@vellumai/assistant 0.4.30 → 0.4.32

package/src/__tests__/commit-message-enrichment-service.test.ts

@@ -42,10 +42,6 @@ describe("CommitEnrichmentService", () => {
   beforeEach(() => {
     _resetGitServiceRegistry();
     _resetEnrichmentService();
-    // Previous tests' enrichment jobs may leave a stale index.lock if
-    // the git process exits but the lock file isn't flushed before the
-    // next test runs git operations in the shared testDir.
-    rmSync(join(testDir, ".git", "index.lock"), { force: true });
   });
 
   afterEach(async () => {
@@ -55,6 +51,14 @@ describe("CommitEnrichmentService", () => {
       /* ignore */
     }
     _resetEnrichmentService();
+
+    // Remove stale index.lock left by async enrichment jobs that ran git
+    // commands concurrently. Without this, the next test's createCommit()
+    // can fail with "Unable to create index.lock: File exists".
+    const lockFile = join(testDir, ".git", "index.lock");
+    if (existsSync(lockFile)) {
+      rmSync(lockFile, { force: true });
+    }
   });
 
   afterAll(async () => {
@@ -82,6 +86,13 @@ describe("CommitEnrichmentService", () => {
   }
 
   async function createCommit(): Promise<string> {
+    // Remove stale index.lock left by async enrichment jobs that ran git
+    // commands concurrently in a previous test. Without this, git add -A
+    // can fail with "Unable to create index.lock: File exists".
+    const lockFile = join(testDir, ".git", "index.lock");
+    if (existsSync(lockFile)) {
+      rmSync(lockFile, { force: true });
+    }
     writeFileSync(join(testDir, `file-${Date.now()}.txt`), "content");
     await gitService.commitChanges("test commit");
     return await gitService.getHeadHash();

package/src/__tests__/config-schema.test.ts

@@ -168,10 +168,8 @@ describe("AssistantConfigSchema", () => {
     expect(result.memory.conflicts).toEqual({
       enabled: true,
       gateMode: "soft",
-      reaskCooldownTurns: 3,
       resolverLlmTimeoutMs: 12000,
       relevanceThreshold: 0.3,
-      askOnIrrelevantTurns: false,
       conflictableKinds: [
         "preference",
         "profile",
@@ -189,13 +187,6 @@ describe("AssistantConfigSchema", () => {
     expect(result.success).toBe(false);
   });
 
-  test("rejects invalid memory.conflicts.askOnIrrelevantTurns", () => {
-    const result = AssistantConfigSchema.safeParse({
-      memory: { conflicts: { askOnIrrelevantTurns: 123 } },
-    });
-    expect(result.success).toBe(false);
-  });
-
   test("rejects invalid memory.conflicts.conflictableKinds entry", () => {
     const result = AssistantConfigSchema.safeParse({
       memory: { conflicts: { conflictableKinds: ["invalid_kind"] } },
@@ -536,11 +527,12 @@ describe("AssistantConfigSchema", () => {
     expect(result.permissions.mode).toBe("strict");
   });
 
-  test("accepts explicit permissions.mode legacy", () => {
-    const result = AssistantConfigSchema.parse({
-      permissions: { mode: "legacy" },
-    });
-    expect(result.permissions.mode).toBe("legacy");
+  test("rejects permissions.mode legacy", () => {
+    expect(() =>
+      AssistantConfigSchema.parse({
+        permissions: { mode: "legacy" },
+      }),
+    ).toThrow();
   });
 
   test("accepts explicit permissions.mode workspace", () => {

package/src/__tests__/conflict-policy.test.ts

@@ -3,9 +3,11 @@ import { describe, expect, test } from "bun:test";
 import {
   isConflictKindEligible,
   isConflictKindPairEligible,
+  isConflictUserEvidenced,
   isDurableInstructionStatement,
   isStatementConflictEligible,
   isTransientTrackingStatement,
+  isUserEvidencedVerificationState,
 } from "../memory/conflict-policy.js";
 
 describe("conflict-policy", () => {
@@ -190,4 +192,78 @@ describe("conflict-policy", () => {
       ).toBe(true);
     });
   });
+
+  describe("isUserEvidencedVerificationState", () => {
+    test("accepts user_reported", () => {
+      expect(isUserEvidencedVerificationState("user_reported")).toBe(true);
+    });
+
+    test("accepts user_confirmed", () => {
+      expect(isUserEvidencedVerificationState("user_confirmed")).toBe(true);
+    });
+
+    test("accepts legacy_import", () => {
+      expect(isUserEvidencedVerificationState("legacy_import")).toBe(true);
+    });
+
+    test("rejects assistant_inferred", () => {
+      expect(isUserEvidencedVerificationState("assistant_inferred")).toBe(
+        false,
+      );
+    });
+
+    test("rejects unknown states", () => {
+      expect(isUserEvidencedVerificationState("")).toBe(false);
+      expect(isUserEvidencedVerificationState("auto_detected")).toBe(false);
+      expect(isUserEvidencedVerificationState("pending")).toBe(false);
+    });
+  });
+
+  describe("isConflictUserEvidenced", () => {
+    test("returns true when existing side is user-evidenced", () => {
+      expect(
+        isConflictUserEvidenced("user_reported", "assistant_inferred"),
+      ).toBe(true);
+      expect(
+        isConflictUserEvidenced("user_confirmed", "assistant_inferred"),
+      ).toBe(true);
+      expect(
+        isConflictUserEvidenced("legacy_import", "assistant_inferred"),
+      ).toBe(true);
+    });
+
+    test("returns true when candidate side is user-evidenced", () => {
+      expect(
+        isConflictUserEvidenced("assistant_inferred", "user_reported"),
+      ).toBe(true);
+      expect(
+        isConflictUserEvidenced("assistant_inferred", "user_confirmed"),
+      ).toBe(true);
+      expect(
+        isConflictUserEvidenced("assistant_inferred", "legacy_import"),
+      ).toBe(true);
+    });
+
+    test("returns true when both sides are user-evidenced", () => {
+      expect(isConflictUserEvidenced("user_reported", "user_confirmed")).toBe(
+        true,
+      );
+      expect(isConflictUserEvidenced("legacy_import", "user_reported")).toBe(
+        true,
+      );
+    });
+
+    test("returns false when neither side is user-evidenced", () => {
+      expect(
+        isConflictUserEvidenced("assistant_inferred", "assistant_inferred"),
+      ).toBe(false);
+    });
+
+    test("returns false for unknown states on both sides", () => {
+      expect(isConflictUserEvidenced("auto_detected", "pending")).toBe(false);
+      expect(
+        isConflictUserEvidenced("assistant_inferred", "auto_detected"),
+      ).toBe(false);
+    });
+  });
 });

package/src/__tests__/conflict-store.test.ts

@@ -33,7 +33,6 @@ import {
   getPendingConflictByPair,
   listPendingConflictDetails,
   listPendingConflicts,
-  markConflictAsked,
   resolveConflict,
 } from "../memory/conflict-store.js";
 import { getDb, initializeDb, resetDb } from "../memory/db.js";
@@ -60,6 +59,10 @@ function resetTables() {
 function insertItemPair(
   suffix: string,
   scopeId = "default",
+  opts?: {
+    existingVerificationState?: string;
+    candidateVerificationState?: string;
+  },
 ): { existingItemId: string; candidateItemId: string } {
   const db = getDb();
   const now = Date.now();
@@ -76,7 +79,8 @@ function insertItemPair(
         confidence: 0.8,
         importance: 0.5,
         fingerprint: `fp-existing-${suffix}`,
-        verificationState: "assistant_inferred",
+        verificationState:
+          opts?.existingVerificationState ?? "assistant_inferred",
         scopeId,
         firstSeenAt: now,
         lastSeenAt: now,
@@ -90,7 +94,8 @@ function insertItemPair(
         confidence: 0.8,
         importance: 0.5,
         fingerprint: `fp-candidate-${suffix}`,
-        verificationState: "assistant_inferred",
+        verificationState:
+          opts?.candidateVerificationState ?? "assistant_inferred",
         scopeId,
         firstSeenAt: now,
         lastSeenAt: now,
@@ -218,24 +223,11 @@ describe("conflict-store", () => {
     expect(pendingDefault[0].status).toBe("pending_clarification");
   });
 
-  test("markConflictAsked updates lastAskedAt", () => {
-    const pair = insertItemPair("asked");
-    const conflict = createOrUpdatePendingConflict({
-      scopeId: "default",
-      existingItemId: pair.existingItemId,
-      candidateItemId: pair.candidateItemId,
-      relationship: "ambiguous_contradiction",
+  test("listPendingConflictDetails joins current statements and verification states", () => {
+    const pair = insertItemPair("details", "workspace-a", {
+      existingVerificationState: "user_confirmed",
+      candidateVerificationState: "assistant_inferred",
     });
-
-    const askedAt = 1_734_000_000_000;
-    expect(markConflictAsked(conflict.id, askedAt)).toBe(true);
-    const updated = getConflictById(conflict.id);
-    expect(updated?.lastAskedAt).toBe(askedAt);
-    expect(updated?.updatedAt).toBe(askedAt);
-  });
-
-  test("listPendingConflictDetails joins current statements", () => {
-    const pair = insertItemPair("details", "workspace-a");
     createOrUpdatePendingConflict({
       scopeId: "workspace-a",
       existingItemId: pair.existingItemId,
@@ -250,6 +242,8 @@ describe("conflict-store", () => {
     expect(details[0].candidateStatement).toBe("Candidate statement details");
     expect(details[0].existingKind).toBe("fact");
     expect(details[0].candidateKind).toBe("fact");
+    expect(details[0].existingVerificationState).toBe("user_confirmed");
+    expect(details[0].candidateVerificationState).toBe("assistant_inferred");
   });
 
   test("applyConflictResolution keeps candidate and resolves conflict row", () => {

package/src/__tests__/contacts-tools.test.ts

@@ -140,17 +140,14 @@ describe("contact_upsert tool", () => {
     expect(result.isError).toBe(false);
     expect(result.content).toContain("Created contact");
     expect(result.content).toContain("Alice");
-    expect(result.content).toContain("Importance: 0.50");
   });
 
   test("creates a contact with all fields", async () => {
     const result = await executeContactUpsert(
       {
         display_name: "Bob",
-        relationship: "colleague",
-        importance: 0.8,
-        response_expectation: "within_hours",
-        preferred_tone: "professional",
+        notes:
+          "Colleague at Acme Corp, prefers professional tone, responds within hours",
         channels: [
           { type: "email", address: "bob@example.com", is_primary: true },
           { type: "slack", address: "@bob" },
@@ -161,10 +158,7 @@ describe("contact_upsert tool", () => {
 
     expect(result.isError).toBe(false);
     expect(result.content).toContain("Bob");
-    expect(result.content).toContain("colleague");
-    expect(result.content).toContain("0.80");
-    expect(result.content).toContain("within_hours");
-    expect(result.content).toContain("professional");
+    expect(result.content).toContain("Notes: Colleague at Acme Corp");
     expect(result.content).toContain("email: bob@example.com");
     expect(result.content).toContain("slack: @bob");
   });
@@ -185,7 +179,7 @@ describe("contact_upsert tool", () => {
       {
         id: contactId,
         display_name: "Charlie Updated",
-        importance: 0.9,
+        notes: "Updated notes for Charlie",
       },
       ctx,
     );
@@ -193,7 +187,7 @@ describe("contact_upsert tool", () => {
     expect(updateResult.isError).toBe(false);
     expect(updateResult.content).toContain("Updated contact");
     expect(updateResult.content).toContain("Charlie Updated");
-    expect(updateResult.content).toContain("0.90");
+    expect(updateResult.content).toContain("Notes: Updated notes for Charlie");
   });
 
   test("auto-matches by channel address on create", async () => {
@@ -239,36 +233,6 @@ describe("contact_upsert tool", () => {
     expect(result.isError).toBe(true);
     expect(result.content).toContain("display_name is required");
   });
-
-  test("rejects importance out of range", async () => {
-    const result = await executeContactUpsert(
-      {
-        display_name: "Test",
-        importance: 1.5,
-      },
-      ctx,
-    );
-
-    expect(result.isError).toBe(true);
-    expect(result.content).toContain(
-      "importance must be a number between 0 and 1",
-    );
-  });
-
-  test("rejects negative importance", async () => {
-    const result = await executeContactUpsert(
-      {
-        display_name: "Test",
-        importance: -0.1,
-      },
-      ctx,
-    );
-
-    expect(result.isError).toBe(true);
-    expect(result.content).toContain(
-      "importance must be a number between 0 and 1",
-    );
-  });
 });
 
 // ── contact_search ──────────────────────────────────────────────────
@@ -305,23 +269,6 @@ describe("contact_search tool", () => {
     expect(result.content).toContain("Charlie");
   });
 
-  test("searches by relationship", async () => {
-    await executeContactUpsert(
-      { display_name: "Diana", relationship: "friend" },
-      ctx,
-    );
-    await executeContactUpsert(
-      { display_name: "Eve", relationship: "colleague" },
-      ctx,
-    );
-
-    const result = await executeContactSearch({ relationship: "friend" }, ctx);
-
-    expect(result.isError).toBe(false);
-    expect(result.content).toContain("Diana");
-    expect(result.content).not.toContain("Eve");
-  });
-
   test("returns no results message when nothing matches", async () => {
     await executeContactUpsert({ display_name: "Existing" }, ctx);
 
@@ -380,7 +327,7 @@ describe("contact_merge tool", () => {
     const r1 = await executeContactUpsert(
       {
         display_name: "Alice (Email)",
-        importance: 0.7,
+        notes: "Prefers email",
         channels: [{ type: "email", address: "alice@example.com" }],
       },
       ctx,
@@ -388,7 +335,7 @@ describe("contact_merge tool", () => {
     const r2 = await executeContactUpsert(
       {
         display_name: "Alice (Slack)",
-        importance: 0.9,
+        notes: "Active on Slack",
         channels: [{ type: "slack", address: "@alice" }],
       },
       ctx,
@@ -407,7 +354,7 @@ describe("contact_merge tool", () => {
 
     expect(result.isError).toBe(false);
     expect(result.content).toContain("Merged");
-    expect(result.content).toContain("Importance: 0.90"); // takes higher importance
+    expect(result.content).toContain("Notes: Prefers email\nActive on Slack"); // concatenated notes
     expect(result.content).toContain("email: alice@example.com");
     expect(result.content).toContain("slack: @alice");
 

package/src/__tests__/contradiction-checker.test.ts

@@ -201,7 +201,11 @@ describe("checkContradictions", () => {
     expect(conflicts[0].existingItemId).toBe("item-existing-ambiguous");
     expect(conflicts[0].candidateItemId).toBe("item-candidate-ambiguous");
     expect(conflicts[0].relationship).toBe("ambiguous_contradiction");
-    expect(conflicts[0].clarificationQuestion).toContain(
+    expect(conflicts[0].clarificationQuestion).toContain("Pending conflict:");
+    expect(conflicts[0].clarificationQuestion).not.toContain(
+      "I have conflicting notes",
+    );
+    expect(conflicts[0].clarificationQuestion).not.toContain(
       "Which one is correct?",
     );
   });

package/src/__tests__/credential-security-invariants.test.ts

@@ -241,6 +241,7 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "schedule/integration-status.ts", // integration status checks for scheduled reports
       "daemon/handlers/oauth-connect.ts", // OAuth connect handler for integration setup
       "daemon/handlers/config-slack-channel.ts", // Slack channel config credential management
+      "providers/managed-proxy/context.ts", // managed proxy API key lookup for provider initialization
     ]);
 
     const thisDir = dirname(fileURLToPath(import.meta.url));

package/src/__tests__/daemon-server-session-init.test.ts

@@ -52,7 +52,6 @@ class MockSession {
     | { skipPreMessageRollback?: boolean; isInteractive?: boolean }
     | undefined;
   public updateClientHistory: Array<{ hasNoClient: boolean }> = [];
-  public setSandboxOverrideCalls = 0;
   private stale = false;
   private processing = false;
   public trustContext: Record<string, unknown> | null = null;
@@ -95,9 +94,7 @@ class MockSession {
     return this._currentSender;
   }
 
-  setSandboxOverride(): void {
-    this.setSandboxOverrideCalls += 1;
-  }
+  setSandboxOverride(): void {}
 
   isProcessing(): boolean {
     return this.processing;
@@ -433,21 +430,6 @@ describe("DaemonServer initial session hydration", () => {
     expect(lastCreatedWorkingDir).toBe("/tmp/workspace");
   });
 
-  test("ignores deprecated sandbox_set runtime override messages", async () => {
-    const server = new DaemonServer();
-    const internal = asDaemonServerTestAccess(server);
-    const { socket } = createFakeSocket();
-
-    await internal.sendInitialSession(socket);
-    const session = internal.sessions.get(conversation.id);
-    expect(session).toBeDefined();
-    expect(session!.setSandboxOverrideCalls).toBe(0);
-
-    internal.dispatchMessage({ type: "sandbox_set", enabled: false }, socket);
-
-    expect(session!.setSandboxOverrideCalls).toBe(0);
-  });
-
   test("sendInitialSession includes threadType in session_info", async () => {
     conversation.threadType = "private";
     const server = new DaemonServer();

package/src/__tests__/followup-tools.test.ts

@@ -122,36 +122,6 @@ describe("followup_create tool", () => {
     expect(result.content).toContain("Reminder schedule: sched-abc");
   });
 
-  test("creates a follow-up with deprecated reminder_cron_id alias", async () => {
-    const result = await executeFollowupCreate(
-      {
-        channel: "email",
-        thread_id: "thread-789",
-        reminder_cron_id: "cron-abc",
-      },
-      ctx,
-    );
-
-    expect(result.isError).toBe(false);
-    expect(result.content).toContain("Reminder schedule: cron-abc");
-  });
-
-  test("reminder_schedule_id takes precedence over reminder_cron_id", async () => {
-    const result = await executeFollowupCreate(
-      {
-        channel: "email",
-        thread_id: "thread-prio",
-        reminder_schedule_id: "sched-wins",
-        reminder_cron_id: "cron-loses",
-      },
-      ctx,
-    );
-
-    expect(result.isError).toBe(false);
-    expect(result.content).toContain("Reminder schedule: sched-wins");
-    expect(result.content).not.toContain("cron-loses");
-  });
-
   test("rejects missing channel", async () => {
     const result = await executeFollowupCreate(
       {

package/src/__tests__/gemini-provider.test.ts

@@ -30,6 +30,7 @@ interface FakeChunk {
 
 let fakeChunks: FakeChunk[] = [];
 let lastStreamParams: Record<string, unknown> | null = null;
+let lastConstructorOpts: Record<string, unknown> | null = null;
 let shouldThrow: Error | null = null;
 
 class FakeApiError extends Error {
@@ -43,7 +44,9 @@ class FakeApiError extends Error {
 
 mock.module("@google/genai", () => ({
   GoogleGenAI: class MockGoogleGenAI {
-    constructor(_opts: Record<string, unknown>) {}
+    constructor(opts: Record<string, unknown>) {
+      lastConstructorOpts = opts;
+    }
     models = {
       generateContentStream: async (params: Record<string, unknown>) => {
         lastStreamParams = params;
@@ -108,6 +111,7 @@ describe("GeminiProvider", () => {
     provider = new GeminiProvider("test-api-key", "gemini-3-flash");
     fakeChunks = [];
     lastStreamParams = null;
+    lastConstructorOpts = null;
     shouldThrow = null;
   });
 
@@ -726,4 +730,78 @@ describe("GeminiProvider", () => {
 
     expect(result.usage).toEqual({ inputTokens: 0, outputTokens: 0 });
   });
+
+  // -----------------------------------------------------------------------
+  // Managed transport — constructor configuration
+  // -----------------------------------------------------------------------
+  test("does not set httpOptions when managedBaseUrl is not provided", () => {
+    new GeminiProvider("test-key", "gemini-3-flash");
+    expect(lastConstructorOpts).toEqual({ apiKey: "test-key" });
+  });
+
+  test("sets httpOptions.baseUrl when managedBaseUrl is provided", () => {
+    new GeminiProvider("managed-key", "gemini-3-flash", {
+      managedBaseUrl: "https://platform.example.com/v1/runtime-proxy/gemini",
+    });
+    expect(lastConstructorOpts).toEqual({
+      apiKey: "managed-key",
+      httpOptions: {
+        baseUrl: "https://platform.example.com/v1/runtime-proxy/gemini",
+      },
+    });
+  });
+
+  test("managed transport produces same ProviderResponse shape", async () => {
+    const managedProvider = new GeminiProvider(
+      "managed-key",
+      "gemini-3-flash",
+      {
+        managedBaseUrl: "https://platform.example.com/v1/runtime-proxy/gemini",
+      },
+    );
+
+    fakeChunks = [textChunk("Hello from managed"), finishChunk("STOP", 15, 8)];
+
+    const result = await managedProvider.sendMessage([
+      { role: "user", content: [{ type: "text", text: "Hi" }] },
+    ]);
+
+    expect(result.content).toHaveLength(1);
+    expect(result.content[0]).toEqual({
+      type: "text",
+      text: "Hello from managed",
+    });
+    expect(result.model).toBe("gemini-3-flash-001");
+    expect(result.usage).toEqual({ inputTokens: 15, outputTokens: 8 });
+    expect(result.stopReason).toBe("STOP");
+  });
+
+  test("managed transport handles tool calls correctly", async () => {
+    const managedProvider = new GeminiProvider(
+      "managed-key",
+      "gemini-3-flash",
+      {
+        managedBaseUrl: "https://platform.example.com/v1/runtime-proxy/gemini",
+      },
+    );
+
+    fakeChunks = [
+      functionCallChunk([
+        { id: "call_managed", name: "file_read", args: { path: "/tmp/test" } },
+      ]),
+      finishChunk("STOP", 10, 15),
+    ];
+
+    const result = await managedProvider.sendMessage([
+      { role: "user", content: [{ type: "text", text: "Read /tmp/test" }] },
+    ]);
+
+    expect(result.content).toHaveLength(1);
+    expect(result.content[0]).toEqual({
+      type: "tool_use",
+      id: "call_managed",
+      name: "file_read",
+      input: { path: "/tmp/test" },
+    });
+  });
 });

package/src/__tests__/guardian-decision-primitive-canonical.test.ts

@@ -71,7 +71,8 @@ const TEST_PRINCIPAL_ID = "test-principal-id";
 
 function guardianActor(overrides: Partial<ActorContext> = {}): ActorContext {
   return {
-    externalUserId: "guardian-1",
+    actorPrincipalId: TEST_PRINCIPAL_ID,
+    actorExternalUserId: "guardian-1",
     channel: "telegram",
     guardianPrincipalId: TEST_PRINCIPAL_ID,
     ...overrides,
@@ -80,7 +81,8 @@ function guardianActor(overrides: Partial<ActorContext> = {}): ActorContext {
 
 function trustedActor(overrides: Partial<ActorContext> = {}): ActorContext {
   return {
-    externalUserId: undefined,
+    actorPrincipalId: TEST_PRINCIPAL_ID,
+    actorExternalUserId: undefined,
     channel: "desktop",
     guardianPrincipalId: TEST_PRINCIPAL_ID,
     ...overrides,
@@ -254,7 +256,7 @@ describe("applyCanonicalGuardianDecision", () => {
 
     expect(result.applied).toBe(true);
     if (!result.applied) return;
-    // No grant minted because trusted actor has no externalUserId
+    // No grant minted because trusted actor has no actorExternalUserId
     expect(result.grantMinted).toBe(false);
   });
 

package/src/__tests__/guardian-routing-invariants.test.ts

@@ -94,7 +94,8 @@ const TEST_PRINCIPAL_ID = "test-principal-id";
 
 function guardianActor(overrides: Partial<ActorContext> = {}): ActorContext {
   return {
-    externalUserId: "guardian-1",
+    actorPrincipalId: TEST_PRINCIPAL_ID,
+    actorExternalUserId: "guardian-1",
     channel: "telegram",
     guardianPrincipalId: TEST_PRINCIPAL_ID,
     ...overrides,
@@ -103,7 +104,8 @@ function guardianActor(overrides: Partial<ActorContext> = {}): ActorContext {
 
 function trustedActor(overrides: Partial<ActorContext> = {}): ActorContext {
   return {
-    externalUserId: undefined,
+    actorPrincipalId: TEST_PRINCIPAL_ID,
+    actorExternalUserId: undefined,
     channel: "desktop",
     guardianPrincipalId: TEST_PRINCIPAL_ID,
     ...overrides,
@@ -1212,13 +1214,13 @@ describe("routing invariant: destination hints do not bypass tool_approval princ
     });
 
     // No pendingRequestIds passed — identity-based fallback uses
-    // actor.externalUserId which does not match any request's
+    // actor.actorExternalUserId which does not match any request's
     // guardianExternalUserId (since it's null).
     const result = await routeGuardianReply(
       replyCtx({
         messageText: "approve",
         channel: "telegram",
-        actor: guardianActor({ externalUserId: "guardian-tg-user" }),
+        actor: guardianActor({ actorExternalUserId: "guardian-tg-user" }),
         conversationId: "conv-guardian-chat",
         // pendingRequestIds: undefined — no delivery hints
         approvalConversationGenerator: undefined,

package/src/__tests__/ipc-snapshot.test.ts

@@ -101,10 +101,6 @@ const clientMessages: Record<ClientMessageType, ClientMessage> = {
     type: "usage_request",
     sessionId: "sess-001",
   },
-  sandbox_set: {
-    type: "sandbox_set",
-    enabled: true,
-  },
   cu_session_create: {
     type: "cu_session_create",
     sessionId: "cu-sess-001",