@vellumai/assistant 0.6.0 → 0.6.2

package/src/__tests__/task-memory-cleanup.test.ts

@@ -736,24 +736,24 @@ describe("invalidateAssistantInferredItemsForConversation", () => {
     expect(isConversationFailed(otherConvId)).toBe(false);
   });
 
-  test("cancels pending extract_items jobs for the failed conversation", () => {
+  test("cancels pending graph_extract jobs for the failed conversation", () => {
     seedConversations();
     seedMessages();
 
     const db = getDb();
 
-    // Enqueue extract_items jobs for messages in the target conversation
-    enqueueMemoryJob("extract_items", {
-      messageId: "msg-task-1",
+    // Enqueue graph_extract jobs for the target conversation
+    enqueueMemoryJob("graph_extract", {
+      conversationId: convId,
       scopeId: "default",
     });
-    enqueueMemoryJob("extract_items", {
-      messageId: "msg-task-2",
+    enqueueMemoryJob("graph_extract", {
+      conversationId: convId,
       scopeId: "default",
     });
-    // Enqueue an extract_items job for a message in a different conversation
-    enqueueMemoryJob("extract_items", {
-      messageId: "msg-other",
+    // Enqueue a graph_extract job for a different conversation
+    enqueueMemoryJob("graph_extract", {
+      conversationId: otherConvId,
       scopeId: "default",
     });
 
@@ -761,7 +761,7 @@ describe("invalidateAssistantInferredItemsForConversation", () => {
     const pendingBefore = db
       .select()
       .from(memoryJobs)
-      .where(eq(memoryJobs.type, "extract_items"))
+      .where(eq(memoryJobs.type, "graph_extract"))
       .all();
     expect(pendingBefore.filter((j) => j.status === "pending")).toHaveLength(3);
 
@@ -771,7 +771,7 @@ describe("invalidateAssistantInferredItemsForConversation", () => {
     const allJobs = db
       .select()
       .from(memoryJobs)
-      .where(eq(memoryJobs.type, "extract_items"))
+      .where(eq(memoryJobs.type, "graph_extract"))
       .all();
     const failedJobs = allJobs.filter((j) => j.status === "failed");
     const pendingJobs = allJobs.filter((j) => j.status === "pending");
@@ -785,6 +785,6 @@ describe("invalidateAssistantInferredItemsForConversation", () => {
     // The job for the other conversation should remain pending
     expect(pendingJobs).toHaveLength(1);
     const payload = JSON.parse(pendingJobs[0].payload);
-    expect(payload.messageId).toBe("msg-other");
+    expect(payload.conversationId).toBe(otherConvId);
   });
 });

package/src/__tests__/terminal-sandbox.test.ts

@@ -2,7 +2,7 @@ import * as realChildProcess from "node:child_process";
 import * as realFs from "node:fs";
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
-import type { SandboxConfig } from "../config/schema.js";
+import type { SandboxConfig } from "../tools/terminal/sandbox.js";
 
 let platform = "linux";
 

package/src/__tests__/terminal-tools.test.ts

@@ -1,3 +1,4 @@
+import { existsSync, readFileSync } from "node:fs";
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
 import type { ShellOutputResult } from "../tools/shared/shell-output.js";
@@ -64,9 +65,13 @@ mock.module("../tools/network/script-proxy/index.js", () => ({
 
 // ── Imports (after mocks) ───────────────────────────────────────────────────
 
-import type { SandboxConfig } from "../config/schema.js";
 import { parse } from "../tools/terminal/parser.js";
-import { buildSanitizedEnv } from "../tools/terminal/safe-env.js";
+import {
+  ALWAYS_INJECTED_ENV_VARS,
+  buildSanitizedEnv,
+  SAFE_ENV_VARS,
+} from "../tools/terminal/safe-env.js";
+import type { SandboxConfig } from "../tools/terminal/sandbox.js";
 import { wrapCommand } from "../tools/terminal/sandbox.js";
 import { ToolError } from "../util/errors.js";
 
@@ -450,30 +455,7 @@ describe("buildSanitizedEnv", () => {
   test("result is a plain object with no prototype-inherited secrets", () => {
     const env = buildSanitizedEnv();
     const keys = Object.keys(env);
-    const safeKeys = [
-      "PATH",
-      "HOME",
-      "TERM",
-      "LANG",
-      "EDITOR",
-      "SHELL",
-      "USER",
-      "TMPDIR",
-      "LC_ALL",
-      "LC_CTYPE",
-      "XDG_RUNTIME_DIR",
-      "DISPLAY",
-      "COLORTERM",
-      "TERM_PROGRAM",
-      "SSH_AUTH_SOCK",
-      "SSH_AGENT_PID",
-      "GPG_TTY",
-      "GNUPGHOME",
-      "VELLUM_DEV",
-      "INTERNAL_GATEWAY_BASE_URL",
-      "VELLUM_DATA_DIR",
-      "VELLUM_WORKSPACE_DIR",
-    ];
+    const safeKeys: string[] = [...SAFE_ENV_VARS, ...ALWAYS_INJECTED_ENV_VARS];
     for (const key of keys) {
       expect(safeKeys).toContain(key);
     }
@@ -722,9 +704,14 @@ describe("formatShellOutput", () => {
   });
 
   test("truncates very long output", () => {
-    const longOutput = "x".repeat(60_000);
+    const longOutput = "x".repeat(30_000);
     const result = formatShellOutput(longOutput, "", 0, false, 120);
-    expect(result.content).toContain('<output_truncated limit="50K" />');
-    expect(result.content.length).toBeLessThan(60_000);
+    expect(result.content).toContain('limit="20K"');
+    // Extract the file="..." attribute from the truncation tag
+    const fileMatch = result.content.match(/file="([^"]+)"/);
+    expect(fileMatch).not.toBeNull();
+    const filePath = fileMatch![1];
+    expect(existsSync(filePath)).toBe(true);
+    expect(readFileSync(filePath, "utf-8")).toBe(longOutput);
   });
 });

package/src/__tests__/test-preload.ts

@@ -22,10 +22,28 @@ const testDir = realpathSync(
   mkdtempSync(join(tmpdir(), "vellum-test-workspace-")),
 );
 process.env.VELLUM_WORKSPACE_DIR = testDir;
+process.env.VELLUM_PLATFORM_URL = "https://test-platform.vellum.ai";
+process.exitCode = 0;
+
+// Prevent tests from routing credential writes through the real CES
+// (Credential Execution Service). Without this, setSecureKeyAsync() in
+// containerized environments writes to the live credential store.
+const savedIsContainerized = process.env.IS_CONTAINERIZED;
+const savedCesCredentialUrl = process.env.CES_CREDENTIAL_URL;
+delete process.env.IS_CONTAINERIZED;
+delete process.env.CES_CREDENTIAL_URL;
 
 afterAll(() => {
   resetDb();
+  process.exitCode = 0;
   delete process.env.VELLUM_WORKSPACE_DIR;
+  delete process.env.VELLUM_PLATFORM_URL;
+  if (savedIsContainerized !== undefined) {
+    process.env.IS_CONTAINERIZED = savedIsContainerized;
+  }
+  if (savedCesCredentialUrl !== undefined) {
+    process.env.CES_CREDENTIAL_URL = savedCesCredentialUrl;
+  }
   try {
     rmSync(testDir, { recursive: true, force: true });
   } catch {

package/src/__tests__/tool-domain-event-publisher.test.ts

@@ -37,7 +37,6 @@ describe("createToolDomainEventPublisher", () => {
       reason: "needs approval",
       allowlistOptions: [],
       scopeOptions: [],
-      sandboxed: true,
     });
 
     await publish({

package/src/__tests__/tool-executor-lifecycle-events.test.ts

@@ -41,7 +41,6 @@ let checkerDecision: "allow" | "prompt" | "deny" = "allow";
 let checkerReason = "allowed";
 let checkerRisk = "low";
 let promptDecision: "allow" | "always_allow" | "deny" | "always_deny" = "allow";
-let sandboxed = false;
 let fakeToolResult: ToolExecutionResult = { content: "ok", isError: false };
 let toolThrow: Error | null = null;
 
@@ -151,7 +150,7 @@ mock.module("../tools/shared/filesystem/path-policy.js", () => ({
 }));
 
 mock.module("../tools/terminal/sandbox.js", () => ({
-  wrapCommand: () => ({ command: "", sandboxed }),
+  wrapCommand: () => ({ command: "", sandboxed: false }),
 }));
 
 import { PermissionPrompter } from "../permissions/prompter.js";
@@ -193,7 +192,6 @@ describe("ToolExecutor lifecycle events", () => {
     checkerReason = "allowed";
     checkerRisk = "low";
     promptDecision = "allow";
-    sandboxed = false;
     fakeToolResult = { content: "ok", isError: false };
     toolThrow = null;
   });
@@ -231,7 +229,6 @@ describe("ToolExecutor lifecycle events", () => {
     checkerReason = "medium risk: requires approval";
     checkerRisk = "medium";
     promptDecision = "deny";
-    sandboxed = true;
 
     const events: ToolLifecycleEvent[] = [];
     const executor = new ToolExecutor(makePrompter());
@@ -256,7 +253,6 @@ describe("ToolExecutor lifecycle events", () => {
     expect(promptEvent.executionTarget).toBe("sandbox");
     expect(promptEvent.riskLevel).toBe("medium");
     expect(promptEvent.reason).toBe("medium risk: requires approval");
-    expect(promptEvent.sandboxed).toBe(true);
     expect(promptEvent.allowlistOptions).toEqual([
       { label: "exact", description: "exact", pattern: "exact" },
     ]);
@@ -276,7 +272,6 @@ describe("ToolExecutor lifecycle events", () => {
     checkerDecision = "prompt";
     checkerReason = "guardrail prompt";
     checkerRisk = "high";
-    sandboxed = true;
 
     const events: ToolLifecycleEvent[] = [];
     const executor = new ToolExecutor(
@@ -580,7 +575,6 @@ describe("ToolExecutor lifecycle events", () => {
     checkerReason = "Matched trust rule";
     checkerRisk = "low";
     promptDecision = "allow";
-    sandboxed = true;
 
     const events: ToolLifecycleEvent[] = [];
     const executor = new ToolExecutor(makePrompter());
@@ -602,7 +596,6 @@ describe("ToolExecutor lifecycle events", () => {
     expect(promptEvent.reason).toBe(
       "Private conversation: side-effect tools require explicit approval",
     );
-    expect(promptEvent.sandboxed).toBe(true);
   });
 
   test("no permission_prompt event for read-only tool even with forcePromptSideEffects", async () => {

package/src/__tests__/tool-executor.test.ts

@@ -1949,7 +1949,6 @@ describe("ToolExecutor persistentDecisionsAllowed contract", () => {
         _allowlistOptions: AllowlistOption[],
         _scopeOptions: ScopeOption[],
         _diff: unknown,
-        _sandboxed: unknown,
         _conversationId: unknown,
         _executionTarget: unknown,
         persistentDecisionsAllowed: boolean | undefined,
@@ -2072,7 +2071,8 @@ describe("ToolExecutor persistentDecisionsAllowed contract", () => {
 // ---------------------------------------------------------------------------
 
 // Import the real buildSanitizedEnv (not mocked) for baseline credential tests
-const { buildSanitizedEnv } = await import("../tools/terminal/safe-env.js");
+const { buildSanitizedEnv, SAFE_ENV_VARS, ALWAYS_INJECTED_ENV_VARS } =
+  await import("../tools/terminal/safe-env.js");
 
 describe("buildSanitizedEnv — baseline: credential exclusion", () => {
   // Credential-like env vars that must never appear in the sanitized env.
@@ -2130,33 +2130,10 @@ describe("buildSanitizedEnv — baseline: credential exclusion", () => {
   });
 
   test("sanitized env only contains keys from the allowlist", () => {
-    const SAFE_ENV_VARS = [
-      "PATH",
-      "HOME",
-      "TERM",
-      "LANG",
-      "EDITOR",
-      "SHELL",
-      "USER",
-      "TMPDIR",
-      "LC_ALL",
-      "LC_CTYPE",
-      "XDG_RUNTIME_DIR",
-      "DISPLAY",
-      "COLORTERM",
-      "TERM_PROGRAM",
-      "SSH_AUTH_SOCK",
-      "SSH_AGENT_PID",
-      "GPG_TTY",
-      "GNUPGHOME",
-      "INTERNAL_GATEWAY_BASE_URL",
-      "VELLUM_DATA_DIR",
-      "VELLUM_WORKSPACE_DIR",
-    ];
-
+    const allowed: string[] = [...SAFE_ENV_VARS, ...ALWAYS_INJECTED_ENV_VARS];
     const env = buildSanitizedEnv();
     for (const key of Object.keys(env)) {
-      expect(SAFE_ENV_VARS).toContain(key);
+      expect(allowed).toContain(key);
     }
   });
 });

package/src/__tests__/tool-side-effects-slack-dm.test.ts

@@ -31,6 +31,7 @@ mock.module("../memory/app-store.js", () => ({
   getApp: mock(() => null),
   getAppDirPath: mock(() => ""),
   isMultifileApp: mock(() => false),
+  resolveAppIdFromPath: mock(() => null),
 }));
 mock.module("../services/published-app-updater.js", () => ({
   updatePublishedAppDeployment: mock(() => Promise.resolve()),

package/src/__tests__/top-level-renderer.test.ts

@@ -15,11 +15,11 @@ describe("renderWorkspaceTopLevelContext", () => {
     const result = renderWorkspaceTopLevelContext(snapshot);
     expect(result).toBe(
       [
-        "<workspace_top_level>",
+        "<workspace>",
         "Root: /sandbox",
         "Directories: lib, src, tests",
         "Files: README.md, package.json",
-        "</workspace_top_level>",
+        "</workspace>",
       ].join("\n"),
     );
   });
@@ -61,11 +61,11 @@ describe("renderWorkspaceTopLevelContext", () => {
     const result = renderWorkspaceTopLevelContext(snapshot);
     expect(result).toBe(
       [
-        "<workspace_top_level>",
+        "<workspace>",
         "Root: /empty",
         "Directories: ",
         "Files: ",
-        "</workspace_top_level>",
+        "</workspace>",
       ].join("\n"),
     );
   });
@@ -92,8 +92,8 @@ describe("renderWorkspaceTopLevelContext", () => {
     };
 
     const result = renderWorkspaceTopLevelContext(snapshot);
-    expect(result.startsWith("<workspace_top_level>")).toBe(true);
-    expect(result.endsWith("</workspace_top_level>")).toBe(true);
+    expect(result.startsWith("<workspace>")).toBe(true);
+    expect(result.endsWith("</workspace>")).toBe(true);
   });
 
   test("includes hidden directories", () => {
@@ -124,7 +124,7 @@ describe("renderWorkspaceTopLevelContext", () => {
     expect(result).toContain("Files: a.txt, b.txt");
   });
 
-  test("renders current conversation and attachment paths when provided", () => {
+  test("renders attachment path when provided", () => {
     const snapshot: TopLevelSnapshot = {
       rootPath: "/sandbox",
       directories: ["src"],
@@ -133,16 +133,13 @@ describe("renderWorkspaceTopLevelContext", () => {
     };
 
     const result = renderWorkspaceTopLevelContext(snapshot, {
-      currentConversationPath: "conversations/2026-03-19T12-00-00.000Z_conv-1/",
-      currentConversationAttachmentsPath:
+      conversationAttachmentsPath:
         "conversations/2026-03-19T12-00-00.000Z_conv-1/attachments/",
     });
 
     expect(result).toContain(
-      "Current conversation folder: conversations/2026-03-19T12-00-00.000Z_conv-1/",
-    );
-    expect(result).toContain(
-      "Attachment files: conversations/2026-03-19T12-00-00.000Z_conv-1/attachments/",
+      "Current conversation attachments: conversations/2026-03-19T12-00-00.000Z_conv-1/attachments/",
     );
+    expect(result).not.toContain("Current conversation folder");
   });
 });

package/src/__tests__/transport-hints-queue.test.ts

@@ -0,0 +1,77 @@
+import { describe, expect, test } from "bun:test";
+
+import type {
+  MacosTransportMetadata,
+  NonMacosTransportMetadata,
+} from "../daemon/message-types/conversations.js";
+import { buildTransportHints } from "../daemon/transport-hints.js";
+
+// ---------------------------------------------------------------------------
+// buildTransportHints
+// ---------------------------------------------------------------------------
+
+describe("buildTransportHints", () => {
+  test("produces correct hints for macOS transport", () => {
+    const transport: MacosTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "macos",
+      hostHomeDir: "/Users/alice",
+      hostUsername: "alice",
+    };
+
+    const hints = buildTransportHints(transport);
+
+    expect(hints).toContain("User is messaging from interface: macos");
+    expect(hints).toContain("Host home directory: /Users/alice");
+    expect(hints).toContain("Host username: alice");
+    expect(hints).toHaveLength(3);
+  });
+
+  test("produces correct hints for non-macOS transport", () => {
+    const transport: NonMacosTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "ios",
+    };
+
+    const hints = buildTransportHints(transport);
+
+    expect(hints).toContain("User is messaging from interface: ios");
+    expect(hints).toHaveLength(1);
+    // Should not include host environment hints
+    expect(hints.some((h) => h.includes("Host home directory"))).toBe(false);
+    expect(hints.some((h) => h.includes("Host username"))).toBe(false);
+  });
+
+  test("includes client-provided hints", () => {
+    const transport: MacosTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "macos",
+      hostHomeDir: "/Users/bob",
+      hostUsername: "bob",
+      hints: ["custom hint"],
+    };
+
+    const hints = buildTransportHints(transport);
+
+    expect(hints).toContain("User is messaging from interface: macos");
+    expect(hints).toContain("Host home directory: /Users/bob");
+    expect(hints).toContain("Host username: bob");
+    expect(hints).toContain("custom hint");
+    expect(hints).toHaveLength(4);
+  });
+
+  test("handles missing optional fields on macOS transport", () => {
+    const transport: MacosTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "macos",
+    };
+
+    const hints = buildTransportHints(transport);
+
+    expect(hints).toContain("User is messaging from interface: macos");
+    // Without hostHomeDir and hostUsername, only the interface hint is present
+    expect(hints).toHaveLength(1);
+    expect(hints.some((h) => h.includes("Host home directory"))).toBe(false);
+    expect(hints.some((h) => h.includes("Host username"))).toBe(false);
+  });
+});

package/src/__tests__/trust-store.test.ts

@@ -909,8 +909,8 @@ describe("Trust Store", () => {
       expect(match!.id).toBe("default:allow-bash-rm-bootstrap");
       expect(match!.decision).toBe("allow");
       expect(match!.allowHighRisk).toBe(true);
-      // Outside workspace, the bootstrap rule doesn't match — with sandbox
-      // disabled (the default), there is no catch-all bash allow rule either.
+      // Outside workspace, the bootstrap rule doesn't match — without
+      // IS_CONTAINERIZED there is no catch-all bash allow rule either.
       const other = findHighestPriorityRule(
         "bash",
         ["rm BOOTSTRAP.md"],
@@ -930,8 +930,8 @@ describe("Trust Store", () => {
       expect(match!.id).toBe("default:allow-bash-rm-updates");
       expect(match!.decision).toBe("allow");
       expect(match!.allowHighRisk).toBe(true);
-      // Outside workspace, should NOT match the updates rule — with sandbox
-      // disabled (the default), there is no catch-all bash allow rule either.
+      // Outside workspace, should NOT match the updates rule — without
+      // IS_CONTAINERIZED there is no catch-all bash allow rule either.
       const other = findHighestPriorityRule(
         "bash",
         ["rm UPDATES.md"],

package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts

@@ -133,7 +133,7 @@ describe("trusted contact lifecycle notification signals", () => {
     resetState();
   });
 
-  test("guardian deny emits guardian_decision and denied signals", async () => {
+  test("guardian deny emits guardian_decision and denied signals with display names", async () => {
     // Set up guardian binding and member record (guardians must pass ACL)
     createGuardianBinding({
       channel: "telegram",
@@ -148,6 +148,17 @@ describe("trusted contact lifecycle notification signals", () => {
       externalChatId: "guardian-chat-789",
       status: "active",
       policy: "allow",
+      displayName: "Guardian Bob",
+    });
+
+    // Set up requester contact with a display name so payloads are enriched
+    upsertContactChannel({
+      sourceChannel: "telegram",
+      externalUserId: "requester-user-456",
+      externalChatId: "requester-chat-456",
+      status: "pending",
+      policy: "ask",
+      displayName: "Alice Requester",
     });
 
     const testRequestId = `req-deny-${Date.now()}`;
@@ -199,11 +210,15 @@ describe("trusted contact lifecycle notification signals", () => {
     expect(gdPayload.decision).toBe("denied");
     expect(gdPayload.requesterExternalUserId).toBe("requester-user-456");
     expect(gdPayload.decidedByExternalUserId).toBe("guardian-user-789");
+    expect(gdPayload.requesterDisplayName).toBe("Alice Requester");
+    expect(gdPayload.decidedByDisplayName).toBe("Guardian Bob");
 
     // Verify denied payload
     const dPayload = deniedSignals[0].contextPayload as Record<string, unknown>;
     expect(dPayload.decision).toBe("denied");
     expect(dPayload.requesterExternalUserId).toBe("requester-user-456");
+    expect(dPayload.requesterDisplayName).toBe("Alice Requester");
+    expect(dPayload.decidedByDisplayName).toBe("Guardian Bob");
 
     // Verify deduplication keys are distinct
     expect(guardianDecisionSignals[0].dedupeKey).toContain(
@@ -212,7 +227,7 @@ describe("trusted contact lifecycle notification signals", () => {
     expect(deniedSignals[0].dedupeKey).toContain("trusted-contact:denied:");
   });
 
-  test("guardian approve emits guardian_decision and verification_sent signals", async () => {
+  test("guardian approve emits guardian_decision and verification_sent signals with display names", async () => {
     // Set up guardian binding and member record (guardians must pass ACL)
     createGuardianBinding({
       channel: "telegram",
@@ -227,6 +242,17 @@ describe("trusted contact lifecycle notification signals", () => {
       externalChatId: "guardian-chat-789",
       status: "active",
       policy: "allow",
+      displayName: "Guardian Bob",
+    });
+
+    // Set up requester contact with a display name
+    upsertContactChannel({
+      sourceChannel: "telegram",
+      externalUserId: "requester-user-456",
+      externalChatId: "requester-chat-456",
+      status: "pending",
+      policy: "ask",
+      displayName: "Alice Requester",
     });
 
     const testRequestId = `req-approve-${Date.now()}`;
@@ -276,6 +302,8 @@ describe("trusted contact lifecycle notification signals", () => {
     const vsPayload = vsSignal.contextPayload as Record<string, unknown>;
     expect(vsPayload.requesterExternalUserId).toBe("requester-user-456");
     expect(vsPayload.verificationSessionId).toBeDefined();
+    expect(vsPayload.requesterDisplayName).toBe("Alice Requester");
+    expect(vsPayload.decidedByDisplayName).toBe("Guardian Bob");
     expect(
       (vsSignal.attentionHints as Record<string, unknown>).visibleInSourceNow,
     ).toBe(true);
@@ -340,6 +368,92 @@ describe("trusted contact lifecycle notification signals", () => {
     // guardian_decision and denied — both keyed on approval.id
     expect(signals.length).toBe(2);
   });
+
+  test("display name fields fall back to null when contacts have no display name", async () => {
+    // Set up guardian binding — createGuardianBinding creates a contact with
+    // displayName defaulting to the externalUserId. We need to verify the
+    // null-fallback path for display name resolution, so we use a guardian
+    // whose external user ID does NOT have a matching contact_channels row.
+    //
+    // Strategy: create the guardian binding normally (so the sender is
+    // classified as trustClass="guardian"), then use a DIFFERENT external
+    // user ID in the approval request's guardianExternalUserId field. The
+    // decidedByExternalUserId comes from actorExternalId (the real guardian),
+    // which DOES have a contact. To truly get null, we clear the guardian
+    // contact's displayName to empty string after creation — the signal
+    // enrichment code treats empty string the same as null for display
+    // purposes.
+    createGuardianBinding({
+      channel: "telegram",
+      guardianExternalUserId: "guardian-noname-111",
+      guardianDeliveryChatId: "guardian-chat-111",
+      guardianPrincipalId: "guardian-noname-111",
+      verifiedVia: "test",
+    });
+
+    // Clear the guardian contact's displayName to empty string so the
+    // display name resolution returns a falsy value. createGuardianBinding
+    // defaults displayName to the externalUserId, which would be a non-empty
+    // string and defeat the purpose of this test.
+    const db = getDb();
+    db.run("UPDATE contacts SET display_name = '' WHERE role = 'guardian'");
+
+    // Do NOT create a requester contact — display name should resolve to null
+
+    const testRequestId = `req-noname-${Date.now()}`;
+
+    createApprovalRequest({
+      runId: `ingress-access-request-${Date.now()}`,
+      requestId: testRequestId,
+      conversationId: "access-req-telegram-requester-noname-222",
+      channel: "telegram",
+      requesterExternalUserId: "requester-noname-222",
+      requesterChatId: "requester-chat-222",
+      guardianExternalUserId: "guardian-noname-111",
+      guardianChatId: "guardian-chat-111",
+      toolName: "ingress_access_request",
+      riskLevel: "access_request",
+      reason: "Unknown user requesting access",
+      expiresAt: Date.now() + GUARDIAN_APPROVAL_TTL_MS,
+    });
+
+    // Guardian denies via callback button
+    const guardianReq = buildInboundRequest({
+      conversationExternalId: "guardian-chat-111",
+      actorExternalId: "guardian-noname-111",
+      actorDisplayName: "Guardian",
+      content: "",
+      callbackData: `apr:${testRequestId}:reject`,
+    });
+
+    await handleChannelInbound(guardianReq, undefined, TEST_BEARER_TOKEN);
+
+    const guardianDecisionSignals = emitSignalCalls.filter(
+      (c) => c.sourceEventName === "ingress.trusted_contact.guardian_decision",
+    );
+    const deniedSignals = emitSignalCalls.filter(
+      (c) => c.sourceEventName === "ingress.trusted_contact.denied",
+    );
+
+    expect(guardianDecisionSignals.length).toBe(1);
+    expect(deniedSignals.length).toBe(1);
+
+    // Verify display names fall back to null/empty when contacts have no
+    // display name set.
+    const gdPayload = guardianDecisionSignals[0].contextPayload as Record<
+      string,
+      unknown
+    >;
+    expect(gdPayload.requesterDisplayName).toBeNull();
+    // Guardian contact exists but displayName was cleared to empty string.
+    // The signal enrichment resolves displayName from the contact record,
+    // so decidedByDisplayName will be "" (empty string) rather than null.
+    expect(gdPayload.decidedByDisplayName).toBe("");
+
+    const dPayload = deniedSignals[0].contextPayload as Record<string, unknown>;
+    expect(dPayload.requesterDisplayName).toBeNull();
+    expect(dPayload.decidedByDisplayName).toBe("");
+  });
 });
 
 // ---------------------------------------------------------------------------