@vellumai/assistant 0.5.5 → 0.5.7

package/src/__tests__/keychain-broker-client.test.ts

@@ -537,8 +537,8 @@ describe("keychain-broker-client", () => {
       writeFileSync(SOCKET_PATH, "");
       expect(client.isAvailable()).toBe(false);
 
-      // Advance time past the first cooldown (30s)
-      fakeNow += 30_001;
+      // Advance time past the first cooldown (5s)
+      fakeNow += 5_001;
       expect(client.isAvailable()).toBe(true);
 
       // Now start a real broker and verify the client reconnects
@@ -558,8 +558,8 @@ describe("keychain-broker-client", () => {
       const client = createBrokerClient();
       await client.ping();
 
-      // Advance past first cooldown (30s)
-      fakeNow += 30_001;
+      // Advance past first cooldown (5s)
+      fakeNow += 5_001;
 
       // Start broker — reconnection should succeed and reset counters
       const broker = createMockBroker();
@@ -578,15 +578,15 @@ describe("keychain-broker-client", () => {
       rmSync(SOCKET_PATH, { force: true });
 
       // This new failure should start from the beginning of the cooldown
-      // schedule (30s), not escalated.
+      // schedule (5s), not escalated.
       await client.ping();
 
-      // Verify cooldown is back to 30s (not 60s)
+      // Verify cooldown is back to 5s (not 15s)
       writeFileSync(SOCKET_PATH, "");
       expect(client.isAvailable()).toBe(false);
 
-      // 30s should be enough to clear cooldown
-      fakeNow += 30_001;
+      // 5s should be enough to clear cooldown
+      fakeNow += 5_001;
       expect(client.isAvailable()).toBe(true);
     }, 15_000);
 
@@ -594,60 +594,73 @@ describe("keychain-broker-client", () => {
       const client = createBrokerClient();
 
       // First failure round: two attempts (first + immediate retry) ->
-      // consecutiveFailures=2, cooldown index = max(2-2,0) = 0 -> 30s.
+      // consecutiveFailures=2, cooldown index = max(2-2,0) = 0 -> 5s.
       await client.ping();
 
       writeFileSync(SOCKET_PATH, "");
       expect(client.isAvailable()).toBe(false);
 
-      // 30s should clear the first cooldown
-      fakeNow += 30_001;
+      // 5s should clear the first cooldown
+      fakeNow += 5_001;
       expect(client.isAvailable()).toBe(true);
 
       // Remove socket to trigger another failure. After cooldown elapses,
       // ensureConnected clears unavailableSince and tries connect().
       // This failure increments consecutiveFailures to 3 (no immediate retry
       // since consecutiveFailures > 1 after increment).
-      // Cooldown index = max(3-2,0) = 1 -> 60s.
+      // Cooldown index = max(3-2,0) = 1 -> 15s.
       rmSync(SOCKET_PATH, { force: true });
       await client.ping();
 
       writeFileSync(SOCKET_PATH, "");
       expect(client.isAvailable()).toBe(false);
 
-      fakeNow += 30_001;
-      expect(client.isAvailable()).toBe(false); // 30s not enough
+      fakeNow += 5_001;
+      expect(client.isAvailable()).toBe(false); // 5s not enough
 
-      fakeNow += 30_000; // total 60_001ms since this cooldown started
+      fakeNow += 10_000; // total 15_001ms since this cooldown started
       expect(client.isAvailable()).toBe(true);
 
-      // Another failure -> consecutiveFailures=4, index = max(4-2,0) = 2 -> 120s (2min)
+      // Another failure -> consecutiveFailures=4, index = max(4-2,0) = 2 -> 30s
       rmSync(SOCKET_PATH, { force: true });
       await client.ping();
 
       writeFileSync(SOCKET_PATH, "");
       expect(client.isAvailable()).toBe(false);
 
-      fakeNow += 60_001;
+      fakeNow += 15_001;
+      expect(client.isAvailable()).toBe(false);
+
+      fakeNow += 15_000; // total 30_001ms
+      expect(client.isAvailable()).toBe(true);
+
+      // Another failure -> consecutiveFailures=5, index = max(5-2,0) = 3 -> 60s
+      rmSync(SOCKET_PATH, { force: true });
+      await client.ping();
+
+      writeFileSync(SOCKET_PATH, "");
+      expect(client.isAvailable()).toBe(false);
+
+      fakeNow += 30_001;
       expect(client.isAvailable()).toBe(false);
 
-      fakeNow += 60_000; // total 120_001ms
+      fakeNow += 30_000; // total 60_001ms
       expect(client.isAvailable()).toBe(true);
 
-      // Another failure -> consecutiveFailures=5, index = max(5-2,0) = 3 -> 300s (5min)
+      // Another failure -> consecutiveFailures=6, index = min(max(6-2,0), 4) = 4 -> 300s (5min)
       rmSync(SOCKET_PATH, { force: true });
       await client.ping();
 
       writeFileSync(SOCKET_PATH, "");
       expect(client.isAvailable()).toBe(false);
 
-      fakeNow += 120_001;
+      fakeNow += 60_001;
       expect(client.isAvailable()).toBe(false);
 
-      fakeNow += 180_000; // total 300_001ms
+      fakeNow += 240_000; // total 300_001ms
       expect(client.isAvailable()).toBe(true);
 
-      // Another failure -> consecutiveFailures=6, index = min(max(6-2,0), 3) = 3 -> 300s (capped)
+      // Another failure -> consecutiveFailures=7, index = min(max(7-2,0), 4) = 4 -> 300s (capped)
       rmSync(SOCKET_PATH, { force: true });
       await client.ping();
 
@@ -658,4 +671,130 @@ describe("keychain-broker-client", () => {
       expect(client.isAvailable()).toBe(true);
     });
   });
+
+  // -----------------------------------------------------------------------
+  // Connect timeout
+  // -----------------------------------------------------------------------
+  describe("connect timeout", () => {
+    let stopFn: (() => Promise<void>) | null = null;
+
+    beforeEach(() => {
+      writeFileSync(TOKEN_PATH, TEST_TOKEN);
+    });
+
+    afterEach(async () => {
+      if (stopFn) {
+        await stopFn();
+        stopFn = null;
+      }
+    });
+
+    test("rejects connect within 3 seconds when broker is unresponsive", async () => {
+      // Create a server that accepts connections but never responds
+      // (simulates an unresponsive broker process).
+      const activeConns = new Set<import("node:net").Socket>();
+      const server = createServer((conn) => {
+        activeConns.add(conn);
+        conn.on("close", () => activeConns.delete(conn));
+        // Accept connection but do nothing — no data, no close
+      });
+      await new Promise<void>((resolve) => {
+        server.listen(SOCKET_PATH, () => resolve());
+      });
+      stopFn = () =>
+        new Promise<void>((resolve) => {
+          for (const conn of activeConns) conn.destroy();
+          activeConns.clear();
+          server.close(() => resolve());
+        });
+
+      const client = createBrokerClient();
+      const start = Date.now();
+      const result = await client.ping();
+      const elapsed = Date.now() - start;
+
+      // Should return null (graceful fallback) and not hang indefinitely.
+      // The connect timeout is 3s; allow some slack but it should be well
+      // under 10s (the old behavior would hang for REQUEST_TIMEOUT_MS * retries).
+      expect(result).toBeNull();
+      expect(elapsed).toBeLessThan(10_000);
+    }, 15_000);
+
+    test("successful connect clears the connect timer", async () => {
+      // Normal broker that responds to pings — verifies the timer is cleared
+      // and doesn't fire after a successful connection.
+      const broker = createMockBroker();
+      broker.setHandler(() => ({ ok: true, result: { pong: true } }));
+      await broker.start();
+      stopFn = () => broker.stop();
+
+      const client = createBrokerClient();
+      const result = await client.ping();
+      expect(result).toEqual({ pong: true });
+
+      // Wait a bit past the connect timeout to ensure no stale timer fires
+      await new Promise((r) => setTimeout(r, 100));
+
+      // Client should still work fine
+      const result2 = await client.ping();
+      expect(result2).toEqual({ pong: true });
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // Reduced initial cooldown
+  // -----------------------------------------------------------------------
+  describe("reduced initial cooldown", () => {
+    const originalDateNow = Date.now;
+    let fakeNow: number;
+
+    beforeEach(() => {
+      fakeNow = originalDateNow.call(Date);
+      Date.now = () => fakeNow;
+      writeFileSync(TOKEN_PATH, TEST_TOKEN);
+    });
+
+    afterEach(() => {
+      Date.now = originalDateNow;
+    });
+
+    test("first cooldown is 5 seconds, not 30 seconds", async () => {
+      const client = createBrokerClient();
+
+      // Trigger two connection failures (first + immediate retry)
+      await client.ping();
+
+      writeFileSync(SOCKET_PATH, "");
+
+      // Should still be in cooldown at 4 seconds
+      fakeNow += 4_000;
+      expect(client.isAvailable()).toBe(false);
+
+      // Should be available after 5 seconds
+      fakeNow += 1_001;
+      expect(client.isAvailable()).toBe(true);
+    });
+
+    test("second cooldown is 15 seconds", async () => {
+      const client = createBrokerClient();
+
+      // First failure round -> cooldown 5s
+      await client.ping();
+
+      // Clear first cooldown
+      fakeNow += 5_001;
+
+      // Second failure -> cooldown 15s
+      await client.ping();
+
+      writeFileSync(SOCKET_PATH, "");
+      expect(client.isAvailable()).toBe(false);
+
+      fakeNow += 14_000;
+      expect(client.isAvailable()).toBe(false);
+
+      fakeNow += 1_001;
+      expect(client.isAvailable()).toBe(true);
+    });
+  });
 });

package/src/__tests__/memory-jobs-worker-backoff.test.ts

@@ -0,0 +1,150 @@
+/**
+ * Tests for adaptive poll interval backoff in the memory jobs worker.
+ *
+ * Verifies that when no jobs are claimable, the poll interval doubles each
+ * tick (1.5s -> 3s -> 6s -> ... -> 30s cap), and resets to 1.5s when work
+ * is found.
+ */
+import { describe, expect, mock, test } from "bun:test";
+
+// ── Mocks (must precede imports of tested module) ──────────────────
+
+mock.module("../util/platform.js", () => ({
+  getDataDir: () => "/tmp/test-backoff",
+  isMacOS: () => false,
+  isLinux: () => true,
+  isWindows: () => false,
+  getPidPath: () => "/tmp/test-backoff/test.pid",
+  getDbPath: () => "/tmp/test-backoff/test.db",
+  getLogPath: () => "/tmp/test-backoff/test.log",
+  ensureDataDir: () => {},
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+// Mock config — memory disabled so runMemoryJobsOnce returns 0 immediately
+mock.module("../config/loader.js", () => ({
+  getConfig: () => ({
+    memory: { enabled: false },
+  }),
+  loadConfig: () => ({
+    memory: { enabled: false },
+  }),
+}));
+
+// Mock jobs-store (accesses DB)
+mock.module("../memory/jobs-store.js", () => ({
+  resetRunningJobsToPending: () => 0,
+  claimMemoryJobs: () => [],
+  completeMemoryJob: () => {},
+  deferMemoryJob: () => "deferred",
+  failMemoryJob: () => {},
+  failStalledJobs: () => 0,
+  enqueueCleanupStaleSupersededItemsJob: () => null,
+  enqueuePruneOldConversationsJob: () => null,
+}));
+
+// Mock db.js (rawRun used in sweepStaleItems)
+mock.module("../memory/db.js", () => ({
+  rawRun: () => 0,
+}));
+
+import {
+  POLL_INTERVAL_MAX_MS,
+  POLL_INTERVAL_MIN_MS,
+  startMemoryJobsWorker,
+} from "../memory/jobs-worker.js";
+
+describe("memory jobs worker adaptive poll interval", () => {
+  test("exports expected poll interval constants", () => {
+    expect(POLL_INTERVAL_MIN_MS).toBe(1_500);
+    expect(POLL_INTERVAL_MAX_MS).toBe(30_000);
+  });
+
+  test("backoff sequence doubles from min to max then caps", () => {
+    // Verify the math: starting at 1500, doubling each step, capped at 30000
+    const intervals: number[] = [];
+    let current = POLL_INTERVAL_MIN_MS;
+    for (let i = 0; i < 10; i++) {
+      intervals.push(current);
+      current = Math.min(current * 2, POLL_INTERVAL_MAX_MS);
+    }
+    expect(intervals).toEqual([
+      1_500, // tick 1
+      3_000, // tick 2
+      6_000, // tick 3
+      12_000, // tick 4
+      24_000, // tick 5
+      30_000, // tick 6 (capped)
+      30_000, // stays capped
+      30_000,
+      30_000,
+      30_000,
+    ]);
+  });
+
+  test("worker schedules setTimeout with increasing intervals when idle", async () => {
+    const timeoutDelays: number[] = [];
+    const originalSetTimeout = globalThis.setTimeout;
+    const originalClearTimeout = globalThis.clearTimeout;
+
+    // Collect pending timer callbacks so we can fire them manually
+    const pendingCallbacks: Array<() => void> = [];
+
+    globalThis.setTimeout = ((fn: () => void, delay?: number) => {
+      if (delay !== undefined && delay >= POLL_INTERVAL_MIN_MS) {
+        timeoutDelays.push(delay);
+        pendingCallbacks.push(fn);
+      }
+      return 999 as unknown as ReturnType<typeof setTimeout>;
+    }) as typeof setTimeout;
+    globalThis.clearTimeout = (() => {}) as typeof clearTimeout;
+
+    try {
+      const worker = startMemoryJobsWorker();
+
+      // Wait for the initial tick() promise to settle
+      await new Promise((resolve) => originalSetTimeout(resolve, 20));
+
+      // Fire pending timer callbacks to advance through the backoff sequence.
+      // Each callback triggers tick() which is async, so we await a microtask
+      // after each to let the promise chain settle and schedule the next timer.
+      for (let i = 0; i < 6; i++) {
+        const cb = pendingCallbacks.shift();
+        if (cb) {
+          cb();
+          await new Promise((resolve) => originalSetTimeout(resolve, 20));
+        }
+      }
+
+      worker.stop();
+
+      // We should have captured several setTimeout calls with increasing delays
+      expect(timeoutDelays.length).toBeGreaterThanOrEqual(4);
+
+      // Intervals should be non-decreasing (backoff)
+      for (let i = 1; i < timeoutDelays.length; i++) {
+        expect(timeoutDelays[i]).toBeGreaterThanOrEqual(timeoutDelays[i - 1]!);
+      }
+
+      // All intervals within bounds
+      for (const delay of timeoutDelays) {
+        expect(delay).toBeGreaterThanOrEqual(POLL_INTERVAL_MIN_MS);
+        expect(delay).toBeLessThanOrEqual(POLL_INTERVAL_MAX_MS);
+      }
+
+      // Should eventually reach the cap
+      expect(timeoutDelays[timeoutDelays.length - 1]).toBe(
+        POLL_INTERVAL_MAX_MS,
+      );
+    } finally {
+      globalThis.setTimeout = originalSetTimeout;
+      globalThis.clearTimeout = originalClearTimeout;
+    }
+  });
+});

package/src/__tests__/memory-regressions.test.ts

@@ -540,23 +540,13 @@ describe("Memory regressions", () => {
 
   test("memory_save sets verificationState to user_confirmed", async () => {
     const { handleMemorySave } = await import("../tools/memory/handlers.js");
-    const legacyConfig = {
-      ...DEFAULT_CONFIG,
-      memory: {
-        ...DEFAULT_CONFIG.memory,
-        simplified: {
-          ...DEFAULT_CONFIG.memory.simplified,
-          enabled: false,
-        },
-      },
-    };
 
     const result = await handleMemorySave(
       {
         statement: "User explicitly saved this preference",
         kind: "preference",
       },
-      legacyConfig,
+      DEFAULT_CONFIG,
       "conv-verify-save",
       "msg-verify-save",
     );
@@ -573,23 +563,13 @@ describe("Memory regressions", () => {
 
   test("memory_save in different scopes creates separate items", async () => {
     const { handleMemorySave } = await import("../tools/memory/handlers.js");
-    const legacyConfig = {
-      ...DEFAULT_CONFIG,
-      memory: {
-        ...DEFAULT_CONFIG.memory,
-        simplified: {
-          ...DEFAULT_CONFIG.memory.simplified,
-          enabled: false,
-        },
-      },
-    };
 
     const sharedArgs = { statement: "I prefer dark mode", kind: "preference" };
 
     // Save in the default scope
     const r1 = await handleMemorySave(
       sharedArgs,
-      legacyConfig,
+      DEFAULT_CONFIG,
       "conv-scope-1",
       "msg-scope-1",
       "default",
@@ -600,7 +580,7 @@ describe("Memory regressions", () => {
     // Save the identical statement in a private scope
     const r2 = await handleMemorySave(
       sharedArgs,
-      legacyConfig,
+      DEFAULT_CONFIG,
       "conv-scope-2",
       "msg-scope-2",
       "private-abc",
@@ -624,7 +604,7 @@ describe("Memory regressions", () => {
     // Saving the same statement again in default scope should dedup (not create a third)
     const r3 = await handleMemorySave(
       sharedArgs,
-      legacyConfig,
+      DEFAULT_CONFIG,
       "conv-scope-3",
       "msg-scope-3",
       "default",
@@ -3227,9 +3207,8 @@ describe("Memory regressions", () => {
       .filter((j) => JSON.parse(j.payload).messageId === "msg-untrusted-gate");
     expect(extractJobs.length).toBe(0);
 
-    // enqueuedJobs reflects legacy embed_segment + archive embed_chunk per
-    // segment, plus the summary job, with extract_items gated off.
-    const expectedJobs = result.indexedSegments * 2 + 1;
+    // enqueuedJobs should reflect: embed jobs + summary (1), no extract (0)
+    const expectedJobs = result.indexedSegments + 1; // embed per segment + summary
     expect(result.enqueuedJobs).toBe(expectedJobs);
   });
 
@@ -3410,9 +3389,8 @@ describe("Memory regressions", () => {
       .filter((j) => JSON.parse(j.payload).messageId === "msg-unverified-gate");
     expect(extractJobs.length).toBe(0);
 
-    // enqueuedJobs reflects legacy embed_segment + archive embed_chunk per
-    // segment, plus the summary job, with extract_items gated off.
-    const expectedJobs = result.indexedSegments * 2 + 1;
+    // enqueuedJobs should reflect: embed jobs + summary (1), no extract (0)
+    const expectedJobs = result.indexedSegments + 1; // embed per segment + summary
     expect(result.enqueuedJobs).toBe(expectedJobs);
   });
 

package/src/__tests__/migration-export-http.test.ts

@@ -527,9 +527,9 @@ describe("integration: existing routes unaffected", () => {
   });
 
   test("GET /v1/health still works (not intercepted by migration routes)", async () => {
-    const { handleHealth } =
+    const { handleDetailedHealth } =
       await import("../runtime/routes/identity-routes.js");
-    const res = handleHealth();
+    const res = handleDetailedHealth();
     const body = (await res.json()) as Record<string, unknown>;
 
     expect(res.status).toBe(200);

package/src/__tests__/migration-import-commit-http.test.ts

@@ -939,9 +939,9 @@ describe("route policy registration", () => {
 
 describe("integration: existing routes unaffected", () => {
   test("GET /v1/health still works", async () => {
-    const { handleHealth } =
+    const { handleDetailedHealth } =
       await import("../runtime/routes/identity-routes.js");
-    const res = handleHealth();
+    const res = handleDetailedHealth();
     const body = (await res.json()) as Record<string, unknown>;
 
     expect(res.status).toBe(200);

package/src/__tests__/migration-import-preflight-http.test.ts

@@ -792,9 +792,9 @@ describe("route policy registration", () => {
 
 describe("integration: existing routes unaffected", () => {
   test("GET /v1/health still works", async () => {
-    const { handleHealth } =
+    const { handleDetailedHealth } =
       await import("../runtime/routes/identity-routes.js");
-    const res = handleHealth();
+    const res = handleDetailedHealth();
     const body = (await res.json()) as Record<string, unknown>;
 
     expect(res.status).toBe(200);

package/src/__tests__/migration-validate-http.test.ts

@@ -684,9 +684,9 @@ describe("route policy registration", () => {
 
 describe("integration: existing routes unaffected", () => {
   test("GET /v1/health still works (not intercepted by migration routes)", async () => {
-    const { handleHealth } =
+    const { handleDetailedHealth } =
       await import("../runtime/routes/identity-routes.js");
-    const res = handleHealth();
+    const res = handleDetailedHealth();
     const body = (await res.json()) as Record<string, unknown>;
 
     expect(res.status).toBe(200);

package/src/__tests__/non-member-access-request.test.ts

@@ -37,11 +37,6 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-// Mock security check to always pass
-mock.module("../security/secret-ingress.js", () => ({
-  checkIngressForSecrets: () => ({ blocked: false }),
-}));
-
 mock.module("../config/env.js", () => ({
   isHttpAuthDisabled: () => true,
   getGatewayInternalBaseUrl: () => "http://127.0.0.1:7830",

package/src/__tests__/notification-decision-fallback.test.ts

@@ -34,6 +34,10 @@ mock.module("../notifications/conversation-candidates.js", () => ({
   serializeCandidatesForPrompt: () => undefined,
 }));
 
+mock.module("../prompts/persona-resolver.js", () => ({
+  resolveGuardianPersona: () => null,
+}));
+
 let configuredProvider: { sendMessage: () => Promise<unknown> } | null = null;
 let extractedToolUse: unknown = null;
 

package/src/__tests__/notification-decision-identity.test.ts

@@ -36,6 +36,10 @@ mock.module("../notifications/conversation-candidates.js", () => ({
   serializeCandidatesForPrompt: () => undefined,
 }));
 
+mock.module("../prompts/persona-resolver.js", () => ({
+  resolveGuardianPersona: () => null,
+}));
+
 // ── Identity context mock ─────────────────────────────────────────────
 
 let mockIdentityContext: string | null = null;

package/src/__tests__/permission-types.test.ts

@@ -15,6 +15,7 @@ describe("isAllowDecision", () => {
     "always_allow",
     "always_allow_high_risk",
     "temporary_override",
+    "dangerously_skip_permissions",
   ];
 
   for (const decision of allowDecisions) {

package/src/__tests__/provider-managed-proxy-integration.test.ts

@@ -193,13 +193,12 @@ describe("managed proxy integration — credential precedence", () => {
 
       const provider = getProvider("anthropic");
 
-      // Unwrap RetryProvider → LogfireProvider → AnthropicProvider to inspect
-      // the Anthropic SDK client's baseURL. The wrappers use private `inner`
-      // and AnthropicProvider stores the SDK client as private `client`.
+      // Unwrap RetryProvider → AnthropicProvider to inspect the Anthropic
+      // SDK client's baseURL. RetryProvider stores the inner provider as
+      // private `inner` and AnthropicProvider stores the SDK client as
+      // private `client`.
       const retryInner = (provider as any).inner;
-      // retryInner is the logfire wrapper; it also has an `inner` property
-      const logfireInner = (retryInner as any).inner ?? retryInner;
-      const anthropicClient = (logfireInner as any).client;
+      const anthropicClient = (retryInner as any).client;
 
       expect(anthropicClient).toBeDefined();
       const baseURL: string = anthropicClient.baseURL;

package/src/__tests__/qdrant-manager.test.ts

@@ -312,9 +312,10 @@ describe("QdrantManager", () => {
       expect(existsSync(pidPath)).toBe(false);
     }, 10_000);
 
-    test("cleans up when process exits immediately", async () => {
+    test("fails fast with exit code when process exits immediately", async () => {
       const pidPath = join(testDataDir, "qdrant", "qdrant.pid");
 
+      // GIVEN a Qdrant binary that exits immediately with code 1
       placeFakeBinary("#!/bin/sh\nexit 1");
 
       const port = getTestPort();
@@ -323,9 +324,34 @@ describe("QdrantManager", () => {
         ...FAST_TIMEOUTS,
       });
 
-      await expect(mgr.start()).rejects.toThrow("did not become ready");
+      // WHEN we start the manager
+      const startTime = Date.now();
+      await expect(mgr.start()).rejects.toThrow(
+        /exited with code \d+ before becoming ready/,
+      );
+      const elapsed = Date.now() - startTime;
+
+      // THEN it fails fast (well under the 100ms readyz timeout)
+      expect(elapsed).toBeLessThan(FAST_TIMEOUTS.readyzTimeoutMs);
+
+      // AND the PID file is cleaned up
       expect(existsSync(pidPath)).toBe(false);
     }, 10_000);
+
+    test("includes stderr in error when process crashes", async () => {
+      // GIVEN a Qdrant binary that writes to stderr before crashing
+      placeFakeBinary('#!/bin/sh\necho "fatal: storage corrupted" >&2\nexit 1');
+
+      const port = getTestPort();
+      const mgr = new QdrantManager({
+        url: `http://127.0.0.1:${port}`,
+        ...FAST_TIMEOUTS,
+      });
+
+      // WHEN we start the manager
+      // THEN the error includes the stderr output
+      await expect(mgr.start()).rejects.toThrow("storage corrupted");
+    }, 10_000);
   });
 
   // ── Binary Detection ─────────────────────────────────────────