@vellumai/assistant 0.4.29 → 0.4.31

package/src/runtime/http-server.ts

@@ -140,6 +140,7 @@ import {
   handleMergeContacts,
   handleUpdateContactChannel,
   handleUpsertContact,
+  handleVerifyContactChannel,
 } from "./routes/contact-routes.js";
 import { handleListConversationAttention } from "./routes/conversation-attention-routes.js";
 // Route handlers — grouped by domain
@@ -159,16 +160,6 @@ import {
 import { handleGuardianBootstrap } from "./routes/guardian-bootstrap-routes.js";
 import { handleGuardianRefresh } from "./routes/guardian-refresh-routes.js";
 import { handleGetIdentity, handleHealth } from "./routes/identity-routes.js";
-import {
-  handleBlockMember,
-  handleCreateInvite,
-  handleListInvites,
-  handleListMembers,
-  handleRedeemInvite,
-  handleRevokeInvite,
-  handleRevokeMember,
-  handleUpsertMember,
-} from "./routes/ingress-routes.js";
 import {
   handleCancelOutbound,
   handleClearSlackChannelConfig,
@@ -185,6 +176,12 @@ import {
   handleSetupTelegram,
   handleStartOutbound,
 } from "./routes/integration-routes.js";
+import {
+  handleCreateInvite,
+  handleListInvites,
+  handleRedeemInvite,
+  handleRevokeInvite,
+} from "./routes/invite-routes.js";
 import {
   handleMigrationExport,
   handleMigrationImport,
@@ -1133,64 +1130,50 @@ export class RuntimeHttpServer {
           handleUpdateContactChannel(req, params.id, authContext.assistantId),
       },
       {
-        endpoint: "contacts/:id",
-        method: "GET",
-        policyKey: "contacts",
-        handler: ({ params, authContext }) =>
-          handleGetContact(params.id, authContext.assistantId),
-      },
-
-      // ------------------------------------------------------------------
-      // Ingress contacts
-      // ------------------------------------------------------------------
-      {
-        endpoint: "ingress/members",
-        method: "GET",
-        handler: ({ url }) => handleListMembers(url),
-      },
-      {
-        endpoint: "ingress/members",
-        method: "POST",
-        handler: async ({ req }) => handleUpsertMember(req),
-      },
-      {
-        endpoint: "ingress/members/:id/block",
+        endpoint: "contacts/:contactId/channels/:channelId/verify",
         method: "POST",
-        policyKey: "ingress/members/block",
-        handler: async ({ req, params }) => handleBlockMember(req, params.id),
-      },
-      {
-        endpoint: "ingress/members/:id",
-        method: "DELETE",
-        policyKey: "ingress/members",
-        handler: async ({ req, params }) => handleRevokeMember(req, params.id),
+        policyKey: "contacts/channels",
+        handler: async ({ params, authContext }) =>
+          handleVerifyContactChannel(
+            params.contactId,
+            params.channelId,
+            authContext.assistantId,
+          ),
       },
 
       // ------------------------------------------------------------------
-      // Ingress invites
+      // Contacts invites — must precede contacts/:id to avoid shadowing
       // ------------------------------------------------------------------
       {
-        endpoint: "ingress/invites",
+        endpoint: "contacts/invites",
         method: "GET",
         handler: ({ url }) => handleListInvites(url),
       },
       {
-        endpoint: "ingress/invites",
+        endpoint: "contacts/invites",
         method: "POST",
         handler: async ({ req }) => handleCreateInvite(req),
       },
       {
-        endpoint: "ingress/invites/redeem",
+        endpoint: "contacts/invites/redeem",
         method: "POST",
         handler: async ({ req }) => handleRedeemInvite(req),
       },
       {
-        endpoint: "ingress/invites/:id",
+        endpoint: "contacts/invites/:id",
         method: "DELETE",
-        policyKey: "ingress/invites",
+        policyKey: "contacts/invites",
         handler: ({ params }) => handleRevokeInvite(params.id),
       },
 
+      {
+        endpoint: "contacts/:id",
+        method: "GET",
+        policyKey: "contacts",
+        handler: ({ params, authContext }) =>
+          handleGetContact(params.id, authContext.assistantId),
+      },
+
       // ------------------------------------------------------------------
       // Integrations — Telegram
       // ------------------------------------------------------------------

package/src/runtime/invite-redemption-service.ts

@@ -17,7 +17,7 @@ import {
   hashToken,
   markInviteExpired,
   recordInviteUse,
-} from "../memory/ingress-invite-store.js";
+} from "../memory/invite-store.js";
 import { canonicalizeInboundIdentity } from "../util/canonicalize-identity.js";
 import { hashVoiceCode } from "../util/voice-code.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "./assistant-scope.js";

package/src/runtime/{ingress-service.ts → invite-service.ts}

@@ -1,23 +1,14 @@
 /**
- * Shared business logic for ingress contact and invite management.
+ * Shared business logic for invite management.
  *
  * Extracted from the IPC handlers in daemon/handlers/config-inbox.ts so that
  * both the HTTP routes and the IPC handlers call the same logic.
+ *
+ * Member/contact operations have been migrated to the /v1/contacts and
+ * /v1/contacts/channels endpoints.
  */
 
 import { isChannelId } from "../channels/types.js";
-import { listContacts } from "../contacts/contact-store.js";
-import {
-  blockMember,
-  revokeMember,
-  upsertMember,
-} from "../contacts/contacts-write.js";
-import type {
-  ContactWithChannels,
-  ContactWriteResult,
-  MemberPolicy,
-  MemberStatus,
-} from "../contacts/types.js";
 import {
   createInvite,
   findByTokenHash,
@@ -26,10 +17,9 @@ import {
   type InviteStatus,
   listInvites,
   revokeInvite,
-} from "../memory/ingress-invite-store.js";
+} from "../memory/invite-store.js";
 import { isValidE164 } from "../util/phone.js";
 import { generateVoiceCode, hashVoiceCode } from "../util/voice-code.js";
-import { DAEMON_INTERNAL_ASSISTANT_ID } from "./assistant-scope.js";
 import { getTransport } from "./channel-invite-transport.js";
 import {
   type InviteRedemptionOutcome,
@@ -67,19 +57,6 @@ export interface InviteResponseData {
   createdAt: number;
 }
 
-export interface MemberResponseData {
-  id: string;
-  sourceChannel: string;
-  externalUserId?: string;
-  externalChatId?: string;
-  displayName?: string;
-  username?: string;
-  status: string;
-  policy: string;
-  lastSeenAt?: number;
-  createdAt: number;
-}
-
 // ---------------------------------------------------------------------------
 // Mappers
 // ---------------------------------------------------------------------------
@@ -133,41 +110,6 @@ function inviteToResponse(
   };
 }
 
-function writeResultToResponse(result: ContactWriteResult): MemberResponseData {
-  return {
-    id: `${result.contact.id}:${result.channel.id}`,
-    sourceChannel: result.channel.type,
-    externalUserId: result.channel.externalUserId ?? undefined,
-    externalChatId: result.channel.externalChatId ?? undefined,
-    displayName: result.contact.displayName,
-    username: undefined,
-    status:
-      result.channel.status === "unverified"
-        ? "pending"
-        : result.channel.status,
-    policy: result.channel.policy,
-    lastSeenAt: result.channel.lastSeenAt ?? undefined,
-    createdAt: result.channel.createdAt,
-  };
-}
-
-function contactToMemberResponse(
-  contact: ContactWithChannels,
-): MemberResponseData[] {
-  return contact.channels.map((ch) => ({
-    id: `${contact.id}:${ch.id}`,
-    sourceChannel: ch.type,
-    externalUserId: ch.externalUserId ?? undefined,
-    externalChatId: ch.externalChatId ?? undefined,
-    displayName: contact.displayName,
-    username: undefined,
-    status: ch.status,
-    policy: ch.policy,
-    lastSeenAt: ch.lastSeenAt ?? undefined,
-    createdAt: ch.createdAt,
-  }));
-}
-
 // ---------------------------------------------------------------------------
 // Result types
 // ---------------------------------------------------------------------------
@@ -347,97 +289,3 @@ export function redeemVoiceInviteCode(params: {
 }): VoiceRedemptionOutcome {
   return redeemVoiceInviteCodeTyped(params);
 }
-
-// ---------------------------------------------------------------------------
-// Contact operations
-// ---------------------------------------------------------------------------
-
-export function listIngressContacts(params: {
-  assistantId?: string;
-  sourceChannel?: string;
-  status?: string;
-  policy?: string;
-}): IngressResult<MemberResponseData[]> {
-  // Use uncapped: true since this internal path needs the full dataset
-  const allContacts = listContacts(
-    params.assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
-    Number.MAX_SAFE_INTEGER,
-    "contact",
-    { uncapped: true },
-  );
-  const members = allContacts.flatMap((c) => contactToMemberResponse(c));
-
-  const filtered = members.filter((m) => {
-    if (params.sourceChannel && m.sourceChannel !== params.sourceChannel)
-      return false;
-    if (params.status && m.status !== params.status) return false;
-    if (params.policy && m.policy !== params.policy) return false;
-    return true;
-  });
-
-  return { ok: true, data: filtered };
-}
-
-export function upsertIngressContact(params: {
-  sourceChannel?: string;
-  externalUserId?: string;
-  externalChatId?: string;
-  displayName?: string;
-  username?: string;
-  policy?: string;
-  status?: string;
-  assistantId?: string;
-}): IngressResult<MemberResponseData> {
-  if (!params.sourceChannel) {
-    return { ok: false, error: "sourceChannel is required for upsert" };
-  }
-  if (!params.externalUserId && !params.externalChatId) {
-    return {
-      ok: false,
-      error:
-        "At least one of externalUserId or externalChatId is required for upsert",
-    };
-  }
-  const result = upsertMember({
-    assistantId: params.assistantId,
-    sourceChannel: params.sourceChannel,
-    externalUserId: params.externalUserId,
-    externalChatId: params.externalChatId,
-    displayName: params.displayName,
-    username: params.username,
-    policy: params.policy as MemberPolicy | undefined,
-    status: params.status as MemberStatus | undefined,
-  });
-  if (!result) {
-    return { ok: false, error: "Failed to upsert member" };
-  }
-  return { ok: true, data: writeResultToResponse(result) };
-}
-
-export function revokeIngressContact(
-  memberId?: string,
-  reason?: string,
-): IngressResult<MemberResponseData> {
-  if (!memberId) {
-    return { ok: false, error: "memberId is required for revoke" };
-  }
-  const result = revokeMember(memberId, reason);
-  if (!result) {
-    return { ok: false, error: "Member not found or cannot be revoked" };
-  }
-  return { ok: true, data: writeResultToResponse(result) };
-}
-
-export function blockIngressContact(
-  memberId?: string,
-  reason?: string,
-): IngressResult<MemberResponseData> {
-  if (!memberId) {
-    return { ok: false, error: "memberId is required for block" };
-  }
-  const result = blockMember(memberId, reason);
-  if (!result) {
-    return { ok: false, error: "Member not found or already blocked" };
-  }
-  return { ok: true, data: writeResultToResponse(result) };
-}

package/src/runtime/nl-approval-parser.ts

@@ -0,0 +1,138 @@
+/**
+ * Natural language approval intent parser.
+ *
+ * Parses short inbound messages (e.g. from Slack) to determine whether the
+ * entire message expresses an approval, rejection, or timed-approval intent.
+ * Only matches when the full message is an approval/rejection phrase -- does
+ * NOT match partial intent inside longer sentences like "yes but also do X".
+ *
+ * This parser complements the existing `channel-approval-parser.ts`
+ * (deterministic phrase-map) by covering a broader set of colloquial
+ * patterns, emoji, and timed-approval variants.
+ */
+
+// ---------------------------------------------------------------------------
+// Public types
+// ---------------------------------------------------------------------------
+
+export type ApprovalDecision = "approve" | "reject" | "approve_10m";
+
+export interface ApprovalIntent {
+  decision: ApprovalDecision;
+  confidence: number;
+}
+
+// ---------------------------------------------------------------------------
+// Pattern definitions
+// ---------------------------------------------------------------------------
+
+/** Exact-match phrases (after normalization) for approval. */
+const APPROVE_EXACT: ReadonlySet<string> = new Set([
+  "yes",
+  "yep",
+  "yeah",
+  "yea",
+  "yup",
+  "approved",
+  "approve",
+  "go ahead",
+  "do it",
+  "sure",
+  "ok",
+  "okay",
+  "k",
+  "lgtm",
+  "sounds good",
+  "go for it",
+  "please",
+  "pls",
+  "y",
+  "\u{1F44D}", // 👍
+]);
+
+/** Exact-match phrases for rejection. */
+const REJECT_EXACT: ReadonlySet<string> = new Set([
+  "no",
+  "nope",
+  "nah",
+  "reject",
+  "rejected",
+  "denied",
+  "deny",
+  "don't",
+  "dont",
+  "cancel",
+  "stop",
+  "n",
+  "\u{1F44E}", // 👎
+]);
+
+/**
+ * Patterns for timed approval (e.g. "approve for 10 minutes", "yes for now").
+ * Matched after normalization.
+ */
+const TIMED_PATTERNS: readonly RegExp[] = [
+  /^(?:approve|yes|ok|okay|sure|yep|yeah|go ahead)\s+for\s+10\s*(?:min(?:utes?)?|m)$/,
+  /^(?:approve|yes|ok|okay|sure|yep|yeah)\s+for\s+now$/,
+  /^approve\s+10\s*(?:min(?:utes?)?|m)$/,
+];
+
+// ---------------------------------------------------------------------------
+// Normalization
+// ---------------------------------------------------------------------------
+
+/**
+ * Normalize input: lowercase, trim, strip `[ref:...]` disambiguation tags,
+ * strip trailing punctuation (except emoji), collapse internal whitespace.
+ */
+function normalize(text: string): string {
+  return text
+    .trim()
+    .toLowerCase()
+    .replace(/\[ref:[^\]]*\]/g, "")
+    .replace(/\s+/g, " ")
+    .replace(/[.!?,;:]+$/, "")
+    .trim();
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Parse a message for approval/rejection intent.
+ *
+ * Returns an `ApprovalIntent` when the entire message clearly expresses a
+ * single approval or rejection decision. Returns `null` when no intent is
+ * detected or when the message contains additional content beyond the
+ * decision phrase.
+ */
+export function parseApprovalIntent(text: string): ApprovalIntent | null {
+  const normalized = normalize(text);
+
+  if (normalized.length === 0) return null;
+
+  // Reject messages that are too long to be a simple decision phrase.
+  // This prevents matching approval words buried inside longer messages.
+  // The longest timed-approval phrase is ~30 chars; allow some padding.
+  if (normalized.length > 40) return null;
+
+  // Check timed approval patterns first (more specific).
+  for (const pattern of TIMED_PATTERNS) {
+    if (pattern.test(normalized)) {
+      return { decision: "approve_10m", confidence: 0.95 };
+    }
+  }
+
+  // Exact approval match.
+  if (APPROVE_EXACT.has(normalized)) {
+    return { decision: "approve", confidence: 0.95 };
+  }
+
+  // Exact rejection match.
+  if (REJECT_EXACT.has(normalized)) {
+    return { decision: "reject", confidence: 0.95 };
+  }
+
+  return null;
+}

package/src/runtime/routes/approval-routes.ts

@@ -8,57 +8,18 @@
  * header. Guardian decisions additionally verify that the actor is the
  * bound guardian.
  */
-import { isHttpAuthDisabled } from "../../config/env.js";
-import { findGuardianForChannel } from "../../contacts/contact-store.js";
 import { getConversationByKey } from "../../memory/conversation-key-store.js";
 import { addRule } from "../../permissions/trust-store.js";
 import type { UserDecision } from "../../permissions/types.js";
 import { getTool } from "../../tools/registry.js";
 import { getLogger } from "../../util/logger.js";
+import { requireBoundGuardian } from "../auth/require-bound-guardian.js";
 import type { AuthContext } from "../auth/types.js";
 import { httpError } from "../http-errors.js";
 import * as pendingInteractions from "../pending-interactions.js";
 
 const log = getLogger("approval-routes");
 
-/**
- * Verify the actor from AuthContext is the bound guardian for the vellum channel.
- * Returns an error Response if not, or null if allowed.
- */
-function requireBoundGuardian(authContext: AuthContext): Response | null {
-  // Dev bypass: when auth is disabled, skip guardian binding check
-  // (mirrors enforcePolicy dev bypass in route-policy.ts)
-  if (isHttpAuthDisabled()) {
-    return null;
-  }
-  if (!authContext.actorPrincipalId) {
-    return httpError(
-      "FORBIDDEN",
-      "Actor is not the bound guardian for this channel",
-      403,
-    );
-  }
-  const guardianResult = findGuardianForChannel(
-    "vellum",
-    authContext.assistantId,
-  );
-  if (!guardianResult) {
-    // No guardian yet — in pre-bootstrap state, allow through
-    return null;
-  }
-  if (
-    (guardianResult.channel.externalUserId ??
-      guardianResult.contact.principalId) !== authContext.actorPrincipalId
-  ) {
-    return httpError(
-      "FORBIDDEN",
-      "Actor is not the bound guardian for this channel",
-      403,
-    );
-  }
-  return null;
-}
-
 /**
  * POST /v1/confirm — resolve a pending confirmation by requestId.
  * Requires AuthContext with guardian-bound actor.

package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts

@@ -297,7 +297,8 @@ async function handleCallbackDecision(params: {
   const result = applyGuardianDecision({
     approval: guardianApproval,
     decision: callbackDecision,
-    actorExternalUserId: actorExternalId,
+    actorPrincipalId: undefined, // Callback path — principal not available at this layer
+    actorExternalUserId: actorExternalId, // Channel-native ID (Telegram user ID, phone, etc.)
     actorChannel: sourceChannel,
   });
 
@@ -491,7 +492,8 @@ async function handleConversationalDecision(params: {
   const result = applyGuardianDecision({
     approval: targetApproval,
     decision: engineDecision,
-    actorExternalUserId: actorExternalId,
+    actorPrincipalId: undefined, // Callback path — principal not available at this layer
+    actorExternalUserId: actorExternalId, // Channel-native ID (Telegram user ID, phone, etc.)
     actorChannel: sourceChannel,
   });
 
@@ -675,7 +677,8 @@ async function handleLegacyDecision(params: {
     const result = applyGuardianDecision({
       approval: targetLegacyApproval,
       decision: legacyGuardianDecision,
-      actorExternalUserId: actorExternalId,
+      actorPrincipalId: undefined, // Callback path — principal not available at this layer
+      actorExternalUserId: actorExternalId, // Channel-native ID (Telegram user ID, phone, etc.)
       actorChannel: sourceChannel,
     });
 

package/src/runtime/routes/channel-route-shared.ts

@@ -64,10 +64,44 @@ export function parseCallbackData(
   const source =
     sourceChannel === "whatsapp"
       ? ("whatsapp_button" as const)
-      : ("telegram_button" as const);
+      : sourceChannel === "slack"
+        ? ("slack_button" as const)
+        : ("telegram_button" as const);
   return { action: action as ApprovalAction, source, requestId };
 }
 
+// ---------------------------------------------------------------------------
+// Reaction callback data parser — format: "reaction:<emoji_name>"
+// ---------------------------------------------------------------------------
+
+/**
+ * Map of Slack emoji names to approval actions. Multiple emoji names can
+ * map to the same action to handle Slack's aliasing (e.g. `+1` and `thumbsup`
+ * both represent the thumbs-up emoji).
+ */
+const REACTION_EMOJI_MAP: ReadonlyMap<string, ApprovalAction> = new Map([
+  ["+1", "approve_once"],
+  ["thumbsup", "approve_once"],
+  ["-1", "reject"],
+  ["thumbsdown", "reject"],
+  ["alarm_clock", "approve_10m"],
+  ["white_check_mark", "approve_always"],
+]);
+
+/**
+ * Parse a `reaction:<emoji_name>` callback data string into an approval
+ * decision. Returns null if the emoji is not mapped to any action.
+ */
+export function parseReactionCallbackData(
+  data: string,
+): ApprovalDecisionResult | null {
+  if (!data.startsWith("reaction:")) return null;
+  const emoji = data.slice("reaction:".length);
+  const action = REACTION_EMOJI_MAP.get(emoji);
+  if (!action) return null;
+  return { action, source: "slack_reaction" };
+}
+
 // ---------------------------------------------------------------------------
 // Context builders
 // ---------------------------------------------------------------------------