@vellumai/assistant 0.4.51 → 0.4.53

package/ARCHITECTURE.md

@@ -641,7 +641,7 @@ The assistant feature-flag resolver (`src/config/assistant-feature-flags.ts`) is
 | **3. `skill_load` tool**           | `executeSkillLoad()` in `tools/skills/load.ts`           | If the model attempts to load a flagged-off skill by name, the tool returns an error: `"skill is currently unavailable (disabled by feature flag)"`.                                                        |
 | **4. Runtime tool projection**     | `projectSkillTools()` in `daemon/session-skill-tools.ts` | Even if a skill was previously active in a session (has `<loaded_skill>` markers in history), the per-turn projection drops it when the flag is OFF. Already-registered tools are unregistered.             |
 | **5. Included child skills**       | `executeSkillLoad()` in `tools/skills/load.ts`           | When a parent skill includes children via the `includes` directive, each child is independently checked against its feature flag. Flagged-off children are silently excluded from the loaded skill content. |
-| **6. Skill install gate**          | `handleSkillsInstall()` in `daemon/handlers/skills.ts`   | When a client requests skill installation, the handler checks the skill's feature flag before proceeding. If the flag is OFF, the install is rejected with an error.                                        |
+| **6. Skill install gate**          | `installSkill()` in `daemon/handlers/skills.ts`           | When a client requests skill installation, the function checks the skill's feature flag before proceeding. If the flag is OFF, the install is rejected with an error.                                       |
 
 All six enforcement points derive the flag key via `skillFlagKey(skill)` — which returns `undefined` for ungated skills, short-circuiting the check — and then call `isAssistantFeatureFlagEnabled(flagKey, config)` for consistency.
 
@@ -657,7 +657,7 @@ All six enforcement points derive the flag key via `skillFlagKey(skill)` — whi
 | `src/tools/skills/load.ts`                      | `executeSkillLoad()` — enforcement points 3 and 5                                                                                                                         |
 | `src/daemon/session-skill-tools.ts`             | `projectSkillTools()` — enforcement point 4                                                                                                                               |
 | `src/config/schema.ts`                          | `assistantFeatureFlagValues` field definition in `AssistantConfig` (Zod schema)                                                                                           |
-| `src/daemon/handlers/skills.ts`                 | `handleSkillsList()` — uses `resolveSkillStates()` for client responses; `handleSkillsInstall()` — enforcement point 6                                                    |
+| `src/daemon/handlers/skills.ts`                 | `listSkills()` — uses `resolveSkillStates()` for client responses; `installSkill()` — enforcement point 6                                                                 |
 | `meta/feature-flags/feature-flag-registry.json` | Unified feature flag registry (repo root) — all declared flags with scope, label, default values, and descriptions                                                        |
 | `src/config/feature-flag-registry.json`         | Bundled copy of the unified registry for compiled binary resolution                                                                                                       |
 

package/docs/architecture/keychain-broker.md

@@ -163,21 +163,34 @@ XPC provides stronger caller identity guarantees via audit tokens and code requi
 
 ## Callsite Policy
 
-### Runtime request handlers (secret-routes, etc.)
+### Async-first policy
 
-All runtime HTTP handlers that write or delete secrets **must** use the async APIs (`setSecureKeyAsync`, `deleteSecureKeyAsync`). These are the primary entry points for macOS app flows and must go through the broker to reach keychain.
+**All credential access should use the async functions** (`getSecureKeyAsync`, `setSecureKeyAsync`, `deleteSecureKeyAsync`). The async variants are the primary API: they check the encrypted store first (instant) and fall back to the keychain broker, ensuring secrets stored in the macOS Keychain are always reachable. The sync variants (`getSecureKey`, `setSecureKey`, `deleteSecureKey`) are **deprecated** and bypass the keychain broker entirely.
 
-### CLI commands (keys, credentials)
+New code must not introduce sync secure-key calls. Existing sync call sites should be converted to async when their surrounding code paths support it.
 
-CLI commands may use sync APIs (`setSecureKey`, `deleteSecureKey`, `getSecureKey`) since they run outside the macOS app process and the broker may not be available. The sync path uses the encrypted store directly, which is correct for headless/CLI environments.
+### Runtime request handlers (secret-routes, etc.)
+
+All runtime HTTP handlers that write or delete secrets **must** use the async APIs (`setSecureKeyAsync`, `deleteSecureKeyAsync`). These are the primary entry points for macOS app flows and must go through the broker to reach keychain.
 
 ### Gateway (credential-reader)
 
 The gateway reads credentials via async `readCredential()` which tries the broker first (native async UDS), falling back to the encrypted store. The gateway never writes credentials — that responsibility belongs to the assistant runtime.
 
-### Startup / initialization code
+### Known sync exceptions
+
+The migration from sync to async secure-key functions is complete for all call sites except provider initialization paths that require synchronous access. The following call sites still use the deprecated sync variants.
+
+#### Provider initialization (must remain sync)
+
+These call sites run in synchronous initialization contexts where async I/O is not feasible:
+
+| File                                               | Sync functions used | Reason                                                                                                                                                                                               |
+| -------------------------------------------------- | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `assistant/src/providers/managed-proxy/context.ts` | `getSecureKey`      | Provider context initialization is synchronous. The managed proxy context must resolve credentials before the first request can be processed, and the initialization path does not support awaiting. |
+| `assistant/src/providers/registry.ts`              | `getSecureKey`      | Provider registry initialization is synchronous. API keys must be resolved at provider construction time, and the call chain from config watcher through to provider init is fully synchronous.      |
 
-Sync APIs are acceptable for startup paths (e.g. provider initialization, config loading) where async is impractical or the broker may not yet be available.
+Any new sync usage requires explicit justification and should be documented here.
 
 ## Migration
 

package/docs/architecture/memory.md

@@ -293,8 +293,8 @@ The embedding backend is selected based on `memory.embeddings.provider` config:
 
 - `auto` (default): Tries local → OpenAI → Gemini → Ollama, using the first available.
 - `local`: ONNX-based local model (bge-small-en-v1.5). Lazy-loaded to avoid crashing in compiled binaries where onnxruntime-node is unavailable.
-- `openai`: OpenAI text-embedding-3-small. Requires `apiKeys.openai`.
-- `gemini`: Gemini gemini-embedding-001. Requires `apiKeys.gemini`. Only backend supporting multimodal embeddings (images, audio, video).
+- `openai`: OpenAI text-embedding-3-small. Requires an OpenAI API key in secure storage.
+- `gemini`: Gemini gemini-embedding-001. Requires a Gemini API key in secure storage. Only backend supporting multimodal embeddings (images, audio, video).
 - `ollama`: Ollama nomic-embed-text. Requires Ollama to be configured.
 
 An in-memory LRU vector cache (32 MB cap, keyed by `sha256(provider + model + content)`) avoids redundant embedding calls for identical content. Sparse embeddings are generated in-process (no external calls).
@@ -570,7 +570,7 @@ graph TB
 
     **Commit message LLM fallback chain**: The generator runs a sequence of pre-flight checks before calling the LLM. Each check that fails produces a machine-readable `llmFallbackReason` in the structured log output and immediately returns a deterministic message. The checks, in order:
     1. `disabled` — `commitMessageLLM.enabled` is `false` or `useConfiguredProvider` is `false`
-    2. `missing_provider_api_key` — the configured provider's API key is not set in `config.apiKeys` (skipped for keyless providers like Ollama that run without an API key)
+    2. `missing_provider_api_key` — the configured provider's API key is not found in secure storage (skipped for keyless providers like Ollama that run without an API key)
     3. `breaker_open` — the generator's internal circuit breaker is open after consecutive LLM failures (exponential backoff)
     4. `insufficient_budget` — the remaining turn budget (`deadlineMs - Date.now()`) is below `minRemainingTurnBudgetMs`
     5. `missing_fast_model` — no fast model could be resolved for the configured provider (see below); the provider is **not** called

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.4.51",
+  "version": "0.4.53",
   "type": "module",
   "exports": {
     ".": "./src/index.ts"

package/src/__tests__/approval-cascade.test.ts

@@ -79,7 +79,6 @@ mock.module("../config/loader.js", () => ({
     },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     timeouts: { permissionTimeoutSec: 300 },
-    apiKeys: {},
     skills: { entries: {}, allowBundled: true },
     permissions: { mode: "workspace" },
   }),
@@ -203,6 +202,9 @@ mock.module("../memory/llm-usage-store.js", () => ({
 mock.module("../agent/loop.js", () => ({
   AgentLoop: class {
     constructor() {}
+    getToolTokenBudget() {
+      return 0;
+    }
     async run(
       _messages: Message[],
       _onEvent: (event: AgentEvent) => void,

package/src/__tests__/approval-routes-http.test.ts

@@ -41,7 +41,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },

package/src/__tests__/asset-materialize-tool.test.ts

@@ -33,7 +33,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
   }),

package/src/__tests__/asset-search-tool.test.ts

@@ -32,7 +32,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
   }),

package/src/__tests__/assistant-events-sse-hardening.test.ts

@@ -40,7 +40,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },

package/src/__tests__/attachments-store.test.ts

@@ -30,7 +30,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
   }),

package/src/__tests__/avatar-e2e.test.ts

@@ -27,11 +27,16 @@ const geminiGenerateContentFn = mock(async () => geminiGenerateContentResult);
 
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
-    apiKeys: { gemini: mockGeminiKey },
     imageGenModel: "gemini-2.5-flash-image",
   }),
 }));
 
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: async (name: string) =>
+    name === "gemini" ? mockGeminiKey : null,
+  getSecureKey: () => null,
+}));
+
 mock.module("../util/platform.js", () => ({
   getWorkspaceDir: () => mockWorkspaceDir,
 }));

package/src/__tests__/browser-fill-credential.test.ts

@@ -59,8 +59,11 @@ let mockGetCredentialMetadata: ReturnType<typeof mock>;
 
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (...args: unknown[]) => mockGetSecureKey(...args),
+  getSecureKeyAsync: async (...args: unknown[]) => mockGetSecureKey(...args),
   setSecureKey: () => true,
+  setSecureKeyAsync: async () => true,
   deleteSecureKey: () => "deleted",
+  deleteSecureKeyAsync: async () => "deleted",
   listSecureKeys: () => [],
   getBackendType: () => "encrypted",
   _resetBackend: () => {},

package/src/__tests__/btw-routes.test.ts

@@ -54,6 +54,17 @@ mock.module("../daemon/session-tool-setup.js", () => ({
   buildToolDefinitions: () => MOCK_TOOLS,
 }));
 
+const mockCheckIngressForSecrets = mock((content: string) => ({
+  blocked: false,
+  userNotice: "",
+  detectedTypes: [] as string[],
+  normalizedContent: content,
+}));
+
+mock.module("../security/secret-ingress.js", () => ({
+  checkIngressForSecrets: mockCheckIngressForSecrets,
+}));
+
 // ---------------------------------------------------------------------------
 // Imports (after mocks)
 // ---------------------------------------------------------------------------
@@ -218,6 +229,34 @@ describe("POST /v1/btw", () => {
     expect(body.error.message).toContain("content");
   });
 
+  test("returns 422 when content includes a blocked secret", async () => {
+    mockCheckIngressForSecrets.mockReturnValueOnce({
+      blocked: true,
+      userNotice: "Secret detected",
+      detectedTypes: ["api_key"],
+      normalizedContent: "sk-test-123",
+    });
+
+    const provider = makeMockProvider();
+    const session = makeMockSession(provider);
+    const res = await callHandler(
+      { conversationKey: "key", content: "sk-test-123" },
+      { sendMessageDeps: makeSendMessageDeps(session) },
+    );
+
+    expect(res.status).toBe(422);
+    const body = (await res.json()) as {
+      accepted: boolean;
+      error: string;
+      message: string;
+      detectedTypes: string[];
+    };
+    expect(body.accepted).toBe(false);
+    expect(body.error).toBe("secret_blocked");
+    expect(body.detectedTypes).toEqual(["api_key"]);
+    expect(provider.sendMessage).not.toHaveBeenCalled();
+  });
+
   // -- Service unavailability (503) --
 
   test("returns 503 when sendMessageDeps is unavailable", async () => {

package/src/__tests__/call-controller.test.ts

@@ -43,7 +43,6 @@ mock.module("../config/loader.js", () => {
 
     provider: "anthropic",
     providerOrder: ["anthropic"],
-    apiKeys: { anthropic: "test-key" },
     calls: {
       enabled: true,
       provider: "twilio",

package/src/__tests__/call-domain.test.ts

@@ -115,6 +115,7 @@ mock.module("../calls/twilio-provider.js", () => ({
 
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: () => null,
+  getSecureKeyAsync: async () => null,
 }));
 
 mock.module("../config/loader.js", () => ({

package/src/__tests__/call-routes-http.test.ts

@@ -53,7 +53,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },
@@ -62,7 +61,6 @@ mock.module("../config/loader.js", () => ({
   loadConfig: () => ({
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },
@@ -106,6 +104,7 @@ mock.module("../calls/twilio-config.js", () => ({
 // Mock secure keys
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: () => null,
+  getSecureKeyAsync: async () => null,
 }));
 
 mock.module("../calls/voice-ingress-preflight.js", () => ({

package/src/__tests__/canonical-guardian-store.test.ts

@@ -761,7 +761,7 @@ describe("canonical-guardian-store", () => {
 
   // ── expireAllPendingCanonicalRequests ───────────────────────────────
 
-  test("expireAllPendingCanonicalRequests transitions all pending to expired", () => {
+  test("expireAllPendingCanonicalRequests transitions interaction-bound pending to expired", () => {
     const req1 = createCanonicalGuardianRequest({
       kind: "tool_approval",
       sourceType: "desktop",
@@ -770,7 +770,7 @@ describe("canonical-guardian-store", () => {
       expiresAt: new Date(Date.now() + 60_000).toISOString(),
     });
     const req2 = createCanonicalGuardianRequest({
-      kind: "tool_approval",
+      kind: "pending_question",
       sourceType: "channel",
       conversationId: "conv-bulk-2",
       guardianPrincipalId: TEST_PRINCIPAL,
@@ -784,6 +784,37 @@ describe("canonical-guardian-store", () => {
     expect(getCanonicalGuardianRequest(req2.id)!.status).toBe("expired");
   });
 
+  test("expireAllPendingCanonicalRequests does not expire persistent kinds (access_request, tool_grant_request)", () => {
+    const accessReq = createCanonicalGuardianRequest({
+      kind: "access_request",
+      sourceType: "channel",
+      conversationId: "conv-bulk-persist-1",
+      guardianPrincipalId: TEST_PRINCIPAL,
+    });
+    const grantReq = createCanonicalGuardianRequest({
+      kind: "tool_grant_request",
+      sourceType: "channel",
+      conversationId: "conv-bulk-persist-2",
+      guardianPrincipalId: TEST_PRINCIPAL,
+    });
+    // Also create an interaction-bound request to verify selective expiry
+    const toolApproval = createCanonicalGuardianRequest({
+      kind: "tool_approval",
+      sourceType: "desktop",
+      conversationId: "conv-bulk-persist-3",
+      guardianPrincipalId: TEST_PRINCIPAL,
+    });
+
+    const count = expireAllPendingCanonicalRequests();
+    expect(count).toBe(1); // Only tool_approval expired
+
+    expect(getCanonicalGuardianRequest(accessReq.id)!.status).toBe("pending");
+    expect(getCanonicalGuardianRequest(grantReq.id)!.status).toBe("pending");
+    expect(getCanonicalGuardianRequest(toolApproval.id)!.status).toBe(
+      "expired",
+    );
+  });
+
   test("expireAllPendingCanonicalRequests does not affect already-resolved requests", () => {
     const approved = createCanonicalGuardianRequest({
       kind: "tool_approval",

package/src/__tests__/channel-readiness-routes.test.ts

@@ -49,6 +49,7 @@ mock.module("../config/loader.js", () => ({
 
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (key: string) => mockSecureKeys[key] ?? null,
+  getSecureKeyAsync: async (key: string) => mockSecureKeys[key] ?? null,
 }));
 
 mock.module("../email/service.js", () => ({

package/src/__tests__/channel-readiness-service.test.ts

@@ -49,6 +49,7 @@ mock.module("../email/service.js", () => ({
 
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (key: string) => mockSecureKeys[key] ?? null,
+  getSecureKeyAsync: async (key: string) => mockSecureKeys[key] ?? null,
 }));
 
 mock.module("../runtime/channel-invite-transports/whatsapp.js", () => ({

package/src/__tests__/claude-code-skill-regression.test.ts

@@ -29,11 +29,15 @@ mock.module("../util/logger.js", () => ({
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     ui: {},
-
-    apiKeys: { anthropic: "test-key" },
   }),
 }));
 
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: async (name: string) =>
+    name === "anthropic" ? "fake-anthropic-key" : null,
+  getSecureKey: () => null,
+}));
+
 // ---------------------------------------------------------------------------
 // Imports (after mocks)
 // ---------------------------------------------------------------------------

package/src/__tests__/claude-code-tool-profiles.test.ts

@@ -33,11 +33,16 @@ mock.module("../util/logger.js", () => ({
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     ui: {},
-
-    apiKeys: { anthropic: "test-key" },
   }),
 }));
 
+// Mock secure-keys — provide a fake Anthropic API key
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: async (name: string) =>
+    name === "anthropic" ? "fake-anthropic-key" : null,
+  getSecureKey: () => null,
+}));
+
 import { claudeCodeTool } from "../tools/claude-code/claude-code.js";
 import type { ToolContext } from "../tools/types.js";
 

package/src/__tests__/config-loader-backfill.test.ts

@@ -278,13 +278,12 @@ describe("config loader backfill", () => {
     expect(contentAfter).toBe(contentBefore);
   });
 
-  test("does not write apiKeys or dataDir during backfill", () => {
+  test("does not write dataDir during backfill", () => {
     writeConfig({ provider: "anthropic" });
 
     loadConfig();
 
     const raw = readConfig();
-    expect(raw.apiKeys).toBeUndefined();
     expect(raw.dataDir).toBeUndefined();
   });
 

package/src/__tests__/config-schema.test.ts

@@ -67,7 +67,10 @@ import {
   resolveVoiceQualityProfile,
 } from "../calls/voice-quality.js";
 import { invalidateConfigCache, loadConfig } from "../config/loader.js";
-import { AssistantConfigSchema } from "../config/schema.js";
+import {
+  AssistantConfigSchema,
+  DEFAULT_ELEVENLABS_VOICE_ID,
+} from "../config/schema.js";
 import { _setStorePath } from "../security/encrypted-store.js";
 import { _setBackend } from "../security/secure-keys.js";
 
@@ -89,7 +92,6 @@ describe("AssistantConfigSchema", () => {
     expect(result.provider).toBe("anthropic");
     expect(result.model).toBe("claude-opus-4-6");
     expect(result.maxTokens).toBe(16000);
-    expect(result.apiKeys).toEqual({});
     expect(result.thinking).toEqual({
       enabled: false,
       streamThinking: false,
@@ -137,7 +139,6 @@ describe("AssistantConfigSchema", () => {
       provider: "openai",
       model: "gpt-4",
       maxTokens: 4096,
-      apiKeys: { openai: "sk-test" },
       thinking: { enabled: true },
       timeouts: {
         shellDefaultTimeoutSec: 30,
@@ -358,13 +359,6 @@ describe("AssistantConfigSchema", () => {
     expect(result.success).toBe(false);
   });
 
-  test("rejects non-string apiKeys values", () => {
-    const result = AssistantConfigSchema.safeParse({
-      apiKeys: { anthropic: 123 },
-    });
-    expect(result.success).toBe(false);
-  });
-
   test("accepts partial nested objects with defaults", () => {
     const result = AssistantConfigSchema.parse({
       timeouts: { shellDefaultTimeoutSec: 30 },
@@ -906,10 +900,10 @@ describe("resolveVoiceQualityProfile", () => {
     expect(profile.voice).toBe("test-voice-id");
   });
 
-  test("defaults to Rachel voice ID when elevenlabs.voiceId is not set", () => {
+  test("defaults to Amelia voice ID when elevenlabs.voiceId is not set", () => {
     const config = AssistantConfigSchema.parse({});
     const profile = resolveVoiceQualityProfile(config);
-    expect(profile.voice).toBe("21m00Tcm4TlvDq8ikWAM");
+    expect(profile.voice).toBe(DEFAULT_ELEVENLABS_VOICE_ID);
   });
 
   test("applies voice tuning params from elevenlabs config", () => {
@@ -1165,31 +1159,6 @@ describe("loadConfig with schema validation", () => {
     expect(config.permissions.mode).toBe("workspace");
   });
 
-  test("does not mutate default apiKeys when fallback config is overridden by env keys", () => {
-    const originalAnthropicApiKey = process.env.ANTHROPIC_API_KEY;
-    try {
-      const testKey = ["test", "in", "memory", "default", "leak"].join("-");
-      process.env.ANTHROPIC_API_KEY = testKey;
-      writeConfig("this is not a config object");
-
-      const configWithEnv = loadConfig();
-      expect(configWithEnv.apiKeys.anthropic).toBe(testKey);
-
-      invalidateConfigCache();
-      delete process.env.ANTHROPIC_API_KEY;
-      writeConfig("still not a config object");
-
-      const configWithoutEnv = loadConfig();
-      expect(configWithoutEnv.apiKeys.anthropic).toBeUndefined();
-    } finally {
-      if (originalAnthropicApiKey !== undefined) {
-        process.env.ANTHROPIC_API_KEY = originalAnthropicApiKey;
-      } else {
-        delete process.env.ANTHROPIC_API_KEY;
-      }
-    }
-  });
-
   // ── Calls config (loader integration) ──────────────────────────────
 
   test("loads calls config from file", () => {

package/src/__tests__/conversation-routes-slash-commands.test.ts

@@ -30,7 +30,6 @@ mock.module("../config/loader.js", () => ({
     ui: {},
     model: "claude-opus-4-6",
     provider: "anthropic",
-    apiKeys: { anthropic: "test-key" },
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },

package/src/__tests__/credential-broker-server-use.test.ts

@@ -371,7 +371,7 @@ describe("CredentialBroker.serverUse", () => {
       expect(r2.result).toBe("triggered");
     });
 
-    test("different services with same field name are independent (serverUseById)", () => {
+    test("different services with same field name are independent (serverUseById)", async () => {
       const meta1 = upsertCredentialMetadata("github", "api_token", {
         allowedTools: ["github_api"],
       });
@@ -382,7 +382,7 @@ describe("CredentialBroker.serverUse", () => {
       setSecureKey(credentialKey("gitlab", "api_token"), "gl_tok");
 
       // github credential should not serve gitlab tool
-      const r1 = broker.serverUseById({
+      const r1 = await broker.serverUseById({
         credentialId: meta1.credentialId,
         requestingTool: "gitlab_api",
       });
@@ -447,7 +447,7 @@ describe("CredentialBroker.serverUseById", () => {
     rmSync(TEST_DIR, { recursive: true, force: true });
   });
 
-  test("returns metadata and injection templates for valid credential", () => {
+  test("returns metadata and injection templates for valid credential", async () => {
     const meta = upsertCredentialMetadata("fal", "api_key", {
       allowedTools: ["media_proxy"],
       injectionTemplates: [
@@ -461,7 +461,7 @@ describe("CredentialBroker.serverUseById", () => {
     });
     setSecureKey(credentialKey("fal", "api_key"), "fal-secret-key");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });
@@ -480,13 +480,13 @@ describe("CredentialBroker.serverUseById", () => {
     expect(serialized).not.toContain("fal-secret-key");
   });
 
-  test("denies when requesting tool is not in allowed list", () => {
+  test("denies when requesting tool is not in allowed list", async () => {
     const meta = upsertCredentialMetadata("fal", "api_key", {
       allowedTools: ["media_proxy"],
     });
     setSecureKey(credentialKey("fal", "api_key"), "fal-secret-key");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "unauthorized_tool",
     });
@@ -498,8 +498,8 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.reason).toContain("media_proxy");
   });
 
-  test("returns not found for unknown credential ID", () => {
-    const result = broker.serverUseById({
+  test("returns not found for unknown credential ID", async () => {
+    const result = await broker.serverUseById({
       credentialId: "nonexistent-id",
       requestingTool: "media_proxy",
     });
@@ -510,14 +510,14 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.reason).toContain("nonexistent-id");
   });
 
-  test("denies when credential has domain restrictions", () => {
+  test("denies when credential has domain restrictions", async () => {
     const meta = upsertCredentialMetadata("github", "oauth_token", {
       allowedTools: ["media_proxy"],
       allowedDomains: ["github.com"],
     });
     setSecureKey(credentialKey("github", "oauth_token"), "gho_test");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });
@@ -528,13 +528,13 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.reason).toContain("cannot be used server-side");
   });
 
-  test("returns empty injection templates when credential has none", () => {
+  test("returns empty injection templates when credential has none", async () => {
     const meta = upsertCredentialMetadata("vercel", "api_token", {
       allowedTools: ["media_proxy"],
     });
     setSecureKey(credentialKey("vercel", "api_token"), "test-vercel-token");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });
@@ -544,13 +544,13 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.injectionTemplates).toEqual([]);
   });
 
-  test("denies with empty allowedTools and suggests updating credential", () => {
+  test("denies with empty allowedTools and suggests updating credential", async () => {
     const meta = upsertCredentialMetadata("stripe", "secret_key", {
       allowedTools: [],
     });
     setSecureKey(credentialKey("stripe", "secret_key"), "sk_test_xyz");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });
@@ -561,7 +561,7 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.reason).toContain("credential_store");
   });
 
-  test("denies when metadata exists but no stored secret value", () => {
+  test("denies when metadata exists but no stored secret value", async () => {
     const meta = upsertCredentialMetadata("fal", "api_key", {
       allowedTools: ["media_proxy"],
       injectionTemplates: [
@@ -575,7 +575,7 @@ describe("CredentialBroker.serverUseById", () => {
     });
     // No setSecureKey — metadata exists but value doesn't
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });