@vellumai/assistant 0.5.13 → 0.5.14

package/src/__tests__/channel-reply-delivery.test.ts

@@ -32,6 +32,7 @@ let renderedHistoryContent: {
   toolCallsBeforeText: boolean;
   contentOrder: string[];
   surfaces: unknown[];
+  thinkingSegments: string[];
 } = {
   text: "",
   textSegments: [],
@@ -39,6 +40,7 @@ let renderedHistoryContent: {
   toolCallsBeforeText: false,
   contentOrder: [],
   surfaces: [],
+  thinkingSegments: [],
 };
 
 let deliveryFailAtIndex = -1;
@@ -111,6 +113,7 @@ describe("channel-reply-delivery", () => {
       toolCallsBeforeText: false,
       contentOrder: [],
       surfaces: [],
+      thinkingSegments: [],
     };
   });
 
@@ -197,6 +200,7 @@ describe("channel-reply-delivery", () => {
       toolCallsBeforeText: false,
       contentOrder: ["text:0", "tool:0", "text:1"],
       surfaces: [],
+      thinkingSegments: [],
     };
 
     await deliverReplyViaCallback(
@@ -432,6 +436,7 @@ describe("channel-reply-delivery", () => {
       toolCallsBeforeText: false,
       contentOrder: ["text:0", "tool:0", "text:1", "tool:1", "text:2"],
       surfaces: [],
+      thinkingSegments: [],
     };
 
     const delivered: number[] = [];

package/src/__tests__/channel-retry-sweep.test.ts

@@ -1,23 +1,7 @@
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
 import { eq } from "drizzle-orm";
 
-const testDir = mkdtempSync(join(tmpdir(), "channel-retry-sweep-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -34,11 +18,6 @@ initializeDb();
 
 afterAll(() => {
   resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    // Best effort cleanup
-  }
 });
 
 function resetTables(): void {

package/src/__tests__/checker.test.ts

@@ -21,21 +21,11 @@ import {
   test,
 } from "bun:test";
 
-// Use a temp directory so trust-store doesn't touch ~/.vellum
-const checkerTestDir = mkdtempSync(join(tmpdir(), "checker-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getRootDir: () => checkerTestDir,
-  getDataDir: () => join(checkerTestDir, "data"),
-  getWorkspaceSkillsDir: () => join(checkerTestDir, "skills"),
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(checkerTestDir, "test.pid"),
-  getDbPath: () => join(checkerTestDir, "test.db"),
-  getLogPath: () => join(checkerTestDir, "test.log"),
-  ensureDataDir: () => {},
-}));
+// Use the preload-provided workspace directory so trust-store doesn't touch ~/.vellum
+const checkerTestDir = process.env.VELLUM_WORKSPACE_DIR!;
+
+// Point the file-based trust backend at the test temp dir.
+process.env.GATEWAY_SECURITY_DIR = join(checkerTestDir, "protected");
 
 // Capture logger.warn() calls so tests can assert on deprecation warnings.
 const loggerWarnCalls: string[] = [];
@@ -175,14 +165,6 @@ describe("Permission Checker", () => {
     } catch {
       /* may not exist */
     }
-    try {
-      rmSync(join(checkerTestDir, "workspace", "skills"), {
-        recursive: true,
-        force: true,
-      });
-    } catch {
-      /* may not exist */
-    }
   });
 
   // ── classifyRisk ────────────────────────────────────────────────
@@ -1484,7 +1466,7 @@ describe("Permission Checker", () => {
 
   describe("default workspace prompt file allow rules", () => {
     test("file_edit of workspace IDENTITY.md is auto-allowed", async () => {
-      const identityPath = join(checkerTestDir, "workspace", "IDENTITY.md");
+      const identityPath = join(checkerTestDir, "IDENTITY.md");
       const result = await check("file_edit", { path: identityPath }, "/tmp");
       expect(result.decision).toBe("allow");
       expect(result.matchedRule).toBeDefined();
@@ -1492,7 +1474,7 @@ describe("Permission Checker", () => {
     });
 
     test("file_read of workspace USER.md is auto-allowed", async () => {
-      const userPath = join(checkerTestDir, "workspace", "USER.md");
+      const userPath = join(checkerTestDir, "USER.md");
       const result = await check("file_read", { path: userPath }, "/tmp");
       expect(result.decision).toBe("allow");
       expect(result.matchedRule).toBeDefined();
@@ -1500,7 +1482,7 @@ describe("Permission Checker", () => {
     });
 
     test("file_write of workspace SOUL.md is auto-allowed", async () => {
-      const soulPath = join(checkerTestDir, "workspace", "SOUL.md");
+      const soulPath = join(checkerTestDir, "SOUL.md");
       const result = await check("file_write", { path: soulPath }, "/tmp");
       expect(result.decision).toBe("allow");
       expect(result.matchedRule).toBeDefined();
@@ -1508,7 +1490,7 @@ describe("Permission Checker", () => {
     });
 
     test("file_write of workspace BOOTSTRAP.md is auto-allowed", async () => {
-      const bootstrapPath = join(checkerTestDir, "workspace", "BOOTSTRAP.md");
+      const bootstrapPath = join(checkerTestDir, "BOOTSTRAP.md");
       const result = await check("file_write", { path: bootstrapPath }, "/tmp");
       expect(result.decision).toBe("allow");
       expect(result.matchedRule).toBeDefined();
@@ -1516,7 +1498,7 @@ describe("Permission Checker", () => {
     });
 
     test("file_read of workspace UPDATES.md is auto-allowed", async () => {
-      const updatesPath = join(checkerTestDir, "workspace", "UPDATES.md");
+      const updatesPath = join(checkerTestDir, "UPDATES.md");
       const result = await check("file_read", { path: updatesPath }, "/tmp");
       expect(result.decision).toBe("allow");
       expect(result.matchedRule).toBeDefined();
@@ -1524,7 +1506,7 @@ describe("Permission Checker", () => {
     });
 
     test("file_write of workspace UPDATES.md is auto-allowed", async () => {
-      const updatesPath = join(checkerTestDir, "workspace", "UPDATES.md");
+      const updatesPath = join(checkerTestDir, "UPDATES.md");
       const result = await check("file_write", { path: updatesPath }, "/tmp");
       expect(result.decision).toBe("allow");
       expect(result.matchedRule).toBeDefined();
@@ -1532,7 +1514,7 @@ describe("Permission Checker", () => {
     });
 
     test("file_edit of workspace UPDATES.md is auto-allowed", async () => {
-      const updatesPath = join(checkerTestDir, "workspace", "UPDATES.md");
+      const updatesPath = join(checkerTestDir, "UPDATES.md");
       const result = await check("file_edit", { path: updatesPath }, "/tmp");
       expect(result.decision).toBe("allow");
       expect(result.matchedRule).toBeDefined();
@@ -1540,7 +1522,7 @@ describe("Permission Checker", () => {
     });
 
     test("file_write of non-workspace file is auto-allowed (Low risk)", async () => {
-      const otherPath = join(checkerTestDir, "workspace", "OTHER.md");
+      const otherPath = join(checkerTestDir, "OTHER.md");
       // Use a workingDir that doesn't contain the path so it's not workspace-scoped
       const result = await check("file_write", { path: otherPath }, "/home");
       // Low risk → auto-allowed even outside workspace
@@ -2067,7 +2049,7 @@ describe("Permission Checker", () => {
       expect(risk).toBe(RiskLevel.Low);
     });
 
-    test("file_write to skill directory prompts as High risk", async () => {
+    test("file_write to skill directory prompts via default ask rule", async () => {
       ensureSkillsDir();
       const skillPath = join(
         checkerTestDir,
@@ -2077,7 +2059,10 @@ describe("Permission Checker", () => {
       );
       const result = await check("file_write", { path: skillPath }, "/tmp");
       expect(result.decision).toBe("prompt");
-      expect(result.reason).toContain("High risk");
+      expect(result.matchedRule).toBeDefined();
+      expect(result.matchedRule!.id).toBe(
+        "default:ask-file_write-managed-skills",
+      );
     });
 
     test("file_write to skill directory is NOT allowed by a generic file_write allow rule (High risk)", async () => {
@@ -2092,7 +2077,6 @@ describe("Permission Checker", () => {
       const result = await check("file_write", { path: skillPath }, "/tmp");
       // High risk requires explicit allowHighRisk — a plain allow rule is insufficient.
       expect(result.decision).toBe("prompt");
-      expect(result.reason).toContain("High risk");
     });
 
     test("file_write to skill directory is allowed with allowHighRisk: true rule", async () => {
@@ -2592,10 +2576,8 @@ describe("Permission Checker", () => {
           "executor.ts",
         );
         const result = await check("file_write", { path: skillPath }, "/tmp");
+        // The important invariant is that it prompts (default ask rule or strict mode).
         expect(result.decision).toBe("prompt");
-        // In strict mode the "no matching rule" check fires before the
-        // high-risk fallback — the important invariant is that it prompts.
-        expect(result.reason).toContain("requires approval");
       });
 
       test("strict mode: file_edit of skill source prompts (no implicit allow)", async () => {
@@ -2609,7 +2591,6 @@ describe("Permission Checker", () => {
         );
         const result = await check("file_edit", { path: skillPath }, "/tmp");
         expect(result.decision).toBe("prompt");
-        expect(result.reason).toContain("requires approval");
       });
 
       test("strict mode: file_write to non-skill path prompts as Strict mode", async () => {
@@ -2621,7 +2602,7 @@ describe("Permission Checker", () => {
         expect(result.reason).toContain("Strict mode");
       });
 
-      test("workspace mode: file_write to skill source still prompts as High risk", async () => {
+      test("workspace mode: file_write to skill source still prompts", async () => {
         testConfig.permissions.mode = "workspace";
         ensureSkillsDir();
         const skillPath = join(
@@ -2632,7 +2613,6 @@ describe("Permission Checker", () => {
         );
         const result = await check("file_write", { path: skillPath }, "/tmp");
         expect(result.decision).toBe("prompt");
-        expect(result.reason).toContain("High risk");
       });
 
       test("strict mode: host_file_write to skill source prompts (high risk overrides host ask)", async () => {
@@ -2792,35 +2772,20 @@ describe("Permission Checker", () => {
   // Regression tests: user-created allow rules (priority 100) must override
   // the default ask rules for skill-source mutations (priority 50).
   //
-  // Paths use getRootDir()/workspace/skills/ (not getWorkspaceSkillsDir())
-  // because getDefaultRuleTemplates builds the managed-skill ask rule from
-  // getRootDir(), so using a different prefix would avoid contention with
-  // the default rule and silently pass even if the priority regressed.
-  //
-  // extraDirs is set to the parent "workspace" directory (not "workspace/skills")
-  // so that isSkillSourcePath classifies the paths as High risk without creating
-  // a duplicate extra-0 ask rule for the exact same path as the managed rule.
-  // The third test explicitly asserts the matched rule ID is the managed-skill
-  // rule to guard against regressions in default rule generation.
+  // Paths use the real workspace skills directory (getWorkspaceSkillsDir())
+  // so that getDefaultRuleTemplates builds the managed-skill ask rule for the
+  // exact same path.  The third test explicitly asserts the matched rule ID is
+  // the managed-skill rule to guard against regressions in default rule
+  // generation.
 
   describe("user override of skill mutation default ask rules", () => {
     // Must match the path getDefaultRuleTemplates computes for managedSkillsDir
-    const wsSkillsDir = join(checkerTestDir, "workspace", "skills");
-    // Use parent directory for extraDirs — broad enough for isSkillSourcePath
-    // to recognize skill paths, but distinct from the managed-skill rule path.
-    const wsDir = join(checkerTestDir, "workspace");
+    const wsSkillsDir = join(checkerTestDir, "skills");
 
     function ensureSkillsDir(): void {
       mkdirSync(wsSkillsDir, { recursive: true });
     }
 
-    beforeEach(() => {
-      // Register the workspace parent dir so isSkillSourcePath detects skill
-      // paths under workspace/skills/ without duplicating the managed-skill
-      // default ask rule (the mock for getWorkspaceSkillsDir points elsewhere).
-      testConfig.skills.load.extraDirs = [wsDir];
-    });
-
     test("user allowHighRisk rule at priority 100 overrides default ask for skill source writes", async () => {
       ensureSkillsDir();
       const skillPath = join(wsSkillsDir, "my-skill", "executor.ts");

package/src/__tests__/clawhub.test.ts

@@ -1,21 +1,9 @@
-import {
-  existsSync,
-  mkdirSync,
-  mkdtempSync,
-  rmSync,
-  writeFileSync,
-} from "node:fs";
-import { tmpdir } from "node:os";
+import { existsSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
-import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { describe, expect, test } from "bun:test";
 import { mock } from "bun:test";
 
-let TEST_DIR = "";
-
-mock.module("../util/platform.js", () => ({
-  getRootDir: () => TEST_DIR,
-  getWorkspaceSkillsDir: () => join(TEST_DIR, "skills"),
-}));
+const TEST_DIR = process.env.VELLUM_WORKSPACE_DIR!;
 
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
@@ -31,15 +19,6 @@ import {
   verifyAndRecordSkillHash,
 } from "../skills/clawhub.js";
 
-beforeEach(() => {
-  TEST_DIR = mkdtempSync(join(tmpdir(), "clawhub-test-"));
-  mkdirSync(join(TEST_DIR, "skills"), { recursive: true });
-});
-
-afterEach(() => {
-  rmSync(TEST_DIR, { recursive: true, force: true });
-});
-
 // ---------------------------------------------------------------------------
 // Slug validation (exercised through public API)
 // ---------------------------------------------------------------------------
@@ -125,6 +104,7 @@ describe("integrity manifest", () => {
   }
 
   test("malformed integrity JSON is handled gracefully", () => {
+    mkdirSync(join(TEST_DIR, "skills"), { recursive: true });
     const integrityPath = join(TEST_DIR, "skills", ".integrity.json");
     writeFileSync(integrityPath, "{not valid json!!!", "utf-8");
     createSkillFiles("valid-slug");
@@ -139,7 +119,11 @@ describe("integrity manifest", () => {
   });
 
   test("missing integrity manifest is created on first install", () => {
-    const integrityPath = join(TEST_DIR, "skills", ".integrity.json");
+    const skillsDir = join(TEST_DIR, "skills");
+    mkdirSync(skillsDir, { recursive: true });
+    const integrityPath = join(skillsDir, ".integrity.json");
+    // Remove any manifest left by earlier tests so we test the fresh-creation path
+    rmSync(integrityPath, { force: true });
     expect(existsSync(integrityPath)).toBe(false);
     createSkillFiles("new-skill");
 

package/src/__tests__/cli-command-risk-guard.test.ts

@@ -5,26 +5,8 @@
 // sensitive subcommands are intentionally elevated to Medium or High.
 // See #18982 / #18998 for the regression that motivated this guard.
 
-import { mkdtempSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { describe, expect, mock, test } from "bun:test";
 
-const guardTestDir = mkdtempSync(join(tmpdir(), "cli-risk-guard-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getRootDir: () => guardTestDir,
-  getDataDir: () => join(guardTestDir, "data"),
-  getWorkspaceSkillsDir: () => join(guardTestDir, "skills"),
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(guardTestDir, "test.pid"),
-  getDbPath: () => join(guardTestDir, "test.db"),
-  getLogPath: () => join(guardTestDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {

package/src/__tests__/config-loader-backfill.test.ts

@@ -1,4 +1,3 @@
-import { randomBytes } from "node:crypto";
 import {
   existsSync,
   mkdirSync,
@@ -6,7 +5,6 @@ import {
   rmSync,
   writeFileSync,
 } from "node:fs";
-import { tmpdir } from "node:os";
 import { join } from "node:path";
 import {
   afterAll,
@@ -22,21 +20,16 @@ import {
 // Mocks — declared before imports that depend on platform/logger
 // ---------------------------------------------------------------------------
 
-const TEST_DIR = join(
-  tmpdir(),
-  `vellum-backfill-test-${randomBytes(4).toString("hex")}`,
-);
-const WORKSPACE_DIR = join(TEST_DIR, "workspace");
+const WORKSPACE_DIR = process.env.VELLUM_WORKSPACE_DIR!;
 const CONFIG_PATH = join(WORKSPACE_DIR, "config.json");
 
 function ensureTestDir(): void {
   const dirs = [
-    TEST_DIR,
     WORKSPACE_DIR,
-    join(TEST_DIR, "data"),
-    join(TEST_DIR, "memory"),
-    join(TEST_DIR, "memory", "knowledge"),
-    join(TEST_DIR, "logs"),
+    join(WORKSPACE_DIR, "data"),
+    join(WORKSPACE_DIR, "data", "memory"),
+    join(WORKSPACE_DIR, "data", "memory", "knowledge"),
+    join(WORKSPACE_DIR, "data", "logs"),
   ];
   for (const dir of dirs) {
     if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
@@ -64,18 +57,6 @@ mock.module("../util/logger.js", () => ({
   getLogger: () => makeLoggerStub(),
 }));
 
-mock.module("../util/platform.js", () => ({
-  getRootDir: () => TEST_DIR,
-  getWorkspaceDir: () => WORKSPACE_DIR,
-  getWorkspaceConfigPath: () => CONFIG_PATH,
-  getDataDir: () => join(TEST_DIR, "data"),
-  getLogPath: () => join(TEST_DIR, "logs", "vellum.log"),
-  ensureDataDir: () => ensureTestDir(),
-  isMacOS: () => false,
-  isLinux: () => false,
-  isWindows: () => false,
-}));
-
 // Restore all mocked modules after this file's tests complete to prevent
 // cross-test contamination when running grouped with other test files.
 afterAll(() => {
@@ -171,9 +152,9 @@ describe("config loader backfill", () => {
     ensureTestDir();
     const resetPaths = [
       CONFIG_PATH,
-      join(TEST_DIR, "keys.enc"),
-      join(TEST_DIR, "data"),
-      join(TEST_DIR, "memory"),
+      join(WORKSPACE_DIR, "keys.enc"),
+      join(WORKSPACE_DIR, "data"),
+      join(WORKSPACE_DIR, "data", "memory"),
     ];
     for (const path of resetPaths) {
       if (existsSync(path)) {
@@ -181,7 +162,7 @@ describe("config loader backfill", () => {
       }
     }
     ensureTestDir();
-    _setStorePath(join(TEST_DIR, "keys.enc"));
+    _setStorePath(join(WORKSPACE_DIR, "keys.enc"));
     invalidateConfigCache();
   });
 

package/src/__tests__/config-schema-cmd.test.ts

@@ -1,6 +1,4 @@
-import { randomBytes } from "node:crypto";
 import { existsSync, mkdirSync } from "node:fs";
-import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { describe, expect, mock, test } from "bun:test";
 
@@ -8,21 +6,15 @@ import { describe, expect, mock, test } from "bun:test";
 // Mocks — declared before imports that depend on platform/logger
 // ---------------------------------------------------------------------------
 
-const TEST_DIR = join(
-  tmpdir(),
-  `vellum-schema-cmd-test-${randomBytes(4).toString("hex")}`,
-);
-const WORKSPACE_DIR = join(TEST_DIR, "workspace");
-const CONFIG_PATH = join(WORKSPACE_DIR, "config.json");
+const WORKSPACE_DIR = process.env.VELLUM_WORKSPACE_DIR!;
 
 function ensureTestDir(): void {
   const dirs = [
-    TEST_DIR,
     WORKSPACE_DIR,
-    join(TEST_DIR, "data"),
-    join(TEST_DIR, "memory"),
-    join(TEST_DIR, "memory", "knowledge"),
-    join(TEST_DIR, "logs"),
+    join(WORKSPACE_DIR, "data"),
+    join(WORKSPACE_DIR, "data", "memory"),
+    join(WORKSPACE_DIR, "data", "memory", "knowledge"),
+    join(WORKSPACE_DIR, "data", "logs"),
   ];
   for (const dir of dirs) {
     if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
@@ -53,18 +45,6 @@ mock.module("../util/logger.js", () => ({
   getCliLogger: () => makeLoggerStub(),
 }));
 
-mock.module("../util/platform.js", () => ({
-  getRootDir: () => TEST_DIR,
-  getWorkspaceDir: () => WORKSPACE_DIR,
-  getWorkspaceConfigPath: () => CONFIG_PATH,
-  getDataDir: () => join(TEST_DIR, "data"),
-  getLogPath: () => join(TEST_DIR, "logs", "vellum.log"),
-  ensureDataDir: () => ensureTestDir(),
-  isMacOS: () => false,
-  isLinux: () => false,
-  isWindows: () => false,
-}));
-
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     services: {

package/src/__tests__/config-schema.test.ts

@@ -1,6 +1,4 @@
-import { randomBytes } from "node:crypto";
 import { existsSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
-import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
@@ -8,21 +6,16 @@ import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 // Mocks — declared before imports that depend on platform/logger
 // ---------------------------------------------------------------------------
 
-const TEST_DIR = join(
-  tmpdir(),
-  `vellum-schema-test-${randomBytes(4).toString("hex")}`,
-);
-const WORKSPACE_DIR = join(TEST_DIR, "workspace");
+const WORKSPACE_DIR = process.env.VELLUM_WORKSPACE_DIR!;
 const CONFIG_PATH = join(WORKSPACE_DIR, "config.json");
 
 function ensureTestDir(): void {
   const dirs = [
-    TEST_DIR,
     WORKSPACE_DIR,
-    join(TEST_DIR, "data"),
-    join(TEST_DIR, "memory"),
-    join(TEST_DIR, "memory", "knowledge"),
-    join(TEST_DIR, "logs"),
+    join(WORKSPACE_DIR, "data"),
+    join(WORKSPACE_DIR, "data", "memory"),
+    join(WORKSPACE_DIR, "data", "memory", "knowledge"),
+    join(WORKSPACE_DIR, "data", "logs"),
   ];
   for (const dir of dirs) {
     if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
@@ -50,18 +43,6 @@ mock.module("../util/logger.js", () => ({
   getLogger: () => makeLoggerStub(),
 }));
 
-mock.module("../util/platform.js", () => ({
-  getRootDir: () => TEST_DIR,
-  getWorkspaceDir: () => WORKSPACE_DIR,
-  getWorkspaceConfigPath: () => CONFIG_PATH,
-  getDataDir: () => join(TEST_DIR, "data"),
-  getLogPath: () => join(TEST_DIR, "logs", "vellum.log"),
-  ensureDataDir: () => ensureTestDir(),
-  isMacOS: () => false,
-  isLinux: () => false,
-  isWindows: () => false,
-}));
-
 import {
   buildElevenLabsVoiceSpec,
   resolveVoiceQualityProfile,
@@ -102,8 +83,8 @@ describe("AssistantConfigSchema", () => {
     expect(result.services["web-search"].mode).toBe("your-own");
     expect(result.maxTokens).toBe(16000);
     expect(result.thinking).toEqual({
-      enabled: false,
-      streamThinking: false,
+      enabled: true,
+      streamThinking: true,
     });
     expect(result.contextWindow).toEqual({
       enabled: true,
@@ -175,8 +156,8 @@ describe("AssistantConfigSchema", () => {
     const result = AssistantConfigSchema.parse({});
     expect(result.memory.retrieval.dynamicBudget).toEqual({
       enabled: true,
-      minInjectTokens: 1200,
-      maxInjectTokens: 10000,
+      minInjectTokens: 2400,
+      maxInjectTokens: 16000,
       targetHeadroomTokens: 10000,
     });
   });
@@ -975,13 +956,13 @@ describe("buildElevenLabsVoiceSpec", () => {
 
 describe("loadConfig with schema validation", () => {
   beforeEach(() => {
-    // Keep TEST_DIR and logs in place to avoid racing async logger stream init.
+    // Keep WORKSPACE_DIR and logs in place to avoid racing async logger stream init.
     ensureTestDir();
     const resetPaths = [
       CONFIG_PATH,
-      join(TEST_DIR, "keys.enc"),
-      join(TEST_DIR, "data"),
-      join(TEST_DIR, "memory"),
+      join(WORKSPACE_DIR, "keys.enc"),
+      join(WORKSPACE_DIR, "data"),
+      join(WORKSPACE_DIR, "data", "memory"),
     ];
     for (const path of resetPaths) {
       if (existsSync(path)) {
@@ -989,7 +970,7 @@ describe("loadConfig with schema validation", () => {
       }
     }
     ensureTestDir();
-    _setStorePath(join(TEST_DIR, "keys.enc"));
+    _setStorePath(join(WORKSPACE_DIR, "keys.enc"));
     invalidateConfigCache();
   });
 
@@ -998,7 +979,7 @@ describe("loadConfig with schema validation", () => {
     invalidateConfigCache();
   });
 
-  // Intentionally do not remove TEST_DIR in afterAll.
+  // Intentionally do not remove WORKSPACE_DIR in afterAll.
   // A late async logger flush may still target logs under this path and can
   // intermittently trigger unhandled ENOENT in CI if the directory is removed.
   test("loads valid config", () => {
@@ -1021,8 +1002,8 @@ describe("loadConfig with schema validation", () => {
     expect(config.services.inference.model).toBe("claude-opus-4-6");
     expect(config.maxTokens).toBe(16000);
     expect(config.thinking).toEqual({
-      enabled: false,
-      streamThinking: false,
+      enabled: true,
+      streamThinking: true,
     });
     expect(config.contextWindow).toEqual({
       enabled: true,
@@ -1209,9 +1190,9 @@ describe("Call entrypoint gating", () => {
     ensureTestDir();
     const resetPaths = [
       CONFIG_PATH,
-      join(TEST_DIR, "keys.enc"),
-      join(TEST_DIR, "data"),
-      join(TEST_DIR, "memory"),
+      join(WORKSPACE_DIR, "keys.enc"),
+      join(WORKSPACE_DIR, "data"),
+      join(WORKSPACE_DIR, "data", "memory"),
     ];
     for (const path of resetPaths) {
       if (existsSync(path)) {
@@ -1219,7 +1200,7 @@ describe("Call entrypoint gating", () => {
       }
     }
     ensureTestDir();
-    _setStorePath(join(TEST_DIR, "keys.enc"));
+    _setStorePath(join(WORKSPACE_DIR, "keys.enc"));
     invalidateConfigCache();
   });