@vellumai/assistant 0.4.50 → 0.4.51

package/src/runtime/invite-redemption-service.ts

@@ -8,7 +8,7 @@
  */
 
 import type { ChannelId } from "../channels/types.js";
-import { findContactChannel } from "../contacts/contact-store.js";
+import { findContactChannel, getContact } from "../contacts/contact-store.js";
 import { upsertContactChannel } from "../contacts/contacts-write.js";
 import { getSqlite } from "../memory/db.js";
 import {
@@ -135,7 +135,17 @@ export function redeemInvite(params: {
   const existingChannel = contactResult?.channel ?? null;
   const existingContact = contactResult?.contact ?? null;
 
-  if (existingChannel && existingChannel.status === "active") {
+  // If the invite targets a specific contact and the sender's existing channel
+  // belongs to a different contact, ignore the existing match — the invite
+  // should bind the sender's identity to the target contact, not the existing one.
+  const targetMismatch =
+    existingContact && existingContact.id !== invite.contactId;
+
+  if (
+    existingChannel &&
+    existingChannel.status === "active" &&
+    !targetMismatch
+  ) {
     return { ok: true, type: "already_member", memberId: existingChannel.id };
   }
 
@@ -146,17 +156,11 @@ export function redeemInvite(params: {
     return { ok: false, reason: "invalid_token" };
   }
 
-  // Guardian channels must not be reactivated via regular invite redemption —
-  // their lifecycle is managed exclusively through the guardian binding flow.
-  if (existingContact && existingContact.role === "guardian") {
-    return { ok: false, reason: "invalid_token" };
-  }
-
   // Inactive member reactivation: when the user already has a member record
   // in a non-active state (revoked/pending), reactivate it via upsertContactChannel
   // and consume an invite use atomically. The fresh-member path below also
   // uses upsertContactChannel to keep contacts in sync.
-  if (existingChannel) {
+  if (existingChannel && !targetMismatch) {
     // Sentinel error used to trigger a transaction rollback when the invite
     // was concurrently revoked/expired between pre-validation and write time.
     const STALE_INVITE = Symbol("stale_invite");
@@ -195,6 +199,7 @@ export function redeemInvite(params: {
             inviteId: invite.id,
             verifiedAt: Date.now(),
             verifiedVia: "invite",
+            contactId: invite.contactId,
           });
 
           const recorded = recordInviteUse({
@@ -226,6 +231,16 @@ export function redeemInvite(params: {
 
   // Fresh member creation: upsert into contacts tables and consume an invite
   // use atomically, mirroring the reactivation path above.
+  // When the invite targets a specific contact (targetMismatch path), preserve
+  // the target contact's guardian-assigned display name if it has one.
+  let freshDisplayName = displayName;
+  if (invite.contactId) {
+    const targetContact = getContact(invite.contactId);
+    if (targetContact?.displayName?.trim().length) {
+      freshDisplayName = targetContact.displayName;
+    }
+  }
+
   const STALE_INVITE_FRESH = Symbol("stale_invite_fresh");
   let freshResult: ReturnType<typeof upsertContactChannel> | undefined;
   try {
@@ -235,13 +250,14 @@ export function redeemInvite(params: {
           sourceChannel,
           externalUserId,
           externalChatId,
-          displayName,
+          displayName: freshDisplayName,
           username,
           status: "active",
           policy: "allow",
           inviteId: invite.id,
           verifiedAt: Date.now(),
           verifiedVia: "invite",
+          contactId: invite.contactId,
         });
 
         const recorded = recordInviteUse({
@@ -346,7 +362,16 @@ export function redeemVoiceInviteCode(params: {
   const existingVoiceChannel = voiceContactResult?.channel ?? null;
   const voiceContact = voiceContactResult?.contact ?? null;
 
-  if (existingVoiceChannel && existingVoiceChannel.status === "active") {
+  // If the invite targets a specific contact and the sender's existing channel
+  // belongs to a different contact, ignore the existing match — the invite
+  // should bind the sender's identity to the target contact, not the existing one.
+  const targetMismatch = voiceContact && voiceContact.id !== invite.contactId;
+
+  if (
+    existingVoiceChannel &&
+    existingVoiceChannel.status === "active" &&
+    !targetMismatch
+  ) {
     return {
       ok: true,
       type: "already_member",
@@ -359,21 +384,21 @@ export function redeemVoiceInviteCode(params: {
     return { ok: false, reason: "invalid_or_expired" };
   }
 
-  // Guardian channels must not be reactivated via regular invite redemption —
-  // their lifecycle is managed exclusively through the guardian binding flow.
-  if (voiceContact && voiceContact.role === "guardian") {
-    return { ok: false, reason: "invalid_or_expired" };
-  }
-
   // Atomic redemption: upsert member + consume invite use in a transaction
   const STALE_INVITE = Symbol("stale_invite");
   let memberId: string | undefined;
 
-  // Reactivation should not overwrite a guardian-managed nickname (same
-  // protection as the token-based redemption path above).
-  const preservedDisplayName = voiceContact?.displayName?.trim().length
+  // When the invite targets a specific contact (targetMismatch path), preserve
+  // the target contact's guardian-assigned display name if it has one.
+  let preservedDisplayName = voiceContact?.displayName?.trim().length
     ? voiceContact.displayName
     : (invite.friendName ?? undefined);
+  if (targetMismatch && invite.contactId) {
+    const targetContact = getContact(invite.contactId);
+    if (targetContact?.displayName?.trim().length) {
+      preservedDisplayName = targetContact.displayName;
+    }
+  }
 
   try {
     getSqlite()
@@ -388,6 +413,7 @@ export function redeemVoiceInviteCode(params: {
           inviteId: invite.id,
           verifiedAt: Date.now(),
           verifiedVia: "invite",
+          contactId: invite.contactId,
         });
         memberId = writeResult!.channel.id;
 
@@ -488,7 +514,17 @@ export function redeemInviteByCode(params: {
   const existingChannel = contactResult?.channel ?? null;
   const existingContact = contactResult?.contact ?? null;
 
-  if (existingChannel && existingChannel.status === "active") {
+  // If the invite targets a specific contact and the sender's existing channel
+  // belongs to a different contact, ignore the existing match — the invite
+  // should bind the sender's identity to the target contact, not the existing one.
+  const targetMismatch =
+    existingContact && existingContact.id !== invite.contactId;
+
+  if (
+    existingChannel &&
+    existingChannel.status === "active" &&
+    !targetMismatch
+  ) {
     return { ok: true, type: "already_member", memberId: existingChannel.id };
   }
 
@@ -499,15 +535,9 @@ export function redeemInviteByCode(params: {
     return { ok: false, reason: "invalid_token" };
   }
 
-  // Guardian channels must not be reactivated via regular invite redemption —
-  // their lifecycle is managed exclusively through the guardian binding flow.
-  if (existingContact && existingContact.role === "guardian") {
-    return { ok: false, reason: "invalid_token" };
-  }
-
   // Inactive member reactivation: reactivate via upsertContactChannel and consume
   // an invite use atomically.
-  if (existingChannel) {
+  if (existingChannel && !targetMismatch) {
     const STALE_INVITE_REACTIVATE = Symbol("stale_invite_reactivate");
     const canonicalMemberId = existingChannel.externalUserId
       ? canonicalizeInboundIdentity(
@@ -543,6 +573,7 @@ export function redeemInviteByCode(params: {
             inviteId: invite.id,
             verifiedAt: Date.now(),
             verifiedVia: "invite",
+            contactId: invite.contactId,
           });
 
           const recorded = recordInviteUse({
@@ -571,6 +602,16 @@ export function redeemInviteByCode(params: {
 
   // Fresh member creation: upsert into contacts tables and consume an invite
   // use atomically.
+  // When the invite targets a specific contact (targetMismatch path), preserve
+  // the target contact's guardian-assigned display name if it has one.
+  let freshDisplayName = displayName;
+  if (invite.contactId) {
+    const targetContact = getContact(invite.contactId);
+    if (targetContact?.displayName?.trim().length) {
+      freshDisplayName = targetContact.displayName;
+    }
+  }
+
   const STALE_INVITE_FRESH = Symbol("stale_invite_fresh");
   let freshResult: ReturnType<typeof upsertContactChannel> | undefined;
   try {
@@ -580,13 +621,14 @@ export function redeemInviteByCode(params: {
           sourceChannel,
           externalUserId,
           externalChatId,
-          displayName,
+          displayName: freshDisplayName,
           username,
           status: "active",
           policy: "allow",
           inviteId: invite.id,
           verifiedAt: Date.now(),
           verifiedVia: "invite",
+          contactId: invite.contactId,
         });
 
         const recorded = recordInviteUse({

package/src/runtime/invite-service.ts

@@ -12,11 +12,13 @@ import { startInviteCall } from "../calls/call-domain.js";
 import { isChannelId } from "../channels/types.js";
 import {
   createInvite,
+  findById,
   findByTokenHash,
   hashToken,
   type IngressInvite,
   type InviteStatus,
   listInvites,
+  markInviteExpired,
   revokeInvite,
 } from "../memory/invite-store.js";
 import {
@@ -24,7 +26,6 @@ import {
   DEFAULT_USER_REFERENCE,
   resolveGuardianName,
 } from "../prompts/user-reference.js";
-import { getLogger } from "../util/logger.js";
 import { isValidE164 } from "../util/phone.js";
 import { generateVoiceCode, hashVoiceCode } from "../util/voice-code.js";
 import {
@@ -39,8 +40,6 @@ import {
   type VoiceRedemptionOutcome,
 } from "./invite-redemption-service.js";
 
-const log = getLogger("invite-service");
-
 // ---------------------------------------------------------------------------
 // Response shapes — used by both HTTP routes and message handlers
 // ---------------------------------------------------------------------------
@@ -160,11 +159,16 @@ export async function createIngressInvite(params: {
   voiceCodeDigits?: number;
   friendName?: string;
   guardianName?: string;
+  contactId: string;
 }): Promise<IngressResult<InviteResponseData>> {
   if (!params.sourceChannel) {
     return { ok: false, error: "sourceChannel is required for create" };
   }
 
+  if (!params.contactId) {
+    return { ok: false, error: "contactId is required for create" };
+  }
+
   // For voice invites: generate a one-time numeric code, hash it, and pass
   // the hash to the store. The plaintext code is included in the response
   // exactly once and never stored.
@@ -214,6 +218,7 @@ export async function createIngressInvite(params: {
 
   const { invite, rawToken } = createInvite({
     sourceChannel: params.sourceChannel,
+    contactId: params.contactId,
     note: params.note,
     maxUses: params.maxUses,
     expiresInMs: params.expiresInMs,
@@ -254,25 +259,8 @@ export async function createIngressInvite(params: {
     });
   }
 
-  // For voice invites with a known phone number, initiate an outbound call
-  // so the contact is prompted to enter their code immediately.
-  if (
-    params.sourceChannel === "phone" &&
-    params.expectedExternalUserId &&
-    params.friendName &&
-    effectiveGuardianName
-  ) {
-    // Fire-and-forget: don't block invite creation on call initiation
-    startInviteCall({
-      phoneNumber: params.expectedExternalUserId,
-      friendName: params.friendName,
-      guardianName: effectiveGuardianName,
-    }).catch((err) => {
-      log.warn(
-        { err, inviteId: invite.id },
-        "Failed to initiate outbound invite call",
-      );
-    });
+  if (isVoice && params.friendName) {
+    guardianInstruction = `${params.friendName} will need this code when they answer. Share it with them first.`;
   }
 
   // Voice invites must not expose the token — callers must redeem via the
@@ -316,6 +304,36 @@ export function revokeIngressInvite(
   return { ok: true, data: inviteToResponse(revoked) };
 }
 
+export async function triggerInviteCall(
+  inviteId: string,
+): Promise<IngressResult<{ callSid: string }>> {
+  if (!inviteId) return { ok: false, error: "inviteId is required" };
+  const invite = findById(inviteId);
+  if (!invite) return { ok: false, error: "Invite not found" };
+  if (invite.status !== "active")
+    return { ok: false, error: "Invite is not active" };
+  if (invite.expiresAt && invite.expiresAt <= Date.now()) {
+    markInviteExpired(invite.id);
+    return { ok: false, error: "Invite has expired" };
+  }
+  if (invite.sourceChannel !== "phone")
+    return { ok: false, error: "Only phone invites support call triggering" };
+  if (
+    !invite.expectedExternalUserId ||
+    !invite.friendName ||
+    !invite.guardianName
+  ) {
+    return { ok: false, error: "Invite is missing required voice metadata" };
+  }
+  const result = await startInviteCall({
+    phoneNumber: invite.expectedExternalUserId,
+    friendName: invite.friendName,
+    guardianName: invite.guardianName,
+  });
+  if (!result.ok) return { ok: false, error: result.error };
+  return { ok: true, data: { callSid: result.callSid } };
+}
+
 export function redeemIngressInvite(params: {
   token?: string;
   externalUserId?: string;

package/src/runtime/middleware/twilio-validation.ts

@@ -57,7 +57,7 @@ export async function validateTwilioWebhook(
 ): Promise<{ body: string } | Response> {
   const rawBody = await req.text();
 
-  const authToken = TwilioConversationRelayProvider.getAuthToken();
+  const authToken = await TwilioConversationRelayProvider.getAuthToken();
 
   if (!authToken) {
     log.error(

package/src/runtime/routes/btw-routes.ts

@@ -9,7 +9,7 @@
  */
 
 import { buildToolDefinitions } from "../../daemon/session-tool-setup.js";
-import { getOrCreateConversation } from "../../memory/conversation-key-store.js";
+import { getConversationByKey } from "../../memory/conversation-key-store.js";
 import {
   createTimeout,
   userMessage,
@@ -53,10 +53,15 @@ async function handleBtw(
     );
   }
 
-  const mapping = getOrCreateConversation(conversationKey);
-  const session = await deps.sendMessageDeps.getOrCreateSession(
-    mapping.conversationId,
-  );
+  // Look up an existing conversation — never create one.  BTW is ephemeral
+  // (the file header promises "No messages are persisted"), so we must not
+  // call getOrCreateConversation which would insert a DB row.  When no
+  // conversation exists (e.g. greeting generation for a draft thread), we
+  // still get a usable session via getOrCreateSession with the raw key; the
+  // session lives only in memory and disappears on restart.
+  const mapping = getConversationByKey(conversationKey);
+  const sessionId = mapping?.conversationId ?? conversationKey;
+  const session = await deps.sendMessageDeps.getOrCreateSession(sessionId);
 
   const messages = [...session.getMessages(), userMessage(content.trim())];
   const tools = buildToolDefinitions();

package/src/runtime/routes/conversation-routes.ts

@@ -315,16 +315,53 @@ export function handleListMessages(
   let prevAssistantTimestamp = 0;
   const messages: RuntimeMessagePayload[] = parsed.map((m) => {
     let msgAttachments: RuntimeAttachmentMetadata[] = [];
-    if (m.role === "assistant" && m.id) {
-      const linked = attachmentsStore.getAttachmentMetadataForMessage(m.id);
-      if (linked.length > 0) {
-        msgAttachments = linked.map((a) => ({
-          id: a.id,
-          filename: a.originalFilename,
-          mimeType: a.mimeType,
-          sizeBytes: a.sizeBytes,
-          kind: a.kind,
-        }));
+    if (m.id) {
+      if (m.role === "user") {
+        // Use metadata-only query first to avoid loading large base64
+        // blobs for non-image attachments (documents, audio). Then
+        // selectively fetch full data only for images so the client can
+        // generate thumbnails for inline display on history restore.
+        const linked = attachmentsStore.getAttachmentMetadataForMessage(m.id);
+        if (linked.length > 0) {
+          msgAttachments = linked.map((a) => {
+            if (a.mimeType.startsWith("image/")) {
+              const full = attachmentsStore.getAttachmentById(a.id);
+              return {
+                id: a.id,
+                filename: a.originalFilename,
+                mimeType: a.mimeType,
+                sizeBytes: a.sizeBytes,
+                kind: a.kind,
+                ...(full?.dataBase64 ? { data: full.dataBase64 } : {}),
+                ...(a.thumbnailBase64
+                  ? { thumbnailData: a.thumbnailBase64 }
+                  : {}),
+              };
+            }
+            return {
+              id: a.id,
+              filename: a.originalFilename,
+              mimeType: a.mimeType,
+              sizeBytes: a.sizeBytes,
+              kind: a.kind,
+              ...(a.thumbnailBase64
+                ? { thumbnailData: a.thumbnailBase64 }
+                : {}),
+            };
+          });
+        }
+      } else {
+        const linked = attachmentsStore.getAttachmentMetadataForMessage(m.id);
+        if (linked.length > 0) {
+          msgAttachments = linked.map((a) => ({
+            id: a.id,
+            filename: a.originalFilename,
+            mimeType: a.mimeType,
+            sizeBytes: a.sizeBytes,
+            kind: a.kind,
+            ...(a.thumbnailBase64 ? { thumbnailData: a.thumbnailBase64 } : {}),
+          }));
+        }
       }
     }
 

package/src/runtime/routes/integrations/slack/channel.ts

@@ -20,8 +20,8 @@ import type { RouteDefinition } from "../../../http-router.js";
 /**
  * GET /v1/integrations/slack/channel/config
  */
-export function handleGetSlackChannelConfig(): Response {
-  const result = getSlackChannelConfig();
+export async function handleGetSlackChannelConfig(): Promise<Response> {
+  const result = await getSlackChannelConfig();
   return Response.json(result);
 }
 

package/src/runtime/routes/integrations/telegram.ts

@@ -20,8 +20,8 @@ import type { RouteDefinition } from "../../http-router.js";
 /**
  * GET /v1/integrations/telegram/config
  */
-export function handleGetTelegramConfig(): Response {
-  const result = getTelegramConfig();
+export async function handleGetTelegramConfig(): Promise<Response> {
+  const result = await getTelegramConfig();
   return Response.json(result);
 }
 

package/src/runtime/routes/integrations/twilio.ts

@@ -66,10 +66,10 @@ function pruneAssistantPhoneNumbers(
 /**
  * GET /v1/integrations/twilio/config
  */
-export function handleGetTwilioConfig(): Response {
-  const hasCredentials = hasTwilioCredentials();
+export async function handleGetTwilioConfig(): Promise<Response> {
+  const hasCredentials = await hasTwilioCredentials();
   const accountSid = hasCredentials
-    ? getTwilioCredentials().accountSid
+    ? (await getTwilioCredentials()).accountSid
     : undefined;
   const raw = loadRawConfig();
   const twilio = (raw?.twilio ?? {}) as Record<string, unknown>;
@@ -100,7 +100,7 @@ export async function handleSetTwilioCredentials(
     return Response.json(
       {
         success: false,
-        hasCredentials: hasTwilioCredentials(),
+        hasCredentials: await hasTwilioCredentials(),
         error: "accountSid and authToken are required",
       },
       { status: 400 },
@@ -120,7 +120,7 @@ export async function handleSetTwilioCredentials(
       const errBody = await res.text();
       return Response.json({
         success: false,
-        hasCredentials: hasTwilioCredentials(),
+        hasCredentials: await hasTwilioCredentials(),
         error: `Twilio API validation failed (${res.status}): ${errBody}`,
       });
     }
@@ -128,7 +128,7 @@ export async function handleSetTwilioCredentials(
     const message = err instanceof Error ? err.message : String(err);
     return Response.json({
       success: false,
-      hasCredentials: hasTwilioCredentials(),
+      hasCredentials: await hasTwilioCredentials(),
       error: `Failed to validate Twilio credentials: ${message}`,
     });
   }
@@ -231,7 +231,7 @@ export async function handleClearTwilioCredentials(): Promise<Response> {
  * GET /v1/integrations/twilio/numbers
  */
 export async function handleListTwilioNumbers(): Promise<Response> {
-  if (!hasTwilioCredentials()) {
+  if (!(await hasTwilioCredentials())) {
     return Response.json({
       success: false,
       hasCredentials: false,
@@ -239,7 +239,7 @@ export async function handleListTwilioNumbers(): Promise<Response> {
     });
   }
 
-  const { accountSid, authToken } = getTwilioCredentials();
+  const { accountSid, authToken } = await getTwilioCredentials();
   const numbers = await listIncomingPhoneNumbers(accountSid, authToken);
 
   return Response.json({ success: true, hasCredentials: true, numbers });
@@ -253,7 +253,7 @@ export async function handleListTwilioNumbers(): Promise<Response> {
 export async function handleProvisionTwilioNumber(
   req: Request,
 ): Promise<Response> {
-  if (!hasTwilioCredentials()) {
+  if (!(await hasTwilioCredentials())) {
     return Response.json({
       success: false,
       hasCredentials: false,
@@ -265,7 +265,7 @@ export async function handleProvisionTwilioNumber(
     country?: string;
     areaCode?: string;
   };
-  const { accountSid, authToken } = getTwilioCredentials();
+  const { accountSid, authToken } = await getTwilioCredentials();
   const country = body.country ?? "US";
 
   const available = await searchAvailableNumbers(
@@ -324,7 +324,7 @@ export async function handleAssignTwilioNumber(
     return Response.json(
       {
         success: false,
-        hasCredentials: hasTwilioCredentials(),
+        hasCredentials: await hasTwilioCredentials(),
         error: "phoneNumber is required",
       },
       { status: 400 },
@@ -339,9 +339,9 @@ export async function handleAssignTwilioNumber(
 
   // Best-effort webhook configuration when credentials are available
   let webhookWarning: string | undefined;
-  if (hasTwilioCredentials()) {
+  if (await hasTwilioCredentials()) {
     const { accountSid: acctSid, authToken: acctToken } =
-      getTwilioCredentials();
+      await getTwilioCredentials();
     const webhookResult = await syncTwilioWebhooks(
       body.phoneNumber,
       acctSid,
@@ -353,7 +353,7 @@ export async function handleAssignTwilioNumber(
 
   return Response.json({
     success: true,
-    hasCredentials: hasTwilioCredentials(),
+    hasCredentials: await hasTwilioCredentials(),
     phoneNumber: body.phoneNumber,
     warning: webhookWarning,
   });
@@ -367,7 +367,7 @@ export async function handleAssignTwilioNumber(
 export async function handleReleaseTwilioNumber(
   req: Request,
 ): Promise<Response> {
-  if (!hasTwilioCredentials()) {
+  if (!(await hasTwilioCredentials())) {
     return Response.json({
       success: false,
       hasCredentials: false,
@@ -389,7 +389,7 @@ export async function handleReleaseTwilioNumber(
     });
   }
 
-  const { accountSid, authToken } = getTwilioCredentials();
+  const { accountSid, authToken } = await getTwilioCredentials();
 
   await releasePhoneNumber(accountSid, authToken, phoneNumber);
 
@@ -416,7 +416,7 @@ export function twilioRouteDefinitions(): RouteDefinition[] {
     {
       endpoint: "integrations/twilio/config",
       method: "GET",
-      handler: () => handleGetTwilioConfig(),
+      handler: async () => handleGetTwilioConfig(),
     },
     {
       endpoint: "integrations/twilio/credentials",

package/src/runtime/routes/invite-routes.ts

@@ -2,10 +2,11 @@
  * Route handlers for invite management.
  *
  * Invites:
- *   GET    /v1/contacts/invites        — list invites
- *   POST   /v1/contacts/invites        — create an invite (supports voice)
- *   DELETE /v1/contacts/invites/:id    — revoke an invite
- *   POST   /v1/contacts/invites/redeem — redeem an invite (token or voice code)
+ *   GET    /v1/contacts/invites           — list invites
+ *   POST   /v1/contacts/invites           — create an invite (supports voice)
+ *   DELETE /v1/contacts/invites/:id       — revoke an invite
+ *   POST   /v1/contacts/invites/redeem    — redeem an invite (token or voice code)
+ *   POST   /v1/contacts/invites/:id/call  — trigger an outbound call for a phone invite
  */
 
 import type { RouteDefinition } from "../http-router.js";
@@ -15,6 +16,7 @@ import {
   redeemIngressInvite,
   redeemVoiceInviteCode,
   revokeIngressInvite,
+  triggerInviteCall,
 } from "../invite-service.js";
 
 // ---------------------------------------------------------------------------
@@ -57,6 +59,7 @@ export async function handleCreateInvite(req: Request): Promise<Response> {
     voiceCodeDigits: body.voiceCodeDigits as number | undefined,
     friendName: body.friendName as string | undefined,
     guardianName: body.guardianName as string | undefined,
+    contactId: body.contactId as string,
   });
 
   if (!result.ok) {
@@ -141,6 +144,22 @@ export async function handleRedeemInvite(req: Request): Promise<Response> {
   return Response.json({ ok: true, invite: result.data });
 }
 
+/**
+ * POST /v1/contacts/invites/:id/call
+ *
+ * Trigger an outbound call for a phone invite. The invite must be active and
+ * have sourceChannel "phone" with the required voice metadata populated.
+ */
+export async function handleTriggerInviteCall(
+  inviteId: string,
+): Promise<Response> {
+  const result = await triggerInviteCall(inviteId);
+  if (!result.ok) {
+    return Response.json({ ok: false, error: result.error }, { status: 400 });
+  }
+  return Response.json({ ok: true, callSid: result.data.callSid });
+}
+
 // ---------------------------------------------------------------------------
 // Route definitions
 // ---------------------------------------------------------------------------
@@ -168,5 +187,11 @@ export function inviteRouteDefinitions(): RouteDefinition[] {
       policyKey: "contacts/invites",
       handler: ({ params }) => handleRevokeInvite(params.id),
     },
+    {
+      endpoint: "contacts/invites/:id/call",
+      method: "POST",
+      policyKey: "contacts/invites",
+      handler: async ({ params }) => handleTriggerInviteCall(params.id),
+    },
   ];
 }