@vellumai/assistant 0.4.42 → 0.4.43

package/src/permissions/workspace-policy.ts

@@ -80,7 +80,7 @@ const HOST_TOOLS = new Set([
 const ALWAYS_SCOPED_TOOLS = new Set([
   "skill_load",
   "view_image",
-  "memory_search",
+  "memory_recall",
   "ui_update",
   "ui_dismiss",
 ]);

package/src/{config → prompts}/computer-use-prompt.ts

@@ -71,7 +71,7 @@ APP-SPECIFIC TIPS:
 - Messages: Click the search bar or use cmd+n for a new message.
 
 VERIFICATION CODES:
-When a signup or login flow requires a verification code (email, SMS, or authenticator):
+When a signup or login flow requires a verification code (email or authenticator):
 1. Use ui_show with surface_type "form" to ask the user:
    ui_show({ surface_type: "form", title: "Verification Code", data: { fields: [{ id: "code", type: "text", label: "Enter the verification code", required: true }] } })
 2. Wait for the user's response

package/src/{config → prompts}/system-prompt.ts

@@ -2,6 +2,11 @@ import { copyFileSync, existsSync, readFileSync } from "node:fs";
 import { join } from "node:path";
 
 import { CLI_HELP_REFERENCE } from "../cli/reference.js";
+import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
+import { getBaseDataDir, getIsContainerized } from "../config/env-registry.js";
+import { getConfig, getNestedValue, loadRawConfig } from "../config/loader.js";
+import { skillFlagKey } from "../config/skill-state.js";
+import { loadSkillCatalog, type SkillSummary } from "../config/skills.js";
 import { listCredentialMetadata } from "../tools/credentials/metadata-store.js";
 import { resolveBundledDir } from "../util/bundled-asset.js";
 import { getLogger } from "../util/logger.js";
@@ -10,11 +15,6 @@ import {
   getWorkspacePromptPath,
   isMacOS,
 } from "../util/platform.js";
-import { isAssistantFeatureFlagEnabled } from "./assistant-feature-flags.js";
-import { getBaseDataDir, getIsContainerized } from "./env-registry.js";
-import { getConfig } from "./loader.js";
-import { skillFlagKey } from "./skill-state.js";
-import { loadSkillCatalog, type SkillSummary } from "./skills.js";
 import { resolveUserPronouns, resolveUserReference } from "./user-reference.js";
 
 const log = getLogger("system-prompt");
@@ -170,7 +170,7 @@ export function buildSystemPrompt(): string {
       config,
     )
   ) {
-    parts.push(buildGuardianVerificationRoutingSection());
+    parts.push(buildVerificationRoutingSection());
   }
   parts.push(buildAttachmentSection());
   parts.push(buildInChatConfigurationSection());
@@ -186,6 +186,7 @@ export function buildSystemPrompt(): string {
   parts.push(buildAccessPreferenceSection());
   parts.push(buildIntegrationSection());
   parts.push(buildMemoryPersistenceSection());
+  parts.push(buildMemoryRecallSection());
   parts.push(buildWorkspaceReflectionSection());
   parts.push(buildLearningMemorySection());
 
@@ -227,7 +228,7 @@ function buildTaskScheduleReminderRoutingSection(): string {
   ].join("\n");
 }
 
-export function buildGuardianVerificationRoutingSection(): string {
+export function buildVerificationRoutingSection(): string {
   return [
     "## Routing: Guardian Verification",
     "",
@@ -238,13 +239,13 @@ export function buildGuardianVerificationRoutingSection(): string {
     "### Trigger phrases",
     '- "verify guardian"',
     '- "verify my Telegram account"',
-    '- "verify voice channel"',
+    '- "verify phone channel"',
     '- "verify my phone number"',
     '- "set up guardian verification"',
     "",
     "### What it does",
-    "The skill walks through outbound guardian verification for voice or Telegram:",
-    "1. Confirm channel (voice, telegram)",
+    "The skill walks through outbound guardian verification for phone or Telegram:",
+    "1. Confirm channel (phone, telegram)",
     "2. Collect destination (phone number or Telegram handle/chat ID)",
     "3. Start outbound verification via runtime HTTP API",
     "4. Guide the user through code entry, resend, or cancel",
@@ -403,9 +404,9 @@ export function buildPhoneCallsRoutingSection(): string {
     "### Trigger phrases",
     '- "Set up phone calling" / "enable calls"',
     '- "Make a call to..." / "call [number/business]"',
-    '- "Configure Twilio" (in context of voice calls, not SMS)',
+    '- "Configure Twilio" (in context of voice calls)',
     '- "Can you make phone calls?"',
-    '- "Set up my phone number" (for calling, not SMS)',
+    '- "Set up my phone number" (for calling)',
     "",
     "### What it does",
     "The skill handles the full phone calling lifecycle:",
@@ -506,7 +507,7 @@ export function buildChannelAwarenessSection(): string {
     "",
     "### Push-to-talk awareness",
     "- The `<channel_capabilities>` block may include `ptt_activation_key` and `ptt_enabled` fields indicating the user's push-to-talk configuration.",
-    "- You can change the push-to-talk activation key using the `voice_config_update` tool. Valid keys: fn (Fn/Globe key), ctrl (Control key), fn_shift (Fn+Shift), none (disable PTT).",
+    '- You can change the push-to-talk activation key using the `voice_config_update` tool. The key is provided as a JSON PTTActivator payload (e.g. `{"kind":"modifierOnly","modifierFlags":8388608}` for Fn).',
     "- When the user asks about voice input or push-to-talk settings, use the tool to apply changes directly rather than directing them to settings.",
     "- When `microphone_permission_granted` is `false`, guide the user to grant microphone access in System Settings before using voice features.",
     "",
@@ -633,11 +634,14 @@ function buildIntegrationSection(): string {
   );
   if (oauthCreds.length === 0) return "";
 
+  const raw = loadRawConfig();
   const lines = ["## Connected Services", ""];
   for (const cred of oauthCreds) {
-    const state = cred.accountInfo
-      ? `Connected (${cred.accountInfo})`
-      : "Connected";
+    const acctInfo = getNestedValue(
+      raw,
+      `integrations.accountInfo.${cred.service}`,
+    ) as string | undefined;
+    const state = acctInfo ? `Connected (${acctInfo})` : "Connected";
     lines.push(`- **${cred.service}**: ${state}`);
   }
 
@@ -659,6 +663,21 @@ function buildMemoryPersistenceSection(): string {
   ].join("\n");
 }
 
+function buildMemoryRecallSection(): string {
+  return [
+    "## Memory Recall",
+    "",
+    "You have access to a `memory_recall` tool for deep memory retrieval. Use it when:",
+    "",
+    "- The user asks about past conversations, decisions, or context you don't have in the current window",
+    "- You need to recall specific facts, preferences, or project details",
+    "- The auto-injected memory context doesn't contain what you need",
+    "- The user references something from a previous session",
+    "",
+    "The tool searches across semantic, lexical, entity graph, and recency sources. Be specific in your query for best results.",
+  ].join("\n");
+}
+
 function buildWorkspaceReflectionSection(): string {
   return [
     "## Workspace Reflection",
@@ -871,7 +890,7 @@ function appendSkillsCatalog(basePrompt: string): string {
 }
 
 function buildDynamicSkillWorkflowSection(
-  config: import("./schema.js").AssistantConfig,
+  config: import("../config/schema.js").AssistantConfig,
 ): string {
   const lines = [
     "## Dynamic Skill Authoring Workflow",
@@ -909,7 +928,7 @@ function buildDynamicSkillWorkflowSection(
     lines.push(
       "",
       "### Messaging Skill",
-      'When the user asks about email, messaging, inbox management, or wants to read/send/search messages on any platform (Gmail, Slack, Telegram, SMS), load the "messaging" skill using `skill_load`. The messaging skill handles connection setup, credential flows, and all messaging operations — do not improvise setup instructions from general knowledge.',
+      'When the user asks about email, messaging, inbox management, or wants to read/send/search messages on any platform (Gmail, Slack, Telegram), load the "messaging" skill using `skill_load`. The messaging skill handles connection setup, credential flows, and all messaging operations — do not improvise setup instructions from general knowledge.',
     );
   }
 
@@ -953,7 +972,7 @@ function formatSkillsCatalog(skills: SkillSummary[]): string {
   const lines = ["<available_skills>"];
   for (const skill of visible) {
     const idAttr = escapeXml(skill.id);
-    const nameAttr = escapeXml(skill.name);
+    const nameAttr = escapeXml(skill.displayName);
     const descAttr =
       skill.id === "mcp-setup"
         ? escapeXml(getMcpSetupDescription())
@@ -978,7 +997,7 @@ function formatSkillsCatalog(skills: SkillSummary[]): string {
     "### Installing additional skills",
     "If `skill_load` fails because a skill is not found, additional first-party skills may be available in the Vellum catalog.",
     "Use `bash` to discover and install them:",
-    "- `vellum skills list` — list all available catalog skills",
-    "- `vellum skills install <skill-id>` — install a skill, then retry `skill_load`",
+    "- `assistant skills list` — list all available catalog skills",
+    "- `assistant skills install <skill-id>` — install a skill, then retry `skill_load`",
   ].join("\n");
 }

package/src/runtime/AGENTS.md

@@ -10,7 +10,7 @@ The single HTTP send endpoint is `POST /v1/messages`. Key behaviors:
 - **Fire-and-forget**: Returns `202 { accepted: true }` immediately. The client observes progress via SSE (`GET /v1/events`).
 - **Hub publishing**: All agent events are published to `assistantEventHub`, making them observable via SSE.
 
-Do NOT add new send endpoints. All message ingress should go through `POST /v1/messages` (HTTP) or `session.processMessage()` (IPC).
+Do NOT add new send endpoints. All message ingress should go through `POST /v1/messages` (HTTP).
 
 ### Approvals (confirmations, secrets, trust rules)
 
@@ -18,9 +18,9 @@ Approvals are **orthogonal to message sending**. The assistant asks for approval
 
 - **Discovery**: Clients discover pending approvals via SSE events (`confirmation_request`, `secret_request`) which include a `requestId`.
 - **Resolution**: Clients respond via standalone endpoints keyed by `requestId`:
-  - `POST /v1/confirm` — `{ requestId, decision: "allow" | "deny" }`
+  - `POST /v1/confirm` — `{ requestId, decision, selectedPattern?, selectedScope? }`. Valid decisions: `"allow"`, `"allow_10m"`, `"allow_thread"`, `"deny"`, `"always_allow"`, `"always_deny"`, `"always_allow_high_risk"`. For persistent decisions (`always_allow`, `always_deny`, `always_allow_high_risk`), `selectedPattern` and `selectedScope` are validated against the server-provided allowlist/scope options from the original confirmation request before trust rules are persisted.
   - `POST /v1/secret` — `{ requestId, value, delivery }`
-  - `POST /v1/trust-rules` — `{ requestId, pattern, scope }`
+  - `POST /v1/trust-rules` — `{ requestId, pattern, scope, decision, allowHighRisk? }`. Validates pattern/scope against server-provided options. Does not resolve the confirmation itself.
 - **Tracking**: The `pending-interactions` tracker (`assistant/src/runtime/pending-interactions.ts`) maps `requestId → session`. Use `register()` to track, `resolve()` to consume, `getByConversation()` to query.
 
 Do NOT couple approval handling to message sending. Do NOT add run/status tracking to the send path.
@@ -33,10 +33,8 @@ Channel approval flows use `requestId` (not `runId`) as the primary identifier:
 - Guardian approval records in `channelGuardianApprovalRequests` link via `requestId`.
 - The conversational approval engine classifies user intent and resolves via `session.handleConfirmationResponse(requestId, decision)`.
 
-## HTTP-First for New Endpoints
+## HTTP-Only Transport
 
-New configuration and control endpoints MUST be exposed over HTTP on the runtime server (`assistant/src/runtime/http-server.ts`), not as IPC-only message types. The runtime HTTP server is the canonical API surface — IPC is a legacy transport being phased out.
+HTTP is the sole transport for client-daemon communication. The runtime HTTP server (`assistant/src/runtime/http-server.ts`) is the canonical API surface. Clients connect via HTTP for request/response operations and SSE (`GET /v1/events`) for streaming server-to-client events.
 
-Existing IPC-only handlers should be migrated to HTTP when touched. The pattern: extract business logic into a shared function, add an HTTP route handler in `assistant/src/runtime/routes/`, keep the IPC handler as a thin wrapper that calls the same logic.
-
-When writing skills that need to call daemon configuration endpoints, use `curl` with the runtime HTTP API (JWT-authenticated via `Authorization: Bearer <jwt>`) rather than describing IPC socket protocol details. The assistant already knows how to use `curl`.
+When writing skills that need to call daemon configuration endpoints, use `curl` with the runtime HTTP API (JWT-authenticated via `Authorization: Bearer <jwt>`). The assistant already knows how to use `curl`.

package/src/runtime/access-request-helper.ts

@@ -7,18 +7,13 @@
  *
  * Access requests are a special case: they always create a canonical request
  * and emit a notification signal, even when no same-channel guardian binding
- * exists. Guardian identity resolution uses a contacts-first fallback strategy:
- *   1. Source-channel guardian contact channel.
- *   2. Any active guardian channel (deterministic, most-recently-verified).
- *   3. No guardian identity (trusted/vellum-only resolution path).
+ * exists. Guardian identity resolution is anchored on the assistant's vellum
+ * principal so access requests cannot bind to stale/cross-assistant contacts.
  */
 
 import type { ChannelId } from "../channels/types.js";
-import {
-  findGuardianForChannel,
-  listGuardianChannels,
-} from "../contacts/contact-store.js";
-import type { MemberStatus } from "../contacts/types.js";
+import { findGuardianForChannel } from "../contacts/contact-store.js";
+import type { ChannelStatus } from "../contacts/types.js";
 import {
   createCanonicalGuardianDelivery,
   createCanonicalGuardianRequest,
@@ -56,7 +51,7 @@ export interface AccessRequestParams {
   actorExternalId?: string;
   actorDisplayName?: string;
   actorUsername?: string;
-  previousMemberStatus?: MemberStatus;
+  previousMemberStatus?: Exclude<ChannelStatus, "unverified">;
 }
 
 export type AccessRequestResult =
@@ -74,9 +69,9 @@ export type AccessRequestResult =
  * Returns a result indicating whether the guardian was notified and whether
  * a new request was created or an existing one was deduped.
  *
- * Guardian identity resolution: contacts-first for source channel, then any
- * active guardian channel, then null (notification pipeline handles delivery
- * via trusted/vellum channels when no binding exists).
+ * Guardian identity resolution uses the assistant's vellum principal as the
+ * trust anchor and only accepts source-channel contacts that match it. This
+ * prevents stale or cross-assistant contacts from being bound to the request.
  *
  * This is intentionally synchronous with respect to the canonical store writes
  * and fire-and-forget for the notification signal emission.
@@ -98,62 +93,52 @@ export function notifyGuardianOfAccessRequest(
     return { notified: false, reason: "no_sender_id" };
   }
 
-  // Resolve guardian identity with contacts-first strategy:
-  // 1. Source-channel guardian contact channel
-  // 2. Any active guardian channel (deterministic, most-recently-verified)
-  // 3. null (notification pipeline handles delivery via trusted channels)
+  // Resolve guardian identity with assistant-anchored strategy:
+  // 1. Ensure the assistant has a vellum guardian principal (trust anchor)
+  // 2. Use source-channel guardian only when principal matches anchor
+  // 3. Fallback to vellum guardian identity for this assistant principal
   let guardianExternalUserId: string | null = null;
   let guardianPrincipalId: string | null = null;
   let guardianBindingChannel: string | null = null;
-  let guardianResolutionSource: "contacts" | "contacts-fallback" | "none" =
-    "none";
+  let guardianResolutionSource:
+    | "source-channel-contact"
+    | "vellum-anchor"
+    | "none" = "none";
+
+  const assistantGuardianPrincipalId =
+    ensureVellumGuardianBinding(canonicalAssistantId);
 
-  // Try contacts-first: source channel
+  // Try source-channel guardian, but only if it maps to the assistant's
+  // anchored principal. This blocks cross-assistant/stale contact selection.
   const sourceGuardian = findGuardianForChannel(sourceChannel);
-  if (sourceGuardian) {
+  if (
+    sourceGuardian &&
+    sourceGuardian.contact.principalId === assistantGuardianPrincipalId
+  ) {
     guardianExternalUserId = sourceGuardian.channel.externalUserId;
     guardianPrincipalId = sourceGuardian.contact.principalId;
     guardianBindingChannel = sourceGuardian.channel.type;
-    guardianResolutionSource = "contacts";
-  } else {
-    // Try contacts-first: any active guardian channel
-    const allGuardianChannels = listGuardianChannels();
-    if (allGuardianChannels && allGuardianChannels.channels.length > 0) {
-      const fallbackChannel = allGuardianChannels.channels[0];
-      guardianExternalUserId = fallbackChannel.externalUserId;
-      guardianPrincipalId = allGuardianChannels.contact.principalId;
-      guardianBindingChannel = fallbackChannel.type;
-      guardianResolutionSource = "contacts-fallback";
-      log.debug(
-        {
-          sourceChannel,
-          fallbackChannel: guardianBindingChannel,
-          canonicalAssistantId,
-        },
-        "Using cross-channel guardian contact fallback for access request",
-      );
-    }
-    // If no guardian found via contacts, guardianResolutionSource stays "none"
+    guardianResolutionSource = "source-channel-contact";
   }
 
-  // Self-heal: access_request requires a principal. If none found via
-  // contacts, bootstrap the vellum binding.
+  // Access requests always require a principal. If source-channel resolution
+  // did not match the assistant anchor, use the anchored vellum identity.
   if (!guardianPrincipalId) {
-    log.info(
-      { sourceChannel, canonicalAssistantId },
-      "No guardian principal for access request — self-healing vellum binding",
-    );
-    const healedPrincipalId = ensureVellumGuardianBinding(canonicalAssistantId);
     const vellumGuardian = findGuardianForChannel("vellum");
-    if (vellumGuardian) {
+    if (
+      vellumGuardian &&
+      vellumGuardian.contact.principalId === assistantGuardianPrincipalId
+    ) {
       guardianExternalUserId =
         vellumGuardian.channel.externalUserId ?? guardianExternalUserId;
       guardianPrincipalId =
-        vellumGuardian.contact.principalId ?? healedPrincipalId;
+        vellumGuardian.contact.principalId ?? assistantGuardianPrincipalId;
       guardianBindingChannel = guardianBindingChannel ?? "vellum";
+      guardianResolutionSource = "vellum-anchor";
     } else {
-      guardianPrincipalId = healedPrincipalId;
+      guardianPrincipalId = assistantGuardianPrincipalId;
       guardianBindingChannel = guardianBindingChannel ?? "vellum";
+      guardianResolutionSource = "vellum-anchor";
     }
   }
 
@@ -264,10 +249,6 @@ export function notifyGuardianOfAccessRequest(
           continue;
         }
 
-        if (result.channel !== "telegram" && result.channel !== "sms") {
-          continue;
-        }
-
         const delivery = createCanonicalGuardianDelivery({
           requestId: canonicalRequest.id,
           destinationChannel: result.channel,

package/src/runtime/actor-trust-resolver.ts

@@ -51,16 +51,6 @@ export function isUntrustedTrustClass(
   return trustClass === "trusted_contact" || trustClass === "unknown";
 }
 
-/**
- * Reason an actor was denied access during trust resolution.
- *
- * - `'no_binding'`: No guardian binding exists for this (assistant, channel),
- *   so trust cannot be established for any actor.
- * - `'no_identity'`: The inbound message carried no usable identity fields
- *   (e.g. missing external user ID), so the sender could not be identified.
- */
-export type DenialReason = "no_binding" | "no_identity";
-
 /**
  * Fully resolved trust context from the actor trust resolver.
  *
@@ -98,8 +88,6 @@ export interface ActorTrustContext {
     channel: ChannelId;
     trustStatus: TrustClass;
   };
-  /** Legacy denial reason for backward-compatible unverified_channel paths. */
-  denialReason?: DenialReason;
 }
 
 /**
@@ -176,7 +164,6 @@ export function resolveActorTrust(
         channel: input.sourceChannel,
         trustStatus: "unknown",
       },
-      denialReason: "no_identity",
     };
   }
 
@@ -249,8 +236,6 @@ export function resolveActorTrust(
       ) === canonicalSenderId
     : false;
 
-  // ContactChannel has no username field — the shim always set it to null.
-  const memberUsername = undefined;
   const memberDisplayName =
     memberMatchesSender &&
     typeof memberRecord?.contact.displayName === "string" &&
@@ -260,7 +245,7 @@ export function resolveActorTrust(
   // Prefer member profile metadata over transient sender metadata so guardian-
   // curated contact details are canonical for assistant-facing identity —
   // but only when the member record actually belongs to the current sender.
-  const resolvedUsername = memberUsername ?? senderUsername;
+  const resolvedUsername = senderUsername;
   const resolvedDisplayName = memberDisplayName ?? senderDisplayName;
   const resolvedIdentifier = resolvedUsername
     ? `@${resolvedUsername}`
@@ -280,12 +265,6 @@ export function resolveActorTrust(
     trustClass = "unknown";
   }
 
-  // Denial reason for legacy compatibility
-  let denialReason: DenialReason | undefined;
-  if (!isGuardian && !guardianBindingMatch) {
-    denialReason = "no_binding";
-  }
-
   return {
     canonicalSenderId,
     guardianBindingMatch,
@@ -301,7 +280,6 @@ export function resolveActorTrust(
       channel: input.sourceChannel,
       trustStatus: trustClass,
     },
-    denialReason,
   };
 }
 
@@ -338,6 +316,5 @@ export function toTrustContext(
     requesterMemberDisplayName: ctx.actorMetadata.memberDisplayName,
     requesterExternalUserId: ctx.canonicalSenderId ?? undefined,
     requesterChatId: conversationExternalId,
-    denialReason: ctx.denialReason,
   };
 }

package/src/runtime/approval-message-composer.ts

@@ -35,7 +35,8 @@ export type ApprovalMessageScenario =
   | "guardian_deny_no_identity"
   | "guardian_deny_no_binding"
   | "requester_cancel"
-  | "approval_already_resolved";
+  | "approval_already_resolved"
+  | "guardian_text_unavailable";
 
 export interface ApprovalMessageContext {
   scenario: ApprovalMessageScenario;
@@ -257,7 +258,7 @@ export function getFallbackMessage(context: ApprovalMessageContext): string {
       // Detect whether the code is a short numeric (identity-bound outbound)
       // or a high-entropy hex (inbound challenge/bootstrap) and adjust wording.
       const isNumeric = /^\d{4,8}$/.test(code);
-      if (context.channel === "voice") {
+      if (context.channel === "phone") {
         if (isNumeric) {
           return `To complete guardian verification, speak or enter the ${code.length}-digit code: ${code}.`;
         }
@@ -289,6 +290,9 @@ export function getFallbackMessage(context: ApprovalMessageContext): string {
     case "approval_already_resolved":
       return "This approval request has already been resolved.";
 
+    case "guardian_text_unavailable":
+      return "I can't process text replies for approvals right now. Please use the approve/deny buttons above to respond.";
+
     default: {
       // Exhaustive check — TypeScript will flag if a scenario is missing.
       const _exhaustive: never = context.scenario;

package/src/runtime/assistant-event.ts

@@ -8,7 +8,7 @@
 
 import { randomUUID } from "node:crypto";
 
-import type { ServerMessage } from "../daemon/ipc-protocol.js";
+import type { ServerMessage } from "../daemon/message-protocol.js";
 
 // ── Types ─────────────────────────────────────────────────────────────────────
 

package/src/runtime/auth/__tests__/ipc-auth-context.test.ts

@@ -1,7 +1,7 @@
 import { describe, expect, test } from "bun:test";
 
-import { buildIpcAuthContext } from "../../../daemon/ipc-handler.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "../../assistant-scope.js";
+import { buildIpcAuthContext } from "../../local-actor-identity.js";
 import { CURRENT_POLICY_EPOCH } from "../policy.js";
 import { resolveScopeProfile } from "../scopes.js";
 

package/src/runtime/auth/__tests__/subject.test.ts

@@ -43,6 +43,38 @@ describe("parseSub", () => {
     }
   });
 
+  // -------------------------------------------------------------------------
+  // svc:daemon pattern
+  // -------------------------------------------------------------------------
+
+  test("parses svc:daemon:<identifier>", () => {
+    const result = parseSub("svc:daemon:self");
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.principalType).toBe("svc_daemon");
+      expect(result.assistantId).toBe("self");
+      expect(result.actorPrincipalId).toBeUndefined();
+      expect(result.sessionId).toBeUndefined();
+    }
+  });
+
+  test("parses svc:daemon with non-self identifier", () => {
+    const result = parseSub("svc:daemon:pairing");
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.principalType).toBe("svc_daemon");
+      expect(result.assistantId).toBe("pairing");
+    }
+  });
+
+  test("fails on svc:daemon with empty identifier", () => {
+    const result = parseSub("svc:daemon:");
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.reason).toContain("empty");
+    }
+  });
+
   // -------------------------------------------------------------------------
   // ipc pattern
   // -------------------------------------------------------------------------