@vellumai/assistant 0.3.22 → 0.3.24

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.3.22",
+  "version": "0.3.24",
   "type": "module",
   "bin": {
     "vellum": "./src/index.ts"

package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap

@@ -1015,43 +1015,6 @@ exports[`IPC message snapshots ClientMessage types dictation_request serializes
 }
 `;
 
-exports[`IPC message snapshots ClientMessage types parental_control_get serializes to expected JSON 1`] = `
-{
-  "type": "parental_control_get",
-}
-`;
-
-exports[`IPC message snapshots ClientMessage types parental_control_verify_pin serializes to expected JSON 1`] = `
-{
-  "pin": "123456",
-  "type": "parental_control_verify_pin",
-}
-`;
-
-exports[`IPC message snapshots ClientMessage types parental_control_set_pin serializes to expected JSON 1`] = `
-{
-  "current_pin": "123456",
-  "new_pin": "654321",
-  "type": "parental_control_set_pin",
-}
-`;
-
-exports[`IPC message snapshots ClientMessage types parental_control_update serializes to expected JSON 1`] = `
-{
-  "blocked_tool_categories": [
-    "shell",
-    "network",
-  ],
-  "content_restrictions": [
-    "violence",
-    "adult_content",
-  ],
-  "enabled": true,
-  "pin": "123456",
-  "type": "parental_control_update",
-}
-`;
-
 exports[`IPC message snapshots ClientMessage types ingress_invite serializes to expected JSON 1`] = `
 {
   "action": "create",
@@ -2944,53 +2907,6 @@ exports[`IPC message snapshots ServerMessage types dictation_response serializes
 }
 `;
 
-exports[`IPC message snapshots ServerMessage types parental_control_get_response serializes to expected JSON 1`] = `
-{
-  "blocked_tool_categories": [
-    "shell",
-    "network",
-  ],
-  "content_restrictions": [
-    "violence",
-    "adult_content",
-  ],
-  "enabled": true,
-  "has_pin": true,
-  "type": "parental_control_get_response",
-}
-`;
-
-exports[`IPC message snapshots ServerMessage types parental_control_verify_pin_response serializes to expected JSON 1`] = `
-{
-  "type": "parental_control_verify_pin_response",
-  "verified": true,
-}
-`;
-
-exports[`IPC message snapshots ServerMessage types parental_control_set_pin_response serializes to expected JSON 1`] = `
-{
-  "success": true,
-  "type": "parental_control_set_pin_response",
-}
-`;
-
-exports[`IPC message snapshots ServerMessage types parental_control_update_response serializes to expected JSON 1`] = `
-{
-  "blocked_tool_categories": [
-    "shell",
-    "network",
-  ],
-  "content_restrictions": [
-    "violence",
-    "adult_content",
-  ],
-  "enabled": true,
-  "has_pin": true,
-  "success": true,
-  "type": "parental_control_update_response",
-}
-`;
-
 exports[`IPC message snapshots ServerMessage types ingress_invite_response serializes to expected JSON 1`] = `
 {
   "invite": {

package/src/__tests__/approval-primitive.test.ts

@@ -537,4 +537,76 @@ describe('approval-primitive / consumeGrantForInvocation retry', () => {
     expect(elapsed).toBeGreaterThanOrEqual(450);
     expect(elapsed).toBeLessThan(1_500);
   });
+
+  test('returns aborted when signal fires during retry polling', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'aborted' });
+    const controller = new AbortController();
+
+    // Abort after 200ms — well before the 2s max wait
+    setTimeout(() => controller.abort(), 200);
+
+    const start = Date.now();
+    const result = await consumeGrantForInvocation(
+      {
+        toolName: 'shell',
+        inputDigest: digest,
+        consumingRequestId: 'consumer-aborted',
+        assistantId: 'self',
+      },
+      { maxWaitMs: 2_000, intervalMs: 50, signal: controller.signal },
+    );
+    const elapsed = Date.now() - start;
+
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('aborted');
+    // Should have exited shortly after the abort (200ms), not waited the full 2s
+    expect(elapsed).toBeLessThan(1_000);
+  });
+
+  test('returns aborted immediately when signal is already aborted', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'pre-aborted' });
+    const controller = new AbortController();
+    controller.abort();
+
+    const start = Date.now();
+    const result = await consumeGrantForInvocation(
+      {
+        toolName: 'shell',
+        inputDigest: digest,
+        consumingRequestId: 'consumer-pre-aborted',
+        assistantId: 'self',
+      },
+      { maxWaitMs: 2_000, intervalMs: 50, signal: controller.signal },
+    );
+    const elapsed = Date.now() - start;
+
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('aborted');
+    // Should return nearly instantly since signal was already aborted
+    expect(elapsed).toBeLessThan(200);
+  });
+
+  test('skips retry entirely when maxWaitMs is 0', async () => {
+    const digest = computeToolApprovalDigest('shell', { command: 'no-retry' });
+
+    const start = Date.now();
+    const result = await consumeGrantForInvocation(
+      {
+        toolName: 'shell',
+        inputDigest: digest,
+        consumingRequestId: 'consumer-no-retry',
+        assistantId: 'self',
+      },
+      { maxWaitMs: 0 },
+    );
+    const elapsed = Date.now() - start;
+
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.reason).toBe('no_match');
+    // Should return nearly instantly — no retry loop
+    expect(elapsed).toBeLessThan(100);
+  });
 });

package/src/__tests__/assistant-feature-flags-integration.test.ts

@@ -73,10 +73,6 @@ mock.module('../config/user-reference.js', () => ({
   resolveUserReference: () => 'TestUser',
 }));
 
-mock.module('../security/parental-control-store.js', () => ({
-  getParentalControlSettings: () => ({ enabled: false, contentRestrictions: [], blockedToolCategories: [] }),
-}));
-
 mock.module('../tools/credentials/metadata-store.js', () => ({
   listCredentialMetadata: () => [],
 }));

package/src/__tests__/host-shell-tool.test.ts

@@ -424,6 +424,31 @@ describe('host_bash — environment setup', () => {
     expect(result.content).toContain('HOME=');
     expect(result.content.trim()).not.toBe('HOME=');
   });
+
+  test('injects INTERNAL_GATEWAY_BASE_URL and GATEWAY_BASE_URL for host_bash commands', async () => {
+    const originalGatewayBase = process.env.GATEWAY_INTERNAL_BASE_URL;
+    const originalIngressBase = process.env.INGRESS_PUBLIC_BASE_URL;
+    process.env.GATEWAY_INTERNAL_BASE_URL = 'http://gateway.internal:9000/';
+    process.env.INGRESS_PUBLIC_BASE_URL = 'https://gw.example.com/';
+    try {
+      const result = await hostShellTool.execute({
+        command: 'echo "$INTERNAL_GATEWAY_BASE_URL|$GATEWAY_BASE_URL"',
+      }, makeContext());
+      expect(result.isError).toBe(false);
+      expect(result.content.trim()).toBe('http://gateway.internal:9000|https://gw.example.com');
+    } finally {
+      if (originalGatewayBase === undefined) {
+        delete process.env.GATEWAY_INTERNAL_BASE_URL;
+      } else {
+        process.env.GATEWAY_INTERNAL_BASE_URL = originalGatewayBase;
+      }
+      if (originalIngressBase === undefined) {
+        delete process.env.INGRESS_PUBLIC_BASE_URL;
+      } else {
+        process.env.INGRESS_PUBLIC_BASE_URL = originalIngressBase;
+      }
+    }
+  });
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/ipc-snapshot.test.ts

@@ -630,25 +630,6 @@ const clientMessages: Record<ClientMessageType, ClientMessage> = {
       cursorInTextField: true,
     },
   },
-  parental_control_get: {
-    type: 'parental_control_get',
-  },
-  parental_control_verify_pin: {
-    type: 'parental_control_verify_pin',
-    pin: '123456',
-  },
-  parental_control_set_pin: {
-    type: 'parental_control_set_pin',
-    current_pin: '123456',
-    new_pin: '654321',
-  },
-  parental_control_update: {
-    type: 'parental_control_update',
-    pin: '123456',
-    enabled: true,
-    content_restrictions: ['violence', 'adult_content'],
-    blocked_tool_categories: ['shell', 'network'],
-  },
   ingress_invite: {
     type: 'ingress_invite',
     action: 'create',
@@ -1889,29 +1870,6 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
     mode: 'dictation',
     actionPlan: undefined,
   },
-  parental_control_get_response: {
-    type: 'parental_control_get_response',
-    enabled: true,
-    has_pin: true,
-    content_restrictions: ['violence', 'adult_content'],
-    blocked_tool_categories: ['shell', 'network'],
-  },
-  parental_control_verify_pin_response: {
-    type: 'parental_control_verify_pin_response',
-    verified: true,
-  },
-  parental_control_set_pin_response: {
-    type: 'parental_control_set_pin_response',
-    success: true,
-  },
-  parental_control_update_response: {
-    type: 'parental_control_update_response',
-    success: true,
-    enabled: true,
-    has_pin: true,
-    content_restrictions: ['violence', 'adult_content'],
-    blocked_tool_categories: ['shell', 'network'],
-  },
   ingress_invite_response: {
     type: 'ingress_invite_response',
     success: true,

package/src/__tests__/mcp-cli.test.ts

@@ -1,5 +1,5 @@
 import { spawnSync } from 'node:child_process';
-import { mkdirSync, rmSync, writeFileSync } from 'node:fs';
+import { mkdirSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 
@@ -10,22 +10,35 @@ const CLI = join(import.meta.dir, '..', 'index.ts');
 let testDataDir: string;
 let configPath: string;
 
-function runMcpList(args: string[] = []): { stdout: string; exitCode: number } {
-  const result = spawnSync('bun', ['run', CLI, 'mcp', 'list', ...args], {
+function runMcp(subcommand: string, args: string[] = []): { stdout: string; stderr: string; exitCode: number } {
+  const result = spawnSync('bun', ['run', CLI, 'mcp', subcommand, ...args], {
     encoding: 'utf-8',
     timeout: 10_000,
     env: { ...process.env, BASE_DATA_DIR: testDataDir },
   });
   return {
     stdout: (result.stdout ?? '').toString(),
+    stderr: (result.stderr ?? '').toString(),
     exitCode: result.status ?? 1,
   };
 }
 
+function runMcpList(args: string[] = []) {
+  return runMcp('list', args);
+}
+
+function runMcpAdd(name: string, args: string[]) {
+  return runMcp('add', [name, ...args]);
+}
+
 function writeConfig(config: Record<string, unknown>): void {
   writeFileSync(configPath, JSON.stringify(config), 'utf-8');
 }
 
+function readConfig(): Record<string, unknown> {
+  return JSON.parse(readFileSync(configPath, 'utf-8'));
+}
+
 describe('vellum mcp list', () => {
   beforeAll(() => {
     testDataDir = join(tmpdir(), `vellum-mcp-cli-test-${Date.now()}-${Math.random().toString(36).slice(2)}`);
@@ -139,3 +152,107 @@ describe('vellum mcp list', () => {
     expect(parsed).toEqual([]);
   });
 });
+
+describe('vellum mcp add', () => {
+  beforeAll(() => {
+    testDataDir = join(tmpdir(), `vellum-mcp-add-test-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+    const workspaceDir = join(testDataDir, '.vellum', 'workspace');
+    mkdirSync(workspaceDir, { recursive: true });
+    configPath = join(workspaceDir, 'config.json');
+    writeConfig({});
+  });
+
+  afterAll(() => {
+    rmSync(testDataDir, { recursive: true, force: true });
+  });
+
+  beforeEach(() => {
+    writeConfig({});
+  });
+
+  test('adds a streamable-http server', () => {
+    const { stdout, exitCode } = runMcpAdd('test-http', [
+      '-t', 'streamable-http', '-u', 'https://example.com/mcp', '-r', 'medium',
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Added MCP server "test-http"');
+
+    const updated = readConfig();
+    const servers = (updated.mcp as Record<string, unknown> | undefined)?.servers as Record<string, unknown> | undefined;
+    const server = servers?.['test-http'] as Record<string, unknown>;
+    expect(server).toBeDefined();
+    expect((server.transport as Record<string, unknown>).type).toBe('streamable-http');
+    expect((server.transport as Record<string, unknown>).url).toBe('https://example.com/mcp');
+    expect(server.defaultRiskLevel).toBe('medium');
+    expect(server.enabled).toBe(true);
+  });
+
+  test('adds a stdio server with args', () => {
+    const { stdout, exitCode } = runMcpAdd('test-stdio', [
+      '-t', 'stdio', '-c', 'npx', '-a', '-y', 'some-server', '-r', 'low',
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Added MCP server "test-stdio"');
+
+    const updated = readConfig();
+    const servers = (updated.mcp as Record<string, unknown> | undefined)?.servers as Record<string, unknown> | undefined;
+    const server = servers?.['test-stdio'] as Record<string, unknown>;
+    const transport = server.transport as Record<string, unknown>;
+    expect(transport.type).toBe('stdio');
+    expect(transport.command).toBe('npx');
+    expect(transport.args).toEqual(['-y', 'some-server']);
+  });
+
+  test('adds server as disabled with --disabled flag', () => {
+    const { exitCode } = runMcpAdd('test-disabled', [
+      '-t', 'sse', '-u', 'https://example.com/sse', '--disabled',
+    ]);
+    expect(exitCode).toBe(0);
+
+    const updated = readConfig();
+    const servers = (updated.mcp as Record<string, unknown> | undefined)?.servers as Record<string, unknown> | undefined;
+    const server = servers?.['test-disabled'] as Record<string, unknown>;
+    expect(server.enabled).toBe(false);
+  });
+
+  test('rejects duplicate server name', () => {
+    writeConfig({
+      mcp: {
+        servers: {
+          existing: {
+            transport: { type: 'sse', url: 'https://example.com' },
+            enabled: true,
+            defaultRiskLevel: 'high',
+          },
+        },
+      },
+    });
+
+    const { stderr } = runMcpAdd('existing', [
+      '-t', 'sse', '-u', 'https://other.com',
+    ]);
+    expect(stderr).toContain('already exists');
+  });
+
+  test('rejects stdio without --command', () => {
+    const { stderr } = runMcpAdd('bad-stdio', ['-t', 'stdio']);
+    expect(stderr).toContain('--command is required');
+  });
+
+  test('rejects streamable-http without --url', () => {
+    const { stderr } = runMcpAdd('bad-http', ['-t', 'streamable-http']);
+    expect(stderr).toContain('--url is required');
+  });
+
+  test('defaults risk to high', () => {
+    const { exitCode } = runMcpAdd('default-risk', [
+      '-t', 'sse', '-u', 'https://example.com/sse',
+    ]);
+    expect(exitCode).toBe(0);
+
+    const updated = readConfig();
+    const servers = (updated.mcp as Record<string, unknown> | undefined)?.servers as Record<string, unknown> | undefined;
+    const server = servers?.['default-risk'] as Record<string, unknown>;
+    expect(server.defaultRiskLevel).toBe('high');
+  });
+});

package/src/__tests__/skill-feature-flags-integration.test.ts

@@ -68,10 +68,6 @@ mock.module('../config/user-reference.js', () => ({
   resolveUserReference: () => 'TestUser',
 }));
 
-mock.module('../security/parental-control-store.js', () => ({
-  getParentalControlSettings: () => ({ enabled: false, contentRestrictions: [], blockedToolCategories: [] }),
-}));
-
 mock.module('../tools/credentials/metadata-store.js', () => ({
   listCredentialMetadata: () => [],
 }));

package/src/__tests__/terminal-tools.test.ts

@@ -446,6 +446,23 @@ describe('buildSanitizedEnv', () => {
     expect(env.LC_CTYPE).toBe('UTF-8');
   });
 
+  test('injects INTERNAL_GATEWAY_BASE_URL from gateway config', () => {
+    process.env.GATEWAY_INTERNAL_BASE_URL = 'http://gateway.internal:9000/';
+    const env = buildSanitizedEnv();
+    expect(env.INTERNAL_GATEWAY_BASE_URL).toBe('http://gateway.internal:9000');
+    delete process.env.GATEWAY_INTERNAL_BASE_URL;
+  });
+
+  test('injects GATEWAY_BASE_URL from public ingress when configured', () => {
+    process.env.GATEWAY_INTERNAL_BASE_URL = 'http://gateway.internal:9000/';
+    process.env.INGRESS_PUBLIC_BASE_URL = 'https://gw.example.com/';
+    const env = buildSanitizedEnv();
+    expect(env.INTERNAL_GATEWAY_BASE_URL).toBe('http://gateway.internal:9000');
+    expect(env.GATEWAY_BASE_URL).toBe('https://gw.example.com');
+    delete process.env.GATEWAY_INTERNAL_BASE_URL;
+    delete process.env.INGRESS_PUBLIC_BASE_URL;
+  });
+
   test('result is a plain object with no prototype-inherited secrets', () => {
     const env = buildSanitizedEnv();
     const keys = Object.keys(env);
@@ -453,6 +470,8 @@ describe('buildSanitizedEnv', () => {
       'PATH', 'HOME', 'TERM', 'LANG', 'EDITOR', 'SHELL', 'USER', 'TMPDIR',
       'LC_ALL', 'LC_CTYPE', 'XDG_RUNTIME_DIR', 'DISPLAY', 'COLORTERM',
       'TERM_PROGRAM', 'SSH_AUTH_SOCK', 'SSH_AGENT_PID', 'GPG_TTY', 'GNUPGHOME',
+      'INTERNAL_GATEWAY_BASE_URL',
+      'GATEWAY_BASE_URL',
     ];
     for (const key of keys) {
       expect(safeKeys).toContain(key);
@@ -684,4 +703,3 @@ describe('formatShellOutput', () => {
     expect(result.content.length).toBeLessThan(60_000);
   });
 });
-

package/src/__tests__/tool-approval-handler.test.ts

@@ -29,11 +29,6 @@ mock.module('../util/logger.js', () => ({
   truncateForLog: (value: string) => value,
 }));
 
-// Mock parental controls — no tools blocked by default
-mock.module('../security/parental-control-store.js', () => ({
-  isToolBlocked: () => false,
-}));
-
 // Mock guardian control-plane policy — not targeting control-plane by default
 mock.module('../tools/guardian-control-plane-policy.js', () => ({
   enforceGuardianOnlyPolicy: () => ({ denied: false }),
@@ -347,4 +342,98 @@ describe('ToolApprovalHandler / pre-exec gate grant check', () => {
 
     expect(result.allowed).toBe(false);
   });
+
+  test('non-voice channel denial is instant (no retry polling)', async () => {
+    const toolName = 'bash';
+    const input = { command: 'rm -rf /' };
+
+    // executionChannel defaults to undefined (non-voice)
+    const context = makeContext({
+      guardianActorRole: 'non-guardian',
+      executionChannel: 'telegram',
+    });
+
+    const start = Date.now();
+    const result = await handler.checkPreExecutionGates(
+      toolName, input, context, 'host', 'high', Date.now(), emitLifecycleEvent,
+    );
+    const elapsed = Date.now() - start;
+
+    expect(result.allowed).toBe(false);
+    if (result.allowed) return;
+    expect(result.result.content).toContain('guardian approval');
+    // Non-voice denials should be nearly instant — no 10s retry polling
+    expect(elapsed).toBeLessThan(500);
+  });
+
+  test('voice channel with delayed grant succeeds via retry polling', async () => {
+    const toolName = 'bash';
+    const input = { command: 'echo hello' };
+    const digest = computeToolApprovalDigest(toolName, input);
+
+    // Mint the grant after 300ms — the voice retry polling should find it
+    setTimeout(() => {
+      mintGrantFromDecision(
+        mintParams({
+          scopeMode: 'tool_signature',
+          toolName,
+          inputDigest: digest,
+        }),
+      );
+    }, 300);
+
+    const context = makeContext({
+      guardianActorRole: 'non-guardian',
+      executionChannel: 'voice',
+    });
+
+    const start = Date.now();
+    const result = await handler.checkPreExecutionGates(
+      toolName, input, context, 'host', 'high', Date.now(), emitLifecycleEvent,
+    );
+    const elapsed = Date.now() - start;
+
+    expect(result.allowed).toBe(true);
+    // Should have taken at least ~300ms (the minting delay) but not the full 10s
+    expect(elapsed).toBeGreaterThanOrEqual(250);
+    expect(elapsed).toBeLessThan(5_000);
+  });
+
+  test('voice channel abort returns Cancelled instead of guardian_approval_required', async () => {
+    const toolName = 'bash';
+    const input = { command: 'deploy --force' };
+
+    const controller = new AbortController();
+    // Abort after 200ms to simulate voice barge-in
+    setTimeout(() => controller.abort(), 200);
+
+    const context = makeContext({
+      guardianActorRole: 'non-guardian',
+      executionChannel: 'voice',
+      signal: controller.signal,
+    });
+
+    const start = Date.now();
+    const result = await handler.checkPreExecutionGates(
+      toolName, input, context, 'host', 'high', Date.now(), emitLifecycleEvent,
+    );
+    const elapsed = Date.now() - start;
+
+    expect(result.allowed).toBe(false);
+    if (result.allowed) return;
+    // Should return 'Cancelled', not a guardian_approval_required message
+    expect(result.result.content).toBe('Cancelled');
+    expect(result.result.isError).toBe(true);
+    // Should exit promptly after the abort signal, not wait full 10s
+    expect(elapsed).toBeLessThan(2_000);
+
+    // The lifecycle event should be an error with 'Cancelled', not permission_denied
+    const errorEvents = events.filter((e) => e.type === 'error');
+    expect(errorEvents.length).toBeGreaterThanOrEqual(1);
+    const lastError = errorEvents[errorEvents.length - 1];
+    if (lastError.type === 'error') {
+      expect(lastError.errorMessage).toBe('Cancelled');
+      expect(lastError.isExpected).toBe(true);
+    }
+  });
 });

package/src/__tests__/tool-executor.test.ts

@@ -1844,7 +1844,7 @@ describe('buildSanitizedEnv — baseline: credential exclusion', () => {
       'PATH', 'HOME', 'TERM', 'LANG', 'EDITOR', 'SHELL', 'USER',
       'TMPDIR', 'LC_ALL', 'LC_CTYPE', 'XDG_RUNTIME_DIR', 'DISPLAY',
       'COLORTERM', 'TERM_PROGRAM', 'SSH_AUTH_SOCK', 'SSH_AGENT_PID',
-      'GPG_TTY', 'GNUPGHOME',
+      'GPG_TTY', 'GNUPGHOME', 'INTERNAL_GATEWAY_BASE_URL', 'GATEWAY_BASE_URL',
     ];
 
     const env = buildSanitizedEnv();

package/src/cli/mcp.ts

@@ -87,6 +87,7 @@ export function registerMcpCommand(program: Command): void {
 
       if (servers[name]) {
         log.error(`MCP server "${name}" already exists. Remove it first with: vellum mcp remove ${name}`);
+        process.exitCode = 1;
         return;
       }
 
@@ -95,6 +96,7 @@ export function registerMcpCommand(program: Command): void {
         case 'stdio':
           if (!opts.command) {
             log.error('--command is required for stdio transport');
+            process.exitCode = 1;
             return;
           }
           transport = { type: 'stdio', command: opts.command, args: opts.args ?? [] };
@@ -103,17 +105,20 @@ export function registerMcpCommand(program: Command): void {
         case 'streamable-http':
           if (!opts.url) {
             log.error(`--url is required for ${opts.transportType} transport`);
+            process.exitCode = 1;
             return;
           }
           transport = { type: opts.transportType, url: opts.url };
           break;
         default:
           log.error(`Unknown transport type: ${opts.transportType}. Must be stdio, sse, or streamable-http`);
+          process.exitCode = 1;
           return;
       }
 
       if (!['low', 'medium', 'high'].includes(opts.risk)) {
         log.error(`Invalid risk level: ${opts.risk}. Must be low, medium, or high`);
+        process.exitCode = 1;
         return;
       }
 
@@ -127,4 +132,24 @@ export function registerMcpCommand(program: Command): void {
       log.info(`Added MCP server "${name}" (${opts.transportType})`);
       log.info('Restart the daemon for changes to take effect: vellum daemon restart');
     });
+
+  mcp
+    .command('remove <name>')
+    .description('Remove an MCP server configuration')
+    .action((name: string) => {
+      const raw = loadRawConfig();
+      const mcpConfig = raw.mcp as Record<string, unknown> | undefined;
+      const servers = mcpConfig?.servers as Record<string, unknown> | undefined;
+
+      if (!servers || !servers[name]) {
+        log.error(`MCP server "${name}" not found.`);
+        process.exitCode = 1;
+        return;
+      }
+
+      delete servers[name];
+      saveRawConfig(raw);
+      log.info(`Removed MCP server "${name}".`);
+      log.info('Restart the daemon for changes to take effect: vellum daemon restart');
+    });
 }