@vellumai/vellum-gateway 0.9.0 → 0.9.1-staging.1

package/AGENTS.md

@@ -16,10 +16,7 @@ Why: the gateway is the single point of ingress, handling TLS termination, auth,
 
 All assistant API requests from clients, CLI, skills, and user-facing tooling **MUST** target gateway URLs. Never construct URLs using the daemon runtime port (`7821`) or `RUNTIME_HTTP_PORT` for external API consumption.
 
-**Exception boundary:** The gateway service itself may call the runtime internally. Tests may use direct runtime URLs for isolated unit/integration scenarios. Intentional local daemon-control paths are exempt:
-
-- `clients/shared/Network/DaemonClient.swift`
-- `clients/macos/vellum-assistant/Features/Settings/SettingsConnectTab.swift` (health probe)
+**Exception boundary:** The gateway service itself may call the runtime internally. Tests may use direct runtime URLs for isolated unit/integration scenarios. Intentional local daemon-control paths (e.g. health probes) are exempt; the authoritative allowlist lives in `assistant/src/__tests__/gateway-only-guard.test.ts`.
 
 **Migration rule:** If a needed endpoint is not available at the gateway, add a gateway route/proxy first, then consume it. Do not work around a missing gateway endpoint by hitting the runtime directly.
 

package/ARCHITECTURE.md

@@ -34,9 +34,9 @@ Internet
 
 ### STT Route Proxying (Assistant-Scoped Rewrite)
 
-Native clients (macOS, iOS) send speech-to-text transcription requests through the gateway to the daemon's STT service. Clients POST to the assistant-scoped path `/v1/assistants/:assistantId/stt/transcribe`, which the gateway's runtime proxy rewrites to the flat daemon path `/v1/stt/transcribe`. This follows the same assistant-scoped rewrite pattern used by other client-facing endpoints (feature flags, privacy config, etc.).
+Clients send speech-to-text transcription requests through the gateway to the daemon's STT service. Clients POST to the assistant-scoped path `/v1/assistants/:assistantId/stt/transcribe`, which the gateway's runtime proxy rewrites to the flat daemon path `/v1/stt/transcribe`. This follows the same assistant-scoped rewrite pattern used by other client-facing endpoints (feature flags, privacy config, etc.).
 
-The request carries base64-encoded WAV audio and a MIME type. The daemon resolves the configured STT provider via `resolveBatchTranscriber()` and returns the transcribed text. Clients use the response to implement a service-first strategy: the service transcription takes precedence when available, with Apple-native `SFSpeechRecognizer` as fallback when the service returns 503 (not configured) or fails.
+The request carries base64-encoded WAV audio and a MIME type. The daemon resolves the configured STT provider via `resolveBatchTranscriber()` and returns the transcribed text. Clients use the response to implement a service-first strategy: the service transcription takes precedence when available, with a client-local fallback when the service returns 503 (not configured) or fails.
 
 | Client path (gateway)               | Daemon path (after rewrite) | Method |
 | ----------------------------------- | --------------------------- | ------ |
@@ -48,12 +48,11 @@ The request carries base64-encoded WAV audio and a MIME type. The daemon resolve
 | ------------------------------------------------ | ------------------------------------------------------------------------- |
 | `gateway/src/http/routes/runtime-proxy.ts`       | Assistant-scoped path rewriting (`/v1/assistants/:id/...` → `/v1/...`)    |
 | `assistant/src/runtime/routes/stt-routes.ts`     | Daemon HTTP endpoint: validates audio, resolves transcriber, returns text |
-| `clients/shared/Network/STTClient.swift`         | Shared client: POSTs audio to the gateway, returns typed `STTResult`      |
-| `clients/shared/Utilities/AudioWavEncoder.swift` | WAV encoding utility for PCM audio buffers                                |
+| `clients/web/src/domains/chat/voice/stt-api.ts`     | Web client: POSTs audio to the gateway, returns a typed result            |
 
 ### STT Streaming WebSocket Proxy
 
-Native clients (macOS, iOS) open WebSocket connections through the gateway to the daemon's real-time STT streaming endpoint for conversation chat message capture. The gateway authenticates the downstream client using an edge JWT (actor principal required), then opens an upstream WebSocket connection to the daemon's `/v1/stt/stream` endpoint with a short-lived gateway service token. This keeps the daemon's WebSocket endpoint unreachable from the public internet while allowing authenticated clients to stream audio for real-time transcription.
+Clients open WebSocket connections through the gateway to the daemon's real-time STT streaming endpoint for conversation chat message capture. The gateway authenticates the downstream client using an edge JWT (actor principal required), then opens an upstream WebSocket connection to the daemon's `/v1/stt/stream` endpoint with a short-lived gateway service token. This keeps the daemon's WebSocket endpoint unreachable from the public internet while allowing authenticated clients to stream audio for real-time transcription.
 
 **Config-authoritative model:** The runtime always resolves the streaming transcriber from `services.stt.provider` in the assistant config, regardless of any `provider` query parameter. The `provider` parameter is optional compatibility metadata — when supplied and it disagrees with the configured provider, the runtime logs a mismatch warning for operator visibility.
 
@@ -80,7 +79,7 @@ Native clients (macOS, iOS) open WebSocket connections through the gateway to th
 | `gateway/src/index.ts`                            | Route registration: wires upgrade handler to the gateway's Bun HTTP server                                         |
 | `assistant/src/runtime/http-server.ts`            | Daemon-side WebSocket upgrade at `/v1/stt/stream`, session creation and registry                                   |
 | `assistant/src/stt/stt-stream-session.ts`         | Runtime session orchestrator: drives the `StreamingTranscriber` from the WebSocket                                 |
-| `clients/shared/Network/STTStreamingClient.swift` | Swift client: builds the gateway WS URL via `GatewayHTTPClient.buildWebSocketRequest`                              |
+| `clients/web/src/domains/chat/voice/dictation-stream.ts` | Web client: opens the gateway WebSocket, parses transcript events, reports failures                            |
 
 ### Assistant Feature Flags API
 

package/node_modules/@vellumai/ces-client/src/__tests__/ces-client.test.ts

@@ -74,7 +74,11 @@ function createMockTransport(): CesTransport & {
   messages: string[];
   messageHandler: ((msg: string) => void) | null;
   alive: boolean;
+  /** Simulate the transport dying (e.g. a spurious stdout EOF): mark it dead
+   *  and fire the registered close handlers, as the real transports do. */
+  die: () => void;
 } {
+  const closeHandlers: Array<() => void> = [];
   const transport = {
     messages: [] as string[],
     messageHandler: null as ((msg: string) => void) | null,
@@ -88,9 +92,16 @@ function createMockTransport(): CesTransport & {
     isAlive() {
       return transport.alive;
     },
+    onClose(handler: () => void) {
+      closeHandlers.push(handler);
+    },
     close() {
       transport.alive = false;
     },
+    die() {
+      transport.alive = false;
+      for (const handler of closeHandlers) handler();
+    },
   };
   return transport;
 }
@@ -605,6 +616,42 @@ describe("CesRpcClient", () => {
     expect(client.isReady()).toBe(false);
   });
 
+  test("a pending request fails fast when the transport dies (no timeout wait)", async () => {
+    const transport = createMockTransport();
+    const client = createCesRpcClient(transport, {
+      handshakeTimeoutMs: 5000,
+      // Long timeout on purpose: the call must reject from the transport
+      // DEATH, not this timer. Without the fail-fast it would hang 60s.
+      requestTimeoutMs: 60_000,
+    });
+
+    // Handshake
+    const hPromise = client.handshake();
+    const hSent = JSON.parse(transport.messages[0]!);
+    transport.messageHandler!(
+      JSON.stringify({
+        type: "handshake_ack",
+        protocolVersion: CES_PROTOCOL_VERSION,
+        sessionId: hSent.sessionId,
+        accepted: true,
+      }),
+    );
+    await hPromise;
+
+    const callPromise = client.call("list_credentials", {});
+
+    // The transport's read side dies (e.g. a spurious stdout EOF on a CES
+    // bounce) while the request is in flight — the response can never arrive.
+    transport.die();
+
+    try {
+      await callPromise;
+      throw new Error("should have thrown");
+    } catch (err) {
+      expect(err).toBeInstanceOf(CesTransportError);
+    }
+  });
+
   test("subsequent handshake call returns immediately if already ready", async () => {
     const transport = createMockTransport();
     const client = createCesRpcClient(transport, { handshakeTimeoutMs: 5000 });

package/node_modules/@vellumai/ces-client/src/rpc-client.ts

@@ -45,6 +45,14 @@ export interface CesTransport {
   isAlive(): boolean;
   /** Tear down the transport connection. */
   close(): void;
+  /**
+   * Register a callback that fires once when the transport dies (its read side
+   * ends, the process exits, or the socket closes). Lets the client fail-fast
+   * any in-flight requests instead of letting each wait out its timeout.
+   * Optional: a transport that doesn't implement it falls back to
+   * timeout-based failure.
+   */
+  onClose?(handler: () => void): void;
 }
 
 // ---------------------------------------------------------------------------
@@ -155,6 +163,16 @@ export function createCesRpcClient(
 
   const pending = new Map<string, PendingRequest>();
 
+  /** Reject and clear every in-flight request. Shared by `close()` and the
+   *  transport-death handler. */
+  function rejectAllPending(error: Error): void {
+    for (const [id, entry] of pending) {
+      clearTimeout(entry.timer);
+      pending.delete(id);
+      entry.reject(error);
+    }
+  }
+
   // -------------------------------------------------------------------------
   // Incoming message dispatch
   // -------------------------------------------------------------------------
@@ -209,6 +227,15 @@ export function createCesRpcClient(
     }
   });
 
+  // Fail-fast on transport death: when the transport's read side ends (e.g. a
+  // spurious stdout EOF on a CES bounce) or the connection closes, reject every
+  // in-flight request immediately. The response can never arrive on a dead
+  // transport, so without this a pending call hangs until `requestTimeoutMs`
+  // (observed: 30s stalls on credential reads that raced a CES restart).
+  transport.onClose?.(() => {
+    rejectAllPending(new CesTransportError("CES transport closed"));
+  });
+
   // -------------------------------------------------------------------------
   // Send helpers
   // -------------------------------------------------------------------------
@@ -384,11 +411,7 @@ export function createCesRpcClient(
     },
 
     close(): void {
-      for (const [id, entry] of pending) {
-        clearTimeout(entry.timer);
-        entry.reject(new CesTransportError("CES client closed"));
-        pending.delete(id);
-      }
+      rejectAllPending(new CesTransportError("CES client closed"));
       ready = false;
       transport.close();
     },

package/node_modules/@vellumai/gateway-client/src/index.ts

@@ -19,20 +19,26 @@ export * from "./gateway-ipc-contracts.js";
 
 export { ipcCall, IpcCallError, PersistentIpcClient } from "./ipc-client.js";
 
+// Outbound delivery contract (daemon → gateway) — Zod schemas + derived types
+export {
+  ApprovalActionOptionSchema,
+  ApprovalUIMetadataSchema,
+  AttachmentMetadataSchema,
+  ChannelDeliveryResultSchema,
+  ChannelReplyPayloadSchema,
+  PermissionRequestDetailsSchema,
+} from "./outbound-contract.js";
+
 export type {
   ApprovalActionOption,
   ApprovalUIMetadata,
   AttachmentMetadata,
   ChannelDeliveryResult,
   ChannelReplyPayload,
-  IpcRequest,
-  IpcResponse,
-  Logger,
   PermissionRequestDetails,
-} from "./types.js";
-
-export { noopLogger } from "./types.js";
+} from "./outbound-contract.js";
 
+// Inbound contract (gateway → daemon) — Zod schemas + derived types
 export {
   CommandIntentSchema,
   RuntimeInboundPayloadSchema,
@@ -44,3 +50,8 @@ export type {
   RuntimeInboundPayload,
   SourceMetadata,
 } from "./inbound-contract.js";
+
+// IPC, logger, and utility types
+export type { IpcRequest, IpcResponse, Logger } from "./types.js";
+
+export { noopLogger } from "./types.js";

package/node_modules/@vellumai/gateway-client/src/outbound-contract.ts

@@ -0,0 +1,119 @@
+/**
+ * Daemon → gateway outbound delivery contract.
+ *
+ * Zod schemas defining the wire format for channel replies delivered from
+ * the daemon to the gateway via `POST /deliver/{channel}`. Both services
+ * import from here so the contract is enforced at compile time.
+ *
+ * The daemon constructs these payloads in `deliverChannelReply()` and
+ * `deliverApprovalPrompt()`; the gateway validates and dispatches them
+ * to the target channel provider.
+ */
+
+import { z } from "zod";
+
+// ---------------------------------------------------------------------------
+// Attachment metadata
+// ---------------------------------------------------------------------------
+
+export const AttachmentMetadataSchema = z.object({
+  id: z.string(),
+  filename: z.string(),
+  mimeType: z.string(),
+  sizeBytes: z.number(),
+  kind: z.string(),
+  data: z.string().optional(),
+  thumbnailData: z.string().optional(),
+  fileBacked: z.boolean().optional(),
+});
+
+export type AttachmentMetadata = z.infer<typeof AttachmentMetadataSchema>;
+
+// ---------------------------------------------------------------------------
+// Approval UI types
+// ---------------------------------------------------------------------------
+
+export const ApprovalActionOptionSchema = z.object({
+  id: z.string(),
+  label: z.string(),
+});
+
+export type ApprovalActionOption = z.infer<typeof ApprovalActionOptionSchema>;
+
+export const PermissionRequestDetailsSchema = z.object({
+  toolName: z.string(),
+  riskLevel: z.string(),
+  toolInput: z.record(z.string(), z.unknown()),
+  requesterIdentifier: z.string().optional(),
+});
+
+export type PermissionRequestDetails = z.infer<
+  typeof PermissionRequestDetailsSchema
+>;
+
+export const ApprovalUIMetadataSchema = z.object({
+  requestId: z.string(),
+  actions: z.array(ApprovalActionOptionSchema),
+  plainTextFallback: z.string(),
+  permissionDetails: PermissionRequestDetailsSchema.optional(),
+});
+
+export type ApprovalUIMetadata = z.infer<typeof ApprovalUIMetadataSchema>;
+
+// ---------------------------------------------------------------------------
+// Channel reply payload — the full outbound wire format
+// ---------------------------------------------------------------------------
+
+export const ChannelReplyPayloadSchema = z.object({
+  chatId: z.string(),
+  text: z.string().optional(),
+  /** Pre-formatted Block Kit blocks for Slack delivery. */
+  blocks: z.array(z.unknown()).optional(),
+  assistantId: z.string().optional(),
+  attachments: z.array(AttachmentMetadataSchema).optional(),
+  approval: ApprovalUIMetadataSchema.optional(),
+  chatAction: z.literal("typing").optional(),
+  /**
+   * When true, deliver via `chat.postEphemeral` so only the target `user`
+   * sees the message.
+   */
+  ephemeral: z.boolean().optional(),
+  /** Slack user ID — required when `ephemeral` is true. */
+  user: z.string().optional(),
+  /** When provided, update an existing message instead of posting a new one. */
+  messageTs: z.string().optional(),
+  /** When true, auto-generate Block Kit blocks from text via textToBlocks(). */
+  useBlocks: z.boolean().optional(),
+  /** When provided, add or remove an emoji reaction on a message. */
+  reaction: z
+    .object({
+      action: z.enum(["add", "remove"]),
+      name: z.string(),
+      messageTs: z.string(),
+    })
+    .optional(),
+  /** When provided, set or clear the Slack Assistants API thread status. */
+  assistantThreadStatus: z
+    .object({
+      channel: z.string(),
+      threadTs: z.string(),
+      status: z.string(),
+      /** Serialized to Slack as `loading_messages`. */
+      loadingMessages: z.array(z.string()).optional(),
+    })
+    .optional(),
+});
+
+export type ChannelReplyPayload = z.infer<typeof ChannelReplyPayloadSchema>;
+
+// ---------------------------------------------------------------------------
+// Channel delivery result — gateway response
+// ---------------------------------------------------------------------------
+
+export const ChannelDeliveryResultSchema = z.object({
+  ok: z.boolean(),
+  /** The message timestamp returned by the delivery endpoint. */
+  ts: z.string().optional(),
+});
+
+export type ChannelDeliveryResult = z.infer<typeof ChannelDeliveryResultSchema>;

package/node_modules/@vellumai/gateway-client/src/types.ts

@@ -4,92 +4,23 @@
  * Type definitions for assistant-to-gateway communication. These are
  * intentionally decoupled from the assistant's internal types so the
  * package can be consumed without importing assistant internals.
+ *
+ * HTTP delivery types (ChannelReplyPayload, ApprovalUIMetadata, etc.)
+ * are defined as Zod schemas in `outbound-contract.ts` and re-exported
+ * from the barrel `index.ts`. This file retains only IPC and utility
+ * types that don't cross an HTTP wire boundary.
  */
 
-// ---------------------------------------------------------------------------
-// HTTP delivery types
-// ---------------------------------------------------------------------------
-
-/** Metadata for a file attachment delivered alongside a channel reply. */
-export interface AttachmentMetadata {
-  id: string;
-  filename: string;
-  mimeType: string;
-  sizeBytes: number;
-  kind: string;
-  data?: string;
-  thumbnailData?: string;
-  fileBacked?: boolean;
-}
-
-/** An action option presented to the user in an approval prompt. */
-export interface ApprovalActionOption {
-  id: string;
-  label: string;
-}
-
-/**
- * Tool-permission-specific details carried alongside the approval payload.
- * Channels that support rich UI (e.g. Slack Block Kit) use these fields
- * to render a detailed permission request card.
- */
-export interface PermissionRequestDetails {
-  toolName: string;
-  riskLevel: string;
-  toolInput: Record<string, unknown>;
-  requesterIdentifier?: string;
-}
-
-/**
- * Metadata attached to gateway callback payloads for rendering approval
- * UI and routing decisions back to the correct pending interaction.
- */
-export interface ApprovalUIMetadata {
-  requestId: string;
-  actions: ApprovalActionOption[];
-  plainTextFallback: string;
-  permissionDetails?: PermissionRequestDetails;
-}
-
-/** Payload for a channel reply delivered via the gateway. */
-export interface ChannelReplyPayload {
-  chatId: string;
-  text?: string;
-  /** Pre-formatted Block Kit blocks for Slack delivery. */
-  blocks?: unknown[];
-  assistantId?: string;
-  attachments?: AttachmentMetadata[];
-  approval?: ApprovalUIMetadata;
-  chatAction?: "typing";
-  /**
-   * When true, deliver via `chat.postEphemeral` so only the target `user`
-   * sees the message.
-   */
-  ephemeral?: boolean;
-  /** Slack user ID — required when `ephemeral` is true. */
-  user?: string;
-  /** When provided, update an existing message instead of posting a new one. */
-  messageTs?: string;
-  /** When true, auto-generate Block Kit blocks from text via textToBlocks(). */
-  useBlocks?: boolean;
-  /** When provided, add or remove an emoji reaction on a message. */
-  reaction?: { action: "add" | "remove"; name: string; messageTs: string };
-  /** When provided, set or clear the Slack Assistants API thread status. */
-  assistantThreadStatus?: {
-    channel: string;
-    threadTs: string;
-    status: string;
-    /** Serialized to Slack as `loading_messages`. */
-    loadingMessages?: string[];
-  };
-}
-
-/** Result from a channel delivery attempt. */
-export interface ChannelDeliveryResult {
-  ok: boolean;
-  /** The message timestamp returned by the delivery endpoint. */
-  ts?: string;
-}
+// Re-export outbound delivery types for backward compatibility — consumers
+// that import from "./types.js" continue to work.
+export type {
+  ApprovalActionOption,
+  ApprovalUIMetadata,
+  AttachmentMetadata,
+  ChannelDeliveryResult,
+  ChannelReplyPayload,
+  PermissionRequestDetails,
+} from "./outbound-contract.js";
 
 // ---------------------------------------------------------------------------
 // IPC types

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/vellum-gateway",
-  "version": "0.9.0",
+  "version": "0.9.1-staging.1",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/__tests__/edge-auth.test.ts

@@ -194,6 +194,17 @@ describe("requireEdgeAuth — JWT mode", () => {
     expect(mockValidateEdgeToken).not.toHaveBeenCalled();
   });
 
+  test("rejects edge-forwarded loopback requests when Authorization header is absent", async () => {
+    const { requireEdgeAuth } = makeMiddleware();
+    const res = await requireEdgeAuth(
+      makeReq({ "x-vellum-edge-forwarded": "1" }),
+      makeLoopbackServer(),
+    );
+    expect(res?.status).toBe(401);
+    expect(mockValidateEdgeToken).not.toHaveBeenCalled();
+    expect(loopbackFallbackCountTracker.snapshot()).toEqual([]);
+  });
+
   test("a loopback fallback is counted by (guard, path, failureKind)", async () => {
     const { requireEdgeAuth } = makeMiddleware();
     await requireEdgeAuth(makeReq(), makeLoopbackServer());
@@ -333,6 +344,18 @@ describe("requireEdgeAuthWithScope — JWT mode", () => {
     expect(mockValidateEdgeToken).not.toHaveBeenCalled();
   });
 
+  test("rejects edge-forwarded loopback requests when scoped Authorization is absent", async () => {
+    const { requireEdgeAuthWithScope } = makeMiddleware();
+    const res = await requireEdgeAuthWithScope(
+      makeReq({ "x-vellum-edge-forwarded": "1" }),
+      "settings.write",
+      makeLoopbackServer(),
+    );
+    expect(res?.status).toBe(401);
+    expect(mockValidateEdgeToken).not.toHaveBeenCalled();
+    expect(loopbackFallbackCountTracker.snapshot()).toEqual([]);
+  });
+
   test("403 when token's scope_profile lacks the required scope", async () => {
     // actor_client_v1 grants chat.* and settings.*, but NOT ingress.write
     mockValidateEdgeToken = mock(() => ({

package/src/__tests__/edge-guardian-auth.test.ts

@@ -181,6 +181,18 @@ describe("requireEdgeGuardianAuth — actor principal mode", () => {
     expect(mockFindVellumGuardian).not.toHaveBeenCalled();
   });
 
+  test("rejects edge-forwarded loopback requests when Authorization header is absent", async () => {
+    const { requireEdgeGuardianAuth } = makeMiddleware();
+    const res = await requireEdgeGuardianAuth(
+      makeReq({ "x-vellum-edge-forwarded": "1" }),
+      makeLoopbackServer(),
+    );
+    expect(res?.status).toBe(401);
+    expect(mockValidateEdgeToken).not.toHaveBeenCalled();
+    expect(mockFindVellumGuardian).not.toHaveBeenCalled();
+    expect(loopbackFallbackCountTracker.snapshot()).toEqual([]);
+  });
+
   test("invalid bearer token falls back to loopback", async () => {
     mockValidateEdgeToken = mock(() => ({ ok: false, reason: "expired" }));
     const { requireEdgeGuardianAuth } = makeMiddleware();

package/src/__tests__/feature-flags-route.test.ts

@@ -475,7 +475,8 @@ describe("GET /v1/feature-flags handler", () => {
 
   test("string flag uses registry default when no override exists", async () => {
     if (existsSync(featureFlagStorePath)) rmSync(featureFlagStorePath);
-    if (existsSync(remoteFeatureFlagStorePath)) rmSync(remoteFeatureFlagStorePath);
+    if (existsSync(remoteFeatureFlagStorePath))
+      rmSync(remoteFeatureFlagStorePath);
     clearFeatureFlagStoreCache();
     clearRemoteFeatureFlagStoreCache();
 
@@ -893,4 +894,60 @@ describe("PATCH /v1/feature-flags/:flagKey handler", () => {
       expect(persisted[key]).toBe(false);
     }
   });
+
+  test("invokes onFlagChanged once after a successful write", async () => {
+    let calls = 0;
+    const handler = createFeatureFlagsPatchHandler(() => {
+      calls += 1;
+    });
+    const res = await handler(
+      new Request("http://gateway.test/v1/feature-flags/browser", {
+        method: "PATCH",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ enabled: false }),
+      }),
+      "browser",
+    );
+
+    expect(res.status).toBe(200);
+    expect(calls).toBe(1);
+  });
+
+  test("does not invoke onFlagChanged when the request is rejected", async () => {
+    let calls = 0;
+    const handler = createFeatureFlagsPatchHandler(() => {
+      calls += 1;
+    });
+    const res = await handler(
+      new Request("http://gateway.test/v1/feature-flags/totally-unknown-flag", {
+        method: "PATCH",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ enabled: true }),
+      }),
+      "totally-unknown-flag",
+    );
+
+    expect(res.status).toBe(400);
+    expect(calls).toBe(0);
+  });
+
+  test("a throwing onFlagChanged does not fail an already-committed write", async () => {
+    const handler = createFeatureFlagsPatchHandler(() => {
+      throw new Error("notification boom");
+    });
+    const res = await handler(
+      new Request("http://gateway.test/v1/feature-flags/browser", {
+        method: "PATCH",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ enabled: false }),
+      }),
+      "browser",
+    );
+
+    expect(res.status).toBe(200);
+
+    clearFeatureFlagStoreCache();
+    const persisted = readPersistedFeatureFlags();
+    expect(persisted["browser"]).toBe(false);
+  });
 });

package/src/__tests__/guardian-binding-channel-reuse.test.ts

@@ -184,9 +184,9 @@ describe("createGuardianBinding", () => {
     });
   });
 
-  test("repairs an old lowercase Slack address by matching the preserved external user ID", async () => {
+  test("claims an existing Slack channel with matching address", async () => {
     seedGuardianContact();
-    seedSlackContactChannel("u123example");
+    seedSlackContactChannel("U123EXAMPLE");
 
     await createGuardianBinding({
       channel: "slack",
@@ -224,10 +224,9 @@ describe("createGuardianBinding", () => {
     ]);
   });
 
-  test("prefers the cased guardian channel over a lowercase seed duplicate", async () => {
+  test("reactivates a revoked guardian channel instead of creating a new one", async () => {
     seedGuardianContact();
     seedRevokedGuardianSlackChannel();
-    seedSlackContactChannel("u123example");
 
     const result = await createGuardianBinding({
       channel: "slack",
@@ -264,12 +263,6 @@ describe("createGuardianBinding", () => {
         address: "U123EXAMPLE",
         status: "active",
       },
-      {
-        id: "seed-channel",
-        contact_id: "seed-contact",
-        address: "u123example",
-        status: "unverified",
-      },
     ]);
   });
 });

package/src/__tests__/ipc-contact-routes.test.ts

@@ -114,7 +114,7 @@ function seedTestData(): void {
         id: "ch1",
         contactId: "c1",
         type: "telegram",
-        address: "test-tg-user",
+        address: "tg-fake-001",
         isPrimary: true,
         externalUserId: "tg-fake-001",
         externalChatId: "chat-fake-001",
@@ -127,7 +127,7 @@ function seedTestData(): void {
         id: "ch2",
         contactId: "c1",
         type: "slack",
-        address: "test-slack-user",
+        address: "UFAKE00001",
         isPrimary: false,
         externalUserId: "UFAKE00001",
         externalChatId: "DFAKE00001",