npm - @vellumai/assistant - Versions diffs - 0.4.37 → 0.4.41 - Mend

@vellumai/assistant 0.4.37 → 0.4.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/ARCHITECTURE.md +3 -3
package/README.md +13 -13
package/bun.lock +80 -24
package/docs/architecture/integrations.md +126 -128
package/docs/runbook-trusted-contacts.md +1 -1
package/docs/trusted-contact-access.md +12 -12
package/package.json +3 -1
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +0 -14
package/src/__tests__/app-bundler.test.ts +209 -0
package/src/__tests__/app-compiler.test.ts +279 -0
package/src/__tests__/app-executors.test.ts +293 -483
package/src/__tests__/app-migration.test.ts +148 -0
package/src/__tests__/app-routes-csp.test.ts +202 -0
package/src/__tests__/avatar-e2e.test.ts +452 -0
package/src/__tests__/avatar-generator.test.ts +193 -0
package/src/__tests__/avatar-router.test.ts +186 -0
package/src/__tests__/browser-download-timeout.test.ts +28 -0
package/src/__tests__/bundled-skill-retrieval-guard.test.ts +9 -9
package/src/__tests__/call-domain.test.ts +3 -7
package/src/__tests__/credential-security-e2e.test.ts +19 -12
package/src/__tests__/credentials-cli.test.ts +30 -4
package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +1 -1
package/src/__tests__/handlers-slack-config.test.ts +0 -72
package/src/__tests__/handlers-telegram-config.test.ts +19 -12
package/src/__tests__/handlers-twitter-config.test.ts +105 -48
package/src/__tests__/inbound-invite-redemption.test.ts +4 -4
package/src/__tests__/integration-status.test.ts +15 -5
package/src/__tests__/integrations-cli.test.ts +1 -1
package/src/__tests__/invite-redemption-service.test.ts +62 -7
package/src/__tests__/ipc-snapshot.test.ts +0 -8
package/src/__tests__/managed-avatar-client.test.ts +280 -0
package/src/__tests__/mcp-cli.test.ts +3 -3
package/src/__tests__/oauth-cli.test.ts +203 -0
package/src/__tests__/relay-server.test.ts +3 -3
package/src/__tests__/secret-onetime-send.test.ts +19 -12
package/src/__tests__/secure-keys.test.ts +78 -0
package/src/__tests__/session-messaging-secret-redirect.test.ts +3 -0
package/src/__tests__/slack-channel-config.test.ts +23 -16
package/src/__tests__/slack-share-routes.test.ts +263 -0
package/src/__tests__/sms-messaging-provider.test.ts +3 -1
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +7 -7
package/src/__tests__/trusted-contact-multichannel.test.ts +3 -3
package/src/__tests__/trusted-contact-verification.test.ts +10 -10
package/src/__tests__/twilio-config.test.ts +15 -36
package/src/__tests__/twilio-provider.test.ts +4 -0
package/src/__tests__/twitter-auth-handler.test.ts +27 -14
package/src/__tests__/twitter-cli-error-shaping.test.ts +1 -1
package/src/__tests__/twitter-cli-routing.test.ts +38 -53
package/src/__tests__/twitter-oauth-client.test.ts +18 -47
package/src/__tests__/voice-invite-redemption.test.ts +27 -3
package/src/amazon/cart.ts +1 -1
package/src/amazon/client.ts +89 -7
package/src/approvals/guardian-request-resolvers.ts +2 -2
package/src/bundler/app-bundler.ts +77 -32
package/src/bundler/app-compiler.ts +195 -0
package/src/bundler/manifest.ts +1 -1
package/src/bundler/package-resolver.ts +185 -0
package/src/calls/call-domain.ts +4 -14
package/src/calls/relay-server.ts +2 -2
package/src/calls/twilio-config.ts +5 -24
package/src/calls/twilio-rest.ts +19 -5
package/src/cli/amazon.ts +74 -249
package/src/cli/audit.ts +2 -2
package/src/cli/autonomy.ts +9 -9
package/src/cli/channels.ts +5 -5
package/src/cli/completions.ts +27 -27
package/src/cli/config.ts +14 -14
package/src/cli/contacts.ts +27 -27
package/src/cli/credentials.ts +28 -28
package/src/cli/dev.ts +2 -2
package/src/cli/doctor.ts +2 -2
package/src/cli/email.ts +82 -82
package/src/cli/influencer.ts +13 -13
package/src/cli/integrations.ts +19 -144
package/src/cli/keys.ts +10 -10
package/src/cli/map.ts +4 -4
package/src/cli/mcp.ts +17 -17
package/src/cli/memory.ts +18 -18
package/src/cli/notifications.ts +13 -13
package/src/cli/oauth.ts +77 -0
package/src/cli/program.ts +2 -0
package/src/cli/sequence.ts +27 -27
package/src/cli/sessions.ts +12 -12
package/src/cli/trust.ts +8 -8
package/src/cli/twitter.ts +124 -70
package/src/config/bundled-skills/_shared/CLI_RETRIEVAL_PATTERN.md +1 -1
package/src/config/bundled-skills/agentmail/SKILL.md +34 -34
package/src/config/bundled-skills/amazon/SKILL.md +54 -54
package/src/config/bundled-skills/app-builder/SKILL.md +137 -3
package/src/config/bundled-skills/app-builder/tools/app-create.ts +10 -4
package/src/config/bundled-skills/configure-settings/SKILL.md +18 -18
package/src/config/bundled-skills/contacts/SKILL.md +12 -12
package/src/config/bundled-skills/doordash/lib/client.ts +7 -9
package/src/config/bundled-skills/email-setup/SKILL.md +4 -4
package/src/config/bundled-skills/frontend-design/icon.svg +16 -0
package/src/config/bundled-skills/google-oauth-setup/SKILL.md +143 -162
package/src/config/bundled-skills/guardian-verify-setup/SKILL.md +4 -4
package/src/config/bundled-skills/influencer/SKILL.md +13 -13
package/src/config/bundled-skills/mcp-setup/SKILL.md +11 -11
package/src/config/bundled-skills/phone-calls/SKILL.md +48 -54
package/src/config/bundled-skills/public-ingress/SKILL.md +6 -6
package/src/config/bundled-skills/slack-app-setup/SKILL.md +1 -1
package/src/config/bundled-skills/sms-setup/SKILL.md +3 -3
package/src/config/bundled-skills/telegram-setup/SKILL.md +2 -2
package/src/config/bundled-skills/twilio-setup/SKILL.md +136 -225
package/src/config/bundled-skills/twitter/SKILL.md +68 -44
package/src/config/bundled-skills/voice-setup/SKILL.md +2 -2
package/src/config/core-schema.ts +26 -0
package/src/config/env.ts +4 -0
package/src/config/feature-flag-registry.json +9 -1
package/src/config/schema.ts +8 -0
package/src/config/system-prompt.ts +6 -3
package/src/config/templates/BOOTSTRAP.md +7 -5
package/src/contacts/contacts-write.ts +5 -1
package/src/daemon/handlers/apps.ts +31 -4
package/src/daemon/handlers/config-ingress.ts +3 -3
package/src/daemon/handlers/config-integrations.ts +120 -49
package/src/daemon/handlers/config-slack-channel.ts +26 -7
package/src/daemon/handlers/config-slack.ts +1 -54
package/src/daemon/handlers/config-telegram.ts +28 -10
package/src/daemon/handlers/config.ts +1 -4
package/src/daemon/handlers/twitter-auth.ts +11 -4
package/src/daemon/ipc-contract/apps.ts +0 -13
package/src/daemon/ipc-contract-inventory.json +0 -2
package/src/daemon/lifecycle.ts +8 -1
package/src/daemon/session-messaging.ts +2 -2
package/src/daemon/tool-side-effects.ts +30 -0
package/src/email/providers/agentmail.ts +1 -1
package/src/email/providers/index.ts +1 -1
package/src/email/service.ts +1 -1
package/src/gallery/default-gallery.ts +538 -0
package/src/gallery/gallery-manifest.ts +5 -1
package/src/influencer/client.ts +8 -6
package/src/mcp/client.ts +1 -1
package/src/media/avatar-router.ts +99 -0
package/src/media/avatar-types.ts +60 -0
package/src/media/managed-avatar-client.ts +189 -0
package/src/memory/app-migration.ts +114 -0
package/src/memory/app-store.ts +11 -0
package/src/memory/qdrant-client.ts +1 -1
package/src/messaging/providers/slack/client.ts +12 -2
package/src/messaging/providers/sms/adapter.ts +6 -10
package/src/migrations/data-layout.ts +8 -1
package/src/oauth/token-persistence.ts +9 -6
package/src/runtime/assistant-scope.ts +5 -0
package/src/runtime/auth/route-policy.ts +4 -0
package/src/runtime/channel-readiness-service.ts +9 -4
package/src/runtime/gateway-internal-client.ts +11 -3
package/src/runtime/http-server.ts +2 -0
package/src/runtime/invite-redemption-service.ts +23 -13
package/src/runtime/middleware/twilio-validation.ts +2 -2
package/src/runtime/routes/app-routes.ts +131 -3
package/src/runtime/routes/inbound-stages/verification-intercept.ts +3 -3
package/src/runtime/routes/integration-routes.ts +2 -2
package/src/runtime/routes/slack-share-routes.ts +235 -0
package/src/runtime/routes/twilio-routes.ts +47 -34
package/src/schedule/integration-status.ts +2 -3
package/src/security/token-manager.ts +11 -3
package/src/tools/apps/executors.ts +116 -8
package/src/tools/browser/browser-manager.ts +30 -2
package/src/tools/browser/chrome-cdp.ts +31 -3
package/src/tools/credentials/vault.ts +9 -7
package/src/tools/executor.ts +4 -0
package/src/tools/system/avatar-generator.ts +55 -34
package/src/twitter/client.ts +1 -1
package/src/twitter/oauth-client.ts +31 -43
package/src/twitter/router.ts +25 -23
package/src/util/platform.ts +5 -0
package/src/slack/slack-webhook.ts +0 -66

package/src/__tests__/handlers-twitter-config.test.ts CHANGED Viewed

@@ -10,18 +10,49 @@ const testDir = mkdtempSync(join(tmpdir(), "handlers-twitter-cfg-test-"));
 let rawConfigStore: Record<string, unknown> = {};
 const saveRawConfigCalls: Record<string, unknown>[] = [];
+function getNestedValue(obj: Record<string, unknown>, path: string): unknown {
+  const keys = path.split(".");
+  let current: unknown = obj;
+  for (const key of keys) {
+    if (current == null || typeof current !== "object") {
+      return undefined;
+    }
+    current = (current as Record<string, unknown>)[key];
+  }
+  return current;
+}
+function setNestedValue(
+  obj: Record<string, unknown>,
+  path: string,
+  value: unknown,
+): void {
+  const keys = path.split(".");
+  let current = obj;
+  for (let i = 0; i < keys.length - 1; i++) {
+    const key = keys[i]!;
+    if (current[key] == null || typeof current[key] !== "object") {
+      current[key] = {};
+    }
+    current = current[key] as Record<string, unknown>;
+  }
+  current[keys[keys.length - 1]!] = value;
+}
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     ui: {},
   }),
   loadConfig: () => ({}),
-  loadRawConfig: () => ({ ...rawConfigStore }),
+  loadRawConfig: () => structuredClone(rawConfigStore),
   saveRawConfig: (cfg: Record<string, unknown>) => {
     saveRawConfigCalls.push(cfg);
-    rawConfigStore = { ...cfg };
+    rawConfigStore = structuredClone(cfg);
   },
   saveConfig: () => {},
   invalidateConfigCache: () => {},
+  getNestedValue,
+  setNestedValue,
 }));
 mock.module("../util/platform.js", () => ({
@@ -61,20 +92,27 @@ let secureKeyStore: Record<string, string> = {};
 let setSecureKeyOverride: ((account: string, value: string) => boolean) | null =
   null;
+function syncSet(account: string, value: string): boolean {
+  if (setSecureKeyOverride) return setSecureKeyOverride(account, value);
+  secureKeyStore[account] = value;
+  return true;
+}
+function syncDelete(account: string): "deleted" | "not-found" {
+  if (account in secureKeyStore) {
+    delete secureKeyStore[account];
+    return "deleted";
+  }
+  return "not-found";
+}
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (account: string) => secureKeyStore[account] ?? undefined,
-  setSecureKey: (account: string, value: string) => {
-    if (setSecureKeyOverride) return setSecureKeyOverride(account, value);
-    secureKeyStore[account] = value;
-    return true;
-  },
-  deleteSecureKey: (account: string) => {
-    if (account in secureKeyStore) {
-      delete secureKeyStore[account];
-      return "deleted";
-    }
-    return "not-found";
-  },
+  setSecureKey: syncSet,
+  deleteSecureKey: syncDelete,
+  setSecureKeyAsync: async (account: string, value: string) =>
+    syncSet(account, value),
+  deleteSecureKeyAsync: async (account: string) => syncDelete(account),
   listSecureKeys: () => Object.keys(secureKeyStore),
   getBackendType: () => "encrypted",
   isDowngradedFromKeychain: () => false,
@@ -134,11 +172,26 @@ mock.module("../tools/credentials/metadata-store.js", () => ({
 import { handleMessage, type HandlerContext } from "../daemon/handlers.js";
 import type {
+  ClientMessage,
   ServerMessage,
   TwitterIntegrationConfigRequest,
 } from "../daemon/ipc-contract.js";
 import { DebouncerMap } from "../util/debounce.js";
+/**
+ * Wrapper around handleMessage that flushes the microtask queue so async
+ * handlers complete before assertions run. handleMessage() returns void
+ * and swallows the promise, so we need a macrotask tick to settle.
+ */
+async function handleMessageAsync(
+  msg: ClientMessage,
+  socket: net.Socket,
+  ctx: HandlerContext,
+): Promise<void> {
+  handleMessage(msg, socket, ctx);
+  await new Promise<void>((r) => setTimeout(r, 0));
+}
 function createTestContext(): { ctx: HandlerContext; sent: ServerMessage[] } {
   const sent: ServerMessage[] = [];
   const ctx: HandlerContext = {
@@ -203,7 +256,7 @@ describe("Twitter integration config handler", () => {
   });
   test("get action returns correct status when configured and connected", () => {
-    rawConfigStore = { twitterIntegrationMode: "local_byo" };
+    rawConfigStore = { twitter: { integrationMode: "local_byo" } };
     secureKeyStore["credential:integration:twitter:oauth_client_id"] =
       "test-client-id";
     secureKeyStore["credential:integration:twitter:access_token"] =
@@ -256,10 +309,12 @@ describe("Twitter integration config handler", () => {
     expect(res.mode).toBe("managed");
     expect(saveRawConfigCalls).toHaveLength(1);
-    expect(saveRawConfigCalls[0]!.twitterIntegrationMode).toBe("managed");
+    expect(
+      getNestedValue(saveRawConfigCalls[0]!, "twitter.integrationMode"),
+    ).toBe("managed");
   });
-  test("set_local_client stores credentials in secure storage", () => {
+  test("set_local_client stores credentials in secure storage", async () => {
     const msg: TwitterIntegrationConfigRequest = {
       type: "twitter_integration_config",
       action: "set_local_client",
@@ -268,7 +323,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -288,14 +343,14 @@ describe("Twitter integration config handler", () => {
     ).toBe("my-client-secret");
   });
-  test("set_local_client without clientId returns error", () => {
+  test("set_local_client without clientId returns error", async () => {
     const msg: TwitterIntegrationConfigRequest = {
       type: "twitter_integration_config",
       action: "set_local_client",
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as { type: string; success: boolean; error: string };
@@ -303,7 +358,7 @@ describe("Twitter integration config handler", () => {
     expect(res.error).toContain("clientId is required");
   });
-  test("clear_local_client removes credentials", () => {
+  test("clear_local_client removes credentials", async () => {
     secureKeyStore["credential:integration:twitter:oauth_client_id"] =
       "my-client-id";
     secureKeyStore["credential:integration:twitter:oauth_client_secret"] =
@@ -315,7 +370,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -336,7 +391,7 @@ describe("Twitter integration config handler", () => {
     ).toBeUndefined();
   });
-  test("clear_local_client also disconnects if connected", () => {
+  test("clear_local_client also disconnects if connected", async () => {
     secureKeyStore["credential:integration:twitter:oauth_client_id"] =
       "my-client-id";
     secureKeyStore["credential:integration:twitter:access_token"] =
@@ -355,7 +410,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -378,7 +433,7 @@ describe("Twitter integration config handler", () => {
     });
   });
-  test("disconnect removes tokens and metadata", () => {
+  test("disconnect removes tokens and metadata", async () => {
     secureKeyStore["credential:integration:twitter:oauth_client_id"] =
       "my-client-id";
     secureKeyStore["credential:integration:twitter:access_token"] =
@@ -397,7 +452,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -426,7 +481,7 @@ describe("Twitter integration config handler", () => {
     });
   });
-  test("set_local_client returns error when setSecureKey fails for client ID", () => {
+  test("set_local_client returns error when setSecureKey fails for client ID", async () => {
     // Override setSecureKey to return false (storage unavailable, not throwing)
     setSecureKeyOverride = () => false;
@@ -438,7 +493,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -453,7 +508,7 @@ describe("Twitter integration config handler", () => {
     expect(res.error).toContain("Failed to store client ID");
   });
-  test("set_local_client returns error when setSecureKey fails for client secret", () => {
+  test("set_local_client returns error when setSecureKey fails for client secret", async () => {
     // Override setSecureKey to fail only for the secret
     setSecureKeyOverride = (account: string, value: string) => {
       if (account.includes("client_secret")) return false;
@@ -469,7 +524,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -484,7 +539,7 @@ describe("Twitter integration config handler", () => {
     expect(res.error).toContain("Failed to store client secret");
   });
-  test("set_local_client without secret clears stale secret", () => {
+  test("set_local_client without secret clears stale secret", async () => {
     // Pre-populate an old client secret
     secureKeyStore["credential:integration:twitter:oauth_client_id"] = "old-id";
     secureKeyStore["credential:integration:twitter:oauth_client_secret"] =
@@ -497,7 +552,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -576,7 +631,7 @@ describe("Twitter integration config handler", () => {
     expect((sent4[0] as { mode: string }).mode).toBe("local_byo");
   });
-  test("set_local_client with only clientId (no secret)", () => {
+  test("set_local_client with only clientId (no secret)", async () => {
     const msg: TwitterIntegrationConfigRequest = {
       type: "twitter_integration_config",
       action: "set_local_client",
@@ -584,7 +639,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -604,7 +659,7 @@ describe("Twitter integration config handler", () => {
     ).toBeUndefined();
   });
-  test("set_local_client overwrites existing credentials", () => {
+  test("set_local_client overwrites existing credentials", async () => {
     // Set initial credentials
     secureKeyStore["credential:integration:twitter:oauth_client_id"] = "old-id";
     secureKeyStore["credential:integration:twitter:oauth_client_secret"] =
@@ -618,7 +673,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -638,7 +693,7 @@ describe("Twitter integration config handler", () => {
     ).toBe("new-secret");
   });
-  test("clear_local_client when no credentials exist (idempotent)", () => {
+  test("clear_local_client when no credentials exist (idempotent)", async () => {
     // No credentials set at all
     const msg: TwitterIntegrationConfigRequest = {
       type: "twitter_integration_config",
@@ -646,7 +701,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -661,7 +716,7 @@ describe("Twitter integration config handler", () => {
     expect(res.connected).toBe(false);
   });
-  test("disconnect when not connected (idempotent) preserves client credentials", () => {
+  test("disconnect when not connected (idempotent) preserves client credentials", async () => {
     // Only client credentials, no access token
     secureKeyStore["credential:integration:twitter:oauth_client_id"] =
       "my-client-id";
@@ -674,7 +729,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -696,7 +751,7 @@ describe("Twitter integration config handler", () => {
     ).toBe("my-client-secret");
   });
-  test("disconnect preserves client credentials when access token exists", () => {
+  test("disconnect preserves client credentials when access token exists", async () => {
     // Set up both client credentials and tokens
     secureKeyStore["credential:integration:twitter:oauth_client_id"] =
       "my-client-id";
@@ -718,7 +773,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -752,7 +807,7 @@ describe("Twitter integration config handler", () => {
     });
   });
-  test("clear_local_client cascades to remove tokens and metadata", () => {
+  test("clear_local_client cascades to remove tokens and metadata", async () => {
     // Set up client credentials, tokens, and metadata
     secureKeyStore["credential:integration:twitter:oauth_client_id"] =
       "my-client-id";
@@ -774,7 +829,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as {
@@ -860,7 +915,7 @@ describe("Twitter integration config handler", () => {
     expect(res.connected).toBe(false);
   });
-  test("error in secure storage throws and returns error response", () => {
+  test("error in secure storage throws and returns error response", async () => {
     // Override setSecureKey to throw an error, simulating a storage failure
     setSecureKeyOverride = () => {
       throw new Error("Keychain access denied");
@@ -874,7 +929,7 @@ describe("Twitter integration config handler", () => {
     };
     const { ctx, sent } = createTestContext();
-    handleMessage(msg, {} as net.Socket, ctx);
+    await handleMessageAsync(msg, {} as net.Socket, ctx);
     expect(sent).toHaveLength(1);
     const res = sent[0] as { type: string; success: boolean; error?: string };
@@ -984,7 +1039,9 @@ describe("Twitter integration config handler", () => {
     // Verify persistence via saveRawConfig
     expect(saveRawConfigCalls.length).toBeGreaterThan(0);
     const lastSaved = saveRawConfigCalls[saveRawConfigCalls.length - 1]!;
-    expect(lastSaved.twitterOperationStrategy).toBe("oauth");
+    expect(getNestedValue(lastSaved, "twitter.operationStrategy")).toBe(
+      "oauth",
+    );
   });
   test("set_strategy with invalid value returns error", () => {
@@ -1022,7 +1079,7 @@ describe("Twitter integration config handler", () => {
   test("get action includes strategy field with strategyConfigured=true when set", () => {
     // Set a specific strategy first
-    rawConfigStore = { twitterOperationStrategy: "browser" };
+    rawConfigStore = { twitter: { operationStrategy: "browser" } };
     const msg: TwitterIntegrationConfigRequest = {
       type: "twitter_integration_config",

package/src/__tests__/inbound-invite-redemption.test.ts CHANGED Viewed

@@ -87,7 +87,7 @@ mock.module("../runtime/approval-message-composer.js", () => ({
 }));
 import { findContactChannel } from "../contacts/contact-store.js";
-import { upsertMember } from "../contacts/contacts-write.js";
+import { upsertContactChannel } from "../contacts/contacts-write.js";
 import { getDb, initializeDb, resetDb } from "../memory/db.js";
 import { createInvite, revokeInvite } from "../memory/invite-store.js";
 import { handleChannelInbound } from "../runtime/routes/channel-routes.js";
@@ -328,7 +328,7 @@ describe("inbound invite redemption intercept", () => {
   test("existing active member sending normal message is unaffected", async () => {
     // Pre-create an active member
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "user-active-member",
       externalChatId: "chat-active",
@@ -377,7 +377,7 @@ describe("inbound invite redemption intercept", () => {
     });
     // Pre-create an active member that will click the invite link
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "user-already-active",
       externalChatId: "chat-invite-test",
@@ -403,7 +403,7 @@ describe("inbound invite redemption intercept", () => {
       maxUses: 5,
     });
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "user-invite-123",
       externalChatId: "chat-invite-test",

package/src/__tests__/integration-status.test.ts CHANGED Viewed

@@ -1,17 +1,27 @@
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 const secureKeyValues = new Map<string, string>();
+let mockTwilioAccountSid: string | undefined;
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (account: string) => secureKeyValues.get(account),
 }));
+mock.module("../config/loader.js", () => ({
+  loadConfig: () => ({
+    twilio: mockTwilioAccountSid
+      ? { accountSid: mockTwilioAccountSid }
+      : undefined,
+  }),
+}));
 const { getIntegrationSummary, formatIntegrationSummary, hasCapability } =
   await import("../schedule/integration-status.js");
 describe("integration-status", () => {
   beforeEach(() => {
     secureKeyValues.clear();
+    mockTwilioAccountSid = undefined;
   });
   describe("getIntegrationSummary", () => {
@@ -30,7 +40,7 @@ describe("integration-status", () => {
       secureKeyValues.set("credential:integration:gmail:access_token", "tok");
       secureKeyValues.set("credential:integration:twitter:access_token", "tok");
       secureKeyValues.set("credential:integration:slack:access_token", "tok");
-      secureKeyValues.set("credential:twilio:account_sid", "sid");
+      mockTwilioAccountSid = "sid";
       secureKeyValues.set("credential:twilio:auth_token", "auth");
       secureKeyValues.set("credential:telegram:bot_token", "tok");
       secureKeyValues.set("credential:telegram:webhook_secret", "secret");
@@ -42,7 +52,7 @@ describe("integration-status", () => {
     });
     test("returns mixed status", () => {
-      secureKeyValues.set("credential:twilio:account_sid", "sid");
+      mockTwilioAccountSid = "sid";
       secureKeyValues.set("credential:twilio:auth_token", "auth");
       secureKeyValues.set("credential:telegram:bot_token", "tok");
       secureKeyValues.set("credential:telegram:webhook_secret", "secret");
@@ -67,7 +77,7 @@ describe("integration-status", () => {
     });
     test("SMS disconnected when only account_sid is set (missing auth_token)", () => {
-      secureKeyValues.set("credential:twilio:account_sid", "sid");
+      mockTwilioAccountSid = "sid";
       const summary = getIntegrationSummary();
       const sms = summary.find((s: { name: string }) => s.name === "SMS");
@@ -87,7 +97,7 @@ describe("integration-status", () => {
   describe("formatIntegrationSummary", () => {
     test("shows checkmarks and crosses", () => {
-      secureKeyValues.set("credential:twilio:account_sid", "sid");
+      mockTwilioAccountSid = "sid";
       secureKeyValues.set("credential:twilio:auth_token", "auth");
       secureKeyValues.set("credential:telegram:bot_token", "tok");
       secureKeyValues.set("credential:telegram:webhook_secret", "secret");
@@ -109,7 +119,7 @@ describe("integration-status", () => {
       secureKeyValues.set("credential:integration:gmail:access_token", "tok");
       secureKeyValues.set("credential:integration:twitter:access_token", "tok");
       secureKeyValues.set("credential:integration:slack:access_token", "tok");
-      secureKeyValues.set("credential:twilio:account_sid", "sid");
+      mockTwilioAccountSid = "sid";
       secureKeyValues.set("credential:twilio:auth_token", "auth");
       secureKeyValues.set("credential:telegram:bot_token", "tok");
       secureKeyValues.set("credential:telegram:webhook_secret", "secret");

package/src/__tests__/integrations-cli.test.ts CHANGED Viewed

@@ -94,7 +94,7 @@ async function runCli(
   };
 }
-describe("vellum integrations CLI", () => {
+describe("assistant integrations CLI", () => {
   beforeEach(() => {
     gatewayBase = "http://gateway.test";
     signingKeyInitialized = false;

package/src/__tests__/invite-redemption-service.test.ts CHANGED Viewed

@@ -24,7 +24,8 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
-import { upsertMember } from "../contacts/contacts-write.js";
+import { findContactChannel } from "../contacts/contact-store.js";
+import { upsertContactChannel } from "../contacts/contacts-write.js";
 import { getSqlite, initializeDb, resetDb } from "../memory/db.js";
 import {
   createInvite,
@@ -33,7 +34,9 @@ import {
 import {
   type InviteRedemptionOutcome,
   redeemInvite,
+  redeemInviteByCode,
 } from "../runtime/invite-redemption-service.js";
+import { hashVoiceCode } from "../util/voice-code.js";
 initializeDb();
@@ -76,6 +79,58 @@ describe("invite-redemption-service", () => {
     });
   });
+  test("marks channel as verified via invite on redemption", () => {
+    const { rawToken } = createInvite({
+      sourceChannel: "telegram",
+      maxUses: 1,
+    });
+    const outcome = redeemInvite({
+      rawToken,
+      sourceChannel: "telegram",
+      externalUserId: "user-1",
+    });
+    expect(outcome.ok).toBe(true);
+    const result = findContactChannel({
+      channelType: "telegram",
+      externalUserId: "user-1",
+    });
+    expect(result).not.toBeNull();
+    expect(result!.channel.verifiedAt).toBeGreaterThan(0);
+    expect(result!.channel.verifiedVia).toBe("invite");
+    expect(result!.channel.status).toBe("active");
+  });
+  test("marks channel as verified via invite on 6-digit code redemption", () => {
+    const inviteCode = "123456";
+    createInvite({
+      sourceChannel: "telegram",
+      maxUses: 1,
+      inviteCodeHash: hashVoiceCode(inviteCode),
+    });
+    const outcome = redeemInviteByCode({
+      code: inviteCode,
+      sourceChannel: "telegram",
+      externalUserId: "code-user-1",
+    });
+    expect(outcome.ok).toBe(true);
+    const result = findContactChannel({
+      channelType: "telegram",
+      externalUserId: "code-user-1",
+    });
+    expect(result).not.toBeNull();
+    expect(result!.channel.verifiedAt).toBeGreaterThan(0);
+    expect(result!.channel.verifiedVia).toBe("invite");
+    expect(result!.channel.status).toBe("active");
+  });
   test("returns invalid_token for a bogus token", () => {
     const outcome = redeemInvite({
       rawToken: "totally-bogus-token",
@@ -179,7 +234,7 @@ describe("invite-redemption-service", () => {
     });
     // Pre-create an active member
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "existing-user",
       status: "active",
@@ -209,7 +264,7 @@ describe("invite-redemption-service", () => {
     });
     // Pre-create a blocked member — simulates a guardian-initiated block
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "blocked-user",
       status: "blocked",
@@ -231,7 +286,7 @@ describe("invite-redemption-service", () => {
     });
     // Pre-create a revoked member
-    const member = upsertMember({
+    const member = upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "revoked-user",
       status: "revoked",
@@ -282,7 +337,7 @@ describe("invite-redemption-service", () => {
   test("returns invalid_token for an active member with a bogus token (no membership probing)", () => {
     // Pre-create an active member
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "probed-user",
       status: "active",
@@ -307,7 +362,7 @@ describe("invite-redemption-service", () => {
     });
     // Pre-create an active member
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "expired-token-user",
       status: "active",
@@ -331,7 +386,7 @@ describe("invite-redemption-service", () => {
     });
     // Pre-create an active member on telegram
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "cross-channel-user",
       status: "active",

package/src/__tests__/ipc-snapshot.test.ts CHANGED Viewed

@@ -398,10 +398,6 @@ const clientMessages: Record<ClientMessageType, ClientMessage> = {
     type: "share_app_cloud",
     appId: "app-001",
   },
-  share_to_slack: {
-    type: "share_to_slack",
-    appId: "app-001",
-  },
   slack_webhook_config: {
     type: "slack_webhook_config",
     action: "get",
@@ -1450,10 +1446,6 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
     shareToken: "abc123def456",
     shareUrl: "http://localhost:7821/v1/apps/shared/abc123def456",
   },
-  share_to_slack_response: {
-    type: "share_to_slack_response",
-    success: true,
-  },
   slack_webhook_config_response: {
     type: "slack_webhook_config_response",
     webhookUrl: "https://hooks.slack.com/services/T00/B00/xxx",