test(contacts-write): lock in PR #24878 regression guards

[siddseethepalli]

Summary

• Add two regression tests to contacts-write.test.ts that lock in the two invariants fixed by PR fix(personas): restrict persona-file seeding to guardians and invalidate trust cache on guardian creation #24878.
• Test 1 asserts upsertContactChannel does NOT write users/<slug>.md for non-guardian contacts (guards the inbound-message eviction cascade regression).
• Test 2 asserts createGuardianBinding invalidates the trust cache so the dynamic default:allow-file_edit-guardian-persona auto-allow rule is backfilled (guards the runtime-guardian approval-prompt regression).

Context

PR #24878 fixed two bugs from the drop-user-md plan:

1. Inbound-message eviction cascade. upsertContactChannel was calling ensureGuardianPersonaFile(contact.userFile) on every new contact (Slack, phone, email, etc), which fired the users/ directory watcher added in PR feat(config-watcher): watch users/ directory for persona changes #24845 and evicted live conversations on every inbound message from a new contact. The fix restricted seeding to the guardian-creation path.
2. Trust cache never invalidated. The dynamic default:allow-file_{read,write,edit}-guardian-persona rule from permissions/defaults.ts (PR feat(permissions): auto-allow file_{read,write,edit} on guardian persona file #24849) is only backfilled during trust-store.loadFromDisk(). Runtime guardian creation paths (self-heal, first-message-seeds-guardian) did not invalidate the cache, so the rule was never backfilled for those guardians and the model had to approve its first file_edit on users/<slug>.md.

Neither invariant had test coverage. Future contributors could re-add the non-guardian seeding call ("it seems consistent") or remove the clearTrustCache call ("this looks like dead code") without CI catching it. This PR adds narrow regression locks for both.

Original prompt

ok let's /do #4

Where #4 was:

Regression test for `upsertContactChannel` not seeding. This is the one worth the effort. PR #24878 fixed a real production bug — every inbound message from a new contact was firing the users/ watcher and evicting live conversations. The fix was a one-line deletion, and nothing in the test suite prevents someone from reintroducing it in a future PR that "just adds back the helper call because it seems consistent." A single test case is maybe ten lines and locks in the invariant that was learned the hard way. While in there, add a second case that asserts `clearTrustCache` is called when `createGuardianBinding` runs, since that's the other half of the same fix and has the same risk profile.

---

[devin-ai-integration]

Devin Review found 3 potential issues.

View 2 additional findings in Devin Review.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d1dab2c45a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[siddseethepalli]

Addressed in #25064