@vellumai/assistant 0.4.42 → 0.4.44

package/src/permissions/trust-store.ts

@@ -217,47 +217,6 @@ function backfillDefaults(rules: TrustRule[]): boolean {
   return changed;
 }
 
-/**
- * Update persisted starter-bundle rules whose pattern matches a known legacy
- * format (e.g. the old "tool:**" prefix was changed to standalone "**").
- * Returns true when at least one rule was updated.
- *
- * Only rules with a recognised legacy pattern are migrated. If a user has
- * intentionally customised a starter rule's pattern (e.g. narrowed it), it is
- * left untouched.
- */
-function migrateStarterRulePatterns(rules: TrustRule[]): boolean {
-  const templatesByID = new Map(getStarterBundleRules().map((t) => [t.id, t]));
-  let changed = false;
-  for (const rule of rules) {
-    const template = templatesByID.get(rule.id);
-    if (!template || rule.pattern === template.pattern) continue;
-    // Only migrate patterns that match a known legacy format.
-    // The "tool:**" prefix (e.g. "file_read:**") was the original pattern
-    // before it was changed to standalone "**".
-    if (!isLegacyStarterPattern(rule.pattern, rule.tool)) continue;
-    log.info(
-      {
-        ruleId: rule.id,
-        oldPattern: rule.pattern,
-        newPattern: template.pattern,
-      },
-      "Migrated starter rule pattern to current template",
-    );
-    rule.pattern = template.pattern;
-    changed = true;
-  }
-  return changed;
-}
-
-/** Recognises legacy starter-rule patterns that should be auto-migrated. */
-function isLegacyStarterPattern(pattern: string, tool: string): boolean {
-  // Legacy format used "tool:**" prefixes, e.g. "file_read:**", "glob:**".
-  // Only match the exact legacy pattern for this specific tool to avoid
-  // silently resetting user-customised patterns.
-  return pattern === `${tool}:**`;
-}
-
 function loadFromDisk(): TrustRule[] {
   const path = getTrustPath();
   let rules: TrustRule[] = [];
@@ -274,33 +233,19 @@ function loadFromDisk(): TrustRule[] {
       // Restore persisted starter bundle flag
       cachedStarterBundleAccepted = data.starterBundleAccepted === true;
 
-      if (data.version === 1) {
-        // Migration: v1 → v2. All existing rules are user-created → priority 100.
-        rules = rawRules.map((r) => ({
-          ...r,
-          priority: 100,
-        }));
-        needsSave = true;
-        log.info(
-          { ruleCount: rules.length },
-          "Migrated v1 trust rules to v2 (priority=100)",
-        );
-        // Fall through to v2 → v3 migration below
-      }
-
-      if (data.version === 2 || (data.version === 1 && needsSave)) {
-        // Migration: v2 → v3. Existing rules have no principal fields,
-        // which is correct — missing principal fields act as wildcards.
-        if (data.version === 2) {
-          rules = rawRules;
-        }
-        needsSave = true;
-        log.info(
-          { ruleCount: rules.length },
-          "Migrated v2 trust rules to v3 (principal fields)",
-        );
-      } else if (data.version === TRUST_FILE_VERSION) {
+      if (
+        data.version === TRUST_FILE_VERSION ||
+        data.version === 1 ||
+        data.version === 2
+      ) {
         rules = rawRules;
+        if (data.version !== TRUST_FILE_VERSION) {
+          needsSave = true;
+          log.info(
+            { version: data.version, targetVersion: TRUST_FILE_VERSION },
+            "Migrating legacy trust file version",
+          );
+        }
 
         // Strip legacy principal-scoped fields from persisted v3 rules.
         // Before the principal concept was removed, rules could carry
@@ -323,7 +268,7 @@ function loadFromDisk(): TrustRule[] {
             needsSave = true;
           }
         }
-      } else if (data.version !== 1) {
+      } else {
         log.warn(
           { version: data.version },
           "Unknown trust file version, applying defaults in-memory only",
@@ -347,12 +292,6 @@ function loadFromDisk(): TrustRule[] {
     needsSave = true;
   }
 
-  // Migrate persisted starter rules whose pattern has drifted from the
-  // current template (e.g. old "tool:**" → "**").
-  if (migrateStarterRulePatterns(rules)) {
-    needsSave = true;
-  }
-
   rules.sort(ruleOrder);
 
   if (needsSave) {
@@ -711,8 +650,6 @@ export interface AcceptStarterBundleResult {
  */
 export function acceptStarterBundle(): AcceptStarterBundleResult {
   // Re-read from disk to avoid lost updates.
-  // loadFromDisk() also runs migrateStarterRulePatterns() to fix any
-  // stale patterns (e.g. old "tool:**" → "**") before we get here.
   cachedRules = null;
   cachedStarterBundleAccepted = null;
   const rules = [...getRules()];

package/src/permissions/workspace-policy.ts

@@ -80,7 +80,7 @@ const HOST_TOOLS = new Set([
 const ALWAYS_SCOPED_TOOLS = new Set([
   "skill_load",
   "view_image",
-  "memory_search",
+  "memory_recall",
   "ui_update",
   "ui_dismiss",
 ]);

package/src/{config → prompts}/computer-use-prompt.ts

@@ -71,7 +71,7 @@ APP-SPECIFIC TIPS:
 - Messages: Click the search bar or use cmd+n for a new message.
 
 VERIFICATION CODES:
-When a signup or login flow requires a verification code (email, SMS, or authenticator):
+When a signup or login flow requires a verification code (email or authenticator):
 1. Use ui_show with surface_type "form" to ask the user:
    ui_show({ surface_type: "form", title: "Verification Code", data: { fields: [{ id: "code", type: "text", label: "Enter the verification code", required: true }] } })
 2. Wait for the user's response

package/src/{config → prompts}/system-prompt.ts

@@ -2,6 +2,11 @@ import { copyFileSync, existsSync, readFileSync } from "node:fs";
 import { join } from "node:path";
 
 import { CLI_HELP_REFERENCE } from "../cli/reference.js";
+import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
+import { getBaseDataDir, getIsContainerized } from "../config/env-registry.js";
+import { getConfig, getNestedValue, loadRawConfig } from "../config/loader.js";
+import { skillFlagKey } from "../config/skill-state.js";
+import { loadSkillCatalog, type SkillSummary } from "../config/skills.js";
 import { listCredentialMetadata } from "../tools/credentials/metadata-store.js";
 import { resolveBundledDir } from "../util/bundled-asset.js";
 import { getLogger } from "../util/logger.js";
@@ -10,11 +15,6 @@ import {
   getWorkspacePromptPath,
   isMacOS,
 } from "../util/platform.js";
-import { isAssistantFeatureFlagEnabled } from "./assistant-feature-flags.js";
-import { getBaseDataDir, getIsContainerized } from "./env-registry.js";
-import { getConfig } from "./loader.js";
-import { skillFlagKey } from "./skill-state.js";
-import { loadSkillCatalog, type SkillSummary } from "./skills.js";
 import { resolveUserPronouns, resolveUserReference } from "./user-reference.js";
 
 const log = getLogger("system-prompt");
@@ -170,7 +170,7 @@ export function buildSystemPrompt(): string {
       config,
     )
   ) {
-    parts.push(buildGuardianVerificationRoutingSection());
+    parts.push(buildVerificationRoutingSection());
   }
   parts.push(buildAttachmentSection());
   parts.push(buildInChatConfigurationSection());
@@ -186,6 +186,7 @@ export function buildSystemPrompt(): string {
   parts.push(buildAccessPreferenceSection());
   parts.push(buildIntegrationSection());
   parts.push(buildMemoryPersistenceSection());
+  parts.push(buildMemoryRecallSection());
   parts.push(buildWorkspaceReflectionSection());
   parts.push(buildLearningMemorySection());
 
@@ -227,7 +228,7 @@ function buildTaskScheduleReminderRoutingSection(): string {
   ].join("\n");
 }
 
-export function buildGuardianVerificationRoutingSection(): string {
+export function buildVerificationRoutingSection(): string {
   return [
     "## Routing: Guardian Verification",
     "",
@@ -238,13 +239,13 @@ export function buildGuardianVerificationRoutingSection(): string {
     "### Trigger phrases",
     '- "verify guardian"',
     '- "verify my Telegram account"',
-    '- "verify voice channel"',
+    '- "verify phone channel"',
     '- "verify my phone number"',
     '- "set up guardian verification"',
     "",
     "### What it does",
-    "The skill walks through outbound guardian verification for voice or Telegram:",
-    "1. Confirm channel (voice, telegram)",
+    "The skill walks through outbound guardian verification for phone or Telegram:",
+    "1. Confirm channel (phone, telegram)",
     "2. Collect destination (phone number or Telegram handle/chat ID)",
     "3. Start outbound verification via runtime HTTP API",
     "4. Guide the user through code entry, resend, or cancel",
@@ -297,17 +298,16 @@ export function buildStarterTaskPlaybookSection(): string {
     '- `[STARTER_TASK:research_to_ui]` — "Turn it into a webpage or interactive UI" flow',
     "",
     "### Playbook: make_it_yours",
-    "Goal: Help the user choose an accent color for their dashboard.",
+    "Goal: Help the user choose an accent color preference for apps and interfaces.",
     "",
     "1. If the user's locale is missing or has `confidence: low` in USER.md, briefly confirm their location/language before proceeding.",
     "2. Present a concise set of accent color options (e.g. 5-7 curated colors with names and hex codes). Keep it short and scannable.",
     '3. Let the user pick one. Accept color names, hex values, or descriptions (e.g. "something warm").',
     '4. Confirm the selection: "I\'ll set your accent color to **{label}** ({hex}). Sound good?"',
     "5. On confirmation:",
-    '   - Update the `## Dashboard Color Preference` section in USER.md with `label`, `hex`, `source: "user_selected"`, and `applied: true`.',
-    "   - Update the `## Onboarding Tasks` section: set `make_it_yours` to `done`.",
-    "   - Apply the color to the Home Base dashboard using `app_file_edit` to update the theme styles in the Home Base HTML with the chosen accent color.",
-    "6. If the user declines or wants to skip, set `make_it_yours` to `deferred_to_dashboard` in USER.md and move on.",
+    '   - Use `app_file_edit` to update the `## Dashboard Color Preference` section in USER.md with `label`, `hex`, `source: "user_selected"`, and `applied: true`.',
+    "   - Use `app_file_edit` to update the `## Onboarding Tasks` section: set `make_it_yours` to `done`.",
+    "6. If the user declines or wants to skip, set `make_it_yours` to `skipped` in USER.md and move on.",
     "",
     "### Playbook: research_topic",
     "Goal: Research a topic the user is interested in and summarise findings.",
@@ -403,9 +403,9 @@ export function buildPhoneCallsRoutingSection(): string {
     "### Trigger phrases",
     '- "Set up phone calling" / "enable calls"',
     '- "Make a call to..." / "call [number/business]"',
-    '- "Configure Twilio" (in context of voice calls, not SMS)',
+    '- "Configure Twilio" (in context of voice calls)',
     '- "Can you make phone calls?"',
-    '- "Set up my phone number" (for calling, not SMS)',
+    '- "Set up my phone number" (for calling)',
     "",
     "### What it does",
     "The skill handles the full phone calling lifecycle:",
@@ -506,7 +506,7 @@ export function buildChannelAwarenessSection(): string {
     "",
     "### Push-to-talk awareness",
     "- The `<channel_capabilities>` block may include `ptt_activation_key` and `ptt_enabled` fields indicating the user's push-to-talk configuration.",
-    "- You can change the push-to-talk activation key using the `voice_config_update` tool. Valid keys: fn (Fn/Globe key), ctrl (Control key), fn_shift (Fn+Shift), none (disable PTT).",
+    '- You can change the push-to-talk activation key using the `voice_config_update` tool. The key is provided as a JSON PTTActivator payload (e.g. `{"kind":"modifierOnly","modifierFlags":8388608}` for Fn).',
     "- When the user asks about voice input or push-to-talk settings, use the tool to apply changes directly rather than directing them to settings.",
     "- When `microphone_permission_granted` is `false`, guide the user to grant microphone access in System Settings before using voice features.",
     "",
@@ -633,11 +633,14 @@ function buildIntegrationSection(): string {
   );
   if (oauthCreds.length === 0) return "";
 
+  const raw = loadRawConfig();
   const lines = ["## Connected Services", ""];
   for (const cred of oauthCreds) {
-    const state = cred.accountInfo
-      ? `Connected (${cred.accountInfo})`
-      : "Connected";
+    const acctInfo = getNestedValue(
+      raw,
+      `integrations.accountInfo.${cred.service}`,
+    ) as string | undefined;
+    const state = acctInfo ? `Connected (${acctInfo})` : "Connected";
     lines.push(`- **${cred.service}**: ${state}`);
   }
 
@@ -659,6 +662,21 @@ function buildMemoryPersistenceSection(): string {
   ].join("\n");
 }
 
+function buildMemoryRecallSection(): string {
+  return [
+    "## Memory Recall",
+    "",
+    "You have access to a `memory_recall` tool for deep memory retrieval. Use it when:",
+    "",
+    "- The user asks about past conversations, decisions, or context you don't have in the current window",
+    "- You need to recall specific facts, preferences, or project details",
+    "- The auto-injected memory context doesn't contain what you need",
+    "- The user references something from a previous session",
+    "",
+    "The tool searches across semantic, lexical, entity graph, and recency sources. Be specific in your query for best results.",
+  ].join("\n");
+}
+
 function buildWorkspaceReflectionSection(): string {
   return [
     "## Workspace Reflection",
@@ -871,7 +889,7 @@ function appendSkillsCatalog(basePrompt: string): string {
 }
 
 function buildDynamicSkillWorkflowSection(
-  config: import("./schema.js").AssistantConfig,
+  config: import("../config/schema.js").AssistantConfig,
 ): string {
   const lines = [
     "## Dynamic Skill Authoring Workflow",
@@ -909,7 +927,7 @@ function buildDynamicSkillWorkflowSection(
     lines.push(
       "",
       "### Messaging Skill",
-      'When the user asks about email, messaging, inbox management, or wants to read/send/search messages on any platform (Gmail, Slack, Telegram, SMS), load the "messaging" skill using `skill_load`. The messaging skill handles connection setup, credential flows, and all messaging operations — do not improvise setup instructions from general knowledge.',
+      'When the user asks about email, messaging, inbox management, or wants to read/send/search messages on any platform (Gmail, Slack, Telegram), load the "messaging" skill using `skill_load`. The messaging skill handles connection setup, credential flows, and all messaging operations — do not improvise setup instructions from general knowledge.',
     );
   }
 
@@ -953,7 +971,7 @@ function formatSkillsCatalog(skills: SkillSummary[]): string {
   const lines = ["<available_skills>"];
   for (const skill of visible) {
     const idAttr = escapeXml(skill.id);
-    const nameAttr = escapeXml(skill.name);
+    const nameAttr = escapeXml(skill.displayName);
     const descAttr =
       skill.id === "mcp-setup"
         ? escapeXml(getMcpSetupDescription())
@@ -978,7 +996,7 @@ function formatSkillsCatalog(skills: SkillSummary[]): string {
     "### Installing additional skills",
     "If `skill_load` fails because a skill is not found, additional first-party skills may be available in the Vellum catalog.",
     "Use `bash` to discover and install them:",
-    "- `vellum skills list` — list all available catalog skills",
-    "- `vellum skills install <skill-id>` — install a skill, then retry `skill_load`",
+    "- `assistant skills list` — list all available catalog skills",
+    "- `assistant skills install <skill-id>` — install a skill, then retry `skill_load`",
   ].join("\n");
 }

package/src/{config → prompts}/templates/BOOTSTRAP.md

@@ -42,8 +42,6 @@ Then figure out together:
    The two actions MUST have different labels and prompts. Double-check before calling ui_show that you are not repeating the same suggestion.
    If `ui_show` is not available (voice, SMS, or other non-dashboard channels), present the two suggestions as plain text messages instead, numbered so the user can reply with which one they'd like. If the user types a response instead of clicking, continue via the text path. If they want to defer both suggestions and do something else entirely, that's fine too.
 
-7. Create Home Base silently. After the suggestion interaction (user picked one, deferred, or typed something else), create their Home Base using `app_create` with `set_as_home_base: true` and `auto_open: false`. Include personalized starter tasks based on what you learned. Do NOT open it with `app_open`. Do NOT announce it, mention it, or hint that something was created. No "check this out," no "I put something together," no "here's what I came up with." Just create it quietly and move on.
-
 ## Requirements
 
 Only your vibe is hard-required. Your name matters but don't push for it -- if the user doesn't offer one, pick one yourself. Everything else about the user is best-effort. Ask naturally, not as a form. If something is unclear, you can ask one short follow-up, but if the user declines or dodges, do not push. Just move on.
@@ -70,7 +68,6 @@ Do NOT delete this file until ALL of the following are true:
 - You've figured out your vibe and adopted it
 - 2 suggestions shown (via `ui_show` or as text if UI unavailable)
 - The user selected one, deferred both, or typed an alternate direction
-- Home Base has been created silently
 
 Once every condition is met, delete this file. You're done here.
 

package/src/providers/registry.ts

@@ -1,5 +1,5 @@
 import { wrapWithLogfire } from "../logfire.js";
-import { ConfigError } from "../util/errors.js";
+import { ConfigError, ProviderNotConfiguredError } from "../util/errors.js";
 import { AnthropicProvider } from "./anthropic/client.js";
 import { FailoverProvider, type ProviderHealthStatus } from "./failover.js";
 import { FireworksProvider } from "./fireworks/client.js";
@@ -94,9 +94,7 @@ export function getFailoverProvider(
   const selection = resolveProviderSelection(primaryName, providerOrder);
 
   if (!selection.selectedPrimary) {
-    throw new ConfigError(
-      `No providers available. Requested: "${primaryName}". Registered: ${listProviders().join(", ") || "none"}`,
-    );
+    throw new ProviderNotConfiguredError(primaryName, listProviders());
   }
 
   const orderedProviders: Provider[] = selection.availableProviders.map(

package/src/runtime/AGENTS.md

@@ -10,7 +10,7 @@ The single HTTP send endpoint is `POST /v1/messages`. Key behaviors:
 - **Fire-and-forget**: Returns `202 { accepted: true }` immediately. The client observes progress via SSE (`GET /v1/events`).
 - **Hub publishing**: All agent events are published to `assistantEventHub`, making them observable via SSE.
 
-Do NOT add new send endpoints. All message ingress should go through `POST /v1/messages` (HTTP) or `session.processMessage()` (IPC).
+Do NOT add new send endpoints. All message ingress should go through `POST /v1/messages` (HTTP).
 
 ### Approvals (confirmations, secrets, trust rules)
 
@@ -18,9 +18,9 @@ Approvals are **orthogonal to message sending**. The assistant asks for approval
 
 - **Discovery**: Clients discover pending approvals via SSE events (`confirmation_request`, `secret_request`) which include a `requestId`.
 - **Resolution**: Clients respond via standalone endpoints keyed by `requestId`:
-  - `POST /v1/confirm` — `{ requestId, decision: "allow" | "deny" }`
+  - `POST /v1/confirm` — `{ requestId, decision, selectedPattern?, selectedScope? }`. Valid decisions: `"allow"`, `"allow_10m"`, `"allow_thread"`, `"deny"`, `"always_allow"`, `"always_deny"`, `"always_allow_high_risk"`. For persistent decisions (`always_allow`, `always_deny`, `always_allow_high_risk`), `selectedPattern` and `selectedScope` are validated against the server-provided allowlist/scope options from the original confirmation request before trust rules are persisted.
   - `POST /v1/secret` — `{ requestId, value, delivery }`
-  - `POST /v1/trust-rules` — `{ requestId, pattern, scope }`
+  - `POST /v1/trust-rules` — `{ requestId, pattern, scope, decision, allowHighRisk? }`. Validates pattern/scope against server-provided options. Does not resolve the confirmation itself.
 - **Tracking**: The `pending-interactions` tracker (`assistant/src/runtime/pending-interactions.ts`) maps `requestId → session`. Use `register()` to track, `resolve()` to consume, `getByConversation()` to query.
 
 Do NOT couple approval handling to message sending. Do NOT add run/status tracking to the send path.
@@ -33,10 +33,8 @@ Channel approval flows use `requestId` (not `runId`) as the primary identifier:
 - Guardian approval records in `channelGuardianApprovalRequests` link via `requestId`.
 - The conversational approval engine classifies user intent and resolves via `session.handleConfirmationResponse(requestId, decision)`.
 
-## HTTP-First for New Endpoints
+## HTTP-Only Transport
 
-New configuration and control endpoints MUST be exposed over HTTP on the runtime server (`assistant/src/runtime/http-server.ts`), not as IPC-only message types. The runtime HTTP server is the canonical API surface — IPC is a legacy transport being phased out.
+HTTP is the sole transport for client-daemon communication. The runtime HTTP server (`assistant/src/runtime/http-server.ts`) is the canonical API surface. Clients connect via HTTP for request/response operations and SSE (`GET /v1/events`) for streaming server-to-client events.
 
-Existing IPC-only handlers should be migrated to HTTP when touched. The pattern: extract business logic into a shared function, add an HTTP route handler in `assistant/src/runtime/routes/`, keep the IPC handler as a thin wrapper that calls the same logic.
-
-When writing skills that need to call daemon configuration endpoints, use `curl` with the runtime HTTP API (JWT-authenticated via `Authorization: Bearer <jwt>`) rather than describing IPC socket protocol details. The assistant already knows how to use `curl`.
+When writing skills that need to call daemon configuration endpoints, use `curl` with the runtime HTTP API (JWT-authenticated via `Authorization: Bearer <jwt>`). The assistant already knows how to use `curl`.

package/src/runtime/access-request-helper.ts

@@ -7,18 +7,13 @@
  *
  * Access requests are a special case: they always create a canonical request
  * and emit a notification signal, even when no same-channel guardian binding
- * exists. Guardian identity resolution uses a contacts-first fallback strategy:
- *   1. Source-channel guardian contact channel.
- *   2. Any active guardian channel (deterministic, most-recently-verified).
- *   3. No guardian identity (trusted/vellum-only resolution path).
+ * exists. Guardian identity resolution is anchored on the assistant's vellum
+ * principal so access requests cannot bind to stale/cross-assistant contacts.
  */
 
 import type { ChannelId } from "../channels/types.js";
-import {
-  findGuardianForChannel,
-  listGuardianChannels,
-} from "../contacts/contact-store.js";
-import type { MemberStatus } from "../contacts/types.js";
+import { findGuardianForChannel } from "../contacts/contact-store.js";
+import type { ChannelStatus } from "../contacts/types.js";
 import {
   createCanonicalGuardianDelivery,
   createCanonicalGuardianRequest,
@@ -56,7 +51,7 @@ export interface AccessRequestParams {
   actorExternalId?: string;
   actorDisplayName?: string;
   actorUsername?: string;
-  previousMemberStatus?: MemberStatus;
+  previousMemberStatus?: Exclude<ChannelStatus, "unverified">;
 }
 
 export type AccessRequestResult =
@@ -74,9 +69,9 @@ export type AccessRequestResult =
  * Returns a result indicating whether the guardian was notified and whether
  * a new request was created or an existing one was deduped.
  *
- * Guardian identity resolution: contacts-first for source channel, then any
- * active guardian channel, then null (notification pipeline handles delivery
- * via trusted/vellum channels when no binding exists).
+ * Guardian identity resolution uses the assistant's vellum principal as the
+ * trust anchor and only accepts source-channel contacts that match it. This
+ * prevents stale or cross-assistant contacts from being bound to the request.
  *
  * This is intentionally synchronous with respect to the canonical store writes
  * and fire-and-forget for the notification signal emission.
@@ -98,62 +93,52 @@ export function notifyGuardianOfAccessRequest(
     return { notified: false, reason: "no_sender_id" };
   }
 
-  // Resolve guardian identity with contacts-first strategy:
-  // 1. Source-channel guardian contact channel
-  // 2. Any active guardian channel (deterministic, most-recently-verified)
-  // 3. null (notification pipeline handles delivery via trusted channels)
+  // Resolve guardian identity with assistant-anchored strategy:
+  // 1. Ensure the assistant has a vellum guardian principal (trust anchor)
+  // 2. Use source-channel guardian only when principal matches anchor
+  // 3. Fallback to vellum guardian identity for this assistant principal
   let guardianExternalUserId: string | null = null;
   let guardianPrincipalId: string | null = null;
   let guardianBindingChannel: string | null = null;
-  let guardianResolutionSource: "contacts" | "contacts-fallback" | "none" =
-    "none";
+  let guardianResolutionSource:
+    | "source-channel-contact"
+    | "vellum-anchor"
+    | "none" = "none";
+
+  const assistantGuardianPrincipalId =
+    ensureVellumGuardianBinding(canonicalAssistantId);
 
-  // Try contacts-first: source channel
+  // Try source-channel guardian, but only if it maps to the assistant's
+  // anchored principal. This blocks cross-assistant/stale contact selection.
   const sourceGuardian = findGuardianForChannel(sourceChannel);
-  if (sourceGuardian) {
+  if (
+    sourceGuardian &&
+    sourceGuardian.contact.principalId === assistantGuardianPrincipalId
+  ) {
     guardianExternalUserId = sourceGuardian.channel.externalUserId;
     guardianPrincipalId = sourceGuardian.contact.principalId;
     guardianBindingChannel = sourceGuardian.channel.type;
-    guardianResolutionSource = "contacts";
-  } else {
-    // Try contacts-first: any active guardian channel
-    const allGuardianChannels = listGuardianChannels();
-    if (allGuardianChannels && allGuardianChannels.channels.length > 0) {
-      const fallbackChannel = allGuardianChannels.channels[0];
-      guardianExternalUserId = fallbackChannel.externalUserId;
-      guardianPrincipalId = allGuardianChannels.contact.principalId;
-      guardianBindingChannel = fallbackChannel.type;
-      guardianResolutionSource = "contacts-fallback";
-      log.debug(
-        {
-          sourceChannel,
-          fallbackChannel: guardianBindingChannel,
-          canonicalAssistantId,
-        },
-        "Using cross-channel guardian contact fallback for access request",
-      );
-    }
-    // If no guardian found via contacts, guardianResolutionSource stays "none"
+    guardianResolutionSource = "source-channel-contact";
   }
 
-  // Self-heal: access_request requires a principal. If none found via
-  // contacts, bootstrap the vellum binding.
+  // Access requests always require a principal. If source-channel resolution
+  // did not match the assistant anchor, use the anchored vellum identity.
   if (!guardianPrincipalId) {
-    log.info(
-      { sourceChannel, canonicalAssistantId },
-      "No guardian principal for access request — self-healing vellum binding",
-    );
-    const healedPrincipalId = ensureVellumGuardianBinding(canonicalAssistantId);
     const vellumGuardian = findGuardianForChannel("vellum");
-    if (vellumGuardian) {
+    if (
+      vellumGuardian &&
+      vellumGuardian.contact.principalId === assistantGuardianPrincipalId
+    ) {
       guardianExternalUserId =
         vellumGuardian.channel.externalUserId ?? guardianExternalUserId;
       guardianPrincipalId =
-        vellumGuardian.contact.principalId ?? healedPrincipalId;
+        vellumGuardian.contact.principalId ?? assistantGuardianPrincipalId;
       guardianBindingChannel = guardianBindingChannel ?? "vellum";
+      guardianResolutionSource = "vellum-anchor";
     } else {
-      guardianPrincipalId = healedPrincipalId;
+      guardianPrincipalId = assistantGuardianPrincipalId;
       guardianBindingChannel = guardianBindingChannel ?? "vellum";
+      guardianResolutionSource = "vellum-anchor";
     }
   }
 
@@ -264,10 +249,6 @@ export function notifyGuardianOfAccessRequest(
           continue;
         }
 
-        if (result.channel !== "telegram" && result.channel !== "sms") {
-          continue;
-        }
-
         const delivery = createCanonicalGuardianDelivery({
           requestId: canonicalRequest.id,
           destinationChannel: result.channel,

package/src/runtime/actor-trust-resolver.ts

@@ -51,16 +51,6 @@ export function isUntrustedTrustClass(
   return trustClass === "trusted_contact" || trustClass === "unknown";
 }
 
-/**
- * Reason an actor was denied access during trust resolution.
- *
- * - `'no_binding'`: No guardian binding exists for this (assistant, channel),
- *   so trust cannot be established for any actor.
- * - `'no_identity'`: The inbound message carried no usable identity fields
- *   (e.g. missing external user ID), so the sender could not be identified.
- */
-export type DenialReason = "no_binding" | "no_identity";
-
 /**
  * Fully resolved trust context from the actor trust resolver.
  *
@@ -98,8 +88,6 @@ export interface ActorTrustContext {
     channel: ChannelId;
     trustStatus: TrustClass;
   };
-  /** Legacy denial reason for backward-compatible unverified_channel paths. */
-  denialReason?: DenialReason;
 }
 
 /**
@@ -176,7 +164,6 @@ export function resolveActorTrust(
         channel: input.sourceChannel,
         trustStatus: "unknown",
       },
-      denialReason: "no_identity",
     };
   }
 
@@ -249,8 +236,6 @@ export function resolveActorTrust(
       ) === canonicalSenderId
     : false;
 
-  // ContactChannel has no username field — the shim always set it to null.
-  const memberUsername = undefined;
   const memberDisplayName =
     memberMatchesSender &&
     typeof memberRecord?.contact.displayName === "string" &&
@@ -260,7 +245,7 @@ export function resolveActorTrust(
   // Prefer member profile metadata over transient sender metadata so guardian-
   // curated contact details are canonical for assistant-facing identity —
   // but only when the member record actually belongs to the current sender.
-  const resolvedUsername = memberUsername ?? senderUsername;
+  const resolvedUsername = senderUsername;
   const resolvedDisplayName = memberDisplayName ?? senderDisplayName;
   const resolvedIdentifier = resolvedUsername
     ? `@${resolvedUsername}`
@@ -280,12 +265,6 @@ export function resolveActorTrust(
     trustClass = "unknown";
   }
 
-  // Denial reason for legacy compatibility
-  let denialReason: DenialReason | undefined;
-  if (!isGuardian && !guardianBindingMatch) {
-    denialReason = "no_binding";
-  }
-
   return {
     canonicalSenderId,
     guardianBindingMatch,
@@ -301,7 +280,6 @@ export function resolveActorTrust(
       channel: input.sourceChannel,
       trustStatus: trustClass,
     },
-    denialReason,
   };
 }
 
@@ -338,6 +316,5 @@ export function toTrustContext(
     requesterMemberDisplayName: ctx.actorMetadata.memberDisplayName,
     requesterExternalUserId: ctx.canonicalSenderId ?? undefined,
     requesterChatId: conversationExternalId,
-    denialReason: ctx.denialReason,
   };
 }

package/src/runtime/approval-message-composer.ts

@@ -35,7 +35,8 @@ export type ApprovalMessageScenario =
   | "guardian_deny_no_identity"
   | "guardian_deny_no_binding"
   | "requester_cancel"
-  | "approval_already_resolved";
+  | "approval_already_resolved"
+  | "guardian_text_unavailable";
 
 export interface ApprovalMessageContext {
   scenario: ApprovalMessageScenario;
@@ -257,7 +258,7 @@ export function getFallbackMessage(context: ApprovalMessageContext): string {
       // Detect whether the code is a short numeric (identity-bound outbound)
       // or a high-entropy hex (inbound challenge/bootstrap) and adjust wording.
       const isNumeric = /^\d{4,8}$/.test(code);
-      if (context.channel === "voice") {
+      if (context.channel === "phone") {
         if (isNumeric) {
           return `To complete guardian verification, speak or enter the ${code.length}-digit code: ${code}.`;
         }
@@ -289,6 +290,9 @@ export function getFallbackMessage(context: ApprovalMessageContext): string {
     case "approval_already_resolved":
       return "This approval request has already been resolved.";
 
+    case "guardian_text_unavailable":
+      return "I can't process text replies for approvals right now. Please use the approve/deny buttons above to respond.";
+
     default: {
       // Exhaustive check — TypeScript will flag if a scenario is missing.
       const _exhaustive: never = context.scenario;