@vellumai/assistant 0.4.1 → 0.4.3

package/src/__tests__/send-endpoint-busy.test.ts

@@ -55,6 +55,7 @@ import { getDb, initializeDb, resetDb } from '../memory/db.js';
 import type { AssistantEvent } from '../runtime/assistant-event.js';
 import { AssistantEventHub } from '../runtime/assistant-event-hub.js';
 import { RuntimeHttpServer } from '../runtime/http-server.js';
+import type { ApprovalConversationGenerator } from '../runtime/http-types.js';
 import * as pendingInteractions from '../runtime/pending-interactions.js';
 
 initializeDb();
@@ -135,13 +136,18 @@ function makeHangingSession(): Session {
   } as unknown as Session;
 }
 
-function makePendingApprovalSession(requestId: string, processing: boolean): {
+function makePendingApprovalSession(
+  requestId: string,
+  processing: boolean,
+  options?: { queueDepth?: number },
+): {
   session: Session;
   runAgentLoopMock: ReturnType<typeof mock>;
   enqueueMessageMock: ReturnType<typeof mock>;
   denyAllPendingConfirmationsMock: ReturnType<typeof mock>;
   handleConfirmationResponseMock: ReturnType<typeof mock>;
 } {
+  const queueDepth = options?.queueDepth ?? 0;
   const pending = new Set([requestId]);
   const messages: unknown[] = [];
   const runAgentLoopMock = mock(async () => {});
@@ -170,7 +176,7 @@ function makePendingApprovalSession(requestId: string, processing: boolean): {
     hasAnyPendingConfirmation: () => pending.size > 0,
     hasPendingConfirmation: (candidateRequestId: string) => pending.has(candidateRequestId),
     denyAllPendingConfirmations: denyAllPendingConfirmationsMock,
-    getQueueDepth: () => 0,
+    getQueueDepth: () => queueDepth,
     enqueueMessage: enqueueMessageMock,
     runAgentLoop: runAgentLoopMock,
     handleConfirmationResponse: handleConfirmationResponseMock,
@@ -215,11 +221,15 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
     try { rmSync(testDir, { recursive: true, force: true }); } catch { /* best effort */ }
   });
 
-  async function startServer(sessionFactory: () => Session): Promise<void> {
+  async function startServer(
+    sessionFactory: () => Session,
+    options?: { approvalConversationGenerator?: ApprovalConversationGenerator },
+  ): Promise<void> {
     port = 19000 + Math.floor(Math.random() * 1000);
     server = new RuntimeHttpServer({
       port,
       bearerToken: TEST_TOKEN,
+      approvalConversationGenerator: options?.approvalConversationGenerator,
       sendMessageDeps: {
         getOrCreateSession: async () => sessionFactory(),
         assistantEventHub: eventHub,
@@ -349,6 +359,67 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
     await stopServer();
   });
 
+  test('consumes natural-language approval text when approval conversation generator is configured', async () => {
+    const conversationKey = 'conv-inline-nl';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-nl';
+    const {
+      session,
+      runAgentLoopMock,
+      enqueueMessageMock,
+      denyAllPendingConfirmationsMock,
+      handleConfirmationResponseMock,
+    } = makePendingApprovalSession(requestId, false);
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'C0FFEE',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    const approvalConversationGenerator: ApprovalConversationGenerator = async (context) => ({
+      disposition: 'approve_once',
+      replyText: 'Approved.',
+      targetRequestId: context.pendingApprovals[0]?.requestId,
+    });
+
+    await startServer(() => session, { approvalConversationGenerator });
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: "sure let's do that",
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    expect(body.queued).toBeUndefined();
+    expect(handleConfirmationResponseMock).toHaveBeenCalledTimes(1);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(0);
+    expect(enqueueMessageMock).toHaveBeenCalledTimes(0);
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(0);
+
+    await stopServer();
+  });
+
   test('consumes explicit approval text while busy instead of auto-denying and queueing', async () => {
     const conversationKey = 'conv-inline-busy';
     const { conversationId } = getOrCreateConversation(conversationKey);
@@ -404,6 +475,61 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
     await stopServer();
   });
 
+  test('consumes explicit approval text while busy even when queue depth is non-zero', async () => {
+    const conversationKey = 'conv-inline-busy-queued';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-busy-queued';
+    const {
+      session,
+      runAgentLoopMock,
+      enqueueMessageMock,
+      denyAllPendingConfirmationsMock,
+      handleConfirmationResponseMock,
+    } = makePendingApprovalSession(requestId, true, { queueDepth: 2 });
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'Q2D456',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    await startServer(() => session);
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: 'approve',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    expect(body.queued).toBeUndefined();
+    expect(handleConfirmationResponseMock).toHaveBeenCalledTimes(1);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(0);
+    expect(enqueueMessageMock).toHaveBeenCalledTimes(0);
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(0);
+
+    await stopServer();
+  });
+
   test('consumes explicit rejection text when a single pending confirmation exists (idle)', async () => {
     const conversationKey = 'conv-inline-reject';
     const { conversationId } = getOrCreateConversation(conversationKey);

package/src/__tests__/session-init.benchmark.test.ts

@@ -103,7 +103,6 @@ mock.module('../util/platform.js', () => ({
   getTCPPort: () => 8765,
   isIOSPairingEnabled: () => false,
   isTCPEnabled: () => false,
-  normalizeAssistantId: (id: string) => id,
   readHttpToken: () => null,
   readLockfile: () => null,
   readPlatformToken: () => null,

package/src/__tests__/session-runtime-assembly.test.ts

@@ -615,7 +615,10 @@ describe('injectInboundActorContext', () => {
 
     const result = injectInboundActorContext(baseUserMessage, ctx);
     const text = (result.content[0] as { type: 'text'; text: string }).text;
-    expect(text).toContain('non-guardian account');
+    expect(text).toContain('trusted contact (non-guardian)');
+    expect(text).toContain('attempt to fulfill it normally');
+    expect(text).toContain('tool execution layer will automatically deny it and escalate');
+    expect(text).toContain('Do not self-approve');
     expect(text).toContain('Do not explain the verification system');
     expect(text).toContain('member_status: active');
     expect(text).toContain('member_policy: default');

package/src/__tests__/session-surfaces-task-progress.test.ts

@@ -2,6 +2,7 @@ import { describe, expect, test } from 'bun:test';
 
 import type {
   CardSurfaceData,
+  DynamicPageSurfaceData,
   ServerMessage,
   SurfaceData,
   SurfaceType,
@@ -96,6 +97,48 @@ describe('task_progress surface compatibility', () => {
     expect((card.templateData as Record<string, unknown>).status).toBe('in_progress');
   });
 
+  test('ui_show normalizes top-level dynamic_page fields into data', async () => {
+    const sent: ServerMessage[] = [];
+    const ctx = makeContext(sent);
+
+    const result = await surfaceProxyResolver(ctx, 'ui_show', {
+      surface_type: 'dynamic_page',
+      title: 'My Slides',
+      html: '<h1>Hello</h1>',
+      preview: { title: 'Slides', subtitle: '3 slides about Apple' },
+    });
+
+    expect(result.isError).toBe(false);
+
+    const showMessage = sent.find((msg): msg is UiSurfaceShow => msg.type === 'ui_surface_show');
+    expect(showMessage).toBeDefined();
+    if (!showMessage || showMessage.surfaceType !== 'dynamic_page') return;
+
+    const page = showMessage.data as DynamicPageSurfaceData;
+    expect(page.html).toBe('<h1>Hello</h1>');
+    expect(page.preview).toEqual({ title: 'Slides', subtitle: '3 slides about Apple' });
+  });
+
+  test('ui_show dynamic_page uses data.html when properly nested', async () => {
+    const sent: ServerMessage[] = [];
+    const ctx = makeContext(sent);
+
+    const result = await surfaceProxyResolver(ctx, 'ui_show', {
+      surface_type: 'dynamic_page',
+      title: 'My Slides',
+      data: { html: '<h1>Nested</h1>' },
+    });
+
+    expect(result.isError).toBe(false);
+
+    const showMessage = sent.find((msg): msg is UiSurfaceShow => msg.type === 'ui_surface_show');
+    expect(showMessage).toBeDefined();
+    if (!showMessage || showMessage.surfaceType !== 'dynamic_page') return;
+
+    const page = showMessage.data as DynamicPageSurfaceData;
+    expect(page.html).toBe('<h1>Nested</h1>');
+  });
+
   test('ui_update normalizes top-level task_progress fields into templateData', async () => {
     const sent: ServerMessage[] = [];
     const ctx = makeContext(sent);

package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts

@@ -34,7 +34,6 @@ mock.module('../util/platform.js', () => ({
   getDbPath: () => join(testDir, 'test.db'),
   getLogPath: () => join(testDir, 'test.log'),
   ensureDataDir: () => {},
-  normalizeAssistantId: (id: string) => id === 'self' ? 'self' : id,
   readHttpToken: () => 'test-bearer-token',
 }));
 
@@ -82,6 +81,7 @@ mock.module('../runtime/approval-message-composer.js', () => ({
   composeApprovalMessageGenerative: async () => 'mock generative message',
 }));
 
+import { getResolver } from '../approvals/guardian-request-resolvers.js';
 import {
   createApprovalRequest,
   createBinding,
@@ -489,6 +489,16 @@ describe('trusted contact activated notification signal', () => {
     expect(activatedSignals.length).toBe(0);
   });
 
+  test('voice access_request resolver has registered handler for access_request kind', () => {
+    // The access_request resolver is registered during module load. When the
+    // source channel is 'voice', it should directly activate the member via
+    // upsertMember (no verification session). This test validates the resolver
+    // is registered and accessible.
+    const resolver = getResolver('access_request');
+    expect(resolver).toBeDefined();
+    expect(resolver!.kind).toBe('access_request');
+  });
+
   test('member is persisted BEFORE activated signal is emitted', async () => {
     // Set up a guardian binding
     createBinding({

package/src/__tests__/trusted-contact-multichannel.test.ts

@@ -29,7 +29,6 @@ mock.module('../util/platform.js', () => ({
   getDbPath: () => join(testDir, 'test.db'),
   getLogPath: () => join(testDir, 'test.log'),
   ensureDataDir: () => {},
-  normalizeAssistantId: (id: string) => id === 'self' ? 'self' : id,
   readHttpToken: () => 'test-bearer-token',
 }));
 

package/src/__tests__/trusted-contact-verification.test.ts

@@ -32,7 +32,6 @@ mock.module('../util/platform.js', () => ({
   getDbPath: () => join(testDir, 'test.db'),
   getLogPath: () => join(testDir, 'test.log'),
   ensureDataDir: () => {},
-  normalizeAssistantId: (id: string) => id === 'self' ? 'self' : id,
   readHttpToken: () => 'test-bearer-token',
 }));
 

package/src/__tests__/twilio-routes.test.ts

@@ -704,19 +704,20 @@ describe('twilio webhook routes', () => {
       expect(res.status).toBe(400);
     });
 
-    test('inbound webhook with forwarded assistantId creates session with correct assistantId', async () => {
+    test('inbound webhook creates session with internal scope assistantId', async () => {
       const req = makeInboundVoiceRequest({
         CallSid: 'CA_inbound_assist_1',
         From: '+14155551234',
         To: '+15550001111',
       });
 
-      const res = await handleVoiceWebhook(req, 'my-assistant-id');
+      const res = await handleVoiceWebhook(req);
 
       expect(res.status).toBe(200);
       const session = getCallSessionByCallSid('CA_inbound_assist_1');
       expect(session).not.toBeNull();
-      expect(session!.assistantId).toBe('my-assistant-id');
+      // Daemon always uses internal scope — external assistant IDs are not leaked into session state.
+      expect(session!.assistantId).toBe('self');
     });
 
     test('outbound call flow remains non-regressed with callSessionId present', async () => {

package/src/__tests__/update-bulletin.test.ts

@@ -53,7 +53,6 @@ mock.module('../util/platform.js', () => ({
   getInterfacesDir: () => '',
   getClipboardCommand: () => null,
   readLockfile: () => null,
-  normalizeAssistantId: (id: string) => id,
   writeLockfile: () => {},
   readPlatformToken: () => null,
   readSessionToken: () => null,

package/src/approvals/guardian-decision-primitive.ts

@@ -35,6 +35,7 @@ import {
   type GuardianApprovalRequest,
   updateApprovalDecision,
 } from '../memory/channel-guardian-store.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../runtime/assistant-scope.js';
 import type {
   ApprovalAction,
   ApprovalDecisionResult,
@@ -233,7 +234,7 @@ export function mintCanonicalRequestGrant(params: {
   }
 
   const result = mintGrantFromDecision({
-    assistantId: 'self',
+    assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
     scopeMode: 'tool_signature',
     toolName: request.toolName,
     inputDigest: request.inputDigest,
@@ -349,7 +350,28 @@ export async function applyCanonicalGuardianDecision(
   }
 
   // 2c. Validate identity: actor must match guardian_external_user_id
-  // unless the actor is trusted (desktop) or the request has no guardian binding.
+  // unless the actor is trusted (desktop).
+  //
+  // Channel tool-approval requests must always be identity-bound. Treat
+  // missing guardianExternalUserId as unauthorized (fail-closed) so a
+  // non-guardian actor can never approve an unbound request.
+  if (
+    !actorContext.isTrusted &&
+    request.kind === 'tool_approval' &&
+    !request.guardianExternalUserId
+  ) {
+    log.warn(
+      {
+        event: 'canonical_decision_missing_guardian_binding',
+        requestId,
+        kind: request.kind,
+        sourceType: request.sourceType,
+      },
+      'Canonical tool approval missing guardian binding; rejecting decision',
+    );
+    return { applied: false, reason: 'identity_mismatch', detail: 'missing guardian binding' };
+  }
+
   if (
     request.guardianExternalUserId &&
     !actorContext.isTrusted &&

package/src/approvals/guardian-request-resolvers.ts

@@ -13,8 +13,10 @@
 
 import { answerCall } from '../calls/call-domain.js';
 import type { CanonicalGuardianRequest } from '../memory/canonical-guardian-store.js';
+import { upsertMember } from '../memory/ingress-member-store.js';
 import { emitNotificationSignal } from '../notifications/emit-signal.js';
 import { addRule } from '../permissions/trust-store.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../runtime/assistant-scope.js';
 import type { ApprovalAction } from '../runtime/channel-approval-types.js';
 import { createOutboundSession } from '../runtime/channel-guardian-service.js';
 import { deliverChannelReply } from '../runtime/gateway-client.js';
@@ -24,6 +26,10 @@ import { getLogger } from '../util/logger.js';
 
 const log = getLogger('guardian-request-resolvers');
 
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
 // ---------------------------------------------------------------------------
 // Types
 // ---------------------------------------------------------------------------
@@ -278,7 +284,7 @@ const accessRequestResolver: GuardianRequestResolver = {
     const requesterExternalUserId = request.requesterExternalUserId ?? '';
     const requesterChatId = request.requesterChatId ?? request.requesterExternalUserId ?? '';
     const decidedByExternalUserId = ctx.actor.externalUserId ?? '';
-    const assistantId = channelDeliveryContext?.assistantId ?? 'self';
+    const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
 
     if (decision.action === 'reject') {
       log.info(
@@ -340,7 +346,40 @@ const accessRequestResolver: GuardianRequestResolver = {
       return { ok: true, applied: true };
     }
 
-    // On approve: mint an identity-bound verification session so the
+    // Voice approvals: directly activate the trusted contact without minting
+    // a verification session. The caller is already on the line and the
+    // relay server's in-call wait loop will detect the approved status.
+    if (channel === 'voice') {
+      try {
+        upsertMember({
+          assistantId,
+          sourceChannel: 'voice',
+          externalUserId: requesterExternalUserId,
+          externalChatId: requesterChatId,
+          status: 'active',
+          policy: 'allow',
+        });
+      } catch (err) {
+        log.error(
+          { err, requesterExternalUserId },
+          'Access request resolver: failed to activate voice caller as trusted contact',
+        );
+      }
+
+      log.info(
+        {
+          event: 'resolver_access_request_voice_approved',
+          requestId: request.id,
+          channel,
+          requesterExternalUserId,
+        },
+        'Access request resolver: voice approval — direct trusted-contact activation (no verification session)',
+      );
+
+      return { ok: true, applied: true };
+    }
+
+    // Non-voice approvals: mint an identity-bound verification session so the
     // requester can verify their identity.
     const session = createOutboundSession({
       assistantId,
@@ -461,7 +500,7 @@ const toolGrantRequestResolver: GuardianRequestResolver = {
   async resolve(ctx: ResolverContext): Promise<ResolverResult> {
     const { request, decision, channelDeliveryContext } = ctx;
     const requesterChatId = request.requesterChatId ?? request.requesterExternalUserId ?? '';
-    const assistantId = channelDeliveryContext?.assistantId ?? 'self';
+    const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
 
     if (decision.action === 'reject') {
       log.info(

package/src/calls/call-constants.ts

@@ -41,6 +41,14 @@ export function getUserConsultationTimeoutMs(): number {
   return getConfig().calls.userConsultTimeoutSeconds * 1000;
 }
 
+export function getTtsPlaybackDelayMs(): number {
+  return getConfig().calls.ttsPlaybackDelayMs;
+}
+
+export function getAccessRequestPollIntervalMs(): number {
+  return getConfig().calls.accessRequestPollIntervalMs;
+}
+
 export const SILENCE_TIMEOUT_MS = 30 * 1000; // 30 seconds
 
 // Legacy named exports for backward compatibility (use functions above for config-backed values)

package/src/calls/call-controller.ts

@@ -18,6 +18,7 @@ import {
   listCanonicalGuardianDeliveries,
 } from '../memory/canonical-guardian-store.js';
 import { revokeScopedApprovalGrantsForContext } from '../memory/scoped-approval-grants.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../runtime/assistant-scope.js';
 import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { getLogger } from '../util/logger.js';
 import { readHttpToken } from '../util/platform.js';
@@ -245,7 +246,7 @@ export class CallController {
     this.task = task;
     this.isInbound = !task;
     this.broadcast = opts?.broadcast;
-    this.assistantId = opts?.assistantId ?? 'self';
+    this.assistantId = opts?.assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID;
     this.guardianContext = opts?.guardianContext ?? null;
 
     // Resolve the conversation ID from the call session

package/src/calls/call-domain.ts

@@ -14,6 +14,7 @@ import { getOrCreateConversation } from '../memory/conversation-key-store.js';
 import { queueGenerateConversationTitle } from '../memory/conversation-title-service.js';
 import { upsertBinding } from '../memory/external-conversation-store.js';
 import { revokeScopedApprovalGrantsForContext } from '../memory/scoped-approval-grants.js';
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../runtime/assistant-scope.js';
 import { isGuardian } from '../runtime/channel-guardian-service.js';
 import { getSecureKey } from '../security/secure-keys.js';
 import { getLogger } from '../util/logger.js';
@@ -208,7 +209,7 @@ export type CreateInboundVoiceSessionResult = {
 export function createInboundVoiceSession(
   input: CreateInboundVoiceSessionInput,
 ): CreateInboundVoiceSessionResult {
-  const { callSid, fromNumber, toNumber, assistantId = 'self' } = input;
+  const { callSid, fromNumber, toNumber, assistantId = DAEMON_INTERNAL_ASSISTANT_ID } = input;
 
   // Check if a session already exists for this CallSid (replay protection)
   const existing = getCallSessionByCallSid(callSid);
@@ -219,7 +220,7 @@ export function createInboundVoiceSession(
 
   // Create a dedicated voice conversation keyed by CallSid so inbound calls
   // get their own conversation thread.
-  const voiceConvKey = assistantId && assistantId !== 'self'
+  const voiceConvKey = assistantId && assistantId !== DAEMON_INTERNAL_ASSISTANT_ID
     ? `asst:${assistantId}:voice:inbound:${callSid}`
     : `voice:inbound:${callSid}`;
   const { conversationId: voiceConversationId } = getOrCreateConversation(voiceConvKey);
@@ -272,7 +273,7 @@ export function createInboundVoiceSession(
  * Initiate a new outbound call.
  */
 export async function startCall(input: StartCallInput): Promise<StartCallResult | CallError> {
-  const { phoneNumber, task, context: callContext, conversationId, callerIdentityMode, assistantId = 'self' } = input;
+  const { phoneNumber, task, context: callContext, conversationId, callerIdentityMode, assistantId = DAEMON_INTERNAL_ASSISTANT_ID } = input;
 
   if (!phoneNumber || typeof phoneNumber !== 'string') {
     return { ok: false, error: 'phone_number is required and must be a string', status: 400 };
@@ -644,7 +645,7 @@ export type StartGuardianVerificationCallResult =
 export async function startGuardianVerificationCall(
   input: StartGuardianVerificationCallInput,
 ): Promise<StartGuardianVerificationCallResult> {
-  const { phoneNumber, guardianVerificationSessionId, assistantId = 'self', originConversationId } = input;
+  const { phoneNumber, guardianVerificationSessionId, assistantId = DAEMON_INTERNAL_ASSISTANT_ID, originConversationId } = input;
 
   if (!phoneNumber || !E164_REGEX.test(phoneNumber)) {
     return { ok: false, error: 'phone_number must be in E.164 format', status: 400 };