@vellumai/assistant 0.5.4 → 0.5.6

package/Dockerfile

@@ -25,6 +25,9 @@ COPY packages/egress-proxy ./packages/egress-proxy
 COPY assistant/package.json assistant/bun.lock ./assistant/
 RUN cd /app/assistant && bun install --frozen-lockfile
 
+# Copy meta files needed by assistant (provider-env-vars.json)
+COPY meta/provider-env-vars.json ./meta/provider-env-vars.json
+
 # Copy source
 COPY assistant ./assistant
 
@@ -47,57 +50,44 @@ RUN apt-get update && apt-get install -y \
     g++ \
     git \
     sudo \
+    htop \
+    procps \
     && rm -rf /var/lib/apt/lists/*
 
 # Copy bun binary from builder instead of re-installing
 COPY --from=builder /root/.bun/bin/bun /usr/local/bin/bun
 RUN ln -sf /usr/local/bin/bun /usr/local/bin/bunx
 
+# Install assistant CLI launcher backed by the bundled assistant package
+RUN printf '#!/usr/bin/env sh\nexec bun run /app/assistant/src/index.ts "$@"\n' > /usr/local/bin/assistant && \
+    chmod +x /usr/local/bin/assistant
+
 # Create non-root user that also has sudo access so it can like install stuff
 RUN groupadd --system --gid 1001 assistant && \
     useradd --system --uid 1001 --gid assistant --create-home --shell /bin/bash assistant && \
     echo "assistant ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
 
-# Set up data directory
-RUN mkdir -p /home/assistant/.vellum /data && \
-    chown -R assistant:assistant /home/assistant/.vellum /data && \
-    chmod a+rwx /data
+# Set up assistant home directory for local state (device.json, etc.)
+RUN mkdir -p /home/assistant/.vellum && \
+    chown -R assistant:assistant /home/assistant/.vellum
 
 # Update PATH for assistant user
-ENV PATH="/home/assistant/.bun/bin:/data/bin:${PATH}"
+ENV PATH="/home/assistant/.bun/bin:${PATH}"
 
-# Configure package managers to use /data
-ENV BUN_INSTALL="/data/.bun"
+# Configure package managers to use assistant home
+ENV BUN_INSTALL="/home/assistant/.bun"
 ENV PATH="${BUN_INSTALL}/bin:${PATH}"
-ENV PYTHONUSERBASE="/data/.python"
+ENV PYTHONUSERBASE="/home/assistant/.python"
 ENV PATH="${PYTHONUSERBASE}/bin:${PATH}"
 
-# Configure apt/dpkg to install future packages to /data
-RUN mkdir -p /data/dpkg/info /data/dpkg/updates /data/dpkg/triggers && \
-    mkdir -p /data/usr/bin /data/usr/lib /data/usr/share && \
-    chown -R assistant:assistant /data/dpkg /data/usr
-
-# Create dpkg configuration for using /data as install prefix
-RUN echo 'Dir::State "/data/dpkg";' > /etc/apt/apt.conf.d/99data-dir && \
-    echo 'Dir::State::status "/data/dpkg/status";' >> /etc/apt/apt.conf.d/99data-dir && \
-    echo 'Dir::Cache "/data/apt/cache";' >> /etc/apt/apt.conf.d/99data-dir && \
-    echo 'DPkg::Options {"--instdir=/data/usr";"--admindir=/data/dpkg";"--force-not-root";"--force-bad-path";};' >> /etc/apt/apt.conf.d/99data-dir && \
-    mkdir -p /data/apt/cache && \
-    touch /data/dpkg/status && \
-    chown -R assistant:assistant /data/apt /data/dpkg
-
-ENV PATH="/data/usr/bin:/data/usr/sbin:${PATH}"
-ENV LD_LIBRARY_PATH="/data/usr/lib:/data/usr/lib/x86_64-linux-gnu:/data/usr/lib/aarch64-linux-gnu"
-
 # Ensure the CES bootstrap socket volume is writable by the non-root CES user.
 RUN mkdir -p /run/ces-bootstrap && chmod 777 /run/ces-bootstrap
 
-USER root
+USER assistant
 
 EXPOSE 3001
 
 ENV RUNTIME_HTTP_PORT=3001
-ENV BASE_DATA_DIR=/data
 ENV IS_CONTAINERIZED=true
 
 # Copy from builder

package/node_modules/@vellumai/ces-contracts/src/index.ts

@@ -145,3 +145,4 @@ export * from "./handles.js";
 export * from "./grants.js";
 export * from "./rpc.js";
 export * from "./rendering.js";
+export * from "./trust-rules.js";

package/node_modules/@vellumai/ces-contracts/src/trust-rules.ts

@@ -0,0 +1,42 @@
+/**
+ * Trust rule types shared between the assistant daemon and the gateway.
+ *
+ * These are extracted from `assistant/src/permissions/types.ts` and
+ * `assistant/src/permissions/trust-store.ts` so that both packages can
+ * reference a single canonical definition.
+ */
+
+// ---------------------------------------------------------------------------
+// Trust decision
+// ---------------------------------------------------------------------------
+
+/** The possible decisions a trust rule can make. */
+export type TrustDecision = "allow" | "deny" | "ask";
+
+// ---------------------------------------------------------------------------
+// Trust rule
+// ---------------------------------------------------------------------------
+
+export interface TrustRule {
+  id: string;
+  tool: string;
+  pattern: string;
+  scope: string;
+  decision: TrustDecision;
+  priority: number;
+  createdAt: number;
+  executionTarget?: string;
+  allowHighRisk?: boolean;
+}
+
+// ---------------------------------------------------------------------------
+// Trust file (on-disk shape)
+// ---------------------------------------------------------------------------
+
+/** Shape of the `trust.json` file persisted to disk. */
+export interface TrustFileData {
+  version: number;
+  rules: TrustRule[];
+  /** Set to true when the user explicitly accepts the starter approval bundle. */
+  starterBundleAccepted?: boolean;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.5.4",
+  "version": "0.5.6",
   "type": "module",
   "exports": {
     ".": "./src/index.ts"

package/src/__tests__/actor-token-service.test.ts

@@ -57,6 +57,8 @@ import {
 } from "../runtime/actor-token-store.js";
 import { resetExternalAssistantIdCache } from "../runtime/auth/external-assistant-id.js";
 import {
+  BootstrapAlreadyCompleted,
+  fetchSigningKeyFromGateway,
   hashToken,
   initAuthSigningKey,
 } from "../runtime/auth/token-service.js";
@@ -729,3 +731,114 @@ describe("bootstrap private-network guard", () => {
     expect(res.status).toBe(200);
   });
 });
+
+// ---------------------------------------------------------------------------
+// fetchSigningKeyFromGateway
+// ---------------------------------------------------------------------------
+
+describe("fetchSigningKeyFromGateway", () => {
+  const VALID_HEX_KEY = "a".repeat(64); // 64 hex chars = 32 bytes
+  const originalEnv = process.env.GATEWAY_INTERNAL_URL;
+  const originalFetch = globalThis.fetch;
+
+  beforeEach(() => {
+    process.env.GATEWAY_INTERNAL_URL = "http://gateway:7822";
+  });
+
+  afterAll(() => {
+    if (originalEnv !== undefined) {
+      process.env.GATEWAY_INTERNAL_URL = originalEnv;
+    } else {
+      delete process.env.GATEWAY_INTERNAL_URL;
+    }
+    globalThis.fetch = originalFetch;
+  });
+
+  test("returns 32-byte buffer on successful 200 response", async () => {
+    globalThis.fetch = (async () =>
+      new Response(JSON.stringify({ key: VALID_HEX_KEY }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      })) as unknown as typeof fetch;
+
+    const key = await fetchSigningKeyFromGateway();
+    expect(key).toBeInstanceOf(Buffer);
+    expect(key.length).toBe(32);
+    expect(key.toString("hex")).toBe(VALID_HEX_KEY);
+  });
+
+  test("throws BootstrapAlreadyCompleted on 403 response", async () => {
+    globalThis.fetch = (async () =>
+      new Response("Forbidden", { status: 403 })) as unknown as typeof fetch;
+
+    await expect(fetchSigningKeyFromGateway()).rejects.toBeInstanceOf(
+      BootstrapAlreadyCompleted,
+    );
+  });
+
+  test("throws timeout error after max retry attempts on persistent failure", async () => {
+    // Mock Bun.sleep to avoid waiting 30s in tests
+    const origSleep = Bun.sleep;
+    Bun.sleep = (() => Promise.resolve()) as typeof Bun.sleep;
+
+    let callCount = 0;
+    globalThis.fetch = (async () => {
+      callCount++;
+      throw new Error("ECONNREFUSED");
+    }) as unknown as typeof fetch;
+
+    try {
+      await expect(fetchSigningKeyFromGateway()).rejects.toThrow(
+        "timed out waiting for gateway",
+      );
+      expect(callCount).toBe(30);
+    } finally {
+      Bun.sleep = origSleep;
+    }
+  });
+
+  test("throws when GATEWAY_INTERNAL_URL is not set", async () => {
+    delete process.env.GATEWAY_INTERNAL_URL;
+
+    await expect(fetchSigningKeyFromGateway()).rejects.toThrow(
+      "GATEWAY_INTERNAL_URL not set",
+    );
+  });
+
+  test("rejects invalid key length", async () => {
+    globalThis.fetch = (async () =>
+      new Response(JSON.stringify({ key: "aabb" }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      })) as unknown as typeof fetch;
+
+    await expect(fetchSigningKeyFromGateway()).rejects.toThrow(
+      "Invalid signing key length",
+    );
+  });
+
+  test("retries on non-200/non-403 status and eventually succeeds", async () => {
+    const origSleep = Bun.sleep;
+    Bun.sleep = (() => Promise.resolve()) as typeof Bun.sleep;
+
+    let callCount = 0;
+    globalThis.fetch = (async () => {
+      callCount++;
+      if (callCount < 3) {
+        return new Response("Service Unavailable", { status: 503 });
+      }
+      return new Response(JSON.stringify({ key: VALID_HEX_KEY }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      });
+    }) as unknown as typeof fetch;
+
+    try {
+      const key = await fetchSigningKeyFromGateway();
+      expect(key.length).toBe(32);
+      expect(callCount).toBe(3);
+    } finally {
+      Bun.sleep = origSleep;
+    }
+  });
+});

package/src/__tests__/config-schema.test.ts

@@ -437,7 +437,7 @@ describe("AssistantConfigSchema", () => {
 
   test("defaults permissions.mode to workspace", () => {
     const result = AssistantConfigSchema.parse({});
-    expect(result.permissions).toEqual({ mode: "workspace" });
+    expect(result.permissions).toEqual({ mode: "workspace", dangerouslySkipPermissions: false });
   });
 
   test("accepts explicit permissions.mode strict", () => {
@@ -1139,7 +1139,7 @@ describe("loadConfig with schema validation", () => {
   test("defaults permissions.mode to workspace when not specified", () => {
     writeConfig({});
     const config = loadConfig();
-    expect(config.permissions).toEqual({ mode: "workspace" });
+    expect(config.permissions).toEqual({ mode: "workspace", dangerouslySkipPermissions: false });
   });
 
   test("loads explicit permissions.mode strict", () => {

package/src/__tests__/context-window-manager.test.ts

@@ -344,6 +344,84 @@ describe("ContextWindowManager", () => {
     expect(result.compactedPersistedMessages).toBe(4);
   });
 
+  test("adjusts keep boundary to preserve tool_use/tool_result pairs", async () => {
+    const provider = createProvider(() => ({
+      content: [{ type: "text", text: "## Goals\n- compacted summary" }],
+      model: "mock-model",
+      usage: { inputTokens: 75, outputTokens: 20 },
+      stopReason: "end_turn",
+    }));
+    // Configure budget so compaction keeps only the last user turn,
+    // which would normally split the tool pair because the last user
+    // turn start is a mixed message (tool_result + text) whose matching
+    // tool_use lives in the preceding assistant message.
+    const manager = new ContextWindowManager({
+      provider,
+      systemPrompt: "system prompt",
+      config: makeConfig({
+        maxInputTokens: 320,
+        targetBudgetRatio: 0.58,
+      }),
+    });
+    const long = "k".repeat(220);
+    const history: Message[] = [
+      message("user", `u1 ${long}`), // index 0: old user turn (long)
+      message("assistant", `a1 ${long}`), // index 1: assistant reply (long)
+      message("user", `u2 ${long}`), // index 2: second user turn (long)
+      {
+        // index 3: assistant with tool_use
+        role: "assistant",
+        content: [
+          {
+            type: "tool_use",
+            id: "t1",
+            name: "read_file",
+            input: { path: "/tmp/a" },
+          },
+        ],
+      },
+      {
+        // index 4: user with tool_result AND text (mixed = user turn start)
+        // Without adjustForToolPairs, the raw boundary would land here,
+        // orphaning the tool_result from its tool_use at index 3.
+        role: "user",
+        content: [
+          { type: "tool_result", tool_use_id: "t1", content: "file contents" },
+          { type: "text", text: "thanks, now continue" },
+        ],
+      },
+    ];
+
+    const result = await manager.maybeCompact(history);
+    expect(result.compacted).toBe(true);
+    // The kept messages must include the tool_use assistant message (index 3)
+    // and tool_result user message (index 4) as a pair, not split them.
+    // Verify no orphaned tool_result blocks exist in the kept messages.
+    const keptMessages = result.messages;
+    for (let i = 0; i < keptMessages.length; i++) {
+      const msg = keptMessages[i];
+      if (msg.role !== "user") continue;
+      for (const block of msg.content) {
+        if (block.type === "tool_result") {
+          // Every tool_result must have a matching tool_use in a preceding assistant message
+          const toolUseId = (block as { tool_use_id: string }).tool_use_id;
+          const hasMatchingToolUse = keptMessages
+            .slice(0, i)
+            .some(
+              (prev) =>
+                prev.role === "assistant" &&
+                prev.content.some(
+                  (b) =>
+                    b.type === "tool_use" &&
+                    (b as { id: string }).id === toolUseId,
+                ),
+            );
+          expect(hasMatchingToolUse).toBe(true);
+        }
+      }
+    }
+  });
+
   test("counts mixed tool_result+text user messages as persisted", async () => {
     const provider = createProvider(() => ({
       content: [{ type: "text", text: "## Goals\n- mixed summary" }],

package/src/__tests__/conversation-title-service.test.ts

@@ -1,6 +1,6 @@
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
-const mockRunBtwSidechain = mock(async () => ({
+const mockRunBtwSidechain = mock(async (_params: Record<string, unknown>) => ({
   text: "Project kickoff",
   hadTextDeltas: true,
   response: {
@@ -93,6 +93,8 @@ describe("conversation-title-service", () => {
     expect(mockRunBtwSidechain).toHaveBeenCalledWith(
       expect.objectContaining({
         provider,
+        systemPrompt: expect.stringContaining("conversation titles"),
+        tools: [],
         maxTokens: 37,
         modelIntent: "latency-optimized",
         timeoutMs: 10_000,
@@ -123,6 +125,8 @@ describe("conversation-title-service", () => {
     expect(mockRunBtwSidechain).toHaveBeenCalledWith(
       expect.objectContaining({
         provider,
+        systemPrompt: expect.stringContaining("conversation titles"),
+        tools: [],
         maxTokens: 37,
         modelIntent: "latency-optimized",
         timeoutMs: 10_000,
@@ -134,4 +138,29 @@ describe("conversation-title-service", () => {
       1,
     );
   });
+
+  test("title prompt content does not contain generation instructions", async () => {
+    const provider = {
+      name: "test-provider",
+      sendMessage: mock(async () => {
+        throw new Error("provider.sendMessage should not be called directly");
+      }),
+    };
+
+    await generateAndPersistConversationTitle({
+      conversationId: "conv-1",
+      provider,
+      userMessage: "Help me plan the kickoff",
+    });
+
+    const call = mockRunBtwSidechain.mock.calls[0]![0] as {
+      content: string;
+      systemPrompt: string;
+    };
+    // Instructions should be in systemPrompt, not in content
+    expect(call.content).not.toContain("Generate a very short title");
+    expect(call.content).not.toContain("do NOT respond");
+    expect(call.systemPrompt).toContain("Do NOT respond");
+    expect(call.systemPrompt).toContain("Maximum 5 words");
+  });
 });

package/src/__tests__/credential-security-invariants.test.ts

@@ -222,6 +222,7 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "messaging/providers/telegram-bot/adapter.ts", // Telegram bot token lookup for connectivity check
       "runtime/channel-readiness-service.ts", // channel readiness probes for Telegram connectivity
       "messaging/providers/whatsapp/adapter.ts", // WhatsApp credential lookup for connectivity check
+      "messaging/providers/slack/adapter.ts", // Slack bot token lookup for Socket Mode connectivity check
       "daemon/handlers/config-slack-channel.ts", // Slack channel config credential management
       "providers/managed-proxy/context.ts", // managed proxy API key lookup for provider initialization
       "mcp/mcp-oauth-provider.ts", // MCP OAuth token/client/discovery persistence
@@ -254,6 +255,7 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "config/bundled-skills/slack/tools/shared.ts", // Slack skill bot token lookup
       "daemon/conversation-process.ts", // masked provider key display
       "daemon/handlers/config-model.ts", // masked provider key display
+      "providers/speech-to-text/resolve.ts", // STT provider API key lookup
     ]);
 
     const thisDir = dirname(fileURLToPath(import.meta.url));

package/src/__tests__/docker-signing-key-bootstrap.test.ts

@@ -0,0 +1,207 @@
+/**
+ * Integration tests for resolveSigningKey() covering the Docker bootstrap
+ * lifecycle: fresh fetch from gateway, daemon restart (load from disk),
+ * and local mode (file-based load/create).
+ */
+
+import { mkdtempSync, readFileSync, realpathSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterAll, afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+
+// ---------------------------------------------------------------------------
+// Temp directory for signing key persistence
+// ---------------------------------------------------------------------------
+
+const testDir = realpathSync(mkdtempSync(join(tmpdir(), "docker-signing-key-test-")));
+
+// ---------------------------------------------------------------------------
+// Mock platform to redirect signing key file to our temp directory
+// ---------------------------------------------------------------------------
+
+mock.module("../util/platform.js", () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => testDir,
+  getDbPath: () => join(testDir, "test.db"),
+  normalizeAssistantId: (id: string) => (id === "self" ? "self" : id),
+  readLockfile: () => null,
+  writeLockfile: () => {},
+  isMacOS: () => process.platform === "darwin",
+  isLinux: () => process.platform === "linux",
+  isWindows: () => process.platform === "win32",
+  getPidPath: () => join(testDir, "test.pid"),
+  getLogPath: () => join(testDir, "test.log"),
+  ensureDataDir: () => {},
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+// ---------------------------------------------------------------------------
+// Import the functions under test (after mocks are installed)
+// ---------------------------------------------------------------------------
+
+const {
+  resolveSigningKey,
+  loadOrCreateSigningKey: _loadOrCreateSigningKey,
+  BootstrapAlreadyCompleted: _BootstrapAlreadyCompleted,
+} = await import("../runtime/auth/token-service.js");
+
+// ---------------------------------------------------------------------------
+// Test constants
+// ---------------------------------------------------------------------------
+
+const VALID_32_BYTE_KEY = "ab".repeat(32); // 64 hex chars = 32 bytes
+const SIGNING_KEY_PATH = join(testDir, "protected", "actor-token-signing-key");
+
+// ---------------------------------------------------------------------------
+// Environment & fetch state management
+// ---------------------------------------------------------------------------
+
+const originalFetch = globalThis.fetch;
+const savedEnv: Record<string, string | undefined> = {};
+
+function saveEnv(...keys: string[]) {
+  for (const key of keys) {
+    savedEnv[key] = process.env[key];
+  }
+}
+
+function restoreEnv() {
+  for (const [key, val] of Object.entries(savedEnv)) {
+    if (val === undefined) {
+      delete process.env[key];
+    } else {
+      process.env[key] = val;
+    }
+  }
+}
+
+beforeEach(() => {
+  saveEnv("IS_CONTAINERIZED", "GATEWAY_INTERNAL_URL");
+});
+
+afterEach(() => {
+  globalThis.fetch = originalFetch;
+  restoreEnv();
+});
+
+afterAll(() => {
+  try {
+    rmSync(testDir, { recursive: true, force: true });
+  } catch {}
+});
+
+// ---------------------------------------------------------------------------
+// Docker mode tests — resolveSigningKey() bootstrap lifecycle
+// ---------------------------------------------------------------------------
+
+describe("resolveSigningKey — Docker bootstrap lifecycle", () => {
+  test("fresh bootstrap: fetches key from gateway and persists to disk", async () => {
+    process.env.IS_CONTAINERIZED = "true";
+    process.env.GATEWAY_INTERNAL_URL = "http://localhost:19876";
+
+    // Mock fetch to return a known 32-byte key on first call.
+    globalThis.fetch = (async () =>
+      new Response(JSON.stringify({ key: VALID_32_BYTE_KEY }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      })) as unknown as typeof fetch;
+
+    const key = await resolveSigningKey();
+
+    // Verify the returned key is a 32-byte buffer with the expected content.
+    expect(key).toBeInstanceOf(Buffer);
+    expect(key.length).toBe(32);
+    expect(key.toString("hex")).toBe(VALID_32_BYTE_KEY);
+
+    // Verify the key was persisted to disk.
+    const persisted = readFileSync(SIGNING_KEY_PATH);
+    expect(persisted.length).toBe(32);
+    expect(Buffer.from(persisted).equals(key)).toBe(true);
+  });
+
+  test("daemon restart: gateway returns 403, loads persisted key from disk", async () => {
+    process.env.IS_CONTAINERIZED = "true";
+    process.env.GATEWAY_INTERNAL_URL = "http://localhost:19876";
+
+    // The previous test persisted the key. Simulate a daemon restart where
+    // the gateway returns 403 (bootstrap already completed).
+    globalThis.fetch = (async () =>
+      new Response(JSON.stringify({ error: "Bootstrap already completed" }), {
+        status: 403,
+      })) as unknown as typeof fetch;
+
+    const key = await resolveSigningKey();
+
+    // Should have loaded the previously persisted key from disk.
+    expect(key).toBeInstanceOf(Buffer);
+    expect(key.length).toBe(32);
+    expect(key.toString("hex")).toBe(VALID_32_BYTE_KEY);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Local mode tests — resolveSigningKey() file-based path
+// ---------------------------------------------------------------------------
+
+describe("resolveSigningKey — local mode", () => {
+  test("uses file-based loadOrCreateSigningKey without calling fetch", async () => {
+    // Ensure Docker env vars are unset.
+    delete process.env.IS_CONTAINERIZED;
+    delete process.env.GATEWAY_INTERNAL_URL;
+
+    let fetchCalled = false;
+    globalThis.fetch = (async () => {
+      fetchCalled = true;
+      return new Response("should not be called", { status: 500 });
+    }) as unknown as typeof fetch;
+
+    const key = await resolveSigningKey();
+
+    // Should return a valid 32-byte key (loaded from disk or newly created).
+    expect(key).toBeInstanceOf(Buffer);
+    expect(key.length).toBe(32);
+
+    // Crucially, fetch should NOT have been called.
+    expect(fetchCalled).toBe(false);
+  });
+
+  test("IS_CONTAINERIZED=false does not trigger gateway fetch", async () => {
+    process.env.IS_CONTAINERIZED = "false";
+    process.env.GATEWAY_INTERNAL_URL = "http://localhost:19876";
+
+    let fetchCalled = false;
+    globalThis.fetch = (async () => {
+      fetchCalled = true;
+      return new Response("should not be called", { status: 500 });
+    }) as unknown as typeof fetch;
+
+    const key = await resolveSigningKey();
+
+    expect(key).toBeInstanceOf(Buffer);
+    expect(key.length).toBe(32);
+    expect(fetchCalled).toBe(false);
+  });
+
+  test("IS_CONTAINERIZED=true without GATEWAY_INTERNAL_URL uses local path", async () => {
+    process.env.IS_CONTAINERIZED = "true";
+    delete process.env.GATEWAY_INTERNAL_URL;
+
+    let fetchCalled = false;
+    globalThis.fetch = (async () => {
+      fetchCalled = true;
+      return new Response("should not be called", { status: 500 });
+    }) as unknown as typeof fetch;
+
+    const key = await resolveSigningKey();
+
+    expect(key).toBeInstanceOf(Buffer);
+    expect(key.length).toBe(32);
+    expect(fetchCalled).toBe(false);
+  });
+});