@vellumai/assistant 0.4.3 → 0.4.5

package/src/__tests__/agent-loop.test.ts

@@ -461,6 +461,57 @@ describe('AgentLoop', () => {
     expect(warningBlock).toBeDefined();
   });
 
+  test('runs without limit when maxToolUseTurns is 0', async () => {
+    // Use 20 turns (beyond old default of 8 used in other tests) to verify no cap
+    const turnCount = 20;
+    const responses: ProviderResponse[] = [];
+    for (let i = 0; i < turnCount; i++) {
+      responses.push(toolUseResponse(`t${i}`, 'read_file', { path: `/${i}.txt` }));
+    }
+    responses.push(textResponse('done'));
+    const { provider, calls } = createMockProvider(responses);
+    const toolExecutor = async () => ({ content: 'data', isError: false });
+    const loop = new AgentLoop(
+      provider,
+      'system',
+      { maxToolUseTurns: 0, minTurnIntervalMs: 0 },
+      dummyTools,
+      toolExecutor,
+    );
+
+    const events: AgentEvent[] = [];
+    await loop.run([userMessage], collectEvents(events));
+
+    // All 20 tool turns + 1 final text response = 21 provider calls
+    expect(calls).toHaveLength(turnCount + 1);
+
+    // No hard-limit error events should have been emitted
+    const errorEvents = events.filter(
+      (e): e is Extract<AgentEvent, { type: 'error' }> => e.type === 'error',
+    );
+    expect(errorEvents).toHaveLength(0);
+
+    // Progress check reminders should still fire every 5 turns
+    const progressChecks = calls.filter((call) => {
+      const lastMsg = call.messages[call.messages.length - 1];
+      return lastMsg.content.some(
+        (b): b is Extract<ContentBlock, { type: 'text' }> =>
+          b.type === 'text' && b.text.includes('making meaningful progress'),
+      );
+    });
+    expect(progressChecks.length).toBeGreaterThanOrEqual(3);
+
+    // No approaching-limit warnings should appear
+    const limitWarnings = calls.filter((call) => {
+      const lastMsg = call.messages[call.messages.length - 1];
+      return lastMsg.content.some(
+        (b): b is Extract<ContentBlock, { type: 'text' }> =>
+          b.type === 'text' && b.text.includes('approaching the tool-use turn limit'),
+      );
+    });
+    expect(limitWarnings).toHaveLength(0);
+  });
+
   // 9. Tool executor error results are forwarded correctly
   test('forwards tool error results to provider', async () => {
     const { provider, calls } = createMockProvider([

package/src/__tests__/approval-routes-http.test.ts

@@ -83,6 +83,7 @@ function makeIdleSession(opts?: {
     setCommandIntent: () => {},
     setTurnChannelContext: () => {},
     setTurnInterfaceContext: () => {},
+    setStateSignalListener: () => {},
     updateClient: () => {},
     enqueueMessage: () => ({ queued: false, requestId: 'noop' }),
     hasAnyPendingConfirmation: () => false,
@@ -125,6 +126,7 @@ function makeConfirmationEmittingSession(opts?: {
     setCommandIntent: () => {},
     setTurnChannelContext: () => {},
     setTurnInterfaceContext: () => {},
+    setStateSignalListener: () => {},
     updateClient: () => {},
     enqueueMessage: () => ({ queued: false, requestId: 'noop' }),
     hasAnyPendingConfirmation: () => false,

package/src/__tests__/assistant-events-sse-hardening.test.ts

@@ -150,7 +150,7 @@ describe('SSE route — capacity limit', () => {
 
   test('new connection evicts oldest and returns 200', async () => {
     const hub = new AssistantEventHub({ maxSubscribers: 1 });
-    const opts = { hub, heartbeatIntervalMs: 60_000 };
+    const opts = { hub, heartbeatIntervalMs: 60_000, skipActorVerification: true as const };
 
     const ac1 = new AbortController();
     const req1 = new Request('http://localhost/v1/events?conversationKey=evict-a', { signal: ac1.signal });
@@ -181,7 +181,7 @@ describe('SSE route — capacity limit', () => {
       { signal: new AbortController().signal },
     );
 
-    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub });
+    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub, skipActorVerification: true });
     expect(response.status).toBe(503);
     const body = await response.json() as { error: { message: string; code?: string } };
     expect(body.error.message).toMatch(/Too many concurrent connections/);
@@ -195,7 +195,7 @@ describe('SSE route — capacity limit', () => {
       { signal: ac.signal },
     );
 
-    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub });
+    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub, skipActorVerification: true });
 
     expect(response.status).toBe(200);
     ac.abort(); // clean up the subscription
@@ -218,6 +218,7 @@ describe('SSE route — heartbeat', () => {
     const response = handleSubscribeAssistantEvents(req, new URL(req.url), {
       hub,
       heartbeatIntervalMs: 10,
+      skipActorVerification: true,
     });
 
     // Wait for at least one heartbeat interval to fire.
@@ -243,6 +244,7 @@ describe('SSE route — heartbeat', () => {
     const response = handleSubscribeAssistantEvents(req, new URL(req.url), {
       hub,
       heartbeatIntervalMs: 10,
+      skipActorVerification: true,
     });
 
     // Wait for several intervals.
@@ -283,7 +285,7 @@ describe('SSE route — disconnect cleanup', () => {
       { signal: ac.signal },
     );
 
-    handleSubscribeAssistantEvents(req, new URL(req.url), { hub });
+    handleSubscribeAssistantEvents(req, new URL(req.url), { hub, skipActorVerification: true });
 
     expect(hub.subscriberCount()).toBe(1);
 
@@ -303,7 +305,7 @@ describe('SSE route — disconnect cleanup', () => {
       { signal: ac.signal },
     );
 
-    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub });
+    const response = handleSubscribeAssistantEvents(req, new URL(req.url), { hub, skipActorVerification: true });
 
     expect(hub.subscriberCount()).toBe(1);
 

package/src/__tests__/assistant-id-boundary-guard.test.ts

@@ -287,4 +287,129 @@ describe('assistant ID boundary', () => {
   // all daemon storage keyed by DAEMON_INTERNAL_ASSISTANT_ID uses the fixed
   // internal value rather than externally-provided IDs).
   // -------------------------------------------------------------------------
+
+  // -------------------------------------------------------------------------
+  // Rule (e): No assistantId on daemon control-plane request/param types
+  //
+  // Daemon IPC contracts and guardian outbound param interfaces must not
+  // accept an assistantId field -- the daemon always uses
+  // DAEMON_INTERNAL_ASSISTANT_ID internally. Accepting assistantId on these
+  // surfaces invites callers to pass external IDs into daemon scoping.
+  // -------------------------------------------------------------------------
+
+  test('IPC contract types do not contain assistantId for guardian requests', () => {
+    const ipcContractPath = join(import.meta.dir, '..', 'daemon', 'ipc-contract', 'integrations.ts');
+    const content = readFileSync(ipcContractPath, 'utf-8');
+
+    // Extract the interface blocks for the request types and verify
+    // none of them declare an assistantId property.
+    const requestTypeNames = [
+      'GuardianVerificationRequest',
+    ];
+
+    for (const typeName of requestTypeNames) {
+      // Find the interface/type block — match from the type name to the next
+      // closing brace at the same indentation level. We use a simple heuristic:
+      // find the line declaring the type, then scan forward to the closing '}'.
+      const typeIndex = content.indexOf(typeName);
+      expect(typeIndex, `Expected to find ${typeName} in IPC contract`).toBeGreaterThan(-1);
+
+      // Extract from the type declaration to the next '}' line
+      const blockStart = content.indexOf('{', typeIndex);
+      if (blockStart === -1) continue;
+      let braceDepth = 0;
+      let blockEnd = blockStart;
+      for (let i = blockStart; i < content.length; i++) {
+        if (content[i] === '{') braceDepth++;
+        if (content[i] === '}') braceDepth--;
+        if (braceDepth === 0) {
+          blockEnd = i + 1;
+          break;
+        }
+      }
+      const block = content.slice(blockStart, blockEnd);
+
+      // The block should not contain an assistantId property declaration
+      // (matches "assistantId?" or "assistantId:" on a non-comment line)
+      const lines = block.split('\n');
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*')) continue;
+        expect(
+          /\bassistantId\s*[?:]/.test(trimmed),
+          `${typeName} must not declare an assistantId property. Found: "${trimmed}"`,
+        ).toBe(false);
+      }
+    }
+  });
+
+  test('guardian outbound param interfaces do not contain assistantId', () => {
+    const actionsPath = join(import.meta.dir, '..', 'runtime', 'guardian-outbound-actions.ts');
+    const content = readFileSync(actionsPath, 'utf-8');
+
+    const interfaceNames = [
+      'StartOutboundParams',
+      'ResendOutboundParams',
+      'CancelOutboundParams',
+    ];
+
+    for (const name of interfaceNames) {
+      const idx = content.indexOf(name);
+      expect(idx, `Expected to find ${name} in guardian-outbound-actions.ts`).toBeGreaterThan(-1);
+
+      const blockStart = content.indexOf('{', idx);
+      if (blockStart === -1) continue;
+      let braceDepth = 0;
+      let blockEnd = blockStart;
+      for (let i = blockStart; i < content.length; i++) {
+        if (content[i] === '{') braceDepth++;
+        if (content[i] === '}') braceDepth--;
+        if (braceDepth === 0) {
+          blockEnd = i + 1;
+          break;
+        }
+      }
+      const block = content.slice(blockStart, blockEnd);
+
+      const lines = block.split('\n');
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*')) continue;
+        expect(
+          /\bassistantId\s*[?:]/.test(trimmed),
+          `${name} must not declare an assistantId property. Found: "${trimmed}"`,
+        ).toBe(false);
+      }
+    }
+  });
+
+  test('channel readiness service does not accept assistantId parameter', () => {
+    const servicePath = join(import.meta.dir, '..', 'runtime', 'channel-readiness-service.ts');
+    const content = readFileSync(servicePath, 'utf-8');
+
+    // getReadiness and invalidateChannel signatures must not include assistantId
+    const signaturePatterns = [
+      /getReadiness\([^)]*assistantId/,
+      /invalidateChannel\([^)]*assistantId/,
+    ];
+    for (const pattern of signaturePatterns) {
+      expect(
+        pattern.test(content),
+        `Channel readiness service must not accept assistantId parameter (matched: ${pattern})`,
+      ).toBe(false);
+    }
+
+    // ChannelProbeContext must not have assistantId.
+    // The interface is declared in channel-readiness-types.ts, not the service file.
+    const typesPath = join(import.meta.dir, '..', 'runtime', 'channel-readiness-types.ts');
+    const typesContent = readFileSync(typesPath, 'utf-8');
+    const probeContextMatch = typesContent.match(/interface\s+ChannelProbeContext\s*\{([^}]*)\}/);
+    expect(probeContextMatch, 'Expected to find ChannelProbeContext interface in channel-readiness-types.ts').not.toBeNull();
+    if (probeContextMatch) {
+      expect(
+        probeContextMatch[1],
+        'ChannelProbeContext must not contain assistantId',
+      ).not.toContain('assistantId');
+    }
+  });
 });

package/src/__tests__/call-controller.test.ts

@@ -56,10 +56,12 @@ mock.module('../config/loader.js', () => ({
 // ── Call constants mock ──────────────────────────────────────────────
 
 let mockConsultationTimeoutMs = 90_000;
+let mockSilenceTimeoutMs = 30_000;
 
 mock.module('../calls/call-constants.js', () => ({
   getMaxCallDurationMs: () => 12 * 60 * 1000,
   getUserConsultationTimeoutMs: () => mockConsultationTimeoutMs,
+  getSilenceTimeoutMs: () => mockSilenceTimeoutMs,
   SILENCE_TIMEOUT_MS: 30_000,
   MAX_CALL_DURATION_MS: 3600 * 1000,
   USER_CONSULTATION_TIMEOUT_MS: 120 * 1000,
@@ -154,6 +156,7 @@ interface MockRelay extends RelayConnection {
   sentTokens: Array<{ token: string; last: boolean }>;
   endCalled: boolean;
   endReason: string | undefined;
+  mockConnectionState: string;
 }
 
 function createMockRelay(): MockRelay {
@@ -161,12 +164,15 @@ function createMockRelay(): MockRelay {
     sentTokens: [] as Array<{ token: string; last: boolean }>,
     _endCalled: false,
     _endReason: undefined as string | undefined,
+    _connectionState: 'connected',
   };
 
   return {
     get sentTokens() { return state.sentTokens; },
     get endCalled() { return state._endCalled; },
     get endReason() { return state._endReason; },
+    get mockConnectionState() { return state._connectionState; },
+    set mockConnectionState(v: string) { state._connectionState = v; },
     sendTextToken(token: string, last: boolean) {
       state.sentTokens.push({ token, last });
     },
@@ -174,6 +180,9 @@ function createMockRelay(): MockRelay {
       state._endCalled = true;
       state._endReason = reason;
     },
+    getConnectionState() {
+      return state._connectionState;
+    },
   } as unknown as MockRelay;
 }
 
@@ -236,6 +245,7 @@ describe('call-controller', () => {
     mockStartVoiceTurn.mockImplementation(createMockVoiceTurn(['Hello', ' there']));
     // Reset consultation timeout to the default (long) value
     mockConsultationTimeoutMs = 90_000;
+    mockSilenceTimeoutMs = 30_000;
   });
 
   // ── handleCallerUtterance ─────────────────────────────────────────
@@ -1697,4 +1707,43 @@ describe('call-controller', () => {
 
     controller.destroy();
   });
+
+  // ── Silence suppression during guardian wait ──────────────────────
+
+  test('silence timeout suppressed during guardian wait: does not say "Are you still there?"', async () => {
+    mockSilenceTimeoutMs = 50; // Short timeout for testing
+    const { relay, controller } = setupController();
+
+    // Simulate guardian wait state on the relay
+    relay.mockConnectionState = 'awaiting_guardian_decision';
+
+    // Wait for the silence timeout to fire
+    await new Promise((r) => setTimeout(r, 200));
+
+    // "Are you still there?" should NOT have been sent
+    const silenceTokens = relay.sentTokens.filter((t) =>
+      t.token.includes('Are you still there?'),
+    );
+    expect(silenceTokens.length).toBe(0);
+
+    controller.destroy();
+  });
+
+  test('silence timeout fires normally when not in guardian wait', async () => {
+    mockSilenceTimeoutMs = 50; // Short timeout for testing
+    const { relay, controller } = setupController();
+
+    // Default connection state is 'connected' (not guardian wait)
+
+    // Wait for the silence timeout to fire
+    await new Promise((r) => setTimeout(r, 200));
+
+    // "Are you still there?" SHOULD have been sent
+    const silenceTokens = relay.sentTokens.filter((t) =>
+      t.token.includes('Are you still there?'),
+    );
+    expect(silenceTokens.length).toBe(1);
+
+    controller.destroy();
+  });
 });

package/src/__tests__/call-pointer-message-composer.test.ts

@@ -0,0 +1,171 @@
+import { describe, expect, test } from 'bun:test';
+import { mock } from 'bun:test';
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+import {
+  buildPointerGenerationPrompt,
+  type CallPointerMessageContext,
+  composeCallPointerMessageGenerative,
+  getPointerFallbackMessage,
+  includesRequiredFacts,
+} from '../calls/call-pointer-message-composer.js';
+
+// ---------------------------------------------------------------------------
+// Deterministic fallback templates
+// ---------------------------------------------------------------------------
+
+describe('getPointerFallbackMessage', () => {
+  test('started without verification code', () => {
+    const msg = getPointerFallbackMessage({ scenario: 'started', phoneNumber: '+15551234567' });
+    expect(msg).toContain('Call to +15551234567 started');
+    expect(msg).not.toContain('Verification code');
+  });
+
+  test('started with verification code', () => {
+    const msg = getPointerFallbackMessage({
+      scenario: 'started',
+      phoneNumber: '+15551234567',
+      verificationCode: '1234',
+    });
+    expect(msg).toContain('Verification code: 1234');
+    expect(msg).toContain('+15551234567');
+  });
+
+  test('completed without duration', () => {
+    const msg = getPointerFallbackMessage({ scenario: 'completed', phoneNumber: '+15559876543' });
+    expect(msg).toContain('completed');
+    expect(msg).toContain('+15559876543');
+  });
+
+  test('completed with duration', () => {
+    const msg = getPointerFallbackMessage({
+      scenario: 'completed',
+      phoneNumber: '+15559876543',
+      duration: '5m 30s',
+    });
+    expect(msg).toContain('completed (5m 30s)');
+  });
+
+  test('failed without reason', () => {
+    const msg = getPointerFallbackMessage({ scenario: 'failed', phoneNumber: '+15559876543' });
+    expect(msg).toContain('failed');
+    expect(msg).toContain('+15559876543');
+  });
+
+  test('failed with reason', () => {
+    const msg = getPointerFallbackMessage({
+      scenario: 'failed',
+      phoneNumber: '+15559876543',
+      reason: 'no answer',
+    });
+    expect(msg).toContain('failed: no answer');
+  });
+
+  test('guardian_verification_succeeded defaults to voice channel', () => {
+    const msg = getPointerFallbackMessage({
+      scenario: 'guardian_verification_succeeded',
+      phoneNumber: '+15559876543',
+    });
+    expect(msg).toContain('Guardian verification (voice)');
+    expect(msg).toContain('succeeded');
+  });
+
+  test('guardian_verification_succeeded with custom channel', () => {
+    const msg = getPointerFallbackMessage({
+      scenario: 'guardian_verification_succeeded',
+      phoneNumber: '+15559876543',
+      channel: 'sms',
+    });
+    expect(msg).toContain('Guardian verification (sms)');
+  });
+
+  test('guardian_verification_failed without reason', () => {
+    const msg = getPointerFallbackMessage({
+      scenario: 'guardian_verification_failed',
+      phoneNumber: '+15559876543',
+    });
+    expect(msg).toContain('Guardian verification');
+    expect(msg).toContain('failed');
+  });
+
+  test('guardian_verification_failed with reason', () => {
+    const msg = getPointerFallbackMessage({
+      scenario: 'guardian_verification_failed',
+      phoneNumber: '+15559876543',
+      reason: 'Max attempts exceeded',
+    });
+    expect(msg).toContain('failed: Max attempts exceeded');
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Required facts validation
+// ---------------------------------------------------------------------------
+
+describe('includesRequiredFacts', () => {
+  test('returns true when no required facts', () => {
+    expect(includesRequiredFacts('any text', undefined)).toBe(true);
+    expect(includesRequiredFacts('any text', [])).toBe(true);
+  });
+
+  test('returns true when all facts present', () => {
+    expect(includesRequiredFacts('Call to +15551234567 completed (2m).', ['+15551234567', '2m'])).toBe(true);
+  });
+
+  test('returns false when a fact is missing', () => {
+    expect(includesRequiredFacts('Call completed.', ['+15551234567'])).toBe(false);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Prompt builder
+// ---------------------------------------------------------------------------
+
+describe('buildPointerGenerationPrompt', () => {
+  test('includes context JSON and fallback message', () => {
+    const ctx: CallPointerMessageContext = { scenario: 'started', phoneNumber: '+15551234567' };
+    const prompt = buildPointerGenerationPrompt(ctx, 'Fallback text', undefined);
+    expect(prompt).toContain(JSON.stringify(ctx));
+    expect(prompt).toContain('Fallback text');
+  });
+
+  test('includes required facts clause when provided', () => {
+    const ctx: CallPointerMessageContext = { scenario: 'completed', phoneNumber: '+15559876543', duration: '3m' };
+    const prompt = buildPointerGenerationPrompt(ctx, 'Fallback', ['+15559876543', '3m']);
+    expect(prompt).toContain('Required facts to include');
+    expect(prompt).toContain('+15559876543');
+    expect(prompt).toContain('3m');
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Generative composition (test env falls back to deterministic)
+// ---------------------------------------------------------------------------
+
+describe('composeCallPointerMessageGenerative', () => {
+  test('returns fallback in test environment regardless of generator', async () => {
+    const generator = async () => 'LLM-generated copy';
+    const ctx: CallPointerMessageContext = { scenario: 'started', phoneNumber: '+15551234567' };
+    const result = await composeCallPointerMessageGenerative(ctx, {}, generator);
+    // NODE_ENV is 'test' during bun test
+    expect(result).toContain('Call to +15551234567 started');
+  });
+
+  test('returns fallback when no generator provided', async () => {
+    const ctx: CallPointerMessageContext = { scenario: 'failed', phoneNumber: '+15559876543', reason: 'busy' };
+    const result = await composeCallPointerMessageGenerative(ctx);
+    expect(result).toContain('failed: busy');
+  });
+
+  test('uses custom fallbackText when provided', async () => {
+    const ctx: CallPointerMessageContext = { scenario: 'completed', phoneNumber: '+15559876543' };
+    const result = await composeCallPointerMessageGenerative(ctx, { fallbackText: 'Custom fallback' });
+    expect(result).toBe('Custom fallback');
+  });
+});

package/src/__tests__/call-pointer-messages.test.ts

@@ -2,7 +2,7 @@ import { mkdtempSync, rmSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 
-import { afterAll, beforeEach, describe, expect, mock,test } from 'bun:test';
+import { afterAll, afterEach, beforeEach, describe, expect, mock,test } from 'bun:test';
 
 const testDir = mkdtempSync(join(tmpdir(), 'call-pointer-messages-test-'));
 
@@ -25,14 +25,14 @@ mock.module('../util/logger.js', () => ({
     }),
 }));
 
-import { addPointerMessage, formatDuration } from '../calls/call-pointer-messages.js';
+import { addPointerMessage, formatDuration, resetPointerCopyGenerator, setPointerCopyGenerator } from '../calls/call-pointer-messages.js';
 import { getMessages } from '../memory/conversation-store.js';
 import { getDb, initializeDb, resetDb } from '../memory/db.js';
 import { conversations } from '../memory/schema.js';
 
 initializeDb();
 
-function ensureConversation(id: string): void {
+function ensureConversation(id: string, options?: { threadType?: string; originChannel?: string }): void {
   const db = getDb();
   const now = Date.now();
   db.insert(conversations).values({
@@ -40,6 +40,8 @@ function ensureConversation(id: string): void {
     title: `Conversation ${id}`,
     createdAt: now,
     updatedAt: now,
+    ...(options?.threadType ? { threadType: options.threadType } : {}),
+    ...(options?.originChannel ? { originChannel: options.originChannel } : {}),
   }).run();
 }
 
@@ -92,6 +94,10 @@ describe('addPointerMessage', () => {
     resetTables();
   });
 
+  afterEach(() => {
+    resetPointerCopyGenerator();
+  });
+
   afterAll(() => {
     resetDb();
     try { rmSync(testDir, { recursive: true }); } catch { /* best effort */ }
@@ -185,4 +191,88 @@ describe('addPointerMessage', () => {
     const text = getLatestAssistantText(convId);
     expect(text).toContain('failed: Max attempts exceeded');
   });
+
+  // Trust-aware tests: in test env, generator is not called (NODE_ENV=test
+  // short-circuits to fallback), so these validate the trust gating path
+  // while still receiving deterministic text.
+
+  test('untrusted audience uses deterministic fallback even with generator set', () => {
+    const convId = 'conv-ptr-untrusted';
+    // standard threadType + no origin channel = untrusted
+    ensureConversation(convId, { threadType: 'standard' });
+
+    const generatorCalled = { value: false };
+    setPointerCopyGenerator(async () => {
+      generatorCalled.value = true;
+      return 'generated text';
+    });
+
+    addPointerMessage(convId, 'started', '+15551234567');
+    const text = getLatestAssistantText(convId);
+    // In test env, deterministic fallback is always used regardless of trust
+    expect(text).toContain('Call to +15551234567 started');
+  });
+
+  test('explicit untrusted audience mode skips generator', () => {
+    const convId = 'conv-ptr-explicit-untrusted';
+    ensureConversation(convId, { threadType: 'private' });
+
+    const generatorCalled = { value: false };
+    setPointerCopyGenerator(async () => {
+      generatorCalled.value = true;
+      return 'generated text';
+    });
+
+    addPointerMessage(convId, 'started', '+15551234567', undefined, 'untrusted');
+    const text = getLatestAssistantText(convId);
+    expect(text).toContain('Call to +15551234567 started');
+    // generator is not called because audience is explicitly untrusted
+    expect(generatorCalled.value).toBe(false);
+  });
+
+  test('private threadType is detected as trusted audience', async () => {
+    const convId = 'conv-ptr-private';
+    ensureConversation(convId, { threadType: 'private' });
+
+    setPointerCopyGenerator(async () => 'generated text');
+
+    await addPointerMessage(convId, 'completed', '+15559876543', { duration: '1m' });
+    const text = getLatestAssistantText(convId);
+    // In test env, falls back to deterministic even on trusted path
+    expect(text).toContain('Call to +15559876543 completed (1m)');
+  });
+
+  test('vellum origin channel is detected as trusted audience', async () => {
+    const convId = 'conv-ptr-vellum';
+    ensureConversation(convId, { originChannel: 'vellum' });
+
+    setPointerCopyGenerator(async () => 'generated text');
+
+    await addPointerMessage(convId, 'failed', '+15559876543', { reason: 'busy' });
+    const text = getLatestAssistantText(convId);
+    expect(text).toContain('failed: busy');
+  });
+
+  test('missing conversation defaults to untrusted', () => {
+    const _convId = 'conv-ptr-missing';
+    // Don't create the conversation — trust resolution should default to untrusted
+
+    const generatorCalled = { value: false };
+    setPointerCopyGenerator(async () => {
+      generatorCalled.value = true;
+      return 'generated text';
+    });
+
+    // This will fail at addMessage because conversation doesn't exist,
+    // but the trust check itself should not throw. Test just the trust
+    // gating by using a conversation that exists but has no trust signals.
+    const convId2 = 'conv-ptr-no-signals';
+    ensureConversation(convId2);
+
+    addPointerMessage(convId2, 'started', '+15551234567');
+    const text = getLatestAssistantText(convId2);
+    expect(text).toContain('Call to +15551234567 started');
+    // generator not called because standard threadType + no origin = untrusted
+    expect(generatorCalled.value).toBe(false);
+  });
 });