@vellumai/assistant 0.4.51 → 0.4.53

package/src/runtime/routes/log-export-routes.ts

@@ -6,8 +6,15 @@
  * of requiring direct filesystem access.
  */
 
-import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
-import { join } from "node:path";
+import { spawnSync } from "node:child_process";
+import {
+  existsSync,
+  lstatSync,
+  readdirSync,
+  readFileSync,
+  statSync,
+} from "node:fs";
+import { join, relative } from "node:path";
 
 import { desc } from "drizzle-orm";
 
@@ -18,6 +25,7 @@ import {
   getDataDir,
   getRootDir,
   getWorkspaceConfigPath,
+  getWorkspaceDir,
 } from "../../util/platform.js";
 import { httpError } from "../http-errors.js";
 import type { RouteDefinition } from "../http-router.js";
@@ -36,6 +44,7 @@ interface ExportResponse {
   auditRows: Array<Record<string, unknown>>;
   logFiles: Record<string, string>;
   configSnapshot?: Record<string, unknown>;
+  workspaceFiles: Record<string, string>;
 }
 
 /**
@@ -91,12 +100,16 @@ async function handleExport(body: ExportRequestBody): Promise<Response> {
     // --- Sanitized config snapshot ---
     const configSnapshot = readSanitizedConfig();
 
+    // --- Workspace files ---
+    const workspaceFiles = collectWorkspaceFiles();
+
     log.info(
       {
         auditCount: auditRows.length,
         logFileCount: Object.keys(logFiles).length,
         totalBytes,
         hasConfig: configSnapshot !== undefined,
+        workspaceFileCount: Object.keys(workspaceFiles).length,
       },
       "Export completed",
     );
@@ -106,6 +119,7 @@ async function handleExport(body: ExportRequestBody): Promise<Response> {
       auditRows,
       logFiles,
       configSnapshot,
+      workspaceFiles,
     };
     return Response.json(payload);
   } catch (err) {
@@ -115,6 +129,112 @@ async function handleExport(body: ExportRequestBody): Promise<Response> {
   }
 }
 
+/** Directory prefixes to skip when collecting workspace files. */
+const WORKSPACE_SKIP_DIRS = new Set(["embedding-models", "data/qdrant"]);
+
+/** Files at the workspace root to skip (already covered by sanitized fields). */
+const WORKSPACE_SKIP_ROOT_FILES = new Set(["config.json"]);
+
+/** Maximum cumulative size for workspace file contents (10 MB). */
+const MAX_WORKSPACE_PAYLOAD_BYTES = 10 * 1024 * 1024;
+
+/**
+ * Recursively collects files from the workspace directory into a
+ * `Record<string, string>` map of relative path to content.
+ *
+ * - Skips `config.json` at the workspace root (already exported as a
+ *   sanitized `configSnapshot`; the raw file contains secrets).
+ * - Skips symlinks to prevent reading files outside the workspace.
+ * - Skips directories in `WORKSPACE_SKIP_DIRS`.
+ * - For `.db` files, shells out to `sqlite3 <path> .dump` and stores the
+ *   SQL text output with a `.sql` suffix appended to the key.
+ * - Skips binary files (detected via null-byte heuristic).
+ * - Stops collecting once `MAX_WORKSPACE_PAYLOAD_BYTES` is reached.
+ */
+function collectWorkspaceFiles(): Record<string, string> {
+  const wsDir = getWorkspaceDir();
+  if (!existsSync(wsDir)) return {};
+
+  const result: Record<string, string> = {};
+  let totalBytes = 0;
+
+  function walk(dir: string): void {
+    let entries: string[];
+    try {
+      entries = readdirSync(dir);
+    } catch {
+      return;
+    }
+
+    for (const entry of entries) {
+      const fullPath = join(dir, entry);
+      const relPath = relative(wsDir, fullPath);
+
+      // Check if this path falls under a skipped directory prefix
+      if (
+        [...WORKSPACE_SKIP_DIRS].some(
+          (prefix) => relPath === prefix || relPath.startsWith(prefix + "/"),
+        )
+      ) {
+        continue;
+      }
+
+      // Skip root-level files that are already exported separately
+      if (dir === wsDir && WORKSPACE_SKIP_ROOT_FILES.has(entry)) {
+        continue;
+      }
+
+      try {
+        // Use lstatSync to avoid following symlinks
+        const stat = lstatSync(fullPath);
+
+        // Skip symlinks — they could point outside the workspace
+        if (stat.isSymbolicLink()) continue;
+
+        if (stat.isDirectory()) {
+          walk(fullPath);
+          continue;
+        }
+        if (!stat.isFile()) continue;
+
+        // Enforce cumulative size cap
+        if (totalBytes + stat.size > MAX_WORKSPACE_PAYLOAD_BYTES) continue;
+
+        // SQLite DB handling: dump as SQL text
+        if (entry.endsWith(".db")) {
+          try {
+            const proc = spawnSync("sqlite3", [fullPath, ".dump"], {
+              timeout: 10_000,
+            });
+            if (proc.status === 0 && proc.stdout) {
+              const output =
+                proc.stdout instanceof Buffer
+                  ? proc.stdout.toString("utf-8")
+                  : String(proc.stdout);
+              result[relPath + ".sql"] = output;
+              totalBytes += Buffer.byteLength(output, "utf-8");
+            }
+          } catch {
+            // Skip if dump fails
+          }
+          continue;
+        }
+
+        // Read as UTF-8 and skip binary files (null-byte heuristic)
+        const content = readFileSync(fullPath, "utf-8");
+        if (content.includes("\0")) continue;
+        result[relPath] = content;
+        totalBytes += stat.size;
+      } catch {
+        // Skip unreadable files
+      }
+    }
+  }
+
+  walk(wsDir);
+  return result;
+}
+
 /**
  * Replaces a string value with a presence flag: "(set)" if truthy, "(empty)" otherwise.
  */
@@ -134,14 +254,6 @@ function readSanitizedConfig(): Record<string, unknown> | undefined {
     const raw = readFileSync(configPath, "utf-8");
     const config = JSON.parse(raw) as Record<string, unknown>;
 
-    // Strip API key values — preserve which providers have keys configured
-    if (config.apiKeys && typeof config.apiKeys === "object") {
-      const keys = config.apiKeys as Record<string, unknown>;
-      config.apiKeys = Object.fromEntries(
-        Object.keys(keys).map((k) => [k, redactStringValue(keys[k])]),
-      );
-    }
-
     // Strip ingress webhook secret
     if (config.ingress && typeof config.ingress === "object") {
       const ingress = config.ingress as Record<string, unknown>;

package/src/runtime/routes/session-query-routes.ts

@@ -52,8 +52,8 @@ export function sessionQueryRouteDefinitions(
       endpoint: "model",
       method: "GET",
       policyKey: "model",
-      handler: () => {
-        const info = getModelInfo();
+      handler: async () => {
+        const info = await getModelInfo();
         return Response.json(info);
       },
     },
@@ -74,7 +74,7 @@ export function sessionQueryRouteDefinitions(
           );
         }
         try {
-          const info = setModel(body.modelId, deps.getModelSetContext());
+          const info = await setModel(body.modelId, deps.getModelSetContext());
           return Response.json(info);
         } catch (err) {
           const message = err instanceof Error ? err.message : String(err);

package/src/runtime/routes/settings-routes.ts

@@ -10,7 +10,13 @@
 import { readFileSync } from "node:fs";
 import { join } from "node:path";
 
+import { setIngressPublicBaseUrl } from "../../config/env.js";
+import { loadRawConfig, saveRawConfig } from "../../config/loader.js";
 import { loadSkillCatalog } from "../../config/skills.js";
+import {
+  computeGatewayTarget,
+  getIngressConfigResult,
+} from "../../daemon/handlers/config-ingress.js";
 import { normalizeActivationKey } from "../../daemon/handlers/config-voice.js";
 import { orchestrateOAuthConnect } from "../../oauth/connect-orchestrator.js";
 import {
@@ -694,5 +700,52 @@ export function settingsRouteDefinitions(): RouteDefinition[] {
       policyKey: "diagnostics/env-vars",
       handler: () => handleEnvVars(),
     },
+
+    // Ingress config (GET / PUT)
+    {
+      endpoint: "integrations/ingress/config",
+      method: "GET",
+      policyKey: "integrations/ingress/config:GET",
+      handler: () => Response.json(getIngressConfigResult()),
+    },
+    {
+      endpoint: "integrations/ingress/config",
+      method: "PUT",
+      policyKey: "integrations/ingress/config",
+      handler: async ({ req }) => {
+        try {
+          const body = (await req.json()) as {
+            publicBaseUrl?: string;
+            enabled?: boolean;
+          };
+          const value = (body.publicBaseUrl ?? "").trim().replace(/\/+$/, "");
+          const raw = loadRawConfig();
+          const ingress = (raw?.ingress ?? {}) as Record<string, unknown>;
+          ingress.publicBaseUrl = value || undefined;
+          if (body.enabled !== undefined) {
+            ingress.enabled = body.enabled;
+          }
+          saveRawConfig({ ...raw, ingress });
+
+          const isEnabled = (ingress.enabled as boolean | undefined) ?? false;
+          if (value && isEnabled) {
+            setIngressPublicBaseUrl(value);
+          } else {
+            setIngressPublicBaseUrl(undefined);
+          }
+
+          return Response.json({
+            enabled: isEnabled,
+            publicBaseUrl: value,
+            localGatewayTarget: computeGatewayTarget(),
+            success: true,
+          });
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          log.error({ err }, "Failed to update ingress config via HTTP");
+          return httpError("INTERNAL_ERROR", message, 500);
+        }
+      },
+    },
   ];
 }

package/src/runtime/routes/workspace-routes.ts

@@ -1,5 +1,8 @@
 /**
  * Route handlers for workspace file browsing and content serving.
+ *
+ * WARNING: Workspace contents are included in diagnostic log exports.
+ * Do not store secrets here — use the credential store or protected/ directory.
  */
 import {
   existsSync,

package/src/runtime/verification-templates.ts

@@ -165,7 +165,7 @@ const voiceTemplates: Record<
     "That code was incorrect. Please try again.",
 
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.VOICE_SUCCESS]: (_vars) =>
-    "Verification successful. Thank you. Goodbye.",
+    "Verification successful.",
 
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.VOICE_FAILURE]: (_vars) =>
     "Too many incorrect attempts. Goodbye.",

package/src/security/oauth2.ts

@@ -359,9 +359,9 @@ function startLoopbackServerAndWaitForCode(
       server.close();
     }
 
-    server.listen(loopbackPort ?? 0, "127.0.0.1", () => {
+    server.listen(loopbackPort ?? 0, "localhost", () => {
       const addr = server.address() as { port: number };
-      boundRedirectUri = `http://127.0.0.1:${addr.port}${LOOPBACK_CALLBACK_PATH}`;
+      boundRedirectUri = `http://localhost:${addr.port}${LOOPBACK_CALLBACK_PATH}`;
 
       const authParams = new URLSearchParams({
         ...config.extraParams,
@@ -617,9 +617,9 @@ function startLoopbackServerForPreparedFlow(
       server.close();
     }
 
-    server.listen(loopbackPort ?? 0, "127.0.0.1", () => {
+    server.listen(loopbackPort ?? 0, "localhost", () => {
       const addr = server.address() as { port: number };
-      const redirectUri = `http://127.0.0.1:${addr.port}${LOOPBACK_CALLBACK_PATH}`;
+      const redirectUri = `http://localhost:${addr.port}${LOOPBACK_CALLBACK_PATH}`;
       listening = true;
       resolveSetup({ redirectUri, codePromise });
     });

package/src/security/secure-keys.ts

@@ -3,8 +3,14 @@
  * available (macOS app embedded), with transparent fallback to the
  * encrypted-at-rest file store.
  *
- * Async variants try the encrypted store first; sync variants always use the
- * encrypted store (startup code paths cannot do async I/O).
+ * **Async variants are the primary API.** They try the encrypted store first
+ * and fall back to the keychain broker. All new call sites should use
+ * `getSecureKeyAsync`, `setSecureKeyAsync`, and `deleteSecureKeyAsync`.
+ *
+ * Sync variants (`getSecureKey`, `setSecureKey`, `deleteSecureKey`) are
+ * **deprecated startup-only exceptions** that bypass the keychain broker
+ * entirely. They exist solely for code paths that cannot do async I/O
+ * (e.g. `config/loader.ts`, `providers/managed-proxy/context.ts`).
  */
 
 import { getLogger } from "../util/logger.js";
@@ -22,12 +28,17 @@ function getBroker(): KeychainBrokerClient {
 }
 
 // ---------------------------------------------------------------------------
-// Sync variants — encrypted store only (startup / sync call sites)
+// Sync variants — encrypted store only (DEPRECATED — startup-only exceptions)
 // ---------------------------------------------------------------------------
 
 /**
  * Retrieve a secret from secure storage (sync — encrypted store only).
  * Returns `undefined` if the key doesn't exist or on error.
+ *
+ * @deprecated Use `getSecureKeyAsync` instead. This sync variant only reads
+ * from the encrypted file store, bypassing the keychain broker. Retained only
+ * for sync code paths in `providers/registry.ts`, `providers/managed-proxy/context.ts`,
+ * and `memory/embedding-backend.ts` that cannot do async I/O.
  */
 export function getSecureKey(account: string): string | undefined {
   return encryptedStore.getKey(account);
@@ -36,6 +47,11 @@ export function getSecureKey(account: string): string | undefined {
 /**
  * Store a secret in secure storage (sync — encrypted store only).
  * Returns `true` on success, `false` on failure.
+ *
+ * @deprecated Use `setSecureKeyAsync` instead. This sync variant only writes
+ * to the encrypted file store, bypassing the keychain broker. Retained only
+ * for sync code paths in `providers/registry.ts`, `providers/managed-proxy/context.ts`,
+ * and `memory/embedding-backend.ts` that cannot do async I/O.
  */
 export function setSecureKey(account: string, value: string): boolean {
   return encryptedStore.setKey(account, value);
@@ -48,6 +64,11 @@ export type DeleteResult = "deleted" | "not-found" | "error";
  * Delete a secret from secure storage (sync — encrypted store only).
  * Returns `"deleted"` on success, `"not-found"` if key doesn't exist,
  * or `"error"` on failure.
+ *
+ * @deprecated Use `deleteSecureKeyAsync` instead. This sync variant only
+ * deletes from the encrypted file store, bypassing the keychain broker.
+ * Retained only for startup code paths in `config/loader.ts` and
+ * `providers/managed-proxy/context.ts` that cannot do async I/O.
  */
 export function deleteSecureKey(account: string): DeleteResult {
   return encryptedStore.deleteKey(account);

package/src/security/token-manager.ts

@@ -16,11 +16,7 @@ import {
 } from "../oauth/oauth-store.js";
 import { getLogger } from "../util/logger.js";
 import { refreshOAuth2Token, type TokenEndpointAuthMethod } from "./oauth2.js";
-import {
-  getSecureKey,
-  getSecureKeyAsync,
-  setSecureKeyAsync,
-} from "./secure-keys.js";
+import { getSecureKeyAsync, setSecureKeyAsync } from "./secure-keys.js";
 
 const log = getLogger("token-manager");
 
@@ -374,11 +370,14 @@ async function doRefresh(service: string, connId: string): Promise<string> {
 export async function withValidToken<T>(
   service: string,
   callback: (token: string) => Promise<T>,
-  clientId?: string,
+  opts?: string | { connectionId: string },
 ): Promise<T> {
-  const conn = getConnectionByProvider(service, clientId);
+  const conn =
+    opts && typeof opts === "object"
+      ? getConnection(opts.connectionId)
+      : getConnectionByProvider(service, opts);
   let token = conn
-    ? getSecureKey(`oauth_connection/${conn.id}/access_token`)
+    ? await getSecureKeyAsync(`oauth_connection/${conn.id}/access_token`)
     : undefined;
   if (!token || !conn) {
     throw new TokenExpiredError(

package/src/signals/bash.ts

@@ -0,0 +1,157 @@
+/**
+ * Handle bash debug signals delivered via signal files from the CLI.
+ *
+ * Each invocation writes JSON to a unique `signals/bash.<requestId>` file.
+ * ConfigWatcher detects the new file and invokes {@link handleBashSignal},
+ * which reads the payload, spawns the command, and writes the result to
+ * `signals/bash.<requestId>.result` for the CLI to pick up.
+ *
+ * Per-request filenames avoid dropped commands when overlapping invocations
+ * race on the same signal file.
+ */
+
+import { spawn } from "node:child_process";
+import { readFileSync, unlinkSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import { getLogger } from "../util/logger.js";
+import { getWorkspaceDir } from "../util/platform.js";
+
+const log = getLogger("signal:bash");
+
+const DEFAULT_TIMEOUT_MS = 30_000;
+
+interface BashSignalPayload {
+  requestId: string;
+  command: string;
+  timeoutMs?: number;
+}
+
+interface BashSignalResult {
+  requestId: string;
+  stdout: string;
+  stderr: string;
+  exitCode: number | null;
+  timedOut: boolean;
+  error?: string;
+}
+
+function writeResult(requestId: string, result: BashSignalResult): void {
+  try {
+    writeFileSync(
+      join(getWorkspaceDir(), "signals", `bash.${requestId}.result`),
+      JSON.stringify(result),
+    );
+  } catch (err) {
+    log.error({ err, requestId }, "Failed to write bash signal result");
+  }
+}
+
+/**
+ * Read a `signals/bash.<requestId>` file, execute the command, and write
+ * the result to `signals/bash.<requestId>.result`. Called by ConfigWatcher
+ * when a matching signal file is created or modified.
+ */
+export function handleBashSignal(filename: string): void {
+  const signalPath = join(getWorkspaceDir(), "signals", filename);
+  let raw: string;
+  try {
+    raw = readFileSync(signalPath, "utf-8");
+  } catch {
+    // File may already be deleted (e.g. re-trigger from our own unlinkSync).
+    return;
+  }
+
+  let payload: BashSignalPayload;
+  try {
+    payload = JSON.parse(raw) as BashSignalPayload;
+  } catch (err) {
+    log.error({ err, filename }, "Failed to parse bash signal file");
+    return;
+  }
+
+  try {
+    unlinkSync(signalPath);
+  } catch {
+    // Best-effort cleanup; the file may already be gone.
+  }
+
+  const { requestId, command, timeoutMs } = payload;
+
+  if (!requestId || typeof requestId !== "string") {
+    log.warn("Bash signal missing requestId");
+    return;
+  }
+  if (!command || typeof command !== "string") {
+    log.warn({ requestId }, "Bash signal missing command");
+    return;
+  }
+
+  const effectiveTimeout =
+    typeof timeoutMs === "number" && timeoutMs > 0
+      ? timeoutMs
+      : DEFAULT_TIMEOUT_MS;
+
+  log.info({ requestId, command }, "Executing bash signal command");
+
+  const stdoutChunks: Buffer[] = [];
+  const stderrChunks: Buffer[] = [];
+  let timedOut = false;
+  let resultWritten = false;
+
+  const child = spawn("bash", ["-c", command], {
+    cwd: getWorkspaceDir(),
+    stdio: ["ignore", "pipe", "pipe"],
+  });
+
+  const timer = setTimeout(() => {
+    timedOut = true;
+    child.kill("SIGKILL");
+  }, effectiveTimeout);
+
+  child.stdout.on("data", (data: Buffer) => {
+    stdoutChunks.push(data);
+  });
+
+  child.stderr.on("data", (data: Buffer) => {
+    stderrChunks.push(data);
+  });
+
+  child.on("close", (code) => {
+    clearTimeout(timer);
+    if (resultWritten) return;
+    resultWritten = true;
+
+    const stdout = Buffer.concat(stdoutChunks).toString();
+    const stderr = Buffer.concat(stderrChunks).toString();
+
+    log.info(
+      { requestId, exitCode: code, timedOut },
+      "Bash signal command completed",
+    );
+
+    writeResult(requestId, {
+      requestId,
+      stdout,
+      stderr,
+      exitCode: code,
+      timedOut,
+    });
+  });
+
+  child.on("error", (err) => {
+    clearTimeout(timer);
+    if (resultWritten) return;
+    resultWritten = true;
+
+    log.error({ err, requestId }, "Failed to spawn bash signal command");
+    writeResult(requestId, {
+      requestId,
+      stdout: "",
+      stderr: "",
+      exitCode: null,
+      timedOut: false,
+      error: err.message,
+    });
+  });
+}

package/src/skills/skillssh-registry.ts

@@ -228,7 +228,12 @@ async function findSkillDirInTree(
     headers,
     signal: AbortSignal.timeout(15_000),
   });
-  if (!response.ok) return null;
+  if (response.status === 404) return null;
+  if (!response.ok) {
+    throw new Error(
+      `GitHub API error while searching repo tree: HTTP ${response.status} ${response.statusText}`,
+    );
+  }
 
   const data = (await response.json()) as { tree: GitHubTreeEntry[] };
   const suffix = `${skillSlug}/SKILL.md`;

package/src/swarm/backend-claude-code.ts

@@ -5,9 +5,9 @@
  * is testable and swappable independently of the tool adapter.
  */
 
-import { getConfig } from "../config/loader.js";
 import { resolveModelIntent } from "../providers/model-intents.js";
 import type { ModelIntent } from "../providers/types.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { getLogger } from "../util/logger.js";
 import type {
   SwarmWorkerBackend,
@@ -28,9 +28,9 @@ export function createClaudeCodeBackend(): SwarmWorkerBackend {
   return {
     name: "claude_code",
 
-    isAvailable(): boolean {
-      const config = getConfig();
-      const apiKey = config.apiKeys.anthropic ?? process.env.ANTHROPIC_API_KEY;
+    async isAvailable(): Promise<boolean> {
+      const apiKey =
+        (await getSecureKeyAsync("anthropic")) ?? process.env.ANTHROPIC_API_KEY;
       return !!apiKey;
     },
 
@@ -39,9 +39,9 @@ export function createClaudeCodeBackend(): SwarmWorkerBackend {
       const stderrLines: string[] = [];
       try {
         const { query } = await import("@anthropic-ai/claude-agent-sdk");
-        const config = getConfig();
         const apiKey =
-          config.apiKeys.anthropic ?? process.env.ANTHROPIC_API_KEY;
+          (await getSecureKeyAsync("anthropic")) ??
+          process.env.ANTHROPIC_API_KEY;
         if (!apiKey) {
           return {
             success: false,

package/src/swarm/worker-backend.ts

@@ -125,7 +125,7 @@ export interface SwarmWorkerBackendInput {
 export interface SwarmWorkerBackend {
   readonly name: string;
   /** Check whether the backend is available (e.g. API key present). */
-  isAvailable(): boolean;
+  isAvailable(): boolean | Promise<boolean>;
   /** Run a task with the given input. */
   runTask(input: SwarmWorkerBackendInput): Promise<SwarmWorkerBackendResult>;
 }

package/src/swarm/worker-runner.ts

@@ -63,7 +63,7 @@ export async function runWorkerTask(
   emitStatus(onStatus, task.id, "queued");
 
   // Check backend availability
-  if (!backend.isAvailable()) {
+  if (!(await backend.isAvailable())) {
     emitStatus(onStatus, task.id, "failed");
     return {
       taskId: task.id,

package/src/telegram/bot-username.ts

@@ -1,5 +1,16 @@
 import { getConfig } from "../config/loader.js";
 
+/**
+ * Read the Telegram bot ID from config.
+ */
+export function getTelegramBotId(): string | undefined {
+  const value = getConfig().telegram.botId;
+  if (value.trim().length > 0) {
+    return value.trim();
+  }
+  return undefined;
+}
+
 /**
  * Read the Telegram bot username from config.
  */

package/src/tools/claude-code/claude-code.ts

@@ -2,9 +2,9 @@ import {
   getCCCommand,
   loadCCCommandTemplate,
 } from "../../commands/cc-command-registry.js";
-import { getConfig } from "../../config/loader.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
+import { getSecureKeyAsync } from "../../security/secure-keys.js";
 import type { WorkerProfile } from "../../swarm/worker-backend.js";
 import { getProfilePolicy } from "../../swarm/worker-backend.js";
 import { getLogger } from "../../util/logger.js";
@@ -203,12 +203,12 @@ export const claudeCodeTool: Tool = {
     const profilePolicy = getProfilePolicy(profileName);
 
     // Validate API key
-    const config = getConfig();
-    const apiKey = config.apiKeys.anthropic ?? process.env.ANTHROPIC_API_KEY;
+    const apiKey =
+      (await getSecureKeyAsync("anthropic")) ?? process.env.ANTHROPIC_API_KEY;
     if (!apiKey) {
       return {
         content:
-          "Error: No Anthropic API key configured. Set it via config or ANTHROPIC_API_KEY environment variable.",
+          "Error: No Anthropic API key configured. Set it via `keys set anthropic <key>` or configure it from the Settings page under API Keys.",
         isError: true,
       };
     }