@vellumai/assistant 0.4.53 → 0.4.54

package/src/__tests__/provider-fail-open-selection.test.ts

@@ -21,7 +21,7 @@ mock.module("../config/env.js", () => ({
 const actualSecureKeys = await import("../security/secure-keys.js");
 mock.module("../security/secure-keys.js", () => ({
   ...actualSecureKeys,
-  getSecureKey: (key: string) => {
+  getSecureKeyAsync: async (key: string) => {
     if (key === credentialKey("vellum", "assistant_api_key")) {
       return mockAssistantApiKey || null;
     }
@@ -31,6 +31,7 @@ mock.module("../security/secure-keys.js", () => ({
 
 import {
   getFailoverProvider,
+  getProviderRoutingSource,
   initializeProviders,
   listProviders,
   resolveProviderSelection,
@@ -44,50 +45,50 @@ import { ProviderNotConfiguredError } from "../util/errors.js";
  */
 
 /** Initialize registry with anthropic + openai for most tests. */
-function setupTwoProviders() {
+async function setupTwoProviders() {
   mockProviderKeys = { anthropic: "test-key", openai: "test-key" };
-  initializeProviders({
+  await initializeProviders({
     provider: "anthropic",
     model: "test-model",
   });
 }
 
 /** Initialize registry with no providers (empty keys, non-registerable primary). */
-function setupNoProviders() {
+async function setupNoProviders() {
   mockProviderKeys = {};
-  initializeProviders({
+  await initializeProviders({
     provider: "gemini",
     model: "test-model",
   });
 }
 
 describe("resolveProviderSelection", () => {
-  test("configured primary available → selected as primary", () => {
-    setupTwoProviders();
+  test("configured primary available → selected as primary", async () => {
+    await setupTwoProviders();
     const result = resolveProviderSelection("anthropic", ["openai"]);
     expect(result.selectedPrimary).toBe("anthropic");
     expect(result.usedFallbackPrimary).toBe(false);
     expect(result.availableProviders).toEqual(["anthropic", "openai"]);
   });
 
-  test("configured primary unavailable + alternate available → alternate selected", () => {
-    setupTwoProviders();
+  test("configured primary unavailable + alternate available → alternate selected", async () => {
+    await setupTwoProviders();
     const result = resolveProviderSelection("gemini", ["anthropic", "openai"]);
     expect(result.selectedPrimary).toBe("anthropic");
     expect(result.usedFallbackPrimary).toBe(true);
     expect(result.availableProviders).toEqual(["anthropic", "openai"]);
   });
 
-  test("configured primary unavailable + first alternate also unavailable → second alternate selected", () => {
-    setupTwoProviders();
+  test("configured primary unavailable + first alternate also unavailable → second alternate selected", async () => {
+    await setupTwoProviders();
     const result = resolveProviderSelection("gemini", ["fireworks", "openai"]);
     expect(result.selectedPrimary).toBe("openai");
     expect(result.usedFallbackPrimary).toBe(true);
     expect(result.availableProviders).toEqual(["openai"]);
   });
 
-  test("deduplicates entries in providerOrder", () => {
-    setupTwoProviders();
+  test("deduplicates entries in providerOrder", async () => {
+    await setupTwoProviders();
     const result = resolveProviderSelection("anthropic", [
       "anthropic",
       "openai",
@@ -96,8 +97,8 @@ describe("resolveProviderSelection", () => {
     expect(result.availableProviders).toEqual(["anthropic", "openai"]);
   });
 
-  test("unknown entries in providerOrder are filtered out", () => {
-    setupTwoProviders();
+  test("unknown entries in providerOrder are filtered out", async () => {
+    await setupTwoProviders();
     const result = resolveProviderSelection("anthropic", [
       "nonexistent",
       "openai",
@@ -105,24 +106,24 @@ describe("resolveProviderSelection", () => {
     expect(result.availableProviders).toEqual(["anthropic", "openai"]);
   });
 
-  test("no available providers → null selectedPrimary", () => {
-    setupTwoProviders();
+  test("no available providers → null selectedPrimary", async () => {
+    await setupTwoProviders();
     const result = resolveProviderSelection("gemini", ["fireworks", "ollama"]);
     expect(result.selectedPrimary).toBeNull();
     expect(result.usedFallbackPrimary).toBe(false);
     expect(result.availableProviders).toEqual([]);
   });
 
-  test("empty providerOrder with available primary → primary only", () => {
-    setupTwoProviders();
+  test("empty providerOrder with available primary → primary only", async () => {
+    await setupTwoProviders();
     const result = resolveProviderSelection("anthropic", []);
     expect(result.selectedPrimary).toBe("anthropic");
     expect(result.usedFallbackPrimary).toBe(false);
     expect(result.availableProviders).toEqual(["anthropic"]);
   });
 
-  test("empty providerOrder with unavailable primary → null", () => {
-    setupTwoProviders();
+  test("empty providerOrder with unavailable primary → null", async () => {
+    await setupTwoProviders();
     const result = resolveProviderSelection("gemini", []);
     expect(result.selectedPrimary).toBeNull();
     expect(result.availableProviders).toEqual([]);
@@ -130,20 +131,20 @@ describe("resolveProviderSelection", () => {
 });
 
 describe("getFailoverProvider (fail-open)", () => {
-  test("returns provider when primary is available", () => {
-    setupTwoProviders();
+  test("returns provider when primary is available", async () => {
+    await setupTwoProviders();
     const provider = getFailoverProvider("anthropic", ["openai"]);
     expect(provider).toBeDefined();
   });
 
-  test("returns provider when primary is unavailable but alternate exists", () => {
-    setupTwoProviders();
+  test("returns provider when primary is unavailable but alternate exists", async () => {
+    await setupTwoProviders();
     const provider = getFailoverProvider("gemini", ["anthropic", "openai"]);
     expect(provider).toBeDefined();
   });
 
-  test("throws ProviderNotConfiguredError when no providers are available", () => {
-    setupNoProviders();
+  test("throws ProviderNotConfiguredError when no providers are available", async () => {
+    await setupNoProviders();
     expect(() => getFailoverProvider("gemini", ["fireworks"])).toThrow(
       ProviderNotConfiguredError,
     );
@@ -158,8 +159,8 @@ describe("getFailoverProvider (fail-open)", () => {
     }
   });
 
-  test("single available provider returns it directly (no failover wrapper)", () => {
-    setupTwoProviders();
+  test("single available provider returns it directly (no failover wrapper)", async () => {
+    await setupTwoProviders();
     const provider = getFailoverProvider("gemini", ["anthropic"]);
     // Should be a RetryProvider wrapping AnthropicProvider, not a FailoverProvider
     expect(provider.name).not.toBe("failover");
@@ -181,72 +182,72 @@ describe("managed proxy fallback", () => {
     mockAssistantApiKey = "";
   }
 
-  test("openai registered via managed fallback when no user key but proxy context is valid", () => {
+  test("anthropic and gemini are registered via managed fallback when no user key but proxy context is valid", async () => {
     enableManagedProxy();
     try {
       mockProviderKeys = { anthropic: "test-key" };
-      initializeProviders({
+      await initializeProviders({
         provider: "anthropic",
         model: "test-model",
       });
       const registered = listProviders();
-      expect(registered).toContain("openai");
-      expect(registered).toContain("fireworks");
-      expect(registered).toContain("openrouter");
+      expect(registered).toEqual(["anthropic", "gemini"]);
     } finally {
       disableManagedProxy();
     }
   });
 
-  test("user key takes precedence over managed fallback", () => {
+  test("user key takes precedence and managed fallback only fills anthropic and gemini", async () => {
     enableManagedProxy();
     try {
       mockProviderKeys = { anthropic: "test-key", openai: "user-openai-key" };
-      initializeProviders({
+      await initializeProviders({
         provider: "anthropic",
         model: "test-model",
       });
-      // openai should be registered (via user key, not managed)
       const registered = listProviders();
       expect(registered).toContain("openai");
-      // fireworks/openrouter should also be registered via managed fallback
-      expect(registered).toContain("fireworks");
-      expect(registered).toContain("openrouter");
+      expect(registered).toContain("anthropic");
+      expect(registered).toContain("gemini");
+      expect(registered).not.toContain("fireworks");
+      expect(registered).not.toContain("openrouter");
     } finally {
       disableManagedProxy();
     }
   });
 
-  test("managed fallback not activated when proxy context is disabled", () => {
+  test("managed fallback not activated when proxy context is disabled", async () => {
     disableManagedProxy();
     mockProviderKeys = { anthropic: "test-key" };
-    initializeProviders({
+    await initializeProviders({
       provider: "anthropic",
       model: "test-model",
     });
     const registered = listProviders();
+    // Anthropic is registered via user-key, not managed proxy.
+    expect(registered).toContain("anthropic");
+    expect(getProviderRoutingSource("anthropic")).toBe("user-key");
+    // No other providers are registered — managed fallback is off.
+    expect(registered).not.toContain("gemini");
     expect(registered).not.toContain("openai");
     expect(registered).not.toContain("fireworks");
     expect(registered).not.toContain("openrouter");
   });
 
-  test("managed providers participate in failover selection", () => {
+  test("managed anthropic and gemini participate in failover selection", async () => {
     enableManagedProxy();
     try {
       mockProviderKeys = { anthropic: "test-key" };
-      initializeProviders({
+      await initializeProviders({
         provider: "anthropic",
         model: "test-model",
       });
       const selection = resolveProviderSelection("anthropic", [
         "openai",
+        "gemini",
         "fireworks",
       ]);
-      expect(selection.availableProviders).toEqual([
-        "anthropic",
-        "openai",
-        "fireworks",
-      ]);
+      expect(selection.availableProviders).toEqual(["anthropic", "gemini"]);
       expect(selection.selectedPrimary).toBe("anthropic");
       expect(selection.usedFallbackPrimary).toBe(false);
     } finally {
@@ -254,18 +255,21 @@ describe("managed proxy fallback", () => {
     }
   });
 
-  test("managed provider selected as primary when configured primary unavailable", () => {
+  test("managed gemini can be selected as fallback primary when configured primary is unavailable", async () => {
     enableManagedProxy();
     try {
       // No anthropic key, no gemini key — only managed providers available
       mockProviderKeys = {};
-      initializeProviders({
+      await initializeProviders({
         provider: "openai",
         model: "test-model",
       });
-      const selection = resolveProviderSelection("openai", ["fireworks"]);
-      expect(selection.selectedPrimary).toBe("openai");
-      expect(selection.usedFallbackPrimary).toBe(false);
+      const selection = resolveProviderSelection("openai", [
+        "gemini",
+        "anthropic",
+      ]);
+      expect(selection.selectedPrimary).toBe("gemini");
+      expect(selection.usedFallbackPrimary).toBe(true);
     } finally {
       disableManagedProxy();
     }

package/src/__tests__/provider-managed-proxy-integration.test.ts

@@ -46,7 +46,7 @@ mock.module("../config/env.js", () => ({
 }));
 
 mock.module("../security/secure-keys.js", () => ({
-  getSecureKey: (key: string) => {
+  getSecureKeyAsync: async (key: string) => {
     if (key === credentialKey("vellum", "assistant_api_key")) {
       return mockAssistantApiKey;
     }
@@ -68,13 +68,14 @@ import {
 const PLATFORM_BASE = "https://platform.example.com";
 const MANAGED_API_KEY = "ast-managed-key-123";
 
-const MANAGED_PROVIDERS: string[] = [
+const DIRECT_OR_MANAGED_PROVIDER_KEYS: string[] = [
   "openai",
   "anthropic",
   "gemini",
   "fireworks",
   "openrouter",
 ];
+const MANAGED_FALLBACK_PROVIDERS: string[] = ["anthropic", "gemini"];
 
 function enableManagedProxy() {
   mockPlatformBaseUrl = PLATFORM_BASE;
@@ -108,12 +109,12 @@ beforeEach(() => {
 
 describe("managed proxy integration — credential precedence", () => {
   describe("user keys present → providers use direct connections (not proxy)", () => {
-    test.each(MANAGED_PROVIDERS)(
+    test.each(DIRECT_OR_MANAGED_PROVIDER_KEYS)(
       "%s routes via user-key when user key is provided regardless of managed context",
-      (provider: string) => {
+      async (provider: string) => {
         enableManagedProxy();
         setUserKeysFor(provider);
-        initializeProviders({
+        await initializeProviders({
           provider,
           model: "test-model",
         });
@@ -122,29 +123,29 @@ describe("managed proxy integration — credential precedence", () => {
       },
     );
 
-    test("all five managed providers route via user-key with user keys", () => {
+    test("all five configured providers route via user-key when user keys exist", async () => {
       enableManagedProxy();
-      setUserKeysFor(...MANAGED_PROVIDERS);
-      initializeProviders({
+      setUserKeysFor(...DIRECT_OR_MANAGED_PROVIDER_KEYS);
+      await initializeProviders({
         provider: "anthropic",
         model: "test-model",
       });
       const registered = listProviders();
-      for (const p of MANAGED_PROVIDERS) {
+      for (const p of DIRECT_OR_MANAGED_PROVIDER_KEYS) {
         expect(registered).toContain(p);
         expect(getProviderRoutingSource(p)).toBe("user-key");
       }
     });
 
-    test("user keys still route via user-key when managed context is disabled", () => {
+    test("user keys still route via user-key when managed context is disabled", async () => {
       disableManagedProxy();
-      setUserKeysFor(...MANAGED_PROVIDERS);
-      initializeProviders({
+      setUserKeysFor(...DIRECT_OR_MANAGED_PROVIDER_KEYS);
+      await initializeProviders({
         provider: "anthropic",
         model: "test-model",
       });
       const registered = listProviders();
-      for (const p of MANAGED_PROVIDERS) {
+      for (const p of DIRECT_OR_MANAGED_PROVIDER_KEYS) {
         expect(registered).toContain(p);
         expect(getProviderRoutingSource(p)).toBe("user-key");
       }
@@ -152,14 +153,13 @@ describe("managed proxy integration — credential precedence", () => {
   });
 
   describe("user keys absent + managed context available → providers use managed proxy", () => {
-    test.each(MANAGED_PROVIDERS)(
+    test.each(MANAGED_FALLBACK_PROVIDERS)(
       "%s routes via managed-proxy when no user key",
-      (provider: string) => {
+      async (provider: string) => {
         enableManagedProxy();
         mockProviderKeys = {};
-        initializeProviders({
-          // For ollama, provider selection does not trigger managed proxy
-          provider: provider === "openai" ? "openai" : "anthropic",
+        await initializeProviders({
+          provider: "anthropic",
           model: "test-model",
         });
         expect(listProviders()).toContain(provider);
@@ -167,24 +167,25 @@ describe("managed proxy integration — credential precedence", () => {
       },
     );
 
-    test("all five managed providers route via managed-proxy simultaneously", () => {
+    test("managed bootstrap registers anthropic and gemini only", async () => {
       enableManagedProxy();
       mockProviderKeys = {};
-      initializeProviders({
+      await initializeProviders({
         provider: "anthropic",
         model: "test-model",
       });
-      const registered = listProviders();
-      for (const p of MANAGED_PROVIDERS) {
-        expect(registered).toContain(p);
-        expect(getProviderRoutingSource(p)).toBe("managed-proxy");
+      expect(listProviders()).toEqual(["anthropic", "gemini"]);
+      expect(getProviderRoutingSource("anthropic")).toBe("managed-proxy");
+      expect(getProviderRoutingSource("gemini")).toBe("managed-proxy");
+      for (const p of ["openai", "fireworks", "openrouter"]) {
+        expect(getProviderRoutingSource(p)).toBeUndefined();
       }
     });
 
-    test("managed anthropic uses vertex proxy path instead of anthropic proxy path", () => {
+    test("managed anthropic uses anthropic proxy path", async () => {
       enableManagedProxy();
       mockProviderKeys = {};
-      initializeProviders({
+      await initializeProviders({
         provider: "anthropic",
         model: "claude-opus-4-6",
       });
@@ -204,16 +205,14 @@ describe("managed proxy integration — credential precedence", () => {
       expect(baseURL).toContain("/v1/runtime-proxy/anthropic");
     });
 
-    test("managed gemini uses vertex proxy path instead of gemini proxy path", () => {
+    test("managed gemini uses vertex proxy path", async () => {
       enableManagedProxy();
       mockProviderKeys = {};
-      initializeProviders({
+      await initializeProviders({
         provider: "anthropic",
         model: "test-model",
       });
 
-      // The GoogleGenAI constructor was captured by the mock — verify it
-      // received httpOptions.baseUrl pointing at the vertex proxy path.
       expect(lastGeminiConstructorOpts).toBeDefined();
       const httpOptions = lastGeminiConstructorOpts!.httpOptions as
         | { baseUrl?: string }
@@ -225,12 +224,12 @@ describe("managed proxy integration — credential precedence", () => {
   });
 
   describe("neither user keys nor managed context → providers not initialized", () => {
-    test.each(MANAGED_PROVIDERS)(
+    test.each(DIRECT_OR_MANAGED_PROVIDER_KEYS)(
       "%s is NOT registered when no user key and no managed context",
-      (provider: string) => {
+      async (provider: string) => {
         disableManagedProxy();
         mockProviderKeys = {};
-        initializeProviders({
+        await initializeProviders({
           provider: "anthropic",
           model: "test-model",
         });
@@ -239,10 +238,10 @@ describe("managed proxy integration — credential precedence", () => {
       },
     );
 
-    test("registry is empty when no keys and no managed context (non-ollama primary)", () => {
+    test("registry is empty when no keys and no managed context (non-ollama primary)", async () => {
       disableManagedProxy();
       mockProviderKeys = {};
-      initializeProviders({
+      await initializeProviders({
         provider: "anthropic",
         model: "test-model",
       });
@@ -251,65 +250,71 @@ describe("managed proxy integration — credential precedence", () => {
   });
 
   describe("mixed: some user keys + managed fallback fills gaps", () => {
-    test("user key for anthropic routes direct, managed fallback fills remaining four via proxy", () => {
+    test("user key for anthropic routes direct and managed fallback only fills gemini", async () => {
       enableManagedProxy();
       setUserKeysFor("anthropic");
-      initializeProviders({
+      await initializeProviders({
         provider: "anthropic",
         model: "test-model",
       });
       const registered = listProviders();
       expect(registered).toContain("anthropic");
       expect(getProviderRoutingSource("anthropic")).toBe("user-key");
-      for (const p of ["openai", "gemini", "fireworks", "openrouter"]) {
-        expect(registered).toContain(p);
-        expect(getProviderRoutingSource(p)).toBe("managed-proxy");
+      expect(registered).toContain("gemini");
+      expect(getProviderRoutingSource("gemini")).toBe("managed-proxy");
+      for (const p of ["openai", "fireworks", "openrouter"]) {
+        expect(registered).not.toContain(p);
+        expect(getProviderRoutingSource(p)).toBeUndefined();
       }
     });
 
-    test("user key for openai routes direct, managed fallback fills remaining four via proxy", () => {
+    test("user key for openai routes direct while anthropic and gemini still bootstrap via managed proxy", async () => {
       enableManagedProxy();
       setUserKeysFor("openai");
-      initializeProviders({
+      await initializeProviders({
         provider: "openai",
         model: "test-model",
       });
       const registered = listProviders();
       expect(registered).toContain("openai");
       expect(getProviderRoutingSource("openai")).toBe("user-key");
-      for (const p of ["anthropic", "gemini", "fireworks", "openrouter"]) {
-        expect(registered).toContain(p);
-        expect(getProviderRoutingSource(p)).toBe("managed-proxy");
+      expect(registered).toContain("anthropic");
+      expect(getProviderRoutingSource("anthropic")).toBe("managed-proxy");
+      expect(registered).toContain("gemini");
+      expect(getProviderRoutingSource("gemini")).toBe("managed-proxy");
+      for (const p of ["fireworks", "openrouter"]) {
+        expect(registered).not.toContain(p);
+        expect(getProviderRoutingSource(p)).toBeUndefined();
       }
     });
   });
 });
 
 describe("managed proxy integration — ollama exclusion", () => {
-  test("ollama is never registered via managed proxy fallback", () => {
+  test("ollama is never registered via managed proxy fallback", async () => {
     enableManagedProxy();
     mockProviderKeys = {};
-    initializeProviders({
+    await initializeProviders({
       provider: "anthropic",
       model: "test-model",
     });
     expect(listProviders()).not.toContain("ollama");
   });
 
-  test("ollama registers only when explicitly configured as provider", () => {
+  test("ollama registers only when explicitly configured as provider", async () => {
     enableManagedProxy();
     mockProviderKeys = {};
-    initializeProviders({
+    await initializeProviders({
       provider: "ollama",
       model: "test-model",
     });
     expect(listProviders()).toContain("ollama");
   });
 
-  test("ollama registers with explicit API key", () => {
+  test("ollama registers with explicit API key", async () => {
     enableManagedProxy();
     mockProviderKeys = { ollama: "ollama-key" };
-    initializeProviders({
+    await initializeProviders({
       provider: "anthropic",
       model: "test-model",
     });
@@ -325,8 +330,8 @@ describe("managed proxy integration — ollama exclusion", () => {
 });
 
 describe("managed proxy integration — constants integrity", () => {
-  test("all five managed providers have metadata with managed=true and a proxyPath", () => {
-    for (const provider of MANAGED_PROVIDERS) {
+  test("anthropic, gemini, and vertex have metadata with managed=true and a proxyPath", () => {
+    for (const provider of ["anthropic", "gemini", "vertex"]) {
       const meta = MANAGED_PROVIDER_META[provider];
       expect(meta).toBeDefined();
       expect(meta.managed).toBe(true);
@@ -347,15 +352,10 @@ describe("managed proxy integration — constants integrity", () => {
     );
   });
 
-  test("other providers use their own proxy paths", () => {
-    expect(MANAGED_PROVIDER_META.openai.proxyPath).toBe(
-      "/v1/runtime-proxy/openai",
-    );
-    expect(MANAGED_PROVIDER_META.fireworks.proxyPath).toBe(
-      "/v1/runtime-proxy/fireworks",
-    );
-    expect(MANAGED_PROVIDER_META.openrouter.proxyPath).toBe(
-      "/v1/runtime-proxy/openrouter",
-    );
+  test("openai-compatible providers are not managed proxy capable", () => {
+    for (const provider of ["openai", "fireworks", "openrouter"]) {
+      expect(MANAGED_PROVIDER_META[provider].managed).toBe(false);
+      expect(MANAGED_PROVIDER_META[provider].proxyPath).toBeUndefined();
+    }
   });
 });

package/src/__tests__/provider-registry-ollama.test.ts

@@ -4,7 +4,7 @@ import { describe, expect, mock, test } from "bun:test";
 const actualSecureKeys = await import("../security/secure-keys.js");
 mock.module("../security/secure-keys.js", () => ({
   ...actualSecureKeys,
-  getSecureKey: () => undefined,
+  getSecureKeyAsync: async () => undefined,
 }));
 
 import {
@@ -14,8 +14,8 @@ import {
 } from "../providers/registry.js";
 
 describe("provider registry (ollama)", () => {
-  test("registers ollama when selected provider has no API key", () => {
-    initializeProviders({
+  test("registers ollama when selected provider has no API key", async () => {
+    await initializeProviders({
       provider: "ollama",
       model: "claude-opus-4-6",
     });

package/src/__tests__/public-ingress-urls.test.ts

@@ -98,7 +98,7 @@ describe("getPublicBaseUrl", () => {
     ).toThrow(/Public ingress is disabled/);
   });
 
-  test("returns URL when enabled is undefined (backward compat)", () => {
+  test("returns URL when enabled is undefined", () => {
     const result = getPublicBaseUrl({
       ingress: { enabled: undefined, publicBaseUrl: "https://example.com" },
     });