npm - @vellumai/assistant - Versions diffs - 0.4.10 → 0.4.12 - Mend

@vellumai/assistant 0.4.10 → 0.4.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (203) hide show

package/src/runtime/actor-trust-resolver.ts CHANGED Viewed

@@ -20,6 +20,8 @@ import { canonicalizeInboundIdentity } from '../util/canonicalize-identity.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
 import { getGuardianBinding } from './channel-guardian-service.js';
+export type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.js';
 // ---------------------------------------------------------------------------
 // Types
 // ---------------------------------------------------------------------------
@@ -35,8 +37,8 @@ export interface ActorTrustContext {
     guardianExternalUserId: string;
     guardianDeliveryChatId: string | null;
   } | null;
-  /** Canonical principal ID from the guardian binding. Nullable for backward compatibility — M5 will make this required. */
-  guardianPrincipalId?: string | null;
+  /** Canonical principal ID from the guardian binding. */
+  guardianPrincipalId?: string;
   /** Ingress member record, if any, for this sender. */
   memberRecord: IngressMember | null;
   /** Trust classification. */
@@ -184,7 +186,7 @@ export function resolveActorTrust(input: ResolveActorTrustInput): ActorTrustCont
   return {
     canonicalSenderId,
     guardianBindingMatch,
-    guardianPrincipalId: binding?.guardianPrincipalId ?? undefined,
+    guardianPrincipalId: binding?.guardianPrincipalId,
     memberRecord,
     trustClass,
     actorMetadata: {
@@ -203,17 +205,24 @@ export function resolveActorTrust(input: ResolveActorTrustInput): ActorTrustCont
 /**
  * Convert an ActorTrustContext into the runtime trust context shape used by
  * sessions/tooling.
+ *
+ * This is the single canonical conversion from resolved trust to runtime
+ * context. The guardianExternalUserId is canonicalized to handle phone-
+ * channel formatting variance (e.g. stored binding vs E.164).
  */
 export function toGuardianRuntimeContextFromTrust(
   ctx: ActorTrustContext,
   conversationExternalId: string,
 ): GuardianRuntimeContext {
+  const canonicalGuardianExternalUserId = ctx.guardianBindingMatch?.guardianExternalUserId
+    ? canonicalizeInboundIdentity(ctx.actorMetadata.channel, ctx.guardianBindingMatch.guardianExternalUserId) ?? undefined
+    : undefined;
   return {
     sourceChannel: ctx.actorMetadata.channel,
     trustClass: ctx.trustClass,
     guardianChatId: ctx.guardianBindingMatch?.guardianDeliveryChatId ??
       (ctx.trustClass === 'guardian' ? conversationExternalId : undefined),
-    guardianExternalUserId: ctx.guardianBindingMatch?.guardianExternalUserId,
+    guardianExternalUserId: canonicalGuardianExternalUserId,
     guardianPrincipalId: ctx.guardianPrincipalId,
     requesterIdentifier: ctx.actorMetadata.identifier,
     requesterDisplayName: ctx.actorMetadata.displayName,

package/src/runtime/channel-retry-sweep.ts CHANGED Viewed

@@ -15,16 +15,7 @@ const log = getLogger('runtime-http');
 function parseGuardianRuntimeContext(value: unknown): GuardianRuntimeContext | undefined {
   if (!value || typeof value !== 'object') return undefined;
   const raw = value as Record<string, unknown>;
-  const trustClass = raw.trustClass
-    ?? (
-      raw.actorRole === 'guardian'
-        ? 'guardian'
-        : raw.actorRole === 'non-guardian'
-          ? 'trusted_contact'
-          : raw.actorRole === 'unverified_channel'
-            ? 'unknown'
-            : undefined
-    );
+  const trustClass = raw.trustClass;
   if (
     trustClass !== 'guardian'
     && trustClass !== 'trusted_contact'
@@ -46,6 +37,7 @@ function parseGuardianRuntimeContext(value: unknown): GuardianRuntimeContext | u
     trustClass,
     guardianChatId: typeof raw.guardianChatId === 'string' ? raw.guardianChatId : undefined,
     guardianExternalUserId: typeof raw.guardianExternalUserId === 'string' ? raw.guardianExternalUserId : undefined,
+    guardianPrincipalId: typeof raw.guardianPrincipalId === 'string' ? raw.guardianPrincipalId : undefined,
     requesterIdentifier: typeof raw.requesterIdentifier === 'string' ? raw.requesterIdentifier : undefined,
     requesterDisplayName: typeof raw.requesterDisplayName === 'string' ? raw.requesterDisplayName : undefined,
     requesterSenderDisplayName: typeof raw.requesterSenderDisplayName === 'string' ? raw.requesterSenderDisplayName : undefined,
@@ -107,7 +99,34 @@ export async function sweepFailedEvents(
     const assistantId = typeof payload.assistantId === 'string'
       ? payload.assistantId
       : undefined;
-    const guardianContext = parseGuardianRuntimeContext(payload.guardianCtx);
+    const parsedGuardianContext = parseGuardianRuntimeContext(payload.guardianCtx);
+    // If the stored payload had guardian context data but it couldn't be parsed
+    // into a valid canonical shape (e.g., legacy actorRole-only payloads without
+    // trustClass), fail the event deterministically rather than processing it
+    // without guardian context. Without this check, the downstream default of
+    // `guardianTrustClass ?? 'guardian'` would silently escalate privileges.
+    if (payload.guardianCtx && !parsedGuardianContext) {
+      log.warn(
+        { eventId: event.id },
+        'Stored guardianCtx could not be parsed into canonical form; marking event as failed to prevent privilege escalation',
+      );
+      channelDeliveryStore.markRetryableFailure(
+        event.id,
+        'Unparseable guardian context in stored payload — refusing to process without trust classification',
+      );
+      continue;
+    }
+    // When guardianCtx is entirely absent (pre-guardian events or events stored
+    // before trust context was added), synthesize an explicit 'unknown' context.
+    // This ensures replay never proceeds without an explicit trust classification
+    // — downstream defaults like `guardianTrustClass ?? 'guardian'` would
+    // otherwise grant guardian-level tool access to unclassified events.
+    const guardianContext: GuardianRuntimeContext = parsedGuardianContext ?? {
+      sourceChannel,
+      trustClass: 'unknown',
+    };
     const metadataHintsRaw = sourceMetadata?.hints;
     const metadataHints = Array.isArray(metadataHintsRaw)
@@ -130,9 +149,7 @@ export async function sweepFailedEvents(
           },
           assistantId,
           guardianContext,
-          isInteractive: guardianContext
-            ? resolveRoutingStateFromRuntime(guardianContext).promptWaitingAllowed
-            : false,
+          isInteractive: resolveRoutingStateFromRuntime(guardianContext).promptWaitingAllowed,
         },
         sourceChannel,
         sourceInterface,

package/src/runtime/guardian-context-resolver.ts CHANGED Viewed

@@ -1,17 +1,20 @@
 /**
  * Shared inbound trust resolution for channel actors.
  *
- * This module provides a compact route-level shape used by channel routes
- * while delegating canonical classification to the unified actor trust
- * resolver.
+ * GuardianContext is a type alias for GuardianRuntimeContext — the
+ * canonical runtime trust context used by sessions, tooling, and channel
+ * routes. This module re-exports the alias and provides routing-state
+ * helpers that operate on the canonical type.
+ *
+ * Trust resolution itself lives in actor-trust-resolver.ts; the resolved
+ * ActorTrustContext is converted to GuardianRuntimeContext via
+ * toGuardianRuntimeContextFromTrust.
  */
-import type { ChannelId } from '../channels/types.js';
 import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.js';
-import { canonicalizeInboundIdentity } from '../util/canonicalize-identity.js';
 import {
-  type DenialReason,
   resolveActorTrust,
   type ResolveActorTrustInput,
+  toGuardianRuntimeContextFromTrust,
   type TrustClass,
 } from './actor-trust-resolver.js';
 export type { DenialReason } from './actor-trust-resolver.js';
@@ -19,50 +22,28 @@ export type { DenialReason } from './actor-trust-resolver.js';
 /** Trust classification used by route-level channel logic. */
 export type ActorTrustClass = TrustClass;
-/** Guardian actor context used by route-level approval logic. */
-export interface GuardianContext {
-  trustClass: ActorTrustClass;
-  guardianChatId?: string;
-  guardianExternalUserId?: string;
-  /** Canonical principal ID from the guardian binding. Nullable for backward compatibility — M5 will make this required. */
-  guardianPrincipalId?: string | null;
-  requesterIdentifier?: string;
-  requesterDisplayName?: string;
-  requesterSenderDisplayName?: string;
-  requesterMemberDisplayName?: string;
-  requesterExternalUserId?: string;
-  requesterChatId?: string;
-  memberStatus?: string;
-  memberPolicy?: string;
-  denialReason?: DenialReason;
-}
+/**
+ * GuardianContext is the canonical runtime trust context.
+ *
+ * Previously this was a separate interface with extra fields (memberStatus,
+ * memberPolicy). Those fields were only needed for InboundActorContext
+ * construction, which now sources them directly from ActorTrustContext.
+ * This alias unifies the two shapes and removes the redundant conversion
+ * layer.
+ */
+export type GuardianContext = GuardianRuntimeContext;
 export type ResolveGuardianContextInput = ResolveActorTrustInput;
 /**
  * Resolve route-level trust context from canonical identity state.
+ *
+ * Delegates to resolveActorTrust for classification, then converts to
+ * the canonical GuardianRuntimeContext via toGuardianRuntimeContextFromTrust.
  */
 export function resolveGuardianContext(input: ResolveGuardianContextInput): GuardianContext {
   const trust = resolveActorTrust(input);
-  const canonicalGuardianExternalUserId = trust.guardianBindingMatch?.guardianExternalUserId
-    ? canonicalizeInboundIdentity(input.sourceChannel, trust.guardianBindingMatch.guardianExternalUserId) ?? undefined
-    : undefined;
-  return {
-    trustClass: trust.trustClass,
-    guardianChatId: trust.guardianBindingMatch?.guardianDeliveryChatId ??
-      (trust.trustClass === 'guardian' ? input.conversationExternalId : undefined),
-    guardianExternalUserId: canonicalGuardianExternalUserId,
-    guardianPrincipalId: trust.guardianPrincipalId,
-    requesterIdentifier: trust.actorMetadata.identifier,
-    requesterDisplayName: trust.actorMetadata.displayName,
-    requesterSenderDisplayName: trust.actorMetadata.senderDisplayName,
-    requesterMemberDisplayName: trust.actorMetadata.memberDisplayName,
-    requesterExternalUserId: trust.canonicalSenderId ?? undefined,
-    requesterChatId: input.conversationExternalId,
-    memberStatus: trust.memberRecord?.status ?? undefined,
-    memberPolicy: trust.memberRecord?.policy ?? undefined,
-    denialReason: trust.denialReason,
-  };
+  return toGuardianRuntimeContextFromTrust(trust, input.conversationExternalId);
 }
 // ---------------------------------------------------------------------------
@@ -102,7 +83,7 @@ export interface RoutingState {
  * Trusted contacts are only interactive when a guardian binding exists
  * to receive approval notifications. Unknown actors are never interactive.
  */
-export function resolveRoutingState(ctx: GuardianContext): RoutingState {
+export function resolveRoutingState(ctx: Pick<GuardianRuntimeContext, 'trustClass' | 'guardianExternalUserId'>): RoutingState {
   const isGuardian = ctx.trustClass === 'guardian';
   const isTrustedContact = ctx.trustClass === 'trusted_contact';
@@ -141,25 +122,5 @@ export function resolveRoutingState(ctx: GuardianContext): RoutingState {
  * (the shape persisted in stored payloads and used by the retry sweep).
  */
 export function resolveRoutingStateFromRuntime(ctx: GuardianRuntimeContext): RoutingState {
-  return resolveRoutingState({
-    trustClass: ctx.trustClass,
-    guardianExternalUserId: ctx.guardianExternalUserId,
-  });
-}
-export function toGuardianRuntimeContext(sourceChannel: ChannelId, ctx: GuardianContext): GuardianRuntimeContext {
-  return {
-    sourceChannel,
-    trustClass: ctx.trustClass,
-    guardianChatId: ctx.guardianChatId,
-    guardianExternalUserId: ctx.guardianExternalUserId,
-    guardianPrincipalId: ctx.guardianPrincipalId,
-    requesterIdentifier: ctx.requesterIdentifier,
-    requesterDisplayName: ctx.requesterDisplayName,
-    requesterSenderDisplayName: ctx.requesterSenderDisplayName,
-    requesterMemberDisplayName: ctx.requesterMemberDisplayName,
-    requesterExternalUserId: ctx.requesterExternalUserId,
-    requesterChatId: ctx.requesterChatId,
-    denialReason: ctx.denialReason,
-  };
+  return resolveRoutingState(ctx);
 }