@vellumai/assistant 0.4.2 → 0.4.4

package/src/__tests__/agent-loop.test.ts

@@ -461,6 +461,57 @@ describe('AgentLoop', () => {
     expect(warningBlock).toBeDefined();
   });
 
+  test('runs without limit when maxToolUseTurns is 0', async () => {
+    // Use 20 turns (beyond old default of 8 used in other tests) to verify no cap
+    const turnCount = 20;
+    const responses: ProviderResponse[] = [];
+    for (let i = 0; i < turnCount; i++) {
+      responses.push(toolUseResponse(`t${i}`, 'read_file', { path: `/${i}.txt` }));
+    }
+    responses.push(textResponse('done'));
+    const { provider, calls } = createMockProvider(responses);
+    const toolExecutor = async () => ({ content: 'data', isError: false });
+    const loop = new AgentLoop(
+      provider,
+      'system',
+      { maxToolUseTurns: 0, minTurnIntervalMs: 0 },
+      dummyTools,
+      toolExecutor,
+    );
+
+    const events: AgentEvent[] = [];
+    await loop.run([userMessage], collectEvents(events));
+
+    // All 20 tool turns + 1 final text response = 21 provider calls
+    expect(calls).toHaveLength(turnCount + 1);
+
+    // No hard-limit error events should have been emitted
+    const errorEvents = events.filter(
+      (e): e is Extract<AgentEvent, { type: 'error' }> => e.type === 'error',
+    );
+    expect(errorEvents).toHaveLength(0);
+
+    // Progress check reminders should still fire every 5 turns
+    const progressChecks = calls.filter((call) => {
+      const lastMsg = call.messages[call.messages.length - 1];
+      return lastMsg.content.some(
+        (b): b is Extract<ContentBlock, { type: 'text' }> =>
+          b.type === 'text' && b.text.includes('making meaningful progress'),
+      );
+    });
+    expect(progressChecks.length).toBeGreaterThanOrEqual(3);
+
+    // No approaching-limit warnings should appear
+    const limitWarnings = calls.filter((call) => {
+      const lastMsg = call.messages[call.messages.length - 1];
+      return lastMsg.content.some(
+        (b): b is Extract<ContentBlock, { type: 'text' }> =>
+          b.type === 'text' && b.text.includes('approaching the tool-use turn limit'),
+      );
+    });
+    expect(limitWarnings).toHaveLength(0);
+  });
+
   // 9. Tool executor error results are forwarded correctly
   test('forwards tool error results to provider', async () => {
     const { provider, calls } = createMockProvider([

package/src/__tests__/approval-routes-http.test.ts

@@ -83,6 +83,7 @@ function makeIdleSession(opts?: {
     setCommandIntent: () => {},
     setTurnChannelContext: () => {},
     setTurnInterfaceContext: () => {},
+    setStateSignalListener: () => {},
     updateClient: () => {},
     enqueueMessage: () => ({ queued: false, requestId: 'noop' }),
     hasAnyPendingConfirmation: () => false,
@@ -125,6 +126,7 @@ function makeConfirmationEmittingSession(opts?: {
     setCommandIntent: () => {},
     setTurnChannelContext: () => {},
     setTurnInterfaceContext: () => {},
+    setStateSignalListener: () => {},
     updateClient: () => {},
     enqueueMessage: () => ({ queued: false, requestId: 'noop' }),
     hasAnyPendingConfirmation: () => false,

package/src/__tests__/assistant-events-sse-hardening.test.ts

@@ -150,7 +150,7 @@ describe('SSE route — capacity limit', () => {
 
   test('new connection evicts oldest and returns 200', async () => {
     const hub = new AssistantEventHub({ maxSubscribers: 1 });
-    const opts = { hub, heartbeatIntervalMs: 60_000 };
+    const opts = { hub, heartbeatIntervalMs: 60_000, skipActorVerification: true as const };
 
     const ac1 = new AbortController();
     const req1 = new Request('http://localhost/v1/events?conversationKey=evict-a', { signal: ac1.signal });
@@ -181,7 +181,7 @@ describe('SSE route — capacity limit', () => {
       { signal: new AbortController().signal },
     );
 
-    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub });
+    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub, skipActorVerification: true });
     expect(response.status).toBe(503);
     const body = await response.json() as { error: { message: string; code?: string } };
     expect(body.error.message).toMatch(/Too many concurrent connections/);
@@ -195,7 +195,7 @@ describe('SSE route — capacity limit', () => {
       { signal: ac.signal },
     );
 
-    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub });
+    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub, skipActorVerification: true });
 
     expect(response.status).toBe(200);
     ac.abort(); // clean up the subscription
@@ -218,6 +218,7 @@ describe('SSE route — heartbeat', () => {
     const response = handleSubscribeAssistantEvents(req, new URL(req.url), {
       hub,
       heartbeatIntervalMs: 10,
+      skipActorVerification: true,
     });
 
     // Wait for at least one heartbeat interval to fire.
@@ -243,6 +244,7 @@ describe('SSE route — heartbeat', () => {
     const response = handleSubscribeAssistantEvents(req, new URL(req.url), {
       hub,
       heartbeatIntervalMs: 10,
+      skipActorVerification: true,
     });
 
     // Wait for several intervals.
@@ -283,7 +285,7 @@ describe('SSE route — disconnect cleanup', () => {
       { signal: ac.signal },
     );
 
-    handleSubscribeAssistantEvents(req, new URL(req.url), { hub });
+    handleSubscribeAssistantEvents(req, new URL(req.url), { hub, skipActorVerification: true });
 
     expect(hub.subscriberCount()).toBe(1);
 
@@ -303,7 +305,7 @@ describe('SSE route — disconnect cleanup', () => {
       { signal: ac.signal },
     );
 
-    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub });
+    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub, skipActorVerification: true });
 
     expect(hub.subscriberCount()).toBe(1);
 

package/src/__tests__/assistant-id-boundary-guard.test.ts

@@ -0,0 +1,415 @@
+import { execFileSync } from 'node:child_process';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+
+import { describe, expect, test } from 'bun:test';
+
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../runtime/assistant-scope.js';
+
+/**
+ * Guard tests for the assistant identity boundary.
+ *
+ * The daemon uses a fixed internal scope constant (`DAEMON_INTERNAL_ASSISTANT_ID`)
+ * for all assistant-scoped storage. Public assistant IDs are an edge concern
+ * handled by the gateway/platform layer — they must not leak into daemon
+ * scoping logic.
+ *
+ * These tests prevent regressions by scanning source files for banned patterns:
+ *  - No `normalizeAssistantId` usage in daemon/runtime scoping modules
+ *  - No assistant-scoped route handlers in the daemon HTTP server
+ *  - No hardcoded `'self'` string for assistant scoping (use the constant)
+ *  - The constant itself equals `'self'`
+ */
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+/** Resolve repo root (tests run from assistant/). */
+function getRepoRoot(): string {
+  return join(process.cwd(), '..');
+}
+
+/**
+ * Directories containing daemon/runtime source files that must not reference
+ * `normalizeAssistantId` or hardcode assistant scope strings.
+ *
+ * Each directory gets both a `*.ts` glob (top-level files) and a `**\/*.ts`
+ * glob (nested files) so that `git grep` matches at all directory depths.
+ */
+const SCANNED_DIRS = [
+  'assistant/src/runtime',
+  'assistant/src/daemon',
+  'assistant/src/memory',
+  'assistant/src/approvals',
+  'assistant/src/calls',
+  'assistant/src/tools',
+];
+
+const SCANNED_DIR_GLOBS = SCANNED_DIRS.flatMap((dir) => [`${dir}/*.ts`, `${dir}/**/*.ts`]);
+
+function isTestFile(filePath: string): boolean {
+  return (
+    filePath.includes('/__tests__/') ||
+    filePath.endsWith('.test.ts') ||
+    filePath.endsWith('.test.js') ||
+    filePath.endsWith('.spec.ts') ||
+    filePath.endsWith('.spec.js')
+  );
+}
+
+function isMigrationFile(filePath: string): boolean {
+  return filePath.includes('/migrations/');
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe('assistant ID boundary', () => {
+  // -------------------------------------------------------------------------
+  // Rule (d): The DAEMON_INTERNAL_ASSISTANT_ID constant equals 'self'
+  // -------------------------------------------------------------------------
+
+  test('DAEMON_INTERNAL_ASSISTANT_ID equals "self"', () => {
+    expect(DAEMON_INTERNAL_ASSISTANT_ID).toBe('self');
+  });
+
+  // -------------------------------------------------------------------------
+  // Rule (a): No normalizeAssistantId in daemon scoping paths — spot check
+  // -------------------------------------------------------------------------
+
+  test('no normalizeAssistantId imports in daemon scoping paths', () => {
+    // Key daemon/runtime files that previously used normalizeAssistantId
+    // should now use DAEMON_INTERNAL_ASSISTANT_ID instead.
+    const daemonScopingFiles = [
+      'runtime/actor-trust-resolver.ts',
+      'runtime/guardian-outbound-actions.ts',
+      'daemon/handlers/config-channels.ts',
+      'runtime/routes/channel-route-shared.ts',
+      'calls/relay-server.ts',
+    ];
+
+    const srcDir = join(import.meta.dir, '..');
+    for (const relPath of daemonScopingFiles) {
+      const content = readFileSync(join(srcDir, relPath), 'utf-8');
+      expect(content).not.toContain("import { normalizeAssistantId }");
+      expect(content).not.toContain("import { normalizeAssistantId,");
+      expect(content).not.toContain("normalizeAssistantId(");
+    }
+  });
+
+  // -------------------------------------------------------------------------
+  // Rule (a): No normalizeAssistantId in daemon/runtime directories — broad scan
+  // -------------------------------------------------------------------------
+
+  test('no normalizeAssistantId usage across daemon/runtime source directories', () => {
+    const repoRoot = getRepoRoot();
+
+    // Scan all daemon/runtime source directories for any reference to
+    // normalizeAssistantId. The function is defined in util/platform.ts for
+    // gateway use — it must not appear in daemon scoping modules.
+    let grepOutput = '';
+    try {
+      grepOutput = execFileSync(
+        'git',
+        ['grep', '-lE', 'normalizeAssistantId', '--', ...SCANNED_DIR_GLOBS],
+        { encoding: 'utf-8', cwd: repoRoot },
+      ).trim();
+    } catch (err) {
+      // Exit code 1 means no matches — happy path
+      if ((err as { status?: number }).status === 1) {
+        return;
+      }
+      throw err;
+    }
+
+    const files = grepOutput.split('\n').filter((f) => f.length > 0);
+    const violations = files.filter((f) => !isTestFile(f));
+
+    if (violations.length > 0) {
+      const message = [
+        'Found daemon/runtime source files that reference `normalizeAssistantId`.',
+        'Daemon code should use the `DAEMON_INTERNAL_ASSISTANT_ID` constant instead.',
+        'The `normalizeAssistantId` function is for gateway/platform use only (defined in util/platform.ts).',
+        '',
+        'Violations:',
+        ...violations.map((f) => `  - ${f}`),
+      ].join('\n');
+
+      expect(violations, message).toEqual([]);
+    }
+  });
+
+  // -------------------------------------------------------------------------
+  // Rule (b): No assistant-scoped route registration in daemon HTTP server
+  // -------------------------------------------------------------------------
+
+  test('no /v1/assistants/:assistantId/ route handler registration in daemon HTTP server', () => {
+    const httpServerPath = join(import.meta.dir, '..', 'runtime', 'http-server.ts');
+    const content = readFileSync(httpServerPath, 'utf-8');
+
+    // The daemon HTTP server must not contain any assistant-scoped route
+    // patterns. All routes use flat /v1/<endpoint> paths; the gateway handles
+    // legacy assistant-scoped URL rewriting in its runtime proxy layer.
+
+    // Check that there's no regex extracting assistantId from a /v1/assistants/ path.
+    // Match both literal slashes (/v1/assistants/([) and escaped slashes in regex
+    // literals (\/v1\/assistants\/([) so we catch patterns like:
+    //   endpoint.match(/^\/v1\/assistants\/([^/]+)\/(.+)$/)
+    const routeHandlerRegex = /\\?\/v1\\?\/assistants\\?\/\(\[/;
+    const match = content.match(routeHandlerRegex);
+    expect(
+      match,
+      'Found a route pattern matching /v1/assistants/([^/]+)/... that extracts an assistantId. ' +
+        'The daemon HTTP server should not have assistant-scoped route handlers — ' +
+        'use flat /v1/<endpoint> paths instead.',
+    ).toBeNull();
+
+    // Scan the entire file for assistant-scoped path literals. No references
+    // to /v1/assistants/ should exist — the daemon uses flat paths only.
+    const lines = content.split('\n');
+    const violations: string[] = [];
+
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      // Match both literal /v1/assistants/ and escaped \/v1\/assistants\/
+      if (line.includes('/v1/assistants/') || line.includes('\\/v1\\/assistants\\/')) {
+        violations.push(`  line ${i + 1}: ${line.trim()}`);
+      }
+    }
+
+    expect(
+      violations,
+      'Found /v1/assistants/ references in the daemon HTTP server — ' +
+        'the daemon should not have assistant-scoped path literals.\n' +
+        violations.join('\n'),
+    ).toEqual([]);
+
+    // Guard against prefix-less assistants/ route patterns that extract an
+    // assistantId.  dispatchEndpoint receives the endpoint *after* the /v1/
+    // prefix has been stripped, so a regex like `assistants\/([^/]+)` would
+    // capture an external assistant ID from the path — violating the
+    // assistant-scoping boundary.
+    const prefixLessViolations: string[] = [];
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      // Match regex patterns like assistants\/([^/]+) that capture the ID
+      // segment.  We look for the escaped-slash form used inside JS regex
+      // literals (e.g. /^assistants\/([^/]+)\//).
+      if (/assistants\\\/\(\[/.test(line)) {
+        prefixLessViolations.push(`  line ${i + 1}: ${line.trim()}`);
+      }
+    }
+
+    expect(
+      prefixLessViolations,
+      'Found prefix-less assistants/([^/]+) route pattern that extracts an assistantId. ' +
+        'The daemon should not parse assistant IDs from URL paths — use ' +
+        'DAEMON_INTERNAL_ASSISTANT_ID instead.\n' +
+        prefixLessViolations.join('\n'),
+    ).toEqual([]);
+  });
+
+  // -------------------------------------------------------------------------
+  // Rule (c): No hardcoded 'self' for assistant scoping in daemon files
+  // -------------------------------------------------------------------------
+
+  test('no hardcoded \'self\' string for assistant scoping in daemon source files', () => {
+    const repoRoot = getRepoRoot();
+
+    // Search for patterns where 'self' is used as an assistant ID value.
+    // We look for assignment / default / comparison patterns that suggest
+    // using the raw string instead of the DAEMON_INTERNAL_ASSISTANT_ID constant.
+    //
+    // Patterns matched:
+    //   assistantId: 'self'
+    //   assistantId = 'self'
+    //   assistantId ?? 'self'
+    //   ?? 'self'   (fallback to self)
+    //   || 'self'   (fallback to self)
+    //
+    // Excluded:
+    //   - Test files (they may legitimately assert against the value)
+    //   - Migration files (SQL literals like DEFAULT 'self' are fine)
+    //   - IPC contract files (comments documenting default values are fine)
+    //   - CSP headers ('self' in Content-Security-Policy has nothing to do with assistant IDs)
+    const pattern = `(assistantId|assistant_id).*['"]self['"]`;
+
+    let grepOutput = '';
+    try {
+      grepOutput = execFileSync(
+        'git',
+        ['grep', '-nE', pattern, '--', ...SCANNED_DIR_GLOBS],
+        { encoding: 'utf-8', cwd: repoRoot },
+      ).trim();
+    } catch (err) {
+      // Exit code 1 means no matches — happy path
+      if ((err as { status?: number }).status === 1) {
+        return;
+      }
+      throw err;
+    }
+
+    const lines = grepOutput.split('\n').filter((l) => l.length > 0);
+    const violations = lines.filter((line) => {
+      const filePath = line.split(':')[0];
+      if (isTestFile(filePath)) return false;
+      if (isMigrationFile(filePath)) return false;
+
+      // Allow comments (lines where the code portion starts with //)
+      const parts = line.split(':');
+      // parts[0] = file, parts[1] = line number, rest = content
+      const content = parts.slice(2).join(':').trim();
+      if (content.startsWith('//') || content.startsWith('*') || content.startsWith('/*')) {
+        return false;
+      }
+
+      return true;
+    });
+
+    if (violations.length > 0) {
+      const message = [
+        "Found daemon/runtime source files with hardcoded 'self' for assistant scoping.",
+        'Use the `DAEMON_INTERNAL_ASSISTANT_ID` constant from `runtime/assistant-scope.ts` instead.',
+        '',
+        'Violations:',
+        ...violations.map((v) => `  - ${v}`),
+      ].join('\n');
+
+      expect(violations, message).toEqual([]);
+    }
+  });
+
+  // -------------------------------------------------------------------------
+  // Rule (d): Daemon storage keys don't contain external assistant IDs
+  // (verified by the constant value test above — if the constant is 'self',
+  // all daemon storage keyed by DAEMON_INTERNAL_ASSISTANT_ID uses the fixed
+  // internal value rather than externally-provided IDs).
+  // -------------------------------------------------------------------------
+
+  // -------------------------------------------------------------------------
+  // Rule (e): No assistantId on daemon control-plane request/param types
+  //
+  // Daemon IPC contracts and guardian outbound param interfaces must not
+  // accept an assistantId field -- the daemon always uses
+  // DAEMON_INTERNAL_ASSISTANT_ID internally. Accepting assistantId on these
+  // surfaces invites callers to pass external IDs into daemon scoping.
+  // -------------------------------------------------------------------------
+
+  test('IPC contract types do not contain assistantId for guardian requests', () => {
+    const ipcContractPath = join(import.meta.dir, '..', 'daemon', 'ipc-contract', 'integrations.ts');
+    const content = readFileSync(ipcContractPath, 'utf-8');
+
+    // Extract the interface blocks for the request types and verify
+    // none of them declare an assistantId property.
+    const requestTypeNames = [
+      'GuardianVerificationRequest',
+    ];
+
+    for (const typeName of requestTypeNames) {
+      // Find the interface/type block — match from the type name to the next
+      // closing brace at the same indentation level. We use a simple heuristic:
+      // find the line declaring the type, then scan forward to the closing '}'.
+      const typeIndex = content.indexOf(typeName);
+      expect(typeIndex, `Expected to find ${typeName} in IPC contract`).toBeGreaterThan(-1);
+
+      // Extract from the type declaration to the next '}' line
+      const blockStart = content.indexOf('{', typeIndex);
+      if (blockStart === -1) continue;
+      let braceDepth = 0;
+      let blockEnd = blockStart;
+      for (let i = blockStart; i < content.length; i++) {
+        if (content[i] === '{') braceDepth++;
+        if (content[i] === '}') braceDepth--;
+        if (braceDepth === 0) {
+          blockEnd = i + 1;
+          break;
+        }
+      }
+      const block = content.slice(blockStart, blockEnd);
+
+      // The block should not contain an assistantId property declaration
+      // (matches "assistantId?" or "assistantId:" on a non-comment line)
+      const lines = block.split('\n');
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*')) continue;
+        expect(
+          /\bassistantId\s*[?:]/.test(trimmed),
+          `${typeName} must not declare an assistantId property. Found: "${trimmed}"`,
+        ).toBe(false);
+      }
+    }
+  });
+
+  test('guardian outbound param interfaces do not contain assistantId', () => {
+    const actionsPath = join(import.meta.dir, '..', 'runtime', 'guardian-outbound-actions.ts');
+    const content = readFileSync(actionsPath, 'utf-8');
+
+    const interfaceNames = [
+      'StartOutboundParams',
+      'ResendOutboundParams',
+      'CancelOutboundParams',
+    ];
+
+    for (const name of interfaceNames) {
+      const idx = content.indexOf(name);
+      expect(idx, `Expected to find ${name} in guardian-outbound-actions.ts`).toBeGreaterThan(-1);
+
+      const blockStart = content.indexOf('{', idx);
+      if (blockStart === -1) continue;
+      let braceDepth = 0;
+      let blockEnd = blockStart;
+      for (let i = blockStart; i < content.length; i++) {
+        if (content[i] === '{') braceDepth++;
+        if (content[i] === '}') braceDepth--;
+        if (braceDepth === 0) {
+          blockEnd = i + 1;
+          break;
+        }
+      }
+      const block = content.slice(blockStart, blockEnd);
+
+      const lines = block.split('\n');
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*')) continue;
+        expect(
+          /\bassistantId\s*[?:]/.test(trimmed),
+          `${name} must not declare an assistantId property. Found: "${trimmed}"`,
+        ).toBe(false);
+      }
+    }
+  });
+
+  test('channel readiness service does not accept assistantId parameter', () => {
+    const servicePath = join(import.meta.dir, '..', 'runtime', 'channel-readiness-service.ts');
+    const content = readFileSync(servicePath, 'utf-8');
+
+    // getReadiness and invalidateChannel signatures must not include assistantId
+    const signaturePatterns = [
+      /getReadiness\([^)]*assistantId/,
+      /invalidateChannel\([^)]*assistantId/,
+    ];
+    for (const pattern of signaturePatterns) {
+      expect(
+        pattern.test(content),
+        `Channel readiness service must not accept assistantId parameter (matched: ${pattern})`,
+      ).toBe(false);
+    }
+
+    // ChannelProbeContext must not have assistantId.
+    // The interface is declared in channel-readiness-types.ts, not the service file.
+    const typesPath = join(import.meta.dir, '..', 'runtime', 'channel-readiness-types.ts');
+    const typesContent = readFileSync(typesPath, 'utf-8');
+    const probeContextMatch = typesContent.match(/interface\s+ChannelProbeContext\s*\{([^}]*)\}/);
+    expect(probeContextMatch, 'Expected to find ChannelProbeContext interface in channel-readiness-types.ts').not.toBeNull();
+    if (probeContextMatch) {
+      expect(
+        probeContextMatch[1],
+        'ChannelProbeContext must not contain assistantId',
+      ).not.toContain('assistantId');
+    }
+  });
+});

package/src/__tests__/call-controller.test.ts

@@ -56,10 +56,12 @@ mock.module('../config/loader.js', () => ({
 // ── Call constants mock ──────────────────────────────────────────────
 
 let mockConsultationTimeoutMs = 90_000;
+let mockSilenceTimeoutMs = 30_000;
 
 mock.module('../calls/call-constants.js', () => ({
   getMaxCallDurationMs: () => 12 * 60 * 1000,
   getUserConsultationTimeoutMs: () => mockConsultationTimeoutMs,
+  getSilenceTimeoutMs: () => mockSilenceTimeoutMs,
   SILENCE_TIMEOUT_MS: 30_000,
   MAX_CALL_DURATION_MS: 3600 * 1000,
   USER_CONSULTATION_TIMEOUT_MS: 120 * 1000,
@@ -154,6 +156,7 @@ interface MockRelay extends RelayConnection {
   sentTokens: Array<{ token: string; last: boolean }>;
   endCalled: boolean;
   endReason: string | undefined;
+  mockConnectionState: string;
 }
 
 function createMockRelay(): MockRelay {
@@ -161,12 +164,15 @@ function createMockRelay(): MockRelay {
     sentTokens: [] as Array<{ token: string; last: boolean }>,
     _endCalled: false,
     _endReason: undefined as string | undefined,
+    _connectionState: 'connected',
   };
 
   return {
     get sentTokens() { return state.sentTokens; },
     get endCalled() { return state._endCalled; },
     get endReason() { return state._endReason; },
+    get mockConnectionState() { return state._connectionState; },
+    set mockConnectionState(v: string) { state._connectionState = v; },
     sendTextToken(token: string, last: boolean) {
       state.sentTokens.push({ token, last });
     },
@@ -174,6 +180,9 @@ function createMockRelay(): MockRelay {
       state._endCalled = true;
       state._endReason = reason;
     },
+    getConnectionState() {
+      return state._connectionState;
+    },
   } as unknown as MockRelay;
 }
 
@@ -236,6 +245,7 @@ describe('call-controller', () => {
     mockStartVoiceTurn.mockImplementation(createMockVoiceTurn(['Hello', ' there']));
     // Reset consultation timeout to the default (long) value
     mockConsultationTimeoutMs = 90_000;
+    mockSilenceTimeoutMs = 30_000;
   });
 
   // ── handleCallerUtterance ─────────────────────────────────────────
@@ -1697,4 +1707,43 @@ describe('call-controller', () => {
 
     controller.destroy();
   });
+
+  // ── Silence suppression during guardian wait ──────────────────────
+
+  test('silence timeout suppressed during guardian wait: does not say "Are you still there?"', async () => {
+    mockSilenceTimeoutMs = 50; // Short timeout for testing
+    const { relay, controller } = setupController();
+
+    // Simulate guardian wait state on the relay
+    relay.mockConnectionState = 'awaiting_guardian_decision';
+
+    // Wait for the silence timeout to fire
+    await new Promise((r) => setTimeout(r, 200));
+
+    // "Are you still there?" should NOT have been sent
+    const silenceTokens = relay.sentTokens.filter((t) =>
+      t.token.includes('Are you still there?'),
+    );
+    expect(silenceTokens.length).toBe(0);
+
+    controller.destroy();
+  });
+
+  test('silence timeout fires normally when not in guardian wait', async () => {
+    mockSilenceTimeoutMs = 50; // Short timeout for testing
+    const { relay, controller } = setupController();
+
+    // Default connection state is 'connected' (not guardian wait)
+
+    // Wait for the silence timeout to fire
+    await new Promise((r) => setTimeout(r, 200));
+
+    // "Are you still there?" SHOULD have been sent
+    const silenceTokens = relay.sentTokens.filter((t) =>
+      t.token.includes('Are you still there?'),
+    );
+    expect(silenceTokens.length).toBe(1);
+
+    controller.destroy();
+  });
 });