@vellumai/assistant 0.9.0 → 0.10.0-staging.2

package/src/__tests__/reaction-persistence.test.ts

@@ -46,23 +46,20 @@ import { eq } from "drizzle-orm";
 
 import { upsertContactChannel } from "../contacts/contacts-write.js";
 import type { Conversation } from "../daemon/conversation.js";
+import {
+  createCanonicalGuardianDelivery,
+  createCanonicalGuardianRequest,
+  getCanonicalGuardianRequest,
+} from "../memory/canonical-guardian-store.js";
 import { getDb } from "../memory/db-connection.js";
 import { initializeDb } from "../memory/db-init.js";
-import {
-  createApprovalRequest,
-  getPendingApprovalForRequest,
-} from "../memory/guardian-approvals.js";
 import { messages } from "../memory/schema/conversations.js";
 import { readSlackMetadata } from "../messaging/providers/slack/message-metadata.js";
 import * as pendingInteractions from "../runtime/pending-interactions.js";
-import {
-  _clearApprovalPromptTsTrackerForTesting,
-  trackApprovalPromptTs,
-} from "../runtime/routes/approval-prompt-ts-tracker.js";
 import {
   isSlackReactionEvent,
   parseSlackReactionCallbackData,
-} from "../runtime/routes/inbound-message-handler.js";
+} from "../runtime/routes/inbound-stages/reaction-intercept.js";
 import { handleChannelInbound } from "./helpers/channel-test-adapter.js";
 import { createGuardianBinding } from "./helpers/create-guardian-binding.js";
 
@@ -84,7 +81,6 @@ function resetState(): void {
   db.run("DELETE FROM conversations");
   db.run("DELETE FROM contact_channels");
   db.run("DELETE FROM contacts");
-  _clearApprovalPromptTsTrackerForTesting();
 }
 
 function seedActiveMember(): void {
@@ -421,21 +417,35 @@ function seedGuardianForChannel(): void {
 function seedPendingGuardianApprovalForReaction(
   requestId: string,
   conversationId: string,
+  reactedTs: string,
 ): void {
-  createApprovalRequest({
-    runId: `run-${requestId}`,
-    requestId,
+  // Canonical tool_approval request keyed by the confirmation requestId — the
+  // same record assistant-event-hub creates for every confirmation.
+  createCanonicalGuardianRequest({
+    id: requestId,
+    kind: "tool_approval",
+    sourceType: "channel",
+    sourceChannel: "slack",
     conversationId,
-    channel: "slack",
     requesterExternalUserId: "requester-user-1",
     requesterChatId: SLACK_CHANNEL_ID,
     guardianExternalUserId: GUARDIAN_USER_ID,
-    guardianChatId: SLACK_CHANNEL_ID,
+    guardianPrincipalId: GUARDIAN_USER_ID,
     toolName: GUARDIAN_REACTION_TOOL,
+    status: "pending",
     expiresAt: Date.now() + 300_000,
   });
 
-  // Register a pending interaction so applyGuardianDecision finds the
+  // The delivered approval card → request mapping the reaction resolves
+  // against (destination_message_id = the reacted Slack ts).
+  createCanonicalGuardianDelivery({
+    requestId,
+    destinationChannel: "slack",
+    destinationChatId: SLACK_CHANNEL_ID,
+    destinationMessageId: reactedTs,
+  });
+
+  // Register a pending interaction so the tool_approval resolver finds the
   // requester-side hook to drive `allow`.
   const handleConfirmationResponse = mock(() => {});
   const _mockSession = {
@@ -466,18 +476,17 @@ describe("guardian approval-by-reaction integration via handleChannelInbound", (
     db.run("DELETE FROM conversations");
     db.run("DELETE FROM contact_channels");
     db.run("DELETE FROM contacts");
-    db.run("DELETE FROM channel_guardian_approval_requests");
+    db.run("DELETE FROM canonical_guardian_requests");
+    db.run("DELETE FROM canonical_guardian_deliveries");
     pendingInteractions.clear();
-    _clearApprovalPromptTsTrackerForTesting();
     msgCounter = 0;
   });
 
   test("guardian reaction on pending approval applies decision and persists no transcript row", async () => {
     seedGuardianForChannel();
     const requestId = "req-guardian-react-1";
-    // Conversation must exist so the approval row's conversation_id FK
-    // resolves; reuse an inbound seed by sending a no-op message that the
-    // ACL allows. Easier: insert directly via the DB layer.
+    // Back the canonical request and its pending interaction with a real
+    // conversation row, inserted directly via the DB layer.
     const db = getDb();
     const conversationId = "conv-react-test-1";
     const now = Date.now();
@@ -491,12 +500,15 @@ describe("guardian approval-by-reaction integration via handleChannelInbound", (
       )
       .run(conversationId, now, now);
 
-    seedPendingGuardianApprovalForReaction(requestId, conversationId);
-
     const reactedTs = "1700000099.000001";
-    // Simulate the approval prompt having been delivered on this ts so the
-    // guardian reaction is scoped to a tracked prompt message.
-    trackApprovalPromptTs("slack", SLACK_CHANNEL_ID, reactedTs);
+    // The approval card was delivered on this ts; its canonical delivery row
+    // is how the guardian reaction is scoped to a known approval message.
+    seedPendingGuardianApprovalForReaction(
+      requestId,
+      conversationId,
+      reactedTs,
+    );
+
     const body = {
       sourceChannel: "slack",
       interface: "slack",
@@ -541,11 +553,11 @@ describe("guardian approval-by-reaction integration via handleChannelInbound", (
 
     expect(resp.status).toBe(200);
     expect(json.accepted).toBe(true);
-    expect(json.approval).toBe("guardian_decision_applied");
+    expect(json.canonicalRouter).toBe("canonical_decision_applied");
     expect(approvalConversationGenerator).not.toHaveBeenCalled();
 
-    // The pending approval row is resolved (no longer pending).
-    expect(getPendingApprovalForRequest(requestId)).toBeNull();
+    // The canonical request is resolved (no longer pending).
+    expect(getCanonicalGuardianRequest(requestId)?.status).toBe("approved");
 
     // No transcript row was written for the reaction itself — resolved
     // guardian approval reactions have no transcript representation.
@@ -563,3 +575,112 @@ describe("guardian approval-by-reaction integration via handleChannelInbound", (
     expect(reactionRows.length).toBe(0);
   });
 });
+
+// ---------------------------------------------------------------------------
+// Reaction access-control regression (LUM-2489)
+// ---------------------------------------------------------------------------
+//
+// A reaction is a passive signal, not an access attempt. Because reactions are
+// dispatched before the ingress pipeline, an unknown user's 👍 must never run
+// ACL (no trusted-contact verification handshake), create a conversation, or
+// write a binding — it is dropped as channel noise. A known contact's reaction
+// is recorded; neither triggers a verification challenge.
+
+describe("reaction access control (no verification handshake)", () => {
+  const STRANGER_USER_ID = "U_REACTION_STRANGER";
+  const CONTACT_USER_ID = "U_REACTION_CONTACT";
+  // Guardian's approval channel is a DM, distinct from the public channel the
+  // reaction lands in (mirroring production). Reusing the public channel id
+  // would let a reactor match the guardian's channel via findContactChannel's
+  // externalChatId fallback and mask the bug.
+  const GUARDIAN_DM_CHAT = "D_GUARDIAN_DM";
+
+  function tableCount(table: string): number {
+    return (
+      getDb().$client.prepare(`SELECT COUNT(*) AS n FROM ${table}`).get() as {
+        n: number;
+      }
+    ).n;
+  }
+
+  beforeEach(() => {
+    resetState();
+    getDb().run("DELETE FROM channel_verification_sessions");
+    // The assistant has a guardian (as in production); the reactors below are
+    // different users.
+    createGuardianBinding({
+      channel: "slack",
+      guardianExternalUserId: GUARDIAN_USER_ID,
+      guardianDeliveryChatId: GUARDIAN_DM_CHAT,
+      guardianPrincipalId: GUARDIAN_USER_ID,
+    });
+    msgCounter = 0;
+  });
+
+  test("stranger's reaction is dropped — no challenge, session, conversation, or row", async () => {
+    let agentDispatched = false;
+    const processMessage = async (): Promise<{ messageId: string }> => {
+      agentDispatched = true;
+      return { messageId: "should-not-be-called" };
+    };
+
+    const req = buildReactionRequest("reaction:thumbsup", {
+      actorExternalId: STRANGER_USER_ID,
+      actorDisplayName: "Outside Reactor",
+      actorUsername: "outsider",
+    });
+    const resp = await handleChannelInbound(
+      req,
+      processMessage,
+      TEST_BEARER_TOKEN,
+    );
+    const json = (await resp.json()) as Record<string, unknown>;
+
+    // Accepted as a passive signal — never denied or turned into a challenge.
+    expect(json.accepted).toBe(true);
+    expect(json.denied).not.toBe(true);
+    expect(json.reason).not.toBe("verification_challenge_sent");
+    expect(json.verificationSessionId).toBeUndefined();
+    expect(agentDispatched).toBe(false);
+
+    // No verification handshake, and no side effects: a dropped reaction leaves
+    // no transcript row, no conversation, and no binding.
+    expect(tableCount("channel_verification_sessions")).toBe(0);
+    expect(readPersistedMessages().length).toBe(0);
+    expect(tableCount("conversations")).toBe(0);
+    expect(tableCount("external_conversation_bindings")).toBe(0);
+  });
+
+  test("known contact's reaction is recorded — no challenge", async () => {
+    // A pending contact classifies as `unverified_contact` — a known tier, so
+    // its reactions are recorded. On a real message it would be re-challenged,
+    // but a reaction must not trigger that.
+    upsertContactChannel({
+      sourceChannel: "slack",
+      externalUserId: CONTACT_USER_ID,
+      externalChatId: SLACK_CHANNEL_ID,
+      status: "pending",
+      policy: "allow",
+      displayName: "Pending Contact",
+    });
+
+    const req = buildReactionRequest("reaction:tada", {
+      actorExternalId: CONTACT_USER_ID,
+      actorDisplayName: "Pending Contact",
+      actorUsername: "pending_contact",
+    });
+    const resp = await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
+    const json = (await resp.json()) as Record<string, unknown>;
+
+    expect(json.denied).not.toBe(true);
+    expect(json.reason).not.toBe("verification_challenge_sent");
+    expect(tableCount("channel_verification_sessions")).toBe(0);
+
+    const rows = readPersistedMessages();
+    expect(rows.length).toBe(1);
+    const envelope = JSON.parse(rows[0].metadata!) as Record<string, unknown>;
+    const slackMeta = readSlackMetadata(envelope.slackMeta as string);
+    expect(slackMeta?.eventKind).toBe("reaction");
+    expect(slackMeta?.reaction?.emoji).toBe("tada");
+  });
+});

package/src/__tests__/registry.test.ts

@@ -21,11 +21,7 @@ import {
   unregisterWorkspaceTool,
 } from "../tools/registry.js";
 import { eagerModuleToolNames, explicitTools } from "../tools/tool-manifest.js";
-import type {
-  Tool,
-  ToolContext,
-  ToolExecutionResult,
-} from "../tools/types.js";
+import type { Tool, ToolContext, ToolExecutionResult } from "../tools/types.js";
 
 // Clean up global registry after this file completes to prevent
 // contamination of subsequent test files in combined runs.
@@ -115,12 +111,11 @@ describe("tool manifest", () => {
     expect(eagerModuleToolNames.length).toBe(11);
   });
 
-  test("explicit tools list includes memory and credential tools", () => {
+  test("explicit tools list includes memory tools", () => {
     const names = explicitTools.map((t) => t.name);
     expect(names).toContain("recall");
     expect(names.filter((name) => name === "recall")).toHaveLength(1);
     expect(names).toContain("remember");
-    expect(names).toContain("credential_store");
   });
 
   test("registered tool count is at least eager + host", async () => {

package/src/__tests__/relay-server.test.ts

@@ -16,6 +16,7 @@
 import { createHash, randomUUID } from "node:crypto";
 import {
   afterAll,
+  beforeAll,
   beforeEach,
   describe,
   expect,
@@ -25,6 +26,10 @@ import {
   test,
 } from "bun:test";
 
+import { ADMISSION_FLOOR } from "@vellumai/gateway-client";
+
+import { TRUST_CLASS_RANK } from "../runtime/actor-trust-resolver.js";
+
 // ── Platform + logger mocks (must come before any source imports) ────
 
 // eslint-disable-next-line @typescript-eslint/no-require-imports
@@ -100,6 +105,80 @@ mock.module("../config/loader.js", () => ({
   loadConfig: () => mockConfig,
 }));
 
+// ── Channel admission policy reader mock ────────────────────────────
+//
+// handleSetup resolves the phone admission floor via this reader and forwards
+// it into routeSetup. Tests drive the floor by setting `mockAdmissionPolicy`
+// (or making the reader throw to exercise the fail-open guard).
+
+let mockAdmissionPolicy:
+  | import("@vellumai/gateway-client").AdmissionPolicy
+  | null = null;
+// Optional gate to hold the reader open mid-setup so tests can drive the
+// race window where a prompt arrives while handleSetup is still awaiting.
+let mockAdmissionGate: Promise<void> | null = null;
+// `mock.module` is process-global in Bun and leaks into sibling files that run
+// later in the same `bun test` invocation. channel-admission-reader.test.ts
+// imports the reader for real, so an unconditional stub here would feed it this
+// stub and break its assertions. Delegate to the real implementation unless
+// this file's tests are active (`admissionMockActive`, toggled in
+// beforeAll/afterAll). Snapshot the real exports into a plain object NOW,
+// before the stub registers — a module namespace is a live view, so reading
+// the real export after the stub installs would resolve back to the stub
+// (infinite recursion).
+const realChannelAdmissionReaderModule = {
+  ...(await import("../calls/channel-admission-reader.js")),
+};
+let admissionMockActive = false;
+mock.module("../calls/channel-admission-reader.js", () => ({
+  ...realChannelAdmissionReaderModule,
+  getChannelAdmissionPolicy: async (
+    channelType: import("../channels/types.js").ChannelId,
+  ) => {
+    if (!admissionMockActive) {
+      return realChannelAdmissionReaderModule.getChannelAdmissionPolicy(
+        channelType,
+      );
+    }
+    if (mockAdmissionGate) await mockAdmissionGate;
+    return mockAdmissionPolicy;
+  },
+}));
+
+// Real floor semantics, mirroring relay-setup-router.test.ts. The
+// enforceAdmissionPolicy mock omits the exempt-channel short-circuit so the
+// deny path can be exercised end-to-end regardless of channel.
+// eslint-disable-next-line @typescript-eslint/no-require-imports
+const realAdmissionPolicyModule = require("../runtime/routes/inbound-stages/admission-policy.js");
+mock.module("../runtime/routes/inbound-stages/admission-policy.js", () => ({
+  ...realAdmissionPolicyModule,
+  enforceAdmissionPolicy: (input: {
+    trustClass: string;
+    memberStatus: string | undefined;
+    policy: import("@vellumai/gateway-client").AdmissionPolicy;
+  }) => {
+    if (input.memberStatus === "blocked" || input.memberStatus === "revoked") {
+      return {
+        admitted: false,
+        reason:
+          input.memberStatus === "blocked" ? "member_blocked" : "member_revoked",
+        shouldChallenge: false,
+        effectivePolicy: input.policy,
+      };
+    }
+    const rank =
+      (TRUST_CLASS_RANK as Record<string, number>)[input.trustClass] ?? 0;
+    const floor = ADMISSION_FLOOR[input.policy];
+    if (rank >= floor) return { admitted: true };
+    return {
+      admitted: false,
+      reason: `admission_policy_${input.policy}`,
+      shouldChallenge: false,
+      effectivePolicy: input.policy,
+    };
+  },
+}));
+
 // ── TTS provider mocks (for call-speech-output) ─────────────────────
 
 let mockTtsProviderId: string = "elevenlabs";
@@ -240,7 +319,15 @@ import { createGuardianBinding } from "./helpers/create-guardian-binding.js";
 
 initializeDb();
 
+// Activate the channel-admission-reader stub only while this file's tests run,
+// so the registered (process-global) mock delegates to the real module for
+// sibling files that load later in the same worker.
+beforeAll(() => {
+  admissionMockActive = true;
+});
+
 afterAll(() => {
+  admissionMockActive = false;
   resetDbForTesting();
 });
 
@@ -404,6 +491,8 @@ describe("relay-server", () => {
     activeRelayConnections.clear();
     mockUserReference = "my human";
     mockAssistantName = "Vellum";
+    mockAdmissionPolicy = null;
+    mockAdmissionGate = null;
     mockSendMessage.mockImplementation(createMockProviderResponse(["Hello"]));
     mockConfig.calls.verification.enabled = false;
     mockConfig.calls.verification.maxAttempts = 3;
@@ -840,6 +929,121 @@ describe("relay-server", () => {
     relay.destroy();
   });
 
+  test("handleMessage: prompt arriving during setup (setting_up) is dropped", async () => {
+    ensureConversation("conv-relay-setting-up");
+    const session = createCallSession({
+      conversationId: "conv-relay-setting-up",
+      provider: "twilio",
+      fromNumber: "+15551111111",
+      toNumber: "+15552222222",
+    });
+
+    addTrustedVoiceContact("+15551111111");
+
+    const { ws, relay } = createMockWs(session.id);
+
+    // Hold the admission reader open so handleSetup stays in "setting_up".
+    let releaseGate: () => void = () => {};
+    mockAdmissionGate = new Promise<void>((resolve) => {
+      releaseGate = resolve;
+    });
+
+    // Fire setup without awaiting — it suspends inside getChannelAdmissionPolicy.
+    const setupPromise = relay.handleMessage(
+      JSON.stringify({
+        type: "setup",
+        callSid: "CA_setting_up_123",
+        from: "+15551111111",
+        to: "+15552222222",
+      }),
+    );
+
+    // Let the setup task reach the await; state must be "setting_up".
+    await new Promise((resolve) => setTimeout(resolve, 0));
+    expect(relay.getConnectionState()).toBe("setting_up");
+
+    // A prompt arriving now must be dropped: no transcript, no fallback.
+    await relay.handleMessage(
+      JSON.stringify({
+        type: "prompt",
+        voicePrompt: "Wire me money",
+        lang: "en-US",
+        last: true,
+      }),
+    );
+
+    const textMessages = ws.sentMessages
+      .map((m) => JSON.parse(m))
+      .filter((m: { type: string }) => m.type === "text");
+    expect(
+      textMessages.some((m) => (m.token ?? "").includes("still setting up")),
+    ).toBe(false);
+    expect(relay.getConversationHistory().length).toBe(0);
+    expect(
+      getMessages("conv-relay-setting-up").filter((m) => m.role === "user")
+        .length,
+    ).toBe(0);
+
+    // Release the reader and let setup finish.
+    releaseGate();
+    await setupPromise;
+    await new Promise((resolve) => setTimeout(resolve, 10));
+    expect(relay.getConnectionState()).toBe("connected");
+
+    relay.destroy();
+  });
+
+  test("handleMessage: prompt after normal-call setup completes is handled", async () => {
+    ensureConversation("conv-relay-postsetup");
+    const session = createCallSession({
+      conversationId: "conv-relay-postsetup",
+      provider: "twilio",
+      fromNumber: "+15551111111",
+      toNumber: "+15552222222",
+    });
+
+    addTrustedVoiceContact("+15551111111");
+    mockSendMessage.mockImplementation(
+      createMockProviderResponse(["Sure, happy to help."]),
+    );
+
+    const { relay } = createMockWs(session.id);
+
+    await relay.handleMessage(
+      JSON.stringify({
+        type: "setup",
+        callSid: "CA_postsetup_123",
+        from: "+15551111111",
+        to: "+15552222222",
+      }),
+    );
+
+    // Setup completed normally → "connected".
+    expect(relay.getConnectionState()).toBe("connected");
+
+    await new Promise((resolve) => setTimeout(resolve, 10));
+
+    // A subsequent prompt routes to the controller (no "still setting up").
+    await relay.handleMessage(
+      JSON.stringify({
+        type: "prompt",
+        voicePrompt: "Hello there",
+        lang: "en-US",
+        last: true,
+      }),
+    );
+
+    await new Promise((resolve) => setTimeout(resolve, 10));
+
+    const userMessages = getMessages("conv-relay-postsetup").filter(
+      (m) => m.role === "user",
+    );
+    expect(userMessages.length).toBeGreaterThan(0);
+    expect(relay.getConnectionState()).toBe("connected");
+
+    relay.destroy();
+  });
+
   // ── Interrupt handling ──────────────────────────────────────────
 
   test("handleMessage: interrupt message is handled without error", async () => {
@@ -2722,6 +2926,87 @@ describe("relay-server", () => {
     relay.destroy();
   });
 
+  // ── Inbound admission floor (reader → routeSetup wiring) ───────────
+
+  test("admission floor: reader floor that excludes caller denies the call end-to-end", async () => {
+    ensureConversation("conv-admission-floor-deny");
+    const session = createCallSession({
+      conversationId: "conv-admission-floor-deny",
+      provider: "twilio",
+      fromNumber: "+15557776666",
+      toNumber: "+15551111111",
+    });
+
+    // A trusted contact (rank 3) is below the `guardian_only` floor (rank 4).
+    addTrustedVoiceContact("+15557776666");
+    mockAdmissionPolicy = "guardian_only";
+
+    const { ws, relay } = createMockWs(session.id);
+
+    await relay.handleMessage(
+      JSON.stringify({
+        type: "setup",
+        callSid: "CA_admission_floor_deny",
+        from: "+15557776666",
+        to: "+15551111111",
+      }),
+    );
+
+    // Floor-excluded caller takes the deny path.
+    expect(relay.getConnectionState()).toBe("disconnecting");
+
+    const updated = getCallSession(session.id);
+    expect(updated).not.toBeNull();
+    expect(updated!.status).toBe("failed");
+
+    const textMessages = ws.sentMessages
+      .map((raw) => JSON.parse(raw) as { type: string; token?: string })
+      .filter((m) => m.type === "text");
+    expect(
+      textMessages.some((m) => (m.token ?? "").includes("not authorized")),
+    ).toBe(true);
+
+    await new Promise((resolve) => setTimeout(resolve, 10));
+
+    relay.destroy();
+  });
+
+  test("admission floor: null policy from reader leaves the call flow unchanged", async () => {
+    ensureConversation("conv-admission-floor-null");
+    const session = createCallSession({
+      conversationId: "conv-admission-floor-null",
+      provider: "twilio",
+      fromNumber: "+15557776666",
+      toNumber: "+15551111111",
+    });
+
+    addTrustedVoiceContact("+15557776666");
+    mockAdmissionPolicy = null; // no floor supplied
+
+    mockSendMessage.mockImplementation(
+      createMockProviderResponse(["Hello, how can I help you?"]),
+    );
+
+    const { relay } = createMockWs(session.id);
+
+    await relay.handleMessage(
+      JSON.stringify({
+        type: "setup",
+        callSid: "CA_admission_floor_null",
+        from: "+15557776666",
+        to: "+15551111111",
+      }),
+    );
+
+    // Trusted contact proceeds normally — no deny.
+    expect(relay.getConnectionState()).toBe("connected");
+
+    const updated = getCallSession(session.id);
+    expect(updated!.status).toBe("in_progress");
+
+    relay.destroy();
+  });
+
   test("name capture flow: access request creates canonical request for guardian", async () => {
     ensureConversation("conv-access-req-canonical");
     const session = createCallSession({

package/src/__tests__/runtime-attachment-metadata.test.ts

@@ -256,7 +256,6 @@ describe("WhatsApp channel ingress attachment resolution", () => {
         {
           type: "whatsapp",
           address: WHATSAPP_USER_ID,
-          externalUserId: WHATSAPP_USER_ID,
           status: "active",
           policy: "allow",
         },

package/src/__tests__/schedule-routes-workflow-validation.test.ts

@@ -1,10 +1,6 @@
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
-// These tests exercise the PATCH-side `workflowName` validation, which only
-// runs once the `workflows` feature flag is ON (the flag gate short-circuits
-// first when it is off). Mock the flag resolver to ON so the validation path is
-// reachable; the sibling schedule-routes.test.ts keeps the flag OFF and asserts
-// the flag-gate behavior, so the two files do not conflict.
+// These tests exercise the PATCH-side `workflowName` validation.
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -12,11 +8,6 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-mock.module("../config/assistant-feature-flags.js", () => ({
-  isAssistantFeatureFlagEnabled: (key: string) => key === "workflows",
-  getAssistantFeatureFlagValue: (key: string) => key === "workflows",
-}));
-
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({}),
   invalidateConfigCache: () => {},

package/src/__tests__/schedule-routes.test.ts

@@ -1243,36 +1243,6 @@ describe("POST /schedules — create", () => {
     ).toThrow("Only 'execute' and 'workflow' modes are supported");
   });
 
-  test("rejects workflow-mode creation when the workflows flag is off", () => {
-    // The mocked getConfig returns no feature flags, so `workflows` is off.
-    expect(() =>
-      postCreate({
-        name: "Triage",
-        description: "Triage the inbox every morning",
-        expression: "0 9 * * *",
-        message: "triage inbox",
-        mode: "workflow",
-        workflowName: "triage-inbox",
-      }),
-    ).toThrow("Workflows are not enabled");
-  });
-
-  test("rejects PATCH switching to workflow mode when the flag is off", () => {
-    const schedule = createSchedule({
-      name: "Plain execute",
-      cronExpression: "0 9 * * *",
-      message: "hi",
-      syntax: "cron",
-    });
-    const patch = findRoute("schedules/:id", "PATCH");
-    expect(() =>
-      patch.handler({
-        pathParams: { id: schedule.id },
-        body: { mode: "workflow", workflowName: "triage-inbox" },
-      }),
-    ).toThrow("Workflows are not enabled");
-  });
-
   test("rejects an unparseable expression", () => {
     expect(() =>
       postCreate({