@desplega.ai/agent-swarm 1.92.2 → 1.94.0

package/src/scripts-runtime/egress-secrets.ts

@@ -0,0 +1,83 @@
+import type { EgressSecretEntry } from "./executors/types";
+
+/**
+ * Hardcoded allowlist mapping env-var names to the hosts where egress
+ * substitution is permitted. Adding a new entry here is a security-boundary
+ * decision — it lets scripts authenticate to that host without the caller
+ * passing the secret explicitly.
+ */
+const EGRESS_ALLOWLIST: Record<string, string[]> = {
+  GITHUB_TOKEN: ["api.github.com"],
+};
+
+export function buildEgressSecrets(): EgressSecretEntry[] {
+  const entries: EgressSecretEntry[] = [];
+  for (const [envKey, hosts] of Object.entries(EGRESS_ALLOWLIST)) {
+    const value = process.env[envKey];
+    if (!value) continue;
+    entries.push({
+      placeholder: `[REDACTED:${envKey}]`,
+      hosts,
+      value,
+    });
+  }
+  return entries;
+}
+
+export function patchFetchWithEgressSubstitution(secrets: EgressSecretEntry[]): void {
+  if (secrets.length === 0) return;
+
+  const byPlaceholder = new Map<string, EgressSecretEntry>();
+  for (const entry of secrets) {
+    byPlaceholder.set(entry.placeholder, entry);
+  }
+
+  const originalFetch = globalThis.fetch;
+
+  globalThis.fetch = function patchedFetch(
+    input: string | URL | Request,
+    init?: RequestInit,
+  ): Promise<Response> {
+    let hostname: string;
+    try {
+      const url = input instanceof Request ? input.url : input instanceof URL ? input.href : input;
+      hostname = new URL(url).hostname;
+    } catch {
+      return originalFetch(input, init);
+    }
+
+    const headers = new Headers(input instanceof Request ? input.headers : init?.headers);
+
+    let modified = false;
+    const newHeaders = new Headers();
+
+    for (const [key, rawValue] of headers.entries()) {
+      let value = rawValue;
+      for (const [placeholder, entry] of byPlaceholder) {
+        if (value.includes(placeholder) && entry.hosts.includes(hostname)) {
+          value = value.split(placeholder).join(entry.value);
+          modified = true;
+        }
+      }
+      newHeaders.set(key, value);
+    }
+
+    if (!modified) return originalFetch(input, init);
+
+    const mergedInit: RequestInit = {
+      ...(input instanceof Request
+        ? {
+            method: input.method,
+            body: input.body,
+            redirect: input.redirect,
+            signal: input.signal,
+          }
+        : {}),
+      ...init,
+      headers: newHeaders,
+    };
+
+    const url = input instanceof Request ? input.url : input;
+    return originalFetch(url, mergedInit);
+  } as typeof fetch;
+}

package/src/scripts-runtime/eval-harness.ts

@@ -1,4 +1,5 @@
 import { buildCtx } from "./ctx";
+import { patchFetchWithEgressSubstitution } from "./egress-secrets";
 import type { SwarmConfigPayload } from "./executors/types";
 import { SwarmConfig } from "./swarm-config";
 
@@ -84,6 +85,9 @@ try {
   }
 
   const payload = JSON.parse(stdin) as SwarmConfigPayload;
+  if (payload.egressSecrets?.length) {
+    patchFetchWithEgressSubstitution(payload.egressSecrets);
+  }
   const swarmConfig = new SwarmConfig(payload);
   const rawArgs = JSON.parse(await Bun.file(requiredEnv("SWARM_SCRIPT_ARGS_FILE")).text());
   // Accept both shapes: callers may pass an already-serialized JSON string.

package/src/scripts-runtime/executors/types.ts

@@ -1,5 +1,11 @@
 export type ScriptFsMode = "none" | "workspace-rw";
 
+export type EgressSecretEntry = {
+  placeholder: string;
+  hosts: string[];
+  value: string;
+};
+
 export type SwarmConfigPayload = {
   system: {
     apiKey: { value: string; isSecret: true };
@@ -7,6 +13,7 @@ export type SwarmConfigPayload = {
     mcpBaseUrl: { value: string; isSecret: false };
   };
   user: Record<string, { value: string; isSecret: boolean }>;
+  egressSecrets?: EgressSecretEntry[];
 };
 
 export type ScriptResourcePolicy = {

package/src/scripts-runtime/loader.ts

@@ -1,5 +1,6 @@
 import { getApiKey } from "../utils/api-key";
 import { scrubObject, scrubSecrets } from "../utils/secret-scrubber";
+import { buildEgressSecrets } from "./egress-secrets";
 import { getScriptExecutor } from "./executors/registry";
 import {
   DEFAULT_SCRIPT_RESOURCES,
@@ -44,6 +45,7 @@ function buildConfigPayload(input: RunScriptInput): SwarmConfigPayload {
       },
     },
     user: input.userConfig ?? {},
+    egressSecrets: buildEgressSecrets(),
   };
 }
 

package/src/server-user.ts

@@ -1,6 +1,7 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import * as z from "zod";
 import pkg from "../package.json";
+import { ModelTierSchema } from "./model-tiers";
 import {
   cancelTaskHandler,
   cancelTaskInputSchema,
@@ -28,9 +29,14 @@ const userSendTaskInputSchema = z.object({
   tags: z.array(z.string()).optional().describe("Tags for filtering (e.g., ['urgent'])."),
   priority: z.number().int().min(0).max(100).optional().describe("Priority 0-100 (default: 50)."),
   model: z
-    .enum(["haiku", "sonnet", "opus"])
+    .string()
+    .trim()
+    .min(1)
     .optional()
-    .describe("Model to use for this task ('haiku', 'sonnet', or 'opus')."),
+    .describe("Concrete model override interpreted by the assignee's harness/provider."),
+  modelTier: ModelTierSchema.optional().describe(
+    "Portable model tier: 'smol', 'regular', 'smart', or 'ultra'. Resolved by the assignee's harness/provider.",
+  ),
 });
 
 export function createUserServer(user: User): McpServer {

package/src/slack/channel-join.ts

@@ -0,0 +1,41 @@
+import type { WebClient } from "@slack/web-api";
+
+// @slack/web-api platform errors set message to "An API error occurred: <code>"
+// and store the raw Slack API code at error.data.error.
+function slackCode(error: unknown): string | undefined {
+  if (!(error instanceof Error)) return undefined;
+  const d = (error as { data?: { error?: unknown } }).data;
+  return typeof d?.error === "string" ? d.error : undefined;
+}
+
+/**
+ * Wraps a Slack API call with automatic channel join for public channels.
+ *
+ * On not_in_channel: calls conversations.join and retries the original call once.
+ * On private channel (method_not_supported_for_channel_type): throws a descriptive
+ * error telling the caller the bot must be /invite-d — it cannot self-join private channels.
+ */
+export async function withAutoJoin<T>(
+  client: WebClient,
+  channelId: string,
+  fn: () => Promise<T>,
+): Promise<T> {
+  try {
+    return await fn();
+  } catch (error) {
+    if (slackCode(error) !== "not_in_channel") throw error;
+
+    try {
+      await client.conversations.join({ channel: channelId });
+    } catch (joinError) {
+      if (slackCode(joinError) === "method_not_supported_for_channel_type") {
+        throw new Error(
+          `Cannot access private channel ${channelId} — invite the bot with /invite @<bot-name> first.`,
+        );
+      }
+      throw joinError;
+    }
+
+    return await fn();
+  }
+}

package/src/slack/responses.ts

@@ -15,6 +15,20 @@ import {
 // Re-export for backward compatibility
 export { markdownToSlack } from "./blocks";
 
+export type SlackUpdateResult = "ok" | "not_found" | "failed";
+
+function classifySlackUpdateError(error: unknown): SlackUpdateResult {
+  const errorCode = (error as { data?: { error?: string } } | undefined)?.data?.error;
+  if (
+    errorCode === "message_not_found" ||
+    errorCode === "channel_not_found" ||
+    errorCode === "thread_not_found"
+  ) {
+    return "not_found";
+  }
+  return "failed";
+}
+
 const isDev = process.env.ENV === "development";
 
 /**
@@ -140,12 +154,12 @@ export async function updateProgressInPlace(
   task: AgentTask,
   progress: string,
   messageTs: string,
-): Promise<boolean> {
+): Promise<SlackUpdateResult> {
   const app = getSlackApp();
-  if (!app || !task.slackChannelId || !task.agentId) return false;
+  if (!app || !task.slackChannelId || !task.agentId) return "failed";
 
   const agent = getAgentById(task.agentId);
-  if (!agent) return false;
+  if (!agent) return "failed";
 
   const blocks = buildProgressBlocks({ agentName: agent.name, taskId: task.id, progress });
 
@@ -157,10 +171,17 @@ export async function updateProgressInPlace(
       // biome-ignore lint/suspicious/noExplicitAny: Block Kit objects
       blocks: blocks as any,
     });
-    return true;
+    return "ok";
   } catch (error) {
-    console.error(`[Slack] Failed to update progress in-place:`, error);
-    return false;
+    const result = classifySlackUpdateError(error);
+    if (result === "not_found") {
+      console.warn(
+        `[Slack] Progress message missing for task ${task.id} ts=${messageTs}; will repost`,
+      );
+    } else {
+      console.error(`[Slack] Failed to update progress in-place:`, error);
+    }
+    return result;
   }
 }
 
@@ -233,9 +254,9 @@ export async function updateTreeMessage(
   messageTs: string,
   blocks: unknown[],
   fallbackText: string,
-): Promise<boolean> {
+): Promise<SlackUpdateResult> {
   const app = getSlackApp();
-  if (!app) return false;
+  if (!app) return "failed";
 
   try {
     await app.client.chat.update({
@@ -245,10 +266,17 @@ export async function updateTreeMessage(
       // biome-ignore lint/suspicious/noExplicitAny: Block Kit objects
       blocks: blocks as any,
     });
-    return true;
+    return "ok";
   } catch (error) {
-    console.error(`[Slack] Failed to update tree message:`, error);
-    return false;
+    const result = classifySlackUpdateError(error);
+    if (result === "not_found") {
+      console.warn(
+        `[Slack] Tree message missing for channel=${channelId} ts=${messageTs}; will repost`,
+      );
+    } else {
+      console.error(`[Slack] Failed to update tree message:`, error);
+    }
+    return result;
   }
 }
 

package/src/slack/watcher.ts

@@ -5,6 +5,7 @@ import {
   getInProgressSlackTasks,
   getTaskAttachments,
   getTaskById,
+  setSlackMessageTracking,
 } from "../be/db";
 import type { AgentTask } from "../types";
 import { getSlackApp } from "./app";
@@ -76,6 +77,15 @@ export function registerTreeMessage(
   // Also register in legacy flat map so existing watcher processing still works
   taskMessages.set(taskId, { channelId, threadTs, messageTs });
 
+  try {
+    setSlackMessageTracking(taskId, {
+      slackProgressMessageTs: messageTs,
+      slackTreeRootMessageTs: messageTs,
+    });
+  } catch (error) {
+    console.error(`[Slack] Failed to persist message tracking for task ${taskId}:`, error);
+  }
+
   console.log(`[Slack] Registered task ${taskId.slice(0, 8)} in tree message ${messageTs}`);
 }
 
@@ -193,6 +203,12 @@ export function _getTreeMessages(): Map<string, TreeMessageState> {
 export function _getTaskToTree(): Map<string, string> {
   return taskToTree;
 }
+export function _getTaskMessages(): Map<
+  string,
+  { channelId: string; threadTs: string; messageTs: string }
+> {
+  return taskMessages;
+}
 export function _getLastRenderedTree(): Map<string, string> {
   return lastRenderedTree;
 }
@@ -306,13 +322,35 @@ export async function processTreeMessages(): Promise<void> {
       : `Tasks in progress: ${rootNames}`;
 
     // Update the Slack message
-    const success = await updateTreeMessage(tree.channelId, messageTs, blocks, fallbackText);
+    const result = await updateTreeMessage(tree.channelId, messageTs, blocks, fallbackText);
+    const success = result === "ok";
     if (success) {
       lastRenderedTree.set(messageTs, serialized);
       treeLastUpdateTime.set(messageTs, now);
       console.log(
         `[Slack] Updated tree message ${messageTs} (${nodes.length} root(s), terminal=${fullyTerminal})`,
       );
+    } else if (result === "not_found") {
+      const taskIds = Array.from(tree.rootTaskIds);
+      for (const taskId of taskIds) {
+        taskToTree.delete(taskId);
+        taskMessages.delete(taskId);
+        try {
+          setSlackMessageTracking(taskId, {
+            slackProgressMessageTs: null,
+            slackTreeRootMessageTs: null,
+          });
+        } catch (error) {
+          console.error(`[Slack] Failed to clear stale message tracking for ${taskId}:`, error);
+        }
+      }
+      treeMessages.delete(messageTs);
+      lastRenderedTree.delete(messageTs);
+      treeLastUpdateTime.delete(messageTs);
+      console.warn(
+        `[Slack] Dropped stale tree ${messageTs} (${taskIds.length} task(s)); will repost on next tick`,
+      );
+      continue;
     }
 
     // DM channels: set assistant status in parallel for typing indicator UX
@@ -437,6 +475,50 @@ export function startTaskWatcher(intervalMs = 3000): void {
   }
   console.log(`[Slack] Initialized with ${existingCompleted.length} existing completed tasks`);
 
+  let hydratedTrees = 0;
+  let hydratedFlat = 0;
+  for (const task of getInProgressSlackTasks()) {
+    if (!task.slackChannelId || !task.slackThreadTs) continue;
+
+    const treeTs = task.slackTreeRootMessageTs;
+    const progressTs = task.slackProgressMessageTs;
+
+    if (treeTs) {
+      let tree = treeMessages.get(treeTs);
+      if (!tree) {
+        tree = {
+          channelId: task.slackChannelId,
+          threadTs: task.slackThreadTs,
+          messageTs: treeTs,
+          rootTaskIds: new Set(),
+        };
+        treeMessages.set(treeTs, tree);
+      }
+      tree.rootTaskIds.add(task.id);
+      taskToTree.set(task.id, treeTs);
+      taskMessages.set(task.id, {
+        channelId: task.slackChannelId,
+        threadTs: task.slackThreadTs,
+        messageTs: treeTs,
+      });
+      if (task.progress) sentProgress.set(task.id, task.progress);
+      hydratedTrees++;
+    } else if (progressTs) {
+      taskMessages.set(task.id, {
+        channelId: task.slackChannelId,
+        threadTs: task.slackThreadTs,
+        messageTs: progressTs,
+      });
+      if (task.progress) sentProgress.set(task.id, task.progress);
+      hydratedFlat++;
+    }
+  }
+  if (hydratedTrees > 0 || hydratedFlat > 0) {
+    console.log(
+      `[Slack] Hydrated ${hydratedTrees} tree task(s) and ${hydratedFlat} flat task(s) from DB`,
+    );
+  }
+
   watcherInterval = setInterval(async () => {
     // Prevent overlapping processing cycles
     if (isProcessing || !getSlackApp()) return;
@@ -515,8 +597,20 @@ export function startTaskWatcher(intervalMs = 3000): void {
           sentProgress.set(task.id, "__in_progress__");
           lastSendTime.set(progressKey, now);
           try {
-            await updateProgressInPlace(task, "Starting...", tracked.messageTs);
-            console.log(`[Slack] Updated to in-progress for task ${task.id.slice(0, 8)}`);
+            const result = await updateProgressInPlace(task, "Starting...", tracked.messageTs);
+            if (result === "not_found") {
+              taskMessages.delete(task.id);
+              sentProgress.delete(task.id);
+              setSlackMessageTracking(task.id, {
+                slackProgressMessageTs: null,
+                slackTreeRootMessageTs: null,
+              });
+            } else if (result === "ok") {
+              console.log(`[Slack] Updated to in-progress for task ${task.id.slice(0, 8)}`);
+            } else {
+              sentProgress.delete(task.id);
+              lastSendTime.delete(progressKey);
+            }
           } catch (error) {
             sentProgress.delete(task.id);
             lastSendTime.delete(progressKey);
@@ -535,23 +629,42 @@ export function startTaskWatcher(intervalMs = 3000): void {
           sentProgress.set(task.id, task.progress);
           lastSendTime.set(progressKey, now);
           try {
+            let postedTs: string | undefined;
             if (tracked) {
               // Update the existing message in-place via chat.update
-              await updateProgressInPlace(task, task.progress, tracked.messageTs);
-              console.log(`[Slack] Updated progress in-place for task ${task.id.slice(0, 8)}`);
+              const result = await updateProgressInPlace(task, task.progress, tracked.messageTs);
+              if (result === "ok") {
+                console.log(`[Slack] Updated progress in-place for task ${task.id.slice(0, 8)}`);
+              } else if (result === "not_found") {
+                taskMessages.delete(task.id);
+                postedTs = await sendProgressUpdate(task, task.progress);
+                if (postedTs && task.slackChannelId && task.slackThreadTs) {
+                  taskMessages.set(task.id, {
+                    channelId: task.slackChannelId,
+                    threadTs: task.slackThreadTs,
+                    messageTs: postedTs,
+                  });
+                }
+              } else {
+                sentProgress.delete(task.id);
+                lastSendTime.delete(progressKey);
+              }
             } else {
               // No tracked message (e.g., multi-task assignment or server restart)
               // Post a new progress message and track its ts
-              const messageTs = await sendProgressUpdate(task, task.progress);
-              if (messageTs && task.slackChannelId && task.slackThreadTs) {
+              postedTs = await sendProgressUpdate(task, task.progress);
+              if (postedTs && task.slackChannelId && task.slackThreadTs) {
                 taskMessages.set(task.id, {
                   channelId: task.slackChannelId,
                   threadTs: task.slackThreadTs,
-                  messageTs,
+                  messageTs: postedTs,
                 });
               }
               console.log(`[Slack] Sent initial progress for task ${task.id.slice(0, 8)}`);
             }
+            if (postedTs) {
+              setSlackMessageTracking(task.id, { slackProgressMessageTs: postedTs });
+            }
           } catch (error) {
             // If send fails, clear markers so we can retry
             sentProgress.delete(task.id);

package/src/tests/additive-buffer.test.ts

@@ -15,7 +15,6 @@ describe("createAdditiveBuffer", () => {
       /positive number/,
     );
     expect(() => createAdditiveBuffer({ timeoutMs: -1, onFlush: () => {} })).toThrow();
-    // biome-ignore lint/suspicious/noExplicitAny: type-guard test
     expect(() => createAdditiveBuffer({ timeoutMs: NaN as any, onFlush: () => {} })).toThrow();
   });
 

package/src/tests/agents-list-model-display.test.ts

@@ -42,4 +42,17 @@ describe("agents list model display", () => {
       providerId: "openrouter",
     });
   });
+
+  test("presents latest Anthropic direct model ids as readable labels", () => {
+    expect(getAgentModelPresentation("claude-fable-5")).toMatchObject({
+      label: "Claude Fable 5",
+      provider: "Anthropic",
+      providerId: "anthropic",
+    });
+    expect(getAgentModelPresentation("claude-mythos-5")).toMatchObject({
+      label: "Claude Mythos 5",
+      provider: "Anthropic",
+      providerId: "anthropic",
+    });
+  });
 });

package/src/tests/api-key-tracking.test.ts

@@ -5,6 +5,7 @@
 import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import { unlink } from "node:fs/promises";
 import {
+  clearKeyRateLimit,
   closeDb,
   getAvailableKeyIndices,
   getKeyStatuses,
@@ -12,6 +13,7 @@ import {
   markKeyRateLimited,
   recordKeyUsage,
 } from "../be/db";
+import type { CredentialSelection } from "../utils/credentials";
 import { resolveCredentialPools, selectCredential } from "../utils/credentials";
 
 // ─── Credential Selection Unit Tests ────────────────────────────────────────
@@ -53,6 +55,7 @@ describe("selectCredential", () => {
     const value = "key-aaa11,key-bbb22";
     const result = selectCredential(value, []);
     expect(["key-aaa11", "key-bbb22"]).toContain(result.selected);
+    expect(result.isRateLimitFallback).toBe(true);
   });
 
   test("filters out-of-range availableIndices", () => {
@@ -60,6 +63,23 @@ describe("selectCredential", () => {
     const result = selectCredential(value, [99]); // Out of range
     // Falls back to random
     expect(["key-aaa11", "key-bbb22"]).toContain(result.selected);
+    expect(result.isRateLimitFallback).toBe(true);
+  });
+
+  test("isRateLimitFallback is false when indices are available", () => {
+    const result = selectCredential("key-aaa11,key-bbb22", [0, 1]);
+    expect(result.isRateLimitFallback).toBe(false);
+  });
+
+  test("isRateLimitFallback is false when no availability info", () => {
+    const result = selectCredential("key-aaa11,key-bbb22");
+    expect(result.isRateLimitFallback).toBe(false);
+  });
+
+  test("single key with empty availableIndices sets isRateLimitFallback", () => {
+    const result = selectCredential("single-key", []);
+    expect(result.isRateLimitFallback).toBe(true);
+    expect(result.selected).toBe("single-key");
   });
 
   test("keySuffix is last 5 chars of selected key", () => {
@@ -198,4 +218,97 @@ describe("API key tracking DB queries", () => {
     const key1b = statuses2.find((s) => s.keySuffix === "bbb22");
     expect(key1b!.rateLimitCount).toBe(2);
   });
+
+  test("clearKeyRateLimit clears a rate-limited key", () => {
+    const until = new Date(Date.now() + 300_000).toISOString();
+    recordKeyUsage("OPENAI_API_KEY", "oai01", 0, null);
+    markKeyRateLimited("OPENAI_API_KEY", "oai01", 0, until);
+
+    let statuses = getKeyStatuses("OPENAI_API_KEY");
+    expect(statuses.find((s) => s.keySuffix === "oai01")!.status).toBe("rate_limited");
+
+    const cleared = clearKeyRateLimit("OPENAI_API_KEY", "oai01");
+    expect(cleared).toBe(true);
+
+    statuses = getKeyStatuses("OPENAI_API_KEY");
+    expect(statuses.find((s) => s.keySuffix === "oai01")!.status).toBe("available");
+    expect(statuses.find((s) => s.keySuffix === "oai01")!.rateLimitedUntil).toBeNull();
+  });
+
+  test("clearKeyRateLimit returns false for already-available key", () => {
+    recordKeyUsage("OPENAI_API_KEY", "oai02", 1, null);
+    const cleared = clearKeyRateLimit("OPENAI_API_KEY", "oai02");
+    expect(cleared).toBe(false);
+  });
+});
+
+// ─── Cross-keyType Failover Logic Tests ──────────────────────────────────────
+
+describe("cross-keyType failover", () => {
+  test("prefers non-rate-limited credential when both keyTypes available", () => {
+    const rateLimited: CredentialSelection = {
+      selected: "sk-xxx",
+      index: 0,
+      total: 1,
+      keySuffix: "k-xxx",
+      keyType: "OPENAI_API_KEY",
+      isRateLimitFallback: true,
+    };
+    const healthy: CredentialSelection = {
+      selected: "oauth-yyy",
+      index: 0,
+      total: 2,
+      keySuffix: "h-yyy",
+      keyType: "CODEX_OAUTH",
+      isRateLimitFallback: false,
+    };
+
+    // Simulate the runner's primary selection logic
+    let primarySelection: CredentialSelection | undefined;
+    if (rateLimited && healthy) {
+      if (rateLimited.isRateLimitFallback && !healthy.isRateLimitFallback) {
+        primarySelection = healthy;
+      } else {
+        primarySelection = rateLimited;
+      }
+    } else {
+      primarySelection = rateLimited ?? healthy;
+    }
+
+    expect(primarySelection).toBe(healthy);
+    expect(primarySelection!.keyType).toBe("CODEX_OAUTH");
+  });
+
+  test("uses first credential when neither is rate-limited", () => {
+    const first: CredentialSelection = {
+      selected: "sk-aaa",
+      index: 0,
+      total: 1,
+      keySuffix: "k-aaa",
+      keyType: "OPENAI_API_KEY",
+      isRateLimitFallback: false,
+    };
+    const second: CredentialSelection = {
+      selected: "oauth-bbb",
+      index: 0,
+      total: 1,
+      keySuffix: "h-bbb",
+      keyType: "CODEX_OAUTH",
+      isRateLimitFallback: false,
+    };
+
+    let primarySelection: CredentialSelection | undefined;
+    if (first && second) {
+      if (first.isRateLimitFallback && !second.isRateLimitFallback) {
+        primarySelection = second;
+      } else {
+        primarySelection = first;
+      }
+    } else {
+      primarySelection = first ?? second;
+    }
+
+    expect(primarySelection).toBe(first);
+    expect(primarySelection!.keyType).toBe("OPENAI_API_KEY");
+  });
 });