@vellumai/assistant 0.4.32 → 0.4.34

package/docs/architecture/memory.md

@@ -487,7 +487,7 @@ graph TB
 
 ### How it works
 
-1. **Lazy initialization**: The git repository is created on first use, not at workspace creation. When `ensureInitialized()` is called, it checks for a `.git` directory. If absent, it runs `git init`, creates a `.gitignore` (excluding `data/`, `logs/`, `*.log`, `*.sock`, `*.pid`, `session-token`, `http-token`), sets the git identity to "Vellum Assistant", and creates an initial baseline commit capturing any pre-existing files. The baseline commit is intentional — it makes `git log`, `git diff`, and `git revert` work cleanly from the start. Both new and existing workspaces get the same treatment. For existing repos (e.g. created by older versions or external tools), `.gitignore` rules and git identity are set idempotently on each init, ensuring proper configuration regardless of how the repo was originally created.
+1. **Lazy initialization**: The git repository is created on first use, not at workspace creation. When `ensureInitialized()` is called, it checks for a `.git` directory. If absent, it runs `git init`, creates a `.gitignore` (excluding `data/`, `logs/`, `*.log`, `*.sock`, `*.pid`, `session-token`), sets the git identity to "Vellum Assistant", and creates an initial baseline commit capturing any pre-existing files. The baseline commit is intentional — it makes `git log`, `git diff`, and `git revert` work cleanly from the start. Both new and existing workspaces get the same treatment. For existing repos (e.g. created by older versions or external tools), `.gitignore` rules and git identity are set idempotently on each init, ensuring proper configuration regardless of how the repo was originally created.
 
 2. **Turn-boundary commits**: After each conversation turn (user message + assistant response cycle), `session.ts` commits workspace changes via `commitTurnChanges(workspaceDir, sessionId, turnNumber)`. The commit runs in the `finally` block of `runAgentLoop`, guarded by a `turnStarted` flag that is set once the agent loop begins executing. This guarantees a commit attempt even when post-processing (e.g. `resolveAssistantAttachments`) throws, or when the user cancels mid-turn. The commit is raced against a configurable timeout (`workspaceGit.turnCommitMaxWaitMs`, default 4s) via `Promise.race`. If the commit exceeds the timeout, the turn proceeds immediately while the commit continues in the background. Note: the background commit is NOT awaited before the next turn starts, so brief cross-turn file attribution windows are possible but accepted as a tradeoff for responsiveness. Commit outcomes are logged with structured fields (`sessionId`, `turnNumber`, `filesChanged`, `durationMs`) for observability.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.4.32",
+  "version": "0.4.34",
   "type": "module",
   "bin": {
     "vellum": "./src/index.ts"

package/src/__tests__/access-request-decision.test.ts

@@ -30,7 +30,6 @@ mock.module("../util/platform.js", () => ({
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),
   ensureDataDir: () => {},
-  readHttpToken: () => "test-bearer-token",
 }));
 
 mock.module("../util/logger.js", () => ({
@@ -100,7 +99,6 @@ function createTestApproval(overrides: Record<string, unknown> = {}) {
   return createApprovalRequest({
     runId: `ingress-access-request-${Date.now()}`,
     conversationId: `access-req-telegram-user-unknown-456`,
-    assistantId: "self",
     channel: "telegram",
     requesterExternalUserId: "user-unknown-456",
     requesterChatId: "chat-123",
@@ -158,7 +156,7 @@ describe("access request decision handler", () => {
     expect(result.type).toBe("approved");
 
     // There should be an active session for this channel
-    const session = findActiveSession("self", "telegram");
+    const session = findActiveSession("telegram");
     expect(session).not.toBeNull();
     expect(session!.expectedExternalUserId).toBe("user-unknown-456");
     expect(session!.expectedChatId).toBe("chat-123");
@@ -187,7 +185,7 @@ describe("access request decision handler", () => {
     expect(updated!.decidedByExternalUserId).toBe("guardian-user-789");
 
     // No verification session should be created
-    const session = findActiveSession("self", "telegram");
+    const session = findActiveSession("telegram");
     expect(session).toBeNull();
   });
 
@@ -331,4 +329,87 @@ describe("access request notification delivery", () => {
     expect(text).toContain("unable to deliver");
     expect(text).toContain("try again");
   });
+
+  test("slack approval notification is sent as DM using requesterExternalUserId", async () => {
+    await notifyRequesterOfApproval({
+      replyCallbackUrl:
+        "http://localhost:7830/deliver/slack?threadTs=1234.5678",
+      requesterChatId: "C12345-channel",
+      requesterExternalUserId: "U98765-user",
+      channel: "slack",
+      assistantId: "self",
+      bearerToken: "test-token",
+    });
+
+    expect(deliverReplyCalls.length).toBe(1);
+    const call = deliverReplyCalls[0];
+    // Should target the user ID (DM) not the channel
+    expect(call.payload.chatId).toBe("U98765-user");
+    // threadTs should be stripped — it belongs to the guardian's channel thread
+    expect(call.url).not.toContain("threadTs");
+  });
+
+  test("slack denial notification is sent as DM using requesterExternalUserId", async () => {
+    await notifyRequesterOfDenial({
+      replyCallbackUrl:
+        "http://localhost:7830/deliver/slack?threadTs=1234.5678",
+      requesterChatId: "C12345-channel",
+      requesterExternalUserId: "U98765-user",
+      channel: "slack",
+      assistantId: "self",
+      bearerToken: "test-token",
+    });
+
+    expect(deliverReplyCalls.length).toBe(1);
+    const call = deliverReplyCalls[0];
+    expect(call.payload.chatId).toBe("U98765-user");
+    expect(call.url).not.toContain("threadTs");
+  });
+
+  test("slack delivery failure notification is sent as DM using requesterExternalUserId", async () => {
+    await notifyRequesterOfDeliveryFailure({
+      replyCallbackUrl:
+        "http://localhost:7830/deliver/slack?threadTs=1234.5678",
+      requesterChatId: "C12345-channel",
+      requesterExternalUserId: "U98765-user",
+      channel: "slack",
+      assistantId: "self",
+      bearerToken: "test-token",
+    });
+
+    expect(deliverReplyCalls.length).toBe(1);
+    const call = deliverReplyCalls[0];
+    expect(call.payload.chatId).toBe("U98765-user");
+    expect(call.url).not.toContain("threadTs");
+  });
+
+  test("non-slack channels still use requesterChatId and preserve threadTs", async () => {
+    await notifyRequesterOfApproval({
+      replyCallbackUrl:
+        "http://localhost:7830/deliver/telegram?threadTs=1234.5678",
+      requesterChatId: "chat-123",
+      requesterExternalUserId: "user-456",
+      channel: "telegram",
+      assistantId: "self",
+      bearerToken: "test-token",
+    });
+
+    expect(deliverReplyCalls.length).toBe(1);
+    expect(deliverReplyCalls[0].payload.chatId).toBe("chat-123");
+    // threadTs should be preserved for non-slack channels
+    expect(deliverReplyCalls[0].url).toContain("threadTs=1234.5678");
+  });
+
+  test("slack without requesterExternalUserId falls back to requesterChatId", async () => {
+    await notifyRequesterOfApproval({
+      replyCallbackUrl: "http://localhost:7830/deliver/slack",
+      requesterChatId: "C12345-channel",
+      channel: "slack",
+      assistantId: "self",
+      bearerToken: "test-token",
+    });
+
+    expect(deliverReplyCalls.length).toBe(1);
+    expect(deliverReplyCalls[0].payload.chatId).toBe("C12345-channel");
+  });
 });

package/src/__tests__/actor-token-service.test.ts

@@ -39,7 +39,6 @@ mock.module("../config/env.js", () => ({
   isHttpAuthDisabled: () => false,
   getInternalGatewayTarget: () => "http://localhost:7822",
   getGatewayBaseUrl: () => "http://localhost:7822",
-  getRuntimeProxyBearerToken: () => undefined,
   getRuntimeGatewayOriginSecret: () => undefined,
   isHttpAuthDisabledWithoutSafetyGate: () => false,
   getEnableMonitoring: () => false,
@@ -130,7 +129,6 @@ describe("actor-token store (hash-only)", () => {
 
     const record = createActorTokenRecord({
       tokenHash,
-      assistantId: "self",
       guardianPrincipalId: "principal-store",
       hashedDeviceId: "hashed-dev-store",
       platform: "macos",
@@ -149,7 +147,6 @@ describe("actor-token store (hash-only)", () => {
 
     createActorTokenRecord({
       tokenHash,
-      assistantId: "self",
       guardianPrincipalId: "principal-bind",
       hashedDeviceId: "hashed-dev-bind",
       platform: "ios",
@@ -157,7 +154,6 @@ describe("actor-token store (hash-only)", () => {
     });
 
     const found = findActiveByDeviceBinding(
-      "self",
       "principal-bind",
       "hashed-dev-bind",
     );
@@ -170,7 +166,6 @@ describe("actor-token store (hash-only)", () => {
 
     createActorTokenRecord({
       tokenHash,
-      assistantId: "self",
       guardianPrincipalId: "principal-revoke",
       hashedDeviceId: "hashed-dev-revoke",
       platform: "macos",
@@ -178,7 +173,6 @@ describe("actor-token store (hash-only)", () => {
     });
 
     const count = revokeByDeviceBinding(
-      "self",
       "principal-revoke",
       "hashed-dev-revoke",
     );
@@ -193,7 +187,6 @@ describe("actor-token store (hash-only)", () => {
 
     createActorTokenRecord({
       tokenHash,
-      assistantId: "self",
       guardianPrincipalId: "principal-single",
       hashedDeviceId: "hashed-dev-single",
       platform: "macos",
@@ -214,7 +207,7 @@ describe("guardian vellum migration", () => {
     const principalId = ensureVellumGuardianBinding("self");
     expect(principalId).toMatch(/^vellum-principal-/);
 
-    const guardianResult = findGuardianForChannel("vellum", "self");
+    const guardianResult = findGuardianForChannel("vellum");
     expect(guardianResult).not.toBeNull();
     expect(guardianResult!.contact.principalId).toBe(principalId);
     expect(guardianResult!.channel.verifiedVia).toBe("startup-migration");
@@ -228,7 +221,6 @@ describe("guardian vellum migration", () => {
 
   test("ensureVellumGuardianBinding preserves existing bindings for other channels", () => {
     createGuardianBinding({
-      assistantId: "self",
       channel: "telegram",
       guardianExternalUserId: "tg-user-123",
       guardianDeliveryChatId: "tg-chat-456",
@@ -238,11 +230,11 @@ describe("guardian vellum migration", () => {
 
     ensureVellumGuardianBinding("self");
 
-    const tgGuardian = findGuardianForChannel("telegram", "self");
+    const tgGuardian = findGuardianForChannel("telegram");
     expect(tgGuardian).not.toBeNull();
     expect(tgGuardian!.channel.externalUserId).toBe("tg-user-123");
 
-    const vGuardian = findGuardianForChannel("vellum", "self");
+    const vGuardian = findGuardianForChannel("vellum");
     expect(vGuardian).not.toBeNull();
   });
 });
@@ -440,7 +432,7 @@ describe("resolveLocalIpcAuthContext", () => {
 
   test("enriches actorPrincipalId from vellum guardian binding when present", () => {
     ensureVellumGuardianBinding("self");
-    const guardianResult = findGuardianForChannel("vellum", "self");
+    const guardianResult = findGuardianForChannel("vellum");
     expect(guardianResult).toBeTruthy();
 
     const ctx = resolveLocalIpcAuthContext("session-123");

package/src/__tests__/approval-primitive.test.ts

@@ -60,7 +60,6 @@ afterAll(() => {
 function mintParams(overrides: Partial<MintGrantParams> = {}): MintGrantParams {
   const futureExpiry = new Date(Date.now() + 60_000).toISOString();
   return {
-    assistantId: "self",
     scopeMode: "request_id",
     requestChannel: "telegram",
     decisionChannel: "telegram",
@@ -177,7 +176,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
       toolName: "shell",
       inputDigest: computeToolApprovalDigest("shell", { command: "ls" }),
       consumingRequestId: "consumer-1",
-      assistantId: "self",
     });
 
     expect(result.ok).toBe(true);
@@ -200,7 +198,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
       toolName: "shell",
       inputDigest: digest,
       consumingRequestId: "consumer-2",
-      assistantId: "self",
     });
 
     expect(result.ok).toBe(true);
@@ -224,7 +221,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
       toolName: "shell",
       inputDigest: digest,
       consumingRequestId: "consumer-3",
-      assistantId: "self",
     });
 
     expect(result.ok).toBe(true);
@@ -242,7 +238,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
         toolName: "shell",
         inputDigest: computeToolApprovalDigest("shell", { command: "ls" }),
         consumingRequestId: "consumer-miss",
-        assistantId: "self",
       },
       { maxWaitMs: 0 },
     );
@@ -267,7 +262,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
         toolName: "file_write",
         inputDigest: digest,
         consumingRequestId: "consumer-mismatch-tool",
-        assistantId: "self",
       },
       { maxWaitMs: 0 },
     );
@@ -293,32 +287,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
           command: "rm -rf /",
         }),
         consumingRequestId: "consumer-mismatch-input",
-        assistantId: "self",
-      },
-      { maxWaitMs: 0 },
-    );
-
-    expect(result.ok).toBe(false);
-    if (result.ok) return;
-    expect(result.reason).toBe("no_match");
-  });
-
-  test("miss: assistant ID mismatch", async () => {
-    mintGrantFromDecision(
-      mintParams({
-        scopeMode: "request_id",
-        requestId: "req-assist",
-        assistantId: "assistant-A",
-      }),
-    );
-
-    const result = await consumeGrantForInvocation(
-      {
-        requestId: "req-assist",
-        toolName: "shell",
-        inputDigest: computeToolApprovalDigest("shell", {}),
-        consumingRequestId: "consumer-assist-mismatch",
-        assistantId: "assistant-B",
       },
       { maxWaitMs: 0 },
     );
@@ -344,7 +312,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
         toolName: "shell",
         inputDigest: computeToolApprovalDigest("shell", {}),
         consumingRequestId: "consumer-expired",
-        assistantId: "self",
       },
       { maxWaitMs: 0 },
     );
@@ -368,7 +335,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
       toolName: "shell",
       inputDigest: computeToolApprovalDigest("shell", {}),
       consumingRequestId: "consumer-first",
-      assistantId: "self",
     });
     expect(first.ok).toBe(true);
 
@@ -378,7 +344,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
         toolName: "shell",
         inputDigest: computeToolApprovalDigest("shell", {}),
         consumingRequestId: "consumer-second",
-        assistantId: "self",
       },
       { maxWaitMs: 0 },
     );
@@ -401,7 +366,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
       toolName: "shell",
       inputDigest: digest,
       consumingRequestId: "consumer-sig-first",
-      assistantId: "self",
     });
     expect(first.ok).toBe(true);
 
@@ -410,7 +374,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
         toolName: "shell",
         inputDigest: digest,
         consumingRequestId: "consumer-sig-second",
-        assistantId: "self",
       },
       { maxWaitMs: 0 },
     );
@@ -439,7 +402,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
       toolName: "shell",
       inputDigest: digest,
       consumingRequestId: "consumer-ctx",
-      assistantId: "self",
       conversationId: "conv-ctx",
       callSessionId: "call-ctx",
     });
@@ -463,7 +425,6 @@ describe("approval-primitive / consumeGrantForInvocation", () => {
         toolName: "shell",
         inputDigest: digest,
         consumingRequestId: "consumer-ctx-mismatch",
-        assistantId: "self",
         conversationId: "conv-B",
       },
       { maxWaitMs: 0 },
@@ -497,7 +458,6 @@ describe("approval-primitive / consumeGrantForInvocation retry", () => {
       toolName: "shell",
       inputDigest: digest,
       consumingRequestId: "consumer-async-immediate",
-      assistantId: "self",
     });
     const elapsed = Date.now() - start;
 
@@ -528,7 +488,6 @@ describe("approval-primitive / consumeGrantForInvocation retry", () => {
         toolName: "shell",
         inputDigest: digest,
         consumingRequestId: "consumer-async-delayed",
-        assistantId: "self",
       },
       { maxWaitMs: 5_000, intervalMs: 100 },
     );
@@ -553,7 +512,6 @@ describe("approval-primitive / consumeGrantForInvocation retry", () => {
         toolName: "shell",
         inputDigest: digest,
         consumingRequestId: "consumer-async-timeout",
-        assistantId: "self",
       },
       { maxWaitMs: 500, intervalMs: 100 },
     );
@@ -580,7 +538,6 @@ describe("approval-primitive / consumeGrantForInvocation retry", () => {
         toolName: "shell",
         inputDigest: digest,
         consumingRequestId: "consumer-aborted",
-        assistantId: "self",
       },
       { maxWaitMs: 2_000, intervalMs: 50, signal: controller.signal },
     );
@@ -606,7 +563,6 @@ describe("approval-primitive / consumeGrantForInvocation retry", () => {
         toolName: "shell",
         inputDigest: digest,
         consumingRequestId: "consumer-pre-aborted",
-        assistantId: "self",
       },
       { maxWaitMs: 2_000, intervalMs: 50, signal: controller.signal },
     );
@@ -628,7 +584,6 @@ describe("approval-primitive / consumeGrantForInvocation retry", () => {
         toolName: "shell",
         inputDigest: digest,
         consumingRequestId: "consumer-no-retry",
-        assistantId: "self",
       },
       { maxWaitMs: 0 },
     );

package/src/__tests__/approval-routes-http.test.ts

@@ -57,7 +57,6 @@ mock.module("../config/env.js", () => ({
   getGatewayPort: () => 7830,
   getRuntimeHttpPort: () => 7821,
   getRuntimeHttpHost: () => "127.0.0.1",
-  getRuntimeProxyBearerToken: () => undefined,
   getRuntimeGatewayOriginSecret: () => undefined,
   getIngressPublicBaseUrl: () => undefined,
   setIngressPublicBaseUrl: () => {},

package/src/__tests__/assistant-id-boundary-guard.test.ts

@@ -18,6 +18,8 @@ import { DAEMON_INTERNAL_ASSISTANT_ID } from "../runtime/assistant-scope.js";
  *  - No assistant-scoped route handlers in the daemon HTTP server
  *  - No hardcoded `'self'` string for assistant scoping (use the constant)
  *  - The constant itself equals `'self'`
+ *  - No `assistantId` columns in daemon SQLite schema definitions
+ *  - No `assistantId` parameter in daemon store function signatures
  */
 
 // ---------------------------------------------------------------------------
@@ -466,4 +468,152 @@ describe("assistant ID boundary", () => {
       ).not.toContain("assistantId");
     }
   });
+
+  // -------------------------------------------------------------------------
+  // Rule (f): No assistantId columns in daemon SQLite schema definitions
+  //
+  // The daemon is assistant-agnostic — it uses DAEMON_INTERNAL_ASSISTANT_ID
+  // implicitly. Schema files must not define assistantId columns, which would
+  // re-introduce assistant-scoped storage in the daemon layer.
+  // -------------------------------------------------------------------------
+
+  test("no assistantId columns in daemon SQLite schema definitions", () => {
+    const repoRoot = getRepoRoot();
+
+    // Scan all Drizzle schema files for assistantId column definitions.
+    // The Drizzle ORM pattern is `assistantId: text(` for defining a text
+    // column named assistantId.
+    const schemaGlobs = [
+      "assistant/src/memory/schema/*.ts",
+      "assistant/src/memory/schema/**/*.ts",
+    ];
+
+    let grepOutput = "";
+    try {
+      grepOutput = execFileSync(
+        "git",
+        ["grep", "-nE", "assistantId\\s*:\\s*text\\(", "--", ...schemaGlobs],
+        { encoding: "utf-8", cwd: repoRoot },
+      ).trim();
+    } catch (err) {
+      // Exit code 1 means no matches — happy path
+      if ((err as { status?: number }).status === 1) {
+        return;
+      }
+      throw err;
+    }
+
+    const lines = grepOutput.split("\n").filter((l) => l.length > 0);
+    const violations = lines.filter((line) => {
+      // Allow comments
+      const parts = line.split(":");
+      const content = parts.slice(2).join(":").trim();
+      if (
+        content.startsWith("//") ||
+        content.startsWith("*") ||
+        content.startsWith("/*")
+      ) {
+        return false;
+      }
+      return true;
+    });
+
+    if (violations.length > 0) {
+      const message = [
+        "Found `assistantId` column definitions in daemon SQLite schema files.",
+        "`assistantId` columns are not allowed in daemon schema — the daemon uses",
+        "`DAEMON_INTERNAL_ASSISTANT_ID` implicitly and is assistant-agnostic.",
+        "",
+        "Violations:",
+        ...violations.map((v) => `  - ${v}`),
+      ].join("\n");
+
+      expect(violations, message).toEqual([]);
+    }
+  });
+
+  // -------------------------------------------------------------------------
+  // Rule (g): No assistantId parameter in daemon store function signatures
+  //
+  // Store functions in the daemon layer must not accept assistantId as a
+  // parameter. The daemon is assistant-agnostic — all assistant scoping
+  // uses DAEMON_INTERNAL_ASSISTANT_ID internally.
+  // -------------------------------------------------------------------------
+
+  test("no assistantId parameter in daemon store function signatures", () => {
+    const repoRoot = getRepoRoot();
+
+    // Scan store files for exported function signatures that include
+    // assistantId as a parameter. This covers memory stores, contact stores,
+    // notification stores, credential/token stores, and call stores.
+    const storeGlobs = [
+      "assistant/src/memory/*.ts",
+      "assistant/src/contacts/*.ts",
+      "assistant/src/notifications/*.ts",
+      "assistant/src/runtime/auth/credential-service.ts",
+      "assistant/src/runtime/actor-token-store.ts",
+      "assistant/src/runtime/actor-refresh-token-store.ts",
+      "assistant/src/calls/call-store.ts",
+    ];
+
+    // Match exported function declarations/expressions with assistantId in
+    // their parameter lists. Patterns:
+    //   export function foo(assistantId
+    //   export function foo(bar, assistantId
+    //   export async function foo(assistantId
+    //   export const foo = (assistantId
+    //   export const foo = async (assistantId
+    // We use a broad pattern that catches assistantId appearing after an
+    // opening paren in an export context.
+    const pattern =
+      "export\\s+(async\\s+)?function\\s+\\w+\\s*\\([^)]*assistantId|export\\s+const\\s+\\w+\\s*=\\s*(async\\s+)?\\([^)]*assistantId";
+
+    let grepOutput = "";
+    try {
+      grepOutput = execFileSync(
+        "git",
+        ["grep", "-nE", pattern, "--", ...storeGlobs],
+        { encoding: "utf-8", cwd: repoRoot },
+      ).trim();
+    } catch (err) {
+      // Exit code 1 means no matches — happy path
+      if ((err as { status?: number }).status === 1) {
+        return;
+      }
+      throw err;
+    }
+
+    const allLines = grepOutput.split("\n").filter((l) => l.length > 0);
+    const violations = allLines.filter((line) => {
+      const filePath = line.split(":")[0];
+      if (isTestFile(filePath)) return false;
+      if (isMigrationFile(filePath)) return false;
+
+      // Allow comments
+      const parts = line.split(":");
+      const content = parts.slice(2).join(":").trim();
+      if (
+        content.startsWith("//") ||
+        content.startsWith("*") ||
+        content.startsWith("/*")
+      ) {
+        return false;
+      }
+
+      return true;
+    });
+
+    if (violations.length > 0) {
+      const message = [
+        "Found daemon store functions with `assistantId` in their parameter signatures.",
+        "Store functions must not accept `assistantId` — the daemon is assistant-agnostic",
+        "and uses `DAEMON_INTERNAL_ASSISTANT_ID` implicitly.",
+        "",
+        "Violations:",
+        ...violations.map((v) => `  - ${v}`),
+      ].join("\n");
+
+      expect(violations, message).toEqual([]);
+    }
+  });
 });

package/src/__tests__/call-controller.test.ts

@@ -27,7 +27,6 @@ mock.module("../util/platform.js", () => ({
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),
   ensureDataDir: () => {},
-  readHttpToken: () => null,
 }));
 
 mock.module("../util/logger.js", () => ({

package/src/__tests__/call-routes-http.test.ts

@@ -27,7 +27,6 @@ mock.module("../util/platform.js", () => ({
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),
   ensureDataDir: () => {},
-  readHttpToken: () => null,
 }));
 
 mock.module("../util/logger.js", () => ({

package/src/__tests__/callback-handoff-copy.test.ts

@@ -15,7 +15,6 @@ function buildSignal(
 ): NotificationSignal {
   return {
     signalId: "test-signal-1",
-    assistantId: "self",
     createdAt: Date.now(),
     sourceChannel: "voice",
     sourceSessionId: "test-session-1",