@vellumai/assistant 0.4.4 → 0.4.6

package/src/__tests__/no-is-trusted-guard.test.ts

@@ -0,0 +1,77 @@
+/**
+ * Guard test: `isTrusted` must not appear in production code.
+ *
+ * The authorization model was migrated from a boolean `isTrusted` flag to
+ * principal-based authorization (`guardianPrincipalId` matching). This guard
+ * ensures the legacy pattern is never reintroduced in production source files.
+ *
+ * The invariant: `actor.guardianPrincipalId === request.guardianPrincipalId`
+ * (with cross-channel fallback via the vellum canonical principal).
+ *
+ * Allowed exceptions:
+ *   - Variable names like `isTrustedActor` or `isTrustedContact` that refer
+ *     to trust-class checks (e.g. `trustClass === 'guardian'`), NOT to a
+ *     boolean `isTrusted` property on ActorContext.
+ *   - Test files (__tests__/) — may reference `isTrusted` in test descriptions
+ *     or comments about the migration.
+ */
+
+import { execSync } from 'node:child_process';
+import { resolve } from 'node:path';
+
+import { describe, expect, test } from 'bun:test';
+
+const repoRoot = resolve(__dirname, '..', '..', '..');
+
+describe('isTrusted guard', () => {
+  test('isTrusted property must not exist in production ActorContext usage', () => {
+    // Search for `isTrusted` used as a property (e.g., `.isTrusted`, `isTrusted:`,
+    // `isTrusted =`) in production TypeScript files, excluding tests, node_modules,
+    // and the allowed trust-class variable pattern.
+    const raw = execSync(
+      [
+        'grep -rn "isTrusted" assistant/src/ --include="*.ts"',
+        'grep -v "__tests__"',
+        'grep -v "node_modules"',
+      ].join(' | ') + ' || true',
+      { encoding: 'utf-8', cwd: repoRoot },
+    );
+
+    // Filter in JS: strip allowed token names from each line, then check if
+    // `isTrusted` still appears. This avoids the grep -v approach which could
+    // mask forbidden usage on lines that also contain allowed tokens.
+    const ALLOWED_TOKENS = ['isTrustedActor', 'isTrustedContact', 'isTrustedTrustClass'];
+    const offending = raw
+      .trim()
+      .split('\n')
+      .filter((line) => {
+        if (!line) return false;
+        let stripped = line;
+        for (const token of ALLOWED_TOKENS) {
+          stripped = stripped.replaceAll(token, '');
+        }
+        return stripped.includes('isTrusted');
+      });
+
+    if (offending.length > 0) {
+      throw new Error(
+        'Found `isTrusted` references in production code. Authorization must use ' +
+        '`guardianPrincipalId` matching instead. Offending lines:\n' +
+        offending.join('\n'),
+      );
+    }
+  });
+
+  test('ActorContext interface must not declare isTrusted field', () => {
+    // Verify the ActorContext type definition does not include isTrusted
+    const result = execSync(
+      [
+        'grep -n "isTrusted" assistant/src/approvals/guardian-request-resolvers.ts',
+        'true',
+      ].join(' || '),
+      { encoding: 'utf-8', cwd: repoRoot },
+    );
+
+    expect(result.trim()).toBe('');
+  });
+});

package/src/__tests__/non-member-access-request.test.ts

@@ -138,12 +138,12 @@ function buildInboundRequest(overrides: Record<string, unknown> = {}): Request {
   const body: Record<string, unknown> = {
     sourceChannel: 'telegram',
     interface: 'telegram',
-    externalChatId: 'chat-123',
+    conversationExternalId: 'chat-123',
     externalMessageId: `msg-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
     content: 'Hello, can I use this assistant?',
-    senderExternalUserId: 'user-unknown-456',
-    senderName: 'Alice Unknown',
-    senderUsername: 'alice_unknown',
+    actorExternalId: 'user-unknown-456',
+    actorDisplayName: 'Alice Unknown',
+    actorUsername: 'alice_unknown',
     replyCallbackUrl: 'http://localhost:7830/deliver/telegram',
     ...overrides,
   };
@@ -206,8 +206,8 @@ describe('non-member access request notification', () => {
     expect(emitSignalCalls[0].sourceEventName).toBe('ingress.access_request');
     expect(emitSignalCalls[0].sourceChannel).toBe('telegram');
     const payload = emitSignalCalls[0].contextPayload as Record<string, unknown>;
-    expect(payload.senderExternalUserId).toBe('user-unknown-456');
-    expect(payload.senderName).toBe('Alice Unknown');
+    expect(payload.actorExternalId).toBe('user-unknown-456');
+    expect(payload.actorDisplayName).toBe('Alice Unknown');
 
     // A canonical access request was created
     const pending = listCanonicalGuardianRequests({
@@ -258,9 +258,9 @@ describe('non-member access request notification', () => {
     expect(pending.length).toBe(1);
   });
 
-  test('access request is created and signal emitted even without same-channel guardian binding', async () => {
-    // No guardian binding on any channel — access request should still be
-    // created and notification signal emitted (null guardianExternalUserId).
+  test('access request is created with self-healed principal even without same-channel guardian binding', async () => {
+    // No guardian binding on any channel — self-heal creates a vellum binding
+    // so the access_request (now decisionable) has a guardianPrincipalId.
     const req = buildInboundRequest();
     const resp = await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
     const json = await resp.json() as Record<string, unknown>;
@@ -276,7 +276,7 @@ describe('non-member access request notification', () => {
     expect(emitSignalCalls.length).toBe(1);
     expect(emitSignalCalls[0].sourceEventName).toBe('ingress.access_request');
 
-    // Canonical request was created with null guardianExternalUserId
+    // Canonical request was created with a self-healed principal
     const pending = listCanonicalGuardianRequests({
       status: 'pending',
       requesterExternalUserId: 'user-unknown-456',
@@ -284,7 +284,9 @@ describe('non-member access request notification', () => {
       kind: 'access_request',
     });
     expect(pending.length).toBe(1);
-    expect(pending[0].guardianExternalUserId).toBeNull();
+    // Self-heal bootstraps a vellum binding — guardianExternalUserId is now set
+    expect(pending[0].guardianExternalUserId).toBeDefined();
+    expect(pending[0].guardianPrincipalId).toBeDefined();
   });
 
   test('cross-channel fallback: SMS guardian binding resolves for Telegram access request', async () => {
@@ -319,7 +321,7 @@ describe('non-member access request notification', () => {
     expect(pending[0].guardianExternalUserId).toBe('guardian-sms-user');
   });
 
-  test('no notification when senderExternalUserId is absent', async () => {
+  test('no notification when actorExternalId is absent', async () => {
     createBinding({
       assistantId: 'self',
       channel: 'telegram',
@@ -327,13 +329,12 @@ describe('non-member access request notification', () => {
       guardianDeliveryChatId: 'guardian-chat-789',
     });
 
-    // Message without senderExternalUserId — can't identify the requester.
-    // The ACL check requires senderExternalUserId to look up members,
-    // so without it the non-member gate is bypassed entirely.
+    // Message without actorExternalId — the handler returns BAD_REQUEST.
     const req = buildInboundRequest({
-      senderExternalUserId: undefined,
+      actorExternalId: undefined,
     });
-    await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
+    const resp = await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
+    expect(resp.status).toBe(400);
 
     // No access request notification should fire (no identity to notify about)
     expect(emitSignalCalls.length).toBe(0);
@@ -345,12 +346,12 @@ describe('access-request-helper unit tests', () => {
     resetState();
   });
 
-  test('notifyGuardianOfAccessRequest returns no_sender_id when senderExternalUserId is absent', () => {
+  test('notifyGuardianOfAccessRequest returns no_sender_id when actorExternalId is absent', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',
       sourceChannel: 'telegram',
-      externalChatId: 'chat-123',
-      senderExternalUserId: undefined,
+      conversationExternalId: 'chat-123',
+      actorExternalId: undefined,
     });
 
     expect(result.notified).toBe(false);
@@ -363,13 +364,13 @@ describe('access-request-helper unit tests', () => {
     expect(pending.length).toBe(0);
   });
 
-  test('notifyGuardianOfAccessRequest creates request with null guardianExternalUserId when no binding exists', () => {
+  test('notifyGuardianOfAccessRequest creates request with self-healed principal when no binding exists', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',
       sourceChannel: 'telegram',
-      externalChatId: 'chat-123',
-      senderExternalUserId: 'unknown-user',
-      senderName: 'Bob',
+      conversationExternalId: 'chat-123',
+      actorExternalId: 'unknown-user',
+      actorDisplayName: 'Bob',
     });
 
     expect(result.notified).toBe(true);
@@ -383,7 +384,9 @@ describe('access-request-helper unit tests', () => {
       kind: 'access_request',
     });
     expect(pending.length).toBe(1);
-    expect(pending[0].guardianExternalUserId).toBeNull();
+    // Self-heal bootstraps a vellum binding
+    expect(pending[0].guardianExternalUserId).toBeDefined();
+    expect(pending[0].guardianPrincipalId).toBeDefined();
 
     // Signal was emitted
     expect(emitSignalCalls.length).toBe(1);
@@ -401,8 +404,8 @@ describe('access-request-helper unit tests', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',
       sourceChannel: 'telegram',
-      externalChatId: 'tg-chat',
-      senderExternalUserId: 'unknown-tg-user',
+      conversationExternalId: 'tg-chat',
+      actorExternalId: 'unknown-tg-user',
     });
 
     expect(result.notified).toBe(true);
@@ -438,8 +441,8 @@ describe('access-request-helper unit tests', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',
       sourceChannel: 'telegram',
-      externalChatId: 'chat-123',
-      senderExternalUserId: 'unknown-user',
+      conversationExternalId: 'chat-123',
+      actorExternalId: 'unknown-user',
     });
 
     expect(result.notified).toBe(true);
@@ -457,13 +460,13 @@ describe('access-request-helper unit tests', () => {
     expect(payload.guardianBindingChannel).toBe('telegram');
   });
 
-  test('notifyGuardianOfAccessRequest for voice channel includes senderName in contextPayload', () => {
+  test('notifyGuardianOfAccessRequest for voice channel includes actorDisplayName in contextPayload', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',
       sourceChannel: 'voice',
-      externalChatId: '+15559998888',
-      senderExternalUserId: '+15559998888',
-      senderName: 'Alice Caller',
+      conversationExternalId: '+15559998888',
+      actorExternalId: '+15559998888',
+      actorDisplayName: 'Alice Caller',
     });
 
     expect(result.notified).toBe(true);
@@ -471,8 +474,8 @@ describe('access-request-helper unit tests', () => {
 
     const payload = emitSignalCalls[0].contextPayload as Record<string, unknown>;
     expect(payload.sourceChannel).toBe('voice');
-    expect(payload.senderName).toBe('Alice Caller');
-    expect(payload.senderExternalUserId).toBe('+15559998888');
+    expect(payload.actorDisplayName).toBe('Alice Caller');
+    expect(payload.actorExternalId).toBe('+15559998888');
     expect(payload.senderIdentifier).toBe('Alice Caller');
 
     // Canonical request should exist
@@ -489,9 +492,9 @@ describe('access-request-helper unit tests', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',
       sourceChannel: 'telegram',
-      externalChatId: 'chat-123',
-      senderExternalUserId: 'unknown-user',
-      senderName: 'Test User',
+      conversationExternalId: 'chat-123',
+      actorExternalId: 'unknown-user',
+      actorDisplayName: 'Test User',
     });
 
     expect(result.notified).toBe(true);
@@ -507,9 +510,9 @@ describe('access-request-helper unit tests', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',
       sourceChannel: 'telegram',
-      externalChatId: 'chat-123',
-      senderExternalUserId: 'revoked-user',
-      senderName: 'Revoked User',
+      conversationExternalId: 'chat-123',
+      actorExternalId: 'revoked-user',
+      actorDisplayName: 'Revoked User',
       previousMemberStatus: 'revoked',
     });
 
@@ -544,9 +547,9 @@ describe('access-request-helper unit tests', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',
       sourceChannel: 'voice',
-      externalChatId: '+15556667777',
-      senderExternalUserId: '+15556667777',
-      senderName: 'Noah',
+      conversationExternalId: '+15556667777',
+      actorExternalId: '+15556667777',
+      actorDisplayName: 'Noah',
     });
 
     expect(result.notified).toBe(true);
@@ -584,9 +587,9 @@ describe('access-request-helper unit tests', () => {
     const result = notifyGuardianOfAccessRequest({
       canonicalAssistantId: 'self',
       sourceChannel: 'telegram',
-      externalChatId: 'chat-123',
-      senderExternalUserId: 'unknown-user',
-      senderName: 'Alice',
+      conversationExternalId: 'chat-123',
+      actorExternalId: 'unknown-user',
+      actorDisplayName: 'Alice',
     });
 
     expect(result.notified).toBe(true);

package/src/__tests__/relay-server.test.ts

@@ -137,6 +137,7 @@ import {
   createCallSession,
   getCallEvents,
   getCallSession,
+  updateCallSession,
 } from '../calls/call-store.js';
 import type { RelayWebSocketData } from '../calls/relay-server.js';
 import { activeRelayConnections,RelayConnection } from '../calls/relay-server.js';
@@ -3186,4 +3187,74 @@ describe('relay-server', () => {
     mockConfig.calls.userConsultTimeoutSeconds = 120;
     relay.destroy();
   });
+
+  // ── Pointer message regression tests for non-guardian paths ───────
+
+  test('normal relay close (1000) writes completed pointer to origin conversation', async () => {
+    ensureConversation('conv-relay-ptr-complete');
+    ensureConversation('conv-relay-ptr-complete-origin');
+    const session = createCallSession({
+      conversationId: 'conv-relay-ptr-complete',
+      provider: 'twilio',
+      fromNumber: '+15551111111',
+      toNumber: '+15559876543',
+      assistantId: 'self',
+      initiatedFromConversationId: 'conv-relay-ptr-complete-origin',
+    });
+    updateCallSession(session.id, { status: 'in_progress', startedAt: Date.now() - 30_000 });
+
+    const { relay } = createMockWs(session.id);
+
+    await relay.handleMessage(JSON.stringify({
+      type: 'setup',
+      callSid: 'CA_relay_ptr_complete',
+      from: '+15551111111',
+      to: '+15559876543',
+      customParameters: {},
+    }));
+
+    relay.handleTransportClosed(1000, 'normal');
+    await new Promise((r) => setTimeout(r, 100));
+
+    const text = getLatestAssistantText('conv-relay-ptr-complete-origin');
+    expect(text).not.toBeNull();
+    expect(text!).toContain('+15559876543');
+    expect(text!).toContain('completed');
+
+    relay.destroy();
+  });
+
+  test('abnormal relay close writes failed pointer to origin conversation', async () => {
+    ensureConversation('conv-relay-ptr-fail');
+    ensureConversation('conv-relay-ptr-fail-origin');
+    const session = createCallSession({
+      conversationId: 'conv-relay-ptr-fail',
+      provider: 'twilio',
+      fromNumber: '+15551111111',
+      toNumber: '+15559876543',
+      assistantId: 'self',
+      initiatedFromConversationId: 'conv-relay-ptr-fail-origin',
+    });
+    updateCallSession(session.id, { status: 'in_progress' });
+
+    const { relay } = createMockWs(session.id);
+
+    await relay.handleMessage(JSON.stringify({
+      type: 'setup',
+      callSid: 'CA_relay_ptr_fail',
+      from: '+15551111111',
+      to: '+15559876543',
+      customParameters: {},
+    }));
+
+    relay.handleTransportClosed(1006, 'abnormal');
+    await new Promise((r) => setTimeout(r, 100));
+
+    const text = getLatestAssistantText('conv-relay-ptr-fail-origin');
+    expect(text).not.toBeNull();
+    expect(text!).toContain('+15559876543');
+    expect(text!).toContain('failed');
+
+    relay.destroy();
+  });
 });

package/src/__tests__/send-endpoint-busy.test.ts

@@ -333,6 +333,7 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
       sourceChannel: 'vellum',
       conversationId,
       toolName: 'call_start',
+      guardianPrincipalId: 'test-principal-id',
       status: 'pending',
       requestCode: 'ABC123',
       expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
@@ -389,6 +390,7 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
       conversationId,
       toolName: 'call_start',
       status: 'pending',
+      guardianPrincipalId: 'test-principal-id',
       requestCode: 'C0FFEE',
       expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
     });
@@ -450,6 +452,7 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
       conversationId,
       toolName: 'call_start',
       status: 'pending',
+      guardianPrincipalId: 'test-principal-id',
       requestCode: 'DEF456',
       expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
     });
@@ -505,6 +508,7 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
       conversationId,
       toolName: 'call_start',
       status: 'pending',
+      guardianPrincipalId: 'test-principal-id',
       requestCode: 'Q2D456',
       expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
     });
@@ -560,6 +564,7 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
       conversationId,
       toolName: 'call_start',
       status: 'pending',
+      guardianPrincipalId: 'test-principal-id',
       requestCode: 'GHI789',
       expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
     });
@@ -613,6 +618,7 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
       conversationId,
       toolName: 'call_start',
       status: 'pending',
+      guardianPrincipalId: 'test-principal-id',
       requestCode: 'JKL012',
       expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
     });

package/src/__tests__/session-tool-setup-tools-disabled.test.ts

@@ -0,0 +1,155 @@
+/**
+ * Tests for the toolsDisabledDepth mechanism in createResolveToolsCallback.
+ *
+ * Covers:
+ * - Resolver returns empty tools when toolsDisabledDepth > 0
+ * - Resolver returns normal tools when toolsDisabledDepth is back to 0
+ * - allowedToolNames is cleared while disabled and restored on next normal call
+ * - Depth counter survives overlapping increments/decrements
+ */
+
+import { describe, expect, mock, test } from 'bun:test';
+
+import type { SkillProjectionCache } from '../daemon/session-skill-tools.js';
+import type { Message, ToolDefinition } from '../providers/types.js';
+
+// ---------------------------------------------------------------------------
+// Mocks — must be set up before importing the module under test
+// ---------------------------------------------------------------------------
+
+mock.module('../daemon/session-skill-tools.js', () => ({
+  projectSkillTools: mock((_history: Message[], _opts: unknown) => ({
+    allowedToolNames: new Set<string>(),
+    toolDefinitions: [],
+  })),
+}));
+
+// ---------------------------------------------------------------------------
+// Import after mocks
+// ---------------------------------------------------------------------------
+
+import {
+  createResolveToolsCallback,
+  type SkillProjectionContext,
+} from '../daemon/session-tool-setup.js';
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function makeToolDef(name: string): ToolDefinition {
+  return { name, description: `${name} tool`, input_schema: {} };
+}
+
+function makeCtx(overrides: Partial<SkillProjectionContext> = {}): SkillProjectionContext {
+  return {
+    skillProjectionState: new Map(),
+    skillProjectionCache: {} as SkillProjectionCache,
+    coreToolNames: new Set(['tool_a', 'tool_b']),
+    toolsDisabledDepth: 0,
+    ...overrides,
+  };
+}
+
+const EMPTY_HISTORY: Message[] = [];
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe('createResolveToolsCallback — toolsDisabledDepth', () => {
+  test('returns undefined when no tool definitions provided', () => {
+    const ctx = makeCtx();
+    const resolve = createResolveToolsCallback([], ctx);
+    expect(resolve).toBeUndefined();
+  });
+
+  test('returns normal tools when toolsDisabledDepth is 0', () => {
+    const toolDefs = [makeToolDef('tool_a'), makeToolDef('tool_b')];
+    const ctx = makeCtx();
+    const resolve = createResolveToolsCallback(toolDefs, ctx)!;
+
+    const tools = resolve(EMPTY_HISTORY);
+    expect(tools.length).toBeGreaterThanOrEqual(2);
+    expect(tools.map((t) => t.name)).toContain('tool_a');
+    expect(tools.map((t) => t.name)).toContain('tool_b');
+    expect(ctx.allowedToolNames?.size).toBeGreaterThan(0);
+  });
+
+  test('returns empty tools when toolsDisabledDepth > 0', () => {
+    const toolDefs = [makeToolDef('tool_a'), makeToolDef('tool_b')];
+    const ctx = makeCtx({ toolsDisabledDepth: 1 });
+    const resolve = createResolveToolsCallback(toolDefs, ctx)!;
+
+    const tools = resolve(EMPTY_HISTORY);
+    expect(tools).toEqual([]);
+    expect(ctx.allowedToolNames).toEqual(new Set());
+  });
+
+  test('returns empty tools when toolsDisabledDepth is > 1 (overlapping callers)', () => {
+    const toolDefs = [makeToolDef('tool_a')];
+    const ctx = makeCtx({ toolsDisabledDepth: 3 });
+    const resolve = createResolveToolsCallback(toolDefs, ctx)!;
+
+    const tools = resolve(EMPTY_HISTORY);
+    expect(tools).toEqual([]);
+    expect(ctx.allowedToolNames).toEqual(new Set());
+  });
+
+  test('restores normal tools after depth returns to 0', () => {
+    const toolDefs = [makeToolDef('tool_a'), makeToolDef('tool_b')];
+    const ctx = makeCtx({ toolsDisabledDepth: 0 });
+    const resolve = createResolveToolsCallback(toolDefs, ctx)!;
+
+    // First call: normal
+    let tools = resolve(EMPTY_HISTORY);
+    expect(tools.length).toBeGreaterThanOrEqual(2);
+
+    // Simulate pointer processor incrementing depth
+    ctx.toolsDisabledDepth++;
+    tools = resolve(EMPTY_HISTORY);
+    expect(tools).toEqual([]);
+    expect(ctx.allowedToolNames).toEqual(new Set());
+
+    // Simulate pointer processor decrementing depth (back to 0)
+    ctx.toolsDisabledDepth--;
+    tools = resolve(EMPTY_HISTORY);
+    expect(tools.length).toBeGreaterThanOrEqual(2);
+    expect(ctx.allowedToolNames!.has('tool_a')).toBe(true);
+    expect(ctx.allowedToolNames!.has('tool_b')).toBe(true);
+  });
+
+  test('overlapping increments keep tools disabled until all decremented', () => {
+    const toolDefs = [makeToolDef('tool_a')];
+    const ctx = makeCtx();
+    const resolve = createResolveToolsCallback(toolDefs, ctx)!;
+
+    // Two overlapping pointer requests
+    ctx.toolsDisabledDepth++;
+    ctx.toolsDisabledDepth++;
+    expect(resolve(EMPTY_HISTORY)).toEqual([]);
+
+    // First one finishes
+    ctx.toolsDisabledDepth--;
+    expect(ctx.toolsDisabledDepth).toBe(1);
+    expect(resolve(EMPTY_HISTORY)).toEqual([]);
+
+    // Second one finishes
+    ctx.toolsDisabledDepth--;
+    expect(ctx.toolsDisabledDepth).toBe(0);
+    const tools = resolve(EMPTY_HISTORY);
+    expect(tools.length).toBeGreaterThanOrEqual(1);
+  });
+
+  test('clears allowedToolNames on every disabled call', () => {
+    const toolDefs = [makeToolDef('tool_a')];
+    const ctx = makeCtx({ toolsDisabledDepth: 1 });
+    const resolve = createResolveToolsCallback(toolDefs, ctx)!;
+
+    // Pre-populate allowedToolNames as if a previous normal turn set them
+    ctx.allowedToolNames = new Set(['tool_a', 'skill_x']);
+
+    resolve(EMPTY_HISTORY);
+    expect(ctx.allowedToolNames).toEqual(new Set());
+  });
+});

package/src/__tests__/skill-feature-flags-integration.test.ts

@@ -66,6 +66,7 @@ mock.module('../config/loader.js', () => ({
 
 mock.module('../config/user-reference.js', () => ({
   resolveUserReference: () => 'TestUser',
+  resolveUserPronouns: () => null,
 }));
 
 mock.module('../tools/credentials/metadata-store.js', () => ({