@vellumai/assistant 0.6.3 → 0.6.4

package/src/runtime/routes/btw-routes.ts

@@ -19,10 +19,7 @@ import { z } from "zod";
 import { getConfig } from "../../config/loader.js";
 import { readNowScratchpad } from "../../daemon/conversation-runtime-assembly.js";
 import { getConversationByKey } from "../../memory/conversation-key-store.js";
-import {
-  resolveChannelPersona,
-  resolveGuardianPersona,
-} from "../../prompts/persona-resolver.js";
+import { resolvePersonaContext } from "../../prompts/persona-resolver.js";
 import { getLogger } from "../../util/logger.js";
 import { getWorkspacePromptPath } from "../../util/platform.js";
 import type { AuthContext } from "../auth/types.js";
@@ -168,14 +165,19 @@ async function handleBtw(
         try {
           const isIntroRequest = conversationKey === IDENTITY_INTRO_KEY;
           const isGreeting = conversationKey === GREETING_KEY;
-          const userPersona = resolveGuardianPersona();
-          const channelPersona = resolveChannelPersona(undefined);
+          // Resolve guardian persona context (undefined trustContext triggers
+          // the guardian lookup path in persona-resolver). Thread userSlug
+          // through so buildSystemPrompt's BOOTSTRAP.md placeholder never
+          // falls back to "default.md" if excludeBootstrap is ever flipped.
+          const { userPersona, userSlug, channelPersona } =
+            resolvePersonaContext(undefined, undefined);
           const result = await runBtwSidechain({
             content: effectiveContent,
             conversation,
             signal: req.signal,
             userPersona,
             channelPersona,
+            userSlug,
             ...(isGreeting
               ? { modelIntent: getConfig().ui.greetingModelIntent }
               : {}),

package/src/runtime/routes/contact-routes.test.ts

@@ -0,0 +1,298 @@
+/**
+ * Tests for POST /v1/contacts/guardian/channel endpoint.
+ */
+import { beforeAll, beforeEach, describe, expect, mock, test } from "bun:test";
+
+mock.module("../../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+mock.module("../../config/loader.js", () => ({
+  loadConfig: () => ({}),
+  getConfig: () => ({}),
+  invalidateConfigCache: () => {},
+}));
+
+mock.module("../../config/env.js", () => ({
+  isHttpAuthDisabled: () => true,
+  getAssistantDomain: () => "vellum.me",
+}));
+
+import { and, eq } from "drizzle-orm";
+
+import { getDb, initializeDb } from "../../memory/db.js";
+import { contactChannels, contacts } from "../../memory/schema.js";
+import type { AuthContext } from "../auth/types.js";
+import { handleAddGuardianChannel } from "./contact-routes.js";
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function makeRequest(body: unknown): Request {
+  return new Request("http://localhost/v1/contacts/guardian/channel", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body),
+  });
+}
+
+function makeServiceAuthContext(
+  overrides: Partial<AuthContext> = {},
+): AuthContext {
+  return {
+    subject: "platform-service",
+    principalType: "svc_gateway",
+    assistantId: "test-assistant",
+    actorPrincipalId: undefined,
+    scopeProfile: "gateway_service_v1",
+    scopes: new Set(),
+    policyEpoch: 0,
+    ...overrides,
+  } as AuthContext;
+}
+
+function makeActorAuthContext(
+  overrides: Partial<AuthContext> = {},
+): AuthContext {
+  return {
+    subject: "test-subject",
+    principalType: "actor",
+    assistantId: "test-assistant",
+    actorPrincipalId: "guardian-principal-001",
+    scopeProfile: "actor_client_v1",
+    scopes: new Set(),
+    policyEpoch: 0,
+    ...overrides,
+  } as AuthContext;
+}
+
+function seedGuardian(
+  displayName = "Test Guardian",
+  principalId = "guardian-principal-001",
+): { contactId: string } {
+  const db = getDb();
+  const contactId = "guardian-001";
+  db.insert(contacts)
+    .values({
+      id: contactId,
+      displayName,
+      role: "guardian",
+      contactType: "human",
+      principalId,
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+    })
+    .run();
+
+  // Add a pre-existing channel (e.g. Telegram) so the guardian is verified
+  db.insert(contactChannels)
+    .values({
+      id: "ch-telegram-001",
+      contactId,
+      type: "telegram",
+      address: "@testguardian",
+      externalUserId: principalId,
+      status: "active",
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+    })
+    .run();
+
+  return { contactId };
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("POST /v1/contacts/guardian/channel", () => {
+  beforeAll(() => {
+    initializeDb();
+  });
+
+  beforeEach(() => {
+    const db = getDb();
+    db.delete(contactChannels).run();
+    db.delete(contacts).run();
+  });
+
+  // ── Service token (platform) calls — the only permitted path ────────────
+
+  test("adds an email channel to an existing guardian (service auth)", async () => {
+    const { contactId } = seedGuardian();
+
+    const res = await handleAddGuardianChannel(
+      makeRequest({
+        type: "email",
+        address: "owner@example.com",
+        externalUserId: "owner@example.com",
+      }),
+      makeServiceAuthContext(),
+    );
+
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as {
+      ok: boolean;
+      contact: { id: string };
+    };
+    expect(body.ok).toBe(true);
+    expect(body.contact.id).toBe(contactId);
+
+    // Verify channel was persisted
+    const db = getDb();
+    const rows = db
+      .select()
+      .from(contactChannels)
+      .where(
+        and(
+          eq(contactChannels.contactId, contactId),
+          eq(contactChannels.type, "email"),
+        ),
+      )
+      .all();
+    expect(rows.length).toBe(1);
+    expect(rows[0].address).toBe("owner@example.com");
+    expect(rows[0].status).toBe("active");
+  });
+
+  test("returns 404 when no guardian exists (service auth)", async () => {
+    const res = await handleAddGuardianChannel(
+      makeRequest({
+        type: "email",
+        address: "owner@example.com",
+        externalUserId: "owner@example.com",
+      }),
+      makeServiceAuthContext(),
+    );
+
+    expect(res.status).toBe(404);
+    const body = (await res.json()) as {
+      error: { code: string; message: string };
+    };
+    expect(body.error.message).toContain("No guardian contact exists");
+  });
+
+  test("returns 400 when type is missing (service auth)", async () => {
+    seedGuardian();
+
+    const res = await handleAddGuardianChannel(
+      makeRequest({ address: "owner@example.com" }),
+      makeServiceAuthContext(),
+    );
+    expect(res.status).toBe(400);
+  });
+
+  test("returns 400 when address is missing (service auth)", async () => {
+    seedGuardian();
+
+    const res = await handleAddGuardianChannel(
+      makeRequest({ type: "email", externalUserId: "owner@example.com" }),
+      makeServiceAuthContext(),
+    );
+    expect(res.status).toBe(400);
+  });
+
+  test("returns 400 when externalUserId is missing (service auth)", async () => {
+    seedGuardian();
+
+    const res = await handleAddGuardianChannel(
+      makeRequest({ type: "email", address: "owner@example.com" }),
+      makeServiceAuthContext(),
+    );
+    expect(res.status).toBe(400);
+    const body = (await res.json()) as {
+      error: { code: string; message: string };
+    };
+    expect(body.error.message).toContain("externalUserId is required");
+  });
+
+  test("preserves existing channels when adding new ones (service auth)", async () => {
+    const { contactId } = seedGuardian();
+
+    await handleAddGuardianChannel(
+      makeRequest({
+        type: "email",
+        address: "owner@example.com",
+        externalUserId: "owner@example.com",
+      }),
+      makeServiceAuthContext(),
+    );
+
+    // Guardian should still have the telegram channel + new email channel
+    const db = getDb();
+    const rows = db
+      .select()
+      .from(contactChannels)
+      .where(eq(contactChannels.contactId, contactId))
+      .all();
+
+    const types = rows.map((r) => r.type).sort();
+    expect(types).toEqual(["email", "telegram"]);
+  });
+
+  test("defaults channel status to active (service auth)", async () => {
+    seedGuardian();
+
+    const res = await handleAddGuardianChannel(
+      makeRequest({
+        type: "email",
+        address: "owner@example.com",
+        externalUserId: "owner@example.com",
+      }),
+      makeServiceAuthContext(),
+    );
+
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as {
+      ok: boolean;
+      contact: { channels: { type: string; status: string }[] };
+    };
+    const emailChannel = body.contact.channels.find(
+      (ch) => ch.type === "email",
+    );
+    expect(emailChannel?.status).toBe("active");
+  });
+
+  // ── Actor calls — all rejected (security fix ATL-102) ──────────────────
+
+  test("rejects actor calls with 403 (guardian takeover prevention)", async () => {
+    seedGuardian();
+
+    const res = await handleAddGuardianChannel(
+      makeRequest({
+        type: "email",
+        address: "owner@example.com",
+        externalUserId: "owner@example.com",
+      }),
+      makeActorAuthContext(),
+    );
+
+    expect(res.status).toBe(403);
+    const body = (await res.json()) as {
+      error: { code: string; message: string };
+    };
+    expect(body.error.code).toBe("FORBIDDEN");
+    expect(body.error.message).toContain("restricted to platform service");
+  });
+
+  test("rejects actor calls even from the bound guardian", async () => {
+    const guardianPrincipalId = "guardian-principal-001";
+    seedGuardian("Guardian", guardianPrincipalId);
+
+    // Caller IS the guardian — but actor calls are still rejected
+    const res = await handleAddGuardianChannel(
+      makeRequest({
+        type: "email",
+        address: "guardian@example.com",
+        externalUserId: "guardian@example.com",
+      }),
+      makeActorAuthContext({ actorPrincipalId: guardianPrincipalId }),
+    );
+
+    expect(res.status).toBe(403);
+  });
+});

package/src/runtime/routes/contact-routes.ts

@@ -1,11 +1,12 @@
 /**
  * Route handlers for contact management endpoints.
  *
- * GET    /v1/contacts              — list contacts
- * POST   /v1/contacts              — create or update a contact
- * GET    /v1/contacts/:id          — get a contact by ID
- * DELETE /v1/contacts/:id          — delete a contact
- * POST   /v1/contacts/merge        — merge two contacts
+ * GET    /v1/contacts                      — list contacts
+ * POST   /v1/contacts                      — create or update a contact
+ * GET    /v1/contacts/:id                  — get a contact by ID
+ * DELETE /v1/contacts/:id                  — delete a contact
+ * POST   /v1/contacts/merge                — merge two contacts
+ * POST   /v1/contacts/guardian/channel      — add a channel to the guardian contact
  * PATCH  /v1/contact-channels/:contactChannelId — update a contact channel's status/policy
  */
 
@@ -13,6 +14,7 @@ import { z } from "zod";
 
 import {
   deleteContact,
+  findGuardianContact,
   getAssistantContactMetadata,
   getChannelById,
   getContact,
@@ -32,6 +34,7 @@ import type {
   ContactType,
 } from "../../contacts/types.js";
 import { resolveGuardianName } from "../../prompts/user-reference.js";
+import type { AuthContext } from "../auth/types.js";
 import { httpError } from "../http-errors.js";
 import type { RouteDefinition } from "../http-router.js";
 
@@ -410,6 +413,100 @@ export async function handleUpdateContactChannel(
   });
 }
 
+/**
+ * POST /v1/contacts/guardian/channel
+ *
+ * Add a single channel to the existing guardian contact.
+ * If no guardian contact exists, returns 404.
+ * If the caller is not the guardian, returns 403.
+ *
+ * Used by the guardian to auto-verify their own channel.
+ */
+export async function handleAddGuardianChannel(
+  req: Request,
+  authContext: AuthContext,
+): Promise<Response> {
+  // This endpoint is restricted to gateway service tokens only — the
+  // platform calls it during email registration to auto-verify the owner's
+  // email as a guardian channel. Direct actor/local calls are not permitted
+  // because the endpoint bypasses normal channel verification (no code sent,
+  // no confirmation) and would allow guardian channel takeover (ATL-102).
+  if (authContext.principalType !== "svc_gateway") {
+    return httpError(
+      "FORBIDDEN",
+      "This endpoint is restricted to platform service calls",
+      403,
+    );
+  }
+
+  const body = (await req.json()) as {
+    type: string;
+    address: string;
+    externalUserId?: string;
+    externalChatId?: string;
+    status?: string;
+    policy?: string;
+  };
+
+  if (!body.type || !body.address) {
+    return httpError("BAD_REQUEST", "type and address are required", 400);
+  }
+
+  if (!body.externalUserId) {
+    return httpError(
+      "BAD_REQUEST",
+      "externalUserId is required for trust resolution",
+      400,
+    );
+  }
+
+  if (body.status !== undefined && !isChannelStatus(body.status)) {
+    return httpError(
+      "BAD_REQUEST",
+      `Invalid channel status "${body.status}". Must be one of: ${VALID_CHANNEL_STATUSES.join(", ")}`,
+      400,
+    );
+  }
+
+  if (body.policy !== undefined && !isChannelPolicy(body.policy)) {
+    return httpError(
+      "BAD_REQUEST",
+      `Invalid channel policy "${body.policy}". Must be one of: ${VALID_CHANNEL_POLICIES.join(", ")}`,
+      400,
+    );
+  }
+
+  const guardian = findGuardianContact();
+  if (!guardian) {
+    return httpError(
+      "NOT_FOUND",
+      "No guardian contact exists. The guardian must be verified on at least one channel first.",
+      404,
+    );
+  }
+
+  // Upsert the guardian with the new channel added.
+  const updated = upsertContact({
+    id: guardian.id,
+    displayName: guardian.displayName,
+    role: "guardian",
+    channels: [
+      {
+        ...body,
+        status: (body.status as ChannelStatus) ?? "active",
+        policy: body.policy as ChannelPolicy | undefined,
+        verifiedAt: Date.now(),
+        verifiedVia: "guardian_channel_endpoint",
+      },
+    ],
+  });
+
+  return Response.json(
+    { ok: true, contact: withGuardianNameOverride(updated) },
+    { status: 200 },
+  );
+}
+
 // ---------------------------------------------------------------------------
 // Route definitions
 // ---------------------------------------------------------------------------
@@ -476,6 +573,36 @@ export function contactRouteDefinitions(): RouteDefinition[] {
       }),
       handler: async ({ req }) => handleMergeContacts(req),
     },
+    {
+      endpoint: "contacts/guardian/channel",
+      method: "POST",
+      policyKey: "contacts",
+      summary: "Add a channel to the guardian contact",
+      description: "Used by the guardian to auto-verify their own channel.",
+      tags: ["contacts"],
+      requestBody: z.object({
+        type: z.string().describe("Channel type, e.g. 'email'"),
+        address: z
+          .string()
+          .describe("Channel address, e.g. 'user@example.com'"),
+        externalUserId: z
+          .string()
+          .describe("External user ID for trust resolution"),
+        status: z
+          .string()
+          .optional()
+          .describe("Channel status (default: active)"),
+      }),
+      responseBody: z.object({
+        ok: z.boolean(),
+        contact: z
+          .object({})
+          .passthrough()
+          .describe("Updated guardian contact"),
+      }),
+      handler: async ({ req, authContext }) =>
+        handleAddGuardianChannel(req, authContext),
+    },
     {
       endpoint: "contact-channels/:contactChannelId",
       method: "PATCH",

package/src/runtime/routes/conversation-analysis-routes.ts

@@ -3,35 +3,22 @@
  *
  * POST /v1/conversations/:id/analyze — analyze a conversation via a new
  * agent loop that produces a structured self-assessment.
+ *
+ * The heavy lifting lives in `services/analyze-conversation.ts`. This module
+ * is thin glue: map the route params to the service, translate service
+ * errors into HTTP errors, and build the success response.
  */
 
-import type { ServerMessage } from "../../daemon/message-protocol.js";
-import {
-  addMessage,
-  createConversation,
-  getConversation,
-  getMessages,
-} from "../../memory/conversation-crud.js";
-import { resolveConversationId } from "../../memory/conversation-key-store.js";
-import { getLogger } from "../../util/logger.js";
-import { buildAssistantEvent } from "../assistant-event.js";
-import { DAEMON_INTERNAL_ASSISTANT_ID } from "../assistant-scope.js";
-import { httpError } from "../http-errors.js";
+import { httpError, type HttpErrorCode } from "../http-errors.js";
 import type { RouteDefinition } from "../http-router.js";
-import type { SendMessageDeps } from "../http-types.js";
-
-const log = getLogger("conversation-analysis-routes");
-
-// ---------------------------------------------------------------------------
-// Dependency types — injected by the daemon at wiring time
-// ---------------------------------------------------------------------------
+import {
+  analyzeConversation,
+  type ConversationAnalysisDeps,
+} from "../services/analyze-conversation.js";
 
-export interface ConversationAnalysisDeps {
-  sendMessageDeps: SendMessageDeps;
-  buildConversationDetailResponse: (
-    id: string,
-  ) => Record<string, unknown> | null;
-}
+// Re-export the dependency type so existing callers can continue importing it
+// from this module.
+export type { ConversationAnalysisDeps };
 
 // ---------------------------------------------------------------------------
 // Route definitions
@@ -50,132 +37,25 @@ export function conversationAnalysisRouteDefinitions(
         "Create a new conversation with a structured self-assessment of an existing conversation.",
       tags: ["conversations"],
       handler: async ({ params }) => {
-        // a. Resolve conversation ID
-        const resolvedId = resolveConversationId(params.id);
-        if (!resolvedId) {
-          return httpError(
-            "NOT_FOUND",
-            `Conversation ${params.id} not found`,
-            404,
-          );
-        }
-
-        // b. Load the conversation
-        const conversation = getConversation(resolvedId);
-        if (!conversation) {
-          return httpError(
-            "NOT_FOUND",
-            `Conversation ${resolvedId} not found`,
-            404,
-          );
-        }
-
-        // c. Reject private conversations
-        if (conversation.conversationType === "private") {
-          return httpError(
-            "FORBIDDEN",
-            "Private conversations cannot be analyzed",
-            403,
-          );
-        }
+        const result = await analyzeConversation(params.id, deps, {
+          trigger: "manual",
+        });
 
-        // d. Check for messages
-        const existingMessages = getMessages(resolvedId);
-        if (existingMessages.length === 0) {
+        if ("error" in result) {
           return httpError(
-            "BAD_REQUEST",
-            "Conversation has no messages to analyze",
-            400,
+            result.error.kind as HttpErrorCode,
+            result.error.message,
+            result.error.status,
           );
         }
 
-        // e. Build the analysis transcript
-        const { buildAnalysisTranscript } =
-          await import("../../export/transcript-formatter.js");
-        const transcript = buildAnalysisTranscript(resolvedId);
-
-        // f. Create a new conversation for the analysis
-        const newConv = createConversation({
-          title: `Analysis: ${conversation.title ?? "Untitled"}`,
-        });
-
-        // g. Build the analysis prompt
-        const prompt = `<transcript>
-${transcript}
-</transcript>
-
-Analyze the conversation above. Provide a structured self-assessment:
-
-1. **Summary**: What was the user trying to accomplish? What was the outcome?
-2. **What went well**: Effective tool usage, good reasoning, helpful responses, problem-solving patterns.
-3. **What went wrong**: Errors, unnecessary tool calls, incorrect assumptions, wasted turns, misunderstandings.
-4. **Root causes**: Why did failures happen? Missing context? Wrong approach? Tool limitations?
-5. **Recommendations**: Specific, actionable improvements for similar conversations next time.
-6. **Code & tooling changes**: Are there any changes to files you should make based on these learnings? Are there any skills or scripts that are worth creating or modifying? Don't make these changes yet — just provide your analysis.
-
-Be honest and specific. Reference particular moments in the transcript. Focus on patterns that generalize beyond this specific conversation.
-
-Do not use tools during analysis. If you identify insights worth remembering for future conversations, include them in the response as explicit memory candidates instead of saving them directly.`;
-
-        // h. Persist the user message
-        const message = await addMessage(
-          newConv.id,
-          "user",
-          JSON.stringify([{ type: "text", text: prompt }]),
-          { provenanceTrustClass: "unknown" as const },
+        const detail = deps.buildConversationDetailResponse(
+          result.analysisConversationId,
         );
-        const messageId = message.id;
-
-        // i. Load the conversation into memory with untrusted analysis context
-        const analysisConversation =
-          await deps.sendMessageDeps.getOrCreateConversation(newConv.id);
-        analysisConversation.setTrustContext({
-          trustClass: "unknown",
-          sourceChannel: "vellum",
-        });
-        await analysisConversation.ensureActorScopedHistory();
-        // Analysis runs over attacker-influenced transcript content, so do not
-        // expose any tools, even when a live client is available.
-        analysisConversation.setSubagentAllowedTools(new Set<string>());
-
-        const hasLiveSubscriber =
-          deps.sendMessageDeps.assistantEventHub.hasSubscribersForEvent({
-            assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
-            conversationId: newConv.id,
-          });
-
-        // j. Build onEvent using inline hub publisher
-        const onEvent = (msg: ServerMessage) => {
-          deps.sendMessageDeps.assistantEventHub.publish(
-            buildAssistantEvent(DAEMON_INTERNAL_ASSISTANT_ID, msg, newConv.id),
-          );
-        };
-        analysisConversation.updateClient(onEvent, !hasLiveSubscriber);
-
-        // k. Set up processing state (required by runAgentLoop guard)
-        analysisConversation.processing = true;
-        analysisConversation.abortController = new AbortController();
-        analysisConversation.currentRequestId = crypto.randomUUID();
-
-        // l. Fire-and-forget the agent loop
-        analysisConversation
-          .runAgentLoop(prompt, messageId, onEvent, {
-            isInteractive: false,
-            isUserMessage: true,
-          })
-          .catch((err) => {
-            log.error(
-              { err, conversationId: newConv.id },
-              "Analysis agent loop failed",
-            );
-          });
-
-        // m. Return the new conversation detail
-        const detail = deps.buildConversationDetailResponse(newConv.id);
         if (!detail) {
           return httpError(
             "INTERNAL_ERROR",
-            `Analysis conversation ${newConv.id} could not be loaded`,
+            `Analysis conversation ${result.analysisConversationId} could not be loaded`,
             500,
           );
         }