@vellumai/assistant 0.3.26 → 0.3.28

package/src/__tests__/mcp-cli.test.ts

@@ -31,6 +31,10 @@ function runMcpAdd(name: string, args: string[]) {
   return runMcp('add', [name, ...args]);
 }
 
+function runMcpRemove(name: string) {
+  return runMcp('remove', [name]);
+}
+
 function writeConfig(config: Record<string, unknown>): void {
   writeFileSync(configPath, JSON.stringify(config), 'utf-8');
 }
@@ -256,3 +260,76 @@ describe('vellum mcp add', () => {
     expect(server.defaultRiskLevel).toBe('high');
   });
 });
+
+describe('vellum mcp remove', () => {
+  beforeAll(() => {
+    testDataDir = join(tmpdir(), `vellum-mcp-remove-test-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+    const workspaceDir = join(testDataDir, '.vellum', 'workspace');
+    mkdirSync(workspaceDir, { recursive: true });
+    configPath = join(workspaceDir, 'config.json');
+    writeConfig({});
+  });
+
+  afterAll(() => {
+    rmSync(testDataDir, { recursive: true, force: true });
+  });
+
+  beforeEach(() => {
+    writeConfig({});
+  });
+
+  test('removes an existing server', () => {
+    writeConfig({
+      mcp: {
+        servers: {
+          'my-server': {
+            transport: { type: 'sse', url: 'https://example.com/sse' },
+            enabled: true,
+            defaultRiskLevel: 'high',
+          },
+        },
+      },
+    });
+
+    const { stdout, exitCode } = runMcpRemove('my-server');
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Removed MCP server "my-server"');
+
+    const updated = readConfig();
+    const servers = (updated.mcp as Record<string, unknown> | undefined)?.servers as Record<string, unknown> | undefined;
+    expect(servers?.['my-server']).toBeUndefined();
+  });
+
+  test('errors when server does not exist', () => {
+    const { stderr, exitCode } = runMcpRemove('nonexistent');
+    expect(exitCode).toBe(1);
+    expect(stderr).toContain('not found');
+  });
+
+  test('preserves other servers when removing one', () => {
+    writeConfig({
+      mcp: {
+        servers: {
+          'keep-me': {
+            transport: { type: 'streamable-http', url: 'https://example.com/keep' },
+            enabled: true,
+            defaultRiskLevel: 'low',
+          },
+          'remove-me': {
+            transport: { type: 'sse', url: 'https://example.com/remove' },
+            enabled: true,
+            defaultRiskLevel: 'high',
+          },
+        },
+      },
+    });
+
+    const { exitCode } = runMcpRemove('remove-me');
+    expect(exitCode).toBe(0);
+
+    const updated = readConfig();
+    const servers = (updated.mcp as Record<string, unknown> | undefined)?.servers as Record<string, unknown> | undefined;
+    expect(servers?.['remove-me']).toBeUndefined();
+    expect(servers?.['keep-me']).toBeDefined();
+  });
+});

package/src/__tests__/non-member-access-request.test.ts

@@ -80,9 +80,9 @@ mock.module('../runtime/gateway-client.js', () => ({
   },
 }));
 
+import { listCanonicalGuardianRequests } from '../memory/canonical-guardian-store.js';
 import {
   createBinding,
-  findPendingAccessRequestForRequester,
 } from '../memory/channel-guardian-store.js';
 import { getDb, initializeDb, resetDb } from '../memory/db.js';
 import { handleChannelInbound } from '../runtime/routes/channel-routes.js';
@@ -107,6 +107,8 @@ function resetState(): void {
   db.run('DELETE FROM channel_inbound_events');
   db.run('DELETE FROM conversations');
   db.run('DELETE FROM notification_events');
+  db.run('DELETE FROM canonical_guardian_requests');
+  db.run('DELETE FROM canonical_guardian_deliveries');
   emitSignalCalls.length = 0;
   deliverReplyCalls.length = 0;
 }
@@ -185,18 +187,18 @@ describe('non-member access request notification', () => {
     expect(payload.senderExternalUserId).toBe('user-unknown-456');
     expect(payload.senderName).toBe('Alice Unknown');
 
-    // An approval request was created
-    const pending = findPendingAccessRequestForRequester(
-      'self',
-      'telegram',
-      'user-unknown-456',
-      'ingress_access_request',
-    );
-    expect(pending).not.toBeNull();
-    expect(pending!.status).toBe('pending');
-    expect(pending!.requesterExternalUserId).toBe('user-unknown-456');
-    expect(pending!.guardianExternalUserId).toBe('guardian-user-789');
-    expect(pending!.toolName).toBe('ingress_access_request');
+    // A canonical access request was created
+    const pending = listCanonicalGuardianRequests({
+      status: 'pending',
+      requesterExternalUserId: 'user-unknown-456',
+      sourceChannel: 'telegram',
+      kind: 'access_request',
+    });
+    expect(pending.length).toBe(1);
+    expect(pending[0].status).toBe('pending');
+    expect(pending[0].requesterExternalUserId).toBe('user-unknown-456');
+    expect(pending[0].guardianExternalUserId).toBe('guardian-user-789');
+    expect(pending[0].toolName).toBe('ingress_access_request');
   });
 
   test('no duplicate approval requests for repeated messages from same non-member', async () => {
@@ -224,14 +226,14 @@ describe('non-member access request notification', () => {
     // Only one notification signal should be emitted (second is deduplicated)
     expect(emitSignalCalls.length).toBe(1);
 
-    // Only one approval request should exist
-    const pending = findPendingAccessRequestForRequester(
-      'self',
-      'telegram',
-      'user-unknown-456',
-      'ingress_access_request',
-    );
-    expect(pending).not.toBeNull();
+    // Only one canonical request should exist
+    const pending = listCanonicalGuardianRequests({
+      status: 'pending',
+      requesterExternalUserId: 'user-unknown-456',
+      sourceChannel: 'telegram',
+      kind: 'access_request',
+    });
+    expect(pending.length).toBe(1);
   });
 
   test('deny works without error when no guardian binding exists', async () => {
@@ -249,14 +251,14 @@ describe('non-member access request notification', () => {
     // No notification signal was emitted
     expect(emitSignalCalls.length).toBe(0);
 
-    // No approval request was created
-    const pending = findPendingAccessRequestForRequester(
-      'self',
-      'telegram',
-      'user-unknown-456',
-      'ingress_access_request',
-    );
-    expect(pending).toBeNull();
+    // No canonical request was created
+    const pending = listCanonicalGuardianRequests({
+      status: 'pending',
+      requesterExternalUserId: 'user-unknown-456',
+      sourceChannel: 'telegram',
+      kind: 'access_request',
+    });
+    expect(pending.length).toBe(0);
   });
 
   test('no notification when senderExternalUserId is absent', async () => {

package/src/__tests__/notification-decision-fallback.test.ts

@@ -5,7 +5,7 @@
  * decision-model call is unavailable.
  */
 
-import { describe, expect, mock, test } from 'bun:test';
+import { beforeEach, describe, expect, mock, test } from 'bun:test';
 
 mock.module('../channels/config.js', () => ({
   getDeliverableChannels: () => ['vellum', 'telegram', 'sms'],
@@ -32,13 +32,16 @@ mock.module('../notifications/thread-candidates.js', () => ({
   serializeCandidatesForPrompt: () => undefined,
 }));
 
+let configuredProvider: { sendMessage: () => Promise<unknown> } | null = null;
+let extractedToolUse: unknown = null;
+
 mock.module('../providers/provider-send-message.js', () => ({
-  getConfiguredProvider: () => null,
+  getConfiguredProvider: () => configuredProvider,
   createTimeout: () => ({
     signal: new AbortController().signal,
     cleanup: () => {},
   }),
-  extractToolUse: () => null,
+  extractToolUse: () => extractedToolUse,
   userMessage: (text: string) => ({ role: 'user', content: text }),
 }));
 
@@ -75,6 +78,11 @@ function makeSignal(overrides?: Partial<NotificationSignal>): NotificationSignal
 }
 
 describe('notification decision fallback copy', () => {
+  beforeEach(() => {
+    configuredProvider = null;
+    extractedToolUse = null;
+  });
+
   test('uses human-friendly template copy for guardian.question', async () => {
     const signal = makeSignal();
     const decision = await evaluateSignal(signal, ['vellum'] as NotificationChannel[]);
@@ -85,4 +93,54 @@ describe('notification decision fallback copy', () => {
     expect(decision.renderedCopy.vellum?.title).not.toBe('guardian.question');
     expect(decision.renderedCopy.vellum?.body).not.toContain('Action required: guardian.question');
   });
+
+  test('enforces request-code instructions for guardian.question when requestCode exists', async () => {
+    const signal = makeSignal({
+      contextPayload: {
+        questionText: 'What is the gate code?',
+        requestCode: 'A1B2C3',
+      },
+    });
+    const decision = await evaluateSignal(signal, ['vellum'] as NotificationChannel[]);
+
+    expect(decision.fallbackUsed).toBe(true);
+    expect(decision.renderedCopy.vellum?.body).toContain('A1B2C3');
+    expect(decision.renderedCopy.vellum?.body).toContain('approve');
+    expect(decision.renderedCopy.vellum?.body).toContain('reject');
+  });
+
+  test('enforcement appends explicit approve/reject instructions when LLM copy only mentions request code', async () => {
+    configuredProvider = {
+      sendMessage: async () => ({ content: [] }),
+    };
+    extractedToolUse = {
+      name: 'record_notification_decision',
+      input: {
+        shouldNotify: true,
+        selectedChannels: ['vellum'],
+        reasoningSummary: 'LLM decision',
+        renderedCopy: {
+          vellum: {
+            title: 'Guardian Question',
+            body: 'Use reference code A1B2C3 for this request.',
+          },
+        },
+        dedupeKey: 'guardian-question-test',
+        confidence: 0.9,
+      },
+    };
+
+    const signal = makeSignal({
+      contextPayload: {
+        questionText: 'What is the gate code?',
+        requestCode: 'A1B2C3',
+      },
+    });
+
+    const decision = await evaluateSignal(signal, ['vellum'] as NotificationChannel[]);
+
+    expect(decision.fallbackUsed).toBe(false);
+    expect(decision.renderedCopy.vellum?.body).toContain('"A1B2C3 approve"');
+    expect(decision.renderedCopy.vellum?.body).toContain('"A1B2C3 reject"');
+  });
 });

package/src/__tests__/notification-decision-strategy.test.ts

@@ -55,6 +55,23 @@ describe('notification decision strategy', () => {
       expect(copy.vellum!.body).toContain('What is the gate code?');
     });
 
+    test('guardian.question template includes request-code instructions when present', () => {
+      const signal = makeSignal({
+        sourceEventName: 'guardian.question',
+        contextPayload: {
+          questionText: 'What is the gate code?',
+          requestCode: 'A1B2C3',
+        },
+      });
+
+      const copy = composeFallbackCopy(signal, channels);
+      expect(copy.vellum).toBeDefined();
+      expect(copy.vellum!.body).toContain('A1B2C3');
+      expect(copy.vellum!.body).toContain('approve');
+      expect(copy.vellum!.body).toContain('reject');
+      expect(copy.telegram!.deliveryText).toContain('A1B2C3');
+    });
+
     test('reminder.fired template uses message from payload', () => {
       const signal = makeSignal({
         sourceEventName: 'reminder.fired',

package/src/__tests__/notification-guardian-path.test.ts

@@ -108,6 +108,8 @@ function ensureConversation(id: string): void {
 
 function resetTables(): void {
   const db = getDb();
+  db.run('DELETE FROM canonical_guardian_deliveries');
+  db.run('DELETE FROM canonical_guardian_requests');
   db.run('DELETE FROM guardian_action_deliveries');
   db.run('DELETE FROM guardian_action_requests');
   db.run('DELETE FROM call_pending_questions');
@@ -268,16 +270,15 @@ describe('ASK_GUARDIAN canonical notification path', () => {
 
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
-    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+    const request = raw.query('SELECT * FROM canonical_guardian_requests WHERE call_session_id = ?').get(session.id) as
       | { id: string }
       | undefined;
     const deliveries = raw.query(
-      'SELECT destination_channel, destination_conversation_id, destination_chat_id, destination_external_user_id, status FROM guardian_action_deliveries WHERE request_id = ? ORDER BY destination_channel ASC',
+      'SELECT destination_channel, destination_conversation_id, destination_chat_id, status FROM canonical_guardian_deliveries WHERE request_id = ? ORDER BY destination_channel ASC',
     ).all(request!.id) as Array<{
       destination_channel: string;
       destination_conversation_id: string | null;
       destination_chat_id: string | null;
-      destination_external_user_id: string | null;
       status: string;
     }>;
 
@@ -286,7 +287,6 @@ describe('ASK_GUARDIAN canonical notification path', () => {
     const vellum = deliveries.find((d) => d.destination_channel === 'vellum');
     expect(telegram).toBeDefined();
     expect(telegram!.destination_chat_id).toBe('tg-chat-abc');
-    expect(telegram!.destination_external_user_id).toBe('tg-user-xyz');
     expect(telegram!.status).toBe('sent');
     expect(vellum).toBeDefined();
     expect(vellum!.destination_conversation_id).toBe('conv-guardian-vellum');
@@ -322,16 +322,15 @@ describe('ASK_GUARDIAN canonical notification path', () => {
 
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
-    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+    const request = raw.query('SELECT * FROM canonical_guardian_requests WHERE call_session_id = ?').get(session.id) as
       | { id: string }
       | undefined;
     const vellumDelivery = raw.query(
-      'SELECT status, last_error FROM guardian_action_deliveries WHERE request_id = ? AND destination_channel = ?',
-    ).get(request!.id, 'vellum') as { status: string; last_error: string | null } | undefined;
+      'SELECT status FROM canonical_guardian_deliveries WHERE request_id = ? AND destination_channel = ?',
+    ).get(request!.id, 'vellum') as { status: string } | undefined;
 
     expect(vellumDelivery).toBeDefined();
     expect(vellumDelivery!.status).toBe('failed');
-    expect(vellumDelivery!.last_error).toContain('No vellum delivery result');
   });
 
   test('context payload includes callSessionId and activeGuardianRequestCount for candidate-affinity', async () => {
@@ -426,11 +425,11 @@ describe('ASK_GUARDIAN canonical notification path', () => {
       pendingQuestion: pq2,
     });
 
-    // Verify: two distinct guardian_action_requests exist
+    // Verify: two distinct canonical_guardian_requests exist
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
     const requests = raw.query(
-      'SELECT id, question_text FROM guardian_action_requests WHERE call_session_id = ? ORDER BY created_at ASC',
+      'SELECT id, question_text FROM canonical_guardian_requests WHERE call_session_id = ? ORDER BY created_at ASC',
     ).all(session.id) as Array<{ id: string; question_text: string }>;
     expect(requests).toHaveLength(2);
     expect(requests[0].question_text).toBe('Can they enter through the side gate?');
@@ -438,7 +437,7 @@ describe('ASK_GUARDIAN canonical notification path', () => {
 
     // Verify: each request has its own delivery row pointing to the shared conversation
     const deliveries = raw.query(
-      'SELECT request_id, destination_conversation_id, status FROM guardian_action_deliveries WHERE destination_conversation_id = ? ORDER BY created_at ASC',
+      'SELECT request_id, destination_conversation_id, status FROM canonical_guardian_deliveries WHERE destination_conversation_id = ? ORDER BY created_at ASC',
     ).all(sharedConvId) as Array<{ request_id: string; destination_conversation_id: string; status: string }>;
     expect(deliveries).toHaveLength(2);
     expect(deliveries[0].request_id).toBe(requests[0].id);
@@ -478,16 +477,15 @@ describe('ASK_GUARDIAN canonical notification path', () => {
     // The dispatch should still create a failed fallback delivery row
     const db = getDb();
     const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
-    const request = raw.query('SELECT id FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+    const request = raw.query('SELECT id FROM canonical_guardian_requests WHERE call_session_id = ?').get(session.id) as
       | { id: string }
       | undefined;
     expect(request).toBeDefined();
 
     const delivery = raw.query(
-      'SELECT status, last_error FROM guardian_action_deliveries WHERE request_id = ? AND destination_channel = ?',
-    ).get(request!.id, 'vellum') as { status: string; last_error: string | null } | undefined;
+      'SELECT status FROM canonical_guardian_deliveries WHERE request_id = ? AND destination_channel = ?',
+    ).get(request!.id, 'vellum') as { status: string } | undefined;
     expect(delivery).toBeDefined();
     expect(delivery!.status).toBe('failed');
-    expect(delivery!.last_error).toContain('No vellum delivery result');
   });
 });

package/src/__tests__/onboarding-template-contract.test.ts

@@ -6,19 +6,21 @@ import { describe, expect,test } from 'bun:test';
 const templatesDir = join(import.meta.dirname, '..', 'config', 'templates');
 const bootstrap = readFileSync(join(templatesDir, 'BOOTSTRAP.md'), 'utf-8');
 const identity = readFileSync(join(templatesDir, 'IDENTITY.md'), 'utf-8');
+const user = readFileSync(join(templatesDir, 'USER.md'), 'utf-8');
 
 describe('onboarding template contracts', () => {
   describe('BOOTSTRAP.md', () => {
     test('contains identity question prompts', () => {
       const lower = bootstrap.toLowerCase();
       expect(lower).toContain('who am i');
-      expect(lower).toContain('who are you');
     });
 
-    test('uses "personality" for the personality step', () => {
-      expect(bootstrap).toContain('What is my personality?');
-      // Should not use "character" or "vibe" as a field/step label
-      expect(bootstrap).not.toMatch(/what is my (character|vibe)/i);
+    test('infers personality indirectly instead of asking directly', () => {
+      const lower = bootstrap.toLowerCase();
+      // Personality step must instruct indirect/organic discovery
+      expect(lower).toContain('personality');
+      expect(lower).toContain('indirectly');
+      expect(lower).toContain('vibe');
     });
 
     test('contains emoji auto-selection with change-later instruction', () => {
@@ -27,30 +29,106 @@ describe('onboarding template contracts', () => {
       expect(lower).toContain('change it later');
     });
 
-    test('contains the Home Base handoff format', () => {
-      expect(bootstrap).toMatch(/came up with X ideas/i);
-      expect(bootstrap).toMatch(/check this out/i);
-    });
-
-    test('mentions avatar evolution instruction', () => {
+    test('creates Home Base silently in the background', () => {
       const lower = bootstrap.toLowerCase();
-      expect(lower).toContain('avatar will start to reflect');
-      expect(lower).toContain('happens automatically');
+      expect(lower).toContain('app_create');
+      expect(lower).toContain('set_as_home_base');
+      // Must NOT open or announce it
+      expect(lower).toContain('do not open it with `app_open`');
+      expect(lower).toContain('do not announce it');
     });
 
     test('contains naming intent markers so the first reply includes naming cues', () => {
       const lower = bootstrap.toLowerCase();
       // The template must prompt the assistant to ask about names.
-      // These keywords align with the client-side naming intent heuristic
-      // (ChatViewModel.replyContainsNamingIntent) so that the first reply
-      // naturally passes the quality check without triggering a corrective nudge.
       expect(lower).toContain('name');
-      expect(lower).toContain('call');
-      // The example first message should include a naming question
-      expect(lower).toContain('what should i call myself');
-      // The conversation sequence must include identity/naming as the first step
+      // The first step should be about locking in the assistant's name
+      expect(lower).toContain('lock in your name');
+      // The conversation sequence must include identity/naming
       expect(lower).toContain('who am i');
-      expect(lower).toContain('who are you');
+    });
+
+    test('asks user name AFTER assistant identity is established', () => {
+      // Step 1 is locking in the assistant's name, step 3 is asking the user's name
+      const assistantNameIdx = bootstrap.indexOf('Lock in your name.');
+      const userNameIdx = bootstrap.indexOf('who am I talking to?');
+      expect(assistantNameIdx).toBeGreaterThan(-1);
+      expect(userNameIdx).toBeGreaterThan(-1);
+      expect(assistantNameIdx).toBeLessThan(userNameIdx);
+    });
+
+    test('gathers user context: work role, hobbies, daily tools', () => {
+      const lower = bootstrap.toLowerCase();
+      expect(lower).toContain('work');
+      expect(lower).toContain('hobbies');
+      expect(lower).toContain('tools');
+    });
+
+    test('shows exactly 2 suggestions via ui_show card with relay_prompt actions', () => {
+      expect(bootstrap).toContain('ui_show');
+      expect(bootstrap).toContain('exactly 2');
+      // Must use card surface with relay_prompt action buttons
+      expect(bootstrap).toContain('surface_type: "card"');
+      expect(bootstrap).toContain('relay_prompt');
+    });
+
+    test('contains completion gate with all required conditions', () => {
+      const lower = bootstrap.toLowerCase();
+      expect(lower).toContain('completion gate');
+      expect(lower).toContain('do not delete this file');
+      // Assistant name is hard-required
+      expect(lower).toContain('you have a name');
+      expect(lower).toContain('hard requirement');
+      expect(lower).toContain('vibe');
+      // User detail fields must be resolved (provided, inferred, or declined)
+      expect(lower).toContain('resolved');
+      expect(lower).toContain('work role');
+      expect(lower).toContain('2 suggestions shown');
+      expect(lower).toContain('selected one, deferred both');
+      expect(lower).toContain('home base');
+    });
+
+    test('contains privacy/refusal policy', () => {
+      const lower = bootstrap.toLowerCase();
+      // Must have a privacy section
+      expect(lower).toContain('privacy');
+      // Assistant name is hard-required, user details are best-effort
+      expect(lower).toContain('hard-required');
+      expect(lower).toContain('best-effort');
+      // Refusal is a valid resolution
+      expect(lower).toContain('declined');
+      expect(lower).toContain('do not push');
+    });
+
+    test('defines resolved as provided, inferred, or declined', () => {
+      const lower = bootstrap.toLowerCase();
+      // The template must define what "resolved" means
+      expect(lower).toContain('resolved');
+      expect(lower).toContain('inferred');
+      expect(lower).toContain('declined');
+    });
+
+    test('preserves no em dashes instruction', () => {
+      const lower = bootstrap.toLowerCase();
+      expect(lower).toContain('em dashes');
+    });
+
+    test('preserves no technical jargon instruction', () => {
+      const lower = bootstrap.toLowerCase();
+      expect(lower).toContain('technical jargon');
+      expect(lower).toContain('system internals');
+    });
+
+    test('preserves comment line format instruction', () => {
+      // The template must start with the comment format explanation
+      expect(bootstrap).toMatch(/^_ Lines starting with _/);
+    });
+
+    test('instructs saving to IDENTITY.md, USER.md, and SOUL.md via file_edit', () => {
+      expect(bootstrap).toContain('IDENTITY.md');
+      expect(bootstrap).toContain('USER.md');
+      expect(bootstrap).toContain('SOUL.md');
+      expect(bootstrap).toContain('file_edit');
     });
   });
 
@@ -71,4 +149,21 @@ describe('onboarding template contracts', () => {
       expect(identity).toContain('**Style tendency:**');
     });
   });
+
+  describe('USER.md', () => {
+    test('contains onboarding snapshot with all required fields', () => {
+      expect(user).toContain('Preferred name/reference:');
+      expect(user).toContain('Goals:');
+      expect(user).toContain('Locale:');
+      expect(user).toContain('Work role:');
+      expect(user).toContain('Hobbies/fun:');
+      expect(user).toContain('Daily tools:');
+    });
+
+    test('documents resolved-field status conventions', () => {
+      const lower = user.toLowerCase();
+      expect(lower).toContain('declined_by_user');
+      expect(lower).toContain('resolved');
+    });
+  });
 });

package/src/__tests__/secret-scanner-executor.test.ts

@@ -346,4 +346,63 @@ describe('Secret scanner executor integration', () => {
     expect(types).toContain('AWS Access Key');
     expect(types).toContain('GitHub Token');
   });
+
+  // -----------------------------------------------------------------------
+  // sensitive output directive extraction runs before secret detection
+  // -----------------------------------------------------------------------
+  test('sensitive output directives are stripped and replaced with placeholders before secret scanning', async () => {
+    mockConfig.secretDetection.action = 'redact';
+    const rawToken = 'xK9mP2vL4nR7wQ3j';
+    fakeToolResult = {
+      content: `<vellum-sensitive-output kind="invite_code" value="${rawToken}" />\nhttps://t.me/bot?start=iv_${rawToken}`,
+      isError: false,
+    };
+
+    const lifecycleEvents: ToolLifecycleEvent[] = [];
+    const ctx = makeContext({
+      onToolLifecycleEvent: (event) => {
+        lifecycleEvents.push(event);
+      },
+    });
+
+    const result = await executor.execute('bash', {}, ctx);
+
+    // The raw token should NOT appear in the result content
+    expect(result.content).not.toContain(rawToken);
+    // The directive tag should be fully stripped
+    expect(result.content).not.toContain('<vellum-sensitive-output');
+    // A placeholder should be present instead
+    expect(result.content).toMatch(/VELLUM_ASSISTANT_INVITE_CODE_[A-Z0-9]{8}/);
+    // Sensitive bindings should be attached for downstream substitution
+    expect(result.sensitiveBindings).toBeDefined();
+    expect(result.sensitiveBindings).toHaveLength(1);
+    expect(result.sensitiveBindings![0].value).toBe(rawToken);
+    expect(result.sensitiveBindings![0].kind).toBe('invite_code');
+  });
+
+  test('sensitive output bindings are NOT present in lifecycle event result', async () => {
+    mockConfig.secretDetection.action = 'warn';
+    const rawToken = 'testToken999';
+    fakeToolResult = {
+      content: `<vellum-sensitive-output kind="invite_code" value="${rawToken}" />\nhttps://t.me/bot?start=iv_${rawToken}`,
+      isError: false,
+    };
+
+    const lifecycleEvents: ToolLifecycleEvent[] = [];
+    const ctx = makeContext({
+      onToolLifecycleEvent: (event) => {
+        lifecycleEvents.push(event);
+      },
+    });
+
+    await executor.execute('bash', {}, ctx);
+
+    // Find the 'executed' lifecycle event
+    const executedEvents = lifecycleEvents.filter(
+      (e): e is Extract<ToolLifecycleEvent, { type: 'executed' }> => e.type === 'executed',
+    );
+    expect(executedEvents).toHaveLength(1);
+    // The emitted result must NOT contain sensitiveBindings
+    expect((executedEvents[0].result as unknown as Record<string, unknown>).sensitiveBindings).toBeUndefined();
+  });
 });

package/src/__tests__/secret-scanner.test.ts

@@ -675,6 +675,14 @@ describe('entropy-based detection', () => {
       expect(entropyMatches.length).toBeGreaterThanOrEqual(1);
     }
   });
+
+  test('does not redact Telegram invite deep links', () => {
+    const invite = 'https://t.me/credence_the_bot?start=iv_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789-_ABCDE';
+    const input = `Here is your invite link: ${invite}`;
+    const matches = scanText(input);
+    expect(matches).toHaveLength(0);
+    expect(redactSecrets(input)).toBe(input);
+  });
 });
 
 // ---------------------------------------------------------------------------