@vellumai/assistant 0.4.3 → 0.4.4

package/src/__tests__/confirmation-request-guardian-bridge.test.ts

@@ -0,0 +1,410 @@
+/**
+ * Tests for the confirmation-request -> guardian.question notification bridge.
+ *
+ * Verifies that:
+ * 1. Trusted-contact confirmation_requests emit guardian.question notifications
+ * 2. Canonical delivery rows are persisted for guardian destinations
+ * 3. Guardian and unknown actor sessions are correctly skipped
+ * 4. Missing guardian binding causes a skip
+ */
+
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+import { afterAll, beforeEach, describe, expect, mock, test } from 'bun:test';
+
+const testDir = mkdtempSync(join(tmpdir(), 'confirmation-bridge-test-'));
+
+mock.module('../util/platform.js', () => ({
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+  migrateToDataLayout: () => {},
+  migrateToWorkspaceLayout: () => {},
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+  isDebug: () => false,
+  truncateForLog: (value: string) => value,
+}));
+
+// Mock notification emission — capture calls without running the full pipeline
+const emittedSignals: Array<Record<string, unknown>> = [];
+const mockOnThreadCreatedCallbacks: Array<(info: { conversationId: string; title: string; sourceEventName: string }) => void> = [];
+mock.module('../notifications/emit-signal.js', () => ({
+  emitNotificationSignal: async (params: Record<string, unknown>) => {
+    emittedSignals.push(params);
+    // Capture onThreadCreated callback so tests can invoke it
+    if (typeof params.onThreadCreated === 'function') {
+      mockOnThreadCreatedCallbacks.push(params.onThreadCreated as (info: { conversationId: string; title: string; sourceEventName: string }) => void);
+    }
+    return {
+      signalId: 'test-signal',
+      deduplicated: false,
+      dispatched: true,
+      reason: 'ok',
+      deliveryResults: [
+        { channel: 'telegram', destination: 'guardian-chat-1', success: true },
+      ],
+    };
+  },
+  registerBroadcastFn: () => {},
+}));
+
+// Mock channel guardian service — provide a guardian binding for 'self' + 'telegram'
+mock.module('../runtime/channel-guardian-service.js', () => ({
+  getGuardianBinding: (assistantId: string, channel: string) => {
+    if (assistantId === 'self' && channel === 'telegram') {
+      return {
+        id: 'binding-1',
+        assistantId: 'self',
+        channel: 'telegram',
+        guardianExternalUserId: 'guardian-1',
+        guardianDeliveryChatId: 'guardian-chat-1',
+        status: 'active',
+      };
+    }
+    return null;
+  },
+}));
+
+import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.js';
+import {
+  createCanonicalGuardianRequest,
+  generateCanonicalRequestCode,
+  listCanonicalGuardianDeliveries,
+} from '../memory/canonical-guardian-store.js';
+import { getDb, initializeDb, resetDb } from '../memory/db.js';
+import { bridgeConfirmationRequestToGuardian } from '../runtime/confirmation-request-guardian-bridge.js';
+
+initializeDb();
+
+function resetTables(): void {
+  const db = getDb();
+  db.run('DELETE FROM canonical_guardian_deliveries');
+  db.run('DELETE FROM canonical_guardian_requests');
+}
+
+afterAll(() => {
+  resetDb();
+  try {
+    rmSync(testDir, { recursive: true });
+  } catch {
+    /* best effort */
+  }
+});
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function makeCanonicalRequest(overrides: Record<string, unknown> = {}) {
+  return createCanonicalGuardianRequest({
+    id: `req-${Date.now()}-${Math.random().toString(36).slice(2, 6)}`,
+    kind: 'tool_approval',
+    sourceType: 'channel',
+    sourceChannel: 'telegram',
+    conversationId: 'conv-1',
+    requesterExternalUserId: 'requester-1',
+    guardianExternalUserId: 'guardian-1',
+    toolName: 'bash',
+    status: 'pending',
+    requestCode: generateCanonicalRequestCode(),
+    expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    ...overrides,
+  });
+}
+
+function makeTrustedContactContext(overrides: Partial<GuardianRuntimeContext> = {}): GuardianRuntimeContext {
+  return {
+    sourceChannel: 'telegram',
+    trustClass: 'trusted_contact',
+    guardianExternalUserId: 'guardian-1',
+    guardianChatId: 'guardian-chat-1',
+    requesterExternalUserId: 'requester-1',
+    requesterChatId: 'requester-chat-1',
+    requesterIdentifier: '@requester',
+    ...overrides,
+  };
+}
+
+// ===========================================================================
+// TESTS
+// ===========================================================================
+
+describe('bridgeConfirmationRequestToGuardian', () => {
+  beforeEach(() => {
+    resetTables();
+    emittedSignals.length = 0;
+    mockOnThreadCreatedCallbacks.length = 0;
+  });
+
+  test('emits guardian.question for trusted-contact sessions', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext = makeTrustedContactContext();
+
+    const result = bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect('bridged' in result && result.bridged).toBe(true);
+    expect(emittedSignals).toHaveLength(1);
+    expect(emittedSignals[0].sourceEventName).toBe('guardian.question');
+    expect(emittedSignals[0].sourceChannel).toBe('telegram');
+    expect(emittedSignals[0].sourceSessionId).toBe('conv-1');
+
+    const payload = emittedSignals[0].contextPayload as Record<string, unknown>;
+    expect(payload.requestId).toBe(canonicalRequest.id);
+    expect(payload.requestCode).toBe(canonicalRequest.requestCode);
+    expect(payload.toolName).toBe('bash');
+    expect(payload.requesterExternalUserId).toBe('requester-1');
+    expect(payload.requesterIdentifier).toBe('@requester');
+  });
+
+  test('skips guardian actor sessions (self-approve)', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext: GuardianRuntimeContext = {
+      sourceChannel: 'telegram',
+      trustClass: 'guardian',
+      guardianExternalUserId: 'guardian-1',
+    };
+
+    const result = bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect('skipped' in result && result.skipped).toBe(true);
+    if ('skipped' in result) {
+      expect(result.reason).toBe('not_trusted_contact');
+    }
+    expect(emittedSignals).toHaveLength(0);
+  });
+
+  test('skips unknown actor sessions', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext: GuardianRuntimeContext = {
+      sourceChannel: 'telegram',
+      trustClass: 'unknown',
+    };
+
+    const result = bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect('skipped' in result && result.skipped).toBe(true);
+    if ('skipped' in result) {
+      expect(result.reason).toBe('not_trusted_contact');
+    }
+    expect(emittedSignals).toHaveLength(0);
+  });
+
+  test('skips when guardian identity is missing', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext = makeTrustedContactContext({
+      guardianExternalUserId: undefined,
+    });
+
+    const result = bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect('skipped' in result && result.skipped).toBe(true);
+    if ('skipped' in result) {
+      expect(result.reason).toBe('missing_guardian_identity');
+    }
+    expect(emittedSignals).toHaveLength(0);
+  });
+
+  test('skips when no guardian binding exists for channel', () => {
+    const canonicalRequest = makeCanonicalRequest({ sourceChannel: 'sms' });
+    const guardianContext = makeTrustedContactContext({
+      sourceChannel: 'sms',
+    });
+
+    const result = bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect('skipped' in result && result.skipped).toBe(true);
+    if ('skipped' in result) {
+      expect(result.reason).toBe('no_guardian_binding');
+    }
+    expect(emittedSignals).toHaveLength(0);
+  });
+
+  test('sets correct attention hints for urgency', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext = makeTrustedContactContext();
+
+    bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    const hints = emittedSignals[0].attentionHints as Record<string, unknown>;
+    expect(hints.requiresAction).toBe(true);
+    expect(hints.urgency).toBe('high');
+    expect(hints.isAsyncBackground).toBe(false);
+    expect(hints.visibleInSourceNow).toBe(false);
+  });
+
+  test('uses dedupe key scoped to canonical request ID', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext = makeTrustedContactContext();
+
+    bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect(emittedSignals[0].dedupeKey).toBe(`tc-confirmation-request:${canonicalRequest.id}`);
+  });
+
+  test('creates vellum delivery row via onThreadCreated callback', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext = makeTrustedContactContext();
+
+    bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect(mockOnThreadCreatedCallbacks).toHaveLength(1);
+
+    // Simulate the broadcaster invoking onThreadCreated
+    mockOnThreadCreatedCallbacks[0]({
+      conversationId: 'guardian-thread-1',
+      title: 'Guardian question',
+      sourceEventName: 'guardian.question',
+    });
+
+    const deliveries = listCanonicalGuardianDeliveries(canonicalRequest.id);
+    expect(deliveries).toHaveLength(1);
+    expect(deliveries[0].destinationChannel).toBe('vellum');
+    expect(deliveries[0].destinationConversationId).toBe('guardian-thread-1');
+  });
+
+  test('uses custom assistantId when provided', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext = makeTrustedContactContext();
+
+    bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+      assistantId: 'custom-assistant',
+    });
+
+    // The mock only returns a binding for 'self', so 'custom-assistant'
+    // should fail with no_guardian_binding.
+    // Actually let's verify the signal uses the right assistantId.
+    // Since mock only has binding for 'self', this will skip.
+    expect(emittedSignals).toHaveLength(0);
+  });
+
+  test('passes assistantId to notification signal', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext = makeTrustedContactContext();
+
+    // Use default assistantId 'self' which has a binding
+    bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect(emittedSignals[0].assistantId).toBe('self');
+  });
+
+  test('includes requesterChatId as null when not provided', () => {
+    const canonicalRequest = makeCanonicalRequest();
+    const guardianContext = makeTrustedContactContext({
+      requesterChatId: undefined,
+    });
+
+    bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    const payload = emittedSignals[0].contextPayload as Record<string, unknown>;
+    expect(payload.requesterChatId).toBeNull();
+  });
+
+  test('skips when binding guardian identity does not match canonical request guardian', () => {
+    // Create a canonical request where guardianExternalUserId differs from the
+    // binding's guardianExternalUserId ('guardian-1' in the mock).
+    const canonicalRequest = makeCanonicalRequest({
+      guardianExternalUserId: 'old-guardian-who-was-rebound',
+    });
+    const guardianContext = makeTrustedContactContext();
+
+    const result = bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect('skipped' in result && result.skipped).toBe(true);
+    if ('skipped' in result) {
+      expect(result.reason).toBe('binding_identity_mismatch');
+    }
+    expect(emittedSignals).toHaveLength(0);
+  });
+
+  test('does not skip when canonical request guardian identity is null', () => {
+    // When guardianExternalUserId is null on the canonical request (e.g. desktop
+    // flow), the identity check should be skipped and the bridge should proceed.
+    const canonicalRequest = makeCanonicalRequest({
+      guardianExternalUserId: null,
+    });
+    const guardianContext = makeTrustedContactContext();
+
+    const result = bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      guardianContext,
+      conversationId: 'conv-1',
+      toolName: 'bash',
+    });
+
+    expect('bridged' in result && result.bridged).toBe(true);
+    expect(emittedSignals).toHaveLength(1);
+  });
+});

package/src/__tests__/conversation-routes-guardian-reply.test.ts

@@ -0,0 +1,256 @@
+import { beforeEach, describe, expect, mock, test } from 'bun:test';
+
+const routeGuardianReplyMock = mock(async () => ({
+  consumed: false,
+  decisionApplied: false,
+  type: 'not_consumed' as const,
+})) as any;
+const listPendingByDestinationMock = mock((_conversationId: string, _sourceChannel?: string) => [] as Array<{ id: string; kind?: string }>);
+const listCanonicalMock = mock((_filters?: Record<string, unknown>) => [] as Array<{ id: string }>);
+const addMessageMock = mock(async (_conversationId: string, role: string, _content?: string, _metadata?: Record<string, unknown>) => ({
+  id: role === 'user' ? 'persisted-user-id' : 'persisted-assistant-id',
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () => new Proxy({} as Record<string, unknown>, {
+    get: () => () => {},
+  }),
+}));
+
+mock.module('../memory/conversation-key-store.js', () => ({
+  getOrCreateConversation: () => ({ conversationId: 'conv-canonical-reply' }),
+  getConversationByKey: () => null,
+}));
+
+mock.module('../memory/attachments-store.js', () => ({
+  getAttachmentsByIds: () => [],
+}));
+
+mock.module('../runtime/guardian-reply-router.js', () => ({
+  routeGuardianReply: routeGuardianReplyMock,
+}));
+
+mock.module('../memory/canonical-guardian-store.js', () => ({
+  createCanonicalGuardianRequest: () => ({ id: 'canonical-id', requestCode: 'ABC123' }),
+  generateCanonicalRequestCode: () => 'ABC123',
+  listPendingCanonicalGuardianRequestsByDestinationConversation: (
+    conversationId: string,
+    sourceChannel?: string,
+  ) => listPendingByDestinationMock(conversationId, sourceChannel),
+  listCanonicalGuardianRequests: (filters?: Record<string, unknown>) =>
+    listCanonicalMock(filters),
+}));
+
+mock.module('../runtime/confirmation-request-guardian-bridge.js', () => ({
+  bridgeConfirmationRequestToGuardian: async () => undefined,
+}));
+
+mock.module('../memory/conversation-store.js', () => ({
+  addMessage: (
+    conversationId: string,
+    role: string,
+    content: string,
+    metadata?: Record<string, unknown>,
+  ) => addMessageMock(conversationId, role, content, metadata),
+}));
+
+mock.module('../runtime/local-actor-identity.js', () => ({
+  resolveLocalIpcGuardianContext: () => ({ trustClass: 'guardian', sourceChannel: 'vellum' }),
+}));
+
+import { handleSendMessage } from '../runtime/routes/conversation-routes.js';
+
+const testServer = {
+  requestIP: () => ({ address: '127.0.0.1' }),
+} as unknown as import('../runtime/middleware/actor-token.js').ServerWithRequestIP;
+
+describe('handleSendMessage canonical guardian reply interception', () => {
+  beforeEach(() => {
+    routeGuardianReplyMock.mockClear();
+    listPendingByDestinationMock.mockClear();
+    listCanonicalMock.mockClear();
+    addMessageMock.mockClear();
+  });
+
+  test('consumes access-request code replies on desktop HTTP path without pending confirmations', async () => {
+    listPendingByDestinationMock.mockReturnValue([{ id: 'access-req-1' }]);
+    listCanonicalMock.mockReturnValue([]);
+    routeGuardianReplyMock.mockResolvedValue({
+      consumed: true,
+      decisionApplied: true,
+      type: 'canonical_decision_applied',
+      requestId: 'access-req-1',
+      replyText: 'Access approved. Verification code: 123456.',
+    });
+
+    const persistUserMessage = mock(async () => 'should-not-be-called');
+    const runAgentLoop = mock(async () => undefined);
+    const session = {
+      setGuardianContext: () => {},
+      setStateSignalListener: () => {},
+      emitConfirmationStateChanged: () => {},
+      emitActivityState: () => {},
+      setTurnChannelContext: () => {},
+      setTurnInterfaceContext: () => {},
+      isProcessing: () => false,
+      hasAnyPendingConfirmation: () => false,
+      denyAllPendingConfirmations: () => {},
+      enqueueMessage: () => ({ queued: true, requestId: 'queued-id' }),
+      persistUserMessage,
+      runAgentLoop,
+      getMessages: () => [] as unknown[],
+      assistantId: 'self',
+      guardianContext: undefined,
+      hasPendingConfirmation: () => false,
+    } as unknown as import('../daemon/session.js').Session;
+
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        conversationKey: 'guardian-thread-key',
+        content: '05BECB approve',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+
+    const res = await handleSendMessage(req, {
+      sendMessageDeps: {
+        getOrCreateSession: async () => session,
+        assistantEventHub: { publish: async () => {} } as any,
+        resolveAttachments: () => [],
+      },
+    }, testServer);
+
+    expect(res.status).toBe(202);
+    const body = await res.json() as { accepted: boolean; messageId?: string };
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBe('persisted-user-id');
+
+    expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
+    const routerCall = (routeGuardianReplyMock as any).mock.calls[0][0] as Record<string, unknown>;
+    expect(routerCall.messageText).toBe('05BECB approve');
+    expect(routerCall.pendingRequestIds).toEqual(['access-req-1']);
+    expect(addMessageMock).toHaveBeenCalledTimes(2);
+    expect(persistUserMessage).toHaveBeenCalledTimes(0);
+    expect(runAgentLoop).toHaveBeenCalledTimes(0);
+  });
+
+  test('passes undefined pendingRequestIds when no canonical hints are found', async () => {
+    listPendingByDestinationMock.mockReturnValue([]);
+    listCanonicalMock.mockReturnValue([]);
+    routeGuardianReplyMock.mockResolvedValue({
+      consumed: false,
+      decisionApplied: false,
+      type: 'not_consumed',
+    });
+
+    const persistUserMessage = mock(async () => 'persisted-user-id');
+    const runAgentLoop = mock(async () => undefined);
+    const session = {
+      setGuardianContext: () => {},
+      setStateSignalListener: () => {},
+      emitConfirmationStateChanged: () => {},
+      emitActivityState: () => {},
+      setTurnChannelContext: () => {},
+      setTurnInterfaceContext: () => {},
+      isProcessing: () => false,
+      hasAnyPendingConfirmation: () => false,
+      denyAllPendingConfirmations: () => {},
+      enqueueMessage: () => ({ queued: true, requestId: 'queued-id' }),
+      persistUserMessage,
+      runAgentLoop,
+      getMessages: () => [] as unknown[],
+      assistantId: 'self',
+      guardianContext: undefined,
+      hasPendingConfirmation: () => false,
+    } as unknown as import('../daemon/session.js').Session;
+
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        conversationKey: 'guardian-thread-key',
+        content: 'hello there',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+
+    const res = await handleSendMessage(req, {
+      sendMessageDeps: {
+        getOrCreateSession: async () => session,
+        assistantEventHub: { publish: async () => {} } as any,
+        resolveAttachments: () => [],
+      },
+    }, testServer);
+
+    expect(res.status).toBe(202);
+    expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
+    const routerCall = (routeGuardianReplyMock as any).mock.calls[0][0] as Record<string, unknown>;
+    expect(routerCall.pendingRequestIds).toBeUndefined();
+    expect(persistUserMessage).toHaveBeenCalledTimes(1);
+    expect(runAgentLoop).toHaveBeenCalledTimes(1);
+  });
+
+  test('excludes stale tool_approval hints without a live pending confirmation', async () => {
+    listPendingByDestinationMock.mockReturnValue([
+      { id: 'tool-approval-live', kind: 'tool_approval' },
+      { id: 'tool-approval-stale', kind: 'tool_approval' },
+      { id: 'access-req-1', kind: 'access_request' },
+    ]);
+    listCanonicalMock.mockReturnValue([]);
+    routeGuardianReplyMock.mockResolvedValue({
+      consumed: false,
+      decisionApplied: false,
+      type: 'not_consumed',
+    });
+
+    const persistUserMessage = mock(async () => 'persisted-user-id');
+    const runAgentLoop = mock(async () => undefined);
+    const session = {
+      setGuardianContext: () => {},
+      setStateSignalListener: () => {},
+      emitConfirmationStateChanged: () => {},
+      emitActivityState: () => {},
+      setTurnChannelContext: () => {},
+      setTurnInterfaceContext: () => {},
+      isProcessing: () => false,
+      hasAnyPendingConfirmation: () => true,
+      denyAllPendingConfirmations: () => {},
+      enqueueMessage: () => ({ queued: true, requestId: 'queued-id' }),
+      persistUserMessage,
+      runAgentLoop,
+      getMessages: () => [] as unknown[],
+      assistantId: 'self',
+      guardianContext: undefined,
+      hasPendingConfirmation: (requestId: string) => requestId === 'tool-approval-live',
+    } as unknown as import('../daemon/session.js').Session;
+
+    const req = new Request('http://localhost/v1/messages', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        conversationKey: 'guardian-thread-key',
+        content: 'approve',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+
+    const res = await handleSendMessage(req, {
+      sendMessageDeps: {
+        getOrCreateSession: async () => session,
+        assistantEventHub: { publish: async () => {} } as any,
+        resolveAttachments: () => [],
+      },
+    }, testServer);
+
+    expect(res.status).toBe(202);
+    expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
+    const routerCall = (routeGuardianReplyMock as any).mock.calls[0][0] as Record<string, unknown>;
+    expect(routerCall.pendingRequestIds).toEqual(['tool-approval-live', 'access-req-1']);
+    expect((routerCall.pendingRequestIds as string[]).includes('tool-approval-stale')).toBe(false);
+  });
+});

package/src/__tests__/conversation-routes.test.ts

@@ -17,8 +17,17 @@ mock.module('../memory/attachments-store.js', () => ({
   getAttachmentsByIds: () => [],
 }));
 
+mock.module('../runtime/local-actor-identity.js', () => ({
+  resolveLocalIpcGuardianContext: (sourceChannel: string) => ({ trustClass: 'guardian', sourceChannel }),
+}));
+
+import type { ServerWithRequestIP } from '../runtime/middleware/actor-token.js';
 import { handleSendMessage } from '../runtime/routes/conversation-routes.js';
 
+const mockLoopbackServer: ServerWithRequestIP = {
+  requestIP: () => ({ address: '127.0.0.1', family: 'IPv4', port: 0 }),
+};
+
 describe('handleSendMessage', () => {
   test('legacy fallback passes guardian context to processor', async () => {
     let capturedOptions: RuntimeMessageSessionOptions | undefined;
@@ -41,16 +50,16 @@ describe('handleSendMessage', () => {
         capturedSourceChannel = sourceChannel;
         return { messageId: 'msg-legacy-fallback' };
       },
-    });
+    }, mockLoopbackServer);
 
     const body = await res.json() as { accepted: boolean; messageId: string };
     expect(res.status).toBe(202);
     expect(body.accepted).toBe(true);
     expect(body.messageId).toBe('msg-legacy-fallback');
     expect(capturedSourceChannel).toBe('telegram');
-    expect(capturedOptions?.guardianContext).toEqual({
+    expect(capturedOptions?.guardianContext).toEqual(expect.objectContaining({
       trustClass: 'guardian',
       sourceChannel: 'telegram',
-    });
+    }));
   });
 });