@vellumai/assistant 0.4.41 → 0.4.43

package/src/runtime/{channel-guardian-service.ts → channel-verification-service.ts}

@@ -1,9 +1,9 @@
 /**
- * Channel guardian verification service.
+ * Channel verification service.
  *
- * Encapsulates the business logic for the guardian verification challenge
- * lifecycle: creating challenges with cryptographic secrets, validating
- * and consuming them, and managing guardian bindings.
+ * Encapsulates the business logic for the verification session lifecycle:
+ * creating sessions with cryptographic secrets, validating and consuming
+ * them, and managing guardian bindings.
  */
 
 import { createHash, randomBytes } from "crypto";
@@ -15,27 +15,29 @@ import type {
   GuardianBinding,
   IdentityBindingStatus,
   SessionStatus,
-  VerificationChallenge,
   VerificationPurpose,
-} from "../memory/channel-guardian-store.js";
+  VerificationSession,
+} from "../memory/channel-verification-sessions.js";
 import {
   bindSessionIdentity as storeBindSessionIdentity,
-  consumeChallenge,
+  consumeSession,
   countRecentSendsToDestination as storeCountRecentSendsToDestination,
-  createChallenge,
+  createInboundSession,
   createVerificationSession,
   findActiveSession as storeFindActiveSession,
-  findPendingChallengeByHash,
-  findPendingChallengeForChannel,
+  findPendingSessionByHash,
+  findPendingSessionForChannel,
   findSessionByBootstrapTokenHash as storeFindSessionByBootstrapTokenHash,
   findSessionByIdentity as storeFindSessionByIdentity,
+  revokePendingSessions as storeRevokePendingSessions,
+  updateSessionDelivery as storeUpdateSessionDelivery,
+  updateSessionStatus as storeUpdateSessionStatus,
+} from "../memory/channel-verification-sessions.js";
+import {
   getRateLimit,
   recordInvalidAttempt,
   resetRateLimit,
-  revokePendingChallenges as storeRevokePendingChallenges,
-  updateSessionDelivery as storeUpdateSessionDelivery,
-  updateSessionStatus as storeUpdateSessionStatus,
-} from "../memory/channel-guardian-store.js";
+} from "../memory/guardian-rate-limits.js";
 import { composeApprovalMessage } from "./approval-message-composer.js";
 
 // ---------------------------------------------------------------------------
@@ -58,7 +60,7 @@ const RATE_LIMIT_LOCKOUT_MS = 30 * 60 * 1000;
 // Types
 // ---------------------------------------------------------------------------
 
-export interface CreateChallengeResult {
+export interface CreateVerificationSessionResult {
   challengeId: string;
   secret: string;
   verifyCommand: string;
@@ -66,7 +68,7 @@ export interface CreateChallengeResult {
   instruction: string;
 }
 
-export type ValidateChallengeResult =
+export type ValidateVerificationResult =
   | { success: true; verificationType: "guardian" | "trusted_contact" }
   | { success: false; reason: string };
 
@@ -96,24 +98,24 @@ function generateNumericSecret(digits: number = 6): string {
 }
 
 /**
- * Create a new verification challenge for a guardian candidate.
+ * Create a new inbound verification session for a guardian candidate.
  *
- * Inbound challenges are not identity-bound: `validateAndConsumeChallenge`
- * skips the identity check when no expected-identity fields are set, so
- * code secrecy is the only protection against brute-force guessing during
- * the TTL window. A 32-byte hex secret provides ~2^128 entropy, making
+ * Inbound sessions are not identity-bound (`identityBindingStatus: null`),
+ * so `validateAndConsumeVerification` skips the identity check and code
+ * secrecy is the only protection against brute-force guessing during the
+ * TTL window. A 32-byte hex secret provides ~2^128 entropy, making
  * enumeration infeasible. Identity-bound outbound sessions (created via
  * `createOutboundSession`) use shorter 6-digit numeric codes because the
  * identity check adds a second layer of protection.
  *
- * Hashes the secret (SHA-256) and stores the challenge record with a
+ * Hashes the secret (SHA-256) and stores the session record with a
  * 10-minute TTL. The raw secret is returned so it can be displayed to
  * the user; only the hash is persisted.
  */
-export function createVerificationChallenge(
+export function createInboundVerificationSession(
   channel: string,
   sessionId?: string,
-): CreateChallengeResult {
+): CreateVerificationSessionResult {
   // High-entropy hex for unbound inbound challenges — 6-digit numeric
   // codes are only safe when identity binding provides a second factor.
   const secret = randomBytes(32).toString("hex");
@@ -121,7 +123,7 @@ export function createVerificationChallenge(
   const challengeId = uuid();
   const expiresAt = Date.now() + CHALLENGE_TTL_MS;
 
-  createChallenge({
+  createInboundSession({
     id: challengeId,
     channel,
     challengeHash,
@@ -159,14 +161,14 @@ export function createVerificationChallenge(
  * exceeding the threshold the actor is locked out for a cooldown
  * period. On success the counter resets.
  */
-export function validateAndConsumeChallenge(
+export function validateAndConsumeVerification(
   channel: string,
   secret: string,
   actorExternalUserId: string,
   actorChatId: string,
   _actorUsername?: string,
   _actorDisplayName?: string,
-): ValidateChallengeResult {
+): ValidateVerificationResult {
   // ── Rate-limit check ──
   const existing = getRateLimit(channel, actorExternalUserId, actorChatId);
   if (
@@ -187,7 +189,7 @@ export function validateAndConsumeChallenge(
 
   const challengeHash = hashSecret(secret);
 
-  const challenge = findPendingChallengeByHash(channel, challengeHash);
+  const challenge = findPendingSessionByHash(channel, challengeHash);
   if (!challenge) {
     recordInvalidAttempt(
       channel,
@@ -225,11 +227,11 @@ export function validateAndConsumeChallenge(
   }
 
   // ── Expected-identity check (outbound sessions) ──
-  // If the session has identity binding fields set and is in 'bound' state,
-  // verify the actor matches the expected identity. If identity_binding_status
-  // is 'pending_bootstrap', allow consumption (bootstrap path handles binding
-  // separately). If no expected identity fields are set (legacy/inbound-only),
-  // skip identity check for backward compatibility.
+  // If the session is in 'bound' state AND has at least one expected-identity
+  // field, verify the actor matches. Inbound-only sessions have no expected
+  // identity and rely on code secrecy alone. If identity_binding_status is
+  // 'pending_bootstrap', allow consumption (bootstrap path handles binding
+  // separately).
   const hasExpectedIdentity =
     challenge.expectedExternalUserId != null ||
     challenge.expectedChatId != null ||
@@ -238,7 +240,7 @@ export function validateAndConsumeChallenge(
   if (hasExpectedIdentity && challenge.identityBindingStatus === "bound") {
     let identityMatch = false;
 
-    // For SMS/voice: verify actorExternalUserId matches expectedPhoneE164
+    // For voice: verify actorExternalUserId matches expectedPhoneE164
     // OR actorExternalUserId matches expectedExternalUserId
     if (challenge.expectedPhoneE164 != null) {
       if (
@@ -298,10 +300,9 @@ export function validateAndConsumeChallenge(
     }
   }
   // pending_bootstrap: allow consumption without identity check
-  // no expected identity: legacy/inbound-only, skip identity check
 
   // Consume the challenge so it cannot be reused
-  consumeChallenge(challenge.id, actorExternalUserId, actorChatId);
+  consumeSession(challenge.id, actorExternalUserId, actorChatId);
 
   // Reset the rate-limit counter on success
   resetRateLimit(channel, actorExternalUserId, actorChatId);
@@ -321,7 +322,7 @@ export function validateAndConsumeChallenge(
 /**
  * Look up the active guardian binding for a given assistant and channel.
  * Reads from the contacts table via findGuardianForChannel and
- * synthesizes a GuardianBinding-shaped object for backward compatibility.
+ * synthesizes a GuardianBinding-shaped object.
  * Returns null when no contacts match.
  */
 export function getGuardianBinding(
@@ -374,23 +375,21 @@ export function revokeBinding(assistantId: string, channel: string): boolean {
 }
 
 /**
- * Revoke all pending challenges for a given channel.
- * Called when the user cancels verification so that stale challenges
+ * Revoke all pending sessions for a given channel.
+ * Called when the user cancels verification so that stale sessions
  * don't gate inbound calls.
  */
-export function revokePendingChallenges(channel: string): void {
-  storeRevokePendingChallenges(channel);
+export function revokePendingSessions(channel: string): void {
+  storeRevokePendingSessions(channel);
 }
 
 /**
- * Look up a pending (non-expired) verification challenge for a given
+ * Look up a pending (non-expired) verification session for a given
  * channel. Used by relay setup to detect whether an active
  * voice verification session exists.
  */
-export function getPendingChallenge(
-  channel: string,
-): VerificationChallenge | null {
-  return findPendingChallengeForChannel(channel);
+export function getPendingSession(channel: string): VerificationSession | null {
+  return findPendingSessionForChannel(channel);
 }
 
 // ---------------------------------------------------------------------------
@@ -409,7 +408,7 @@ export interface CreateOutboundSessionResult {
  * Create an outbound verification session with expected identity pre-set.
  * Returns session info including the secret for outbound delivery.
  *
- * Channels where identity is pre-bound (SMS, voice, Telegram with known
+ * Channels where identity is pre-bound (voice, Telegram with known
  * chat ID) use 6-digit numeric codes for ease of entry. Unbound bootstrap
  * sessions (e.g. Telegram handle where identity is not yet known) use
  * high-entropy 32-byte hex secrets to prevent brute-force guessing during
@@ -470,9 +469,7 @@ export function createOutboundSession(params: {
 /**
  * Find the most recent active outbound session for a given channel.
  */
-export function findActiveSession(
-  channel: string,
-): VerificationChallenge | null {
+export function findActiveSession(channel: string): VerificationSession | null {
   return storeFindActiveSession(channel);
 }
 
@@ -484,7 +481,7 @@ export function findSessionByIdentity(
   externalUserId?: string,
   chatId?: string,
   phoneE164?: string,
-): VerificationChallenge | null {
+): VerificationSession | null {
   return storeFindSessionByIdentity(channel, externalUserId, chatId, phoneE164);
 }
 
@@ -515,7 +512,7 @@ export function updateSessionDelivery(
 }
 
 /**
- * Count total SMS sends to a destination across all sessions within a
+ * Count total sends to a destination across all sessions within a
  * rolling time window. Prevents circumvention of per-session limits by
  * repeatedly creating new sessions to the same phone number.
  */
@@ -550,7 +547,7 @@ export function bindSessionIdentity(
 export function resolveBootstrapToken(
   channel: string,
   token: string,
-): VerificationChallenge | null {
+): VerificationSession | null {
   const tokenHash = hashSecret(token);
   return storeFindSessionByBootstrapTokenHash(channel, tokenHash);
 }

package/src/runtime/confirmation-request-guardian-bridge.ts

@@ -3,7 +3,7 @@
  *
  * When a trusted-contact channel session creates a confirmation_request (tool approval),
  * this helper emits a guardian.question notification signal and persists canonical
- * delivery rows to guardian destinations (Telegram/SMS/Vellum), enabling the guardian
+ * delivery rows to guardian destinations (Telegram/Slack/Vellum), enabling the guardian
  * to approve via callback/request-code path.
  *
  * Modeled after the tool-grant-request-helper pattern. Designed to be called from
@@ -22,7 +22,7 @@ import type { NotificationSourceChannel } from "../notifications/signal.js";
 import { canonicalizeInboundIdentity } from "../util/canonicalize-identity.js";
 import { getLogger } from "../util/logger.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "./assistant-scope.js";
-import { getGuardianBinding } from "./channel-guardian-service.js";
+import { getGuardianBinding } from "./channel-verification-service.js";
 
 const log = getLogger("confirmation-request-guardian-bridge");
 
@@ -181,7 +181,6 @@ export function bridgeConfirmationRequestToGuardian(
     .then((signalResult) => {
       for (const result of signalResult.deliveryResults) {
         if (result.channel === "vellum") continue; // handled in onThreadCreated
-        if (result.channel !== "telegram" && result.channel !== "sms") continue;
         createCanonicalGuardianDelivery({
           requestId: canonicalRequest.id,
           destinationChannel: result.channel,

package/src/runtime/gateway-client.ts

@@ -13,8 +13,6 @@ const MANAGED_CALLBACK_TOKEN_HEADER = "X-Managed-Gateway-Callback-Token";
 const MANAGED_IDEMPOTENCY_HEADER = "X-Idempotency-Key";
 const MANAGED_OUTBOUND_MAX_ATTEMPTS = 3;
 const MANAGED_OUTBOUND_RETRY_BASE_MS = 150;
-const SMS_ATTACHMENTS_FALLBACK_TEXT =
-  "I have a media attachment to share, but SMS currently supports text only.";
 
 export interface ChannelReplyPayload {
   chatId: string;
@@ -33,6 +31,8 @@ export interface ChannelReplyPayload {
   ephemeral?: boolean;
   /** Slack user ID — required when `ephemeral` is true. */
   user?: string;
+  /** Telegram message_id for editing an existing message instead of sending a new one. */
+  messageId?: number;
   /** When provided, instructs the delivery endpoint to update an existing message instead of posting a new one. */
   messageTs?: string;
   /** When true, auto-generate Block Kit blocks from text via textToBlocks(). */
@@ -45,13 +45,15 @@ export interface ChannelDeliveryResult {
   ok: boolean;
   /** The message timestamp returned by the delivery endpoint (e.g. Slack message ts). */
   ts?: string;
+  /** The Telegram message_id returned when a new message was sent. */
+  messageId?: number;
 }
 
 interface ManagedOutboundCallbackContext {
   requestUrl: string;
   routeId: string;
   assistantId: string;
-  sourceChannel: "sms" | "voice";
+  sourceChannel: "phone";
   sourceUpdateId?: string;
   callbackToken?: string;
 }
@@ -92,11 +94,14 @@ export async function deliverChannelReply(
     );
   }
 
-  let result: ChannelDeliveryResult = { ok: true };
+  const result: ChannelDeliveryResult = { ok: true };
   try {
     const responseBody = (await response.json()) as Record<string, unknown>;
     if (typeof responseBody.ts === "string") {
-      result = { ok: true, ts: responseBody.ts };
+      result.ts = responseBody.ts;
+    }
+    if (typeof responseBody.messageId === "number") {
+      result.messageId = responseBody.messageId;
     }
   } catch {
     // Response may not be JSON for non-Slack channels; that's fine.
@@ -138,11 +143,7 @@ function parseManagedOutboundCallback(
   const assistantId = parsed.searchParams.get("assistant_id")?.trim();
   const sourceChannel = parsed.searchParams.get("source_channel")?.trim();
 
-  if (
-    !routeId ||
-    !assistantId ||
-    (sourceChannel !== "sms" && sourceChannel !== "voice")
-  ) {
+  if (!routeId || !assistantId || sourceChannel !== "phone") {
     throw new Error(
       "Managed outbound callback URL is missing required route_id, assistant_id, or source_channel.",
     );
@@ -185,11 +186,7 @@ async function deliverManagedOutboundReply(
     Array.isArray(payload.attachments) && payload.attachments.length > 0;
   const text = payload.approval?.plainTextFallback ?? payload.text;
   const normalizedText =
-    typeof text === "string" && text.trim().length > 0
-      ? text
-      : hasAttachments
-        ? SMS_ATTACHMENTS_FALLBACK_TEXT
-        : "";
+    typeof text === "string" && text.trim().length > 0 ? text : "";
   if (!normalizedText) {
     throw new Error(
       "Managed outbound delivery requires text or plainTextFallback.",

package/src/runtime/guardian-action-followup-executor.ts

@@ -2,11 +2,9 @@
  * Guardian action follow-up executor.
  *
  * After the conversation engine classifies the guardian's reply as
- * `call_back` or `message_back` and transitions the follow-up state to
- * `dispatching`, this module executes the actual action:
+ * `call_back` and transitions the follow-up state to `dispatching`,
+ * this module executes the actual action:
  *
- *   - **message_back**: Generates outbound SMS text and sends it to the
- *     counterparty phone number via the gateway's /deliver/sms endpoint.
  *   - **call_back**: Starts an outbound call to the counterparty with
  *     context about the guardian's answer.
  *
@@ -14,13 +12,12 @@
  * dispatches the appropriate action, and returns a result with generated
  * reply text for the guardian's confirmation message.
  *
- * This module is channel-agnostic: both inbound-message-handler (Telegram,
- * SMS channels) and session-process (mac/IPC channel) use it.
+ * This module is channel-agnostic: both inbound-message-handler (Telegram
+ * channels) and session-process (mac/IPC channel) use it.
  */
 
 import { startCall } from "../calls/call-domain.js";
 import { getCallSession } from "../calls/call-store.js";
-import { getGatewayInternalBaseUrl } from "../config/env.js";
 import { getOrCreateConversation } from "../memory/conversation-key-store.js";
 import {
   finalizeFollowup,
@@ -30,8 +27,6 @@ import {
 } from "../memory/guardian-action-store.js";
 import { getLogger } from "../util/logger.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "./assistant-scope.js";
-import { mintDaemonDeliveryToken } from "./auth/token-service.js";
-import { deliverChannelReply } from "./gateway-client.js";
 import { composeGuardianActionMessageGenerative } from "./guardian-action-message-composer.js";
 import type { GuardianActionCopyGenerator } from "./http-types.js";
 
@@ -105,62 +100,6 @@ export function resolveCounterparty(
 // Action dispatchers
 // ---------------------------------------------------------------------------
 
-/**
- * Send an SMS to the counterparty with the guardian's answer context.
- * Uses the gateway's /deliver/sms endpoint (same path as the SMS notification adapter).
- */
-async function executeMessageBack(
-  request: GuardianActionRequest,
-  counterparty: CounterpartyInfo,
-  generator?: GuardianActionCopyGenerator,
-): Promise<{ ok: true } | { ok: false; error: string }> {
-  try {
-    // Generate the outbound SMS text using the composer
-    const messageText = await composeGuardianActionMessageGenerative(
-      {
-        scenario: "outbound_message_copy",
-        questionText: request.questionText,
-        lateAnswerText: request.lateAnswerText ?? undefined,
-        callerIdentifier: counterparty.displayIdentifier,
-      },
-      {},
-      generator,
-    );
-
-    const gatewayBase = getGatewayInternalBaseUrl();
-    const deliverUrl = `${gatewayBase}/deliver/sms`;
-    const bearerToken = mintDaemonDeliveryToken();
-
-    await deliverChannelReply(
-      deliverUrl,
-      {
-        chatId: counterparty.phoneNumber,
-        text: messageText,
-        assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
-      },
-      bearerToken,
-    );
-
-    log.info(
-      { requestId: request.id, counterpartyPhone: counterparty.phoneNumber },
-      "Follow-up message_back SMS sent successfully",
-    );
-
-    return { ok: true };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    log.error(
-      {
-        err,
-        requestId: request.id,
-        counterpartyPhone: counterparty.phoneNumber,
-      },
-      "Failed to send follow-up message_back SMS",
-    );
-    return { ok: false, error: message };
-  }
-}
-
 /**
  * Start an outbound call to the counterparty with context about the
  * guardian's answer. Uses the existing call start domain flow.
@@ -307,12 +246,11 @@ export async function executeFollowupAction(
   // Execute the action
   let actionResult: { ok: true } | { ok: false; error: string };
 
-  if (action === "message_back") {
-    actionResult = await executeMessageBack(request, counterparty, generator);
-  } else if (action === "call_back") {
+  if (action === "call_back") {
     actionResult = await executeCallBack(request, counterparty);
   } else {
-    // decline is already handled in M5 — should not reach the executor
+    // decline is already handled in M5 — should not reach the executor.
+    // message_back (SMS) is no longer supported.
     finalizeFollowup(requestId, "failed");
     const errorText = await composeGuardianActionMessageGenerative(
       {
@@ -333,10 +271,7 @@ export async function executeFollowupAction(
   if (actionResult.ok) {
     finalizeFollowup(requestId, "completed");
 
-    const scenario =
-      action === "message_back"
-        ? ("followup_message_sent" as const)
-        : ("followup_call_started" as const);
+    const scenario = "followup_call_started" as const;
     const confirmText = await composeGuardianActionMessageGenerative(
       {
         scenario,

package/src/runtime/guardian-action-grant-minter.ts

@@ -11,7 +11,6 @@ import { mintGrantFromDecision } from "../approvals/approval-primitive.js";
 import type { GuardianActionRequest } from "../memory/guardian-action-store.js";
 import { getLogger } from "../util/logger.js";
 import { runApprovalConversationTurn } from "./approval-conversation-turn.js";
-import { parseApprovalDecision } from "./channel-approval-parser.js";
 import type { ApprovalConversationGenerator } from "./http-types.js";
 
 const log = getLogger("guardian-action-grant-minter");
@@ -23,14 +22,13 @@ export const GUARDIAN_ACTION_GRANT_TTL_MS = 5 * 60 * 1000;
  * Mint a `tool_signature` scoped grant when a guardian-action request is
  * resolved and the request carries tool metadata (toolName + inputDigest).
  *
- * Uses two-tier classification:
- *   1. Deterministic fast path via parseApprovalDecision (exact keyword match).
- *   2. LLM fallback via runApprovalConversationTurn when the deterministic
- *      parser returns null and an approvalConversationGenerator is provided.
+ * Classifies the guardian's answer via the conversational approval engine
+ * (`runApprovalConversationTurn`). Only `approve_once` produces a grant —
+ * guardian-action grants are always single-use `tool_signature` scoped.
  *
  * Skips silently when:
  *   - The resolved request has no toolName/inputDigest (informational consult).
- *   - The guardian's answer is not classified as approval by either tier (fail-closed).
+ *   - The guardian's answer is not classified as approval (fail-closed).
  *
  * Fails silently on error -- grant minting is best-effort and must never
  * block the guardian-action answer flow.
@@ -40,7 +38,7 @@ export async function tryMintGuardianActionGrant(params: {
   answerText: string;
   decisionChannel: string;
   guardianExternalUserId?: string;
-  approvalConversationGenerator?: ApprovalConversationGenerator;
+  approvalConversationGenerator: ApprovalConversationGenerator;
 }): Promise<void> {
   const {
     request,
@@ -56,63 +54,50 @@ export async function tryMintGuardianActionGrant(params: {
     return;
   }
 
-  // Tier 1: Deterministic fast path -- try exact keyword matching first.
-  // Guardian-action invariant: grants are always one-time `tool_signature`
-  // scoped.  We treat `approve_always` from the deterministic parser the
-  // same as `approve_once` -- the grant is still single-use.  This keeps
-  // the guardian-action path aligned with the primary approval interception
-  // flow where guardians are limited to approve_once / reject.
-  const decision = parseApprovalDecision(answerText);
-  let isApproval =
-    decision?.action === "approve_once" ||
-    decision?.action === "approve_always";
-
-  // Tier 2: LLM fallback -- when the deterministic parser found no match
-  // and a generator is available, delegate to the conversational engine.
+  // Classify the guardian's answer via the conversational approval engine.
   // Only allow approve_once (not approve_always) to keep guardian-action
   // grants strictly one-time and consistent with guardian policy.
-  if (!isApproval && !decision && approvalConversationGenerator) {
-    try {
-      const llmResult = await runApprovalConversationTurn(
-        {
-          toolName: request.toolName,
-          allowedActions: ["approve_once", "reject"],
-          role: "guardian",
-          pendingApprovals: [
-            { requestId: request.id, toolName: request.toolName },
-          ],
-          userMessage: answerText,
-        },
-        approvalConversationGenerator,
-      );
+  let isApproval = false;
+  try {
+    const llmResult = await runApprovalConversationTurn(
+      {
+        toolName: request.toolName,
+        allowedActions: ["approve_once", "reject"],
+        role: "guardian",
+        pendingApprovals: [
+          { requestId: request.id, toolName: request.toolName },
+        ],
+        userMessage: answerText,
+      },
+      approvalConversationGenerator,
+    );
 
-      isApproval = llmResult.disposition === "approve_once";
+    isApproval = llmResult.disposition === "approve_once";
 
-      log.info(
-        {
-          event: "guardian_action_grant_llm_fallback",
-          toolName: request.toolName,
-          requestId: request.id,
-          answerText,
-          llmDisposition: llmResult.disposition,
-          matched: isApproval,
-          decisionChannel,
-        },
-        `LLM fallback classifier returned disposition: ${llmResult.disposition}`,
-      );
-    } catch (err) {
-      // Fail-closed: generator errors must not produce grants.
-      log.warn(
-        {
-          event: "guardian_action_grant_llm_fallback_error",
-          toolName: request.toolName,
-          requestId: request.id,
-          err,
-          decisionChannel,
-        },
-        "LLM fallback classifier threw an error; treating as non-approval (fail-closed)",
-      );
-    }
+    log.info(
+      {
+        event: "guardian_action_grant_classification",
+        toolName: request.toolName,
+        requestId: request.id,
+        answerText,
+        llmDisposition: llmResult.disposition,
+        matched: isApproval,
+        decisionChannel,
+      },
+      `Approval classifier returned disposition: ${llmResult.disposition}`,
+    );
+  } catch (err) {
+    // Fail-closed: generator errors must not produce grants.
+    log.warn(
+      {
+        event: "guardian_action_grant_classification_error",
+        toolName: request.toolName,
+        requestId: request.id,
+        err,
+        decisionChannel,
+      },
+      "Approval classifier threw an error; treating as non-approval (fail-closed)",
+    );
   }
 
   if (!isApproval) {
@@ -122,7 +107,6 @@ export async function tryMintGuardianActionGrant(params: {
         toolName: request.toolName,
         requestId: request.id,
         answerText,
-        parsedAction: decision?.action ?? null,
         decisionChannel,
       },
       "Skipped grant minting: guardian answer not classified as approval",