@vellumai/assistant 0.9.0 → 0.10.0-staging.2

package/src/providers/search-provider-catalog.ts

@@ -105,6 +105,16 @@ export const SEARCH_PROVIDER_CATALOG: readonly SearchProviderCatalogEntry[] = [
     fallbackOrder: 3,
     privacyPolicyUrl: "https://tavily.com/privacy",
   },
+  {
+    id: "firecrawl",
+    displayName: "Firecrawl",
+    kind: "byok",
+    apiKeyPrefix: "fc-...",
+    envVar: "FIRECRAWL_API_KEY",
+    secretKey: "firecrawl",
+    fallbackOrder: 4,
+    privacyPolicyUrl: "https://www.firecrawl.dev/privacy-policy",
+  },
 ];
 
 /** Provider ids accepted by the web-search config schema. */

package/src/providers/weak-open-model.ts

@@ -0,0 +1,22 @@
+/**
+ * Family-level classification of "weak open models" — open-weight models
+ * (Kimi, DeepSeek, MiniMax, GLM) that disregard static instructions and have
+ * capability gaps that capable models (Claude, GPT) do not. Used by harness
+ * levers that coach or redirect these models without touching capable-model
+ * behavior: the task-progress-nudge plugin and the empty-dynamic_page surface
+ * redirect.
+ *
+ * Family-level matching spans provider naming conventions: OpenRouter
+ * `moonshotai/kimi-k2.6`, `deepseek/deepseek-chat`, `minimax/minimax-m3`;
+ * Fireworks `accounts/fireworks/models/minimax-m3`, `kimi-k2p6`. Extend the
+ * pattern as other open models show the same gaps.
+ *
+ * Distinct from exploration-drift's narrower `LOOP_PRONE_MODEL_PATTERN`, which
+ * targets specific loop-prone versions rather than the whole capability family.
+ */
+export const WEAK_OPEN_MODEL_PATTERN = /kimi|deepseek|minimax|glm/i;
+
+/** True when `model` is a weak open model (see {@link WEAK_OPEN_MODEL_PATTERN}). */
+export function isWeakOpenModel(model: string | null | undefined): boolean {
+  return typeof model === "string" && WEAK_OPEN_MODEL_PATTERN.test(model);
+}

package/src/runtime/AGENTS.md

@@ -22,7 +22,6 @@ GET handlers must be safe and side-effect-free — they must not enqueue backgro
 
 Accepted exceptions (stale-while-revalidate caches): a GET handler may kick off a bounded, fire-and-forget background refresh of a generated-content cache when no fresh cache exists, provided the handler itself stays read-only and returns immediately with cached/fallback copy, the refresh is single-flight (concurrent GETs share one regeneration), and a TTL bounds regeneration frequency. Current instances:
 
-- `GET /v1/identity/intro` — refreshes the generated greeting cache; the background prompt may only depend on static identity/soul context plus caller-supplied local hour/minute.
 - `GET /v1/home/feed` — refreshes the personalized home greeting and suggested-prompt caches via `revalidateHomeContentInBackground()`, which publishes `home_feed_updated` when fresh content lands so clients refetch. This is intentional: home content is generated on demand (when a user actually views Home), never at daemon startup or on a timer.
 - `GET /v1/conversation-starters` — enqueues a `generate_conversation_starters` memory job when the starter set is stale, cooldown-gated and deduped against in-flight jobs.
 

package/src/runtime/__tests__/agent-wake.test.ts

@@ -244,6 +244,55 @@ const recordRequestLogCalls: Array<{
   provider?: string;
   callSite?: string;
 }> = [];
+const recordUsageCalls: Array<{
+  conversationId: string;
+  inputTokens: number;
+  outputTokens: number;
+  model: string;
+  actor: string;
+  cacheCreationInputTokens: number;
+  cacheReadInputTokens: number;
+  callSite: unknown;
+  overrideProfile: unknown;
+  forceOverrideProfile: unknown;
+  selectionSeed: unknown;
+}> = [];
+mock.module("../../daemon/conversation-usage.js", () => ({
+  recordUsage: (
+    ctx: { conversationId: string },
+    inputTokens: number,
+    outputTokens: number,
+    model: string,
+    _onEvent: unknown,
+    actor: string,
+    _requestId: unknown,
+    cacheCreationInputTokens = 0,
+    cacheReadInputTokens = 0,
+    _rawResponse?: unknown,
+    _llmCallCount?: number,
+    _contextWindow?: unknown,
+    attribution?: {
+      callSite?: unknown;
+      overrideProfile?: unknown;
+      forceOverrideProfile?: unknown;
+      selectionSeed?: unknown;
+    },
+  ) => {
+    recordUsageCalls.push({
+      conversationId: ctx.conversationId,
+      inputTokens,
+      outputTokens,
+      model,
+      actor,
+      cacheCreationInputTokens,
+      cacheReadInputTokens,
+      callSite: attribution?.callSite ?? null,
+      overrideProfile: attribution?.overrideProfile ?? null,
+      forceOverrideProfile: attribution?.forceOverrideProfile,
+      selectionSeed: attribution?.selectionSeed,
+    });
+  },
+}));
 mock.module("../../memory/llm-request-log-store.js", () => ({
   recordRequestLog: (
     conversationId: string,
@@ -464,6 +513,7 @@ beforeEach(() => {
   __resetWakeChainForTests();
   wakeConvRegistry.clear();
   recordRequestLogCalls.length = 0;
+  recordUsageCalls.length = 0;
   mockGetOrCreateConversationCalls.length = 0;
   mockResolverTarget = null;
   mockGetConversationOverrideProfile = () => undefined;
@@ -1896,6 +1946,137 @@ describe("wakeAgentForOpportunity", () => {
     expect(recordRequestLogCalls[0]?.callSite).toBe("memoryRetrospective");
   });
 
+  test("wake records LLM usage to the cost ledger, attributed to its call site", async () => {
+    const usageEvent: AgentEvent = {
+      type: "usage",
+      inputTokens: 100,
+      outputTokens: 5,
+      model: "test-model",
+      actualProvider: "test-provider",
+      providerDurationMs: 10,
+      cacheCreationInputTokens: 7,
+      cacheReadInputTokens: 11,
+      rawRequest: { request: "retrospective wake" },
+      rawResponse: { response: "real reply" },
+    };
+    const conversation = makeWakeConversation({
+      baseline: [{ role: "user", content: [{ type: "text", text: "hi" }] }],
+      scriptedEvents: [usageEvent],
+      scriptedAssistant: {
+        role: "assistant",
+        content: [{ type: "text", text: "real reply" }],
+      },
+    });
+
+    await wakeAgentForOpportunity(
+      {
+        conversationId: conversation.conversationId,
+        hint: "do reply",
+        source: "unit-test",
+        callSite: "memoryRetrospective",
+      },
+      { resolveTarget: async () => conversation },
+    );
+
+    // A wake-driven LLM call records a usage row attributed to its
+    // conversation, so its cost reaches the ledger.
+    expect(recordUsageCalls).toHaveLength(1);
+    expect(recordUsageCalls[0]).toMatchObject({
+      conversationId: conversation.conversationId,
+      inputTokens: 100,
+      outputTokens: 5,
+      model: "test-model",
+      actor: "main_agent",
+      cacheCreationInputTokens: 7,
+      cacheReadInputTokens: 11,
+      callSite: "memoryRetrospective",
+      // Seed the dispatch path used for mix-arm resolution.
+      selectionSeed: conversation.conversationId,
+    });
+  });
+
+  test("forced-profile wake records usage under the forced profile, not the call site", async () => {
+    const usageEvent: AgentEvent = {
+      type: "usage",
+      inputTokens: 100,
+      outputTokens: 5,
+      model: "test-model",
+      actualProvider: "test-provider",
+      providerDurationMs: 10,
+      rawRequest: { request: "forced wake" },
+      rawResponse: { response: "real reply" },
+    };
+    const conversation = makeWakeConversation({
+      baseline: [{ role: "user", content: [{ type: "text", text: "hi" }] }],
+      scriptedEvents: [usageEvent],
+      scriptedAssistant: {
+        role: "assistant",
+        content: [{ type: "text", text: "real reply" }],
+      },
+    });
+
+    await wakeAgentForOpportunity(
+      {
+        conversationId: conversation.conversationId,
+        hint: "do reply",
+        source: "unit-test",
+        callSite: "memoryRetrospective",
+        // Stand-in for the source conversation's profile, floated above the
+        // call-site profile (fork retrospectives). `recordUsage` is mocked, so
+        // this value is only threaded through and asserted — not resolved.
+        forceOverrideProfile: "source-profile",
+      },
+      { resolveTarget: async () => conversation },
+    );
+
+    expect(recordUsageCalls).toHaveLength(1);
+    expect(recordUsageCalls[0]).toMatchObject({
+      overrideProfile: "source-profile",
+      forceOverrideProfile: true,
+      selectionSeed: conversation.conversationId,
+    });
+  });
+
+  test("silent no-op wake still records usage even though its request log is dropped", async () => {
+    const usageEvent: AgentEvent = {
+      type: "usage",
+      inputTokens: 100,
+      outputTokens: 5,
+      model: "test-model",
+      actualProvider: "test-provider",
+      providerDurationMs: 10,
+      rawRequest: { request: "no-op wake" },
+      rawResponse: { response: "no output" },
+    };
+    const conversation = makeWakeConversation({
+      baseline: [{ role: "user", content: [{ type: "text", text: "hi" }] }],
+      scriptedEvents: [usageEvent],
+      // Empty assistant text → silent no-op, so the request log is dropped.
+      scriptedAssistant: {
+        role: "assistant",
+        content: [{ type: "text", text: "" }],
+      },
+    });
+
+    await wakeAgentForOpportunity(
+      {
+        conversationId: conversation.conversationId,
+        hint: "consider doing nothing",
+        source: "unit-test",
+      },
+      { resolveTarget: async () => conversation },
+    );
+
+    // Silent wake drops its request log, but the call still cost money.
+    expect(recordRequestLogCalls).toHaveLength(0);
+    expect(recordUsageCalls).toHaveLength(1);
+    expect(recordUsageCalls[0]).toMatchObject({
+      conversationId: conversation.conversationId,
+      inputTokens: 100,
+      outputTokens: 5,
+    });
+  });
+
   test("non-serializable usage payload does not abort the wake", async () => {
     // Circular reference in rawRequest — JSON.stringify throws on this.
     // Serialization must happen inside persistLog's try/catch so the

package/src/runtime/__tests__/client-health.test.ts

@@ -0,0 +1,44 @@
+import { describe, expect, test } from "bun:test";
+
+import { isClientDegraded } from "../client-health.js";
+
+const HEARTBEAT_MS = 7_000;
+
+describe("isClientDegraded", () => {
+  test("fresh connection is not degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = now; // just connected
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(false);
+  });
+
+  test("actively heartbeating connection is not degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = new Date(now.getTime() - 2_000); // heartbeat 2s ago
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(false);
+  });
+
+  test("never-heartbeating connection that has gone stale is degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = new Date(now.getTime() - 30_000); // 30s since any activity
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(true);
+  });
+
+  test("heartbeated then froze is degraded (stale relative to now, not connectedAt)", () => {
+    const now = new Date(1_000_000);
+    // Connected long ago, heartbeated for a while, then stopped an hour ago.
+    const lastActiveAt = new Date(now.getTime() - 3_600_000);
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(true);
+  });
+
+  test("boundary: just under 2 heartbeat intervals stale is not degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = new Date(now.getTime() - (2 * HEARTBEAT_MS - 1));
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(false);
+  });
+
+  test("boundary: just over 2 heartbeat intervals stale is degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = new Date(now.getTime() - (2 * HEARTBEAT_MS + 1));
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(true);
+  });
+});

package/src/runtime/access-request-helper.ts

@@ -15,33 +15,20 @@ import type { ChannelId } from "../channels/types.js";
 import { findGuardianForChannel } from "../contacts/contact-store.js";
 import type { ChannelStatus } from "../contacts/types.js";
 import {
-  createCanonicalGuardianDelivery,
   createCanonicalGuardianRequest,
   listCanonicalGuardianRequests,
-  updateCanonicalGuardianDelivery,
 } from "../memory/canonical-guardian-store.js";
+import {
+  recordApprovalCardDelivery,
+  recordGuardianRequestDeliveries,
+} from "../notifications/canonical-delivery-recorder.js";
 import { emitNotificationSignal } from "../notifications/emit-signal.js";
-import type {
-  GuardianResolutionSource,
-  NotificationSourceChannel,
-} from "../notifications/signal.js";
-import type { NotificationDeliveryResult } from "../notifications/types.js";
+import type { GuardianResolutionSource } from "../notifications/signal.js";
 import { getLogger } from "../util/logger.js";
 import { GUARDIAN_APPROVAL_TTL_MS } from "./routes/channel-route-shared.js";
 
 const log = getLogger("access-request-helper");
 
-function applyDeliveryStatus(
-  deliveryId: string,
-  result: NotificationDeliveryResult,
-): void {
-  if (result.status === "sent") {
-    updateCanonicalGuardianDelivery(deliveryId, { status: "sent" });
-    return;
-  }
-  updateCanonicalGuardianDelivery(deliveryId, { status: "failed" });
-}
-
 // ---------------------------------------------------------------------------
 // Types
 // ---------------------------------------------------------------------------
@@ -127,7 +114,7 @@ export function notifyGuardianOfAccessRequest(
     sourceGuardian &&
     sourceGuardian.contact.principalId === assistantGuardianPrincipalId
   ) {
-    guardianExternalUserId = sourceGuardian.channel.externalUserId;
+    guardianExternalUserId = sourceGuardian.channel.address;
     guardianPrincipalId = sourceGuardian.contact.principalId;
     guardianBindingChannel = sourceGuardian.channel.type;
     guardianResolutionSource = "source-channel-contact";
@@ -136,8 +123,7 @@ export function notifyGuardianOfAccessRequest(
   // Access requests always require a principal. If source-channel resolution
   // did not match the assistant anchor, use the anchored vellum identity.
   if (!guardianPrincipalId && vellumGuardian) {
-    guardianExternalUserId =
-      vellumGuardian.channel.externalUserId ?? guardianExternalUserId;
+    guardianExternalUserId = vellumGuardian.channel.address;
     guardianPrincipalId = assistantGuardianPrincipalId ?? null;
     guardianBindingChannel = guardianBindingChannel ?? "vellum";
     guardianResolutionSource = "vellum-anchor";
@@ -200,7 +186,7 @@ export function notifyGuardianOfAccessRequest(
     expiresAt: Date.now() + GUARDIAN_APPROVAL_TTL_MS,
   });
 
-  let vellumDeliveryId: string | null = null;
+  let vellumDeliveryId: string | undefined;
   // When the access request originates from a text channel with
   // notification delivery support (Slack, Telegram) and the guardian was
   // resolved via a verified same-channel contact, route the notification
@@ -219,7 +205,7 @@ export function notifyGuardianOfAccessRequest(
 
   void emitNotificationSignal({
     sourceEventName: "ingress.access_request",
-    sourceChannel: sourceChannel as NotificationSourceChannel,
+    sourceChannel,
     sourceContextId: `access-req-${sourceChannel}-${actorExternalId}`,
     requiresConversation: true,
     ...(sameChannelOnly ? { routingIntent: "single_channel" as const } : {}),
@@ -250,44 +236,26 @@ export function notifyGuardianOfAccessRequest(
     onConversationCreated: (info) => {
       if (info.sourceEventName !== "ingress.access_request" || vellumDeliveryId)
         return;
-      const delivery = createCanonicalGuardianDelivery({
+      vellumDeliveryId = recordApprovalCardDelivery({
         requestId: canonicalRequest.id,
-        destinationChannel: "vellum",
-        destinationConversationId: info.conversationId,
-      });
-      vellumDeliveryId = delivery.id;
+        channel: "vellum",
+        conversationId: info.conversationId,
+      })?.id;
     },
   })
     .then((signalResult) => {
-      for (const result of signalResult.deliveryResults) {
-        if (result.channel === "vellum") {
-          if (!vellumDeliveryId) {
-            const delivery = createCanonicalGuardianDelivery({
-              requestId: canonicalRequest.id,
-              destinationChannel: "vellum",
-              destinationConversationId: result.conversationId,
-            });
-            vellumDeliveryId = delivery.id;
-          }
-          applyDeliveryStatus(vellumDeliveryId, result);
-          continue;
-        }
-
-        const delivery = createCanonicalGuardianDelivery({
-          requestId: canonicalRequest.id,
-          destinationChannel: result.channel,
-          destinationChatId:
-            result.destination.length > 0 ? result.destination : undefined,
-        });
-        applyDeliveryStatus(delivery.id, result);
-      }
+      vellumDeliveryId = recordGuardianRequestDeliveries({
+        requestId: canonicalRequest.id,
+        deliveryResults: signalResult.deliveryResults,
+        vellumDeliveryId,
+      });
 
       if (!vellumDeliveryId && !sameChannelOnly) {
-        const fallback = createCanonicalGuardianDelivery({
+        recordApprovalCardDelivery({
           requestId: canonicalRequest.id,
-          destinationChannel: "vellum",
+          channel: "vellum",
+          status: "failed",
         });
-        updateCanonicalGuardianDelivery(fallback.id, { status: "failed" });
         log.warn(
           { requestId: canonicalRequest.id, reason: signalResult.reason },
           "Notification pipeline did not produce a vellum delivery result for access request",

package/src/runtime/actor-trust-resolver.ts

@@ -8,13 +8,17 @@
  * Trust classifications:
  * - `guardian`: sender matches the guardian contact's channel for this channel type.
  * - `trusted_contact`: sender is an active contact channel (not the guardian).
- * - `unknown`: sender has no matching contact or no identity could be established.
+ * - `unverified_contact`: sender matches a contact channel that is pending or
+ *   unverified — known to the guardian but not yet through verification.
+ *   Treated identically to `trusted_contact` downstream; the distinction only
+ *   matters at the admission floor (see channel admission policy).
+ * - `unknown`: sender has no matching contact, no identity could be
+ *   established, or the contact's channel is blocked/revoked.
  */
 
 import type { ChannelId } from "../channels/types.js";
 import {
   findContactByAddress,
-  findContactByChannelExternalId,
   findGuardianForChannel,
 } from "../contacts/contact-store.js";
 import type { ContactChannel, ContactWithChannels } from "../contacts/types.js";
@@ -39,22 +43,35 @@ export type { TrustContext } from "../daemon/trust-context.js";
  * - `'trusted_contact'`: The sender is an active contact with a channel
  *   (not the guardian). Trusted contacts can invoke tools but require
  *   guardian approval for sensitive operations.
+ * - `'unverified_contact'`: The sender matches a contact channel whose
+ *   status is `pending` or `unverified` — known to the guardian but not yet
+ *   verified. Treated identically to `trusted_contact` for every downstream
+ *   capability/tool/approval decision; the distinction is admission-only.
  * - `'unknown'`: The sender has no contact record, no identity could be
- *   established, or the sender is an inactive/revoked contact. Unknown
+ *   established, or the sender is a blocked/revoked contact. Unknown
  *   actors are fail-closed with no escalation path.
  */
-export type TrustClass = "guardian" | "trusted_contact" | "unknown";
+export type TrustClass =
+  | "guardian"
+  | "trusted_contact"
+  | "unverified_contact"
+  | "unknown";
 
-/** Returns `true` for actors that are not fully trusted (i.e. not the guardian). */
-export function isUntrustedTrustClass(
-  trustClass: TrustClass | undefined,
-): boolean {
-  return (
-    trustClass === "trusted_contact" ||
-    trustClass === "unknown" ||
-    trustClass === undefined
-  );
-}
+/**
+ * Trust-class ordinal used by the per-channel admission policy floor check.
+ * Higher rank = more trusted. Blocked/revoked never reach classification —
+ * their effective rank is 0 and is enforced by the inbound ACL stage's
+ * member-status short-circuit, not via this table.
+ *
+ * See `wave-b-plan.md` §2.4. Paired with `ADMISSION_FLOOR` from
+ * `@vellumai/gateway-client` — both tables move together.
+ */
+export const TRUST_CLASS_RANK: Record<TrustClass, number> = {
+  guardian: 4,
+  trusted_contact: 3,
+  unverified_contact: 2,
+  unknown: 1,
+};
 
 /**
  * Fully resolved trust context from the actor trust resolver.
@@ -181,19 +198,13 @@ export function resolveActorTrust(
   if (guardianResult) {
     const { contact: guardianContact, channel: guardianChannel } =
       guardianResult;
-    const canonicalGuardianId = guardianChannel.externalUserId
-      ? canonicalizeInboundIdentity(
-          input.sourceChannel,
-          guardianChannel.externalUserId,
-        )
-      : null;
     guardianBindingMatch = {
-      guardianExternalUserId: guardianChannel.externalUserId ?? "",
+      guardianExternalUserId: guardianChannel.address,
       guardianDeliveryChatId: guardianChannel.externalChatId,
     };
     guardianPrincipalId = guardianContact.principalId ?? undefined;
     isGuardian =
-      canonicalGuardianId != null && canonicalGuardianId === canonicalSenderId;
+      guardianChannel.address.toLowerCase() === canonicalSenderId.toLowerCase();
   }
 
   log.debug(
@@ -206,37 +217,18 @@ export function resolveActorTrust(
   );
 
   // --- Member lookup via contacts ---
-  // Primary path: match by externalUserId (populated after channel verification
-  // completes, or for channels registered via the verification upsert path).
-  // Fallback path: match by address (covers channels registered by the inbound
-  // name-capture flow, where address is set but externalUserId remains NULL
-  // until the DTMF challenge succeeds). Mirrors the gateway's OR-based lookup
-  // in ContactStore.getContactByPhoneNumber so the runtime's unverified-caller
-  // guard fires for pre-verification channels the gateway passes through.
   let memberRecord: ActorTrustContext["memberRecord"] = null;
-  const byExternalId = findContactByChannelExternalId(
+  const byAddress = findContactByAddress(
     input.sourceChannel,
     canonicalSenderId,
   );
-  const byExternalIdChannel = byExternalId?.channels.find(
+  const byAddressChannel = byAddress?.channels.find(
     (ch) =>
       ch.type === input.sourceChannel &&
-      ch.externalUserId === canonicalSenderId,
+      ch.address.toLowerCase() === canonicalSenderId.toLowerCase(),
   );
-
-  if (byExternalId && byExternalIdChannel) {
-    memberRecord = { contact: byExternalId, channel: byExternalIdChannel };
-  } else {
-    // Address fallback: catches channels where externalUserId is not yet set.
-    const byAddress = findContactByAddress(input.sourceChannel, canonicalSenderId);
-    const byAddressChannel = byAddress?.channels.find(
-      (ch) =>
-        ch.type === input.sourceChannel &&
-        ch.address?.toLowerCase() === canonicalSenderId.toLowerCase(),
-    );
-    if (byAddress && byAddressChannel) {
-      memberRecord = { contact: byAddress, channel: byAddressChannel };
-    }
+  if (byAddress && byAddressChannel) {
+    memberRecord = { contact: byAddress, channel: byAddressChannel };
   }
 
   log.debug(
@@ -244,23 +236,16 @@ export function resolveActorTrust(
       channel: input.sourceChannel,
       canonicalSenderId,
       found: !!memberRecord,
-      via: memberRecord?.channel.externalUserId ? "externalUserId" : memberRecord ? "address" : "none",
+      via: memberRecord ? "address" : "none",
     },
     "trust-resolver member lookup",
   );
 
   // Only use member metadata when the record's channel identity matches the
   // current sender to avoid misidentification in group chats.
-  // Primary check: externalUserId (canonicalized to handle E.164 variance).
-  // Fallback: address match for channels where externalUserId is NULL (e.g.
-  // name-capture registrations that haven't completed DTMF verification yet).
-  const memberMatchesSender = memberRecord?.channel.externalUserId
-    ? canonicalizeInboundIdentity(
-        input.sourceChannel,
-        memberRecord.channel.externalUserId,
-      ) === canonicalSenderId
-    : (memberRecord?.channel.address?.toLowerCase() ===
-      canonicalSenderId.toLowerCase());
+  const memberMatchesSender =
+    memberRecord?.channel.address.toLowerCase() ===
+    canonicalSenderId.toLowerCase();
 
   const memberDisplayName =
     memberMatchesSender &&
@@ -281,12 +266,23 @@ export function resolveActorTrust(
   let trustClass: TrustClass;
   if (isGuardian) {
     trustClass = "guardian";
-  } else if (
-    memberMatchesSender &&
-    memberRecord &&
-    memberRecord.channel.status === "active"
-  ) {
-    trustClass = "trusted_contact";
+  } else if (memberMatchesSender && memberRecord) {
+    const status = memberRecord.channel.status;
+    if (status === "active") {
+      trustClass = "trusted_contact";
+    } else if (status === "unverified" || status === "pending") {
+      // Pre-verification / awaiting-verification contacts get their own
+      // admission tier. Treated identically to trusted_contact for ALL
+      // downstream capability/tool/approval decisions; the distinction
+      // only matters at the channel admission floor.
+      trustClass = "unverified_contact";
+    } else {
+      // status === "blocked" or "revoked" → unknown. acl-enforcement
+      // re-checks resolvedMember.channel.status and emits the appropriate
+      // member_blocked / member_revoked reasons, so hard-deny semantics
+      // for these statuses are preserved end-to-end.
+      trustClass = "unknown";
+    }
   } else {
     trustClass = "unknown";
   }