@vellumai/assistant 0.9.1-staging.1 → 0.10.0-staging.2

package/src/providers/search-provider-catalog.ts

@@ -105,6 +105,16 @@ export const SEARCH_PROVIDER_CATALOG: readonly SearchProviderCatalogEntry[] = [
     fallbackOrder: 3,
     privacyPolicyUrl: "https://tavily.com/privacy",
   },
+  {
+    id: "firecrawl",
+    displayName: "Firecrawl",
+    kind: "byok",
+    apiKeyPrefix: "fc-...",
+    envVar: "FIRECRAWL_API_KEY",
+    secretKey: "firecrawl",
+    fallbackOrder: 4,
+    privacyPolicyUrl: "https://www.firecrawl.dev/privacy-policy",
+  },
 ];
 
 /** Provider ids accepted by the web-search config schema. */

package/src/providers/weak-open-model.ts

@@ -0,0 +1,22 @@
+/**
+ * Family-level classification of "weak open models" — open-weight models
+ * (Kimi, DeepSeek, MiniMax, GLM) that disregard static instructions and have
+ * capability gaps that capable models (Claude, GPT) do not. Used by harness
+ * levers that coach or redirect these models without touching capable-model
+ * behavior: the task-progress-nudge plugin and the empty-dynamic_page surface
+ * redirect.
+ *
+ * Family-level matching spans provider naming conventions: OpenRouter
+ * `moonshotai/kimi-k2.6`, `deepseek/deepseek-chat`, `minimax/minimax-m3`;
+ * Fireworks `accounts/fireworks/models/minimax-m3`, `kimi-k2p6`. Extend the
+ * pattern as other open models show the same gaps.
+ *
+ * Distinct from exploration-drift's narrower `LOOP_PRONE_MODEL_PATTERN`, which
+ * targets specific loop-prone versions rather than the whole capability family.
+ */
+export const WEAK_OPEN_MODEL_PATTERN = /kimi|deepseek|minimax|glm/i;
+
+/** True when `model` is a weak open model (see {@link WEAK_OPEN_MODEL_PATTERN}). */
+export function isWeakOpenModel(model: string | null | undefined): boolean {
+  return typeof model === "string" && WEAK_OPEN_MODEL_PATTERN.test(model);
+}

package/src/runtime/__tests__/agent-wake.test.ts

@@ -244,6 +244,55 @@ const recordRequestLogCalls: Array<{
   provider?: string;
   callSite?: string;
 }> = [];
+const recordUsageCalls: Array<{
+  conversationId: string;
+  inputTokens: number;
+  outputTokens: number;
+  model: string;
+  actor: string;
+  cacheCreationInputTokens: number;
+  cacheReadInputTokens: number;
+  callSite: unknown;
+  overrideProfile: unknown;
+  forceOverrideProfile: unknown;
+  selectionSeed: unknown;
+}> = [];
+mock.module("../../daemon/conversation-usage.js", () => ({
+  recordUsage: (
+    ctx: { conversationId: string },
+    inputTokens: number,
+    outputTokens: number,
+    model: string,
+    _onEvent: unknown,
+    actor: string,
+    _requestId: unknown,
+    cacheCreationInputTokens = 0,
+    cacheReadInputTokens = 0,
+    _rawResponse?: unknown,
+    _llmCallCount?: number,
+    _contextWindow?: unknown,
+    attribution?: {
+      callSite?: unknown;
+      overrideProfile?: unknown;
+      forceOverrideProfile?: unknown;
+      selectionSeed?: unknown;
+    },
+  ) => {
+    recordUsageCalls.push({
+      conversationId: ctx.conversationId,
+      inputTokens,
+      outputTokens,
+      model,
+      actor,
+      cacheCreationInputTokens,
+      cacheReadInputTokens,
+      callSite: attribution?.callSite ?? null,
+      overrideProfile: attribution?.overrideProfile ?? null,
+      forceOverrideProfile: attribution?.forceOverrideProfile,
+      selectionSeed: attribution?.selectionSeed,
+    });
+  },
+}));
 mock.module("../../memory/llm-request-log-store.js", () => ({
   recordRequestLog: (
     conversationId: string,
@@ -464,6 +513,7 @@ beforeEach(() => {
   __resetWakeChainForTests();
   wakeConvRegistry.clear();
   recordRequestLogCalls.length = 0;
+  recordUsageCalls.length = 0;
   mockGetOrCreateConversationCalls.length = 0;
   mockResolverTarget = null;
   mockGetConversationOverrideProfile = () => undefined;
@@ -1896,6 +1946,137 @@ describe("wakeAgentForOpportunity", () => {
     expect(recordRequestLogCalls[0]?.callSite).toBe("memoryRetrospective");
   });
 
+  test("wake records LLM usage to the cost ledger, attributed to its call site", async () => {
+    const usageEvent: AgentEvent = {
+      type: "usage",
+      inputTokens: 100,
+      outputTokens: 5,
+      model: "test-model",
+      actualProvider: "test-provider",
+      providerDurationMs: 10,
+      cacheCreationInputTokens: 7,
+      cacheReadInputTokens: 11,
+      rawRequest: { request: "retrospective wake" },
+      rawResponse: { response: "real reply" },
+    };
+    const conversation = makeWakeConversation({
+      baseline: [{ role: "user", content: [{ type: "text", text: "hi" }] }],
+      scriptedEvents: [usageEvent],
+      scriptedAssistant: {
+        role: "assistant",
+        content: [{ type: "text", text: "real reply" }],
+      },
+    });
+
+    await wakeAgentForOpportunity(
+      {
+        conversationId: conversation.conversationId,
+        hint: "do reply",
+        source: "unit-test",
+        callSite: "memoryRetrospective",
+      },
+      { resolveTarget: async () => conversation },
+    );
+
+    // A wake-driven LLM call records a usage row attributed to its
+    // conversation, so its cost reaches the ledger.
+    expect(recordUsageCalls).toHaveLength(1);
+    expect(recordUsageCalls[0]).toMatchObject({
+      conversationId: conversation.conversationId,
+      inputTokens: 100,
+      outputTokens: 5,
+      model: "test-model",
+      actor: "main_agent",
+      cacheCreationInputTokens: 7,
+      cacheReadInputTokens: 11,
+      callSite: "memoryRetrospective",
+      // Seed the dispatch path used for mix-arm resolution.
+      selectionSeed: conversation.conversationId,
+    });
+  });
+
+  test("forced-profile wake records usage under the forced profile, not the call site", async () => {
+    const usageEvent: AgentEvent = {
+      type: "usage",
+      inputTokens: 100,
+      outputTokens: 5,
+      model: "test-model",
+      actualProvider: "test-provider",
+      providerDurationMs: 10,
+      rawRequest: { request: "forced wake" },
+      rawResponse: { response: "real reply" },
+    };
+    const conversation = makeWakeConversation({
+      baseline: [{ role: "user", content: [{ type: "text", text: "hi" }] }],
+      scriptedEvents: [usageEvent],
+      scriptedAssistant: {
+        role: "assistant",
+        content: [{ type: "text", text: "real reply" }],
+      },
+    });
+
+    await wakeAgentForOpportunity(
+      {
+        conversationId: conversation.conversationId,
+        hint: "do reply",
+        source: "unit-test",
+        callSite: "memoryRetrospective",
+        // Stand-in for the source conversation's profile, floated above the
+        // call-site profile (fork retrospectives). `recordUsage` is mocked, so
+        // this value is only threaded through and asserted — not resolved.
+        forceOverrideProfile: "source-profile",
+      },
+      { resolveTarget: async () => conversation },
+    );
+
+    expect(recordUsageCalls).toHaveLength(1);
+    expect(recordUsageCalls[0]).toMatchObject({
+      overrideProfile: "source-profile",
+      forceOverrideProfile: true,
+      selectionSeed: conversation.conversationId,
+    });
+  });
+
+  test("silent no-op wake still records usage even though its request log is dropped", async () => {
+    const usageEvent: AgentEvent = {
+      type: "usage",
+      inputTokens: 100,
+      outputTokens: 5,
+      model: "test-model",
+      actualProvider: "test-provider",
+      providerDurationMs: 10,
+      rawRequest: { request: "no-op wake" },
+      rawResponse: { response: "no output" },
+    };
+    const conversation = makeWakeConversation({
+      baseline: [{ role: "user", content: [{ type: "text", text: "hi" }] }],
+      scriptedEvents: [usageEvent],
+      // Empty assistant text → silent no-op, so the request log is dropped.
+      scriptedAssistant: {
+        role: "assistant",
+        content: [{ type: "text", text: "" }],
+      },
+    });
+
+    await wakeAgentForOpportunity(
+      {
+        conversationId: conversation.conversationId,
+        hint: "consider doing nothing",
+        source: "unit-test",
+      },
+      { resolveTarget: async () => conversation },
+    );
+
+    // Silent wake drops its request log, but the call still cost money.
+    expect(recordRequestLogCalls).toHaveLength(0);
+    expect(recordUsageCalls).toHaveLength(1);
+    expect(recordUsageCalls[0]).toMatchObject({
+      conversationId: conversation.conversationId,
+      inputTokens: 100,
+      outputTokens: 5,
+    });
+  });
+
   test("non-serializable usage payload does not abort the wake", async () => {
     // Circular reference in rawRequest — JSON.stringify throws on this.
     // Serialization must happen inside persistLog's try/catch so the

package/src/runtime/__tests__/client-health.test.ts

@@ -0,0 +1,44 @@
+import { describe, expect, test } from "bun:test";
+
+import { isClientDegraded } from "../client-health.js";
+
+const HEARTBEAT_MS = 7_000;
+
+describe("isClientDegraded", () => {
+  test("fresh connection is not degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = now; // just connected
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(false);
+  });
+
+  test("actively heartbeating connection is not degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = new Date(now.getTime() - 2_000); // heartbeat 2s ago
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(false);
+  });
+
+  test("never-heartbeating connection that has gone stale is degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = new Date(now.getTime() - 30_000); // 30s since any activity
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(true);
+  });
+
+  test("heartbeated then froze is degraded (stale relative to now, not connectedAt)", () => {
+    const now = new Date(1_000_000);
+    // Connected long ago, heartbeated for a while, then stopped an hour ago.
+    const lastActiveAt = new Date(now.getTime() - 3_600_000);
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(true);
+  });
+
+  test("boundary: just under 2 heartbeat intervals stale is not degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = new Date(now.getTime() - (2 * HEARTBEAT_MS - 1));
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(false);
+  });
+
+  test("boundary: just over 2 heartbeat intervals stale is degraded", () => {
+    const now = new Date(1_000_000);
+    const lastActiveAt = new Date(now.getTime() - (2 * HEARTBEAT_MS + 1));
+    expect(isClientDegraded(lastActiveAt, now, HEARTBEAT_MS)).toBe(true);
+  });
+});

package/src/runtime/access-request-helper.ts

@@ -15,33 +15,20 @@ import type { ChannelId } from "../channels/types.js";
 import { findGuardianForChannel } from "../contacts/contact-store.js";
 import type { ChannelStatus } from "../contacts/types.js";
 import {
-  createCanonicalGuardianDelivery,
   createCanonicalGuardianRequest,
   listCanonicalGuardianRequests,
-  updateCanonicalGuardianDelivery,
 } from "../memory/canonical-guardian-store.js";
+import {
+  recordApprovalCardDelivery,
+  recordGuardianRequestDeliveries,
+} from "../notifications/canonical-delivery-recorder.js";
 import { emitNotificationSignal } from "../notifications/emit-signal.js";
-import type {
-  GuardianResolutionSource,
-  NotificationSourceChannel,
-} from "../notifications/signal.js";
-import type { NotificationDeliveryResult } from "../notifications/types.js";
+import type { GuardianResolutionSource } from "../notifications/signal.js";
 import { getLogger } from "../util/logger.js";
 import { GUARDIAN_APPROVAL_TTL_MS } from "./routes/channel-route-shared.js";
 
 const log = getLogger("access-request-helper");
 
-function applyDeliveryStatus(
-  deliveryId: string,
-  result: NotificationDeliveryResult,
-): void {
-  if (result.status === "sent") {
-    updateCanonicalGuardianDelivery(deliveryId, { status: "sent" });
-    return;
-  }
-  updateCanonicalGuardianDelivery(deliveryId, { status: "failed" });
-}
-
 // ---------------------------------------------------------------------------
 // Types
 // ---------------------------------------------------------------------------
@@ -127,7 +114,7 @@ export function notifyGuardianOfAccessRequest(
     sourceGuardian &&
     sourceGuardian.contact.principalId === assistantGuardianPrincipalId
   ) {
-    guardianExternalUserId = sourceGuardian.channel.externalUserId;
+    guardianExternalUserId = sourceGuardian.channel.address;
     guardianPrincipalId = sourceGuardian.contact.principalId;
     guardianBindingChannel = sourceGuardian.channel.type;
     guardianResolutionSource = "source-channel-contact";
@@ -136,8 +123,7 @@ export function notifyGuardianOfAccessRequest(
   // Access requests always require a principal. If source-channel resolution
   // did not match the assistant anchor, use the anchored vellum identity.
   if (!guardianPrincipalId && vellumGuardian) {
-    guardianExternalUserId =
-      vellumGuardian.channel.externalUserId ?? guardianExternalUserId;
+    guardianExternalUserId = vellumGuardian.channel.address;
     guardianPrincipalId = assistantGuardianPrincipalId ?? null;
     guardianBindingChannel = guardianBindingChannel ?? "vellum";
     guardianResolutionSource = "vellum-anchor";
@@ -200,7 +186,7 @@ export function notifyGuardianOfAccessRequest(
     expiresAt: Date.now() + GUARDIAN_APPROVAL_TTL_MS,
   });
 
-  let vellumDeliveryId: string | null = null;
+  let vellumDeliveryId: string | undefined;
   // When the access request originates from a text channel with
   // notification delivery support (Slack, Telegram) and the guardian was
   // resolved via a verified same-channel contact, route the notification
@@ -219,7 +205,7 @@ export function notifyGuardianOfAccessRequest(
 
   void emitNotificationSignal({
     sourceEventName: "ingress.access_request",
-    sourceChannel: sourceChannel as NotificationSourceChannel,
+    sourceChannel,
     sourceContextId: `access-req-${sourceChannel}-${actorExternalId}`,
     requiresConversation: true,
     ...(sameChannelOnly ? { routingIntent: "single_channel" as const } : {}),
@@ -250,44 +236,26 @@ export function notifyGuardianOfAccessRequest(
     onConversationCreated: (info) => {
       if (info.sourceEventName !== "ingress.access_request" || vellumDeliveryId)
         return;
-      const delivery = createCanonicalGuardianDelivery({
+      vellumDeliveryId = recordApprovalCardDelivery({
         requestId: canonicalRequest.id,
-        destinationChannel: "vellum",
-        destinationConversationId: info.conversationId,
-      });
-      vellumDeliveryId = delivery.id;
+        channel: "vellum",
+        conversationId: info.conversationId,
+      })?.id;
     },
   })
     .then((signalResult) => {
-      for (const result of signalResult.deliveryResults) {
-        if (result.channel === "vellum") {
-          if (!vellumDeliveryId) {
-            const delivery = createCanonicalGuardianDelivery({
-              requestId: canonicalRequest.id,
-              destinationChannel: "vellum",
-              destinationConversationId: result.conversationId,
-            });
-            vellumDeliveryId = delivery.id;
-          }
-          applyDeliveryStatus(vellumDeliveryId, result);
-          continue;
-        }
-
-        const delivery = createCanonicalGuardianDelivery({
-          requestId: canonicalRequest.id,
-          destinationChannel: result.channel,
-          destinationChatId:
-            result.destination.length > 0 ? result.destination : undefined,
-        });
-        applyDeliveryStatus(delivery.id, result);
-      }
+      vellumDeliveryId = recordGuardianRequestDeliveries({
+        requestId: canonicalRequest.id,
+        deliveryResults: signalResult.deliveryResults,
+        vellumDeliveryId,
+      });
 
       if (!vellumDeliveryId && !sameChannelOnly) {
-        const fallback = createCanonicalGuardianDelivery({
+        recordApprovalCardDelivery({
           requestId: canonicalRequest.id,
-          destinationChannel: "vellum",
+          channel: "vellum",
+          status: "failed",
         });
-        updateCanonicalGuardianDelivery(fallback.id, { status: "failed" });
         log.warn(
           { requestId: canonicalRequest.id, reason: signalResult.reason },
           "Notification pipeline did not produce a vellum delivery result for access request",

package/src/runtime/actor-trust-resolver.ts

@@ -8,7 +8,12 @@
  * Trust classifications:
  * - `guardian`: sender matches the guardian contact's channel for this channel type.
  * - `trusted_contact`: sender is an active contact channel (not the guardian).
- * - `unknown`: sender has no matching contact or no identity could be established.
+ * - `unverified_contact`: sender matches a contact channel that is pending or
+ *   unverified — known to the guardian but not yet through verification.
+ *   Treated identically to `trusted_contact` downstream; the distinction only
+ *   matters at the admission floor (see channel admission policy).
+ * - `unknown`: sender has no matching contact, no identity could be
+ *   established, or the contact's channel is blocked/revoked.
  */
 
 import type { ChannelId } from "../channels/types.js";
@@ -38,22 +43,35 @@ export type { TrustContext } from "../daemon/trust-context.js";
  * - `'trusted_contact'`: The sender is an active contact with a channel
  *   (not the guardian). Trusted contacts can invoke tools but require
  *   guardian approval for sensitive operations.
+ * - `'unverified_contact'`: The sender matches a contact channel whose
+ *   status is `pending` or `unverified` — known to the guardian but not yet
+ *   verified. Treated identically to `trusted_contact` for every downstream
+ *   capability/tool/approval decision; the distinction is admission-only.
  * - `'unknown'`: The sender has no contact record, no identity could be
- *   established, or the sender is an inactive/revoked contact. Unknown
+ *   established, or the sender is a blocked/revoked contact. Unknown
  *   actors are fail-closed with no escalation path.
  */
-export type TrustClass = "guardian" | "trusted_contact" | "unknown";
+export type TrustClass =
+  | "guardian"
+  | "trusted_contact"
+  | "unverified_contact"
+  | "unknown";
 
-/** Returns `true` for actors that are not fully trusted (i.e. not the guardian). */
-export function isUntrustedTrustClass(
-  trustClass: TrustClass | undefined,
-): boolean {
-  return (
-    trustClass === "trusted_contact" ||
-    trustClass === "unknown" ||
-    trustClass === undefined
-  );
-}
+/**
+ * Trust-class ordinal used by the per-channel admission policy floor check.
+ * Higher rank = more trusted. Blocked/revoked never reach classification —
+ * their effective rank is 0 and is enforced by the inbound ACL stage's
+ * member-status short-circuit, not via this table.
+ *
+ * See `wave-b-plan.md` §2.4. Paired with `ADMISSION_FLOOR` from
+ * `@vellumai/gateway-client` — both tables move together.
+ */
+export const TRUST_CLASS_RANK: Record<TrustClass, number> = {
+  guardian: 4,
+  trusted_contact: 3,
+  unverified_contact: 2,
+  unknown: 1,
+};
 
 /**
  * Fully resolved trust context from the actor trust resolver.
@@ -181,8 +199,7 @@ export function resolveActorTrust(
     const { contact: guardianContact, channel: guardianChannel } =
       guardianResult;
     guardianBindingMatch = {
-      guardianExternalUserId:
-        guardianChannel.externalUserId ?? guardianChannel.address ?? "",
+      guardianExternalUserId: guardianChannel.address,
       guardianDeliveryChatId: guardianChannel.externalChatId,
     };
     guardianPrincipalId = guardianContact.principalId ?? undefined;
@@ -249,12 +266,23 @@ export function resolveActorTrust(
   let trustClass: TrustClass;
   if (isGuardian) {
     trustClass = "guardian";
-  } else if (
-    memberMatchesSender &&
-    memberRecord &&
-    memberRecord.channel.status === "active"
-  ) {
-    trustClass = "trusted_contact";
+  } else if (memberMatchesSender && memberRecord) {
+    const status = memberRecord.channel.status;
+    if (status === "active") {
+      trustClass = "trusted_contact";
+    } else if (status === "unverified" || status === "pending") {
+      // Pre-verification / awaiting-verification contacts get their own
+      // admission tier. Treated identically to trusted_contact for ALL
+      // downstream capability/tool/approval decisions; the distinction
+      // only matters at the channel admission floor.
+      trustClass = "unverified_contact";
+    } else {
+      // status === "blocked" or "revoked" → unknown. acl-enforcement
+      // re-checks resolvedMember.channel.status and emits the appropriate
+      // member_blocked / member_revoked reasons, so hard-deny semantics
+      // for these statuses are preserved end-to-end.
+      trustClass = "unknown";
+    }
   } else {
     trustClass = "unknown";
   }

package/src/runtime/agent-wake.ts

@@ -58,6 +58,7 @@ import { resolveEffectiveContextWindow } from "../config/llm-context-resolution.
 import { getConfig } from "../config/loader.js";
 import type { LLMCallSite } from "../config/schemas/llm.js";
 import type { Conversation } from "../daemon/conversation.js";
+import { recordUsage } from "../daemon/conversation-usage.js";
 import { getDiskPressureStatus } from "../daemon/disk-pressure-guard.js";
 import {
   classifyDiskPressureTurnPolicy,
@@ -195,6 +196,14 @@ export interface WakeOptions {
    * retrospectives whose conversation title already says "(Retrospective)").
    */
   suppressWakeSurface?: boolean;
+  /**
+   * Run the wake's turn as non-interactive (no client present). Threads to the
+   * agent loop's `isNonInteractive`, which gates the `<non_interactive_context>`
+   * and `<background_turn>` injectors. Fork-based memory retrospectives set this
+   * to the source conversation's background-turn state so the fork reproduces
+   * the source's injected turn block (prompt-cache prefix parity). Default false.
+   */
+  isNonInteractive?: boolean;
   /**
    * Optional exact tool allowlist for this wake. Used by internal maintenance
    * jobs that need the assistant's judgment but must not execute arbitrary
@@ -587,6 +596,7 @@ export async function wakeAgentForOpportunity(
       opts.forceOverrideProfile ??
       getConversationOverrideProfile(conversationId);
     const callSite = opts.callSite ?? "mainAgent";
+    const isNonInteractive = opts.isNonInteractive ?? false;
     const config = getConfig();
     const effectiveContextWindow = resolveEffectiveContextWindow({
       llm: config.llm,
@@ -784,6 +794,47 @@ export async function wakeAgentForOpportunity(
       if (event.type === "compaction_completed") {
         recordCompactionEndBestEffort(conversationId, event);
       }
+      // Normal user turns record usage via the `dispatchAgentEvent` event handler)
+      // Wakes run their own onEvent and bypass it, so record here.
+      if (event.type === "usage") {
+        try {
+          recordUsage(
+            {
+              conversationId,
+              providerName: event.actualProvider ?? conversation.provider.name,
+              usageStats: conversation.usageStats,
+            },
+            event.inputTokens,
+            event.outputTokens,
+            event.model,
+            () => {},
+            "main_agent",
+            `wake:${source}`,
+            event.cacheCreationInputTokens ?? 0,
+            event.cacheReadInputTokens ?? 0,
+            event.rawResponse,
+            1,
+            undefined,
+            // Mirror the profile state the request actually ran under:
+            // `forceOverrideProfile` floats the override above the call-site
+            // profile (fork retrospectives with matchConversationProfile), and
+            // the conversation-id seed resolves the same mix arm the dispatch
+            // path chose. Without these, attribution credits the call-site
+            // profile/arm instead of the one that ran.
+            {
+              callSite,
+              overrideProfile: overrideProfile ?? null,
+              forceOverrideProfile,
+              selectionSeed: conversationId,
+            },
+          );
+        } catch (err) {
+          log.warn(
+            { conversationId, source, err },
+            "agent-wake: usage recording failed (non-fatal)",
+          );
+        }
+      }
       // Replicates the recordRequestLog side-effect in `handleUsage` because
       // wakes own their own onEvent and never reach `dispatchAgentEvent`.
       // Defer persistence while buffering — see `pendingLogs` above.
@@ -1080,6 +1131,7 @@ export async function wakeAgentForOpportunity(
           trust: wakeTrust,
           overrideProfile,
           forceOverrideProfile,
+          isNonInteractive,
           // The wake's compaction lives in the pre-run gate above
           // (`conversation.maybeCompact()`), never in the loop: the in-loop
           // budget gate and overflow-recovery ladder stay disabled because

package/src/runtime/assistant-event-hub.ts

@@ -40,6 +40,7 @@ export function capabilityForMessageType(
   return HOST_PREFIX_TO_CAPABILITY[stem];
 }
 import { appendEventToStream } from "../signals/event-stream.js";
+import { IntegrityError } from "../util/errors.js";
 import { getLogger } from "../util/logger.js";
 import type { AssistantEvent } from "./assistant-event.js";
 import { buildAssistantEvent } from "./assistant-event.js";
@@ -757,9 +758,22 @@ async function createCanonicalRequestForConfirmation(
       });
     }
   } catch (err) {
-    log.debug(
-      { err, conversationId },
-      "Failed to create canonical request from broadcast",
-    );
+    if (err instanceof IntegrityError) {
+      // The confirmation could not be promoted to a canonical guardian request
+      // (e.g. its trust context resolved no guardianPrincipalId). Channel
+      // guardian decisions — reactions, buttons, and text — all route through
+      // the canonical pipeline, so without this record none of them can resolve
+      // the confirmation. Surface it rather than swallowing: for a guardian's
+      // own confirmation a bound principal should always be present.
+      log.warn(
+        { err, conversationId, requestId: msg.requestId },
+        "Could not create canonical guardian request for confirmation; channel guardian decisions will not work for it",
+      );
+    } else {
+      log.debug(
+        { err, conversationId },
+        "Failed to create canonical request from broadcast",
+      );
+    }
   }
 }

package/src/runtime/auth/__tests__/route-policy.test.ts

@@ -210,6 +210,18 @@ describe("ROUTES policy declarations", () => {
     expect(route!.policy!.requiredScopes).toContain("chat.write");
   });
 
+  test("platform/status is readable by browser actors", async () => {
+    const { ROUTES } = await import("../../routes/index.js");
+    const route = ROUTES.find(
+      (r) => r.endpoint === "platform/status" && r.method === "GET",
+    );
+    expect(route).toBeDefined();
+    expect(route!.policy).not.toBeNull();
+    expect(route!.policy!.allowedPrincipalTypes).toContain("actor");
+    expect(route!.policy!.allowedPrincipalTypes).toContain("local");
+    expect(route!.policy!.requiredScopes).toContain("settings.read");
+  });
+
   test("confirm declares an approval-write policy", async () => {
     const { ROUTES } = await import("../../routes/index.js");
     const route = ROUTES.find((r) => r.endpoint === "confirm");

package/src/runtime/auth/require-bound-guardian.ts

@@ -27,10 +27,7 @@ export function requireBoundGuardian(
     // No guardian yet — in pre-bootstrap state, allow through
     return null;
   }
-  if (
-    (guardianResult.channel.externalUserId ??
-      guardianResult.contact.principalId) !== authContext.actorPrincipalId
-  ) {
+  if (guardianResult.channel.address !== authContext.actorPrincipalId) {
     return httpError(
       "FORBIDDEN",
       "Actor is not the bound guardian for this channel",