npm - @vellumai/assistant - Versions diffs - 0.4.4 → 0.4.6 - Mend

@vellumai/assistant 0.4.4 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/ARCHITECTURE.md +4 -4
package/README.md +6 -6
package/bun.lock +6 -2
package/docs/architecture/memory.md +4 -4
package/package.json +2 -2
package/src/__tests__/actor-token-service.test.ts +5 -2
package/src/__tests__/assistant-feature-flags-integration.test.ts +1 -0
package/src/__tests__/call-controller.test.ts +78 -0
package/src/__tests__/call-domain.test.ts +148 -10
package/src/__tests__/call-pointer-message-composer.test.ts +39 -49
package/src/__tests__/call-pointer-messages.test.ts +105 -43
package/src/__tests__/canonical-guardian-store.test.ts +44 -10
package/src/__tests__/channel-approval-routes.test.ts +67 -65
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +1 -0
package/src/__tests__/conversation-attention-telegram.test.ts +2 -2
package/src/__tests__/deterministic-verification-control-plane.test.ts +6 -6
package/src/__tests__/guardian-actions-endpoint.test.ts +7 -6
package/src/__tests__/guardian-decision-primitive-canonical.test.ts +57 -12
package/src/__tests__/guardian-grant-minting.test.ts +24 -24
package/src/__tests__/guardian-principal-id-roundtrip.test.ts +205 -0
package/src/__tests__/guardian-routing-invariants.test.ts +64 -25
package/src/__tests__/guardian-routing-state.test.ts +4 -4
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +2 -2
package/src/__tests__/inbound-invite-redemption.test.ts +8 -8
package/src/__tests__/memory-retrieval.benchmark.test.ts +22 -47
package/src/__tests__/no-is-trusted-guard.test.ts +77 -0
package/src/__tests__/non-member-access-request.test.ts +50 -47
package/src/__tests__/relay-server.test.ts +71 -0
package/src/__tests__/send-endpoint-busy.test.ts +6 -0
package/src/__tests__/session-tool-setup-tools-disabled.test.ts +155 -0
package/src/__tests__/skill-feature-flags-integration.test.ts +1 -0
package/src/__tests__/skill-projection.benchmark.test.ts +66 -2
package/src/__tests__/system-prompt.test.ts +1 -0
package/src/__tests__/tool-approval-handler.test.ts +1 -1
package/src/__tests__/tool-grant-request-escalation.test.ts +9 -2
package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +8 -1
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +22 -22
package/src/__tests__/trusted-contact-multichannel.test.ts +4 -4
package/src/__tests__/trusted-contact-verification.test.ts +10 -10
package/src/approvals/guardian-decision-primitive.ts +29 -25
package/src/approvals/guardian-request-resolvers.ts +9 -5
package/src/calls/call-pointer-message-composer.ts +27 -85
package/src/calls/call-pointer-messages.ts +54 -21
package/src/calls/guardian-dispatch.ts +30 -0
package/src/calls/relay-server.ts +13 -13
package/src/config/system-prompt.ts +10 -3
package/src/config/templates/BOOTSTRAP.md +6 -5
package/src/config/templates/USER.md +1 -0
package/src/config/user-reference.ts +44 -0
package/src/daemon/handlers/guardian-actions.ts +5 -2
package/src/daemon/handlers/sessions.ts +8 -3
package/src/daemon/lifecycle.ts +109 -3
package/src/daemon/server.ts +32 -24
package/src/daemon/session-agent-loop.ts +4 -3
package/src/daemon/session-lifecycle.ts +1 -9
package/src/daemon/session-process.ts +2 -2
package/src/daemon/session-runtime-assembly.ts +2 -0
package/src/daemon/session-tool-setup.ts +10 -0
package/src/daemon/session.ts +1 -0
package/src/memory/canonical-guardian-store.ts +40 -0
package/src/memory/conversation-crud.ts +26 -0
package/src/memory/conversation-store.ts +1 -0
package/src/memory/db-init.ts +8 -0
package/src/memory/guardian-bindings.ts +4 -0
package/src/memory/job-handlers/backfill.ts +2 -9
package/src/memory/migrations/125-guardian-principal-id-columns.ts +19 -0
package/src/memory/migrations/126-backfill-guardian-principal-id.ts +210 -0
package/src/memory/migrations/index.ts +2 -0
package/src/memory/migrations/registry.ts +5 -0
package/src/memory/schema.ts +3 -0
package/src/notifications/copy-composer.ts +2 -2
package/src/runtime/access-request-helper.ts +43 -28
package/src/runtime/actor-trust-resolver.ts +19 -14
package/src/runtime/channel-guardian-service.ts +6 -0
package/src/runtime/guardian-context-resolver.ts +6 -2
package/src/runtime/guardian-reply-router.ts +33 -16
package/src/runtime/guardian-vellum-migration.ts +29 -5
package/src/runtime/http-types.ts +0 -13
package/src/runtime/local-actor-identity.ts +19 -13
package/src/runtime/middleware/actor-token.ts +2 -2
package/src/runtime/routes/channel-delivery-routes.ts +5 -5
package/src/runtime/routes/conversation-routes.ts +45 -35
package/src/runtime/routes/guardian-action-routes.ts +7 -1
package/src/runtime/routes/guardian-approval-interception.ts +52 -52
package/src/runtime/routes/guardian-bootstrap-routes.ts +1 -0
package/src/runtime/routes/inbound-conversation.ts +7 -7
package/src/runtime/routes/inbound-message-handler.ts +105 -94
package/src/runtime/tool-grant-request-helper.ts +1 -0
package/src/util/logger.ts +10 -0
package/src/daemon/call-pointer-generators.ts +0 -59

package/src/__tests__/call-pointer-messages.test.ts CHANGED Viewed

@@ -25,8 +25,8 @@ mock.module('../util/logger.js', () => ({
     }),
 }));
-import { addPointerMessage, formatDuration, resetPointerCopyGenerator, setPointerCopyGenerator } from '../calls/call-pointer-messages.js';
-import { getMessages } from '../memory/conversation-store.js';
+import { addPointerMessage, formatDuration, resetPointerMessageProcessor, setPointerMessageProcessor } from '../calls/call-pointer-messages.js';
+import { addMessage, getMessages } from '../memory/conversation-store.js';
 import { getDb, initializeDb, resetDb } from '../memory/db.js';
 import { conversations } from '../memory/schema.js';
@@ -95,7 +95,7 @@ describe('addPointerMessage', () => {
   });
   afterEach(() => {
-    resetPointerCopyGenerator();
+    resetPointerMessageProcessor();
   });
   afterAll(() => {
@@ -192,87 +192,149 @@ describe('addPointerMessage', () => {
     expect(text).toContain('failed: Max attempts exceeded');
   });
-  // Trust-aware tests: in test env, generator is not called (NODE_ENV=test
-  // short-circuits to fallback), so these validate the trust gating path
-  // while still receiving deterministic text.
+  // Trust-aware tests
-  test('untrusted audience uses deterministic fallback even with generator set', () => {
+  test('untrusted audience uses deterministic fallback even with processor set', () => {
     const convId = 'conv-ptr-untrusted';
-    // standard threadType + no origin channel = untrusted
     ensureConversation(convId, { threadType: 'standard' });
-    const generatorCalled = { value: false };
-    setPointerCopyGenerator(async () => {
-      generatorCalled.value = true;
-      return 'generated text';
+    const processorCalled = { value: false };
+    setPointerMessageProcessor(async () => {
+      processorCalled.value = true;
     });
     addPointerMessage(convId, 'started', '+15551234567');
     const text = getLatestAssistantText(convId);
-    // In test env, deterministic fallback is always used regardless of trust
     expect(text).toContain('Call to +15551234567 started');
+    // processor not called because standard threadType + no origin = untrusted
+    expect(processorCalled.value).toBe(false);
   });
-  test('explicit untrusted audience mode skips generator', () => {
+  test('explicit untrusted audience mode skips processor', () => {
     const convId = 'conv-ptr-explicit-untrusted';
     ensureConversation(convId, { threadType: 'private' });
-    const generatorCalled = { value: false };
-    setPointerCopyGenerator(async () => {
-      generatorCalled.value = true;
-      return 'generated text';
+    const processorCalled = { value: false };
+    setPointerMessageProcessor(async () => {
+      processorCalled.value = true;
     });
     addPointerMessage(convId, 'started', '+15551234567', undefined, 'untrusted');
     const text = getLatestAssistantText(convId);
     expect(text).toContain('Call to +15551234567 started');
-    // generator is not called because audience is explicitly untrusted
-    expect(generatorCalled.value).toBe(false);
+    expect(processorCalled.value).toBe(false);
   });
-  test('private threadType is detected as trusted audience', async () => {
-    const convId = 'conv-ptr-private';
+  test('trusted audience routes through daemon processor with required facts', async () => {
+    const convId = 'conv-ptr-trusted';
     ensureConversation(convId, { threadType: 'private' });
-    setPointerCopyGenerator(async () => 'generated text');
+    let capturedInstruction = '';
+    let capturedFacts: string[] = [];
+    setPointerMessageProcessor(async (_convId, instruction, requiredFacts) => {
+      capturedInstruction = instruction;
+      capturedFacts = requiredFacts ?? [];
+    });
     await addPointerMessage(convId, 'completed', '+15559876543', { duration: '1m' });
+    // Processor was called with a structured instruction
+    expect(capturedInstruction).toContain('[CALL_STATUS_EVENT]');
+    expect(capturedInstruction).toContain('+15559876543');
+    expect(capturedInstruction).toContain('completed');
+    expect(capturedInstruction).toContain('1m');
+    // Required facts include phone number, duration, and outcome keyword
+    expect(capturedFacts).toContain('+15559876543');
+    expect(capturedFacts).toContain('1m');
+    expect(capturedFacts).toContain('completed');
+  });
+  test('trusted audience falls back to deterministic on processor failure', async () => {
+    const convId = 'conv-ptr-processor-fail';
+    ensureConversation(convId, { threadType: 'private' });
+    setPointerMessageProcessor(async () => {
+      throw new Error('Daemon unavailable');
+    });
+    await addPointerMessage(convId, 'failed', '+15559876543', { reason: 'busy' });
+    // Falls back to deterministic — written directly to conversation store
     const text = getLatestAssistantText(convId);
-    // In test env, falls back to deterministic even on trusted path
-    expect(text).toContain('Call to +15559876543 completed (1m)');
+    expect(text).toContain('failed: busy');
   });
   test('vellum origin channel is detected as trusted audience', async () => {
     const convId = 'conv-ptr-vellum';
     ensureConversation(convId, { originChannel: 'vellum' });
-    setPointerCopyGenerator(async () => 'generated text');
+    let processorCalled = false;
+    setPointerMessageProcessor(async () => {
+      processorCalled = true;
+    });
     await addPointerMessage(convId, 'failed', '+15559876543', { reason: 'busy' });
-    const text = getLatestAssistantText(convId);
-    expect(text).toContain('failed: busy');
+    expect(processorCalled).toBe(true);
   });
   test('missing conversation defaults to untrusted', () => {
-    const _convId = 'conv-ptr-missing';
-    // Don't create the conversation — trust resolution should default to untrusted
+    const convId = 'conv-ptr-no-signals';
+    ensureConversation(convId);
+    const processorCalled = { value: false };
+    setPointerMessageProcessor(async () => {
+      processorCalled.value = true;
+    });
+    addPointerMessage(convId, 'started', '+15551234567');
+    const text = getLatestAssistantText(convId);
+    expect(text).toContain('Call to +15551234567 started');
+    expect(processorCalled.value).toBe(false);
+  });
+  // Provenance trust class tests
+  test('guardian provenance trust class is detected as trusted audience', async () => {
+    const convId = 'conv-ptr-guardian-provenance';
+    ensureConversation(convId, { threadType: 'standard' });
+    // Add a user message with guardian provenance metadata
+    await addMessage(convId, 'user', 'hello', { provenanceTrustClass: 'guardian' });
+    let processorCalled = false;
+    setPointerMessageProcessor(async () => {
+      processorCalled = true;
+    });
+    await addPointerMessage(convId, 'completed', '+15559876543');
+    expect(processorCalled).toBe(true);
+  });
-    const generatorCalled = { value: false };
-    setPointerCopyGenerator(async () => {
-      generatorCalled.value = true;
-      return 'generated text';
+  test('trusted_contact provenance trust class is detected as trusted audience', async () => {
+    const convId = 'conv-ptr-tc-provenance';
+    ensureConversation(convId, { threadType: 'standard' });
+    // Add a user message with trusted_contact provenance metadata
+    await addMessage(convId, 'user', 'hello', { provenanceTrustClass: 'trusted_contact' });
+    let processorCalled = false;
+    setPointerMessageProcessor(async () => {
+      processorCalled = true;
     });
-    // This will fail at addMessage because conversation doesn't exist,
-    // but the trust check itself should not throw. Test just the trust
-    // gating by using a conversation that exists but has no trust signals.
-    const convId2 = 'conv-ptr-no-signals';
-    ensureConversation(convId2);
+    await addPointerMessage(convId, 'completed', '+15559876543');
+    expect(processorCalled).toBe(true);
+  });
+  test('unknown provenance trust class does not grant trusted audience', () => {
+    const convId = 'conv-ptr-unknown-provenance';
+    ensureConversation(convId, { threadType: 'standard' });
+    addMessage(convId, 'user', 'hello', { provenanceTrustClass: 'unknown' });
-    addPointerMessage(convId2, 'started', '+15551234567');
-    const text = getLatestAssistantText(convId2);
+    const processorCalled = { value: false };
+    setPointerMessageProcessor(async () => {
+      processorCalled.value = true;
+    });
+    addPointerMessage(convId, 'started', '+15551234567');
+    const text = getLatestAssistantText(convId);
     expect(text).toContain('Call to +15551234567 started');
-    // generator not called because standard threadType + no origin = untrusted
-    expect(generatorCalled.value).toBe(false);
+    expect(processorCalled.value).toBe(false);
   });
 });

package/src/__tests__/canonical-guardian-store.test.ts CHANGED Viewed

@@ -41,6 +41,10 @@ import { getDb, initializeDb, resetDb } from '../memory/db.js';
 initializeDb();
+// All decisionable kinds (tool_approval, pending_question, access_request)
+// require a guardianPrincipalId. Use a constant for test fixtures.
+const TEST_PRINCIPAL = 'test-principal-id';
 function resetTables(): void {
   const db = getDb();
   db.run('DELETE FROM canonical_guardian_deliveries');
@@ -71,6 +75,7 @@ describe('canonical-guardian-store', () => {
       conversationId: 'conv-1',
       requesterExternalUserId: 'user-1',
       guardianExternalUserId: 'guardian-1',
+      guardianPrincipalId: TEST_PRINCIPAL,
       callSessionId: 'session-1',
       pendingQuestionId: 'pq-1',
       questionText: 'Can I run this tool?',
@@ -94,6 +99,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'access_request',
       sourceType: 'channel',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     expect(req.id).toBeTruthy();
@@ -111,6 +117,7 @@ describe('canonical-guardian-store', () => {
     const created = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const fetched = getCanonicalGuardianRequest(created.id);
@@ -127,16 +134,16 @@ describe('canonical-guardian-store', () => {
   // ── listCanonicalGuardianRequests ─────────────────────────────────
   test('lists all requests with no filters', () => {
-    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'voice' });
-    createCanonicalGuardianRequest({ kind: 'access_request', sourceType: 'channel' });
+    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'voice', guardianPrincipalId: TEST_PRINCIPAL });
+    createCanonicalGuardianRequest({ kind: 'access_request', sourceType: 'channel', guardianPrincipalId: TEST_PRINCIPAL });
     const all = listCanonicalGuardianRequests();
     expect(all).toHaveLength(2);
   });
   test('filters by status', () => {
-    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'voice' });
-    const req2 = createCanonicalGuardianRequest({ kind: 'access_request', sourceType: 'channel' });
+    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'voice', guardianPrincipalId: TEST_PRINCIPAL });
+    const req2 = createCanonicalGuardianRequest({ kind: 'access_request', sourceType: 'channel', guardianPrincipalId: TEST_PRINCIPAL });
     updateCanonicalGuardianRequest(req2.id, { status: 'approved' });
     const pending = listCanonicalGuardianRequests({ status: 'pending' });
@@ -153,11 +160,13 @@ describe('canonical-guardian-store', () => {
       kind: 'tool_approval',
       sourceType: 'voice',
       guardianExternalUserId: 'guardian-A',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
       guardianExternalUserId: 'guardian-B',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const filtered = listCanonicalGuardianRequests({ guardianExternalUserId: 'guardian-A' });
@@ -170,11 +179,13 @@ describe('canonical-guardian-store', () => {
       kind: 'tool_approval',
       sourceType: 'voice',
       conversationId: 'conv-X',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
       conversationId: 'conv-Y',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const filtered = listCanonicalGuardianRequests({ conversationId: 'conv-X' });
@@ -182,18 +193,18 @@ describe('canonical-guardian-store', () => {
   });
   test('filters by sourceType', () => {
-    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'voice' });
-    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'channel' });
-    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'desktop' });
+    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'voice', guardianPrincipalId: TEST_PRINCIPAL });
+    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'channel', guardianPrincipalId: TEST_PRINCIPAL });
+    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'desktop', guardianPrincipalId: TEST_PRINCIPAL });
     const voiceOnly = listCanonicalGuardianRequests({ sourceType: 'voice' });
     expect(voiceOnly).toHaveLength(1);
   });
   test('filters by kind', () => {
-    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'voice' });
-    createCanonicalGuardianRequest({ kind: 'pending_question', sourceType: 'voice' });
-    createCanonicalGuardianRequest({ kind: 'access_request', sourceType: 'channel' });
+    createCanonicalGuardianRequest({ kind: 'tool_approval', sourceType: 'voice', guardianPrincipalId: TEST_PRINCIPAL });
+    createCanonicalGuardianRequest({ kind: 'pending_question', sourceType: 'voice', guardianPrincipalId: TEST_PRINCIPAL });
+    createCanonicalGuardianRequest({ kind: 'access_request', sourceType: 'channel', guardianPrincipalId: TEST_PRINCIPAL });
     const toolOnly = listCanonicalGuardianRequests({ kind: 'tool_approval' });
     expect(toolOnly).toHaveLength(1);
@@ -204,16 +215,19 @@ describe('canonical-guardian-store', () => {
       kind: 'tool_approval',
       sourceType: 'voice',
       guardianExternalUserId: 'guardian-A',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'channel',
       guardianExternalUserId: 'guardian-A',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     createCanonicalGuardianRequest({
       kind: 'access_request',
       sourceType: 'voice',
       guardianExternalUserId: 'guardian-A',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const filtered = listCanonicalGuardianRequests({
@@ -230,6 +244,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const updated = updateCanonicalGuardianRequest(req.id, {
@@ -260,6 +275,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const resolved = resolveCanonicalGuardianRequest(req.id, 'pending', {
@@ -278,6 +294,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'channel',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const resolved = resolveCanonicalGuardianRequest(req.id, 'pending', {
@@ -293,6 +310,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     // Try to resolve with wrong expected status
@@ -311,6 +329,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     // First resolve succeeds
@@ -353,6 +372,7 @@ describe('canonical-guardian-store', () => {
       sourceChannel: 'twilio',
       conversationId: 'conv-voice-1',
       guardianExternalUserId: 'guardian-phone',
+      guardianPrincipalId: TEST_PRINCIPAL,
       callSessionId: 'call-123',
       pendingQuestionId: 'pq-456',
       questionText: 'What is the gate code?',
@@ -374,6 +394,7 @@ describe('canonical-guardian-store', () => {
       conversationId: 'conv-tg-1',
       requesterExternalUserId: 'requester-tg-user',
       guardianExternalUserId: 'guardian-tg-user',
+      guardianPrincipalId: TEST_PRINCIPAL,
       toolName: 'execute_code',
       inputDigest: 'sha256:abcdef',
       expiresAt: new Date(Date.now() + 120_000).toISOString(),
@@ -394,6 +415,7 @@ describe('canonical-guardian-store', () => {
       sourceType: 'desktop',
       conversationId: 'conv-desktop-1',
       guardianExternalUserId: 'guardian-desktop',
+      guardianPrincipalId: TEST_PRINCIPAL,
       questionText: 'User wants to access settings',
     });
@@ -408,6 +430,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const d1 = createCanonicalGuardianDelivery({
@@ -436,6 +459,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const deliveries = listCanonicalGuardianDeliveries(req.id);
@@ -446,10 +470,12 @@ describe('canonical-guardian-store', () => {
     const pendingReq = createCanonicalGuardianRequest({
       kind: 'pending_question',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const resolvedReq = createCanonicalGuardianRequest({
       kind: 'pending_question',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     updateCanonicalGuardianRequest(resolvedReq.id, { status: 'approved' });
@@ -476,6 +502,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'pending_question',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     createCanonicalGuardianDelivery({
@@ -498,6 +525,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'tool_approval',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const delivery = createCanonicalGuardianDelivery({
       requestId: req.id,
@@ -525,6 +553,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'pending_question',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     createCanonicalGuardianDelivery({
       requestId: req.id,
@@ -544,10 +573,12 @@ describe('canonical-guardian-store', () => {
     const pendingReq = createCanonicalGuardianRequest({
       kind: 'pending_question',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     const resolvedReq = createCanonicalGuardianRequest({
       kind: 'pending_question',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     updateCanonicalGuardianRequest(resolvedReq.id, { status: 'approved' });
@@ -574,6 +605,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'pending_question',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     // Two delivery rows targeting the same chat for the same request
@@ -602,6 +634,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'pending_question',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     createCanonicalGuardianDelivery({
       requestId: req.id,
@@ -620,6 +653,7 @@ describe('canonical-guardian-store', () => {
     const req = createCanonicalGuardianRequest({
       kind: 'pending_question',
       sourceType: 'voice',
+      guardianPrincipalId: TEST_PRINCIPAL,
     });
     createCanonicalGuardianDelivery({
       requestId: req.id,