@vellumai/assistant 0.4.3 → 0.4.4

package/src/runtime/actor-token-service.ts

@@ -0,0 +1,234 @@
+/**
+ * Actor-token mint/verify service.
+ *
+ * Mints HMAC-signed actor tokens bound to (assistantId, guardianPrincipalId,
+ * deviceId, platform). Only the SHA-256 hash of the token is persisted —
+ * the raw plaintext is returned to the caller once and never stored.
+ *
+ * Token format: base64url(JSON claims) + '.' + base64url(HMAC-SHA256 signature)
+ */
+
+import { createHash, createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
+import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+
+import { getLogger } from '../util/logger.js';
+import { getRootDir } from '../util/platform.js';
+
+const log = getLogger('actor-token-service');
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export interface ActorTokenClaims {
+  /** The assistant this token is scoped to. */
+  assistantId: string;
+  /** Platform: 'macos' | 'ios' */
+  platform: string;
+  /** Opaque device identifier (hashed for storage). */
+  deviceId: string;
+  /** The guardian principal this token is bound to. */
+  guardianPrincipalId: string;
+  /** Token issuance timestamp (epoch ms). */
+  iat: number;
+  /** Token expiration timestamp (epoch ms). Null means non-expiring. */
+  exp: number | null;
+  /** Random jti (JWT ID) for uniqueness. */
+  jti: string;
+}
+
+export interface MintResult {
+  /** The raw actor token string — returned once, never persisted. */
+  token: string;
+  /** SHA-256 hex hash of the token (for storage/lookup). */
+  tokenHash: string;
+  /** The decoded claims. */
+  claims: ActorTokenClaims;
+}
+
+export type VerifyResult =
+  | { ok: true; claims: ActorTokenClaims }
+  | { ok: false; reason: string };
+
+// ---------------------------------------------------------------------------
+// Signing key management
+// ---------------------------------------------------------------------------
+
+let signingKey: Buffer | null = null;
+
+/**
+ * Path to the persisted signing key file.
+ * Stored in the protected directory alongside other sensitive material.
+ */
+function getSigningKeyPath(): string {
+  return join(getRootDir(), 'protected', 'actor-token-signing-key');
+}
+
+/**
+ * Load a signing key from disk or generate and persist a new one.
+ * Uses the same atomic-write + chmod 0o600 pattern as approved-devices-store.ts.
+ */
+export function loadOrCreateSigningKey(): Buffer {
+  const keyPath = getSigningKeyPath();
+
+  // Try to load existing key
+  if (existsSync(keyPath)) {
+    try {
+      const raw = readFileSync(keyPath);
+      if (raw.length === 32) {
+        log.info('Actor-token signing key loaded from disk');
+        return raw;
+      }
+      log.warn('Signing key file has unexpected length, regenerating');
+    } catch (err) {
+      log.warn({ err }, 'Failed to read signing key file, regenerating');
+    }
+  }
+
+  // Generate and persist a new key
+  const newKey = randomBytes(32);
+  const dir = dirname(keyPath);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  const tmpPath = keyPath + '.tmp.' + process.pid;
+  writeFileSync(tmpPath, newKey, { mode: 0o600 });
+  renameSync(tmpPath, keyPath);
+  chmodSync(keyPath, 0o600);
+
+  log.info('Actor-token signing key generated and persisted');
+  return newKey;
+}
+
+/**
+ * Initialize (or reinitialize) the signing key. Called at daemon startup
+ * with a key loaded from disk via loadOrCreateSigningKey(), or by tests
+ * with a deterministic key.
+ */
+export function initSigningKey(key: Buffer): void {
+  signingKey = key;
+}
+
+function getSigningKey(): Buffer {
+  if (!signingKey) {
+    throw new Error('Actor-token signing key not initialized — call initSigningKey() during startup');
+  }
+  return signingKey;
+}
+
+// ---------------------------------------------------------------------------
+// Base64url helpers
+// ---------------------------------------------------------------------------
+
+function base64urlEncode(data: Buffer | string): string {
+  const buf = typeof data === 'string' ? Buffer.from(data, 'utf-8') : data;
+  return buf.toString('base64url');
+}
+
+function base64urlDecode(str: string): Buffer {
+  return Buffer.from(str, 'base64url');
+}
+
+// ---------------------------------------------------------------------------
+// Hashing
+// ---------------------------------------------------------------------------
+
+/** SHA-256 hex digest of a raw token string. */
+export function hashToken(token: string): string {
+  return createHash('sha256').update(token).digest('hex');
+}
+
+// ---------------------------------------------------------------------------
+// Mint
+// ---------------------------------------------------------------------------
+
+/** Default TTL for actor tokens: 90 days in milliseconds. */
+const DEFAULT_TOKEN_TTL_MS = 90 * 24 * 60 * 60 * 1000;
+
+/**
+ * Mint a new actor token.
+ *
+ * @param params Token claims (assistantId, platform, deviceId, guardianPrincipalId).
+ * @param ttlMs  Optional TTL in milliseconds. Defaults to 90 days.
+ *               Pass `null` explicitly for a non-expiring token.
+ * @returns The raw token, its hash, and the embedded claims.
+ */
+export function mintActorToken(params: {
+  assistantId: string;
+  platform: string;
+  deviceId: string;
+  guardianPrincipalId: string;
+  ttlMs?: number | null;
+}): MintResult {
+  const now = Date.now();
+  const effectiveTtl = params.ttlMs === undefined ? DEFAULT_TOKEN_TTL_MS : params.ttlMs;
+  const claims: ActorTokenClaims = {
+    assistantId: params.assistantId,
+    platform: params.platform,
+    deviceId: params.deviceId,
+    guardianPrincipalId: params.guardianPrincipalId,
+    iat: now,
+    exp: effectiveTtl != null ? now + effectiveTtl : null,
+    jti: randomBytes(16).toString('hex'),
+  };
+
+  const payload = base64urlEncode(JSON.stringify(claims));
+  const sig = createHmac('sha256', getSigningKey())
+    .update(payload)
+    .digest();
+  const token = payload + '.' + base64urlEncode(sig);
+  const tokenHash = hashToken(token);
+
+  return { token, tokenHash, claims };
+}
+
+// ---------------------------------------------------------------------------
+// Verify
+// ---------------------------------------------------------------------------
+
+/**
+ * Verify an actor token's structural integrity and signature.
+ *
+ * Does NOT check revocation — callers must additionally verify the
+ * token hash exists in the actor-token store with status='active'.
+ */
+export function verifyActorToken(token: string): VerifyResult {
+  const dotIndex = token.indexOf('.');
+  if (dotIndex < 0) {
+    return { ok: false, reason: 'malformed_token' };
+  }
+
+  const payload = token.slice(0, dotIndex);
+  const sigPart = token.slice(dotIndex + 1);
+
+  // Recompute HMAC
+  const expectedSig = createHmac('sha256', getSigningKey())
+    .update(payload)
+    .digest();
+  const actualSig = base64urlDecode(sigPart);
+
+  if (expectedSig.length !== actualSig.length) {
+    return { ok: false, reason: 'invalid_signature' };
+  }
+
+  // Constant-time comparison
+  if (!timingSafeEqual(expectedSig, actualSig)) {
+    return { ok: false, reason: 'invalid_signature' };
+  }
+
+  let claims: ActorTokenClaims;
+  try {
+    const decoded = base64urlDecode(payload).toString('utf-8');
+    claims = JSON.parse(decoded) as ActorTokenClaims;
+  } catch {
+    return { ok: false, reason: 'malformed_claims' };
+  }
+
+  // Expiration check
+  if (claims.exp != null && Date.now() > claims.exp) {
+    return { ok: false, reason: 'token_expired' };
+  }
+
+  return { ok: true, claims };
+}

package/src/runtime/actor-token-store.ts

@@ -0,0 +1,236 @@
+/**
+ * Hash-only actor token persistence.
+ *
+ * Stores only the SHA-256 hash of each actor token alongside metadata
+ * (assistantId, guardianPrincipalId, deviceId hash, platform, status).
+ * The raw token plaintext is never stored.
+ *
+ * Uses the assistant SQLite database via drizzle-orm.
+ */
+
+import { and, eq } from 'drizzle-orm';
+import { v4 as uuid } from 'uuid';
+
+import { getDb } from '../memory/db.js';
+import { actorTokenRecords } from '../memory/schema.js';
+import { getLogger } from '../util/logger.js';
+
+const log = getLogger('actor-token-store');
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export type ActorTokenStatus = 'active' | 'revoked';
+
+export interface ActorTokenRecord {
+  id: string;
+  tokenHash: string;
+  assistantId: string;
+  guardianPrincipalId: string;
+  hashedDeviceId: string;
+  platform: string;
+  status: ActorTokenStatus;
+  issuedAt: number;
+  expiresAt: number | null;
+  createdAt: number;
+  updatedAt: number;
+}
+
+// ---------------------------------------------------------------------------
+// Operations
+// ---------------------------------------------------------------------------
+
+/**
+ * Store a new actor token record (hash-only).
+ */
+export function createActorTokenRecord(params: {
+  tokenHash: string;
+  assistantId: string;
+  guardianPrincipalId: string;
+  hashedDeviceId: string;
+  platform: string;
+  issuedAt: number;
+  expiresAt?: number | null;
+}): ActorTokenRecord {
+  const db = getDb();
+  const now = Date.now();
+  const id = uuid();
+
+  const row = {
+    id,
+    tokenHash: params.tokenHash,
+    assistantId: params.assistantId,
+    guardianPrincipalId: params.guardianPrincipalId,
+    hashedDeviceId: params.hashedDeviceId,
+    platform: params.platform,
+    status: 'active' as const,
+    issuedAt: params.issuedAt,
+    expiresAt: params.expiresAt ?? null,
+    createdAt: now,
+    updatedAt: now,
+  };
+
+  db.insert(actorTokenRecords).values(row).run();
+  log.info({ id, assistantId: params.assistantId, platform: params.platform }, 'Actor token record created');
+
+  return row;
+}
+
+/**
+ * Look up an active actor token record by its hash.
+ */
+export function findActiveByTokenHash(tokenHash: string): ActorTokenRecord | null {
+  const db = getDb();
+  const row = db
+    .select()
+    .from(actorTokenRecords)
+    .where(
+      and(
+        eq(actorTokenRecords.tokenHash, tokenHash),
+        eq(actorTokenRecords.status, 'active'),
+      ),
+    )
+    .get();
+
+  return row ? rowToRecord(row) : null;
+}
+
+/**
+ * Find an active token for a specific (assistantId, guardianPrincipalId, deviceId).
+ * Used for idempotent bootstrap — if an active token already exists for this
+ * device binding, we can revoke-and-remint or return the existing record.
+ */
+export function findActiveByDeviceBinding(
+  assistantId: string,
+  guardianPrincipalId: string,
+  hashedDeviceId: string,
+): ActorTokenRecord | null {
+  const db = getDb();
+  const row = db
+    .select()
+    .from(actorTokenRecords)
+    .where(
+      and(
+        eq(actorTokenRecords.assistantId, assistantId),
+        eq(actorTokenRecords.guardianPrincipalId, guardianPrincipalId),
+        eq(actorTokenRecords.hashedDeviceId, hashedDeviceId),
+        eq(actorTokenRecords.status, 'active'),
+      ),
+    )
+    .get();
+
+  return row ? rowToRecord(row) : null;
+}
+
+/**
+ * Revoke all active tokens for a given device binding.
+ * Called before minting a new token to ensure one-active-per-device.
+ */
+export function revokeByDeviceBinding(
+  assistantId: string,
+  guardianPrincipalId: string,
+  hashedDeviceId: string,
+): number {
+  const db = getDb();
+  const now = Date.now();
+
+  const condition = and(
+    eq(actorTokenRecords.assistantId, assistantId),
+    eq(actorTokenRecords.guardianPrincipalId, guardianPrincipalId),
+    eq(actorTokenRecords.hashedDeviceId, hashedDeviceId),
+    eq(actorTokenRecords.status, 'active'),
+  );
+
+  // Count matching rows before the update since drizzle's bun-sqlite
+  // .run() does not expose the underlying changes count in its types.
+  const matching = db
+    .select({ id: actorTokenRecords.id })
+    .from(actorTokenRecords)
+    .where(condition)
+    .all();
+
+  if (matching.length === 0) return 0;
+
+  db.update(actorTokenRecords)
+    .set({ status: 'revoked', updatedAt: now })
+    .where(condition)
+    .run();
+
+  return matching.length;
+}
+
+/**
+ * Find all active actor token records for a given (assistantId, guardianPrincipalId).
+ * Used for multi-device guardian fanout — returns all bound devices (macOS, iOS, etc.)
+ * so notification targeting can reach every device for the same guardian identity.
+ */
+export function findActiveByGuardianPrincipalId(
+  assistantId: string,
+  guardianPrincipalId: string,
+): ActorTokenRecord[] {
+  const db = getDb();
+  const rows = db
+    .select()
+    .from(actorTokenRecords)
+    .where(
+      and(
+        eq(actorTokenRecords.assistantId, assistantId),
+        eq(actorTokenRecords.guardianPrincipalId, guardianPrincipalId),
+        eq(actorTokenRecords.status, 'active'),
+      ),
+    )
+    .all();
+
+  return rows.map(rowToRecord);
+}
+
+/**
+ * Revoke a single token by its hash.
+ */
+export function revokeByTokenHash(tokenHash: string): boolean {
+  const db = getDb();
+  const now = Date.now();
+
+  const condition = and(
+    eq(actorTokenRecords.tokenHash, tokenHash),
+    eq(actorTokenRecords.status, 'active'),
+  );
+
+  // Check existence before update since drizzle's bun-sqlite .run()
+  // does not expose the underlying changes count in its types.
+  const existing = db
+    .select({ id: actorTokenRecords.id })
+    .from(actorTokenRecords)
+    .where(condition)
+    .get();
+
+  if (!existing) return false;
+
+  db.update(actorTokenRecords)
+    .set({ status: 'revoked', updatedAt: now })
+    .where(condition)
+    .run();
+
+  return true;
+}
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function rowToRecord(row: typeof actorTokenRecords.$inferSelect): ActorTokenRecord {
+  return {
+    id: row.id,
+    tokenHash: row.tokenHash,
+    assistantId: row.assistantId,
+    guardianPrincipalId: row.guardianPrincipalId,
+    hashedDeviceId: row.hashedDeviceId,
+    platform: row.platform,
+    status: row.status as ActorTokenStatus,
+    issuedAt: row.issuedAt,
+    expiresAt: row.expiresAt,
+    createdAt: row.createdAt,
+    updatedAt: row.updatedAt,
+  };
+}

package/src/runtime/channel-approvals.ts

@@ -151,11 +151,13 @@ export function handleChannelDecision(
     if (
       details &&
       details.persistentDecisionsAllowed !== false &&
-      details.allowlistOptions?.length &&
-      details.scopeOptions?.length
+      details.allowlistOptions?.length
     ) {
       const pattern = details.allowlistOptions[0].pattern;
-      const scope = details.scopeOptions[0].scope;
+      // Non-scoped tools (web_fetch, network_request, etc.) have empty
+      // scopeOptions — default to 'everywhere' so approve_always still
+      // persists a trust rule instead of silently degrading to one-time.
+      const scope = details.scopeOptions?.length ? details.scopeOptions[0].scope : 'everywhere';
       // Only persist executionTarget for skill-origin tools — core tools don't
       // set it in their PolicyContext, so a persisted value would prevent the
       // rule from ever matching on subsequent permission checks.

package/src/runtime/channel-readiness-service.ts

@@ -31,41 +31,15 @@ function hasIngressConfigured(): boolean {
   }
 }
 
-function getAssistantMappedPhoneNumber(
-  smsConfig: Record<string, unknown>,
-  assistantId?: string,
-): string | undefined {
-  if (!assistantId) return undefined;
-  const mapping = (smsConfig.assistantPhoneNumbers as Record<string, string> | undefined) ?? {};
-  return mapping[assistantId];
-}
-
-function hasAnyAssistantMappedPhoneNumber(smsConfig: Record<string, unknown>): boolean {
-  const mapping = (smsConfig.assistantPhoneNumbers as Record<string, string> | undefined) ?? {};
-  return Object.keys(mapping).length > 0;
-}
-
-function hasAnyAssistantMappedPhoneNumberSafe(): boolean {
-  try {
-    const raw = loadRawConfig();
-    const smsConfig = (raw?.sms ?? {}) as Record<string, unknown>;
-    return hasAnyAssistantMappedPhoneNumber(smsConfig);
-  } catch {
-    return false;
-  }
-}
-
 /**
  * Resolve SMS from-number with canonical precedence:
- * assistant mapping -> env override -> config sms.phoneNumber -> secure key fallback.
+ * env override -> config sms.phoneNumber -> secure key fallback.
  */
-function resolveSmsPhoneNumber(assistantId?: string): string {
+function resolveSmsPhoneNumber(): string {
   try {
     const raw = loadRawConfig();
     const smsConfig = (raw?.sms ?? {}) as Record<string, unknown>;
-    const mapped = getAssistantMappedPhoneNumber(smsConfig, assistantId);
-    return mapped
-      || getTwilioPhoneNumberEnv()
+    return getTwilioPhoneNumberEnv()
       || (smsConfig.phoneNumber as string)
       || getSecureKey('credential:twilio:phone_number')
       || '';
@@ -78,7 +52,7 @@ function resolveSmsPhoneNumber(assistantId?: string): string {
 
 const smsProbe: ChannelProbe = {
   channel: 'sms',
-  runLocalChecks(context?: ChannelProbeContext): ReadinessCheckResult[] {
+  runLocalChecks(): ReadinessCheckResult[] {
     const results: ReadinessCheckResult[] = [];
 
     const hasCreds = hasTwilioCredentials();
@@ -90,18 +64,14 @@ const smsProbe: ChannelProbe = {
         : 'Twilio Account SID and Auth Token are not configured',
     });
 
-    const resolvedNumber = resolveSmsPhoneNumber(context?.assistantId);
-    const hasPhone = !!resolvedNumber || (!context?.assistantId && hasAnyAssistantMappedPhoneNumberSafe());
+    const resolvedNumber = resolveSmsPhoneNumber();
+    const hasPhone = !!resolvedNumber;
     results.push({
       name: 'phone_number',
       passed: hasPhone,
       message: hasPhone
-        ? (context?.assistantId && !resolvedNumber
-          ? `Assistant ${context.assistantId} has no direct mapping, but SMS phone numbers are assigned`
-          : 'Phone number is assigned')
-        : (context?.assistantId
-          ? `No phone number assigned for assistant ${context.assistantId}`
-          : 'No phone number assigned'),
+        ? 'Phone number is assigned'
+        : 'No phone number assigned',
     });
 
     const hasIngress = hasIngressConfigured();
@@ -115,14 +85,14 @@ const smsProbe: ChannelProbe = {
 
     return results;
   },
-  async runRemoteChecks(context?: ChannelProbeContext): Promise<ReadinessCheckResult[]> {
+  async runRemoteChecks(): Promise<ReadinessCheckResult[]> {
     if (!hasTwilioCredentials()) return [];
 
     const accountSid = getSecureKey('credential:twilio:account_sid');
     const authToken = getSecureKey('credential:twilio:auth_token');
     if (!accountSid || !authToken) return [];
 
-    const phoneNumber = resolveSmsPhoneNumber(context?.assistantId);
+    const phoneNumber = resolveSmsPhoneNumber();
     if (!phoneNumber) return [];
 
     // Only toll-free numbers need verification checks
@@ -170,18 +140,16 @@ const smsProbe: ChannelProbe = {
 
 /**
  * Resolve voice from-number with the same precedence as SMS:
- * assistant mapping -> env override -> config sms.phoneNumber -> secure key fallback.
+ * env override -> config sms.phoneNumber -> secure key fallback.
  *
  * Voice and SMS share the same Twilio phone number infrastructure, so the
  * resolution logic is identical to resolveSmsPhoneNumber.
  */
-function resolveVoicePhoneNumber(assistantId?: string): string {
+function resolveVoicePhoneNumber(): string {
   try {
     const raw = loadRawConfig();
     const smsConfig = (raw?.sms ?? {}) as Record<string, unknown>;
-    const mapped = getAssistantMappedPhoneNumber(smsConfig, assistantId);
-    return mapped
-      || getTwilioPhoneNumberEnv()
+    return getTwilioPhoneNumberEnv()
       || (smsConfig.phoneNumber as string)
       || getSecureKey('credential:twilio:phone_number')
       || '';
@@ -194,7 +162,7 @@ function resolveVoicePhoneNumber(assistantId?: string): string {
 
 const voiceProbe: ChannelProbe = {
   channel: 'voice',
-  runLocalChecks(context?: ChannelProbeContext): ReadinessCheckResult[] {
+  runLocalChecks(): ReadinessCheckResult[] {
     const results: ReadinessCheckResult[] = [];
 
     const hasCreds = hasTwilioCredentials();
@@ -206,18 +174,14 @@ const voiceProbe: ChannelProbe = {
         : 'Twilio Account SID and Auth Token are not configured',
     });
 
-    const resolvedNumber = resolveVoicePhoneNumber(context?.assistantId);
-    const hasPhone = !!resolvedNumber || (!context?.assistantId && hasAnyAssistantMappedPhoneNumberSafe());
+    const resolvedNumber = resolveVoicePhoneNumber();
+    const hasPhone = !!resolvedNumber;
     results.push({
       name: 'phone_number',
       passed: hasPhone,
       message: hasPhone
-        ? (context?.assistantId && !resolvedNumber
-          ? `Assistant ${context.assistantId} has no direct mapping, but phone numbers are assigned`
-          : 'Phone number is assigned for voice calls')
-        : (context?.assistantId
-          ? `No phone number assigned for assistant ${context.assistantId}`
-          : 'No phone number assigned for voice calls'),
+        ? 'Phone number is assigned for voice calls'
+        : 'No phone number assigned for voice calls',
     });
 
     const hasIngress = hasIngressConfigured();
@@ -290,7 +254,6 @@ export class ChannelReadinessService {
   async getReadiness(
     channel?: ChannelId,
     includeRemote?: boolean,
-    assistantId?: string,
   ): Promise<ChannelReadinessSnapshot[]> {
     const channels = channel
       ? [channel]
@@ -304,14 +267,14 @@ export class ChannelReadinessService {
         continue;
       }
 
-      const probeContext: ChannelProbeContext = { assistantId };
+      const probeContext: ChannelProbeContext = {};
       const localChecks = probe.runLocalChecks(probeContext);
       let remoteChecks: ReadinessCheckResult[] | undefined;
       let remoteChecksFreshlyFetched = false;
       let remoteChecksAffectReadiness = false;
       let stale = false;
 
-      const cacheKey = this.snapshotCacheKey(ch, assistantId);
+      const cacheKey = this.snapshotCacheKey(ch);
       const cached = this.snapshots.get(cacheKey);
       const now = Date.now();
 
@@ -372,11 +335,7 @@ export class ChannelReadinessService {
   }
 
   /** Clear cached snapshot for a specific channel, forcing re-evaluation on next call. */
-  invalidateChannel(channel: ChannelId, assistantId?: string): void {
-    if (assistantId) {
-      this.snapshots.delete(this.snapshotCacheKey(channel, assistantId));
-      return;
-    }
+  invalidateChannel(channel: ChannelId): void {
     const prefix = `${channel}::`;
     for (const key of this.snapshots.keys()) {
       if (key.startsWith(prefix)) {
@@ -401,8 +360,8 @@ export class ChannelReadinessService {
     };
   }
 
-  private snapshotCacheKey(channel: ChannelId, assistantId?: string): string {
-    return `${channel}::${assistantId ?? '__default__'}`;
+  private snapshotCacheKey(channel: ChannelId): string {
+    return `${channel}::__default__`;
   }
 }
 

package/src/runtime/channel-readiness-types.ts

@@ -22,10 +22,9 @@ export interface ChannelReadinessSnapshot {
   remoteChecks?: ReadinessCheckResult[];
 }
 
-/** Optional probe context for assistant-scoped readiness checks. */
-export interface ChannelProbeContext {
-  assistantId?: string;
-}
+/** Optional probe context for readiness checks. */
+// eslint-disable-next-line @typescript-eslint/no-empty-object-type
+export interface ChannelProbeContext {}
 
 /** Probe interface that channels implement to provide readiness checks. */
 export interface ChannelProbe {