@vellumai/assistant 0.5.14 → 0.5.16

package/src/__tests__/qdrant-manager.test.ts

@@ -5,11 +5,11 @@ import {
   readdirSync,
   readFileSync,
   rmSync,
+  symlinkSync,
   writeFileSync,
 } from "node:fs";
 import { join } from "node:path";
 import {
-  afterAll,
   afterEach,
   beforeAll,
   beforeEach,
@@ -19,11 +19,7 @@ import {
   test,
 } from "bun:test";
 
-const testDataDir = "/tmp/qdrant-manager-test-" + process.pid;
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDataDir,
-}));
+const testDataDir = process.env.VELLUM_WORKSPACE_DIR!;
 
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
@@ -42,7 +38,7 @@ const FAST_TIMEOUTS = {
 } as const;
 
 function placeFakeBinary(script: string): string {
-  const binaryPath = join(testDataDir, "qdrant", "bin", "qdrant");
+  const binaryPath = join(testDataDir, "data", "qdrant", "bin", "qdrant");
   writeFileSync(binaryPath, script);
   chmodSync(binaryPath, 0o755);
   return binaryPath;
@@ -53,7 +49,7 @@ function getTestPort(): number {
   return nextPort++;
 }
 
-const qdrantDir = join(testDataDir, "qdrant");
+const qdrantDir = join(testDataDir, "data", "qdrant");
 const qdrantBinDir = join(qdrantDir, "bin");
 
 beforeAll(() => {
@@ -79,10 +75,6 @@ afterEach(() => {
   delete process.env.QDRANT_URL;
 });
 
-afterAll(() => {
-  rmSync(testDataDir, { recursive: true, force: true });
-});
-
 describe("QdrantManager", () => {
   // ── Constructor ──────────────────────────────────────────────
 
@@ -147,7 +139,7 @@ describe("QdrantManager", () => {
 
   describe("stop() without running process", () => {
     test("removes stale PID file", async () => {
-      const pidPath = join(testDataDir, "qdrant", "qdrant.pid");
+      const pidPath = join(testDataDir, "data", "qdrant", "qdrant.pid");
       writeFileSync(pidPath, "99999");
 
       const mgr = new QdrantManager({ url: "http://127.0.0.1:6333" });
@@ -166,7 +158,7 @@ describe("QdrantManager", () => {
 
   describe("stale PID cleanup during start()", () => {
     test("removes PID file for non-existent process", async () => {
-      const pidPath = join(testDataDir, "qdrant", "qdrant.pid");
+      const pidPath = join(testDataDir, "data", "qdrant", "qdrant.pid");
       writeFileSync(pidPath, "2147483647");
 
       placeFakeBinary("#!/bin/sh\nexit 1");
@@ -187,7 +179,7 @@ describe("QdrantManager", () => {
     }, 10_000);
 
     test("handles invalid PID file contents", async () => {
-      const pidPath = join(testDataDir, "qdrant", "qdrant.pid");
+      const pidPath = join(testDataDir, "data", "qdrant", "qdrant.pid");
       writeFileSync(pidPath, "garbage");
 
       placeFakeBinary("#!/bin/sh\nexit 1");
@@ -208,7 +200,7 @@ describe("QdrantManager", () => {
     }, 10_000);
 
     test("handles empty PID file", async () => {
-      const pidPath = join(testDataDir, "qdrant", "qdrant.pid");
+      const pidPath = join(testDataDir, "data", "qdrant", "qdrant.pid");
       writeFileSync(pidPath, "");
 
       placeFakeBinary("#!/bin/sh\nexit 1");
@@ -233,7 +225,7 @@ describe("QdrantManager", () => {
 
   describe("process lifecycle", () => {
     test("writes PID file after spawning", async () => {
-      const pidPath = join(testDataDir, "qdrant", "qdrant.pid");
+      const pidPath = join(testDataDir, "data", "qdrant", "qdrant.pid");
 
       // Binary that stays alive. We'll stop it before readyz times out.
       placeFakeBinary("#!/bin/sh\nexec sleep 300");
@@ -265,7 +257,7 @@ describe("QdrantManager", () => {
     }, 10_000);
 
     test("stop() escalates to SIGKILL after grace period", async () => {
-      const pidPath = join(testDataDir, "qdrant", "qdrant.pid");
+      const pidPath = join(testDataDir, "data", "qdrant", "qdrant.pid");
 
       // Binary that ignores SIGTERM
       placeFakeBinary('#!/bin/sh\ntrap "" TERM\nexec sleep 300');
@@ -297,7 +289,7 @@ describe("QdrantManager", () => {
 
   describe("start failure cleanup", () => {
     test("cleans up process on readyz timeout", async () => {
-      const pidPath = join(testDataDir, "qdrant", "qdrant.pid");
+      const pidPath = join(testDataDir, "data", "qdrant", "qdrant.pid");
 
       // Binary that stays alive but never serves readyz
       placeFakeBinary("#!/bin/sh\nexec sleep 300");
@@ -313,7 +305,7 @@ describe("QdrantManager", () => {
     }, 10_000);
 
     test("fails fast with exit code when process exits immediately", async () => {
-      const pidPath = join(testDataDir, "qdrant", "qdrant.pid");
+      const pidPath = join(testDataDir, "data", "qdrant", "qdrant.pid");
 
       // GIVEN a Qdrant binary that exits immediately with code 1
       placeFakeBinary("#!/bin/sh\nexit 1");
@@ -372,8 +364,63 @@ describe("QdrantManager", () => {
         /* readyz timeout */
       }
 
-      const binaryPath = join(testDataDir, "qdrant", "bin", "qdrant");
+      const binaryPath = join(testDataDir, "data", "qdrant", "bin", "qdrant");
       expect(existsSync(binaryPath)).toBe(true);
     }, 10_000);
   });
+
+  // ── Symlink Safety ────────────────────────────────────────────
+
+  describe("vellum-qdrant symlink safety", () => {
+    test("ignores pre-existing non-symlink vellum-qdrant file", async () => {
+      const realMarkerPath = join(qdrantDir, "real-executed.txt");
+      const hijackMarkerPath = join(qdrantDir, "hijack-executed.txt");
+
+      placeFakeBinary(`#!/bin/sh\necho real > "${realMarkerPath}"\nexit 1`);
+
+      const hijackPath = join(qdrantBinDir, "vellum-qdrant");
+      writeFileSync(
+        hijackPath,
+        `#!/bin/sh\necho hijack > "${hijackMarkerPath}"\nexit 0`,
+      );
+      chmodSync(hijackPath, 0o755);
+
+      const port = getTestPort();
+      const mgr = new QdrantManager({
+        url: `http://127.0.0.1:${port}`,
+        ...FAST_TIMEOUTS,
+      });
+
+      await expect(mgr.start()).rejects.toThrow("before becoming ready");
+      expect(existsSync(realMarkerPath)).toBe(true);
+      expect(existsSync(hijackMarkerPath)).toBe(false);
+    }, 10_000);
+
+    test("ignores symlink that does not point to real qdrant binary", async () => {
+      const realMarkerPath = join(qdrantDir, "real-executed.txt");
+      const hijackMarkerPath = join(qdrantDir, "hijack-executed.txt");
+
+      placeFakeBinary(`#!/bin/sh\necho real > "${realMarkerPath}"\nexit 1`);
+
+      const evilBinaryPath = join(qdrantBinDir, "evil-qdrant");
+      writeFileSync(
+        evilBinaryPath,
+        `#!/bin/sh\necho hijack > "${hijackMarkerPath}"\nexit 0`,
+      );
+      chmodSync(evilBinaryPath, 0o755);
+
+      const vellumQdrantPath = join(qdrantBinDir, "vellum-qdrant");
+      symlinkSync(evilBinaryPath, vellumQdrantPath);
+
+      const port = getTestPort();
+      const mgr = new QdrantManager({
+        url: `http://127.0.0.1:${port}`,
+        ...FAST_TIMEOUTS,
+      });
+
+      await expect(mgr.start()).rejects.toThrow("before becoming ready");
+      expect(existsSync(realMarkerPath)).toBe(true);
+      expect(existsSync(hijackMarkerPath)).toBe(false);
+    }, 10_000);
+  });
 });

package/src/__tests__/require-fresh-approval.test.ts

@@ -60,7 +60,6 @@ const mockConfig = {
   },
   permissions: {
     mode: "workspace" as const,
-    dangerouslySkipPermissions: false,
   },
 };
 

package/src/__tests__/sandbox-diagnostics.test.ts

@@ -1,6 +1,5 @@
 import * as realChildProcess from "node:child_process";
-import { join } from "node:path";
-import { beforeEach, describe, expect, mock, test } from "bun:test";
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
 const execSyncMock = mock(
   (_command: string, _opts?: unknown): unknown => undefined,
@@ -11,25 +10,6 @@ mock.module("node:child_process", () => ({
   execSync: execSyncMock,
 }));
 
-// Mock platform detection — default to macOS
-let mockIsMacOS = true;
-let mockIsLinux = false;
-
-mock.module("../util/platform.js", () => ({
-  isMacOS: () => mockIsMacOS,
-  isLinux: () => mockIsLinux,
-  getProtectedDir: () => join("/tmp/vellum-test", "protected"),
-  getDataDir: () => "/tmp/vellum-test/data",
-  getDbPath: () => "/tmp/vellum-test/data/db/assistant.db",
-  getLogPath: () => "/tmp/vellum-test/data/logs/daemon.log",
-  getSandboxRootDir: () => "/tmp/vellum-test/sandbox",
-  getSandboxWorkingDir: () => "/tmp/vellum-test/workspace",
-  ensureDataDir: () => {},
-  getHistoryPath: () => "/tmp/vellum-test/data/history",
-  getHooksDir: () => "/tmp/vellum-test/hooks",
-  getPidPath: () => "/tmp/vellum-test/data/daemon.pid",
-}));
-
 // Mock config loader — return a config with sandbox settings
 let mockSandboxConfig: {
   enabled: boolean;
@@ -58,10 +38,17 @@ mock.module("../util/logger.js", () => ({
 const { runSandboxDiagnostics } =
   await import("../tools/terminal/sandbox-diagnostics.js");
 
+// ---------------------------------------------------------------------------
+// Helper: temporarily override process.platform for a test
+// ---------------------------------------------------------------------------
+const originalPlatform = process.platform;
+
+function setPlatform(platform: string): void {
+  Object.defineProperty(process, "platform", { value: platform });
+}
+
 beforeEach(() => {
   execSyncMock.mockReset();
-  mockIsMacOS = true;
-  mockIsLinux = false;
   mockSandboxConfig = {
     enabled: true,
   };
@@ -69,6 +56,11 @@ beforeEach(() => {
   execSyncMock.mockImplementation(() => undefined);
 });
 
+afterEach(() => {
+  // Restore the real platform after every test
+  setPlatform(originalPlatform);
+});
+
 describe("runSandboxDiagnostics — config reporting", () => {
   test("reports sandbox enabled state", () => {
     const result = runSandboxDiagnostics();
@@ -97,6 +89,7 @@ describe("runSandboxDiagnostics — active backend reason", () => {
 
 describe("runSandboxDiagnostics — native backend check (macOS)", () => {
   test("passes when sandbox-exec works on macOS", () => {
+    setPlatform("darwin");
     const result = runSandboxDiagnostics();
     const nativeCheck = result.checks.find((c) =>
       c.label.includes("Native sandbox"),
@@ -107,6 +100,7 @@ describe("runSandboxDiagnostics — native backend check (macOS)", () => {
   });
 
   test("fails when sandbox-exec does not work on macOS", () => {
+    setPlatform("darwin");
     execSyncMock.mockImplementation((cmd: string) => {
       if (typeof cmd === "string" && cmd.includes("sandbox-exec")) {
         throw new Error("not available");
@@ -124,8 +118,7 @@ describe("runSandboxDiagnostics — native backend check (macOS)", () => {
 
 describe("runSandboxDiagnostics — native backend check (Linux)", () => {
   test("passes when bwrap works on Linux", () => {
-    mockIsMacOS = false;
-    mockIsLinux = true;
+    setPlatform("linux");
     const result = runSandboxDiagnostics();
     const nativeCheck = result.checks.find((c) =>
       c.label.includes("Native sandbox"),
@@ -136,8 +129,7 @@ describe("runSandboxDiagnostics — native backend check (Linux)", () => {
   });
 
   test("fails when bwrap is not available on Linux", () => {
-    mockIsMacOS = false;
-    mockIsLinux = true;
+    setPlatform("linux");
     execSyncMock.mockImplementation((cmd: string) => {
       if (typeof cmd === "string" && cmd.includes("bwrap")) {
         throw new Error("not found");
@@ -156,8 +148,7 @@ describe("runSandboxDiagnostics — native backend check (Linux)", () => {
 
 describe("runSandboxDiagnostics — native backend check (unsupported OS)", () => {
   test("reports unsupported when neither macOS nor Linux", () => {
-    mockIsMacOS = false;
-    mockIsLinux = false;
+    setPlatform("win32");
     const result = runSandboxDiagnostics();
     const nativeCheck = result.checks.find((c) =>
       c.label.includes("Native sandbox"),

package/src/__tests__/scaffold-managed-skill-tool.test.ts

@@ -1,15 +1,8 @@
 import { existsSync, mkdirSync, readFileSync, rmSync } from "node:fs";
-import { mkdtempSync } from "node:fs";
-import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
-let TEST_DIR = "";
-
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => join(TEST_DIR, "protected"),
-  getWorkspaceSkillsDir: () => join(TEST_DIR, "skills"),
-}));
+const TEST_DIR = process.env.VELLUM_WORKSPACE_DIR!;
 
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
@@ -30,12 +23,11 @@ function makeContext(): ToolContext {
 }
 
 beforeEach(() => {
-  TEST_DIR = mkdtempSync(join(tmpdir(), "scaffold-tool-test-"));
   mkdirSync(join(TEST_DIR, "skills"), { recursive: true });
 });
 
 afterEach(() => {
-  rmSync(TEST_DIR, { recursive: true, force: true });
+  rmSync(join(TEST_DIR, "skills"), { recursive: true, force: true });
 });
 
 describe("scaffold_managed_skill tool", () => {

package/src/__tests__/secret-allowlist.test.ts

@@ -1,10 +1,8 @@
-import { existsSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
-import { tmpdir } from "node:os";
+import { mkdirSync, rmSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
-// Mock the data dir to a temp directory so tests don't touch ~/.vellum/
-let testDir: string;
+const testDir = process.env.VELLUM_WORKSPACE_DIR!;
 
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
@@ -13,11 +11,6 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => join(testDir, "protected"),
-  getDataDir: () => testDir,
-}));
-
 import {
   isAllowlisted,
   loadAllowlist,
@@ -27,21 +20,13 @@ import { scanText } from "../security/secret-scanner.js";
 
 describe("secret-allowlist", () => {
   beforeEach(() => {
-    testDir = join(
-      tmpdir(),
-      `vellum-allowlist-test-${Date.now()}-${Math.random()
-        .toString(36)
-        .slice(2)}`,
-    );
-    mkdirSync(join(testDir, "protected"), { recursive: true });
+    mkdirSync(join(testDir, "data"), { recursive: true });
     resetAllowlist();
   });
 
   afterEach(() => {
     resetAllowlist();
-    if (existsSync(testDir)) {
-      rmSync(testDir, { recursive: true, force: true });
-    }
+    rmSync(join(testDir, "data"), { recursive: true, force: true });
   });
 
   // -----------------------------------------------------------------------
@@ -56,7 +41,7 @@ describe("secret-allowlist", () => {
   // -----------------------------------------------------------------------
   test("[experimental] suppresses exact values", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ values: ["my-test-api-key-12345"] }),
     );
     expect(isAllowlisted("my-test-api-key-12345")).toBe(true);
@@ -65,7 +50,7 @@ describe("secret-allowlist", () => {
 
   test("[experimental] exact values are case-sensitive", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ values: ["MyTestKey"] }),
     );
     expect(isAllowlisted("MyTestKey")).toBe(true);
@@ -77,7 +62,7 @@ describe("secret-allowlist", () => {
   // -----------------------------------------------------------------------
   test("[experimental] suppresses values matching a prefix", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ prefixes: ["my-internal-"] }),
     );
     expect(isAllowlisted("my-internal-key-abc123")).toBe(true);
@@ -89,7 +74,7 @@ describe("secret-allowlist", () => {
   // -----------------------------------------------------------------------
   test("[experimental] suppresses values matching a regex pattern", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ patterns: ["^ci-test-[a-z0-9]+$"] }),
     );
     expect(isAllowlisted("ci-test-abc123")).toBe(true);
@@ -98,7 +83,7 @@ describe("secret-allowlist", () => {
 
   test("[experimental] invalid regex is skipped without crashing", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ patterns: ["[invalid", "^valid$"] }),
     );
     loadAllowlist();
@@ -113,7 +98,7 @@ describe("secret-allowlist", () => {
   // -----------------------------------------------------------------------
   test("[experimental] combines values, prefixes, and patterns", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({
         values: ["exact-match-value"],
         prefixes: ["test-prefix-"],
@@ -131,7 +116,7 @@ describe("secret-allowlist", () => {
   // -----------------------------------------------------------------------
   test("handles malformed JSON gracefully", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       "not json{{{",
     );
     loadAllowlist();
@@ -141,7 +126,7 @@ describe("secret-allowlist", () => {
 
   test("handles non-array fields gracefully", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ values: "not-an-array", prefixes: 42 }),
     );
     loadAllowlist();
@@ -154,7 +139,7 @@ describe("secret-allowlist", () => {
   test("[experimental] allowlisted values are suppressed by scanText", () => {
     const awsKey = "AKIAIOSFODNN7REALKEY";
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ values: [awsKey] }),
     );
     resetAllowlist();
@@ -166,7 +151,7 @@ describe("secret-allowlist", () => {
 
   test("non-allowlisted values are still detected by scanText", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ values: ["AKIAIOSFODNN7OTHERKE"] }),
     );
     resetAllowlist();
@@ -178,7 +163,7 @@ describe("secret-allowlist", () => {
 
   test("[experimental] prefix allowlist suppresses pattern matches", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ prefixes: ["ghp_AAAA"] }),
     );
     resetAllowlist();
@@ -198,7 +183,7 @@ describe("secret-allowlist", () => {
 
     // Create the file — but fileChecked is cached, so it won't be seen
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ values: ["test-key"] }),
     );
     expect(isAllowlisted("test-key")).toBe(false);
@@ -211,7 +196,7 @@ describe("secret-allowlist", () => {
   test("[experimental] retries loading when file was malformed on first call", () => {
     // First call with malformed JSON
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       "not json{{{",
     );
     loadAllowlist();
@@ -219,7 +204,7 @@ describe("secret-allowlist", () => {
 
     // Fix the file
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ values: ["test-key"] }),
     );
 
@@ -232,7 +217,7 @@ describe("secret-allowlist", () => {
   // -----------------------------------------------------------------------
   test("[experimental] resetAllowlist clears cached state", () => {
     writeFileSync(
-      join(testDir, "protected", "secret-allowlist.json"),
+      join(testDir, "data", "secret-allowlist.json"),
       JSON.stringify({ values: ["test-value"] }),
     );
     loadAllowlist();
@@ -240,7 +225,7 @@ describe("secret-allowlist", () => {
 
     // Reset and remove file — should no longer be allowlisted
     resetAllowlist();
-    rmSync(join(testDir, "protected", "secret-allowlist.json"));
+    rmSync(join(testDir, "data", "secret-allowlist.json"));
     expect(isAllowlisted("test-value")).toBe(false);
   });
 });

package/src/__tests__/shell-credential-ref.test.ts

@@ -45,11 +45,6 @@ mock.module("../tools/terminal/safe-env.js", () => ({
   buildSanitizedEnv: () => ({ PATH: "/usr/bin" }),
 }));
 
-// Mock platform
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => "/tmp/test-data",
-}));
-
 // Mock proxy session manager
 const mockGetOrStartSession = mock((_convId: string, _credIds: string[]) =>
   Promise.resolve({

package/src/__tests__/skill-load-feature-flag.test.ts

@@ -2,57 +2,19 @@
  * Tests that skill_load rejects loading a skill whose feature flag is OFF
  * with a deterministic error message.
  */
-import { existsSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
-import { tmpdir } from "node:os";
+import { mkdirSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
 import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
 
-const TEST_DIR = join(
-  tmpdir(),
-  `vellum-skill-load-flag-test-${crypto.randomUUID()}`,
-);
+const TEST_DIR = process.env.VELLUM_WORKSPACE_DIR!;
 
 let currentConfig: Record<string, unknown> = {};
 
 const DECLARED_SKILL_ID = "contacts";
 const DECLARED_FLAG_KEY = "contacts";
 
-const platformOverrides: Record<string, (...args: unknown[]) => unknown> = {
-  getRootDir: () => TEST_DIR,
-  getDataDir: () => TEST_DIR,
-  ensureDataDir: () => {},
-  getPidPath: () => join(TEST_DIR, "vellum.pid"),
-  getDbPath: () => join(TEST_DIR, "data", "assistant.db"),
-  getLogPath: () => join(TEST_DIR, "logs", "vellum.log"),
-  getWorkspaceDir: () => join(TEST_DIR, "workspace"),
-  getWorkspaceSkillsDir: () => join(TEST_DIR, "skills"),
-  getWorkspaceConfigPath: () => join(TEST_DIR, "workspace", "config.json"),
-  getWorkspaceHooksDir: () => join(TEST_DIR, "workspace", "hooks"),
-  getWorkspacePromptPath: (f: unknown) =>
-    join(TEST_DIR, "workspace", String(f)),
-  getInterfacesDir: () => join(TEST_DIR, "interfaces"),
-  getHooksDir: () => join(TEST_DIR, "hooks"),
-
-  getSandboxRootDir: () => join(TEST_DIR, "sandbox"),
-  getSandboxWorkingDir: () => join(TEST_DIR, "sandbox", "work"),
-  getHistoryPath: () => join(TEST_DIR, "history"),
-  getSessionTokenPath: () => join(TEST_DIR, "session-token"),
-  readSessionToken: () => null,
-  getClipboardCommand: () => null,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPlatformName: () => process.platform,
-};
-// eslint-disable-next-line @typescript-eslint/no-require-imports
-const realPlatform = require("../util/platform.js");
-mock.module("../util/platform.js", () => ({
-  ...realPlatform,
-  ...platformOverrides,
-}));
-
 const noopLogger = new Proxy({} as Record<string, unknown>, {
   get: (_target, prop) => (prop === "child" ? () => noopLogger : () => {}),
 });
@@ -119,9 +81,6 @@ describe("skill_load feature flag enforcement", () => {
 
   afterEach(() => {
     _setOverridesForTesting({});
-    if (existsSync(TEST_DIR)) {
-      rmSync(TEST_DIR, { recursive: true, force: true });
-    }
   });
 
   test("returns deterministic error for flag OFF skill", async () => {