@vellumai/assistant 0.4.52 → 0.4.54

package/src/__tests__/tool-execution-abort-cleanup.test.ts

@@ -25,7 +25,6 @@ mock.module("../config/loader.js", () => ({
 
     provider: "anthropic",
     model: "test",
-    apiKeys: {},
     maxTokens: 4096,
     dataDir: "/tmp",
     timeouts: {

package/src/__tests__/tool-executor-lifecycle-events.test.ts

@@ -8,7 +8,6 @@ import type {
 const mockConfig = {
   provider: "anthropic",
   model: "test",
-  apiKeys: {},
   maxTokens: 4096,
   dataDir: "/tmp",
   timeouts: {

package/src/__tests__/tool-executor-shell-integration.test.ts

@@ -17,7 +17,6 @@ import type { ToolContext } from "../tools/types.js";
 const mockConfig = {
   provider: "anthropic",
   model: "test",
-  apiKeys: {},
   maxTokens: 4096,
   dataDir: "/tmp",
   timeouts: {

package/src/__tests__/tool-executor.test.ts

@@ -26,7 +26,6 @@ import type {
 const mockConfig = {
   provider: "anthropic",
   model: "test",
-  apiKeys: {},
   maxTokens: 4096,
   dataDir: "/tmp",
   timeouts: {
@@ -197,7 +196,7 @@ describe("ToolExecutor allowedToolNames gating", () => {
     }
   });
 
-  test("executes normally when allowedToolNames is not set (backward compat)", async () => {
+  test("executes normally when allowedToolNames is not set", async () => {
     const executor = new ToolExecutor(makePrompter());
     const result = await executor.execute(
       "file_read",

package/src/__tests__/trust-store.test.ts

@@ -57,7 +57,6 @@ import {
 } from "../permissions/trust-store.js";
 
 const trustPath = join(testDir, "protected", "trust.json");
-const legacyTrustPath = join(testDir, "trust.json");
 const DEFAULT_TEMPLATES = getDefaultRuleTemplates();
 const NUM_DEFAULTS = DEFAULT_TEMPLATES.length;
 const DEFAULT_PRIORITY_BY_ID = new Map(
@@ -73,11 +72,6 @@ describe("Trust Store", () => {
     } catch {
       /* may not exist */
     }
-    try {
-      rmSync(legacyTrustPath);
-    } catch {
-      /* may not exist */
-    }
   });
 
   // Intentionally do not remove `testDir` in afterAll.
@@ -1099,7 +1093,7 @@ describe("Trust Store", () => {
 
     // ── default allow: browser tools ────────────────────────────
 
-    test("all 10 browser tools have default allow rules", () => {
+    test("all 14 browser tools have default allow rules", () => {
       const templates = getDefaultRuleTemplates();
       const browserTools = [
         "browser_navigate",
@@ -1109,8 +1103,12 @@ describe("Trust Store", () => {
         "browser_click",
         "browser_type",
         "browser_press_key",
+        "browser_scroll",
+        "browser_select_option",
+        "browser_hover",
         "browser_wait_for",
         "browser_extract",
+        "browser_wait_for_download",
         "browser_fill_credential",
       ];
 
@@ -1223,79 +1221,6 @@ describe("Trust Store", () => {
   // ── loadFromDisk resilience (misc) ──────────────────────────────
 
   describe("loadFromDisk resilience (misc)", () => {
-    test("migrates legacy root trust file to protected path", () => {
-      mkdirSync(dirname(legacyTrustPath), { recursive: true });
-      writeFileSync(
-        legacyTrustPath,
-        JSON.stringify({
-          version: 3,
-          rules: [
-            {
-              id: "legacy-deny",
-              tool: "host_bash",
-              pattern: "rm -rf *",
-              scope: "everywhere",
-              decision: "deny",
-              priority: 200,
-              createdAt: 123,
-            },
-          ],
-        }),
-      );
-
-      clearCache();
-      const rules = getAllRules();
-
-      expect(rules.find((r) => r.id === "legacy-deny")).toBeDefined();
-      expect(readFileSync(trustPath, "utf-8")).toContain("legacy-deny");
-      expect(() => readFileSync(legacyTrustPath, "utf-8")).toThrow();
-    });
-
-    test("prefers protected trust file when both protected and legacy files exist", () => {
-      mkdirSync(dirname(trustPath), { recursive: true });
-      writeFileSync(
-        trustPath,
-        JSON.stringify({
-          version: 3,
-          rules: [
-            {
-              id: "protected-rule",
-              tool: "bash",
-              pattern: "protected *",
-              scope: "/tmp",
-              decision: "allow",
-              priority: 100,
-              createdAt: 1,
-            },
-          ],
-        }),
-      );
-      writeFileSync(
-        legacyTrustPath,
-        JSON.stringify({
-          version: 3,
-          rules: [
-            {
-              id: "legacy-rule",
-              tool: "bash",
-              pattern: "legacy *",
-              scope: "/tmp",
-              decision: "deny",
-              priority: 200,
-              createdAt: 2,
-            },
-          ],
-        }),
-      );
-
-      clearCache();
-      const rules = getAllRules();
-
-      expect(rules.find((r) => r.id === "protected-rule")).toBeDefined();
-      expect(rules.find((r) => r.id === "legacy-rule")).toBeUndefined();
-      expect(readFileSync(legacyTrustPath, "utf-8")).toContain("legacy-rule");
-    });
-
     test("malformed file (valid JSON but null) is handled gracefully", () => {
       mkdirSync(dirname(trustPath), { recursive: true });
       writeFileSync(trustPath, "null");
@@ -1536,10 +1461,10 @@ describe("Trust Store", () => {
       });
     });
 
-    // ── backward compatibility ────────────────────────────────────
+    // ── optional ctx parameter ────────────────────────────────────
 
-    describe("backward compatibility", () => {
-      test("existing callers without ctx parameter still work", () => {
+    describe("optional ctx parameter", () => {
+      test("callers without ctx parameter still work", () => {
         addRule("bash", "git *", "/tmp", "allow", 200);
         // Calling without the 4th argument — must still match
         const match = findHighestPriorityRule("bash", ["git status"], "/tmp");

package/src/__tests__/twilio-config.test.ts

@@ -13,7 +13,6 @@ mock.module("../util/logger.js", () => ({
 }));
 
 mock.module("../security/secure-keys.js", () => ({
-  getSecureKey: (key: string) => mockSecureKeys[key] ?? null,
   getSecureKeyAsync: async (key: string) => mockSecureKeys[key] ?? null,
 }));
 

package/src/__tests__/twilio-provider.test.ts

@@ -41,11 +41,6 @@ mock.module("../config/loader.js", () => ({
 }));
 
 mock.module("../security/secure-keys.js", () => ({
-  getSecureKey: (key: string) => {
-    if (key === credentialKey("twilio", "auth_token")) return mockAuthToken;
-    if (key === credentialKey("twilio", "account_sid")) return mockAccountSid;
-    return undefined;
-  },
   getSecureKeyAsync: async (key: string) => {
     if (key === credentialKey("twilio", "auth_token")) return mockAuthToken;
     if (key === credentialKey("twilio", "account_sid")) return mockAccountSid;

package/src/__tests__/twilio-routes.test.ts

@@ -120,11 +120,10 @@ mock.module("../util/logger.js", () => ({
 const mockConfigObj = {
   model: "test",
   provider: "test",
-  apiKeys: {},
   memory: { enabled: false },
   rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
   secretDetection: { enabled: false },
-  elevenlabs: { voiceId: "21m00Tcm4TlvDq8ikWAM" },
+  elevenlabs: { voiceId: DEFAULT_ELEVENLABS_VOICE_ID },
   calls: {
     voice: {
       language: "en-US",
@@ -144,7 +143,6 @@ mock.module("../config/loader.js", () => ({
 }));
 
 mock.module("../security/secure-keys.js", () => ({
-  getSecureKey: (key: string) => mockSecureKeyStore[key],
   setSecureKeyAsync: async (key: string, value: string) => {
     mockSecureKeyStore[key] = value;
     return true;
@@ -322,6 +320,7 @@ import {
   handleStatusCallback,
   handleVoiceWebhook,
 } from "../calls/twilio-routes.js";
+import { DEFAULT_ELEVENLABS_VOICE_ID } from "../config/schemas/elevenlabs.js";
 import { getDb, initializeDb, resetDb } from "../memory/db.js";
 import { conversations } from "../memory/schema.js";
 import {

package/src/__tests__/usage-cache-backfill-migration.test.ts

@@ -46,7 +46,7 @@ import {
 import { migrateBackfillUsageCacheAccounting } from "../memory/migrations/140-backfill-usage-cache-accounting.js";
 import type { PricingUsage } from "../usage/types.js";
 import {
-  estimateCost,
+  resolvePricing,
   resolvePricingForUsageWithOverrides,
 } from "../util/pricing.js";
 
@@ -187,7 +187,8 @@ describe("migrateBackfillUsageCacheAccounting", () => {
       model,
       inputTokens: 700,
       outputTokens: 70,
-      estimatedCostUsd: estimateCost(700, 70, model, "anthropic"),
+      estimatedCostUsd:
+        resolvePricing("anthropic", model, 700, 70).estimatedCostUsd ?? 0,
     });
     insertRequestLog({
       id: "log-prev",
@@ -201,12 +202,9 @@ describe("migrateBackfillUsageCacheAccounting", () => {
       }),
     });
 
-    const flattenedHistoricalCost = estimateCost(
-      3_420_218,
-      11_768,
-      model,
-      "anthropic",
-    );
+    const flattenedHistoricalCost =
+      resolvePricing("anthropic", model, 3_420_218, 11_768).estimatedCostUsd ??
+      0;
     insertUsageEvent({
       id: "usage-target",
       conversationId: "conv-usage-1",
@@ -245,7 +243,8 @@ describe("migrateBackfillUsageCacheAccounting", () => {
       }),
     });
 
-    const noLogCost = estimateCost(1_234, 56, model, "anthropic");
+    const noLogCost =
+      resolvePricing("anthropic", model, 1_234, 56).estimatedCostUsd ?? 0;
     insertUsageEvent({
       id: "usage-no-logs",
       conversationId: "conv-usage-2",
@@ -346,7 +345,8 @@ describe("migrateBackfillUsageCacheAccounting", () => {
       model,
       inputTokens: 1_200,
       outputTokens: 80,
-      estimatedCostUsd: estimateCost(1_200, 80, model, "anthropic"),
+      estimatedCostUsd:
+        resolvePricing("anthropic", model, 1_200, 80).estimatedCostUsd ?? 0,
     });
     insertRequestLog({
       id: "log-target",

package/src/__tests__/verification-control-plane-policy.test.ts

@@ -19,7 +19,6 @@ import type {
 const mockConfig = {
   provider: "anthropic",
   model: "test",
-  apiKeys: {},
   maxTokens: 4096,
   dataDir: "/tmp",
   timeouts: {

package/src/__tests__/voice-quality.test.ts

@@ -10,6 +10,7 @@ import {
   buildElevenLabsVoiceSpec,
   resolveVoiceQualityProfile,
 } from "../calls/voice-quality.js";
+import { DEFAULT_ELEVENLABS_VOICE_ID } from "../config/schemas/elevenlabs.js";
 
 describe("buildElevenLabsVoiceSpec", () => {
   test("returns bare voiceId when no model is set", () => {
@@ -63,7 +64,7 @@ describe("buildElevenLabsVoiceSpec", () => {
 describe("resolveVoiceQualityProfile", () => {
   test("always returns ElevenLabs ttsProvider", () => {
     mockConfig = {
-      elevenlabs: { voiceId: "21m00Tcm4TlvDq8ikWAM" },
+      elevenlabs: { voiceId: DEFAULT_ELEVENLABS_VOICE_ID },
       calls: {
         voice: {
           language: "en-US",

package/src/__tests__/voice-scoped-grant-consumer.test.ts

@@ -55,7 +55,6 @@ mock.module("../config/loader.js", () => ({
 
     provider: "anthropic",
     providerOrder: ["anthropic"],
-    apiKeys: { anthropic: "test-key" },
     calls: {
       enabled: true,
       provider: "twilio",

package/src/__tests__/web-search.test.ts

@@ -548,7 +548,7 @@ async function executeWebSearch(
   if (!apiKey) {
     return {
       content:
-        "Error: No web search API key configured. Provide a PERPLEXITY_API_KEY or BRAVE_API_KEY here in the chat using the secure credential prompt, or set it from the Settings page.",
+        "Error: No web search API key configured. Set it via `keys set perplexity <key>` or `keys set brave <key>`, or configure it from the Settings page under API Keys.",
       isError: true,
     };
   }

package/src/agent/loop.ts

@@ -1,5 +1,6 @@
 import * as Sentry from "@sentry/node";
 
+import { estimateToolsTokens } from "../context/token-estimator.js";
 import { truncateOversizedToolResults } from "../context/tool-result-truncation.js";
 import { getHookManager } from "../hooks/manager.js";
 import type {
@@ -78,7 +79,7 @@ export type AgentEvent =
       toolUseId: string;
       input: Record<string, unknown>;
     }
-  | { type: "server_tool_complete"; toolUseId: string }
+  | { type: "server_tool_complete"; toolUseId: string; isError: boolean }
   | { type: "error"; error: Error }
   | {
       type: "usage";
@@ -175,6 +176,20 @@ export class AgentLoop {
     this.toolExecutor = toolExecutor ?? null;
   }
 
+  /**
+   * Estimate token cost of the tool definitions sent to the provider.
+   *
+   * When `history` is provided and a dynamic `resolveTools` callback
+   * exists, the budget is derived from the resolved tool list for that
+   * turn — matching what `run()` actually sends. Without `history` (or
+   * without a resolver), falls back to the static `this.tools`.
+   */
+  getToolTokenBudget(history?: Message[]): number {
+    const tools =
+      history && this.resolveTools ? this.resolveTools(history) : this.tools;
+    return estimateToolsTokens(tools);
+  }
+
   async run(
     messages: Message[],
     onEvent: (event: AgentEvent) => void | Promise<void>,
@@ -318,6 +333,7 @@ export class AgentLoop {
                 onEvent({
                   type: "server_tool_complete",
                   toolUseId: event.toolUseId,
+                  isError: event.isError,
                 });
               }
             },

package/src/bundler/app-bundler.ts

@@ -14,7 +14,7 @@ import { join } from "node:path";
 import archiver from "archiver";
 import JSZip from "jszip";
 
-import { getApp, getAppsDir } from "../memory/app-store.js";
+import { getApp, getAppsDir, isMultifileApp } from "../memory/app-store.js";
 import { computeContentId } from "../util/content-id.js";
 import { getLogger } from "../util/logger.js";
 import { compileApp } from "./app-compiler.js";
@@ -60,8 +60,10 @@ export async function packageApp(
   const version = app.version ?? "1.0.0";
   const contentId = computeContentId(app.name);
 
+  const multifile = isMultifileApp(app);
+
   const manifest: AppManifest = {
-    format_version: 2,
+    format_version: multifile ? 2 : 1,
     name: app.name,
     ...(app.description ? { description: app.description } : {}),
     ...(app.icon ? { icon: app.icon } : {}),
@@ -74,34 +76,48 @@ export async function packageApp(
     content_id: contentId,
   };
 
-  // Compile the app and bundle the dist/ output.
+  // Compile the app and bundle the output.
   const compiledFiles: { name: string; data: Buffer }[] = [];
 
   const appDir = join(getAppsDir(), appId);
-  const compileResult = await compileApp(appDir);
-  if (!compileResult.ok) {
-    const messages = compileResult.errors
-      .map((e) => {
-        const loc = e.location
-          ? ` (${e.location.file}:${e.location.line}:${e.location.column})`
-          : "";
-        return `${e.text}${loc}`;
-      })
-      .join("\n");
-    throw new Error(`Compilation failed for app "${app.name}":\n${messages}`);
-  }
 
-  const distDir = join(appDir, "dist");
-  const indexHtml = await readFile(join(distDir, "index.html"), "utf-8");
-  const mainJs = await readFile(join(distDir, "main.js"));
+  if (multifile) {
+    // Multi-file TSX app: compile src/ -> dist/
+    const compileResult = await compileApp(appDir);
+    if (!compileResult.ok) {
+      const messages = compileResult.errors
+        .map((e) => {
+          const loc = e.location
+            ? ` (${e.location.file}:${e.location.line}:${e.location.column})`
+            : "";
+          return `${e.text}${loc}`;
+        })
+        .join("\n");
+      throw new Error(`Compilation failed for app "${app.name}":\n${messages}`);
+    }
+
+    const distDir = join(appDir, "dist");
+    const indexHtml = await readFile(join(distDir, "index.html"), "utf-8");
+    const mainJs = await readFile(join(distDir, "main.js"));
 
-  compiledFiles.push({ name: "index.html", data: Buffer.from(indexHtml) });
-  compiledFiles.push({ name: "main.js", data: mainJs });
+    compiledFiles.push({ name: "index.html", data: Buffer.from(indexHtml) });
+    compiledFiles.push({ name: "main.js", data: mainJs });
 
-  // main.css is optional — only produced when the app imports CSS
-  const cssPath = join(distDir, "main.css");
-  if (existsSync(cssPath)) {
-    compiledFiles.push({ name: "main.css", data: await readFile(cssPath) });
+    // main.css is optional — only produced when the app imports CSS
+    const cssPath = join(distDir, "main.css");
+    if (existsSync(cssPath)) {
+      compiledFiles.push({ name: "main.css", data: await readFile(cssPath) });
+    }
+  } else {
+    // Single-file HTML app: bundle index.html directly
+    const indexHtmlPath = join(appDir, "index.html");
+    if (!existsSync(indexHtmlPath)) {
+      throw new Error(
+        `App "${app.name}" has no src/ directory and no index.html`,
+      );
+    }
+    const indexHtml = await readFile(indexHtmlPath, "utf-8");
+    compiledFiles.push({ name: "index.html", data: Buffer.from(indexHtml) });
   }
 
   // Create the zip archive

package/src/calls/call-controller.ts

@@ -50,6 +50,7 @@ import {
   ASK_GUARDIAN_CAPTURE_REGEX,
   CALL_OPENING_ACK_MARKER,
   CALL_OPENING_MARKER,
+  CALL_VERIFICATION_COMPLETE_MARKER,
   couldBeControlMarker,
   END_CALL_MARKER,
   extractBalancedJson,
@@ -209,6 +210,21 @@ export class CallController {
     await this.runTurn(CALL_OPENING_MARKER);
   }
 
+  /**
+   * Kick off the first utterance after the caller has completed outbound
+   * phone verification. Sends a verification-aware marker so the LLM can
+   * greet naturally with context that verification just happened.
+   */
+  async startPostVerificationGreeting(): Promise<void> {
+    if (this.initialGreetingStarted) return;
+    if (this.state !== "idle") return;
+
+    this.initialGreetingStarted = true;
+    this.resetSilenceTimer();
+    this.lastSentWasOpener = true;
+    await this.runTurn(CALL_VERIFICATION_COMPLETE_MARKER);
+  }
+
   /**
    * Handle a final caller utterance from the ConversationRelay.
    * Caller utterances always trigger normal turns, even when a guardian

package/src/calls/guardian-question-copy.ts

@@ -52,7 +52,7 @@ export async function generateGuardianCopy(
   const fallback = buildFallbackCopy(questionText);
 
   // If no provider is configured, return fallback immediately
-  const resolved = resolveConfiguredProvider();
+  const resolved = await resolveConfiguredProvider();
   if (!resolved) {
     log.debug(
       "No provider available for guardian copy generation, using fallback",

package/src/calls/relay-server.ts

@@ -595,7 +595,7 @@ export class RelayConnection {
           (resolved.actorTrust.trustClass === "guardian" ||
             resolved.actorTrust.trustClass === "trusted_contact")
         ) {
-          touchContactInteraction(resolved.actorTrust.memberRecord.contact.id);
+          touchContactInteraction(resolved.actorTrust.memberRecord.channel.id);
         }
         if (this.controller && resolved.actorTrust.trustClass !== "unknown") {
           this.controller.setTrustContext(
@@ -612,7 +612,7 @@ export class RelayConnection {
               resolved.actorTrust.trustClass === "trusted_contact")
           ) {
             touchContactInteraction(
-              resolved.actorTrust.memberRecord.contact.id,
+              resolved.actorTrust.memberRecord.channel.id,
             );
           }
           if (this.controller && resolved.actorTrust.trustClass !== "unknown") {
@@ -992,14 +992,7 @@ export class RelayConnection {
       }
 
       if (isOutbound) {
-        this.connectionState = "disconnecting";
-        this.sendTextToken(result.ttsMessage!, true);
-
-        updateCallSession(this.callSessionId, {
-          status: "completed",
-          endedAt: Date.now(),
-        });
-
+        // Keep the pointer message back to the initiating conversation
         const successSession = getCallSession(this.callSessionId);
         if (successSession?.initiatedFromConversationId) {
           addPointerMessage(
@@ -1018,9 +1011,32 @@ export class RelayConnection {
           });
         }
 
-        setTimeout(() => {
-          this.endSession("Verified — guardian challenge passed");
-        }, getTtsPlaybackDelayMs());
+        // Update trust context on the controller so the LLM knows this is the guardian
+        if (this.controller) {
+          const verifiedActorTrust = resolveActorTrust({
+            assistantId,
+            sourceChannel: "phone",
+            conversationExternalId: fromNumber,
+            actorExternalId: fromNumber,
+          });
+          this.controller.setTrustContext(
+            toTrustContext(verifiedActorTrust, fromNumber),
+          );
+        }
+
+        // Mark session as in-progress and transition to guardian conversation
+        // with verification context so the LLM greets naturally.
+        updateCallSession(this.callSessionId, { status: "in_progress" });
+        if (this.controller) {
+          this.controller
+            .startPostVerificationGreeting()
+            .catch((err) =>
+              log.error(
+                { err, callSessionId: this.callSessionId },
+                "Failed to start post-verification greeting",
+              ),
+            );
+        }
       } else if (result.verificationType === "trusted_contact") {
         this.continueCallAfterTrustedContactActivation({
           assistantId,

package/src/calls/voice-control-protocol.ts

@@ -11,6 +11,7 @@
 
 export const CALL_OPENING_MARKER = "[CALL_OPENING]";
 export const CALL_OPENING_ACK_MARKER = "[CALL_OPENING_ACK]";
+export const CALL_VERIFICATION_COMPLETE_MARKER = "[CALL_VERIFICATION_COMPLETE]";
 export const END_CALL_MARKER = "[END_CALL]";
 
 // ---------------------------------------------------------------------------

package/src/calls/voice-quality.ts

@@ -44,7 +44,7 @@ export function buildElevenLabsVoiceSpec(config: {
  *
  * Always uses ElevenLabs TTS via Twilio ConversationRelay.
  * The voice ID comes from the shared `elevenlabs.voiceId` config
- * (defaults to Rachel — 21m00Tcm4TlvDq8ikWAM).
+ * (defaults to Amelia — ZF6FPAbjXT4488VcRRnw).
  */
 export function resolveVoiceQualityProfile(
   config?: ReturnType<typeof loadConfig>,

package/src/calls/voice-session-bridge.ts

@@ -24,7 +24,10 @@ import { checkIngressForSecrets } from "../security/secret-ingress.js";
 import { computeToolApprovalDigest } from "../security/tool-approval-digest.js";
 import { IngressBlockedError } from "../util/errors.js";
 import { getLogger } from "../util/logger.js";
-import { CALL_OPENING_MARKER } from "./voice-control-protocol.js";
+import {
+  CALL_OPENING_MARKER,
+  CALL_VERIFICATION_COMPLETE_MARKER,
+} from "./voice-control-protocol.js";
 
 const log = getLogger("voice-session-bridge");
 
@@ -197,7 +200,8 @@ function buildVoiceCallControlPrompt(opts: {
         ? " However, the disclosure text from rule 0 is separate from self-introduction and must always be included in your opening greeting, even if the Task does not mention introducing yourself."
         : "";
     lines.push(
-      `7. If the latest user turn is "(call connected — deliver opening greeting)", deliver your opening greeting based solely on the Task context above. The Task already describes how to open the call — follow it directly without adding any extra introduction on top. If the Task says to introduce yourself, do so once. If the Task does not mention introducing yourself, skip the introduction.${disclosureReminder} Vary the wording naturally; do not use a fixed template.`,
+      '7. If the latest user turn is "(verification completed — transitioning into conversation)", the caller just completed a phone verification code challenge on this call. Greet them naturally and ask if there is anything you can help with. Keep it casual and brief.',
+      `If the latest user turn is "(call connected — deliver opening greeting)", deliver your opening greeting based solely on the Task context above. The Task already describes how to open the call — follow it directly without adding any extra introduction on top. If the Task says to introduce yourself, do so once. If the Task does not mention introducing yourself, skip the introduction.${disclosureReminder} Vary the wording naturally; do not use a fixed template.`,
       "8. If the latest user turn includes [CALL_OPENING_ACK], treat it as the callee acknowledging your opener and continue the conversation naturally without re-introducing yourself or repeating the initial check-in question.",
     );
   }
@@ -269,7 +273,9 @@ export async function startVoiceTurn(
   const persistedContent =
     opts.content === CALL_OPENING_MARKER
       ? "(call connected — deliver opening greeting)"
-      : opts.content;
+      : opts.content === CALL_VERIFICATION_COMPLETE_MARKER
+        ? "(verification completed — transitioning into conversation)"
+        : opts.content;
 
   // Build the call-control protocol prompt so the model knows how to emit
   // control markers (ASK_GUARDIAN, END_CALL, etc.) and recognize opener turns.

package/src/channels/types.ts

@@ -74,6 +74,22 @@ export function assertInterfaceId(value: unknown, field: string): InterfaceId {
   return value;
 }
 
+/**
+ * Interfaces that have an SSE client capable of displaying interactive
+ * permission prompts. Channel interfaces (telegram, slack, etc.) route
+ * approvals through the guardian system and have no interactive prompter UI.
+ */
+export const INTERACTIVE_INTERFACES: ReadonlySet<InterfaceId> = new Set([
+  "macos",
+  "ios",
+  "cli",
+  "vellum",
+]);
+
+export function isInteractiveInterface(id: InterfaceId): boolean {
+  return INTERACTIVE_INTERFACES.has(id);
+}
+
 export interface TurnInterfaceContext {
   userMessageInterface: InterfaceId;
   assistantMessageInterface: InterfaceId;