@vellumai/assistant 0.4.46 → 0.4.49

package/src/runtime/routes/diagnostics-routes.ts

@@ -186,6 +186,7 @@ async function handleDiagnosticsExport(body: {
     // been persisted — the user message and in-flight tool/usage data are
     // still captured.
     let anchorMessage;
+    let anchorIsFallback = false;
     if (anchorMessageId) {
       anchorMessage = db
         .select()
@@ -220,6 +221,7 @@ async function handleDiagnosticsExport(body: {
         .orderBy(desc(messages.createdAt))
         .limit(1)
         .get();
+      anchorIsFallback = true;
     }
 
     // 2. Compute the export time range.
@@ -250,15 +252,15 @@ async function handleDiagnosticsExport(body: {
       rangeStart =
         precedingUserMessage?.createdAt ?? anchorMessage.createdAt - 2000;
 
-      // When the anchor is not an assistant message (e.g. the fallback "any
-      // message" path hit because the assistant reply hasn't been persisted
-      // yet), extend the range to the current time so in-flight tool
-      // invocations and usage recorded after the user message are captured.
-      const anchorIsAssistant = anchorMessage.role === "assistant";
-      rangeEnd = anchorIsAssistant ? anchorMessage.createdAt : now;
-      usageRangeEnd = anchorIsAssistant
-        ? anchorMessage.createdAt + 5000
-        : now + 5000;
+      // When the anchor was selected via the fallback "any message" path
+      // (because the assistant reply hasn't been persisted yet), extend the
+      // range to the current time so in-flight tool invocations and usage
+      // recorded after the user message are captured. An explicit anchor to a
+      // non-assistant message uses the message's own timestamp.
+      rangeEnd = anchorIsFallback ? now : anchorMessage.createdAt;
+      usageRangeEnd = anchorIsFallback
+        ? now + 5000
+        : anchorMessage.createdAt + 5000;
     } else {
       // No messages at all — use the current time so we capture any
       // in-flight LLM usage or tool invocations.

package/src/runtime/routes/events-routes.ts

@@ -7,12 +7,17 @@
  * is called. The AuthContext is threaded through from the HTTP server
  * layer, so no additional actor-token verification is needed here.
  *
- * Subscribers receive all assistant events scoped to the given conversation.
+ * When `conversationKey` is provided, subscribers receive events scoped to
+ * that conversation. When omitted, subscribers receive events from ALL
+ * conversations for this assistant (unfiltered).
  */
 
 import { getOrCreateConversation } from "../../memory/conversation-key-store.js";
 import { formatSseFrame, formatSseHeartbeat } from "../assistant-event.js";
-import type { AssistantEventSubscription } from "../assistant-event-hub.js";
+import type {
+  AssistantEventFilter,
+  AssistantEventSubscription,
+} from "../assistant-event-hub.js";
 import {
   AssistantEventHub,
   assistantEventHub,
@@ -26,10 +31,12 @@ import type { RouteDefinition } from "../http-router.js";
 const DEFAULT_HEARTBEAT_INTERVAL_MS = 30_000;
 
 /**
- * Stream assistant events as Server-Sent Events for a specific conversation.
+ * Stream assistant events as Server-Sent Events.
  *
  * Query params:
- *   conversationKey -- required; scopes the stream to one conversation.
+ *   conversationKey -- optional; when provided, scopes the stream to one
+ *                      conversation. When omitted, the stream delivers events
+ *                      from ALL conversations for this assistant.
  *
  * Options (for testing):
  *   hub               -- override the event hub (defaults to process singleton).
@@ -56,15 +63,21 @@ export function handleSubscribeAssistantEvents(
   // scope and principal type requirements.
 
   const conversationKey = url.searchParams.get("conversationKey");
-  if (!conversationKey) {
-    return httpError("BAD_REQUEST", "conversationKey is required", 400);
+  if (url.searchParams.has("conversationKey") && !conversationKey?.trim()) {
+    return httpError("BAD_REQUEST", "conversationKey must not be empty", 400);
   }
 
   const hub = options?.hub ?? assistantEventHub;
   const heartbeatIntervalMs =
     options?.heartbeatIntervalMs ?? DEFAULT_HEARTBEAT_INTERVAL_MS;
 
-  const mapping = getOrCreateConversation(conversationKey);
+  const filter: AssistantEventFilter = {
+    assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
+  };
+  if (conversationKey) {
+    const mapping = getOrCreateConversation(conversationKey);
+    filter.sessionId = mapping.conversationId;
+  }
   const encoder = new TextEncoder();
 
   // -- Eager subscribe --------------------------------------------------------
@@ -90,10 +103,7 @@ export function handleSubscribeAssistantEvents(
 
   try {
     sub = hub.subscribe(
-      {
-        assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
-        sessionId: mapping.conversationId,
-      },
+      filter,
       (event) => {
         const controller = controllerRef;
         if (!controller) return;

package/src/runtime/routes/guardian-approval-interception.ts

@@ -10,6 +10,7 @@ import { applyGuardianDecision } from "../../approvals/guardian-decision-primiti
 import type { ChannelId } from "../../channels/types.js";
 import type { TrustContext } from "../../daemon/session-runtime-assembly.js";
 import {
+  getAllPendingApprovalsByGuardianChat,
   getPendingApprovalForRequest,
   getUnresolvedApprovalForRequest,
   updateApprovalDecision,
@@ -123,7 +124,7 @@ export async function handleApprovalInterception(
   // Only guardians can approve via reaction — non-guardian reactions are
   // silently ignored to prevent self-approval.
   if (callbackData?.startsWith("reaction:")) {
-    if (trustCtx.trustClass !== "guardian") {
+    if (trustCtx.trustClass !== "guardian" || !actorExternalId) {
       return { handled: true, type: "stale_ignored" };
     }
     const reactionDecision = parseReactionCallbackData(callbackData);
@@ -131,13 +132,27 @@ export async function handleApprovalInterception(
       // Unknown emoji — ignore silently
       return { handled: true, type: "stale_ignored" };
     }
-    const pending = getApprovalInfoByConversation(conversationId);
-    if (pending.length === 0) {
+
+    const allPending = getAllPendingApprovalsByGuardianChat(
+      sourceChannel,
+      conversationExternalId,
+    );
+    const guardianPending = allPending.filter(
+      (approval) => approval.guardianExternalUserId === actorExternalId,
+    );
+    if (guardianPending.length !== 1) {
       return { handled: true, type: "stale_ignored" };
     }
-    const result = handleChannelDecision(conversationId, reactionDecision);
+
+    const result = applyGuardianDecision({
+      approval: guardianPending[0],
+      decision: reactionDecision,
+      actorPrincipalId: undefined,
+      actorExternalUserId: actorExternalId,
+      actorChannel: sourceChannel,
+    });
     if (result.applied) {
-      return { handled: true, type: "decision_applied" };
+      return { handled: true, type: "guardian_decision_applied" };
     }
     return { handled: true, type: "stale_ignored" };
   }

package/src/runtime/routes/host-cu-routes.ts

@@ -0,0 +1,97 @@
+/**
+ * Route handler for host CU (computer-use) result submissions.
+ *
+ * Resolves pending host CU proxy requests by requestId when the desktop
+ * client returns observation results via HTTP.
+ */
+import { requireBoundGuardian } from "../auth/require-bound-guardian.js";
+import type { AuthContext } from "../auth/types.js";
+import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
+import * as pendingInteractions from "../pending-interactions.js";
+
+/**
+ * POST /v1/host-cu-result — resolve a pending host CU request by requestId.
+ * Requires AuthContext with guardian-bound actor.
+ */
+export async function handleHostCuResult(
+  req: Request,
+  authContext: AuthContext,
+): Promise<Response> {
+  const authError = requireBoundGuardian(authContext);
+  if (authError) return authError;
+
+  const body = (await req.json()) as {
+    requestId?: string;
+    axTree?: string;
+    axDiff?: string;
+    screenshot?: string;
+    screenshotWidthPx?: number;
+    screenshotHeightPx?: number;
+    screenWidthPt?: number;
+    screenHeightPt?: number;
+    executionResult?: string;
+    executionError?: string;
+    secondaryWindows?: string;
+    userGuidance?: string;
+  };
+
+  const { requestId } = body;
+
+  if (!requestId || typeof requestId !== "string") {
+    return httpError("BAD_REQUEST", "requestId is required", 400);
+  }
+
+  // Peek first (non-destructive) so we can validate the interaction kind
+  // without accidentally consuming a confirmation or secret interaction.
+  const peeked = pendingInteractions.get(requestId);
+  if (!peeked) {
+    return httpError(
+      "NOT_FOUND",
+      "No pending interaction found for this requestId",
+      404,
+    );
+  }
+
+  if (peeked.kind !== "host_cu") {
+    return httpError(
+      "CONFLICT",
+      `Pending interaction is of kind "${peeked.kind}", expected "host_cu"`,
+      409,
+    );
+  }
+
+  // Validation passed — consume the pending interaction.
+  const interaction = pendingInteractions.resolve(requestId)!;
+
+  interaction.session.resolveHostCu(requestId, {
+    axTree: body.axTree,
+    axDiff: body.axDiff,
+    screenshot: body.screenshot,
+    screenshotWidthPx: body.screenshotWidthPx,
+    screenshotHeightPx: body.screenshotHeightPx,
+    screenWidthPt: body.screenWidthPt,
+    screenHeightPt: body.screenHeightPt,
+    executionResult: body.executionResult,
+    executionError: body.executionError,
+    secondaryWindows: body.secondaryWindows,
+    userGuidance: body.userGuidance,
+  });
+
+  return Response.json({ accepted: true });
+}
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function hostCuRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "host-cu-result",
+      method: "POST",
+      handler: async ({ req, authContext }) =>
+        handleHostCuResult(req, authContext),
+    },
+  ];
+}

package/src/runtime/routes/inbound-stages/background-dispatch.ts

@@ -31,12 +31,8 @@ import type {
   ApprovalCopyGenerator,
   MessageProcessor,
 } from "../../http-types.js";
-import { TelegramStreamingDelivery } from "../../telegram-streaming-delivery.js";
 import { resolveRoutingState } from "../../trust-context-resolver.js";
-import {
-  deliverAttachmentsOnly,
-  deliverReplyViaCallback,
-} from "../channel-delivery-routes.js";
+import { deliverReplyViaCallback } from "../channel-delivery-routes.js";
 import { deliverGeneratedApprovalPrompt } from "../guardian-approval-prompt.js";
 
 const log = getLogger("runtime-http");
@@ -112,12 +108,6 @@ export function processChannelMessageInBackground(
   } = params;
 
   (async () => {
-    const boundGuardianActor = isBoundGuardianActor({
-      trustClass: trustCtx.trustClass,
-      guardianExternalUserId: trustCtx.guardianExternalUserId,
-      requesterExternalUserId: trustCtx.requesterExternalUserId,
-    });
-
     const typingCallbackUrl = shouldEmitTelegramTyping(
       sourceChannel,
       replyCallbackUrl,
@@ -181,16 +171,6 @@ export function processChannelMessageInBackground(
       }
     }
 
-    const telegramStreaming =
-      sourceChannel === "telegram" && replyCallbackUrl
-        ? new TelegramStreamingDelivery({
-            callbackUrl: replyCallbackUrl,
-            chatId: externalChatId,
-            mintBearerToken,
-            assistantId,
-          })
-        : undefined;
-
     try {
       const cmdIntent =
         commandIntent && typeof commandIntent.type === "string"
@@ -218,9 +198,6 @@ export function processChannelMessageInBackground(
           trustContext: trustCtx,
           isInteractive: resolveRoutingState(trustCtx).promptWaitingAllowed,
           ...(cmdIntent ? { commandIntent: cmdIntent } : {}),
-          ...(telegramStreaming
-            ? { onEvent: (msg) => telegramStreaming.onEvent(msg) }
-            : {}),
         },
         sourceChannel,
         sourceInterface,
@@ -228,94 +205,18 @@ export function processChannelMessageInBackground(
       deliveryCrud.linkMessage(eventId, userMessageId);
       deliveryStatus.markProcessed(eventId);
 
-      if (telegramStreaming) {
-        // Retrieve approval metadata from pending interactions (if any)
-        // so approval buttons can be attached to the final streamed message.
-        // Approval prompts are guardian-only and must never be attached for
-        // non-guardian or unverified actors.
-        const prompt = boundGuardianActor
-          ? getChannelApprovalPrompt(conversationId)
-          : undefined;
-        const pending = boundGuardianActor
-          ? getApprovalInfoByConversation(conversationId)
-          : [];
-        const approvalMeta =
-          prompt && pending.length > 0
-            ? buildApprovalUIMetadata(prompt, pending[0])
-            : undefined;
-        try {
-          await telegramStreaming.finish(approvalMeta);
-          deliveryChannels.updateDeliveredSegmentCount(eventId, 1);
-        } catch (err) {
-          log.error(
-            { err, conversationId },
-            "Telegram streaming finalization failed",
-          );
-          // Fallback: deliver approval as a standalone message so buttons
-          // are not permanently lost when finish() fails.
-          if (approvalMeta && replyCallbackUrl) {
-            try {
-              await deliverChannelReply(
-                replyCallbackUrl,
-                {
-                  chatId: externalChatId,
-                  text: approvalMeta.plainTextFallback ?? "Action needed:",
-                  approval: approvalMeta,
-                  assistantId,
-                },
-                mintBearerToken(),
-              );
-            } catch (fallbackErr) {
-              log.error(
-                { err: fallbackErr, conversationId },
-                "Fallback approval delivery also failed",
-              );
-            }
-          }
-        }
-      }
-
       if (replyCallbackUrl) {
-        // Streaming fully succeeded — only send attachments since text
-        // was already delivered via streaming edits.
-        const streamingFullyDelivered =
-          telegramStreaming?.hasDeliveredText &&
-          telegramStreaming.finishSucceeded;
-
-        if (streamingFullyDelivered) {
-          await deliverAttachmentsOnly(
-            conversationId,
-            externalChatId,
-            replyCallbackUrl,
-            mintBearerToken(),
-            assistantId,
-          );
-        } else {
-          // Non-streaming path, or streaming partially failed (some text
-          // was delivered but finish/finalization threw). In the partial
-          // failure case the user has a truncated message, so we deliver
-          // the full response to ensure nothing is lost.
-          if (
-            telegramStreaming?.hasDeliveredText &&
-            !telegramStreaming.finishSucceeded
-          ) {
-            log.warn(
-              { conversationId },
-              "Telegram streaming partially failed — falling back to full text delivery",
-            );
-          }
-          await deliverReplyViaCallback(
-            conversationId,
-            externalChatId,
-            replyCallbackUrl,
-            mintBearerToken(),
-            assistantId,
-            {
-              onSegmentDelivered: (count) =>
-                deliveryChannels.updateDeliveredSegmentCount(eventId, count),
-            },
-          );
-        }
+        await deliverReplyViaCallback(
+          conversationId,
+          externalChatId,
+          replyCallbackUrl,
+          mintBearerToken(),
+          assistantId,
+          {
+            onSegmentDelivered: (count) =>
+              deliveryChannels.updateDeliveredSegmentCount(eventId, count),
+          },
+        );
       }
     } catch (err) {
       log.error(

package/src/runtime/routes/integrations/slack/share.ts

@@ -12,6 +12,7 @@ import {
   userInfo,
 } from "../../../../messaging/providers/slack/client.js";
 import type { SlackConversation } from "../../../../messaging/providers/slack/types.js";
+import { getConnectionByProvider } from "../../../../oauth/oauth-store.js";
 import { getSecureKey } from "../../../../security/secure-keys.js";
 import { getLogger } from "../../../../util/logger.js";
 import { httpError } from "../../../http-errors.js";
@@ -24,14 +25,13 @@ const log = getLogger("slack-share");
 // ---------------------------------------------------------------------------
 
 /**
- * Resolve the Slack bot token from secure storage.
- * Prefers the OAuth integration token, falls back to the legacy channel token.
+ * Resolve the Slack bot token from the OAuth connection store.
  */
 function resolveSlackToken(): string | undefined {
-  return (
-    getSecureKey("credential:integration:slack:access_token") ??
-    getSecureKey("credential:slack_channel:bot_token")
-  );
+  const conn = getConnectionByProvider("integration:slack");
+  return conn
+    ? getSecureKey(`oauth_connection/${conn.id}/access_token`)
+    : undefined;
 }
 
 // ---------------------------------------------------------------------------

package/src/runtime/routes/integrations/twilio.ts

@@ -21,6 +21,7 @@ import {
 import { loadRawConfig, saveRawConfig } from "../../../config/loader.js";
 import { syncTwilioWebhooks } from "../../../daemon/handlers/config-ingress.js";
 import type { IngressConfig } from "../../../inbound/public-ingress-urls.js";
+import { credentialKey } from "../../../security/credential-key.js";
 import {
   deleteSecureKeyAsync,
   setSecureKeyAsync,
@@ -136,7 +137,7 @@ export async function handleSetTwilioCredentials(
   // validation (gateway/src/credential-reader.ts), while the assistant reads
   // from config via resolveAccountSid(). Both stores must stay in sync.
   const sidStored = await setSecureKeyAsync(
-    "credential:twilio:account_sid",
+    credentialKey("twilio", "account_sid"),
     body.accountSid,
   );
   if (!sidStored) {
@@ -148,11 +149,11 @@ export async function handleSetTwilioCredentials(
   }
 
   const tokenStored = await setSecureKeyAsync(
-    "credential:twilio:auth_token",
+    credentialKey("twilio", "auth_token"),
     body.authToken,
   );
   if (!tokenStored) {
-    await deleteSecureKeyAsync("credential:twilio:account_sid");
+    await deleteSecureKeyAsync(credentialKey("twilio", "account_sid"));
     return Response.json({
       success: false,
       hasCredentials: false,
@@ -202,8 +203,8 @@ export async function handleSetTwilioCredentials(
  * DELETE /v1/integrations/twilio/credentials
  */
 export async function handleClearTwilioCredentials(): Promise<Response> {
-  const r1 = await deleteSecureKeyAsync("credential:twilio:account_sid");
-  const r2 = await deleteSecureKeyAsync("credential:twilio:auth_token");
+  const r1 = await deleteSecureKeyAsync(credentialKey("twilio", "account_sid"));
+  const r2 = await deleteSecureKeyAsync(credentialKey("twilio", "auth_token"));
 
   if (r1 === "error" || r2 === "error") {
     return Response.json(

package/src/runtime/routes/log-export-routes.ts

@@ -14,7 +14,11 @@ import { desc } from "drizzle-orm";
 import { getDb } from "../../memory/db.js";
 import { toolInvocations } from "../../memory/schema.js";
 import { getLogger } from "../../util/logger.js";
-import { getDataDir, getRootDir } from "../../util/platform.js";
+import {
+  getDataDir,
+  getRootDir,
+  getWorkspaceConfigPath,
+} from "../../util/platform.js";
 import { httpError } from "../http-errors.js";
 import type { RouteDefinition } from "../http-router.js";
 
@@ -31,6 +35,7 @@ interface ExportResponse {
   success: true;
   auditRows: Array<Record<string, unknown>>;
   logFiles: Record<string, string>;
+  configSnapshot?: Record<string, unknown>;
 }
 
 /**
@@ -83,21 +88,134 @@ async function handleExport(body: ExportRequestBody): Promise<Response> {
       }
     }
 
+    // --- Sanitized config snapshot ---
+    const configSnapshot = readSanitizedConfig();
+
     log.info(
-      { auditCount: auditRows.length, logFileCount: Object.keys(logFiles).length, totalBytes },
+      {
+        auditCount: auditRows.length,
+        logFileCount: Object.keys(logFiles).length,
+        totalBytes,
+        hasConfig: configSnapshot !== undefined,
+      },
       "Export completed",
     );
 
-    const payload: ExportResponse = { success: true, auditRows, logFiles };
+    const payload: ExportResponse = {
+      success: true,
+      auditRows,
+      logFiles,
+      configSnapshot,
+    };
     return Response.json(payload);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
     log.error({ err }, "Failed to export");
-    return httpError(
-      "INTERNAL_ERROR",
-      `Failed to export: ${message}`,
-      500,
-    );
+    return httpError("INTERNAL_ERROR", `Failed to export: ${message}`, 500);
+  }
+}
+
+/**
+ * Replaces a string value with a presence flag: "(set)" if truthy, "(empty)" otherwise.
+ */
+function redactStringValue(val: unknown): string {
+  return val ? "(set)" : "(empty)";
+}
+
+/**
+ * Reads the workspace config.json and strips sensitive fields.
+ * Returns undefined if the file is missing or unreadable.
+ */
+function readSanitizedConfig(): Record<string, unknown> | undefined {
+  const configPath = getWorkspaceConfigPath();
+  if (!existsSync(configPath)) return undefined;
+
+  try {
+    const raw = readFileSync(configPath, "utf-8");
+    const config = JSON.parse(raw) as Record<string, unknown>;
+
+    // Strip API key values — preserve which providers have keys configured
+    if (config.apiKeys && typeof config.apiKeys === "object") {
+      const keys = config.apiKeys as Record<string, unknown>;
+      config.apiKeys = Object.fromEntries(
+        Object.keys(keys).map((k) => [k, redactStringValue(keys[k])]),
+      );
+    }
+
+    // Strip ingress webhook secret
+    if (config.ingress && typeof config.ingress === "object") {
+      const ingress = config.ingress as Record<string, unknown>;
+      if (ingress.webhook && typeof ingress.webhook === "object") {
+        const webhook = ingress.webhook as Record<string, unknown>;
+        webhook.secret = redactStringValue(webhook.secret);
+        ingress.webhook = webhook;
+      }
+      config.ingress = ingress;
+    }
+
+    // Strip skill-level API keys and env vars
+    if (config.skills && typeof config.skills === "object") {
+      const skills = config.skills as Record<string, unknown>;
+      if (skills.entries && typeof skills.entries === "object") {
+        const entries = skills.entries as Record<string, unknown>;
+        for (const name of Object.keys(entries)) {
+          const entry = entries[name];
+          if (entry && typeof entry === "object") {
+            const e = entry as Record<string, unknown>;
+            if ("apiKey" in e) e.apiKey = redactStringValue(e.apiKey);
+            if (e.env && typeof e.env === "object") {
+              const env = e.env as Record<string, unknown>;
+              e.env = Object.fromEntries(
+                Object.keys(env).map((k) => [k, redactStringValue(env[k])]),
+              );
+            }
+          }
+        }
+      }
+    }
+
+    // Strip Twilio accountSid
+    if (config.twilio && typeof config.twilio === "object") {
+      const twilio = config.twilio as Record<string, unknown>;
+      twilio.accountSid = redactStringValue(twilio.accountSid);
+      config.twilio = twilio;
+    }
+
+    // Strip MCP transport headers (SSE/streamable-http) and env vars (stdio)
+    if (config.mcp && typeof config.mcp === "object") {
+      const mcp = config.mcp as Record<string, unknown>;
+      if (mcp.servers && typeof mcp.servers === "object") {
+        const servers = mcp.servers as Record<string, unknown>;
+        for (const name of Object.keys(servers)) {
+          const server = servers[name];
+          if (server && typeof server === "object") {
+            const s = server as Record<string, unknown>;
+            if (s.transport && typeof s.transport === "object") {
+              const transport = s.transport as Record<string, unknown>;
+              if (transport.headers && typeof transport.headers === "object") {
+                const headers = transport.headers as Record<string, unknown>;
+                transport.headers = Object.fromEntries(
+                  Object.keys(headers).map((k) => [
+                    k,
+                    redactStringValue(headers[k]),
+                  ]),
+                );
+              }
+              if (transport.env && typeof transport.env === "object") {
+                const env = transport.env as Record<string, unknown>;
+                transport.env = Object.fromEntries(
+                  Object.keys(env).map((k) => [k, redactStringValue(env[k])]),
+                );
+              }
+            }
+          }
+        }
+      }
+    }
+
+    return config;
+  } catch {
+    return undefined;
   }
 }
 

package/src/runtime/routes/secret-routes.ts

@@ -4,6 +4,7 @@ import {
   invalidateConfigCache,
 } from "../../config/loader.js";
 import { initializeProviders } from "../../providers/registry.js";
+import { credentialKey } from "../../security/credential-key.js";
 import {
   deleteSecureKeyAsync,
   getSecureKeyAsync,
@@ -78,7 +79,7 @@ export async function handleAddSecret(req: Request): Promise<Response> {
       assertMetadataWritable();
       const service = name.slice(0, colonIdx);
       const field = name.slice(colonIdx + 1);
-      const key = `credential:${service}:${field}`;
+      const key = credentialKey(service, field);
       const stored = await setSecureKeyAsync(key, value);
       if (!stored) {
         return httpError(
@@ -164,7 +165,7 @@ export async function handleDeleteSecret(req: Request): Promise<Response> {
       const service = name.slice(0, colonIdx);
       const field = name.slice(colonIdx + 1);
       assertMetadataWritable();
-      const key = `credential:${service}:${field}`;
+      const key = credentialKey(service, field);
       // Check existence first — the broker always returns "deleted" even
       // for keys that don't exist, so we need a pre-check for 404 semantics.
       const existing = await getSecureKeyAsync(key);