@vellumai/assistant 0.4.3 → 0.4.4

package/src/__tests__/call-pointer-no-hardcoded-copy.guard.test.ts

@@ -0,0 +1,42 @@
+/**
+ * Guard test: prevent reintroduction of hard-coded pointer copy in
+ * relay-server.ts, call-controller.ts, and call-domain.ts.
+ *
+ * Deterministic fallback literals should only exist in the pointer
+ * composer file (call-pointer-message-composer.ts). The call-site
+ * files should route through addPointerMessage() exclusively.
+ */
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+
+import { describe, expect, test } from 'bun:test';
+
+const srcDir = join(import.meta.dir, '..');
+
+// These files must NOT contain inline pointer copy strings.
+const guardedFiles = [
+  'calls/relay-server.ts',
+  'calls/call-controller.ts',
+  'calls/call-domain.ts',
+];
+
+// Patterns that indicate inline pointer copy rather than routing through
+// addPointerMessage. We check for the distinctive emoji + "Call to" prefix
+// that the old hard-coded templates used.
+const forbiddenPatterns = [
+  /["\u{1F4DE}].*Call to.*(?:started|completed|failed)/u,
+  /["\u{2705}].*Guardian verification.*succeeded/u,
+  /["\u{274C}].*Guardian verification.*failed/u,
+];
+
+describe('no hardcoded pointer copy in call-site files', () => {
+  for (const file of guardedFiles) {
+    test(`${file} does not contain inline pointer copy`, () => {
+      const content = readFileSync(join(srcDir, file), 'utf-8');
+      for (const pattern of forbiddenPatterns) {
+        const match = pattern.exec(content);
+        expect(match).toBeNull();
+      }
+    });
+  }
+});

package/src/__tests__/callback-handoff-copy.test.ts

@@ -0,0 +1,186 @@
+/**
+ * Tests for the callback handoff notification fallback copy template.
+ *
+ * Verifies that the `ingress.access_request.callback_handoff` template in
+ * copy-composer.ts renders caller identity, request code, and trusted-contact
+ * member reference correctly — including graceful fallback when fields are missing.
+ */
+import { describe, expect, test } from 'bun:test';
+
+import { composeFallbackCopy } from '../notifications/copy-composer.js';
+import type { NotificationSignal } from '../notifications/signal.js';
+
+function buildSignal(payloadOverrides: Record<string, unknown> = {}): NotificationSignal {
+  return {
+    signalId: 'test-signal-1',
+    assistantId: 'self',
+    createdAt: Date.now(),
+    sourceChannel: 'voice',
+    sourceSessionId: 'test-session-1',
+    sourceEventName: 'ingress.access_request.callback_handoff',
+    contextPayload: {
+      requestId: 'req-123',
+      requestCode: null,
+      callSessionId: 'call-456',
+      sourceChannel: 'voice',
+      reason: 'timeout',
+      callbackOptIn: true,
+      callerPhoneNumber: '+15551234567',
+      callerName: null,
+      requesterExternalUserId: '+15551234567',
+      requesterChatId: '+15551234567',
+      requesterMemberId: null,
+      requesterMemberSourceChannel: null,
+      ...payloadOverrides,
+    },
+    attentionHints: {
+      requiresAction: false,
+      urgency: 'medium',
+      isAsyncBackground: true,
+      visibleInSourceNow: false,
+    },
+  };
+}
+
+describe('callback handoff copy template', () => {
+  test('renders caller name and phone when both are present', () => {
+    const signal = buildSignal({
+      callerName: 'Alice',
+      callerPhoneNumber: '+15551234567',
+    });
+    const result = composeFallbackCopy(signal, ['vellum']);
+    const copy = result.vellum!;
+
+    expect(copy.title).toBe('Callback Requested');
+    expect(copy.body).toContain('Alice (+15551234567)');
+    expect(copy.body).toContain('callback');
+    expect(copy.body).toContain('unreachable');
+  });
+
+  test('renders phone number only when caller name is missing', () => {
+    const signal = buildSignal({
+      callerName: null,
+      callerPhoneNumber: '+15559876543',
+    });
+    const result = composeFallbackCopy(signal, ['vellum']);
+    const copy = result.vellum!;
+
+    expect(copy.body).toContain('+15559876543');
+    expect(copy.body).not.toContain('null');
+  });
+
+  test('renders caller name only when phone is missing', () => {
+    const signal = buildSignal({
+      callerName: 'Bob',
+      callerPhoneNumber: null,
+    });
+    const result = composeFallbackCopy(signal, ['vellum']);
+    const copy = result.vellum!;
+
+    expect(copy.body).toContain('Bob');
+  });
+
+  test('falls back to "An unknown caller" when both name and phone are missing', () => {
+    const signal = buildSignal({
+      callerName: null,
+      callerPhoneNumber: null,
+    });
+    const result = composeFallbackCopy(signal, ['vellum']);
+    const copy = result.vellum!;
+
+    expect(copy.body).toContain('An unknown caller');
+  });
+
+  test('includes request code when present', () => {
+    const signal = buildSignal({
+      callerName: 'Charlie',
+      callerPhoneNumber: '+15551111111',
+      requestCode: 'a1b2c3',
+    });
+    const result = composeFallbackCopy(signal, ['vellum']);
+    const copy = result.vellum!;
+
+    expect(copy.body).toContain('A1B2C3');
+  });
+
+  test('omits request code line when not present', () => {
+    const signal = buildSignal({
+      callerName: 'Charlie',
+      callerPhoneNumber: '+15551111111',
+      requestCode: null,
+    });
+    const result = composeFallbackCopy(signal, ['vellum']);
+    const copy = result.vellum!;
+
+    expect(copy.body).not.toContain('Request code');
+  });
+
+  test('includes trusted-contact member reference when requesterMemberId is present', () => {
+    const signal = buildSignal({
+      callerName: 'Diana',
+      callerPhoneNumber: '+15552222222',
+      requesterMemberId: 'member-789',
+    });
+    const result = composeFallbackCopy(signal, ['vellum']);
+    const copy = result.vellum!;
+
+    expect(copy.body).toContain('trusted contact');
+    expect(copy.body).toContain('member-789');
+  });
+
+  test('omits member reference line when requesterMemberId is null', () => {
+    const signal = buildSignal({
+      callerName: 'Eve',
+      callerPhoneNumber: '+15553333333',
+      requesterMemberId: null,
+    });
+    const result = composeFallbackCopy(signal, ['vellum']);
+    const copy = result.vellum!;
+
+    expect(copy.body).not.toContain('trusted contact');
+    expect(copy.body).not.toContain('member');
+  });
+
+  test('telegram channel gets deliveryText fallback', () => {
+    const signal = buildSignal({
+      callerName: 'Frank',
+      callerPhoneNumber: '+15554444444',
+    });
+    const result = composeFallbackCopy(signal, ['telegram']);
+    const copy = result.telegram!;
+
+    expect(copy.deliveryText).toBeDefined();
+    expect(copy.deliveryText!.length).toBeGreaterThan(0);
+    expect(copy.deliveryText).toContain('Frank');
+  });
+
+  test('sms channel gets deliveryText fallback', () => {
+    const signal = buildSignal({
+      callerName: 'Grace',
+      callerPhoneNumber: '+15555555555',
+    });
+    const result = composeFallbackCopy(signal, ['sms']);
+    const copy = result.sms!;
+
+    expect(copy.deliveryText).toBeDefined();
+    expect(copy.deliveryText!.length).toBeGreaterThan(0);
+  });
+
+  test('full payload renders all fields correctly', () => {
+    const signal = buildSignal({
+      callerName: 'Hank',
+      callerPhoneNumber: '+15556666666',
+      requestCode: 'ff00aa',
+      requesterMemberId: 'member-full-test',
+    });
+    const result = composeFallbackCopy(signal, ['vellum']);
+    const copy = result.vellum!;
+
+    expect(copy.title).toBe('Callback Requested');
+    expect(copy.body).toContain('Hank (+15556666666)');
+    expect(copy.body).toContain('FF00AA');
+    expect(copy.body).toContain('member-full-test');
+    expect(copy.body).toContain('callback');
+    expect(copy.body).toContain('unreachable');
+  });
+});

package/src/__tests__/channel-approval-routes.test.ts

@@ -1319,11 +1319,12 @@ describe('assistant-scoped guardian verification via handleChannelInbound', () =
     deliverSpy.mockRestore();
   });
 
-  test('verification code with explicit assistantId resolves against that assistant', async () => {
+  test('verification code with explicit assistantId resolves against canonical scope', async () => {
     const { createVerificationChallenge } = await import('../runtime/channel-guardian-service.js');
     const { getGuardianBinding } = await import('../runtime/channel-guardian-service.js');
 
-    const { secret } = createVerificationChallenge('asst-route-X', 'telegram');
+    // All assistant IDs canonicalize to 'self' in the single-tenant daemon
+    const { secret } = createVerificationChallenge('self', 'telegram');
 
     const deliverSpy = spyOn(gatewayClient, 'deliverChannelReply').mockResolvedValue(undefined);
 
@@ -1338,17 +1339,18 @@ describe('assistant-scoped guardian verification via handleChannelInbound', () =
     expect(body.accepted).toBe(true);
     expect(body.guardianVerification).toBe('verified');
 
-    const bindingX = getGuardianBinding('asst-route-X', 'telegram');
+    const bindingX = getGuardianBinding('self', 'telegram');
     expect(bindingX).not.toBeNull();
     expect(bindingX!.guardianExternalUserId).toBe('user-for-asst-x');
 
     deliverSpy.mockRestore();
   });
 
-  test('cross-assistant challenge code does not verify against a different assistant scope', async () => {
+  test('all assistant IDs share canonical scope for verification', async () => {
     const { createVerificationChallenge } = await import('../runtime/channel-guardian-service.js');
 
-    const { secret } = createVerificationChallenge('asst-A-cross', 'telegram');
+    // Both IDs canonicalize to 'self', so the challenge is found
+    const { secret } = createVerificationChallenge('self', 'telegram');
 
     const deliverSpy = spyOn(gatewayClient, 'deliverChannelReply').mockResolvedValue(undefined);
 
@@ -1361,19 +1363,19 @@ describe('assistant-scoped guardian verification via handleChannelInbound', () =
     const body = await res.json() as Record<string, unknown>;
 
     expect(body.accepted).toBe(true);
-    expect(body.guardianVerification).toBeUndefined();
+    expect(body.guardianVerification).toBe('verified');
 
     deliverSpy.mockRestore();
   });
 
-  test('non-self assistant inbound does not mutate assistant-agnostic external bindings', async () => {
+  test('inbound with explicit assistantId does not mutate existing external bindings', async () => {
     const db = getDb();
     const now = Date.now();
     ensureConversation('conv-existing-binding');
     db.insert(externalConversationBindings).values({
       conversationId: 'conv-existing-binding',
       sourceChannel: 'telegram',
-      externalChatId: 'chat-123',
+      externalChatId: 'chat-existing-999',
       externalUserId: 'existing-user',
       createdAt: now,
       updatedAt: now,
@@ -1385,7 +1387,7 @@ describe('assistant-scoped guardian verification via handleChannelInbound', () =
       senderExternalUserId: 'incoming-user',
     });
 
-    const res = await handleChannelInbound(req, undefined, 'token', 'asst-non-self');
+    const res = await handleChannelInbound(req, noopProcessMessage, 'token', 'asst-non-self');
     expect(res.status).toBe(200);
 
     const binding = db
@@ -2665,8 +2667,10 @@ describe('background channel processing approval prompts', () => {
     deliverPromptSpy.mockRestore();
   });
 
-  test('non-guardian channel turns are not interactive to prevent self-approval', async () => {
-    // Set up a guardian binding for a DIFFERENT user so the sender is non-guardian
+  test('trusted-contact channel turns with resolvable guardian route are interactive', async () => {
+    // Set up a guardian binding for a DIFFERENT user so the sender is a
+    // trusted contact (not the guardian). The guardian route is resolvable
+    // because the binding exists — approval notifications can be delivered.
     createBinding({
       assistantId: 'self',
       channel: 'telegram',
@@ -2701,7 +2705,9 @@ describe('background channel processing approval prompts', () => {
     await new Promise((resolve) => setTimeout(resolve, 300));
 
     expect(processCalls.length).toBeGreaterThan(0);
-    expect(processCalls[0].options?.isInteractive).toBe(false);
+    // Trusted contacts with a resolvable guardian route should be interactive
+    // so approval prompts can be routed to the guardian for decision.
+    expect(processCalls[0].options?.isInteractive).toBe(true);
   });
 
   test('unverified channel turns never broadcast approval prompts', async () => {
@@ -2869,3 +2875,118 @@ describe('NL approval routing via destination-scoped canonical requests', () =>
     expect(unchanged!.status).toBe('pending');
   });
 });
+
+// ═══════════════════════════════════════════════════════════════════════════
+// Trusted-contact self-approval guard (pre-row)
+// ═══════════════════════════════════════════════════════════════════════════
+
+describe('trusted-contact self-approval blocked before guardian approval row exists', () => {
+  beforeEach(() => {
+    // Create a guardian binding so the requester resolves as trusted_contact
+    createBinding({
+      assistantId: 'self',
+      channel: 'telegram',
+      guardianExternalUserId: 'guardian-tc-selfapproval',
+      guardianDeliveryChatId: 'guardian-tc-selfapproval-chat',
+    });
+  });
+
+  test('trusted contact cannot self-approve via conversational engine when no guardian approval row exists', async () => {
+    const deliverSpy = spyOn(gatewayClient, 'deliverChannelReply').mockResolvedValue(undefined);
+
+    // Create the requester conversation (different user than guardian)
+    const initReq = makeInboundRequest({
+      content: 'init',
+      externalChatId: 'tc-selfapproval-chat',
+      senderExternalUserId: 'tc-selfapproval-user',
+    });
+    await handleChannelInbound(initReq, noopProcessMessage, 'token');
+
+    const db = getDb();
+    const events = db.$client.prepare('SELECT conversation_id FROM channel_inbound_events').all() as Array<{ conversation_id: string }>;
+    const conversationId = events[0]?.conversation_id;
+    ensureConversation(conversationId!);
+
+    // Register a pending interaction — but do NOT create a guardian approval
+    // row in channelGuardianApprovalRequests. This simulates the window
+    // between the pending confirmation being created (isInteractive=true)
+    // and the guardian approval prompt being delivered.
+    const sessionMock = registerPendingInteraction('req-tc-selfapproval-1', conversationId!, 'shell');
+
+    deliverSpy.mockClear();
+
+    // The conversational engine would normally classify "yes" as approve_once,
+    // but the guard should intercept before the engine runs.
+    const mockConversationGenerator = mock(async (_ctx: unknown) => ({
+      disposition: 'approve_once' as const,
+      replyText: 'Approved!',
+    }));
+
+    // Trusted contact sends "yes" to try to self-approve
+    const req = makeInboundRequest({
+      content: 'yes',
+      externalChatId: 'tc-selfapproval-chat',
+      senderExternalUserId: 'tc-selfapproval-user',
+    });
+    const res = await handleChannelInbound(
+      req, noopProcessMessage, 'token', 'self', undefined,
+      undefined, mockConversationGenerator,
+    );
+    const body = await res.json() as Record<string, unknown>;
+
+    expect(body.accepted).toBe(true);
+    // Should be blocked with assistant_turn (pending guardian notice),
+    // NOT decision_applied
+    expect(body.approval).toBe('assistant_turn');
+    // The session should NOT have been resolved
+    expect(sessionMock).not.toHaveBeenCalled();
+
+    // The pending interaction should still be registered (not consumed)
+    const stillPending = pendingInteractions.get('req-tc-selfapproval-1');
+    expect(stillPending).toBeDefined();
+
+    deliverSpy.mockRestore();
+  });
+
+  test('trusted contact cannot self-approve via legacy parser when no guardian approval row exists', async () => {
+    const deliverSpy = spyOn(gatewayClient, 'deliverChannelReply').mockResolvedValue(undefined);
+
+    const initReq = makeInboundRequest({
+      content: 'init',
+      externalChatId: 'tc-selfapproval-chat',
+      senderExternalUserId: 'tc-selfapproval-user',
+    });
+    await handleChannelInbound(initReq, noopProcessMessage, 'token');
+
+    const db = getDb();
+    const events = db.$client.prepare('SELECT conversation_id FROM channel_inbound_events').all() as Array<{ conversation_id: string }>;
+    const conversationId = events[0]?.conversation_id;
+    ensureConversation(conversationId!);
+
+    // Register pending interaction without guardian approval row
+    const sessionMock = registerPendingInteraction('req-tc-selfapproval-2', conversationId!, 'shell');
+
+    deliverSpy.mockClear();
+
+    // No conversational engine — falls through to legacy parser path.
+    // "approve" would normally be parsed as an approval decision.
+    const req = makeInboundRequest({
+      content: 'approve',
+      externalChatId: 'tc-selfapproval-chat',
+      senderExternalUserId: 'tc-selfapproval-user',
+    });
+    const res = await handleChannelInbound(req, noopProcessMessage, 'token');
+    const body = await res.json() as Record<string, unknown>;
+
+    expect(body.accepted).toBe(true);
+    // Should be blocked, not decision_applied
+    expect(body.approval).toBe('assistant_turn');
+    expect(sessionMock).not.toHaveBeenCalled();
+
+    // Pending interaction should still exist
+    const stillPending = pendingInteractions.get('req-tc-selfapproval-2');
+    expect(stillPending).toBeDefined();
+
+    deliverSpy.mockRestore();
+  });
+});