fix: harden canonical identity binding — close remaining post-merge gaps#11054
Merged
Conversation
…aps from #11006 - Fix local IPC fallback context field names (conversationExternalId, actorExternalId) - Make voice guardian dispatch binding-self-healing via ensureVellumGuardianBinding - Add access_request to DECISIONABLE_KINDS with self-healing and migration update - Rename residual isTrusted symbol to trustedAudience in call-pointer-messages - Update all test fixtures to supply guardianPrincipalId for decisionable kinds Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
Author
|
@codex review |
Contributor
Author
|
@devin review |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
…on upgraded databases Addresses Codex review: the withCrashRecovery checkpoint key was still v2, meaning databases that already completed v2 would skip the new access_request principal-binding and expiration logic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
Author
Contributor
Author
|
Codex Review: Didn't find any major issues. You're on a roll. ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
tkheyfets
pushed a commit
that referenced
this pull request
Mar 2, 2026
…aps (#11054) * fix: harden canonical identity binding — close remaining post-merge gaps from #11006 - Fix local IPC fallback context field names (conversationExternalId, actorExternalId) - Make voice guardian dispatch binding-self-healing via ensureVellumGuardianBinding - Add access_request to DECISIONABLE_KINDS with self-healing and migration update - Rename residual isTrusted symbol to trustedAudience in call-pointer-messages - Update all test fixtures to supply guardianPrincipalId for decisionable kinds Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: bump migration checkpoint to v3 so access_request backfill runs on upgraded databases Addresses Codex review: the withCrashRecovery checkpoint key was still v2, meaning databases that already completed v2 would skip the new access_request principal-binding and expiration logic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
local-actor-identity.tsused old resolver input keys (externalChatId,senderExternalUserId) instead of the canonical names (conversationExternalId,actorExternalId), causing trust resolution to fail silently.ensureVellumGuardianBindingcall inguardian-dispatch.tsso voice-originatedpending_questionrequests can always be attributed to a guardian principal, even if the vellum binding hasn't been bootstrapped yet.access_requesttoDECISIONABLE_KINDSso it requiresguardianPrincipalIdat creation (matching the enforcement already present fortool_approval,pending_question, andtool_grant_request). Added self-healing inaccess-request-helper.tsand removed theaccess_requestexclusion from migration 126.isTrusted→trustedAudienceincall-pointer-messages.tsto pass theno-is-trusted-guardtest and align with the trust-class vocabulary.guardianPrincipalIdto allcreateCanonicalGuardianRequestcalls for decisionable kinds across 7 test files.Original prompt
/Users/noaflaherty/Repos/vellum-ai/vellum-assistant/.private/plans/canonical-identity-binding-followup-hardening-one-pr-plan-2026-03-01.md
🤖 Generated with Claude Code