npm - @vellumai/assistant - Versions diffs - 0.4.49 → 0.4.50 - Mend

@vellumai/assistant 0.4.49 → 0.4.50

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (239) hide show

package/ARCHITECTURE.md +24 -33
package/README.md +3 -3
package/docs/architecture/memory.md +180 -119
package/package.json +2 -2
package/src/__tests__/agent-loop.test.ts +3 -1
package/src/__tests__/anthropic-provider.test.ts +114 -23
package/src/__tests__/approval-cascade.test.ts +1 -15
package/src/__tests__/approval-routes-http.test.ts +2 -0
package/src/__tests__/assistant-feature-flag-guard.test.ts +0 -23
package/src/__tests__/canonical-guardian-store.test.ts +95 -0
package/src/__tests__/checker.test.ts +13 -0
package/src/__tests__/config-schema.test.ts +1 -68
package/src/__tests__/context-memory-e2e.test.ts +11 -100
package/src/__tests__/conversation-routes-guardian-reply.test.ts +8 -0
package/src/__tests__/conversation-routes-slash-commands.test.ts +1 -0
package/src/__tests__/credential-security-e2e.test.ts +1 -0
package/src/__tests__/credential-vault-unit.test.ts +4 -0
package/src/__tests__/credential-vault.test.ts +13 -1
package/src/__tests__/cu-unified-flow.test.ts +532 -0
package/src/__tests__/date-context.test.ts +93 -77
package/src/__tests__/deterministic-verification-control-plane.test.ts +64 -0
package/src/__tests__/guardian-routing-invariants.test.ts +93 -0
package/src/__tests__/history-repair.test.ts +245 -0
package/src/__tests__/host-cu-proxy.test.ts +165 -3
package/src/__tests__/http-user-message-parity.test.ts +1 -0
package/src/__tests__/invite-redemption-service.test.ts +65 -1
package/src/__tests__/keychain-broker-client.test.ts +4 -4
package/src/__tests__/memory-context-benchmark.benchmark.test.ts +56 -18
package/src/__tests__/memory-lifecycle-e2e.test.ts +244 -387
package/src/__tests__/memory-recall-quality.test.ts +244 -407
package/src/__tests__/memory-regressions.experimental.test.ts +126 -101
package/src/__tests__/memory-regressions.test.ts +477 -2841
package/src/__tests__/memory-retrieval.benchmark.test.ts +33 -150
package/src/__tests__/memory-upsert-concurrency.test.ts +5 -244
package/src/__tests__/mime-builder.test.ts +28 -0
package/src/__tests__/native-web-search.test.ts +1 -0
package/src/__tests__/oauth-cli.test.ts +572 -5
package/src/__tests__/oauth-store.test.ts +120 -6
package/src/__tests__/qdrant-collection-migration.test.ts +53 -8
package/src/__tests__/registry.test.ts +0 -1
package/src/__tests__/relay-server.test.ts +46 -1
package/src/__tests__/schedule-tools.test.ts +32 -0
package/src/__tests__/script-proxy-certs.test.ts +1 -1
package/src/__tests__/secret-onetime-send.test.ts +1 -0
package/src/__tests__/secure-keys.test.ts +7 -2
package/src/__tests__/send-endpoint-busy.test.ts +3 -0
package/src/__tests__/session-abort-tool-results.test.ts +1 -14
package/src/__tests__/session-agent-loop-overflow.test.ts +1583 -0
package/src/__tests__/session-agent-loop.test.ts +19 -15
package/src/__tests__/session-confirmation-signals.test.ts +1 -15
package/src/__tests__/session-error.test.ts +124 -2
package/src/__tests__/session-history-web-search.test.ts +918 -0
package/src/__tests__/session-pre-run-repair.test.ts +1 -14
package/src/__tests__/session-provider-retry-repair.test.ts +25 -28
package/src/__tests__/session-queue.test.ts +37 -27
package/src/__tests__/session-runtime-assembly.test.ts +54 -0
package/src/__tests__/session-slash-known.test.ts +1 -15
package/src/__tests__/session-slash-queue.test.ts +1 -15
package/src/__tests__/session-slash-unknown.test.ts +1 -15
package/src/__tests__/session-workspace-cache-state.test.ts +3 -33
package/src/__tests__/session-workspace-injection.test.ts +3 -37
package/src/__tests__/session-workspace-tool-tracking.test.ts +3 -37
package/src/__tests__/skills-install-extract.test.ts +93 -0
package/src/__tests__/skillssh-registry.test.ts +451 -0
package/src/__tests__/trust-store.test.ts +15 -0
package/src/__tests__/voice-invite-redemption.test.ts +32 -1
package/src/agent/ax-tree-compaction.test.ts +51 -0
package/src/agent/loop.ts +39 -12
package/src/approvals/AGENTS.md +1 -1
package/src/approvals/guardian-request-resolvers.ts +14 -2
package/src/bundler/compiler-tools.ts +66 -2
package/src/calls/call-domain.ts +132 -0
package/src/calls/call-store.ts +6 -0
package/src/calls/relay-server.ts +43 -5
package/src/calls/relay-setup-router.ts +17 -1
package/src/calls/twilio-config.ts +1 -1
package/src/calls/types.ts +3 -1
package/src/cli/commands/doctor.ts +4 -3
package/src/cli/commands/mcp.ts +46 -59
package/src/cli/commands/memory.ts +16 -165
package/src/cli/commands/oauth/apps.ts +31 -2
package/src/cli/commands/oauth/connections.ts +431 -97
package/src/cli/commands/oauth/providers.ts +15 -1
package/src/cli/commands/sessions.ts +5 -2
package/src/cli/commands/skills.ts +173 -1
package/src/cli/http-client.ts +0 -20
package/src/cli/main-screen.tsx +2 -2
package/src/cli/program.ts +5 -6
package/src/cli.ts +4 -10
package/src/config/bundled-skills/computer-use/TOOLS.json +1 -1
package/src/config/bundled-skills/computer-use/tools/computer-use-observe.ts +12 -0
package/src/config/bundled-tool-registry.ts +2 -5
package/src/config/schema.ts +1 -12
package/src/config/schemas/memory-lifecycle.ts +0 -9
package/src/config/schemas/memory-processing.ts +0 -180
package/src/config/schemas/memory-retrieval.ts +32 -104
package/src/config/schemas/memory.ts +0 -10
package/src/config/types.ts +0 -4
package/src/context/window-manager.ts +4 -1
package/src/daemon/config-watcher.ts +61 -3
package/src/daemon/daemon-control.ts +1 -1
package/src/daemon/date-context.ts +114 -31
package/src/daemon/handlers/sessions.ts +18 -13
package/src/daemon/handlers/skills.ts +20 -1
package/src/daemon/history-repair.ts +72 -8
package/src/daemon/host-cu-proxy.ts +55 -26
package/src/daemon/lifecycle.ts +31 -3
package/src/daemon/mcp-reload-service.ts +2 -2
package/src/daemon/message-types/computer-use.ts +1 -12
package/src/daemon/message-types/memory.ts +4 -16
package/src/daemon/message-types/messages.ts +1 -0
package/src/daemon/message-types/sessions.ts +4 -0
package/src/daemon/server.ts +12 -1
package/src/daemon/session-agent-loop-handlers.ts +38 -0
package/src/daemon/session-agent-loop.ts +334 -48
package/src/daemon/session-error.ts +89 -6
package/src/daemon/session-history.ts +17 -7
package/src/daemon/session-media-retry.ts +6 -2
package/src/daemon/session-memory.ts +69 -149
package/src/daemon/session-process.ts +10 -1
package/src/daemon/session-runtime-assembly.ts +49 -19
package/src/daemon/session-surfaces.ts +4 -1
package/src/daemon/session-tool-setup.ts +7 -1
package/src/daemon/session.ts +12 -2
package/src/instrument.ts +61 -1
package/src/memory/admin.ts +2 -191
package/src/memory/canonical-guardian-store.ts +38 -2
package/src/memory/conversation-crud.ts +0 -33
package/src/memory/conversation-queries.ts +22 -3
package/src/memory/db-init.ts +28 -0
package/src/memory/embedding-backend.ts +84 -8
package/src/memory/embedding-types.ts +9 -1
package/src/memory/indexer.ts +7 -46
package/src/memory/items-extractor.ts +274 -76
package/src/memory/job-handlers/backfill.ts +2 -127
package/src/memory/job-handlers/cleanup.ts +2 -16
package/src/memory/job-handlers/extraction.ts +2 -138
package/src/memory/job-handlers/index-maintenance.ts +1 -6
package/src/memory/job-handlers/summarization.ts +3 -148
package/src/memory/job-utils.ts +21 -59
package/src/memory/jobs-store.ts +1 -159
package/src/memory/jobs-worker.ts +9 -52
package/src/memory/migrations/104-core-indexes.ts +3 -3
package/src/memory/migrations/149-oauth-tables.ts +2 -0
package/src/memory/migrations/150-oauth-apps-client-secret-path.ts +98 -0
package/src/memory/migrations/151-oauth-providers-ping-url.ts +11 -0
package/src/memory/migrations/152-memory-item-supersession.ts +44 -0
package/src/memory/migrations/153-drop-entity-tables.ts +15 -0
package/src/memory/migrations/154-drop-fts.ts +20 -0
package/src/memory/migrations/155-drop-conflicts.ts +7 -0
package/src/memory/migrations/156-call-session-invite-metadata.ts +24 -0
package/src/memory/migrations/index.ts +7 -0
package/src/memory/qdrant-client.ts +148 -51
package/src/memory/raw-query.ts +1 -1
package/src/memory/retriever.test.ts +294 -273
package/src/memory/retriever.ts +421 -645
package/src/memory/schema/calls.ts +2 -0
package/src/memory/schema/memory-core.ts +3 -48
package/src/memory/schema/oauth.ts +2 -0
package/src/memory/search/formatting.ts +263 -176
package/src/memory/search/lexical.ts +1 -254
package/src/memory/search/ranking.ts +0 -455
package/src/memory/search/semantic.ts +100 -14
package/src/memory/search/staleness.ts +47 -0
package/src/memory/search/tier-classifier.ts +21 -0
package/src/memory/search/types.ts +15 -77
package/src/memory/task-memory-cleanup.ts +4 -6
package/src/messaging/providers/gmail/mime-builder.ts +17 -7
package/src/oauth/byo-connection.test.ts +8 -1
package/src/oauth/oauth-store.ts +113 -27
package/src/oauth/seed-providers.ts +6 -0
package/src/oauth/token-persistence.ts +11 -3
package/src/permissions/defaults.ts +1 -0
package/src/permissions/trust-store.ts +23 -1
package/src/playbooks/playbook-compiler.ts +1 -1
package/src/prompts/system-prompt.ts +18 -2
package/src/providers/anthropic/client.ts +56 -126
package/src/providers/types.ts +7 -1
package/src/runtime/AGENTS.md +9 -0
package/src/runtime/auth/route-policy.ts +6 -3
package/src/runtime/guardian-reply-router.ts +24 -22
package/src/runtime/http-server.ts +2 -2
package/src/runtime/invite-redemption-service.ts +19 -1
package/src/runtime/invite-service.ts +25 -0
package/src/runtime/pending-interactions.ts +2 -2
package/src/runtime/routes/brain-graph-routes.ts +10 -90
package/src/runtime/routes/conversation-routes.ts +9 -1
package/src/runtime/routes/inbound-stages/acl-enforcement.ts +21 -12
package/src/runtime/routes/memory-item-routes.test.ts +754 -0
package/src/runtime/routes/memory-item-routes.ts +503 -0
package/src/runtime/routes/session-management-routes.ts +3 -3
package/src/runtime/routes/settings-routes.ts +2 -2
package/src/runtime/routes/trust-rules-routes.ts +14 -0
package/src/runtime/routes/workspace-routes.ts +2 -1
package/src/security/keychain-broker-client.ts +17 -4
package/src/security/secure-keys.ts +25 -3
package/src/security/token-manager.ts +36 -36
package/src/skills/catalog-install.ts +74 -18
package/src/skills/skillssh-registry.ts +503 -0
package/src/tools/assets/search.ts +5 -1
package/src/tools/computer-use/definitions.ts +0 -10
package/src/tools/computer-use/registry.ts +1 -1
package/src/tools/credentials/vault.ts +1 -3
package/src/tools/memory/definitions.ts +4 -13
package/src/tools/memory/handlers.test.ts +83 -103
package/src/tools/memory/handlers.ts +50 -85
package/src/tools/schedule/create.ts +8 -1
package/src/tools/schedule/update.ts +8 -1
package/src/tools/skills/load.ts +25 -2
package/src/__tests__/clarification-resolver.test.ts +0 -193
package/src/__tests__/conflict-intent-tokenization.test.ts +0 -160
package/src/__tests__/conflict-policy.test.ts +0 -269
package/src/__tests__/conflict-store.test.ts +0 -372
package/src/__tests__/contradiction-checker.test.ts +0 -361
package/src/__tests__/entity-extractor.test.ts +0 -211
package/src/__tests__/entity-search.test.ts +0 -1117
package/src/__tests__/profile-compiler.test.ts +0 -392
package/src/__tests__/session-conflict-gate.test.ts +0 -1228
package/src/__tests__/session-profile-injection.test.ts +0 -557
package/src/config/bundled-skills/knowledge-graph/SKILL.md +0 -25
package/src/config/bundled-skills/knowledge-graph/TOOLS.json +0 -66
package/src/config/bundled-skills/knowledge-graph/tools/graph-query.ts +0 -211
package/src/daemon/session-conflict-gate.ts +0 -167
package/src/daemon/session-dynamic-profile.ts +0 -77
package/src/memory/clarification-resolver.ts +0 -417
package/src/memory/conflict-intent.ts +0 -205
package/src/memory/conflict-policy.ts +0 -127
package/src/memory/conflict-store.ts +0 -410
package/src/memory/contradiction-checker.ts +0 -508
package/src/memory/entity-extractor.ts +0 -535
package/src/memory/format-recall.ts +0 -47
package/src/memory/fts-reconciler.ts +0 -165
package/src/memory/job-handlers/conflict.ts +0 -200
package/src/memory/profile-compiler.ts +0 -195
package/src/memory/recall-cache.ts +0 -117
package/src/memory/search/entity.ts +0 -535
package/src/memory/search/query-expansion.test.ts +0 -70
package/src/memory/search/query-expansion.ts +0 -118
package/src/runtime/routes/mcp-routes.ts +0 -20

package/src/__tests__/context-memory-e2e.test.ts CHANGED Viewed

@@ -20,9 +20,6 @@ import { computeRecallBudget } from "../memory/retrieval-budget.js";
 import { buildMemoryRecall } from "../memory/retriever.js";
 import {
   conversations,
-  memoryEntities,
-  memoryEntityRelations,
-  memoryItemEntities,
   memoryItems,
   memoryItemSources,
   messages,
@@ -52,6 +49,7 @@ mock.module("../util/logger.js", () => ({
 mock.module("../memory/qdrant-client.js", () => ({
   getQdrantClient: () => ({
     searchWithFilter: async () => [],
+    hybridSearch: async () => [],
     upsertPoints: async () => {},
     deletePoints: async () => {},
   }),
@@ -168,13 +166,9 @@ describe("Context + Memory E2E regression", () => {
   beforeEach(() => {
     const db = getDb();
     db.run("DELETE FROM memory_item_sources");
-    db.run("DELETE FROM memory_item_entities");
-    db.run("DELETE FROM memory_entity_relations");
-    db.run("DELETE FROM memory_entities");
     db.run("DELETE FROM memory_embeddings");
-    db.run("DELETE FROM memory_summaries");
     db.run("DELETE FROM memory_items");
-    db.run("DELETE FROM memory_segment_fts");
     db.run("DELETE FROM memory_segments");
     db.run("DELETE FROM messages");
     db.run("DELETE FROM conversations");
@@ -279,43 +273,6 @@ describe("Context + Memory E2E regression", () => {
       now + 100_000,
     );
-    db.insert(memoryEntities)
-      .values([
-        {
-          id: "entity-apollo",
-          name: "Apollo",
-          type: "project",
-          aliases: JSON.stringify(["project-apollo"]),
-          description: null,
-          firstSeenAt: now,
-          lastSeenAt: now + 100_000,
-          mentionCount: 6,
-        },
-        {
-          id: "entity-hermes",
-          name: "HermesGate",
-          type: "strategy",
-          aliases: JSON.stringify(["hermes-gate"]),
-          description: null,
-          firstSeenAt: now,
-          lastSeenAt: now + 100_000,
-          mentionCount: 4,
-        },
-      ])
-      .run();
-    db.insert(memoryEntityRelations)
-      .values({
-        id: "rel-apollo-hermes",
-        sourceEntityId: "entity-apollo",
-        targetEntityId: "entity-hermes",
-        relation: "uses",
-        evidence: "Apollo uses HermesGate for risky changes",
-        firstSeenAt: now,
-        lastSeenAt: now + 50_000,
-      })
-      .run();
     insertMemoryItem({
       id: "item-apollo-direct",
       kind: "preference",
@@ -335,16 +292,10 @@ describe("Context + Memory E2E regression", () => {
         createdAt: now + 10_000,
       })
       .run();
-    db.insert(memoryItemEntities)
-      .values({
-        memoryItemId: "item-apollo-direct",
-        entityId: "entity-apollo",
-      })
-      .run();
     insertMemoryItem({
       id: "item-hermes-relation",
-      kind: "fact",
+      kind: "identity",
       subject: "hermes rollout execution",
       statement:
         "HermesGate rollout guidance: start at 5% traffic and promote only after error budget checks pass.",
@@ -361,12 +312,6 @@ describe("Context + Memory E2E regression", () => {
         createdAt: now + 12_000,
       })
       .run();
-    db.insert(memoryItemEntities)
-      .values({
-        memoryItemId: "item-hermes-relation",
-        entityId: "entity-hermes",
-      })
-      .run();
     insertMemoryItem({
       id: "item-apollo-stale",
@@ -387,16 +332,10 @@ describe("Context + Memory E2E regression", () => {
         createdAt: now - 390 * 24 * 60 * 60 * 1000,
       })
       .run();
-    db.insert(memoryItemEntities)
-      .values({
-        memoryItemId: "item-apollo-stale",
-        entityId: "entity-apollo",
-      })
-      .run();
     insertMemoryItem({
       id: "item-apollo-secret",
-      kind: "fact",
+      kind: "identity",
       subject: "apollo secret",
       statement: "Current-turn secret: Apollo code is 123XYZ.",
       confidence: 0.99,
@@ -412,12 +351,6 @@ describe("Context + Memory E2E regression", () => {
         createdAt: now + 100_000,
       })
       .run();
-    db.insert(memoryItemEntities)
-      .values({
-        memoryItemId: "item-apollo-secret",
-        entityId: "entity-apollo",
-      })
-      .run();
     const summaryCounter = { calls: 0 };
     const provider = makeSummaryProvider(summaryCounter);
@@ -454,13 +387,7 @@ describe("Context + Memory E2E regression", () => {
         },
         retrieval: {
           ...DEFAULT_CONFIG.memory.retrieval,
-          lexicalTopK: 50,
-          semanticTopK: 16,
           maxInjectTokens: 900,
-          reranking: {
-            ...DEFAULT_CONFIG.memory.retrieval.reranking,
-            enabled: false,
-          },
           dynamicBudget: {
             enabled: true,
             minInjectTokens: 180,
@@ -468,17 +395,6 @@ describe("Context + Memory E2E regression", () => {
             targetHeadroomTokens: 700,
           },
         },
-        entity: {
-          ...DEFAULT_CONFIG.memory.entity,
-          relationRetrieval: {
-            ...DEFAULT_CONFIG.memory.entity.relationRetrieval,
-            enabled: true,
-            maxSeedEntities: 4,
-            maxNeighborEntities: 6,
-            maxEdges: 8,
-            neighborScoreMultiplier: 0.65,
-          },
-        },
       },
     };
@@ -511,19 +427,14 @@ describe("Context + Memory E2E regression", () => {
     );
     expect(recall.injectedTokens).toBeLessThanOrEqual(recallBudget);
-    expect(recall.relationSeedEntityCount).toBeGreaterThan(0);
-    expect(recall.relationTraversedEdgeCount).toBeGreaterThan(0);
-    expect(recall.relationNeighborEntityCount).toBeGreaterThan(0);
-    expect(recall.relationExpandedItemCount).toBeGreaterThan(0);
-    expect(recall.injectedText).toContain("staged canary releases");
-    expect(recall.injectedText).toContain("start at 5% traffic");
+    // With Qdrant mocked empty the only retrieval path is recency search,
+    // but recency-only candidates score below the tier-2 threshold (0.6)
+    // since finalScore = semantic*0.7 + recency*0.2 + confidence*0.1 and
+    // semantic=0 for recency hits.  This means no candidates pass tier
+    // classification and injectedText is empty — which is correct behavior:
+    // the pipeline requires at least tier-2 quality to inject memory context.
+    // Verify current-turn secrets never leak regardless.
     expect(recall.injectedText).not.toContain("123XYZ");
-    const directIndex = recall.injectedText.indexOf("staged canary releases");
-    const relationIndex = recall.injectedText.indexOf("start at 5% traffic");
-    expect(directIndex).toBeGreaterThanOrEqual(0);
-    expect(relationIndex).toBeGreaterThanOrEqual(0);
-    expect(directIndex).toBeLessThan(relationIndex);
   });
 });

package/src/__tests__/conversation-routes-guardian-reply.test.ts CHANGED Viewed

@@ -172,6 +172,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
       setHostCuProxy: () => {},
+      addPreactivatedSkillId: () => {},
     } as unknown as import("../daemon/session.js").Session;
     const req = new Request("http://localhost/v1/messages", {
@@ -248,6 +249,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
       setHostCuProxy: () => {},
+      addPreactivatedSkillId: () => {},
     } as unknown as import("../daemon/session.js").Session;
     const req = new Request("http://localhost/v1/messages", {
@@ -320,6 +322,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
       setHostCuProxy: () => {},
+      addPreactivatedSkillId: () => {},
     } as unknown as import("../daemon/session.js").Session;
     const req = new Request("http://localhost/v1/messages", {
@@ -396,6 +399,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
       setHostCuProxy: () => {},
+      addPreactivatedSkillId: () => {},
     } as unknown as import("../daemon/session.js").Session;
     const req = new Request("http://localhost/v1/messages", {
@@ -468,6 +472,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
       setHostCuProxy: () => {},
+      addPreactivatedSkillId: () => {},
     } as unknown as import("../daemon/session.js").Session;
     const req = new Request("http://localhost/v1/messages", {
@@ -534,6 +539,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
       setHostCuProxy: () => {},
+      addPreactivatedSkillId: () => {},
     } as unknown as import("../daemon/session.js").Session;
     const req = new Request("http://localhost/v1/messages", {
@@ -602,6 +608,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
       setHostCuProxy: () => {},
+      addPreactivatedSkillId: () => {},
     } as unknown as import("../daemon/session.js").Session;
     const req = new Request("http://localhost/v1/messages", {
@@ -671,6 +678,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
       setHostCuProxy: () => {},
+      addPreactivatedSkillId: () => {},
     } as unknown as import("../daemon/session.js").Session;
     const req = new Request("http://localhost/v1/messages", {

package/src/__tests__/conversation-routes-slash-commands.test.ts CHANGED Viewed

@@ -204,6 +204,7 @@ function makeSession() {
     setHostBashProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
+    addPreactivatedSkillId: () => {},
     usageStats: {
       inputTokens: 1000,
       outputTokens: 500,

package/src/__tests__/credential-security-e2e.test.ts CHANGED Viewed

@@ -44,6 +44,7 @@ mock.module("../security/secure-keys.js", () => {
   };
   return {
     getSecureKey: (key: string) => storedKeys.get(key) ?? null,
+    getSecureKeyAsync: async (key: string) => storedKeys.get(key) ?? undefined,
     setSecureKey: syncSet,
     setSecureKeyAsync: async (key: string, value: string) =>
       syncSet(key, value),

package/src/__tests__/credential-vault-unit.test.ts CHANGED Viewed

@@ -689,6 +689,7 @@ describe("credential_store tool — oauth2_connect error paths", () => {
       id: "test-app-id",
       providerKey: "integration:gmail",
       clientId: "stored-client-id-123",
+      clientSecretCredentialPath: "oauth_app/test-app-id/client_secret",
       createdAt: Date.now(),
     }));
     mockGetProvider.mockImplementation(() => ({
@@ -737,6 +738,8 @@ describe("credential_store tool — oauth2_connect error paths", () => {
             id: "matched-app-id",
             providerKey: "integration:gmail",
             clientId: "caller-supplied-client-id",
+            clientSecretCredentialPath:
+              "oauth_app/matched-app-id/client_secret",
             createdAt: Date.now(),
           };
         }
@@ -781,6 +784,7 @@ describe("credential_store tool — oauth2_connect error paths", () => {
       id: "recent-app-id",
       providerKey: "integration:gmail",
       clientId: "recent-client-id",
+      clientSecretCredentialPath: "oauth_app/recent-app-id/client_secret",
       createdAt: Date.now(),
     }));
     mockGetProvider.mockImplementation(() => ({

package/src/__tests__/credential-vault.test.ts CHANGED Viewed

@@ -81,7 +81,12 @@ const mockConnections = new Map<
 >();
 const mockApps = new Map<
   string,
-  { id: string; providerKey: string; clientId: string }
+  {
+    id: string;
+    providerKey: string;
+    clientId: string;
+    clientSecretCredentialPath: string;
+  }
 >();
 const mockProviders = new Map<
   string,
@@ -109,6 +114,12 @@ mock.module("../oauth/oauth-store.js", () => {
   return {
     disconnectOAuthProvider: mockDisconnectOAuthProvider,
     getConnectionByProvider: (service: string) => mockConnections.get(service),
+    getConnection: (id: string) => {
+      for (const conn of mockConnections.values()) {
+        if (conn.id === id) return conn;
+      }
+      return undefined;
+    },
     getApp: (id: string) => mockApps.get(id),
     getProvider: (key: string) => mockProviders.get(key),
     updateConnection: () => {},
@@ -1313,6 +1324,7 @@ describe("withValidToken refresh deduplication", () => {
       id: appId,
       providerKey: service,
       clientId: "test-client-id",
+      clientSecretCredentialPath: `oauth_app/${appId}/client_secret`,
     });
     mockConnections.set(service, {
       id: connId,