@vellumai/assistant 0.9.0 → 0.10.0-staging.2

package/src/workflows/run-manager.test.ts

@@ -22,7 +22,6 @@ import {
   WorkflowRunCapError,
   WorkflowRunManager,
   type WorkflowRunManagerDeps,
-  WorkflowsDisabledError,
 } from "./run-manager.js";
 
 const TRUST: TrustContext = {
@@ -144,7 +143,6 @@ interface EngineResult {
  * deterministically), an in-memory journal, and spies for broadcast + wake.
  */
 function makeHarness(opts?: {
-  flagEnabled?: boolean;
   maxConcurrentRuns?: number;
   /** Custom engine impl; defaults to the deferred-resolver fake. */
   engine?: WorkflowRunManagerDeps["executeWorkflow"];
@@ -190,7 +188,6 @@ function makeHarness(opts?: {
     }) as unknown as WorkflowRunManagerDeps["leafRunner"],
     journal: fake.journal,
     getConfig: () => makeConfig(opts?.maxConcurrentRuns),
-    isFlagEnabled: () => opts?.flagEnabled ?? true,
     wake: (async (wakeOpts) => {
       wakes.push({
         conversationId: wakeOpts.conversationId,
@@ -227,22 +224,6 @@ function makeHarness(opts?: {
   };
 }
 
-describe("WorkflowRunManager.start — flag gate", () => {
-  test("flag off → start throws and the engine is never invoked", () => {
-    const h = makeHarness({ flagEnabled: false });
-    expect(() =>
-      h.manager.start({
-        scriptSource: "export const meta = { name: 'x', description: 'y' }",
-        args: {},
-        manifest: { tools: [], hostFunctions: [], persona: false },
-        trustContext: TRUST,
-      }),
-    ).toThrow(WorkflowsDisabledError);
-    expect(h.executeCalls).toHaveLength(0);
-    expect(h.fake.rows.size).toBe(0);
-  });
-});
-
 describe("WorkflowRunManager.start — concurrent-run cap", () => {
   test("the (N+1)th concurrent start is rejected", () => {
     const h = makeHarness({ maxConcurrentRuns: 2 });
@@ -311,6 +292,7 @@ describe("WorkflowRunManager.abort", () => {
       scriptSource: "export const meta = { name: 'x', description: 'y' }",
       args: {},
       manifest: { tools: [], hostFunctions: [], persona: false },
+      conversationId: "conv-1",
       trustContext: TRUST,
     });
 
@@ -337,6 +319,7 @@ describe("WorkflowRunManager — progress events", () => {
       scriptSource: "export const meta = { name: 'x', description: 'y' }",
       args: {},
       manifest: { tools: [], hostFunctions: [], persona: false },
+      conversationId: "conv-1",
       label: "My Flow",
       trustContext: TRUST,
     });
@@ -349,14 +332,164 @@ describe("WorkflowRunManager — progress events", () => {
     expect(progress).toHaveLength(2);
     expect(progress[0]).toMatchObject({
       type: "workflow_progress",
+      conversationId: "conv-1",
       label: "My Flow",
       phase: "Gathering",
     });
     expect(progress[1]).toMatchObject({
       type: "workflow_progress",
+      conversationId: "conv-1",
       message: "step done",
     });
   });
+
+  test("a run with no conversation broadcasts progress unscoped (no conversationId)", () => {
+    const h = makeHarness();
+    h.manager.start({
+      scriptSource: "export const meta = { name: 'x', description: 'y' }",
+      args: {},
+      manifest: { tools: [], hostFunctions: [], persona: false },
+      label: "My Flow",
+      trustContext: TRUST,
+    });
+
+    const onProgress = h.executeCalls[0]!.onProgress!;
+    onProgress({ type: "phase", title: "Gathering" });
+    onProgress({ type: "log", message: "step done" });
+
+    // `workflow_progress` is a pre-existing event; it still broadcasts for a
+    // conversationless run, just without a `conversationId` (unscoped).
+    const progress = h.broadcasts.filter((b) => b.type === "workflow_progress");
+    expect(progress).toHaveLength(2);
+    expect(progress[0]).toMatchObject({
+      type: "workflow_progress",
+      label: "My Flow",
+      phase: "Gathering",
+    });
+    expect(progress[0]).not.toHaveProperty("conversationId");
+  });
+
+  test("onLeaf start/finish are republished as scoped leaf events", () => {
+    const fakeEngine: WorkflowRunManagerDeps["executeWorkflow"] = (options) => {
+      options.onLeaf?.({
+        type: "leaf_started",
+        seq: 1,
+        label: "Research",
+        phase: "Gather",
+        promptSummary: "look it up",
+      });
+      options.onLeaf?.({
+        type: "leaf_finished",
+        seq: 1,
+        status: "completed",
+        label: "Research",
+        inputTokens: 30,
+        outputTokens: 12,
+        resultSummary: "found it",
+      });
+      return new Promise(() => {}) as ReturnType<
+        WorkflowRunManagerDeps["executeWorkflow"]
+      >;
+    };
+    const h = makeHarness({ engine: fakeEngine });
+
+    const { runId } = h.manager.start({
+      scriptSource: "export const meta = { name: 'x', description: 'y' }",
+      args: {},
+      manifest: { tools: [], hostFunctions: [], persona: false },
+      conversationId: "conv-1",
+      trustContext: TRUST,
+    });
+
+    const started = h.broadcasts.find(
+      (b) => b.type === "workflow_leaf_started",
+    );
+    expect(started).toMatchObject({
+      type: "workflow_leaf_started",
+      runId,
+      conversationId: "conv-1",
+      seq: 1,
+      label: "Research",
+      phase: "Gather",
+      promptSummary: "look it up",
+    });
+
+    const finished = h.broadcasts.find(
+      (b) => b.type === "workflow_leaf_finished",
+    );
+    expect(finished).toMatchObject({
+      type: "workflow_leaf_finished",
+      runId,
+      conversationId: "conv-1",
+      seq: 1,
+      status: "completed",
+      label: "Research",
+      inputTokens: 30,
+      outputTokens: 12,
+      resultSummary: "found it",
+    });
+  });
+
+  test("a run with no conversation gets no onLeaf callback", () => {
+    const h = makeHarness();
+    h.manager.start({
+      scriptSource: "export const meta = { name: 'x', description: 'y' }",
+      args: {},
+      manifest: { tools: [], hostFunctions: [], persona: false },
+      trustContext: TRUST,
+    });
+
+    expect(h.executeCalls[0]!.onLeaf).toBeUndefined();
+  });
+});
+
+describe("WorkflowRunManager.start — workflow_started", () => {
+  test("start with a conversation broadcasts workflow_started carrying toolUseId", () => {
+    const h = makeHarness();
+    const { runId } = h.manager.start({
+      scriptSource: "export const meta = { name: 'x', description: 'y' }",
+      args: {},
+      manifest: { tools: [], hostFunctions: [], persona: false },
+      conversationId: "conv-1",
+      toolUseId: "toolu-abc",
+      label: "My Flow",
+      trustContext: TRUST,
+    });
+
+    const started = h.broadcasts.find((b) => b.type === "workflow_started");
+    expect(started).toMatchObject({
+      type: "workflow_started",
+      runId,
+      conversationId: "conv-1",
+      toolUseId: "toolu-abc",
+      label: "My Flow",
+    });
+  });
+
+  test("start without a conversation broadcasts no workflow_started", () => {
+    const h = makeHarness();
+    h.manager.start({
+      scriptSource: "export const meta = { name: 'x', description: 'y' }",
+      args: {},
+      manifest: { tools: [], hostFunctions: [], persona: false },
+      trustContext: TRUST,
+    });
+
+    expect(h.broadcasts.some((b) => b.type === "workflow_started")).toBe(false);
+  });
+
+  test("resume never broadcasts workflow_started", () => {
+    const h = makeHarness({});
+    seedRun(h, {
+      id: "run-x",
+      status: "interrupted",
+      conversationId: "conv-1",
+    });
+
+    h.manager.resume("run-x");
+
+    expect(h.broadcasts.some((b) => b.type === "workflow_started")).toBe(false);
+  });
 });
 
 describe("WorkflowRunManager — completion", () => {
@@ -383,6 +516,7 @@ describe("WorkflowRunManager — completion", () => {
     expect(completed).toMatchObject({
       type: "workflow_completed",
       runId,
+      conversationId: "conv-1",
       status: "completed",
       agentsSpawned: 4,
       inputTokens: 100,
@@ -437,7 +571,7 @@ describe("WorkflowRunManager — completion", () => {
     expect(h.manager.status(runId)?.result).toBe(big);
   });
 
-  test("no conversationId → completion events fire but no wake", async () => {
+  test("no conversationId → pre-existing events broadcast unscoped; UI events and wake are gated", async () => {
     const h = makeHarness();
     h.manager.start({
       scriptSource: "export const meta = { name: 'x', description: 'y' }",
@@ -454,8 +588,23 @@ describe("WorkflowRunManager — completion", () => {
       outputTokens: 1,
     });
 
-    expect(h.broadcasts.some((b) => b.type === "workflow_completed")).toBe(
-      true,
+    // The pre-existing terminal event still broadcasts (unscoped) so raw SSE
+    // listeners and conversationless scheduled runs are still surfaced.
+    const completed = h.broadcasts.find((b) => b.type === "workflow_completed");
+    expect(completed).toMatchObject({
+      type: "workflow_completed",
+      status: "completed",
+    });
+    expect(completed).not.toHaveProperty("conversationId");
+
+    // The conversation-only signals stay gated: no `workflow_started`, no leaf
+    // events, and no completion wake without an originating conversation.
+    expect(h.broadcasts.some((b) => b.type === "workflow_started")).toBe(false);
+    expect(h.broadcasts.some((b) => b.type === "workflow_leaf_started")).toBe(
+      false,
+    );
+    expect(h.broadcasts.some((b) => b.type === "workflow_leaf_finished")).toBe(
+      false,
     );
     expect(h.wakes).toHaveLength(0);
   });
@@ -702,10 +851,4 @@ describe("WorkflowRunManager.resume", () => {
 
     expect(() => h.manager.resume("run-x")).toThrow(WorkflowRunCapError);
   });
-
-  test("resume is rejected when the flag is off", () => {
-    const h = makeHarness({ flagEnabled: false });
-    seedRun(h, { id: "run-x", status: "interrupted" });
-    expect(() => h.manager.resume("run-x")).toThrow(WorkflowsDisabledError);
-  });
 });

package/src/workflows/run-manager.ts

@@ -5,8 +5,6 @@
  * and routes (later PRs) drive. It owns everything the raw {@link executeWorkflow}
  * engine deliberately does NOT:
  *
- *  - **Feature-flag gate.** `start` hard-fails with {@link WorkflowsDisabledError}
- *    when the `workflows` flag is off, BEFORE any engine code path is reachable.
  *  - **Concurrent-run cap.** At most `config.workflows.maxConcurrentRuns` runs
  *    may be in flight; the (N+1)th `start` throws {@link WorkflowRunCapError}.
  *  - **Async launch.** `start` resolves capabilities, creates the journal run
@@ -28,7 +26,6 @@
 
 import { createHash, randomUUID } from "node:crypto";
 
-import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import { getConfig } from "../config/loader.js";
 import type { AssistantConfig } from "../config/schema.js";
 import {
@@ -58,15 +55,6 @@ const log = getLogger("workflow-run-manager");
 /** Source tag for the completion wake (shows up in the wake's structured log). */
 const WORKFLOW_WAKE_SOURCE = "workflow_completed";
 
-/** Thrown by `start` when the `workflows` feature flag is disabled. */
-export class WorkflowsDisabledError extends Error {
-  readonly code = "workflows_disabled" as const;
-  constructor() {
-    super("Workflows are not enabled.");
-    this.name = "WorkflowsDisabledError";
-  }
-}
-
 /** Thrown by `start` when the concurrent-run cap is already reached. */
 export class WorkflowRunCapError extends Error {
   readonly code = "workflow_run_cap_exceeded" as const;
@@ -126,6 +114,11 @@ interface StartWorkflowCommon {
    * scheduled run with no chat surface) — the summary is then events-only.
    */
   conversationId?: string;
+  /**
+   * The `skill_execute` tool-use block id that launched this run; forwarded on
+   * `workflow_started` so the client anchors the inline card to the spawn call.
+   */
+  toolUseId?: string;
   /** Human-readable label for display; defaults to the run id. */
   label?: string;
   /** Trust/auth context forwarded to every leaf. */
@@ -141,7 +134,6 @@ export interface WorkflowRunManagerDeps {
   leafRunner: typeof runLeaf;
   journal: typeof journalStore;
   getConfig: () => AssistantConfig;
-  isFlagEnabled: (config: AssistantConfig) => boolean;
   wake: typeof wakeAgentForOpportunity;
   broadcast: typeof broadcastMessage;
   newRunId: () => string;
@@ -155,8 +147,6 @@ function defaultDeps(): WorkflowRunManagerDeps {
     leafRunner: runLeaf,
     journal: journalStore,
     getConfig,
-    isFlagEnabled: (config) =>
-      isAssistantFeatureFlagEnabled("workflows", config),
     wake: wakeAgentForOpportunity,
     broadcast: broadcastMessage,
     newRunId: () => randomUUID(),
@@ -178,18 +168,14 @@ export class WorkflowRunManager {
   }
 
   /**
-   * Launch a workflow run. Gates on the `workflows` flag and the concurrent-run
-   * cap (both throw before any engine code is reachable), resolves capabilities,
+   * Launch a workflow run. Gates on the concurrent-run cap (which throws before
+   * any engine code is reachable), resolves capabilities,
    * creates the journal run row, and kicks off {@link executeWorkflow}
    * asynchronously. Returns the `runId` immediately — completion is surfaced via
    * events and a conversation wake.
    */
   start(opts: StartWorkflowOptions): { runId: string } {
     const config = this.deps.getConfig();
-    if (!this.deps.isFlagEnabled(config)) {
-      throw new WorkflowsDisabledError();
-    }
-
     const limit = config.workflows.maxConcurrentRuns;
     if (this.inflight.size >= limit) {
       throw new WorkflowRunCapError(limit);
@@ -234,6 +220,19 @@ export class WorkflowRunManager {
     const controller = new AbortController();
     this.inflight.set(runId, controller);
 
+    // Announce the launch only when there's a conversation to scope it to (the
+    // same gate the in-flight/terminal broadcasts use). `resume` never emits
+    // this — the run already announced itself on its original `start`.
+    if (opts.conversationId) {
+      this.deps.broadcast({
+        type: "workflow_started",
+        runId,
+        conversationId: opts.conversationId,
+        ...(opts.toolUseId ? { toolUseId: opts.toolUseId } : {}),
+        label,
+      });
+    }
+
     // Fire-and-forget: the engine owns its own try/catch and always finishes
     // the run row. We never await it — `start` must return synchronously.
     void this.runToCompletion(
@@ -282,9 +281,6 @@ export class WorkflowRunManager {
    */
   resume(runId: string): { runId: string } {
     const config = this.deps.getConfig();
-    if (!this.deps.isFlagEnabled(config)) {
-      throw new WorkflowsDisabledError();
-    }
 
     if (this.inflight.has(runId)) {
       throw new WorkflowResumeNotPossibleError(runId, "in_flight");
@@ -398,6 +394,14 @@ export class WorkflowRunManager {
     ctx: RunContext,
   ): Promise<void> {
     const config = this.deps.getConfig();
+    // `workflow_progress` / `workflow_completed` always broadcast: a run with no
+    // originating conversation emits them unscoped (no `conversationId`) for raw
+    // SSE listeners and the DB record, preserving the pre-scoping contract that
+    // surfaces conversationless scheduled runs. The conversation-only signals —
+    // `workflow_started`, the `onLeaf` leaf events, and the completion wake —
+    // stay gated on `conversationId` since they exist solely to drive the inline
+    // workflow card in that conversation.
+    const conversationId = ctx.conversationId;
     try {
       const result = await this.deps.executeWorkflow({
         runId,
@@ -415,6 +419,7 @@ export class WorkflowRunManager {
           this.deps.broadcast({
             type: "workflow_progress",
             runId,
+            ...(conversationId ? { conversationId } : {}),
             label,
             agentsSpawned,
             ...(event.type === "phase"
@@ -422,6 +427,41 @@ export class WorkflowRunManager {
               : { message: event.message }),
           });
         },
+        ...(conversationId
+          ? {
+              onLeaf: (event) => {
+                if (event.type === "leaf_started") {
+                  this.deps.broadcast({
+                    type: "workflow_leaf_started",
+                    runId,
+                    conversationId,
+                    seq: event.seq,
+                    ...(event.label !== undefined
+                      ? { label: event.label }
+                      : {}),
+                    ...(event.phase !== undefined
+                      ? { phase: event.phase }
+                      : {}),
+                    promptSummary: event.promptSummary,
+                  });
+                } else {
+                  this.deps.broadcast({
+                    type: "workflow_leaf_finished",
+                    runId,
+                    conversationId,
+                    seq: event.seq,
+                    status: event.status,
+                    ...(event.label !== undefined
+                      ? { label: event.label }
+                      : {}),
+                    inputTokens: event.inputTokens,
+                    outputTokens: event.outputTokens,
+                    resultSummary: event.resultSummary,
+                  });
+                }
+              },
+            }
+          : {}),
       });
 
       const summary = buildCompletionSummary(
@@ -434,6 +474,7 @@ export class WorkflowRunManager {
       this.deps.broadcast({
         type: "workflow_completed",
         runId,
+        ...(conversationId ? { conversationId } : {}),
         status: result.status,
         agentsSpawned: result.agentsSpawned,
         inputTokens: result.inputTokens,
@@ -495,6 +536,7 @@ interface RunContext {
 const VALID_TRUST_CLASSES: ReadonlySet<TrustContext["trustClass"]> = new Set([
   "guardian",
   "trusted_contact",
+  "unverified_contact",
   "unknown",
 ]);
 

package/src/workspace/migrations/105-enable-memory-v3-live-for-new-workspaces.ts

@@ -0,0 +1,63 @@
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import type { MigrationRunContext, WorkspaceMigration } from "./types.js";
+
+/**
+ * Switch brand-new assistants onto memory-v3 (the live injected memory source)
+ * at creation by persisting `memory.v3.live = true`.
+ *
+ * The schema default is `false`, so existing assistants keep running v2 on
+ * upgrade — this migration writes the value only for freshly-created
+ * workspaces. The value gates v3 via `isMemoryV3Live`; existing assistants are
+ * switched on deliberately, never automatically. Covers every surface (local,
+ * Docker, managed) uniformly because all run workspace migrations on first boot.
+ */
+export const enableMemoryV3LiveForNewWorkspacesMigration: WorkspaceMigration = {
+  id: "105-enable-memory-v3-live-for-new-workspaces",
+  description:
+    "Persist memory.v3.live=true for brand-new workspaces so new assistants run memory-v3 from creation",
+
+  run(workspaceDir: string, ctx?: MigrationRunContext): void {
+    // Only switch new assistants on. Existing workspaces fall through to the
+    // schema default (false) and keep running v2 until enabled explicitly.
+    // Without a context (older callers) treat the workspace as existing.
+    if (!ctx?.isNewWorkspace) return;
+
+    const configPath = join(workspaceDir, "config.json");
+
+    // A fresh workspace may have no config.json yet (schema defaults are
+    // applied in memory at load); create one so the live default persists.
+    let config: Record<string, unknown> = {};
+    if (existsSync(configPath)) {
+      try {
+        const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+        if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+        config = raw as Record<string, unknown>;
+      } catch {
+        return;
+      }
+    }
+
+    if (config.memory === undefined) config.memory = {};
+    const memory = config.memory;
+    if (!memory || typeof memory !== "object" || Array.isArray(memory)) return;
+    const memoryConfig = memory as Record<string, unknown>;
+
+    if (memoryConfig.v3 === undefined) memoryConfig.v3 = {};
+    const v3 = memoryConfig.v3;
+    if (!v3 || typeof v3 !== "object" || Array.isArray(v3)) return;
+    const v3Config = v3 as Record<string, unknown>;
+
+    // Respect an explicit value already present (idempotent re-runs, or a
+    // hatch-time override that set it deliberately).
+    if ("live" in v3Config) return;
+
+    v3Config.live = true;
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
+
+  down(_workspaceDir: string): void {
+    // Forward-only: cannot distinguish a user's explicit choice from this seed.
+  },
+};

package/src/workspace/migrations/106-drop-collect-usage-data.ts

@@ -0,0 +1,47 @@
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+/**
+ * Drops the `collectUsageData` config key (gating is governed by the platform
+ * `share_analytics` consent). An explicit local opt-out (`collectUsageData:
+ * false`) is preserved as `legacyTelemetryOptOut: true` so telemetry stays off
+ * regardless of platform consent, which defaults to opt-in and cannot be
+ * written by the daemon. A `true`/non-false value carries no opt-out intent, so
+ * the key is removed without setting the marker. The schema strips unknown keys
+ * on the next save, so a stale value is otherwise harmless.
+ */
+export const dropCollectUsageDataMigration: WorkspaceMigration = {
+  id: "106-drop-collect-usage-data",
+  description:
+    "Drop collectUsageData; preserve an explicit opt-out as legacyTelemetryOptOut (telemetry is gated by platform share_analytics consent)",
+  run(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return; // Malformed config — skip
+    }
+
+    if (!("collectUsageData" in config)) return;
+
+    // An explicit opt-out is preserved as a fail-closed marker; any non-false
+    // value carries no opt-out intent.
+    if (config.collectUsageData === false) {
+      config.legacyTelemetryOptOut = true;
+    }
+
+    delete config.collectUsageData;
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
+  down(_workspaceDir: string): void {
+    // No-op: the forward migration only removes a key and sets a fail-closed
+    // marker, so there is nothing to restore.
+  },
+};

package/src/workspace/migrations/107-drop-send-diagnostics.ts

@@ -0,0 +1,47 @@
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+/**
+ * Drops the `sendDiagnostics` config key (crash reporting is governed by the
+ * platform `share_diagnostics` consent). An explicit local opt-out
+ * (`sendDiagnostics: false`) is preserved as `legacyDiagnosticsOptOut: true` so
+ * Sentry stays off regardless of platform consent, which defaults to opt-in and
+ * cannot be written by the daemon. A `true`/non-false value carries no opt-out
+ * intent, so the key is removed without setting the marker. The schema strips
+ * unknown keys on the next save, so a stale value is otherwise harmless.
+ */
+export const dropSendDiagnosticsMigration: WorkspaceMigration = {
+  id: "107-drop-send-diagnostics",
+  description:
+    "Drop sendDiagnostics; preserve an explicit opt-out as legacyDiagnosticsOptOut (crash reporting is gated by platform share_diagnostics consent)",
+  run(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return; // Malformed config — skip
+    }
+
+    if (!("sendDiagnostics" in config)) return;
+
+    // An explicit opt-out is preserved as a fail-closed marker; any non-false
+    // value carries no opt-out intent.
+    if (config.sendDiagnostics === false) {
+      config.legacyDiagnosticsOptOut = true;
+    }
+
+    delete config.sendDiagnostics;
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
+  down(_workspaceDir: string): void {
+    // No-op: the forward migration only removes a key and sets a fail-closed
+    // marker, so there is nothing to restore.
+  },
+};