@vellumai/assistant 0.4.46 → 0.4.49

package/src/__tests__/credential-metadata-store.test.ts

@@ -294,6 +294,38 @@ describe("credential metadata store", () => {
     });
   });
 
+  // ── v5 Schema: OAuth fields removed ─────────────────────────────────
+
+  describe("v5 schema — OAuth fields removed from CredentialMetadata", () => {
+    test("CredentialMetadata does not include hasRefreshToken", () => {
+      const record = upsertCredentialMetadata("github", "access_token", {
+        allowedTools: ["api_request"],
+      });
+      // hasRefreshToken was removed in v5 — field should not exist
+      expect("hasRefreshToken" in record).toBe(false);
+    });
+
+    test("CredentialMetadata does not include oauth2TokenUrl", () => {
+      const record = upsertCredentialMetadata("github", "access_token");
+      expect("oauth2TokenUrl" in record).toBe(false);
+    });
+
+    test("CredentialMetadata does not include oauth2ClientId", () => {
+      const record = upsertCredentialMetadata("github", "access_token");
+      expect("oauth2ClientId" in record).toBe(false);
+    });
+
+    test("CredentialMetadata does not include expiresAt", () => {
+      const record = upsertCredentialMetadata("github", "access_token");
+      expect("expiresAt" in record).toBe(false);
+    });
+
+    test("CredentialMetadata does not include grantedScopes", () => {
+      const record = upsertCredentialMetadata("github", "access_token");
+      expect("grantedScopes" in record).toBe(false);
+    });
+  });
+
   // ── Version migration ──────────────────────────────────────────────
 
   describe("version migration", () => {
@@ -371,7 +403,7 @@ describe("credential metadata store", () => {
       expect(record!.credentialId).toBe("cred-stable-id");
     });
 
-    test("v2 file is loaded without migration", () => {
+    test("v2 file is migrated to v5 (strips oauth2ClientSecret and OAuth fields)", () => {
       const v2Data = {
         version: 2,
         credentials: [
@@ -382,6 +414,7 @@ describe("credential metadata store", () => {
             allowedTools: ["api_request"],
             allowedDomains: ["fal.ai"],
             alias: "fal-primary",
+            oauth2ClientSecret: "should-be-stripped",
             injectionTemplates: [
               {
                 hostPattern: "*.fal.ai",
@@ -402,9 +435,191 @@ describe("credential metadata store", () => {
       expect(record!.alias).toBe("fal-primary");
       expect(record!.injectionTemplates).toHaveLength(1);
       expect(record!.injectionTemplates![0].hostPattern).toBe("*.fal.ai");
+      // oauth2ClientSecret must be stripped by migration
+      expect("oauth2ClientSecret" in record!).toBe(false);
+
+      // On-disk file should be upgraded to v5
+      const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
+      expect(raw.version).toBe(5);
+      expect(raw.credentials[0]).not.toHaveProperty("oauth2ClientSecret");
+    });
+
+    test("v3 file is migrated to v5 (removes ghost refresh_token records)", () => {
+      const v3Data = {
+        version: 3,
+        credentials: [
+          {
+            credentialId: "cred-v3-at",
+            service: "github",
+            field: "access_token",
+            allowedTools: ["api_request"],
+            allowedDomains: ["github.com"],
+            createdAt: 1700000000000,
+            updatedAt: 1700000000000,
+          },
+          {
+            credentialId: "cred-v3-rt",
+            service: "github",
+            field: "refresh_token",
+            allowedTools: [],
+            allowedDomains: [],
+            createdAt: 1700000000000,
+            updatedAt: 1700000000000,
+          },
+        ],
+      };
+      writeFileSync(META_PATH, JSON.stringify(v3Data, null, 2), "utf-8");
+
+      const records = listCredentialMetadata();
+      // Ghost refresh_token record removed
+      expect(records).toHaveLength(1);
+      expect(records[0].field).toBe("access_token");
+      // hasRefreshToken is stripped in v5 migration (OAuth fields moved to SQLite)
+      expect("hasRefreshToken" in records[0]).toBe(false);
+
+      // On-disk file should be upgraded to v5
+      const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
+      expect(raw.version).toBe(5);
+      expect(raw.credentials).toHaveLength(1);
+      expect(raw.credentials[0].field).toBe("access_token");
     });
 
-    test("future version (v3+) returns unknown version and refuses writes", () => {
+    test("v3 file without refresh_token records migrates cleanly", () => {
+      const v3Data = {
+        version: 3,
+        credentials: [
+          {
+            credentialId: "cred-v3-001",
+            service: "fal-ai",
+            field: "api_key",
+            allowedTools: ["api_request"],
+            allowedDomains: ["fal.ai"],
+            alias: "fal-primary",
+            injectionTemplates: [
+              {
+                hostPattern: "*.fal.ai",
+                injectionType: "header",
+                headerName: "Authorization",
+                valuePrefix: "Key ",
+              },
+            ],
+            createdAt: 1700000000000,
+            updatedAt: 1700000000000,
+          },
+        ],
+      };
+      writeFileSync(META_PATH, JSON.stringify(v3Data, null, 2), "utf-8");
+
+      const record = getCredentialMetadata("fal-ai", "api_key");
+      expect(record).toBeDefined();
+      expect(record!.alias).toBe("fal-primary");
+      expect(record!.injectionTemplates).toHaveLength(1);
+      expect(record!.injectionTemplates![0].hostPattern).toBe("*.fal.ai");
+      // hasRefreshToken is stripped in v5 migration
+      expect("hasRefreshToken" in record!).toBe(false);
+
+      // On-disk file should be upgraded to v5
+      const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
+      expect(raw.version).toBe(5);
+    });
+
+    test("v3 migration handles multiple services with ghost records", () => {
+      const v3Data = {
+        version: 3,
+        credentials: [
+          {
+            credentialId: "at-github",
+            service: "github",
+            field: "access_token",
+            allowedTools: [],
+            allowedDomains: [],
+            createdAt: 1700000000000,
+            updatedAt: 1700000000000,
+          },
+          {
+            credentialId: "rt-github",
+            service: "github",
+            field: "refresh_token",
+            allowedTools: [],
+            allowedDomains: [],
+            createdAt: 1700000000000,
+            updatedAt: 1700000000000,
+          },
+          {
+            credentialId: "at-slack",
+            service: "slack",
+            field: "access_token",
+            allowedTools: [],
+            allowedDomains: [],
+            createdAt: 1700000000000,
+            updatedAt: 1700000000000,
+          },
+          {
+            credentialId: "at-stripe",
+            service: "stripe",
+            field: "access_token",
+            allowedTools: [],
+            allowedDomains: [],
+            createdAt: 1700000000000,
+            updatedAt: 1700000000000,
+          },
+          {
+            credentialId: "rt-stripe",
+            service: "stripe",
+            field: "refresh_token",
+            allowedTools: [],
+            allowedDomains: [],
+            createdAt: 1700000000000,
+            updatedAt: 1700000000000,
+          },
+        ],
+      };
+      writeFileSync(META_PATH, JSON.stringify(v3Data, null, 2), "utf-8");
+
+      const records = listCredentialMetadata();
+      // refresh_token records removed, only access_token records remain
+      expect(records).toHaveLength(3);
+      expect(records.every((r) => r.field !== "refresh_token")).toBe(true);
+      // hasRefreshToken is stripped in v5 migration — none should have it
+      const github = records.find((r) => r.service === "github");
+      const slack = records.find((r) => r.service === "slack");
+      const stripe = records.find((r) => r.service === "stripe");
+      expect("hasRefreshToken" in github!).toBe(false);
+      expect("hasRefreshToken" in slack!).toBe(false);
+      expect("hasRefreshToken" in stripe!).toBe(false);
+    });
+
+    test("v4 file is migrated to v5 (strips hasRefreshToken and OAuth fields)", () => {
+      const v4Data = {
+        version: 4,
+        credentials: [
+          {
+            credentialId: "cred-v4-001",
+            service: "fal-ai",
+            field: "api_key",
+            allowedTools: ["api_request"],
+            allowedDomains: ["fal.ai"],
+            alias: "fal-primary",
+            hasRefreshToken: true,
+            createdAt: 1700000000000,
+            updatedAt: 1700000000000,
+          },
+        ],
+      };
+      writeFileSync(META_PATH, JSON.stringify(v4Data, null, 2), "utf-8");
+
+      const record = getCredentialMetadata("fal-ai", "api_key");
+      expect(record).toBeDefined();
+      expect(record!.alias).toBe("fal-primary");
+      // hasRefreshToken is stripped in v5 migration
+      expect("hasRefreshToken" in record!).toBe(false);
+
+      // On-disk file should be upgraded to v5
+      const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
+      expect(raw.version).toBe(5);
+    });
+
+    test("future version (v6+) returns unknown version and refuses writes", () => {
       const futureData = {
         version: 99,
         credentials: [],
@@ -439,7 +654,7 @@ describe("credential metadata store", () => {
       },
     );
 
-    test("upsert on migrated v1 file saves as v2", () => {
+    test("upsert on migrated v1 file saves as v5", () => {
       const v1Data = {
         version: 1,
         credentials: [
@@ -459,13 +674,13 @@ describe("credential metadata store", () => {
       // Upsert triggers load (migration) + save (at current version)
       upsertCredentialMetadata("github", "token", { alias: "gh-main" });
 
-      // Verify on-disk file is now v2
+      // Verify on-disk file is now v5
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(2);
+      expect(raw.version).toBe(5);
       expect(raw.credentials[0].alias).toBe("gh-main");
     });
 
-    test("v1 load auto-persists as v2 on disk without requiring a write", () => {
+    test("v1 load auto-persists as v5 on disk without requiring a write", () => {
       const v1Data = {
         version: 1,
         credentials: [
@@ -482,15 +697,15 @@ describe("credential metadata store", () => {
       };
       writeFileSync(META_PATH, JSON.stringify(v1Data, null, 2), "utf-8");
 
-      // A read-only operation should still persist the v2 upgrade
+      // A read-only operation should still persist the v5 upgrade
       listCredentialMetadata();
 
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(2);
+      expect(raw.version).toBe(5);
       expect(raw.credentials[0].credentialId).toBe("cred-autopersist");
     });
 
-    test("v1 file with multiple credentials migrates all records", () => {
+    test("v1 file with multiple credentials migrates all records (strips OAuth fields)", () => {
       const v1Data = {
         version: 1,
         credentials: [
@@ -539,13 +754,11 @@ describe("credential metadata store", () => {
         expect(r.injectionTemplates).toBeUndefined();
       }
 
-      // Original v1 fields preserved
-      expect(records[0].grantedScopes).toEqual(["repo", "user"]);
-      expect(records[1].expiresAt).toBe(1800000000000);
-      expect(records[2].oauth2TokenUrl).toBe(
-        "https://connect.stripe.com/oauth/token",
-      );
-      expect(records[2].oauth2ClientId).toBe("ca_test123");
+      // OAuth-specific fields are stripped by v5 migration
+      expect("grantedScopes" in records[0]).toBe(false);
+      expect("expiresAt" in records[1]).toBe(false);
+      expect("oauth2TokenUrl" in records[2]).toBe(false);
+      expect("oauth2ClientId" in records[2]).toBe(false);
     });
   });
 
@@ -586,20 +799,20 @@ describe("credential metadata store", () => {
     test("file with non-array credentials field is treated as empty list", () => {
       writeFileSync(
         META_PATH,
-        JSON.stringify({ version: 2, credentials: "not-an-array" }),
+        JSON.stringify({ version: 5, credentials: "not-an-array" }),
         "utf-8",
       );
       expect(listCredentialMetadata()).toEqual([]);
     });
 
     test("file with missing credentials field is treated as empty list", () => {
-      writeFileSync(META_PATH, JSON.stringify({ version: 2 }), "utf-8");
+      writeFileSync(META_PATH, JSON.stringify({ version: 5 }), "utf-8");
       expect(listCredentialMetadata()).toEqual([]);
     });
 
     test("malformed records within credentials array are filtered out", () => {
       const data = {
-        version: 2,
+        version: 5,
         credentials: [
           // Valid record
           {
@@ -709,7 +922,7 @@ describe("credential metadata store", () => {
 
       const raw = readFileSync(META_PATH, "utf-8");
       const parsed = JSON.parse(raw);
-      expect(parsed.version).toBe(2);
+      expect(parsed.version).toBe(5);
       expect(parsed.credentials).toHaveLength(1);
       expect(parsed.credentials[0].service).toBe("slack");
     });
@@ -717,23 +930,23 @@ describe("credential metadata store", () => {
     test("file written by saveFile has version field", () => {
       upsertCredentialMetadata("test", "key");
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(2);
+      expect(raw.version).toBe(5);
     });
   });
 
   // ── Empty credential lists ────────────────────────────────────────
 
   describe("empty credential lists", () => {
-    test("empty v2 file returns empty array", () => {
+    test("empty v5 file returns empty array", () => {
       writeFileSync(
         META_PATH,
-        JSON.stringify({ version: 2, credentials: [] }, null, 2),
+        JSON.stringify({ version: 5, credentials: [] }, null, 2),
         "utf-8",
       );
       expect(listCredentialMetadata()).toEqual([]);
     });
 
-    test("empty v1 file is migrated to v2 with empty credentials", () => {
+    test("empty v1 file is migrated to v5 with empty credentials", () => {
       writeFileSync(
         META_PATH,
         JSON.stringify({ version: 1, credentials: [] }, null, 2),
@@ -741,9 +954,9 @@ describe("credential metadata store", () => {
       );
       expect(listCredentialMetadata()).toEqual([]);
 
-      // Should be persisted as v2
+      // Should be persisted as v5
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(2);
+      expect(raw.version).toBe(5);
       expect(raw.credentials).toEqual([]);
     });
 

package/src/__tests__/credential-resolve.test.ts

@@ -12,6 +12,7 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
+import { credentialKey } from "../security/credential-key.js";
 import {
   _setMetadataPath,
   upsertCredentialMetadata,
@@ -56,7 +57,7 @@ describe("credential resolver", () => {
       expect(result!.credentialId).toBe(created.credentialId);
       expect(result!.service).toBe("github");
       expect(result!.field).toBe("token");
-      expect(result!.storageKey).toBe("credential:github:token");
+      expect(result!.storageKey).toBe(credentialKey("github", "token"));
       expect(result!.metadata.allowedTools).toEqual([
         "browser_fill_credential",
       ]);
@@ -111,7 +112,7 @@ describe("credential resolver", () => {
       expect(result!.credentialId).toBe(created.credentialId);
       expect(result!.service).toBe("gmail");
       expect(result!.field).toBe("password");
-      expect(result!.storageKey).toBe("credential:gmail:password");
+      expect(result!.storageKey).toBe(credentialKey("gmail", "password"));
     });
 
     test("returns undefined for non-existent ID", () => {
@@ -190,10 +191,10 @@ describe("credential resolver", () => {
   });
 
   describe("storage key format", () => {
-    test("storage key follows credential:{service}:{field} format", () => {
+    test("storage key follows credential/{service}/{field} format", () => {
       upsertCredentialMetadata("my-service", "api-key");
       const result = resolveByServiceField("my-service", "api-key");
-      expect(result!.storageKey).toBe("credential:my-service:api-key");
+      expect(result!.storageKey).toBe(credentialKey("my-service", "api-key"));
     });
   });
 

package/src/__tests__/credential-security-e2e.test.ts

@@ -147,12 +147,12 @@ describe("E2E: secure store and list lifecycle", () => {
     // Value must NOT appear in tool output (invariant 1)
     expect(result.content).not.toContain("ghp_abc123");
     // Value must be in keychain
-    expect(storedKeys.get("credential:github:token")).toBe("ghp_abc123");
+    expect(storedKeys.get("credential/github/token")).toBe("ghp_abc123");
   });
 
   test("list returns service/field pairs without secret values", async () => {
-    storedKeys.set("credential:github:token", "secret1");
-    storedKeys.set("credential:aws:access_key", "secret2");
+    storedKeys.set("credential/github/token", "secret1");
+    storedKeys.set("credential/aws/access_key", "secret2");
     metadataStore.set("github:token", {
       credentialId: "cred-github-token",
       service: "github",
@@ -177,14 +177,14 @@ describe("E2E: secure store and list lifecycle", () => {
   });
 
   test("delete removes credential from keychain", async () => {
-    storedKeys.set("credential:github:token", "secret1");
+    storedKeys.set("credential/github/token", "secret1");
 
     const result = await credentialStoreTool.execute(
       { action: "delete", service: "github", field: "token" },
       makeContext(),
     );
     expect(result.isError).toBe(false);
-    expect(storedKeys.has("credential:github:token")).toBe(false);
+    expect(storedKeys.has("credential/github/token")).toBe(false);
   });
 });
 
@@ -267,7 +267,7 @@ describe("E2E: one-time send override", () => {
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain("not enabled");
-    expect(storedKeys.has("credential:svc:key")).toBe(false);
+    expect(storedKeys.has("credential/svc/key")).toBe(false);
   });
 
   test("accepts transient_send when config gate is on", async () => {
@@ -285,7 +285,7 @@ describe("E2E: one-time send override", () => {
     expect(result.isError).toBe(false);
     expect(result.content).toContain("NOT saved");
     // Value must NOT be in keychain
-    expect(storedKeys.has("credential:svc:key")).toBe(false);
+    expect(storedKeys.has("credential/svc/key")).toBe(false);
     // Value must NOT appear in output
     expect(result.content).not.toContain("tmp1");
   });
@@ -303,7 +303,7 @@ describe("E2E: one-time send override", () => {
       ctx,
     );
     expect(result.isError).toBe(false);
-    expect(storedKeys.has("credential:svc:key")).toBe(true);
+    expect(storedKeys.has("credential/svc/key")).toBe(true);
   });
 });
 

package/src/__tests__/credential-security-invariants.test.ts

@@ -1,5 +1,5 @@
 import { randomBytes } from "node:crypto";
-import { mkdirSync, rmSync } from "node:fs";
+import { mkdirSync, rmSync, writeFileSync } from "node:fs";
 import { readFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
@@ -63,11 +63,13 @@ mock.module("../tools/registry.js", () => ({
 // ---------------------------------------------------------------------------
 
 import { DEFAULT_CONFIG } from "../config/defaults.js";
+import { credentialKey } from "../security/credential-key.js";
 import { redactSensitiveFields } from "../security/redaction.js";
-import { setSecureKey } from "../security/secure-keys.js";
+import { getSecureKey, setSecureKey } from "../security/secure-keys.js";
 import { CredentialBroker } from "../tools/credentials/broker.js";
 import {
   _setMetadataPath,
+  getCredentialMetadata,
   upsertCredentialMetadata,
 } from "../tools/credentials/metadata-store.js";
 
@@ -199,6 +201,7 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
     // Hard boundary: only these production files may import from secure-keys.
     // Any new import must be reviewed for secret-leak risk and added here.
     const ALLOWED_IMPORTERS = new Set([
+      "security/credential-key.ts", // credential key builder + migration
       "config/loader.ts", // config management (API keys)
       "tools/credentials/vault.ts", // credential store tool
       "tools/credentials/broker.ts", // brokered credential access
@@ -226,10 +229,13 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "runtime/routes/integrations/slack/share.ts", // Slack share routes credential lookup
       "mcp/client.ts", // MCP client cached-token lookup
       "oauth/token-persistence.ts", // OAuth token persistence (set/delete tokens)
+      "oauth/connection-resolver.ts", // resolve OAuthConnection from oauth-store (access_token lookup)
       "runtime/routes/secret-routes.ts", // HTTP secret management routes (set/delete secrets)
-      "daemon/ride-shotgun-handler.ts", // learn session cookie persistence
       "daemon/session-messaging.ts", // credential storage during session messaging
-      "runtime/routes/settings-routes.ts", // settings routes OAuth credential lookup (client_id/client_secret/access tokens)
+      "runtime/routes/settings-routes.ts", // settings routes OAuth credential lookup (client_secret)
+      "oauth/oauth-store.ts", // OAuth provider disconnect (delete stored tokens)
+      "cli/commands/oauth/connections.ts", // CLI OAuth connection delete (legacy credential cleanup)
+      "oauth/manual-token-connection.ts", // manual-token provider backfill (keychain credential existence check)
     ]);
 
     const thisDir = dirname(fileURLToPath(import.meta.url));
@@ -245,7 +251,11 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
         const s = statSync(full);
         if (s.isDirectory()) {
           collectTsFiles(full, files);
-        } else if (entry.endsWith(".ts") && !entry.endsWith(".d.ts")) {
+        } else if (
+          entry.endsWith(".ts") &&
+          !entry.endsWith(".d.ts") &&
+          !entry.endsWith(".test.ts")
+        ) {
           files.push(full);
         }
       }
@@ -413,7 +423,10 @@ describe("Invariant 4: credentials only used for allowed purpose", () => {
         allowedTools: tc.allowedTools,
         allowedDomains: tc.allowedDomains,
       });
-      setSecureKey(`credential:${tc.credentialId}:token`, "test-secret-value");
+      setSecureKey(
+        credentialKey(tc.credentialId, "token"),
+        "test-secret-value",
+      );
 
       const result = await broker.browserFill({
         service: tc.credentialId,
@@ -438,7 +451,7 @@ describe("Invariant 4: credentials only used for allowed purpose", () => {
       allowedTools: ["browser_fill_credential"],
       allowedDomains: ["github.com"],
     });
-    setSecureKey("credential:github:token", "ghp_secret123");
+    setSecureKey(credentialKey("github", "token"), "ghp_secret123");
 
     const result = await broker.browserFill({
       service: "github",
@@ -470,6 +483,97 @@ describe("Invariant 4: credentials only used for allowed purpose", () => {
   });
 });
 
+// ---------------------------------------------------------------------------
+// Invariant 6 — oauth2ClientSecret never in plaintext metadata
+// ---------------------------------------------------------------------------
+
+describe("Invariant 6: oauth2ClientSecret not in metadata, only in secure store", () => {
+  beforeEach(() => {
+    mkdirSync(TEST_DIR, { recursive: true });
+    _setStorePath(STORE_PATH);
+    _resetBackend();
+    _setMetadataPath(join(TEST_DIR, "metadata.json"));
+  });
+
+  afterEach(() => {
+    _setMetadataPath(null);
+    _setStorePath(null);
+    _resetBackend();
+    rmSync(TEST_DIR, { recursive: true, force: true });
+  });
+
+  test("upsertCredentialMetadata does not accept oauth2ClientSecret or other OAuth fields", () => {
+    const record = upsertCredentialMetadata(
+      "integration:gmail",
+      "access_token",
+      {
+        allowedTools: ["api_request"],
+      },
+    );
+    expect("oauth2ClientSecret" in record).toBe(false);
+    expect("oauth2TokenUrl" in record).toBe(false);
+    expect("oauth2ClientId" in record).toBe(false);
+  });
+
+  test("client secret is read from secure store, not metadata", () => {
+    setSecureKey(
+      credentialKey("integration:gmail", "client_secret"),
+      "my-secret",
+    );
+    upsertCredentialMetadata("integration:gmail", "access_token", {
+      allowedTools: ["api_request"],
+    });
+
+    const meta = getCredentialMetadata("integration:gmail", "access_token");
+    expect(meta).toBeDefined();
+    expect("oauth2ClientSecret" in meta!).toBe(false);
+    // OAuth-specific fields are no longer in metadata (v5)
+    expect("oauth2TokenUrl" in meta!).toBe(false);
+    expect("oauth2ClientId" in meta!).toBe(false);
+
+    // Secret is in secure store
+    expect(
+      getSecureKey(credentialKey("integration:gmail", "client_secret")),
+    ).toBe("my-secret");
+  });
+
+  test("v2 metadata with oauth2ClientSecret is stripped on migration", () => {
+    const v2Data = {
+      version: 2,
+      credentials: [
+        {
+          credentialId: "cred-v2-secret",
+          service: "integration:gmail",
+          field: "access_token",
+          allowedTools: [],
+          allowedDomains: [],
+          oauth2TokenUrl: "https://oauth2.googleapis.com/token",
+          oauth2ClientId: "test-client-id",
+          oauth2ClientSecret: "plaintext-secret-should-be-stripped",
+          createdAt: 1700000000000,
+          updatedAt: 1700000000000,
+        },
+      ],
+    };
+    writeFileSync(
+      join(TEST_DIR, "metadata.json"),
+      JSON.stringify(v2Data, null, 2),
+      "utf-8",
+    );
+
+    const meta = getCredentialMetadata("integration:gmail", "access_token");
+    expect(meta).toBeDefined();
+    expect("oauth2ClientSecret" in meta!).toBe(false);
+
+    // Verify on-disk file no longer contains the secret
+    const raw = JSON.parse(
+      readFileSync(join(TEST_DIR, "metadata.json"), "utf-8"),
+    );
+    expect(raw.credentials[0]).not.toHaveProperty("oauth2ClientSecret");
+    expect(raw.version).toBe(5);
+  });
+});
+
 // ---------------------------------------------------------------------------
 // Cross-Cutting — One-Time Send Override
 // ---------------------------------------------------------------------------