@vellumai/assistant 0.6.2 → 0.6.3

package/src/__tests__/confirmation-request-guardian-bridge.test.ts

@@ -10,6 +10,8 @@
 
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
+
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -133,6 +135,7 @@ describe("bridgeConfirmationRequestToGuardian", () => {
     resetTables();
     emittedSignals.length = 0;
     mockOnConversationCreatedCallbacks.length = 0;
+    _setOverridesForTesting({});
   });
 
   test("emits guardian.question for trusted-contact sessions", () => {
@@ -223,6 +226,26 @@ describe("bridgeConfirmationRequestToGuardian", () => {
     expect(emittedSignals).toHaveLength(0);
   });
 
+  test("skips trusted-contact bridging entirely under permission-controls-v2", () => {
+    _setOverridesForTesting({ "permission-controls-v2": true });
+
+    const canonicalRequest = makeCanonicalRequest();
+    const trustContext = makeTrustedContactContext();
+
+    const result = bridgeConfirmationRequestToGuardian({
+      canonicalRequest,
+      trustContext,
+      conversationId: "conv-1",
+      toolName: "bash",
+    });
+
+    expect("skipped" in result && result.skipped).toBe(true);
+    if ("skipped" in result) {
+      expect(result.reason).toBe("v2_model_mediated");
+    }
+    expect(emittedSignals).toHaveLength(0);
+  });
+
   test("skips when no guardian binding exists for channel", () => {
     const canonicalRequest = makeCanonicalRequest({ sourceChannel: "phone" });
     const trustContext = makeTrustedContactContext({

package/src/__tests__/context-overflow-approval.test.ts

@@ -1,5 +1,6 @@
-import { describe, expect, mock, test } from "bun:test";
+import { beforeEach, describe, expect, mock, test } from "bun:test";
 
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
 import {
   CONTEXT_OVERFLOW_TOOL_NAME,
   requestCompressionApproval,
@@ -20,8 +21,22 @@ function createMockPrompter(decision: UserDecision): PermissionPrompter {
 }
 
 describe("requestCompressionApproval", () => {
+  beforeEach(() => {
+    _setOverridesForTesting({});
+  });
+
   // ── Prompt shape ──
 
+  test("auto-approves without prompting under v2", async () => {
+    _setOverridesForTesting({ "permission-controls-v2": true });
+
+    const prompter = createMockPrompter("deny");
+    const result = await requestCompressionApproval(prompter);
+
+    expect(result).toEqual({ approved: true });
+    expect(prompter.prompt).not.toHaveBeenCalled();
+  });
+
   test("uses the reserved pseudo tool name", async () => {
     const prompter = createMockPrompter("allow");
     await requestCompressionApproval(prompter);

package/src/__tests__/conversation-agent-loop-overflow.test.ts

@@ -212,7 +212,7 @@ mock.module("../daemon/conversation-runtime-assembly.js", () => ({
 }));
 
 mock.module("../daemon/date-context.js", () => ({
-  formatTurnTimestamp: () => "2026-01-01 (Thu) 00:00:00 +00:00 (UTC)",
+  formatTurnTimestamp: () => "2026-01-01 (Thursday) 00:00:00 +00:00 (UTC)",
 }));
 
 mock.module("../daemon/history-repair.js", () => ({

package/src/__tests__/conversation-agent-loop.test.ts

@@ -201,7 +201,7 @@ mock.module("../daemon/conversation-runtime-assembly.js", () => ({
 }));
 
 mock.module("../daemon/date-context.js", () => ({
-  formatTurnTimestamp: () => "2026-01-01 (Thu) 00:00:00 +00:00 (UTC)",
+  formatTurnTimestamp: () => "2026-01-01 (Thursday) 00:00:00 +00:00 (UTC)",
 }));
 
 mock.module("../daemon/history-repair.js", () => ({

package/src/__tests__/conversation-analysis-routes.test.ts

@@ -121,7 +121,7 @@ describe("POST /v1/conversations/:id/analyze", () => {
     );
   });
 
-  test("marks analysis interactive when a matching subscriber is already connected", async () => {
+  test("keeps analysis non-interactive even when a matching subscriber is connected", async () => {
     const conversation = makeConversation();
     const assistantEventHub = new AssistantEventHub();
     assistantEventHub.subscribe(
@@ -163,7 +163,7 @@ describe("POST /v1/conversations/:id/analyze", () => {
       expect.any(String),
       "msg-1",
       expect.any(Function),
-      expect.objectContaining({ isInteractive: true, isUserMessage: true }),
+      expect.objectContaining({ isInteractive: false, isUserMessage: true }),
     );
   });
 });

package/src/__tests__/conversation-attachments.test.ts

@@ -1,6 +1,8 @@
 import { existsSync } from "node:fs";
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
+
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -25,15 +27,18 @@ mock.module("../daemon/video-thumbnail.js", () => ({
 }));
 
 // Stub out permission checker / trust store
+const checkSpy = mock(() => Promise.resolve({ decision: "allow" }));
+const addRuleSpy = mock(() => {});
+
 mock.module("../permissions/checker.js", () => ({
-  check: () => Promise.resolve({ decision: "allow" }),
+  check: checkSpy,
   classifyRisk: () => Promise.resolve("low"),
   generateAllowlistOptions: () => Promise.resolve([]),
   generateScopeOptions: () => [],
 }));
 
 mock.module("../permissions/trust-store.js", () => ({
-  addRule: () => {},
+  addRule: addRuleSpy,
 }));
 
 mock.module("../permissions/types.js", () => ({
@@ -47,7 +52,11 @@ mock.module("../permissions/types.js", () => ({
 
 import type { AssistantAttachmentDraft } from "../daemon/assistant-attachments.js";
 import { getFilePathForAttachment } from "../memory/attachments-store.js";
-import { addMessage, createConversation } from "../memory/conversation-crud.js";
+import {
+  addMessage,
+  createConversation,
+  updateConversationHostAccess,
+} from "../memory/conversation-crud.js";
 import { getDb, initializeDb } from "../memory/db.js";
 
 initializeDb();
@@ -73,7 +82,12 @@ function makeBase64(bytes: number): string {
 // ---------------------------------------------------------------------------
 
 describe("resolveAssistantAttachments", () => {
-  beforeEach(resetTables);
+  beforeEach(() => {
+    resetTables();
+    _setOverridesForTesting({});
+    checkSpy.mockClear();
+    addRuleSpy.mockClear();
+  });
 
   test("small attachments are stored on disk via uploadAttachment", async () => {
     const conv = createConversation("test-conv");
@@ -196,3 +210,65 @@ describe("resolveAssistantAttachments", () => {
     expect(emitted.fileBacked).toBe(true);
   });
 });
+
+describe("approveHostAttachmentRead", () => {
+  beforeEach(() => {
+    resetTables();
+    _setOverridesForTesting({});
+    checkSpy.mockClear();
+    addRuleSpy.mockClear();
+  });
+
+  test("uses the conversation-scoped host-access prompt under v2", async () => {
+    _setOverridesForTesting({ "permission-controls-v2": true });
+    const conversation = createConversation("attachment-host-gate");
+    const promptSpy = mock(() =>
+      Promise.resolve({ decision: "allow" as const }),
+    );
+
+    const { approveHostAttachmentRead } =
+      await import("../daemon/conversation-attachments.js");
+
+    const allowed = await approveHostAttachmentRead(
+      "/tmp/example.txt",
+      "/tmp",
+      { prompt: promptSpy } as never,
+      conversation.id,
+      false,
+    );
+
+    expect(allowed).toBe(true);
+    expect(checkSpy).not.toHaveBeenCalled();
+    expect(addRuleSpy).not.toHaveBeenCalled();
+    const call = promptSpy.mock.calls[0] as unknown as unknown[];
+    expect(call[3]).toEqual([]);
+    expect(call[4]).toEqual([]);
+    expect(call[8]).toBe(false);
+    expect(call[10]).toBeUndefined();
+    expect(call[12]).toBe(true);
+  });
+
+  test("auto-allows host attachment reads when the conversation already has host access", async () => {
+    _setOverridesForTesting({ "permission-controls-v2": true });
+    const conversation = createConversation("attachment-host-allowed");
+    updateConversationHostAccess(conversation.id, true);
+    const promptSpy = mock(() =>
+      Promise.resolve({ decision: "deny" as const }),
+    );
+
+    const { approveHostAttachmentRead } =
+      await import("../daemon/conversation-attachments.js");
+
+    const allowed = await approveHostAttachmentRead(
+      "/tmp/example.txt",
+      "/tmp",
+      { prompt: promptSpy } as never,
+      conversation.id,
+      false,
+    );
+
+    expect(allowed).toBe(true);
+    expect(promptSpy).not.toHaveBeenCalled();
+    expect(checkSpy).not.toHaveBeenCalled();
+  });
+});

package/src/__tests__/conversation-confirmation-signals.test.ts

@@ -214,6 +214,8 @@ mock.module("../memory/canonical-guardian-store.js", () => ({
 // ---------------------------------------------------------------------------
 
 import { Conversation } from "../daemon/conversation.js";
+import { HostBashProxy } from "../daemon/host-bash-proxy.js";
+import { HostBrowserProxy } from "../daemon/host-browser-proxy.js";
 
 // ---------------------------------------------------------------------------
 // Helpers
@@ -558,3 +560,156 @@ describe("sendToClient receives state signals", () => {
     });
   });
 });
+
+describe("restoreBrowserProxyAvailability", () => {
+  test("re-enables only the host browser proxy after clearProxyAvailability", () => {
+    const conversation = makeConversation();
+    const browserProxy = new HostBrowserProxy(() => {});
+    const bashProxy = new HostBashProxy(() => {});
+    conversation.setHostBrowserProxy(browserProxy);
+    conversation.setHostBashProxy(bashProxy);
+
+    // Mark as having a connected client (interactive desktop path).
+    conversation.updateClient(() => {}, false);
+    expect(browserProxy.isAvailable()).toBe(true);
+    expect(bashProxy.isAvailable()).toBe(true);
+
+    // The drain queue clears all proxies for non-interactive turns.
+    conversation.clearProxyAvailability();
+    expect(browserProxy.isAvailable()).toBe(false);
+    expect(bashProxy.isAvailable()).toBe(false);
+
+    // restoreBrowserProxyAvailability should bring back ONLY the browser proxy.
+    conversation.restoreBrowserProxyAvailability();
+    expect(browserProxy.isAvailable()).toBe(true);
+    expect(bashProxy.isAvailable()).toBe(false);
+  });
+
+  test("re-enables the browser proxy even when hasNoClient is true (chrome-extension)", () => {
+    // Regression: chrome-extension is non-interactive (hasNoClient stays
+    // true so host_bash/host_file tools remain gated), but we still need
+    // to provision the hostBrowserProxy so it can service CDP commands.
+    // The helper must NOT gate on hasNoClient.
+    const conversation = makeConversation();
+    const browserProxy = new HostBrowserProxy(() => {});
+    conversation.setHostBrowserProxy(browserProxy);
+
+    // updateClient with hasNoClient=true emulates the non-interactive
+    // chrome-extension turn. Host proxies start disabled because
+    // updateClient propagates hasNoClient through to updateSender.
+    conversation.updateClient(() => {}, true);
+    expect(browserProxy.isAvailable()).toBe(false);
+    expect(conversation["hasNoClient"]).toBe(true);
+
+    // The targeted helper bypasses the hasNoClient gate so the
+    // single-capability chrome-extension turn can drive the browser
+    // via CDP without flipping hasNoClient (which would also enable
+    // host_bash/host_file gating downstream).
+    conversation.restoreBrowserProxyAvailability();
+    expect(browserProxy.isAvailable()).toBe(true);
+    // hasNoClient itself MUST remain true so that
+    // isToolActiveForContext keeps host_bash/host_file/host_cu gated.
+    expect(conversation["hasNoClient"]).toBe(true);
+  });
+
+  test("leaves bash/file/cu proxies disabled when called for chrome-extension", () => {
+    // Regression: the targeted helper must not accidentally re-enable
+    // proxies other than host_browser, even when called from a path that
+    // owns multiple proxies (e.g. macOS holdover state with hasNoClient
+    // forced true for an explicit non-interactive run).
+    const conversation = makeConversation();
+    const browserProxy = new HostBrowserProxy(() => {});
+    const bashProxy = new HostBashProxy(() => {});
+    conversation.setHostBrowserProxy(browserProxy);
+    conversation.setHostBashProxy(bashProxy);
+
+    conversation.updateClient(() => {}, true);
+    expect(browserProxy.isAvailable()).toBe(false);
+    expect(bashProxy.isAvailable()).toBe(false);
+
+    conversation.restoreBrowserProxyAvailability();
+    expect(browserProxy.isAvailable()).toBe(true);
+    // Crucial: bash proxy stays disabled. The helper must touch ONLY the
+    // browser proxy.
+    expect(bashProxy.isAvailable()).toBe(false);
+  });
+
+  test("uses hostBrowserSenderOverride when set so drain-queue restores preserve the registry-routed sender", () => {
+    // Regression (PR #24129 cycle 2): the queue-drain path calls
+    // `restoreBrowserProxyAvailability()` on dequeue, which used to pass
+    // `this.sendToClient` (the SSE hub emitter) to the proxy, clobbering the
+    // chrome-extension registry-routed sender established by the POST
+    // /messages handler. The override field lets the HTTP handler pin the
+    // registry-routed sender so the drain path preserves it.
+    const sseHub: ServerMessage[] = [];
+    const registry: ServerMessage[] = [];
+    const conversation = makeConversation((msg) => sseHub.push(msg));
+    const browserProxy = new HostBrowserProxy(() => {});
+    conversation.setHostBrowserProxy(browserProxy);
+
+    // Simulate updateClient setting sendToClient to the SSE hub and
+    // marking the conversation as client-less (chrome-extension is
+    // non-interactive).
+    conversation.updateClient((msg) => sseHub.push(msg), true);
+    expect(browserProxy.isAvailable()).toBe(false);
+
+    // The HTTP handler stashes the registry-routed sender as the override.
+    const registrySender = (msg: ServerMessage) => registry.push(msg);
+    conversation.hostBrowserSenderOverride = registrySender;
+
+    // Drain-queue path calls restoreBrowserProxyAvailability — it must now
+    // prefer the override over sendToClient.
+    conversation.restoreBrowserProxyAvailability();
+    expect(browserProxy.isAvailable()).toBe(true);
+
+    // Send a frame through the proxy and verify it flows through the
+    // registry sender, not the SSE hub.
+    const internalSend = (
+      browserProxy as unknown as {
+        sendToClient: (msg: ServerMessage) => void;
+      }
+    ).sendToClient;
+    const probe: ServerMessage = {
+      type: "host_browser_cancel",
+      requestId: "probe-1",
+    } as ServerMessage;
+    internalSend(probe);
+    expect(registry).toHaveLength(1);
+    expect(sseHub.some((m) => m === probe)).toBe(false);
+  });
+
+  test("falls back to sendToClient when hostBrowserSenderOverride is cleared", () => {
+    // When a non-chrome-extension turn takes over, the HTTP handler clears
+    // the override and restoreBrowserProxyAvailability must fall back to
+    // sendToClient (the SSE hub), otherwise macOS turns would route their
+    // host_browser frames through the stale chrome-extension registry.
+    const sseHub: ServerMessage[] = [];
+    const conversation = makeConversation((msg) => sseHub.push(msg));
+    const browserProxy = new HostBrowserProxy(() => {});
+    conversation.setHostBrowserProxy(browserProxy);
+
+    // First the chrome-extension path pins the override.
+    const registry: ServerMessage[] = [];
+    conversation.hostBrowserSenderOverride = (msg) => registry.push(msg);
+    conversation.updateClient((msg) => sseHub.push(msg), true);
+    conversation.restoreBrowserProxyAvailability();
+
+    // Then a macOS handoff clears the override.
+    conversation.hostBrowserSenderOverride = undefined;
+    conversation.updateClient((msg) => sseHub.push(msg), false);
+    conversation.restoreBrowserProxyAvailability();
+
+    const internalSend = (
+      browserProxy as unknown as {
+        sendToClient: (msg: ServerMessage) => void;
+      }
+    ).sendToClient;
+    const probe: ServerMessage = {
+      type: "host_browser_cancel",
+      requestId: "probe-2",
+    } as ServerMessage;
+    internalSend(probe);
+    expect(sseHub).toContain(probe);
+    expect(registry).not.toContain(probe);
+  });
+});

package/src/__tests__/conversation-fork-crud.test.ts

@@ -35,6 +35,7 @@ import {
   addMessage,
   createConversation,
   forkConversation,
+  getConversationHostAccess,
   getMessages,
   PRIVATE_CONVERSATION_FORK_ERROR,
 } from "../memory/conversation-crud.js";
@@ -138,6 +139,22 @@ describe("forkConversation", () => {
     ).toBe(true);
   });
 
+  test("forked conversations start with host access disabled", async () => {
+    const source = createConversation({
+      title: "Computer-enabled thread",
+      hostAccess: true,
+    });
+    await addMessage(source.id, "user", "Use the computer", undefined, {
+      skipIndexing: true,
+    });
+
+    const fork = forkConversation({ conversationId: source.id });
+
+    expect(getConversationHostAccess(source.id)).toBe(true);
+    expect(getConversationHostAccess(fork.id)).toBe(false);
+    expect(fork.hostAccess).toBe(0);
+  });
+
   test("preserves source order when source messages share a timestamp", () => {
     const source = createConversation("Equal timestamp thread");
     const db = getDb();

package/src/__tests__/conversation-history-web-search.test.ts

@@ -747,6 +747,7 @@ describe("web_search_tool_result structural guard", () => {
     // web_search_tool_result has a structurally different content format
     // (array of web_search_result objects) and is not truncated this way.
     "context/tool-result-truncation.ts",
+    "context/post-turn-tool-result-truncation.ts",
 
     // Anthropic provider type guards define API-specific discriminants.
     // It has a separate isWebSearchToolResultBlock for the other type.

package/src/__tests__/conversation-host-access-routes.test.ts

@@ -0,0 +1,229 @@
+import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
+
+let authDisabled = true;
+let boundGuardianPrincipalId: string | null = null;
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+mock.module("../config/env.js", () => ({
+  isHttpAuthDisabled: () => authDisabled,
+  hasUngatedHttpAuthDisabled: () => false,
+  getGatewayInternalBaseUrl: () => "http://127.0.0.1:7830",
+  getGatewayPort: () => 7830,
+  getRuntimeHttpPort: () => 7821,
+  getRuntimeHttpHost: () => "127.0.0.1",
+  getRuntimeGatewayOriginSecret: () => undefined,
+  getIngressPublicBaseUrl: () => undefined,
+  setIngressPublicBaseUrl: () => {},
+}));
+
+mock.module("../contacts/contact-store.js", () => ({
+  findGuardianForChannel: () =>
+    boundGuardianPrincipalId
+      ? {
+          channel: { externalUserId: undefined },
+          contact: { principalId: boundGuardianPrincipalId },
+        }
+      : null,
+}));
+
+mock.module("../config/loader.js", () => ({
+  getConfig: () => ({
+    ui: {},
+    model: "test",
+    provider: "test",
+    memory: { enabled: false },
+    rateLimit: { maxRequestsPerMinute: 0 },
+    secretDetection: { enabled: false },
+  }),
+}));
+
+import {
+  createConversation,
+  updateConversationHostAccess,
+} from "../memory/conversation-crud.js";
+import { getDb, initializeDb, resetDb } from "../memory/db.js";
+import { assistantEventHub } from "../runtime/assistant-event-hub.js";
+import { DAEMON_INTERNAL_ASSISTANT_ID } from "../runtime/assistant-scope.js";
+import { RuntimeHttpServer } from "../runtime/http-server.js";
+import { conversationManagementRouteDefinitions } from "../runtime/routes/conversation-management-routes.js";
+
+initializeDb();
+
+const routes = conversationManagementRouteDefinitions({
+  switchConversation: async (conversationId) => {
+    const conversation = {
+      conversationId,
+      title: "Switched conversation",
+      conversationType: "standard",
+      hostAccess: false,
+    };
+    return conversation;
+  },
+  renameConversation: () => true,
+  clearAllConversations: () => 0,
+  cancelGeneration: () => true,
+  destroyConversation: () => {},
+  undoLastMessage: async () => null,
+  regenerateResponse: async () => null,
+});
+
+function findRoute(method: string, endpoint: string) {
+  const route = routes.find(
+    (routeDef) => routeDef.method === method && routeDef.endpoint === endpoint,
+  );
+  if (!route) {
+    throw new Error(`Route not found: ${method} ${endpoint}`);
+  }
+  return route;
+}
+
+function clearTables(): void {
+  const db = getDb();
+  db.run("DELETE FROM conversation_assistant_attention_state");
+  db.run("DELETE FROM external_conversation_bindings");
+  db.run("DELETE FROM conversation_keys");
+  db.run("DELETE FROM messages");
+  db.run("DELETE FROM conversations");
+}
+
+describe("conversation host-access transport", () => {
+  let server: RuntimeHttpServer | null = null;
+
+  beforeEach(async () => {
+    await server?.stop();
+    server = null;
+    authDisabled = true;
+    boundGuardianPrincipalId = null;
+    clearTables();
+  });
+
+  afterAll(async () => {
+    await server?.stop();
+    resetDb();
+    mock.restore();
+  });
+
+  test("GET and PATCH /v1/conversations/:id/host-access use the conversation store", async () => {
+    const conversation = createConversation("Host access test");
+
+    const getRoute = findRoute("GET", "conversations/:id/host-access");
+    const getResponse = await getRoute.handler({
+      req: new Request("http://localhost/v1/conversations/test/host-access"),
+      url: new URL("http://localhost/v1/conversations/test/host-access"),
+      server: null as never,
+      authContext: {} as never,
+      params: { id: conversation.id },
+    });
+
+    expect(getResponse.status).toBe(200);
+    expect(await getResponse.json()).toEqual({
+      conversationId: conversation.id,
+      hostAccess: false,
+    });
+
+    const received: Array<{
+      assistantId: string;
+      type: string;
+      conversationId?: string;
+      hostAccess?: boolean;
+    }> = [];
+    const subscription = assistantEventHub.subscribe(
+      { assistantId: DAEMON_INTERNAL_ASSISTANT_ID },
+      (event) => {
+        received.push({
+          assistantId: event.assistantId,
+          type: event.message.type,
+          conversationId: event.conversationId,
+          hostAccess:
+            event.message.type === "conversation_host_access_updated"
+              ? event.message.hostAccess
+              : undefined,
+        });
+      },
+    );
+
+    const patchRoute = findRoute("PATCH", "conversations/:id/host-access");
+    const patchResponse = await patchRoute.handler({
+      req: new Request("http://localhost/v1/conversations/test/host-access", {
+        method: "PATCH",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ hostAccess: true }),
+      }),
+      url: new URL("http://localhost/v1/conversations/test/host-access"),
+      server: null as never,
+      authContext: {} as never,
+      params: { id: conversation.id },
+    });
+
+    await Promise.resolve();
+
+    expect(patchResponse.status).toBe(200);
+    expect(await patchResponse.json()).toEqual({
+      conversationId: conversation.id,
+      hostAccess: true,
+    });
+    expect(received).toHaveLength(1);
+    expect(received[0]).toEqual({
+      assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
+      type: "conversation_host_access_updated",
+      conversationId: conversation.id,
+      hostAccess: true,
+    });
+    subscription.dispose();
+  });
+
+  test("conversation summaries include hostAccess", async () => {
+    const conversation = createConversation("Summary host access");
+    updateConversationHostAccess(conversation.id, true);
+
+    server = new RuntimeHttpServer({
+      port: 0,
+      bearerToken: "test-bearer-token",
+    });
+    await server.start();
+
+    const response = await fetch(
+      `http://127.0.0.1:${server.actualPort}/v1/conversations/${conversation.id}`,
+    );
+    expect(response.status).toBe(200);
+
+    const body = (await response.json()) as {
+      conversation: {
+        id: string;
+        hostAccess: boolean;
+      };
+    };
+
+    expect(body.conversation.id).toBe(conversation.id);
+    expect(body.conversation.hostAccess).toBe(true);
+  });
+
+  test("PATCH /v1/conversations/:id/host-access rejects non-guardian actors when auth is enforced", async () => {
+    authDisabled = false;
+    boundGuardianPrincipalId = "guardian-principal";
+    const conversation = createConversation("Guarded host access");
+
+    const patchRoute = findRoute("PATCH", "conversations/:id/host-access");
+    const patchResponse = await patchRoute.handler({
+      req: new Request("http://localhost/v1/conversations/test/host-access", {
+        method: "PATCH",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ hostAccess: true }),
+      }),
+      url: new URL("http://localhost/v1/conversations/test/host-access"),
+      server: null as never,
+      authContext: {
+        actorPrincipalId: "trusted-contact-principal",
+      } as never,
+      params: { id: conversation.id },
+    });
+
+    expect(patchResponse.status).toBe(403);
+  });
+});