@vellumai/assistant 0.4.52 → 0.4.53

package/ARCHITECTURE.md

@@ -641,7 +641,7 @@ The assistant feature-flag resolver (`src/config/assistant-feature-flags.ts`) is
 | **3. `skill_load` tool**           | `executeSkillLoad()` in `tools/skills/load.ts`           | If the model attempts to load a flagged-off skill by name, the tool returns an error: `"skill is currently unavailable (disabled by feature flag)"`.                                                        |
 | **4. Runtime tool projection**     | `projectSkillTools()` in `daemon/session-skill-tools.ts` | Even if a skill was previously active in a session (has `<loaded_skill>` markers in history), the per-turn projection drops it when the flag is OFF. Already-registered tools are unregistered.             |
 | **5. Included child skills**       | `executeSkillLoad()` in `tools/skills/load.ts`           | When a parent skill includes children via the `includes` directive, each child is independently checked against its feature flag. Flagged-off children are silently excluded from the loaded skill content. |
-| **6. Skill install gate**          | `handleSkillsInstall()` in `daemon/handlers/skills.ts`   | When a client requests skill installation, the handler checks the skill's feature flag before proceeding. If the flag is OFF, the install is rejected with an error.                                        |
+| **6. Skill install gate**          | `installSkill()` in `daemon/handlers/skills.ts`           | When a client requests skill installation, the function checks the skill's feature flag before proceeding. If the flag is OFF, the install is rejected with an error.                                       |
 
 All six enforcement points derive the flag key via `skillFlagKey(skill)` — which returns `undefined` for ungated skills, short-circuiting the check — and then call `isAssistantFeatureFlagEnabled(flagKey, config)` for consistency.
 
@@ -657,7 +657,7 @@ All six enforcement points derive the flag key via `skillFlagKey(skill)` — whi
 | `src/tools/skills/load.ts`                      | `executeSkillLoad()` — enforcement points 3 and 5                                                                                                                         |
 | `src/daemon/session-skill-tools.ts`             | `projectSkillTools()` — enforcement point 4                                                                                                                               |
 | `src/config/schema.ts`                          | `assistantFeatureFlagValues` field definition in `AssistantConfig` (Zod schema)                                                                                           |
-| `src/daemon/handlers/skills.ts`                 | `handleSkillsList()` — uses `resolveSkillStates()` for client responses; `handleSkillsInstall()` — enforcement point 6                                                    |
+| `src/daemon/handlers/skills.ts`                 | `listSkills()` — uses `resolveSkillStates()` for client responses; `installSkill()` — enforcement point 6                                                                 |
 | `meta/feature-flags/feature-flag-registry.json` | Unified feature flag registry (repo root) — all declared flags with scope, label, default values, and descriptions                                                        |
 | `src/config/feature-flag-registry.json`         | Bundled copy of the unified registry for compiled binary resolution                                                                                                       |
 

package/docs/architecture/keychain-broker.md

@@ -179,30 +179,16 @@ The gateway reads credentials via async `readCredential()` which tries the broke
 
 ### Known sync exceptions
 
-The migration from sync to async secure-key functions is **incremental**. The following call sites still use the deprecated sync variants. They are grouped by category and tracked for future conversion.
+The migration from sync to async secure-key functions is complete for all call sites except provider initialization paths that require synchronous access. The following call sites still use the deprecated sync variants.
 
-#### Startup / top-level config (must remain sync)
+#### Provider initialization (must remain sync)
 
 These call sites run in synchronous initialization contexts where async I/O is not feasible:
 
-| File                                               | Sync functions used                               | Reason                                                                                                                                                                                                                |
-| -------------------------------------------------- | ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `assistant/src/config/loader.ts`                   | `getSecureKey`, `setSecureKey`, `deleteSecureKey` | Config loading runs synchronously at startup before the event loop is available. The broker socket may not be ready yet, and converting to async would require rearchitecting the entire config initialization chain. |
-| `assistant/src/providers/managed-proxy/context.ts` | `getSecureKey`                                    | Provider context initialization is synchronous. The managed proxy context must resolve credentials before the first request can be processed, and the initialization path does not support awaiting.                  |
-
-#### Tracked for future conversion
-
-These call sites use sync `getSecureKey` in contexts that could potentially support async, but conversion has been deferred to avoid scope creep during the initial broker rollout:
-
-| File                                                          | Sync functions used | Reason deferred                                                                                                       |
-| ------------------------------------------------------------- | ------------------- | --------------------------------------------------------------------------------------------------------------------- |
-| `assistant/src/tools/credentials/broker.ts`                   | `getSecureKey`      | Credential broker read paths are called synchronously from multiple consumers; converting requires async propagation. |
-| `assistant/src/security/token-manager.ts`                     | `getSecureKey`      | Token resolution is called in sync context during connection token lookup; async would require refactoring callers.   |
-| `assistant/src/runtime/routes/integrations/slack/share.ts`    | `getSecureKey`      | Slack share route reads OAuth token synchronously; converting requires making the route handler async-aware.          |
-| `assistant/src/runtime/channel-invite-transports/telegram.ts` | `getSecureKey`      | Telegram transport reads bot token synchronously; converting requires async transport initialization.                 |
-| `assistant/src/tools/network/web-search.ts`                   | `getSecureKey`      | Web search tool reads API keys synchronously; converting requires async tool execution path.                          |
-| `assistant/src/cli/commands/doctor.ts`                        | `getSecureKey`      | Doctor diagnostic command reads provider keys synchronously; converting requires async CLI command execution.         |
-| `assistant/src/cli/commands/oauth/connections.ts`             | `getSecureKey`      | OAuth connections CLI reads client secrets synchronously during display; converting requires async command handler.   |
+| File                                               | Sync functions used | Reason                                                                                                                                                                                               |
+| -------------------------------------------------- | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `assistant/src/providers/managed-proxy/context.ts` | `getSecureKey`      | Provider context initialization is synchronous. The managed proxy context must resolve credentials before the first request can be processed, and the initialization path does not support awaiting. |
+| `assistant/src/providers/registry.ts`              | `getSecureKey`      | Provider registry initialization is synchronous. API keys must be resolved at provider construction time, and the call chain from config watcher through to provider init is fully synchronous.      |
 
 Any new sync usage requires explicit justification and should be documented here.
 

package/docs/architecture/memory.md

@@ -293,8 +293,8 @@ The embedding backend is selected based on `memory.embeddings.provider` config:
 
 - `auto` (default): Tries local → OpenAI → Gemini → Ollama, using the first available.
 - `local`: ONNX-based local model (bge-small-en-v1.5). Lazy-loaded to avoid crashing in compiled binaries where onnxruntime-node is unavailable.
-- `openai`: OpenAI text-embedding-3-small. Requires `apiKeys.openai`.
-- `gemini`: Gemini gemini-embedding-001. Requires `apiKeys.gemini`. Only backend supporting multimodal embeddings (images, audio, video).
+- `openai`: OpenAI text-embedding-3-small. Requires an OpenAI API key in secure storage.
+- `gemini`: Gemini gemini-embedding-001. Requires a Gemini API key in secure storage. Only backend supporting multimodal embeddings (images, audio, video).
 - `ollama`: Ollama nomic-embed-text. Requires Ollama to be configured.
 
 An in-memory LRU vector cache (32 MB cap, keyed by `sha256(provider + model + content)`) avoids redundant embedding calls for identical content. Sparse embeddings are generated in-process (no external calls).
@@ -570,7 +570,7 @@ graph TB
 
     **Commit message LLM fallback chain**: The generator runs a sequence of pre-flight checks before calling the LLM. Each check that fails produces a machine-readable `llmFallbackReason` in the structured log output and immediately returns a deterministic message. The checks, in order:
     1. `disabled` — `commitMessageLLM.enabled` is `false` or `useConfiguredProvider` is `false`
-    2. `missing_provider_api_key` — the configured provider's API key is not set in `config.apiKeys` (skipped for keyless providers like Ollama that run without an API key)
+    2. `missing_provider_api_key` — the configured provider's API key is not found in secure storage (skipped for keyless providers like Ollama that run without an API key)
     3. `breaker_open` — the generator's internal circuit breaker is open after consecutive LLM failures (exponential backoff)
     4. `insufficient_budget` — the remaining turn budget (`deadlineMs - Date.now()`) is below `minRemainingTurnBudgetMs`
     5. `missing_fast_model` — no fast model could be resolved for the configured provider (see below); the provider is **not** called

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.4.52",
+  "version": "0.4.53",
   "type": "module",
   "exports": {
     ".": "./src/index.ts"

package/src/__tests__/approval-cascade.test.ts

@@ -79,7 +79,6 @@ mock.module("../config/loader.js", () => ({
     },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     timeouts: { permissionTimeoutSec: 300 },
-    apiKeys: {},
     skills: { entries: {}, allowBundled: true },
     permissions: { mode: "workspace" },
   }),
@@ -203,6 +202,9 @@ mock.module("../memory/llm-usage-store.js", () => ({
 mock.module("../agent/loop.js", () => ({
   AgentLoop: class {
     constructor() {}
+    getToolTokenBudget() {
+      return 0;
+    }
     async run(
       _messages: Message[],
       _onEvent: (event: AgentEvent) => void,

package/src/__tests__/approval-routes-http.test.ts

@@ -41,7 +41,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },

package/src/__tests__/asset-materialize-tool.test.ts

@@ -33,7 +33,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
   }),

package/src/__tests__/asset-search-tool.test.ts

@@ -32,7 +32,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
   }),

package/src/__tests__/assistant-events-sse-hardening.test.ts

@@ -40,7 +40,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },

package/src/__tests__/attachments-store.test.ts

@@ -30,7 +30,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
   }),

package/src/__tests__/avatar-e2e.test.ts

@@ -27,11 +27,16 @@ const geminiGenerateContentFn = mock(async () => geminiGenerateContentResult);
 
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
-    apiKeys: { gemini: mockGeminiKey },
     imageGenModel: "gemini-2.5-flash-image",
   }),
 }));
 
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: async (name: string) =>
+    name === "gemini" ? mockGeminiKey : null,
+  getSecureKey: () => null,
+}));
+
 mock.module("../util/platform.js", () => ({
   getWorkspaceDir: () => mockWorkspaceDir,
 }));

package/src/__tests__/browser-fill-credential.test.ts

@@ -59,8 +59,11 @@ let mockGetCredentialMetadata: ReturnType<typeof mock>;
 
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (...args: unknown[]) => mockGetSecureKey(...args),
+  getSecureKeyAsync: async (...args: unknown[]) => mockGetSecureKey(...args),
   setSecureKey: () => true,
+  setSecureKeyAsync: async () => true,
   deleteSecureKey: () => "deleted",
+  deleteSecureKeyAsync: async () => "deleted",
   listSecureKeys: () => [],
   getBackendType: () => "encrypted",
   _resetBackend: () => {},

package/src/__tests__/btw-routes.test.ts

@@ -54,6 +54,17 @@ mock.module("../daemon/session-tool-setup.js", () => ({
   buildToolDefinitions: () => MOCK_TOOLS,
 }));
 
+const mockCheckIngressForSecrets = mock((content: string) => ({
+  blocked: false,
+  userNotice: "",
+  detectedTypes: [] as string[],
+  normalizedContent: content,
+}));
+
+mock.module("../security/secret-ingress.js", () => ({
+  checkIngressForSecrets: mockCheckIngressForSecrets,
+}));
+
 // ---------------------------------------------------------------------------
 // Imports (after mocks)
 // ---------------------------------------------------------------------------
@@ -218,6 +229,34 @@ describe("POST /v1/btw", () => {
     expect(body.error.message).toContain("content");
   });
 
+  test("returns 422 when content includes a blocked secret", async () => {
+    mockCheckIngressForSecrets.mockReturnValueOnce({
+      blocked: true,
+      userNotice: "Secret detected",
+      detectedTypes: ["api_key"],
+      normalizedContent: "sk-test-123",
+    });
+
+    const provider = makeMockProvider();
+    const session = makeMockSession(provider);
+    const res = await callHandler(
+      { conversationKey: "key", content: "sk-test-123" },
+      { sendMessageDeps: makeSendMessageDeps(session) },
+    );
+
+    expect(res.status).toBe(422);
+    const body = (await res.json()) as {
+      accepted: boolean;
+      error: string;
+      message: string;
+      detectedTypes: string[];
+    };
+    expect(body.accepted).toBe(false);
+    expect(body.error).toBe("secret_blocked");
+    expect(body.detectedTypes).toEqual(["api_key"]);
+    expect(provider.sendMessage).not.toHaveBeenCalled();
+  });
+
   // -- Service unavailability (503) --
 
   test("returns 503 when sendMessageDeps is unavailable", async () => {

package/src/__tests__/call-controller.test.ts

@@ -43,7 +43,6 @@ mock.module("../config/loader.js", () => {
 
     provider: "anthropic",
     providerOrder: ["anthropic"],
-    apiKeys: { anthropic: "test-key" },
     calls: {
       enabled: true,
       provider: "twilio",

package/src/__tests__/call-domain.test.ts

@@ -115,6 +115,7 @@ mock.module("../calls/twilio-provider.js", () => ({
 
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: () => null,
+  getSecureKeyAsync: async () => null,
 }));
 
 mock.module("../config/loader.js", () => ({

package/src/__tests__/call-routes-http.test.ts

@@ -53,7 +53,6 @@ mock.module("../config/loader.js", () => ({
 
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },
@@ -62,7 +61,6 @@ mock.module("../config/loader.js", () => ({
   loadConfig: () => ({
     model: "test",
     provider: "test",
-    apiKeys: {},
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },
@@ -106,6 +104,7 @@ mock.module("../calls/twilio-config.js", () => ({
 // Mock secure keys
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: () => null,
+  getSecureKeyAsync: async () => null,
 }));
 
 mock.module("../calls/voice-ingress-preflight.js", () => ({

package/src/__tests__/canonical-guardian-store.test.ts

@@ -761,7 +761,7 @@ describe("canonical-guardian-store", () => {
 
   // ── expireAllPendingCanonicalRequests ───────────────────────────────
 
-  test("expireAllPendingCanonicalRequests transitions all pending to expired", () => {
+  test("expireAllPendingCanonicalRequests transitions interaction-bound pending to expired", () => {
     const req1 = createCanonicalGuardianRequest({
       kind: "tool_approval",
       sourceType: "desktop",
@@ -770,7 +770,7 @@ describe("canonical-guardian-store", () => {
       expiresAt: new Date(Date.now() + 60_000).toISOString(),
     });
     const req2 = createCanonicalGuardianRequest({
-      kind: "tool_approval",
+      kind: "pending_question",
       sourceType: "channel",
       conversationId: "conv-bulk-2",
       guardianPrincipalId: TEST_PRINCIPAL,
@@ -784,6 +784,37 @@ describe("canonical-guardian-store", () => {
     expect(getCanonicalGuardianRequest(req2.id)!.status).toBe("expired");
   });
 
+  test("expireAllPendingCanonicalRequests does not expire persistent kinds (access_request, tool_grant_request)", () => {
+    const accessReq = createCanonicalGuardianRequest({
+      kind: "access_request",
+      sourceType: "channel",
+      conversationId: "conv-bulk-persist-1",
+      guardianPrincipalId: TEST_PRINCIPAL,
+    });
+    const grantReq = createCanonicalGuardianRequest({
+      kind: "tool_grant_request",
+      sourceType: "channel",
+      conversationId: "conv-bulk-persist-2",
+      guardianPrincipalId: TEST_PRINCIPAL,
+    });
+    // Also create an interaction-bound request to verify selective expiry
+    const toolApproval = createCanonicalGuardianRequest({
+      kind: "tool_approval",
+      sourceType: "desktop",
+      conversationId: "conv-bulk-persist-3",
+      guardianPrincipalId: TEST_PRINCIPAL,
+    });
+
+    const count = expireAllPendingCanonicalRequests();
+    expect(count).toBe(1); // Only tool_approval expired
+
+    expect(getCanonicalGuardianRequest(accessReq.id)!.status).toBe("pending");
+    expect(getCanonicalGuardianRequest(grantReq.id)!.status).toBe("pending");
+    expect(getCanonicalGuardianRequest(toolApproval.id)!.status).toBe(
+      "expired",
+    );
+  });
+
   test("expireAllPendingCanonicalRequests does not affect already-resolved requests", () => {
     const approved = createCanonicalGuardianRequest({
       kind: "tool_approval",

package/src/__tests__/channel-readiness-service.test.ts

@@ -49,6 +49,7 @@ mock.module("../email/service.js", () => ({
 
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (key: string) => mockSecureKeys[key] ?? null,
+  getSecureKeyAsync: async (key: string) => mockSecureKeys[key] ?? null,
 }));
 
 mock.module("../runtime/channel-invite-transports/whatsapp.js", () => ({

package/src/__tests__/claude-code-skill-regression.test.ts

@@ -29,11 +29,15 @@ mock.module("../util/logger.js", () => ({
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     ui: {},
-
-    apiKeys: { anthropic: "test-key" },
   }),
 }));
 
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: async (name: string) =>
+    name === "anthropic" ? "fake-anthropic-key" : null,
+  getSecureKey: () => null,
+}));
+
 // ---------------------------------------------------------------------------
 // Imports (after mocks)
 // ---------------------------------------------------------------------------

package/src/__tests__/claude-code-tool-profiles.test.ts

@@ -33,11 +33,16 @@ mock.module("../util/logger.js", () => ({
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     ui: {},
-
-    apiKeys: { anthropic: "test-key" },
   }),
 }));
 
+// Mock secure-keys — provide a fake Anthropic API key
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: async (name: string) =>
+    name === "anthropic" ? "fake-anthropic-key" : null,
+  getSecureKey: () => null,
+}));
+
 import { claudeCodeTool } from "../tools/claude-code/claude-code.js";
 import type { ToolContext } from "../tools/types.js";
 

package/src/__tests__/config-loader-backfill.test.ts

@@ -278,13 +278,12 @@ describe("config loader backfill", () => {
     expect(contentAfter).toBe(contentBefore);
   });
 
-  test("does not write apiKeys or dataDir during backfill", () => {
+  test("does not write dataDir during backfill", () => {
     writeConfig({ provider: "anthropic" });
 
     loadConfig();
 
     const raw = readConfig();
-    expect(raw.apiKeys).toBeUndefined();
     expect(raw.dataDir).toBeUndefined();
   });
 

package/src/__tests__/config-schema.test.ts

@@ -67,7 +67,10 @@ import {
   resolveVoiceQualityProfile,
 } from "../calls/voice-quality.js";
 import { invalidateConfigCache, loadConfig } from "../config/loader.js";
-import { AssistantConfigSchema } from "../config/schema.js";
+import {
+  AssistantConfigSchema,
+  DEFAULT_ELEVENLABS_VOICE_ID,
+} from "../config/schema.js";
 import { _setStorePath } from "../security/encrypted-store.js";
 import { _setBackend } from "../security/secure-keys.js";
 
@@ -89,7 +92,6 @@ describe("AssistantConfigSchema", () => {
     expect(result.provider).toBe("anthropic");
     expect(result.model).toBe("claude-opus-4-6");
     expect(result.maxTokens).toBe(16000);
-    expect(result.apiKeys).toEqual({});
     expect(result.thinking).toEqual({
       enabled: false,
       streamThinking: false,
@@ -137,7 +139,6 @@ describe("AssistantConfigSchema", () => {
       provider: "openai",
       model: "gpt-4",
       maxTokens: 4096,
-      apiKeys: { openai: "sk-test" },
       thinking: { enabled: true },
       timeouts: {
         shellDefaultTimeoutSec: 30,
@@ -358,13 +359,6 @@ describe("AssistantConfigSchema", () => {
     expect(result.success).toBe(false);
   });
 
-  test("rejects non-string apiKeys values", () => {
-    const result = AssistantConfigSchema.safeParse({
-      apiKeys: { anthropic: 123 },
-    });
-    expect(result.success).toBe(false);
-  });
-
   test("accepts partial nested objects with defaults", () => {
     const result = AssistantConfigSchema.parse({
       timeouts: { shellDefaultTimeoutSec: 30 },
@@ -906,10 +900,10 @@ describe("resolveVoiceQualityProfile", () => {
     expect(profile.voice).toBe("test-voice-id");
   });
 
-  test("defaults to Rachel voice ID when elevenlabs.voiceId is not set", () => {
+  test("defaults to Amelia voice ID when elevenlabs.voiceId is not set", () => {
     const config = AssistantConfigSchema.parse({});
     const profile = resolveVoiceQualityProfile(config);
-    expect(profile.voice).toBe("21m00Tcm4TlvDq8ikWAM");
+    expect(profile.voice).toBe(DEFAULT_ELEVENLABS_VOICE_ID);
   });
 
   test("applies voice tuning params from elevenlabs config", () => {
@@ -1165,31 +1159,6 @@ describe("loadConfig with schema validation", () => {
     expect(config.permissions.mode).toBe("workspace");
   });
 
-  test("does not mutate default apiKeys when fallback config is overridden by env keys", () => {
-    const originalAnthropicApiKey = process.env.ANTHROPIC_API_KEY;
-    try {
-      const testKey = ["test", "in", "memory", "default", "leak"].join("-");
-      process.env.ANTHROPIC_API_KEY = testKey;
-      writeConfig("this is not a config object");
-
-      const configWithEnv = loadConfig();
-      expect(configWithEnv.apiKeys.anthropic).toBe(testKey);
-
-      invalidateConfigCache();
-      delete process.env.ANTHROPIC_API_KEY;
-      writeConfig("still not a config object");
-
-      const configWithoutEnv = loadConfig();
-      expect(configWithoutEnv.apiKeys.anthropic).toBeUndefined();
-    } finally {
-      if (originalAnthropicApiKey !== undefined) {
-        process.env.ANTHROPIC_API_KEY = originalAnthropicApiKey;
-      } else {
-        delete process.env.ANTHROPIC_API_KEY;
-      }
-    }
-  });
-
   // ── Calls config (loader integration) ──────────────────────────────
 
   test("loads calls config from file", () => {

package/src/__tests__/conversation-routes-slash-commands.test.ts

@@ -30,7 +30,6 @@ mock.module("../config/loader.js", () => ({
     ui: {},
     model: "claude-opus-4-6",
     provider: "anthropic",
-    apiKeys: { anthropic: "test-key" },
     memory: { enabled: false },
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     secretDetection: { enabled: false },

package/src/__tests__/credential-broker-server-use.test.ts

@@ -371,7 +371,7 @@ describe("CredentialBroker.serverUse", () => {
       expect(r2.result).toBe("triggered");
     });
 
-    test("different services with same field name are independent (serverUseById)", () => {
+    test("different services with same field name are independent (serverUseById)", async () => {
       const meta1 = upsertCredentialMetadata("github", "api_token", {
         allowedTools: ["github_api"],
       });
@@ -382,7 +382,7 @@ describe("CredentialBroker.serverUse", () => {
       setSecureKey(credentialKey("gitlab", "api_token"), "gl_tok");
 
       // github credential should not serve gitlab tool
-      const r1 = broker.serverUseById({
+      const r1 = await broker.serverUseById({
         credentialId: meta1.credentialId,
         requestingTool: "gitlab_api",
       });
@@ -447,7 +447,7 @@ describe("CredentialBroker.serverUseById", () => {
     rmSync(TEST_DIR, { recursive: true, force: true });
   });
 
-  test("returns metadata and injection templates for valid credential", () => {
+  test("returns metadata and injection templates for valid credential", async () => {
     const meta = upsertCredentialMetadata("fal", "api_key", {
       allowedTools: ["media_proxy"],
       injectionTemplates: [
@@ -461,7 +461,7 @@ describe("CredentialBroker.serverUseById", () => {
     });
     setSecureKey(credentialKey("fal", "api_key"), "fal-secret-key");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });
@@ -480,13 +480,13 @@ describe("CredentialBroker.serverUseById", () => {
     expect(serialized).not.toContain("fal-secret-key");
   });
 
-  test("denies when requesting tool is not in allowed list", () => {
+  test("denies when requesting tool is not in allowed list", async () => {
     const meta = upsertCredentialMetadata("fal", "api_key", {
       allowedTools: ["media_proxy"],
     });
     setSecureKey(credentialKey("fal", "api_key"), "fal-secret-key");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "unauthorized_tool",
     });
@@ -498,8 +498,8 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.reason).toContain("media_proxy");
   });
 
-  test("returns not found for unknown credential ID", () => {
-    const result = broker.serverUseById({
+  test("returns not found for unknown credential ID", async () => {
+    const result = await broker.serverUseById({
       credentialId: "nonexistent-id",
       requestingTool: "media_proxy",
     });
@@ -510,14 +510,14 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.reason).toContain("nonexistent-id");
   });
 
-  test("denies when credential has domain restrictions", () => {
+  test("denies when credential has domain restrictions", async () => {
     const meta = upsertCredentialMetadata("github", "oauth_token", {
       allowedTools: ["media_proxy"],
       allowedDomains: ["github.com"],
     });
     setSecureKey(credentialKey("github", "oauth_token"), "gho_test");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });
@@ -528,13 +528,13 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.reason).toContain("cannot be used server-side");
   });
 
-  test("returns empty injection templates when credential has none", () => {
+  test("returns empty injection templates when credential has none", async () => {
     const meta = upsertCredentialMetadata("vercel", "api_token", {
       allowedTools: ["media_proxy"],
     });
     setSecureKey(credentialKey("vercel", "api_token"), "test-vercel-token");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });
@@ -544,13 +544,13 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.injectionTemplates).toEqual([]);
   });
 
-  test("denies with empty allowedTools and suggests updating credential", () => {
+  test("denies with empty allowedTools and suggests updating credential", async () => {
     const meta = upsertCredentialMetadata("stripe", "secret_key", {
       allowedTools: [],
     });
     setSecureKey(credentialKey("stripe", "secret_key"), "sk_test_xyz");
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });
@@ -561,7 +561,7 @@ describe("CredentialBroker.serverUseById", () => {
     expect(result.reason).toContain("credential_store");
   });
 
-  test("denies when metadata exists but no stored secret value", () => {
+  test("denies when metadata exists but no stored secret value", async () => {
     const meta = upsertCredentialMetadata("fal", "api_key", {
       allowedTools: ["media_proxy"],
       injectionTemplates: [
@@ -575,7 +575,7 @@ describe("CredentialBroker.serverUseById", () => {
     });
     // No setSecureKey — metadata exists but value doesn't
 
-    const result = broker.serverUseById({
+    const result = await broker.serverUseById({
       credentialId: meta.credentialId,
       requestingTool: "media_proxy",
     });