@vellumai/assistant 0.4.35 → 0.4.37

package/src/runtime/invite-instruction-generator.ts

@@ -0,0 +1,178 @@
+/**
+ * Generative invite instructions.
+ *
+ * Uses the configured provider to generate a short, first-person instruction
+ * telling the guardian how to invite a contact via a specific channel. Falls
+ * back to a deterministic template when the provider is unavailable or
+ * generation fails/times out.
+ */
+
+import {
+  createTimeout,
+  extractText,
+  resolveConfiguredProvider,
+  userMessage,
+} from "../providers/provider-send-message.js";
+import { getLogger } from "../util/logger.js";
+
+const log = getLogger("invite-instruction-generator");
+
+/** Timeout for the generative instruction call (ms). */
+const GENERATION_TIMEOUT_MS = 5_000;
+
+/** Maximum allowed length for a generated instruction. */
+const MAX_INSTRUCTION_LENGTH = 500;
+
+// ---------------------------------------------------------------------------
+// Channel display label
+// ---------------------------------------------------------------------------
+
+/** Human-readable label for a channel type. */
+export function channelDisplayLabel(type: string): string {
+  switch (type) {
+    case "telegram":
+      return "Telegram";
+    case "sms":
+      return "SMS";
+    case "email":
+      return "Email";
+    case "slack":
+      return "Slack";
+    case "voice":
+      return "Voice";
+    default:
+      return type.charAt(0).toUpperCase() + type.slice(1);
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Deterministic fallback
+// ---------------------------------------------------------------------------
+
+/**
+ * Build a deterministic fallback instruction when the LLM is unavailable.
+ */
+export function buildFallbackInstruction(params: {
+  contactName?: string;
+  channelLabel: string;
+  channelHandle?: string;
+  shareUrl?: string;
+}): string {
+  const contact = params.contactName || "the contact";
+  const handle = params.channelHandle
+    ? ` at ${params.channelHandle}`
+    : ` on ${params.channelLabel}`;
+  if (params.shareUrl) {
+    return `Send ${contact} this link: ${params.shareUrl} — or tell them to message me${handle} with the code below.`;
+  }
+  return `Tell ${contact} to message me${handle} with the code below.`;
+}
+
+// ---------------------------------------------------------------------------
+// LLM-powered generation
+// ---------------------------------------------------------------------------
+
+/**
+ * Generate an invite instruction via the configured LLM provider. Returns a
+ * deterministic fallback when the provider is unavailable, generation times
+ * out (5s), or the output fails validation.
+ */
+export async function generateInviteInstruction(params: {
+  contactName?: string;
+  channelType: string;
+  channelHandle?: string;
+  /** Whether a share URL is available (shown separately in the UI). */
+  hasShareUrl?: boolean;
+  /**
+   * Actual share URL for the deterministic fallback only. Never sent to the
+   * LLM — the URL contains the raw invite token which is a redemption
+   * credential.
+   */
+  shareUrl?: string;
+}): Promise<string> {
+  const channelLabel = channelDisplayLabel(params.channelType);
+  const fallback = buildFallbackInstruction({
+    contactName: params.contactName,
+    channelLabel,
+    channelHandle: params.channelHandle,
+    shareUrl: params.shareUrl,
+  });
+
+  const resolved = resolveConfiguredProvider();
+  if (!resolved) {
+    log.debug(
+      "No provider available for invite instruction generation, using fallback",
+    );
+    return fallback;
+  }
+
+  const { signal, cleanup } = createTimeout(GENERATION_TIMEOUT_MS);
+
+  try {
+    const parts: string[] = [
+      "Generate a 1–2 sentence instruction from the assistant's perspective telling the user how to invite a contact.",
+      "",
+      `Channel: ${channelLabel}`,
+    ];
+    if (params.contactName) {
+      parts.push(`Contact name: ${params.contactName}`);
+    }
+    if (params.channelHandle) {
+      parts.push(`Channel handle: ${params.channelHandle}`);
+    }
+    if (params.hasShareUrl) {
+      parts.push("A share link is available (displayed separately in the UI).");
+    } else {
+      parts.push(
+        "No share link is available for this channel. Do NOT mention sharing a link or URL.",
+      );
+    }
+    parts.push(
+      "",
+      "Requirements:",
+      '- Write from the assistant\'s perspective using first person ("message me"), NOT third person ("message the assistant").',
+      "- Do NOT include the invite code — it is displayed separately in the UI.",
+    );
+    if (params.hasShareUrl) {
+      parts.push(
+        "- When a share link is available, mention that the user can share the link.",
+      );
+    }
+    parts.push(
+      "- Keep the instruction concise (1–2 sentences, under 500 characters).",
+      '- Refer to the invite code as "the code below" since it is shown beneath this instruction.',
+      "",
+      "Respond with the instruction text only — no labels, no extra formatting.",
+    );
+
+    const prompt = parts.join("\n");
+
+    const response = await resolved.provider.sendMessage(
+      [userMessage(prompt)],
+      undefined,
+      undefined,
+      { signal, config: { modelIntent: "latency-optimized" } },
+    );
+
+    const text = extractText(response).trim();
+
+    if (!text || text.length > MAX_INSTRUCTION_LENGTH) {
+      log.warn(
+        { length: text.length },
+        "Generated invite instruction failed validation, using fallback",
+      );
+      return fallback;
+    }
+
+    return text;
+  } catch (err) {
+    if (signal.aborted) {
+      log.warn("Invite instruction generation timed out, using fallback");
+    } else {
+      log.warn({ err }, "Invite instruction generation failed, using fallback");
+    }
+    return fallback;
+  } finally {
+    cleanup();
+  }
+}

package/src/runtime/invite-service.ts

@@ -25,7 +25,11 @@ import {
 } from "../memory/invite-store.js";
 import { isValidE164 } from "../util/phone.js";
 import { generateVoiceCode, hashVoiceCode } from "../util/voice-code.js";
-import { getInviteAdapterRegistry } from "./channel-invite-transport.js";
+import {
+  getInviteAdapterRegistry,
+  resolveAdapterHandle,
+} from "./channel-invite-transport.js";
+import { generateInviteInstruction } from "./invite-instruction-generator.js";
 import {
   type InviteRedemptionOutcome,
   redeemInvite as redeemInviteTyped,
@@ -140,19 +144,19 @@ export type IngressResult<T> =
 // Invite operations
 // ---------------------------------------------------------------------------
 
-export function createIngressInvite(params: {
+export async function createIngressInvite(params: {
   sourceChannel?: string;
   note?: string;
   maxUses?: number;
   expiresInMs?: number;
-  // Contact display name for personalizing guardian instructions
+  // Contact display name for personalizing invite instructions
   contactName?: string;
   // Voice invite parameters
   expectedExternalUserId?: string;
   voiceCodeDigits?: number;
   friendName?: string;
   guardianName?: string;
-}): IngressResult<InviteResponseData> {
+}): Promise<IngressResult<InviteResponseData>> {
   if (!params.sourceChannel) {
     return { ok: false, error: "sourceChannel is required for create" };
   }
@@ -220,7 +224,7 @@ export function createIngressInvite(params: {
       : { inviteCodeHash }),
   });
 
-  // Build guardian instruction for non-voice invites
+  // Build invite instruction for non-voice invites via LLM generation
   let guardianInstruction: string | undefined;
   let channelHandle: string | undefined;
   if (!isVoice && inviteCode) {
@@ -230,27 +234,20 @@ export function createIngressInvite(params: {
     const adapter = channelId
       ? getInviteAdapterRegistry().get(channelId)
       : undefined;
-
-    if (adapter?.buildGuardianInstruction) {
-      try {
-        const adapterResult = adapter.buildGuardianInstruction({
-          inviteCode,
-          contactName: params.contactName,
-        });
-        if (adapterResult) {
-          guardianInstruction = adapterResult.instruction;
-          channelHandle = adapterResult.channelHandle;
-        }
-      } catch {
-        // Fall through to generic instruction if adapter fails
-      }
-    }
-
-    if (!guardianInstruction) {
-      const contactLabel = params.contactName || "the contact";
-      const channelLabel = params.sourceChannel;
-      guardianInstruction = `Tell ${contactLabel} to contact the assistant on ${channelLabel} and provide the code ${inviteCode}.`;
+    if (params.sourceChannel === "telegram") {
+      const { ensureTelegramBotUsernameResolved } =
+        await import("./channel-invite-transports/telegram.js");
+      await ensureTelegramBotUsernameResolved();
     }
+    channelHandle = adapter ? await resolveAdapterHandle(adapter) : undefined;
+    const share = buildSharePayload(params.sourceChannel, rawToken);
+    guardianInstruction = await generateInviteInstruction({
+      contactName: params.contactName,
+      channelType: params.sourceChannel,
+      channelHandle,
+      hasShareUrl: !!share?.url,
+      shareUrl: share?.url,
+    });
   }
 
   // Voice invites must not expose the token — callers must redeem via the

package/src/runtime/migrations/migration-transport.ts

@@ -40,6 +40,13 @@ export interface TransportConfig {
   authHeader?: string;
   /** Header name for auth. Defaults to "Authorization" for runtime, "X-Session-Token" for managed. */
   authHeaderName?: string;
+  /**
+   * Additional headers to include with every request.
+   * Merged after Content-Type but before auth-header injection,
+   * so an explicit auth header from the transport always wins
+   * over a same-named entry in defaultHeaders.
+   */
+  defaultHeaders?: Record<string, string>;
   /** Custom fetch implementation for testing or environments without global fetch. */
   fetchFn?: typeof fetch;
 }
@@ -277,6 +284,12 @@ function buildHeaders(
     headers["Content-Type"] = contentType;
   }
 
+  // Merge defaultHeaders after Content-Type but before auth injection
+  if (config.defaultHeaders) {
+    Object.assign(headers, config.defaultHeaders);
+  }
+
+  // Auth header is applied last so it always wins over defaultHeaders
   if (config.authHeader) {
     const headerName =
       config.authHeaderName ??

package/src/runtime/routes/app-routes.ts

@@ -167,7 +167,7 @@ export function handleDownloadSharedApp(shareToken: string): Response {
   return new Response(new Uint8Array(record.bundleData), {
     headers: {
       "Content-Type": "application/zip",
-      "Content-Disposition": 'attachment; filename="app.vellumapp"',
+      "Content-Disposition": 'attachment; filename="app.vellum"',
     },
   });
 }

package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts

@@ -11,6 +11,7 @@ import {
   type GuardianApprovalRequest,
 } from "../../../memory/channel-guardian-store.js";
 import { emitNotificationSignal } from "../../../notifications/emit-signal.js";
+import type { NotificationSourceChannel } from "../../../notifications/signal.js";
 import { getLogger } from "../../../util/logger.js";
 import { runApprovalConversationTurn } from "../../approval-conversation-turn.js";
 import { composeApprovalMessageGenerative } from "../../approval-message-composer.js";
@@ -791,7 +792,7 @@ async function handleAccessRequestApproval(
     // Emit both guardian_decision and denied signals so all lifecycle
     // observers are notified of the denial.
     const deniedPayload = {
-      sourceChannel: approval.channel,
+      sourceChannel: approval.channel as NotificationSourceChannel,
       requesterExternalUserId: approval.requesterExternalUserId,
       requesterChatId: approval.requesterChatId,
       decidedByExternalUserId,
@@ -800,7 +801,7 @@ async function handleAccessRequestApproval(
 
     void emitNotificationSignal({
       sourceEventName: "ingress.trusted_contact.guardian_decision",
-      sourceChannel: approval.channel,
+      sourceChannel: approval.channel as NotificationSourceChannel,
       sourceSessionId: approval.conversationId,
       attentionHints: {
         requiresAction: false,
@@ -814,7 +815,7 @@ async function handleAccessRequestApproval(
 
     void emitNotificationSignal({
       sourceEventName: "ingress.trusted_contact.denied",
-      sourceChannel: approval.channel,
+      sourceChannel: approval.channel as NotificationSourceChannel,
       sourceSessionId: approval.conversationId,
       attentionHints: {
         requiresAction: false,
@@ -882,7 +883,7 @@ async function handleAccessRequestApproval(
   if (!decisionResult.verificationSessionId) {
     void emitNotificationSignal({
       sourceEventName: "ingress.trusted_contact.guardian_decision",
-      sourceChannel: approval.channel,
+      sourceChannel: approval.channel as NotificationSourceChannel,
       sourceSessionId: approval.conversationId,
       attentionHints: {
         requiresAction: false,
@@ -891,7 +892,7 @@ async function handleAccessRequestApproval(
         visibleInSourceNow: false,
       },
       contextPayload: {
-        sourceChannel: approval.channel,
+        sourceChannel: approval.channel as NotificationSourceChannel,
         requesterExternalUserId: approval.requesterExternalUserId,
         requesterChatId: approval.requesterChatId,
         decidedByExternalUserId,
@@ -908,7 +909,7 @@ async function handleAccessRequestApproval(
   if (decisionResult.verificationSessionId && codeDelivered) {
     void emitNotificationSignal({
       sourceEventName: "ingress.trusted_contact.verification_sent",
-      sourceChannel: approval.channel,
+      sourceChannel: approval.channel as NotificationSourceChannel,
       sourceSessionId: approval.conversationId,
       attentionHints: {
         requiresAction: false,
@@ -917,7 +918,7 @@ async function handleAccessRequestApproval(
         visibleInSourceNow: true,
       },
       contextPayload: {
-        sourceChannel: approval.channel,
+        sourceChannel: approval.channel as NotificationSourceChannel,
         requesterExternalUserId: approval.requesterExternalUserId,
         requesterChatId: approval.requesterChatId,
         verificationSessionId: decisionResult.verificationSessionId,

package/src/runtime/routes/channel-readiness-routes.ts

@@ -7,7 +7,10 @@
 
 import type { ChannelId } from "../../channels/types.js";
 import { getReadinessService } from "../../daemon/handlers/config-channels.js";
-import { getInviteAdapterRegistry } from "../channel-invite-transport.js";
+import {
+  getInviteAdapterRegistry,
+  resolveAdapterHandle,
+} from "../channel-invite-transport.js";
 import type { RouteDefinition } from "../http-router.js";
 
 /**
@@ -18,16 +21,20 @@ import type { RouteDefinition } from "../http-router.js";
 export async function handleGetChannelReadiness(url: URL): Promise<Response> {
   const channel =
     (url.searchParams.get("channel") as ChannelId | null) ?? undefined;
-  const includeRemote = url.searchParams.get("includeRemote") === "true";
+  // Default to including remote checks — they're cached for 5 minutes and
+  // required for accurate readiness (e.g. email inbox existence).
+  const includeRemote = url.searchParams.get("includeRemote") !== "false";
 
   const service = getReadinessService();
   const snapshots = await service.getReadiness(channel, includeRemote);
   const adapterRegistry = getInviteAdapterRegistry();
 
-  return Response.json({
-    success: true,
-    snapshots: snapshots.map((s) => {
+  const enriched = await Promise.all(
+    snapshots.map(async (s) => {
       const adapter = adapterRegistry.get(s.channel);
+      const channelHandle = adapter
+        ? await resolveAdapterHandle(adapter)
+        : undefined;
       return {
         channel: s.channel,
         ready: s.ready,
@@ -36,9 +43,14 @@ export async function handleGetChannelReadiness(url: URL): Promise<Response> {
         reasons: s.reasons,
         localChecks: s.localChecks,
         remoteChecks: s.remoteChecks,
-        channelHandle: adapter?.resolveChannelHandle?.() ?? undefined,
+        channelHandle,
       };
     }),
+  );
+
+  return Response.json({
+    success: true,
+    snapshots: enriched,
   });
 }
 
@@ -66,14 +78,16 @@ export async function handleRefreshChannelReadiness(
 
   const snapshots = await service.getReadiness(
     body.channel,
-    body.includeRemote,
+    body.includeRemote ?? true,
   );
   const adapterRegistry = getInviteAdapterRegistry();
 
-  return Response.json({
-    success: true,
-    snapshots: snapshots.map((s) => {
+  const enriched = await Promise.all(
+    snapshots.map(async (s) => {
       const adapter = adapterRegistry.get(s.channel);
+      const channelHandle = adapter
+        ? await resolveAdapterHandle(adapter)
+        : undefined;
       return {
         channel: s.channel,
         ready: s.ready,
@@ -82,9 +96,14 @@ export async function handleRefreshChannelReadiness(
         reasons: s.reasons,
         localChecks: s.localChecks,
         remoteChecks: s.remoteChecks,
-        channelHandle: adapter?.resolveChannelHandle?.() ?? undefined,
+        channelHandle,
       };
     }),
+  );
+
+  return Response.json({
+    success: true,
+    snapshots: enriched,
   });
 }
 

package/src/runtime/routes/contact-routes.ts

@@ -1,12 +1,13 @@
 /**
  * Route handlers for contact management endpoints.
  *
- * GET   /v1/contacts              — list contacts
- * POST  /v1/contacts              — create or update a contact
- * GET   /v1/contacts/:id          — get a contact by ID
- * POST  /v1/contacts/merge        — merge two contacts
- * PATCH /v1/contacts/channels/:id — update a contact channel's status/policy
- * POST  /v1/contacts/:contactId/channels/:channelId/verify — initiate trusted contact verification
+ * GET    /v1/contacts              — list contacts
+ * POST   /v1/contacts              — create or update a contact
+ * GET    /v1/contacts/:id          — get a contact by ID
+ * DELETE /v1/contacts/:id          — delete a contact
+ * POST   /v1/contacts/merge        — merge two contacts
+ * PATCH  /v1/contact-channels/:contactChannelId — update a contact channel's status/policy
+ * POST   /v1/contact-channels/:contactChannelId/verify — initiate trusted contact verification
  */
 
 import { createHash, randomBytes } from "node:crypto";
@@ -14,6 +15,7 @@ import { createHash, randomBytes } from "node:crypto";
 import type { ChannelId } from "../../channels/types.js";
 import { resolveGuardianName } from "../../config/user-reference.js";
 import {
+  deleteContact,
   getAssistantContactMetadata,
   getChannelById,
   getContact,
@@ -25,7 +27,6 @@ import {
   upsertContact,
   validateSpeciesMetadata,
 } from "../../contacts/contact-store.js";
-import type { ContactChannel } from "../../contacts/types.js";
 import type {
   AssistantSpecies,
   ChannelPolicy,
@@ -143,6 +144,20 @@ export function handleGetContact(contactId: string): Response {
   });
 }
 
+/**
+ * DELETE /v1/contacts/:id
+ */
+export function handleDeleteContact(contactId: string): Response {
+  const result = deleteContact(contactId);
+  if (result === "not_found") {
+    return httpError("NOT_FOUND", `Contact "${contactId}" not found`, 404);
+  }
+  if (result === "is_guardian") {
+    return httpError("FORBIDDEN", "Cannot delete a guardian contact", 403);
+  }
+  return new Response(null, { status: 204 });
+}
+
 /**
  * POST /v1/contacts/merge { keepId, mergeId }
  */
@@ -339,7 +354,7 @@ export async function handleUpsertContact(req: Request): Promise<Response> {
 }
 
 /**
- * PATCH /v1/contacts/channels/:channelId { status?, policy?, reason? }
+ * PATCH /v1/contact-channels/:contactChannelId { status?, policy?, reason? }
  */
 export async function handleUpdateContactChannel(
   req: Request,
@@ -459,27 +474,32 @@ function getTelegramBotUsername(): string | undefined {
 }
 
 /**
- * POST /v1/contacts/:contactId/channels/:channelId/verify
+ * POST /v1/contact-channels/:contactChannelId/verify
  *
  * Initiate trusted contact verification for a specific channel. Sends a
  * verification code via SMS, Telegram, Slack, or voice and returns session
  * info so the client can track the verification flow.
  */
 export async function handleVerifyContactChannel(
-  contactId: string,
-  channelId: string,
+  contactChannelId: string,
   assistantId: string,
 ): Promise<Response> {
-  const contact = getContact(contactId);
-  if (!contact) {
-    return httpError("NOT_FOUND", `Contact "${contactId}" not found`, 404);
+  const channel = getChannelById(contactChannelId);
+  if (!channel) {
+    return httpError(
+      "NOT_FOUND",
+      `Channel "${contactChannelId}" not found`,
+      404,
+    );
   }
 
-  const channel: ContactChannel | undefined = contact.channels.find(
-    (ch) => ch.id === channelId,
-  );
-  if (!channel) {
-    return httpError("NOT_FOUND", `Channel "${channelId}" not found`, 404);
+  const contact = getContact(channel.contactId);
+  if (!contact) {
+    return httpError(
+      "NOT_FOUND",
+      `Contact "${channel.contactId}" not found`,
+      404,
+    );
   }
 
   // Already verified — no need to re-verify
@@ -605,6 +625,9 @@ export async function handleVerifyContactChannel(
     }
 
     // Telegram handle only (no chat ID): bootstrap flow
+    const { ensureTelegramBotUsernameResolved } =
+      await import("../channel-invite-transports/telegram.js");
+    await ensureTelegramBotUsernameResolved();
     const botUsername = getTelegramBotUsername();
     if (!botUsername) {
       return httpError(
@@ -713,20 +736,19 @@ export function contactRouteDefinitions(): RouteDefinition[] {
       handler: async ({ req }) => handleMergeContacts(req),
     },
     {
-      endpoint: "contacts/channels/:id",
+      endpoint: "contact-channels/:contactChannelId",
       method: "PATCH",
-      policyKey: "contacts/channels",
+      policyKey: "contact-channels",
       handler: async ({ req, params }) =>
-        handleUpdateContactChannel(req, params.id),
+        handleUpdateContactChannel(req, params.contactChannelId),
     },
     {
-      endpoint: "contacts/:contactId/channels/:channelId/verify",
+      endpoint: "contact-channels/:contactChannelId/verify",
       method: "POST",
-      policyKey: "contacts/channels",
+      policyKey: "contact-channels",
       handler: async ({ params, authContext }) =>
         handleVerifyContactChannel(
-          params.contactId,
-          params.channelId,
+          params.contactChannelId,
           authContext.assistantId,
         ),
     },
@@ -746,5 +768,11 @@ export function contactCatchAllRouteDefinitions(): RouteDefinition[] {
       policyKey: "contacts",
       handler: ({ params }) => handleGetContact(params.id),
     },
+    {
+      endpoint: "contacts/:id",
+      method: "DELETE",
+      policyKey: "contacts",
+      handler: ({ params }) => handleDeleteContact(params.id),
+    },
   ];
 }

package/src/runtime/routes/inbound-stages/bootstrap-intercept.ts

@@ -13,7 +13,6 @@
  */
 import type { ChannelId } from "../../../channels/types.js";
 import { getGatewayInternalBaseUrl } from "../../../config/env.js";
-import { RESEND_COOLDOWN_MS } from "../../../daemon/handlers/config-channels.js";
 import { getLogger } from "../../../util/logger.js";
 import { mintDaemonDeliveryToken } from "../../auth/token-service.js";
 import {
@@ -23,6 +22,7 @@ import {
   updateSessionDelivery,
   updateSessionStatus,
 } from "../../channel-guardian-service.js";
+import { RESEND_COOLDOWN_MS } from "../../guardian-outbound-actions.js";
 import {
   composeVerificationTelegram,
   GUARDIAN_VERIFY_TEMPLATE_KEYS,

package/src/runtime/routes/inbound-stages/escalation-intercept.ts

@@ -11,6 +11,7 @@ import type { ChannelId, InterfaceId } from "../../../channels/types.js";
 import { createCanonicalGuardianRequest } from "../../../memory/canonical-guardian-store.js";
 import * as channelDeliveryStore from "../../../memory/channel-delivery-store.js";
 import { emitNotificationSignal } from "../../../notifications/emit-signal.js";
+import type { NotificationSourceChannel } from "../../../notifications/signal.js";
 import { getLogger } from "../../../util/logger.js";
 import { getGuardianBinding } from "../../channel-guardian-service.js";
 import { GUARDIAN_APPROVAL_TTL_MS } from "../channel-route-shared.js";
@@ -132,7 +133,7 @@ export function handleEscalationIntercept(
   // channels, supplementing the direct guardian notification below.
   void emitNotificationSignal({
     sourceEventName: "ingress.escalation",
-    sourceChannel,
+    sourceChannel: sourceChannel as NotificationSourceChannel,
     sourceSessionId: conversationId,
     attentionHints: {
       requiresAction: true,

package/src/runtime/routes/inbound-stages/verification-intercept.ts

@@ -22,6 +22,7 @@ import {
 } from "../../../contacts/contacts-write.js";
 import * as channelDeliveryStore from "../../../memory/channel-delivery-store.js";
 import { emitNotificationSignal } from "../../../notifications/emit-signal.js";
+import type { NotificationSourceChannel } from "../../../notifications/signal.js";
 import { canonicalizeInboundIdentity } from "../../../util/canonicalize-identity.js";
 import { getLogger } from "../../../util/logger.js";
 import {
@@ -230,7 +231,7 @@ export async function handleVerificationIntercept(
     if (verifyResult.verificationType === "trusted_contact") {
       void emitNotificationSignal({
         sourceEventName: "ingress.trusted_contact.activated",
-        sourceChannel,
+        sourceChannel: sourceChannel as NotificationSourceChannel,
         sourceSessionId: conversationId,
         attentionHints: {
           requiresAction: false,

package/src/runtime/routes/integration-routes.ts

@@ -235,7 +235,7 @@ export async function handleStartOutbound(req: Request): Promise<Response> {
     );
   }
 
-  const result = startOutbound({
+  const result = await startOutbound({
     channel: body.channel,
     destination: body.destination,
     rebind: body.rebind,