });
+    const { ctx } = createContext(session);
+
+    await handleUserMessage(makeMessage('approve'), {} as net.Socket, ctx);
+
+    expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
+    expect((session.denyAllPendingConfirmations as any).mock.calls.length).toBe(0);
+    expect((session.enqueueMessage as any).mock.calls.length).toBe(0);
+  });
+
   test('does not mutate in-memory history while processing', async () => {
     listPendingByDestinationMock.mockReturnValue([{ id: 'req-1', kind: 'tool_approval' }]);
     listCanonicalMock.mockReturnValue([{ id: 'req-1' }]);
@@ -314,5 +350,128 @@ describe('handleUserMessage pending-confirmation reply interception', () => {
     // session-scoped interaction should be resolved.
     expect(resolveMock).toHaveBeenCalledTimes(1);
     expect(resolveMock).toHaveBeenCalledWith('req-live');
+    expect(resolveCanonicalGuardianRequestMock).toHaveBeenCalledTimes(1);
+    expect(resolveCanonicalGuardianRequestMock).toHaveBeenCalledWith(
+      'req-live',
+      'pending',
+      { status: 'denied' },
+    );
+  });
+
+  test('registers IPC confirmation events for NL approval routing', async () => {
+    const session = makeSession({
+      hasAnyPendingConfirmation: () => false,
+      enqueueMessage: mock(() => ({ queued: false, requestId: 'direct-id' })),
+      processMessage: async (_content, _attachments, onEvent) => {
+        (onEvent as (msg: ServerMessage) => void)({
+          type: 'confirmation_request',
+          requestId: 'req-confirm-1',
+          toolName: 'call_start',
+          input: { phone_number: '+18084436762' },
+          riskLevel: 'high',
+          executionTarget: 'host',
+          allowlistOptions: [],
+          scopeOptions: [],
+          persistentDecisionsAllowed: false,
+        } as ServerMessage);
+        return 'msg-id';
+      },
+    });
+    const { ctx, sent } = createContext(session);
+
+    await handleUserMessage(makeMessage('please call now'), {} as net.Socket, ctx);
+
+    expect(registerMock).toHaveBeenCalledTimes(1);
+    expect(registerMock).toHaveBeenCalledWith(
+      'req-confirm-1',
+      expect.objectContaining({
+        conversationId: 'conv-1',
+        kind: 'confirmation',
+        session,
+        confirmationDetails: expect.objectContaining({
+          toolName: 'call_start',
+          riskLevel: 'high',
+          executionTarget: 'host',
+        }),
+      }),
+    );
+    expect(createCanonicalGuardianRequestMock).toHaveBeenCalledTimes(1);
+    expect(createCanonicalGuardianRequestMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        id: 'req-confirm-1',
+        kind: 'tool_approval',
+        sourceType: 'desktop',
+        sourceChannel: 'vellum',
+        conversationId: 'conv-1',
+        toolName: 'call_start',
+        status: 'pending',
+        requestCode: 'ABC123',
+      }),
+    );
+    expect(sent.some((event) => event.type === 'confirmation_request')).toBe(true);
+  });
+
+  test('syncs canonical status to approved for IPC allow decisions', () => {
+    const session = {
+      hasPendingConfirmation: (requestId: string) => requestId === 'req-confirm-allow',
+      handleConfirmationResponse: mock(() => {}),
+    };
+    const { ctx } = createContext(makeSession());
+    ctx.sessions.set('conv-1', session as any);
+
+    const msg: ConfirmationResponse = {
+      type: 'confirmation_response',
+      requestId: 'req-confirm-allow',
+      decision: 'always_allow',
+    };
+
+    handleConfirmationResponse(msg, {} as net.Socket, ctx);
+
+    expect((session.handleConfirmationResponse as any).mock.calls.length).toBe(1);
+    expect((session.handleConfirmationResponse as any).mock.calls[0]).toEqual([
+      'req-confirm-allow',
+      'always_allow',
+      undefined,
+      undefined,
+    ]);
+    expect(resolveCanonicalGuardianRequestMock).toHaveBeenCalledWith(
+      'req-confirm-allow',
+      'pending',
+      { status: 'approved' },
+    );
+    expect(resolveMock).toHaveBeenCalledWith('req-confirm-allow');
+  });
+
+  test('syncs canonical status to denied for IPC deny decisions in CU sessions', () => {
+    const cuSession = {
+      hasPendingConfirmation: (requestId: string) => requestId === 'req-confirm-deny',
+      handleConfirmationResponse: mock(() => {}),
+    };
+    const { ctx } = createContext(makeSession({
+      hasPendingConfirmation: () => false,
+    }));
+    ctx.cuSessions.set('cu-1', cuSession as any);
+
+    const msg: ConfirmationResponse = {
+      type: 'confirmation_response',
+      requestId: 'req-confirm-deny',
+      decision: 'always_deny',
+    };
+
+    handleConfirmationResponse(msg, {} as net.Socket, ctx);
+
+    expect((cuSession.handleConfirmationResponse as any).mock.calls.length).toBe(1);
+    expect((cuSession.handleConfirmationResponse as any).mock.calls[0]).toEqual([
+      'req-confirm-deny',
+      'always_deny',
+      undefined,
+      undefined,
+    ]);
+    expect(resolveCanonicalGuardianRequestMock).toHaveBeenCalledWith(
+      'req-confirm-deny',
+      'pending',
+      { status: 'denied' },
+    );
+    expect(resolveMock).toHaveBeenCalledWith('req-confirm-deny');
   });
 });

package/src/__tests__/inbound-invite-redemption.test.ts

@@ -28,7 +28,6 @@ mock.module('../util/platform.js', () => ({
   getDbPath: () => join(testDir, 'test.db'),
   getLogPath: () => join(testDir, 'test.log'),
   ensureDataDir: () => {},
-  normalizeAssistantId: (id: string) => id === 'self' ? 'self' : id,
   readHttpToken: () => 'test-bearer-token',
 }));
 

package/src/__tests__/ingress-routes-http.test.ts

@@ -492,6 +492,8 @@ describe('voice invite HTTP routes', () => {
       body: JSON.stringify({
         sourceChannel: 'voice',
         expectedExternalUserId: '+15551234567',
+        friendName: 'Alice',
+        guardianName: 'Bob',
         maxUses: 3,
       }),
     });
@@ -514,6 +516,9 @@ describe('voice invite HTTP routes', () => {
     expect(invite.voiceCodeDigits).toBe(6);
     // expectedExternalUserId should be recorded
     expect(invite.expectedExternalUserId).toBe('+15551234567');
+    // friendName and guardianName should be recorded
+    expect(invite.friendName).toBe('Alice');
+    expect(invite.guardianName).toBe('Bob');
   });
 
   test('voice invite creation requires expectedExternalUserId', async () => {
@@ -522,6 +527,8 @@ describe('voice invite HTTP routes', () => {
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({
         sourceChannel: 'voice',
+        friendName: 'Alice',
+        guardianName: 'Bob',
       }),
     });
 
@@ -540,6 +547,8 @@ describe('voice invite HTTP routes', () => {
       body: JSON.stringify({
         sourceChannel: 'voice',
         expectedExternalUserId: 'not-a-phone-number',
+        friendName: 'Alice',
+        guardianName: 'Bob',
       }),
     });
 
@@ -551,6 +560,44 @@ describe('voice invite HTTP routes', () => {
     expect(body.error).toContain('E.164');
   });
 
+  test('voice invite creation requires friendName', async () => {
+    const req = new Request('http://localhost/v1/ingress/invites', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sourceChannel: 'voice',
+        expectedExternalUserId: '+15551234567',
+        guardianName: 'Bob',
+      }),
+    });
+
+    const res = await handleCreateInvite(req);
+    const body = await res.json() as Record<string, unknown>;
+
+    expect(res.status).toBe(400);
+    expect(body.ok).toBe(false);
+    expect(body.error).toContain('friendName');
+  });
+
+  test('voice invite creation requires guardianName', async () => {
+    const req = new Request('http://localhost/v1/ingress/invites', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sourceChannel: 'voice',
+        expectedExternalUserId: '+15551234567',
+        friendName: 'Alice',
+      }),
+    });
+
+    const res = await handleCreateInvite(req);
+    const body = await res.json() as Record<string, unknown>;
+
+    expect(res.status).toBe(400);
+    expect(body.ok).toBe(false);
+    expect(body.error).toContain('guardianName');
+  });
+
   test('voiceCodeDigits is always 6 — custom values are ignored', async () => {
     const req = new Request('http://localhost/v1/ingress/invites', {
       method: 'POST',
@@ -558,6 +605,8 @@ describe('voice invite HTTP routes', () => {
       body: JSON.stringify({
         sourceChannel: 'voice',
         expectedExternalUserId: '+15551234567',
+        friendName: 'Alice',
+        guardianName: 'Bob',
         voiceCodeDigits: 8,
       }),
     });
@@ -579,6 +628,8 @@ describe('voice invite HTTP routes', () => {
       body: JSON.stringify({
         sourceChannel: 'voice',
         expectedExternalUserId: '+15551234567',
+        friendName: 'Alice',
+        guardianName: 'Bob',
       }),
     });
 
@@ -600,6 +651,8 @@ describe('voice invite HTTP routes', () => {
       body: JSON.stringify({
         sourceChannel: 'voice',
         expectedExternalUserId: '+15551234567',
+        friendName: 'Alice',
+        guardianName: 'Bob',
         maxUses: 1,
       }),
     }));
@@ -648,6 +701,8 @@ describe('voice invite HTTP routes', () => {
       body: JSON.stringify({
         sourceChannel: 'voice',
         expectedExternalUserId: '+15551234567',
+        friendName: 'Alice',
+        guardianName: 'Bob',
         maxUses: 1,
       }),
     }));

package/src/__tests__/non-member-access-request.test.ts

@@ -30,7 +30,6 @@ mock.module('../util/platform.js', () => ({
   getDbPath: () => join(testDir, 'test.db'),
   getLogPath: () => join(testDir, 'test.log'),
   ensureDataDir: () => {},
-  normalizeAssistantId: (id: string) => id === 'self' ? 'self' : id,
   readHttpToken: () => 'test-bearer-token',
 }));
 
@@ -437,6 +436,34 @@ describe('access-request-helper unit tests', () => {
     expect(payload.guardianBindingChannel).toBe('telegram');
   });
 
+  test('notifyGuardianOfAccessRequest for voice channel includes senderName in contextPayload', () => {
+    const result = notifyGuardianOfAccessRequest({
+      canonicalAssistantId: 'self',
+      sourceChannel: 'voice',
+      externalChatId: '+15559998888',
+      senderExternalUserId: '+15559998888',
+      senderName: 'Alice Caller',
+    });
+
+    expect(result.notified).toBe(true);
+    expect(emitSignalCalls.length).toBe(1);
+
+    const payload = emitSignalCalls[0].contextPayload as Record<string, unknown>;
+    expect(payload.sourceChannel).toBe('voice');
+    expect(payload.senderName).toBe('Alice Caller');
+    expect(payload.senderExternalUserId).toBe('+15559998888');
+    expect(payload.senderIdentifier).toBe('Alice Caller');
+
+    // Canonical request should exist
+    const pending = listCanonicalGuardianRequests({
+      status: 'pending',
+      requesterExternalUserId: '+15559998888',
+      sourceChannel: 'voice',
+      kind: 'access_request',
+    });
+    expect(pending.length).toBe(1);
+  });
+
   test('notifyGuardianOfAccessRequest includes requestCode in contextPayload', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',

package/src/__tests__/notification-decision-strategy.test.ts

@@ -196,6 +196,50 @@ describe('notification decision strategy', () => {
       expect(copy.vellum!.body).toContain('open invite flow');
     });
 
+    test('ingress.access_request template includes caller name for voice-originated requests', () => {
+      // In production, senderIdentifier resolves to senderName for voice
+      // calls (senderName || senderUsername || senderExternalUserId), so
+      // both values are the caller's name. The phone number arrives via
+      // senderExternalUserId and should appear in the parenthetical.
+      const signal = makeSignal({
+        sourceEventName: 'ingress.access_request',
+        contextPayload: {
+          senderIdentifier: 'Alice Smith',
+          senderName: 'Alice Smith',
+          senderExternalUserId: '+15559998888',
+          sourceChannel: 'voice',
+          requestCode: 'V1C2E3',
+        },
+      });
+
+      const copy = composeFallbackCopy(signal, channels);
+      expect(copy.vellum).toBeDefined();
+      expect(copy.vellum!.title).toBe('Access Request');
+      // Voice-originated requests should include the caller name and phone number in parentheses
+      expect(copy.vellum!.body).toContain('Alice Smith');
+      expect(copy.vellum!.body).toContain('(+15559998888)');
+      expect(copy.vellum!.body).toContain('calling');
+    });
+
+    test('ingress.access_request template falls back to non-voice copy when sourceChannel is not voice', () => {
+      const signal = makeSignal({
+        sourceEventName: 'ingress.access_request',
+        contextPayload: {
+          senderIdentifier: 'user-123',
+          senderName: 'Bob Jones',
+          sourceChannel: 'telegram',
+          requestCode: 'T1G2M3',
+        },
+      });
+
+      const copy = composeFallbackCopy(signal, channels);
+      expect(copy.vellum).toBeDefined();
+      // Non-voice should use the standard "requesting access" text, not "calling"
+      expect(copy.vellum!.body).toContain('user-123');
+      expect(copy.vellum!.body).toContain('requesting access');
+      expect(copy.vellum!.body).not.toContain('calling');
+    });
+
     test('ingress.access_request Telegram deliveryText is concise', () => {
       const signal = makeSignal({
         sourceEventName: 'ingress.access_request',