@vellumai/assistant 0.4.35 → 0.4.37

package/src/__tests__/conversation-pairing.test.ts

@@ -3,8 +3,8 @@
  *
  * Validates that pairDeliveryWithConversation materializes conversations
  * and messages according to the channel's conversation strategy, handles
- * thread reuse decisions, and that errors in pairing never break the
- * notification pipeline.
+ * thread reuse decisions, binding-key reuse for continue_existing channels,
+ * and that errors in pairing never break the notification pipeline.
  */
 
 import { beforeEach, describe, expect, mock, test } from "bun:test";
@@ -70,9 +70,36 @@ mock.module("../memory/conversation-store.js", () => ({
   getConversation: getConversationMock,
 }));
 
+/** Simulated bindings for external-conversation-store mock. */
+let mockBindings: Record<
+  string,
+  { conversationId: string; sourceChannel: string; externalChatId: string }
+> = {};
+
+const getBindingByChannelChatMock = mock(
+  (sourceChannel: string, externalChatId: string) => {
+    const key = `${sourceChannel}:${externalChatId}`;
+    return mockBindings[key] ?? null;
+  },
+);
+
+const upsertOutboundBindingMock = mock(
+  (_input: {
+    conversationId: string;
+    sourceChannel: string;
+    externalChatId: string;
+  }) => {},
+);
+
+mock.module("../memory/external-conversation-store.js", () => ({
+  getBindingByChannelChat: getBindingByChannelChatMock,
+  upsertOutboundBinding: upsertOutboundBindingMock,
+}));
+
 import { pairDeliveryWithConversation } from "../notifications/conversation-pairing.js";
 import type { NotificationSignal } from "../notifications/signal.js";
 import type {
+  DestinationBindingContext,
   NotificationChannel,
   RenderedChannelCopy,
   ThreadAction,
@@ -115,11 +142,14 @@ describe("pairDeliveryWithConversation", () => {
     createConversationMock.mockClear();
     addMessageMock.mockClear();
     getConversationMock.mockClear();
+    getBindingByChannelChatMock.mockClear();
+    upsertOutboundBindingMock.mockClear();
     mockConversationId = "conv-001";
     mockMessageId = "msg-001";
     createConversationShouldThrow = false;
     addMessageShouldThrow = false;
     mockExistingConversations = {};
+    mockBindings = {};
   });
 
   // ── start_new_conversation (vellum) ─────────────────────────────────
@@ -263,7 +293,7 @@ describe("pairDeliveryWithConversation", () => {
 
   // ── continue_existing_conversation (telegram) ─────────────────────
 
-  test("creates a conversation for continue_existing_conversation strategy", async () => {
+  test("creates a conversation for continue_existing_conversation without binding context", async () => {
     const signal = makeSignal();
     const copy = makeCopy();
 
@@ -273,8 +303,6 @@ describe("pairDeliveryWithConversation", () => {
       copy,
     );
 
-    // Currently creates a new conversation even for continue_existing_conversation
-    // (true continuation is planned for a future PR)
     expect(result.conversationId).toBe("conv-001");
     expect(result.messageId).toBe("msg-001");
     expect(result.strategy).toBe("continue_existing_conversation");
@@ -287,6 +315,343 @@ describe("pairDeliveryWithConversation", () => {
     expect(callArgs.threadType).toBe("background");
   });
 
+  // ── Binding-key reuse (continue_existing + bindingContext) ────────
+
+  test("reuses bound conversation when binding context matches an existing notification conversation", async () => {
+    mockExistingConversations["conv-bound"] = {
+      id: "conv-bound",
+      source: "notification",
+      title: "Telegram Thread",
+    };
+    mockBindings["notification:telegram:chat-123"] = {
+      conversationId: "conv-bound",
+      sourceChannel: "notification:telegram",
+      externalChatId: "chat-123",
+    };
+
+    const signal = makeSignal();
+    const copy = makeCopy({
+      threadSeedMessage: "Second notification to same chat",
+    });
+    const bindingContext: DestinationBindingContext = {
+      sourceChannel: "telegram" as NotificationChannel,
+      externalChatId: "chat-123",
+    };
+
+    const result = await pairDeliveryWithConversation(
+      signal,
+      "telegram" as NotificationChannel,
+      copy,
+      { bindingContext },
+    );
+
+    expect(result.conversationId).toBe("conv-bound");
+    expect(result.messageId).toBe("msg-001");
+    expect(result.createdNewConversation).toBe(false);
+    expect(result.threadDecisionFallbackUsed).toBe(false);
+    expect(result.strategy).toBe("continue_existing_conversation");
+    // Should append to existing, not create new
+    expect(createConversationMock).not.toHaveBeenCalled();
+    expect(addMessageMock).toHaveBeenCalledTimes(1);
+    expect(addMessageMock.mock.calls[0]![0]).toBe("conv-bound");
+    // Should touch the outbound binding
+    expect(upsertOutboundBindingMock).toHaveBeenCalledTimes(1);
+  });
+
+  test("reuses pre-namespace binding when namespaced binding is absent", async () => {
+    // Simulate a binding created before the notification: prefix was introduced
+    mockExistingConversations["conv-legacy"] = {
+      id: "conv-legacy",
+      source: "notification",
+      title: "Legacy Telegram Thread",
+    };
+    mockBindings["telegram:chat-legacy"] = {
+      conversationId: "conv-legacy",
+      sourceChannel: "telegram",
+      externalChatId: "chat-legacy",
+    };
+
+    const signal = makeSignal();
+    const copy = makeCopy({
+      threadSeedMessage: "Delivery to legacy binding",
+    });
+    const bindingContext: DestinationBindingContext = {
+      sourceChannel: "telegram" as NotificationChannel,
+      externalChatId: "chat-legacy",
+    };
+
+    const result = await pairDeliveryWithConversation(
+      signal,
+      "telegram" as NotificationChannel,
+      copy,
+      { bindingContext },
+    );
+
+    expect(result.conversationId).toBe("conv-legacy");
+    expect(result.createdNewConversation).toBe(false);
+    expect(createConversationMock).not.toHaveBeenCalled();
+    // The upsert should write with the new namespaced sourceChannel
+    expect(upsertOutboundBindingMock).toHaveBeenCalledTimes(1);
+    const upsertArgs = upsertOutboundBindingMock.mock.calls[0]![0] as Record<
+      string,
+      unknown
+    >;
+    expect(upsertArgs.sourceChannel).toBe("notification:telegram");
+  });
+
+  test("falls back to new conversation when bound conversation is stale (wrong source)", async () => {
+    mockExistingConversations["conv-user-owned"] = {
+      id: "conv-user-owned",
+      source: "user",
+      title: "User Thread",
+    };
+    mockBindings["notification:sms:+15551234567"] = {
+      conversationId: "conv-user-owned",
+      sourceChannel: "notification:sms",
+      externalChatId: "+15551234567",
+    };
+
+    const signal = makeSignal();
+    const copy = makeCopy();
+    const bindingContext: DestinationBindingContext = {
+      sourceChannel: "sms" as NotificationChannel,
+      externalChatId: "+15551234567",
+    };
+
+    const result = await pairDeliveryWithConversation(
+      signal,
+      "sms" as NotificationChannel,
+      copy,
+      { bindingContext },
+    );
+
+    expect(result.conversationId).toBe("conv-001");
+    expect(result.createdNewConversation).toBe(true);
+    expect(result.threadDecisionFallbackUsed).toBe(false);
+    expect(createConversationMock).toHaveBeenCalledTimes(1);
+    // Should upsert the binding for the new conversation
+    expect(upsertOutboundBindingMock).toHaveBeenCalledTimes(1);
+    const upsertArgs = upsertOutboundBindingMock.mock.calls[0]![0] as Record<
+      string,
+      unknown
+    >;
+    expect(upsertArgs.conversationId).toBe("conv-001");
+    expect(upsertArgs.sourceChannel).toBe("notification:sms");
+  });
+
+  test("falls back to new conversation when bound conversation no longer exists", async () => {
+    // Binding exists but conversation was deleted
+    mockBindings["notification:telegram:chat-456"] = {
+      conversationId: "conv-deleted",
+      sourceChannel: "notification:telegram",
+      externalChatId: "chat-456",
+    };
+
+    const signal = makeSignal();
+    const copy = makeCopy();
+    const bindingContext: DestinationBindingContext = {
+      sourceChannel: "telegram" as NotificationChannel,
+      externalChatId: "chat-456",
+    };
+
+    const result = await pairDeliveryWithConversation(
+      signal,
+      "telegram" as NotificationChannel,
+      copy,
+      { bindingContext },
+    );
+
+    expect(result.conversationId).toBe("conv-001");
+    expect(result.createdNewConversation).toBe(true);
+    expect(createConversationMock).toHaveBeenCalledTimes(1);
+    // Should upsert the new conversation binding
+    expect(upsertOutboundBindingMock).toHaveBeenCalledTimes(1);
+  });
+
+  test("creates new conversation and upserts binding when no prior binding exists", async () => {
+    const signal = makeSignal();
+    const copy = makeCopy();
+    const bindingContext: DestinationBindingContext = {
+      sourceChannel: "slack" as NotificationChannel,
+      externalChatId: "C0123ABCDEF",
+    };
+
+    const result = await pairDeliveryWithConversation(
+      signal,
+      "slack" as NotificationChannel,
+      copy,
+      { bindingContext },
+    );
+
+    expect(result.conversationId).toBe("conv-001");
+    expect(result.createdNewConversation).toBe(true);
+    expect(createConversationMock).toHaveBeenCalledTimes(1);
+    // Should upsert so future deliveries reuse this conversation
+    expect(upsertOutboundBindingMock).toHaveBeenCalledTimes(1);
+    const upsertArgs = upsertOutboundBindingMock.mock.calls[0]![0] as Record<
+      string,
+      unknown
+    >;
+    expect(upsertArgs.conversationId).toBe("conv-001");
+    expect(upsertArgs.sourceChannel).toBe("notification:slack");
+    expect(upsertArgs.externalChatId).toBe("C0123ABCDEF");
+  });
+
+  test("reuse_existing rebinds destination when binding context is present", async () => {
+    mockExistingConversations["conv-explicit"] = {
+      id: "conv-explicit",
+      source: "notification",
+      title: "Explicit Thread",
+    };
+
+    const signal = makeSignal();
+    const copy = makeCopy({
+      threadSeedMessage: "Follow-up to explicit reuse target",
+    });
+    const threadAction: ThreadAction = {
+      action: "reuse_existing",
+      conversationId: "conv-explicit",
+    };
+    const bindingContext: DestinationBindingContext = {
+      sourceChannel: "telegram" as NotificationChannel,
+      externalChatId: "chat-rebind",
+    };
+
+    const result = await pairDeliveryWithConversation(
+      signal,
+      "telegram" as NotificationChannel,
+      copy,
+      { threadAction, bindingContext },
+    );
+
+    expect(result.conversationId).toBe("conv-explicit");
+    expect(result.createdNewConversation).toBe(false);
+    // Should rebind the destination to the reused conversation
+    expect(upsertOutboundBindingMock).toHaveBeenCalledTimes(1);
+    const upsertArgs = upsertOutboundBindingMock.mock.calls[0]![0] as Record<
+      string,
+      unknown
+    >;
+    expect(upsertArgs.conversationId).toBe("conv-explicit");
+    expect(upsertArgs.sourceChannel).toBe("notification:telegram");
+    expect(upsertArgs.externalChatId).toBe("chat-rebind");
+  });
+
+  test("reuse_existing fallback rebinds destination when binding context is present", async () => {
+    // Target does not exist — falls back to new conversation
+    const signal = makeSignal();
+    const copy = makeCopy();
+    const threadAction: ThreadAction = {
+      action: "reuse_existing",
+      conversationId: "conv-gone",
+    };
+    const bindingContext: DestinationBindingContext = {
+      sourceChannel: "sms" as NotificationChannel,
+      externalChatId: "+15559876543",
+    };
+
+    const result = await pairDeliveryWithConversation(
+      signal,
+      "sms" as NotificationChannel,
+      copy,
+      { threadAction, bindingContext },
+    );
+
+    expect(result.conversationId).toBe("conv-001");
+    expect(result.createdNewConversation).toBe(true);
+    expect(result.threadDecisionFallbackUsed).toBe(true);
+    // Should bind the new conversation to the destination
+    expect(upsertOutboundBindingMock).toHaveBeenCalledTimes(1);
+    const upsertArgs = upsertOutboundBindingMock.mock.calls[0]![0] as Record<
+      string,
+      unknown
+    >;
+    expect(upsertArgs.conversationId).toBe("conv-001");
+    expect(upsertArgs.sourceChannel).toBe("notification:sms");
+    expect(upsertArgs.externalChatId).toBe("+15559876543");
+  });
+
+  test("explicit reuse_existing takes precedence over binding-key reuse", async () => {
+    // Both a binding and a reuse_existing target exist — reuse_existing wins
+    mockExistingConversations["conv-explicit"] = {
+      id: "conv-explicit",
+      source: "notification",
+      title: "Explicit Thread",
+    };
+    mockExistingConversations["conv-bound"] = {
+      id: "conv-bound",
+      source: "notification",
+      title: "Bound Thread",
+    };
+    mockBindings["notification:telegram:chat-789"] = {
+      conversationId: "conv-bound",
+      sourceChannel: "notification:telegram",
+      externalChatId: "chat-789",
+    };
+
+    const signal = makeSignal();
+    const copy = makeCopy({
+      threadSeedMessage: "Message for explicit reuse target",
+    });
+    const threadAction: ThreadAction = {
+      action: "reuse_existing",
+      conversationId: "conv-explicit",
+    };
+    const bindingContext: DestinationBindingContext = {
+      sourceChannel: "telegram" as NotificationChannel,
+      externalChatId: "chat-789",
+    };
+
+    const result = await pairDeliveryWithConversation(
+      signal,
+      "telegram" as NotificationChannel,
+      copy,
+      { threadAction, bindingContext },
+    );
+
+    // Should use the explicit target, not the binding
+    expect(result.conversationId).toBe("conv-explicit");
+    expect(result.createdNewConversation).toBe(false);
+    expect(createConversationMock).not.toHaveBeenCalled();
+    // Binding lookup should not even be attempted since reuse_existing matched first
+    expect(getBindingByChannelChatMock).not.toHaveBeenCalled();
+  });
+
+  test("binding context does not trigger reuse for start_new_conversation channels", async () => {
+    // vellum uses start_new_conversation — binding context should be ignored for reuse
+    mockExistingConversations["conv-bound-vellum"] = {
+      id: "conv-bound-vellum",
+      source: "notification",
+      title: "Vellum Thread",
+    };
+    mockBindings["notification:vellum:device-1"] = {
+      conversationId: "conv-bound-vellum",
+      sourceChannel: "notification:vellum",
+      externalChatId: "device-1",
+    };
+
+    const signal = makeSignal();
+    const copy = makeCopy();
+    const bindingContext: DestinationBindingContext = {
+      sourceChannel: "vellum" as NotificationChannel,
+      externalChatId: "device-1",
+    };
+
+    const result = await pairDeliveryWithConversation(
+      signal,
+      "vellum" as NotificationChannel,
+      copy,
+      { bindingContext },
+    );
+
+    // Should still create a new conversation — vellum is start_new_conversation
+    expect(result.conversationId).toBe("conv-001");
+    expect(result.createdNewConversation).toBe(true);
+    expect(createConversationMock).toHaveBeenCalledTimes(1);
+    // Binding lookup should not be called for non-continue_existing channels
+    expect(getBindingByChannelChatMock).not.toHaveBeenCalled();
+  });
+
   // ── not_deliverable (voice) ───────────────────────────────────────
 
   test("returns null conversationId and messageId for not_deliverable strategy", async () => {

package/src/__tests__/credential-broker-browser-fill.test.ts

@@ -25,18 +25,9 @@ mock.module("../util/logger.js", () => ({
 }));
 
 // ---------------------------------------------------------------------------
-// Use encrypted backend (no keychain) with a temp store path
+// Use encrypted backend with a temp store path
 // ---------------------------------------------------------------------------
 
-import { _overrideDeps, _resetDeps } from "../security/keychain.js";
-
-_overrideDeps({
-  isMacOS: () => false,
-  isLinux: () => false,
-  execFileSync: (() =>
-    "") as unknown as typeof import("node:child_process").execFileSync,
-});
-
 import { _setStorePath } from "../security/encrypted-store.js";
 import { _resetBackend } from "../security/secure-keys.js";
 

package/src/__tests__/credential-broker-server-use.test.ts

@@ -24,18 +24,9 @@ mock.module("../util/logger.js", () => ({
 }));
 
 // ---------------------------------------------------------------------------
-// Use encrypted backend (no keychain) with a temp store path
+// Use encrypted backend with a temp store path
 // ---------------------------------------------------------------------------
 
-import { _overrideDeps } from "../security/keychain.js";
-
-_overrideDeps({
-  isMacOS: () => false,
-  isLinux: () => false,
-  execFileSync: (() =>
-    "") as unknown as typeof import("node:child_process").execFileSync,
-});
-
 import { _setStorePath } from "../security/encrypted-store.js";
 import { _resetBackend } from "../security/secure-keys.js";
 

package/src/__tests__/credential-security-e2e.test.ts

@@ -36,7 +36,13 @@ mock.module("../security/secure-keys.js", () => ({
     storedKeys.set(key, value);
     return true;
   },
-  deleteSecureKey: (key: string) => storedKeys.delete(key),
+  deleteSecureKey: (key: string) => {
+    if (storedKeys.has(key)) {
+      storedKeys.delete(key);
+      return "deleted";
+    }
+    return "not-found";
+  },
   listSecureKeys: () => [...storedKeys.keys()],
   getBackendType: () => "encrypted",
   isDowngradedFromKeychain: () => false,

package/src/__tests__/credential-security-invariants.test.ts

@@ -34,21 +34,10 @@ mock.module("../util/logger.js", () => ({
 }));
 
 // ---------------------------------------------------------------------------
-// Use encrypted backend (no keychain) with a temp store path
+// Use encrypted backend with a temp store path
 // ---------------------------------------------------------------------------
 
-import { _overrideDeps, _resetDeps } from "../security/keychain.js";
-
-_overrideDeps({
-  isMacOS: () => false,
-  isLinux: () => false,
-  execFileSync: (() =>
-    "") as unknown as typeof import("node:child_process").execFileSync,
-});
-
-// Restore process-level keychain deps so later test files are not affected
 afterAll(() => {
-  _resetDeps();
   mock.restore();
 });
 
@@ -206,8 +195,8 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
     expect(browserSrc).not.toContain("getCredentialValue");
   });
 
-  test("getSecureKey is only imported by authorized modules", () => {
-    // Hard boundary: only these production files may import getSecureKey.
+  test("secure-keys is only imported by authorized modules", () => {
+    // Hard boundary: only these production files may import from secure-keys.
     // Any new import must be reviewed for secret-leak risk and added here.
     const ALLOWED_IMPORTERS = new Set([
       "security/secure-keys.ts", // self (re-export infrastructure)
@@ -230,11 +219,12 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "calls/twilio-provider.ts", // call infrastructure credential lookup
       "calls/twilio-rest.ts", // Twilio REST API credential lookup
       "runtime/channel-invite-transports/sms.ts", // SMS invite transport phone number lookup
-      "cli/config-commands.ts", // CLI credential management commands
+      "runtime/channel-invite-transports/telegram.ts", // Telegram invite transport bot token lookup
+      "cli/keys.ts", // CLI credential management commands
+      "cli/credentials.ts", // CLI credential management commands
       "runtime/http-server.ts", // HTTP server credential lookup
       "daemon/handlers/twitter-auth.ts", // Twitter OAuth token storage
       "twitter/oauth-client.ts", // Twitter OAuth API client (reads access token for API calls)
-      "cli/config-commands.ts", // CLI config management
       "messaging/providers/telegram-bot/adapter.ts", // Telegram bot token lookup for connectivity check
       "messaging/providers/sms/adapter.ts", // Twilio credential lookup for SMS connectivity check
       "runtime/channel-readiness-service.ts", // channel readiness probes for SMS/Telegram connectivity
@@ -243,6 +233,11 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "daemon/handlers/oauth-connect.ts", // OAuth connect handler for integration setup
       "daemon/handlers/config-slack-channel.ts", // Slack channel config credential management
       "providers/managed-proxy/context.ts", // managed proxy API key lookup for provider initialization
+      "mcp/mcp-oauth-provider.ts", // MCP OAuth token/client/discovery persistence
+      "mcp/client.ts", // MCP client cached-token lookup
+      "oauth/token-persistence.ts", // OAuth token persistence (set/delete tokens)
+      "runtime/routes/secret-routes.ts", // HTTP secret management routes (set/delete secrets)
+      "daemon/session-messaging.ts", // credential storage during session messaging
     ]);
 
     const thisDir = dirname(fileURLToPath(import.meta.url));
@@ -270,11 +265,10 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
 
     for (const filePath of allFiles) {
       const content = readFileSync(filePath, "utf-8");
-      // Check for imports of getSecureKey via static import, dynamic import(), or require()
+      // Check for any import from the secure-keys module (static import, dynamic import(), or require())
       if (
-        content.match(/\bgetSecureKey\b/) &&
-        (content.match(/from\s+['"].*secure-keys/) ||
-          content.match(/(?:import|require)\s*\(\s*['"].*secure-keys/))
+        content.match(/from\s+['"].*secure-keys/) ||
+        content.match(/(?:import|require)\s*\(\s*['"].*secure-keys/)
       ) {
         const relative = filePath.slice(srcDir.length + 1);
         if (!ALLOWED_IMPORTERS.has(relative)) {

package/src/__tests__/credential-vault-unit.test.ts

@@ -24,18 +24,9 @@ mock.module("../util/logger.js", () => ({
 }));
 
 // ---------------------------------------------------------------------------
-// Use encrypted backend (no keychain) with a temp store path
+// Use encrypted backend with a temp store path
 // ---------------------------------------------------------------------------
 
-import { _overrideDeps, _resetDeps } from "../security/keychain.js";
-
-_overrideDeps({
-  isMacOS: () => false,
-  isLinux: () => false,
-  execFileSync: (() =>
-    "") as unknown as typeof import("node:child_process").execFileSync,
-});
-
 import { _setStorePath } from "../security/encrypted-store.js";
 import { _resetBackend } from "../security/secure-keys.js";
 
@@ -74,7 +65,6 @@ const _ctx: ToolContext = {
 };
 
 afterAll(() => {
-  _resetDeps();
   mock.restore();
   if (existsSync(TEST_DIR)) {
     rmSync(TEST_DIR, { recursive: true });

package/src/__tests__/credential-vault.test.ts

@@ -25,21 +25,11 @@ mock.module("../util/logger.js", () => ({
 }));
 
 // ---------------------------------------------------------------------------
-// Use encrypted backend (no keychain) with a temp store path
+// Use encrypted backend with a temp store path
 // ---------------------------------------------------------------------------
 
-import { _overrideDeps, _resetDeps } from "../security/keychain.js";
-
-// Make keychain unavailable so secure-keys always uses encrypted backend
-_overrideDeps({
-  isMacOS: () => false,
-  isLinux: () => false,
-  execFileSync: (() =>
-    "") as unknown as typeof import("node:child_process").execFileSync,
-});
-
 import { _setStorePath } from "../security/encrypted-store.js";
-import { _resetBackend, _setBackend } from "../security/secure-keys.js";
+import { _resetBackend } from "../security/secure-keys.js";
 
 const TEST_DIR = join(
   tmpdir(),
@@ -162,8 +152,8 @@ async function executeVault(
       }
 
       const key = `credential:${service}:${field}`;
-      const ok = deleteSecureKey(key);
-      if (!ok) {
+      const result = deleteSecureKey(key);
+      if (result !== "deleted") {
         return {
           content: `Error: credential ${service}/${field} not found`,
           isError: true,
@@ -206,7 +196,6 @@ describe("credential_store tool", () => {
   });
 
   afterAll(() => {
-    _resetDeps();
     rmSync(TEST_DIR, { recursive: true, force: true });
   });
 
@@ -500,7 +489,7 @@ describe("credential_store tool", () => {
       expect(gmail.injection_templates).toBeUndefined();
     });
 
-    test("works with keychain backend (reads from metadata store)", async () => {
+    test("works with metadata store fallback when listing secrets", async () => {
       // Store a credential first (on encrypted backend)
       await credentialStoreTool.execute(
         {
@@ -512,9 +501,6 @@ describe("credential_store tool", () => {
         _ctx,
       );
 
-      // Switch to keychain backend — list should still work via metadata
-      _setBackend("keychain");
-
       const result = await credentialStoreTool.execute(
         { action: "list" },
         _ctx,