@vellumai/assistant 0.5.6 → 0.5.7

package/src/__tests__/credential-execution-feature-gates.test.ts

@@ -8,9 +8,12 @@
  *   behavior or existing feature flags.
  */
 
-import { describe, expect, test } from "bun:test";
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
 
-import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
+import {
+  _setOverridesForTesting,
+  isAssistantFeatureFlagEnabled,
+} from "../config/assistant-feature-flags.js";
 import type { AssistantConfig } from "../config/schema.js";
 import {
   CES_GRANT_AUDIT_FLAG_KEY,
@@ -25,15 +28,21 @@ import {
   isCesToolsEnabled,
 } from "../credential-execution/feature-gates.js";
 
+beforeEach(() => {
+  _setOverridesForTesting({});
+});
+
+afterEach(() => {
+  _setOverridesForTesting({});
+});
+
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
 
-/** Create a minimal AssistantConfig with optional feature flag values. */
-function makeConfig(flagOverrides?: Record<string, boolean>): AssistantConfig {
-  return {
-    ...(flagOverrides ? { assistantFeatureFlagValues: flagOverrides } : {}),
-  } as AssistantConfig;
+/** Create a minimal AssistantConfig (flag overrides are now set via _setOverridesForTesting). */
+function makeConfig(): AssistantConfig {
+  return {} as AssistantConfig;
 }
 
 /** All CES flag keys for iteration. */
@@ -87,16 +96,16 @@ describe("CES flag key format", () => {
 // ---------------------------------------------------------------------------
 
 describe("CES flags default safely (all disabled)", () => {
-  const config = makeConfig();
-
   for (const { name, fn } of ALL_CES_PREDICATES) {
     test(`${name} returns false with no config overrides`, () => {
+      const config = makeConfig();
       expect(fn(config)).toBe(false);
     });
   }
 
   for (const key of ALL_CES_FLAG_KEYS) {
     test(`isAssistantFeatureFlagEnabled('${key}') returns false with no overrides`, () => {
+      const config = makeConfig();
       expect(isAssistantFeatureFlagEnabled(key, config)).toBe(false);
     });
   }
@@ -109,12 +118,14 @@ describe("CES flags default safely (all disabled)", () => {
 describe("CES flags can be enabled independently", () => {
   for (const { name, fn, key } of ALL_CES_PREDICATES) {
     test(`enabling ${key} makes ${name} return true`, () => {
-      const config = makeConfig({ [key]: true });
+      _setOverridesForTesting({ [key]: true });
+      const config = makeConfig();
       expect(fn(config)).toBe(true);
     });
 
     test(`enabling ${key} does not enable other CES flags`, () => {
-      const config = makeConfig({ [key]: true });
+      _setOverridesForTesting({ [key]: true });
+      const config = makeConfig();
       for (const { fn: otherFn, key: otherKey } of ALL_CES_PREDICATES) {
         if (otherKey === key) continue;
         expect(otherFn(config)).toBe(false);
@@ -130,7 +141,8 @@ describe("CES flags can be enabled independently", () => {
 describe("CES flags respect explicit false overrides", () => {
   for (const { name, fn, key } of ALL_CES_PREDICATES) {
     test(`${name} returns false when explicitly set to false`, () => {
-      const config = makeConfig({ [key]: false });
+      _setOverridesForTesting({ [key]: false });
+      const config = makeConfig();
       expect(fn(config)).toBe(false);
     });
   }
@@ -146,7 +158,8 @@ describe("CES flags do not affect unrelated flags", () => {
     for (const key of ALL_CES_FLAG_KEYS) {
       overrides[key] = true;
     }
-    const config = makeConfig(overrides);
+    _setOverridesForTesting(overrides);
+    const config = makeConfig();
 
     // browser defaults to true in the registry and should stay true
     expect(
@@ -159,7 +172,8 @@ describe("CES flags do not affect unrelated flags", () => {
     for (const key of ALL_CES_FLAG_KEYS) {
       overrides[key] = true;
     }
-    const config = makeConfig(overrides);
+    _setOverridesForTesting(overrides);
+    const config = makeConfig();
 
     // contacts defaults to true in the registry and should stay true
     expect(

package/src/__tests__/credential-execution-managed-contract.test.ts

@@ -26,7 +26,17 @@
  * contracts — no real CES process or socket dependencies are needed.
  */
 
-import { describe, expect, test } from "bun:test";
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
+
+beforeEach(() => {
+  _setOverridesForTesting({});
+});
+
+afterEach(() => {
+  _setOverridesForTesting({});
+});
 
 import {
   CES_PROTOCOL_VERSION,
@@ -58,11 +68,9 @@ import {
 // Helpers
 // ---------------------------------------------------------------------------
 
-/** Create a minimal AssistantConfig with optional feature flag values. */
-function makeConfig(flagOverrides?: Record<string, boolean>): AssistantConfig {
-  return {
-    ...(flagOverrides ? { assistantFeatureFlagValues: flagOverrides } : {}),
-  } as AssistantConfig;
+/** Create a minimal AssistantConfig (flag overrides are now set via _setOverridesForTesting). */
+function makeConfig(): AssistantConfig {
+  return {} as AssistantConfig;
 }
 
 // ---------------------------------------------------------------------------
@@ -444,32 +452,36 @@ describe("feature-flag rollback safety", () => {
   });
 
   test("managed sidecar flag can be explicitly enabled", () => {
-    const config = makeConfig({
+    _setOverridesForTesting({
       "feature_flags.ces-managed-sidecar.enabled": true,
     });
+    const config = makeConfig();
     expect(isCesManagedSidecarEnabled(config)).toBe(true);
   });
 
   test("managed sidecar flag can be explicitly disabled", () => {
-    const config = makeConfig({
+    _setOverridesForTesting({
       "feature_flags.ces-managed-sidecar.enabled": false,
     });
+    const config = makeConfig();
     expect(isCesManagedSidecarEnabled(config)).toBe(false);
   });
 
   test("enabling managed sidecar does not enable CES tools", () => {
-    const config = makeConfig({
+    _setOverridesForTesting({
       "feature_flags.ces-managed-sidecar.enabled": true,
     });
+    const config = makeConfig();
     // CES tools flag should remain independently controlled
     expect(isCesToolsEnabled(config)).toBe(false);
   });
 
   test("disabling managed sidecar does not affect other CES flags", () => {
-    const config = makeConfig({
+    _setOverridesForTesting({
       "feature_flags.ces-managed-sidecar.enabled": false,
       "feature_flags.ces-tools.enabled": true,
     });
+    const config = makeConfig();
     expect(isCesToolsEnabled(config)).toBe(true);
   });
 });
@@ -480,10 +492,11 @@ describe("feature-flag rollback safety", () => {
 
 describe("process manager config wiring", () => {
   test("CesProcessManagerConfig accepts assistantConfig for flag gating", () => {
+    _setOverridesForTesting({
+      "feature_flags.ces-managed-sidecar.enabled": true,
+    });
     const config: CesProcessManagerConfig = {
-      assistantConfig: makeConfig({
-        "feature_flags.ces-managed-sidecar.enabled": true,
-      }),
+      assistantConfig: makeConfig(),
     };
     expect(config.assistantConfig).toBeDefined();
     expect(isCesManagedSidecarEnabled(config.assistantConfig!)).toBe(true);
@@ -491,16 +504,17 @@ describe("process manager config wiring", () => {
 
   test("CesProcessManagerConfig requires assistantConfig for feature-flag gate", () => {
     const config: CesProcessManagerConfig = {
-      assistantConfig: makeConfig({}),
+      assistantConfig: makeConfig(),
     };
     expect(config.assistantConfig).toBeDefined();
   });
 
   test("when flag is off, managed discovery is skipped", () => {
+    _setOverridesForTesting({
+      "feature_flags.ces-managed-sidecar.enabled": false,
+    });
     const config: CesProcessManagerConfig = {
-      assistantConfig: makeConfig({
-        "feature_flags.ces-managed-sidecar.enabled": false,
-      }),
+      assistantConfig: makeConfig(),
     };
     // The managed path should be gated
     expect(isCesManagedSidecarEnabled(config.assistantConfig!)).toBe(false);
@@ -513,9 +527,10 @@ describe("process manager config wiring", () => {
 
 describe("non-CES internal consumers intact when flag is off", () => {
   test("existing non-agent flows are unaffected by managed sidecar flag", () => {
-    const config = makeConfig({
+    _setOverridesForTesting({
       "feature_flags.ces-managed-sidecar.enabled": false,
     });
+    const config = makeConfig();
     expect(isCesManagedSidecarEnabled(config)).toBe(false);
   });
 

package/src/__tests__/credential-security-e2e.test.ts

@@ -10,7 +10,6 @@ const mockConfig = {
     action: "block" as "redact" | "warn" | "block",
     entropyThreshold: 4.0,
     allowOneTimeSend: false,
-    blockIngress: true,
   },
   timeouts: { permissionTimeoutSec: 300 },
 };
@@ -118,8 +117,6 @@ mock.module("../tools/credentials/policy-validate.js", () => ({
 
 // Import modules under test
 const { credentialStoreTool } = await import("../tools/credentials/vault.js");
-const { checkIngressForSecrets } =
-  await import("../security/secret-ingress.js");
 const { isToolAllowed } = await import("../tools/credentials/tool-policy.js");
 const { isDomainAllowed } =
   await import("../tools/credentials/domain-policy.js");
@@ -203,61 +200,6 @@ describe("E2E: secure store and list lifecycle", () => {
   });
 });
 
-// ---------------------------------------------------------------------------
-// E2E Scenario 2 — Secret-in-chat blocked and redirected
-// ---------------------------------------------------------------------------
-
-describe("E2E: secret ingress blocking", () => {
-  beforeEach(() => {
-    mockConfig.secretDetection.enabled = true;
-    mockConfig.secretDetection.action = "block";
-  });
-
-  test("blocks message containing AWS access key", () => {
-    const awsKey = ["AKIA", "IOSFODNN7", "REALKEY"].join("");
-    const check = checkIngressForSecrets(`Here is my key: ${awsKey}`);
-    expect(check.blocked).toBe(true);
-    expect(check.detectedTypes.length).toBeGreaterThan(0);
-    // Notice must never contain the actual secret
-    expect(check.userNotice).toBeDefined();
-    expect(check.userNotice).not.toContain(awsKey);
-  });
-
-  test("blocks message containing GitHub token", () => {
-    const ghToken = ["ghp_", "ABCDEFghijklMN01234567", "89abcdef"].join("");
-    const check = checkIngressForSecrets(`Use this token: ${ghToken}`);
-    expect(check.blocked).toBe(true);
-  });
-
-  test("allows normal text through", () => {
-    const check = checkIngressForSecrets("Please help me configure my project");
-    expect(check.blocked).toBe(false);
-    expect(check.detectedTypes).toEqual([]);
-  });
-
-  test("bypasses when detection is disabled", () => {
-    mockConfig.secretDetection.enabled = false;
-    const awsKey = ["AKIA", "IOSFODNN7", "REALKEY"].join("");
-    const check = checkIngressForSecrets(awsKey);
-    expect(check.blocked).toBe(false);
-  });
-
-  test("bypasses when blockIngress is false", () => {
-    mockConfig.secretDetection.blockIngress = false;
-    const awsKey = ["AKIA", "IOSFODNN7", "REALKEY"].join("");
-    const check = checkIngressForSecrets(awsKey);
-    expect(check.blocked).toBe(false);
-  });
-
-  test("still blocks when action is warn but blockIngress is true", () => {
-    mockConfig.secretDetection.action = "warn";
-    mockConfig.secretDetection.blockIngress = true;
-    const awsKey = ["AKIA", "IOSFODNN7", "REALKEY"].join("");
-    const check = checkIngressForSecrets(awsKey);
-    expect(check.blocked).toBe(true);
-  });
-});
-
 // ---------------------------------------------------------------------------
 // E2E Scenario 3 — One-time send override path
 // ---------------------------------------------------------------------------
@@ -411,12 +353,4 @@ describe("E2E: cross-cutting secret leak prevention", () => {
     );
     expect(result.content).not.toContain(secret);
   });
-
-  test("ingress notice never contains the detected secret", () => {
-    const awsKey = ["AKIA", "IOSFODNN7", "REALKEY"].join("");
-    const check = checkIngressForSecrets(awsKey);
-    expect(check.blocked).toBe(true);
-    expect(check.userNotice).toBeDefined();
-    expect(check.userNotice).not.toContain(awsKey);
-  });
 });

package/src/__tests__/credential-security-invariants.test.ts

@@ -138,45 +138,6 @@ describe("Invariant 1: secrets never enter LLM context", () => {
       });
     }
   }
-
-  // PR 27 — secret ingress block scans inbound messages
-  test("user message containing secret is blocked from entering history", () => {
-    // Mock config to enable block mode
-    mock.module("../config/loader.js", () => ({
-      applyNestedDefaults: (config: unknown) => config,
-      getConfig: () => ({
-        ui: {},
-        secretDetection: {
-          enabled: true,
-          action: "block",
-          blockIngress: true,
-        },
-      }),
-      invalidateConfigCache: () => {},
-      loadConfig: () => ({
-        ui: {},
-        secretDetection: {
-          enabled: true,
-          action: "block",
-          blockIngress: true,
-        },
-      }),
-    }));
-
-    // Re-import to pick up the mock
-    // eslint-disable-next-line @typescript-eslint/no-require-imports
-    const { checkIngressForSecrets } = require("../security/secret-ingress.js");
-
-    // Build a fake AWS key at runtime to avoid pre-commit hook
-    const fakeKey = ["AKIA", "IOSFODNN7", "REALKEY"].join("");
-    const result = checkIngressForSecrets(`My key is ${fakeKey}`);
-
-    expect(result.blocked).toBe(true);
-    expect(result.detectedTypes.length).toBeGreaterThan(0);
-    // User notice must not echo the secret
-    expect(result.userNotice).toBeDefined();
-    expect(result.userNotice).not.toContain(fakeKey);
-  });
 });
 
 // ---------------------------------------------------------------------------
@@ -208,6 +169,7 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "tools/credentials/broker.ts", // brokered credential access
       "tools/network/web-search.ts", // web search API key lookup
       "daemon/handlers/config-telegram.ts", // Telegram bot token management
+      "daemon/handlers/config-vercel.ts", // Vercel API token management
       "runtime/routes/integrations/twilio.ts", // Twilio credential management (HTTP control-plane)
       "security/token-manager.ts", // OAuth token refresh flow
       "email/providers/index.ts", // email provider API key lookup
@@ -216,6 +178,7 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "calls/twilio-config.ts", // call infrastructure credential lookup
       "calls/twilio-provider.ts", // call infrastructure credential lookup
       "calls/twilio-rest.ts", // Twilio REST API credential lookup
+      "calls/fish-audio-client.ts", // Fish Audio TTS API key lookup
       "runtime/channel-invite-transports/telegram.ts", // Telegram invite transport bot token lookup
       "cli/commands/keys.ts", // CLI credential management commands
       "cli/commands/credentials.ts", // CLI credential management commands
@@ -225,6 +188,7 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "messaging/providers/slack/adapter.ts", // Slack bot token lookup for Socket Mode connectivity check
       "daemon/handlers/config-slack-channel.ts", // Slack channel config credential management
       "providers/managed-proxy/context.ts", // managed proxy API key lookup for provider initialization
+      "platform/client.ts", // platform client keychain fallback for standalone CLI auth
       "mcp/mcp-oauth-provider.ts", // MCP OAuth token/client/discovery persistence
       "runtime/routes/integrations/slack/share.ts", // Slack share routes credential lookup
       "mcp/client.ts", // MCP client cached-token lookup
@@ -237,7 +201,6 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "cli/commands/oauth/connections.ts", // CLI OAuth connection delete (legacy credential cleanup)
       "oauth/manual-token-connection.ts", // manual-token provider backfill (keychain credential existence check)
       "cli/commands/doctor.ts", // CLI diagnostic API key verification via secure storage
-      "swarm/backend-claude-code.ts", // Claude Code swarm backend API key lookup
       "workspace/provider-commit-message-generator.ts", // commit message generation provider key lookup
       "config/bundled-skills/transcribe/tools/transcribe-media.ts", // transcription tool API key lookup
       "config/bundled-skills/image-studio/tools/media-generate-image.ts", // image generation tool API key lookup
@@ -249,13 +212,13 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "media/avatar-router.ts", // avatar generation API key lookup
       "memory/embedding-backend.ts", // embedding backend API key lookup
       "daemon/providers-setup.ts", // provider initialization API key lookup
-      "tools/claude-code/claude-code.ts", // Claude Code tool API key lookup
       "workspace/migrations/006-services-config.ts", // services config migration reads provider API keys
       "cli/commands/avatar.ts", // CLI avatar generation API key lookup
       "config/bundled-skills/slack/tools/shared.ts", // Slack skill bot token lookup
       "daemon/conversation-process.ts", // masked provider key display
       "daemon/handlers/config-model.ts", // masked provider key display
       "providers/speech-to-text/resolve.ts", // STT provider API key lookup
+      "daemon/lifecycle.ts", // CES client injection into secure-keys at startup
     ]);
 
     const thisDir = dirname(fileURLToPath(import.meta.url));
@@ -613,10 +576,6 @@ describe("One-time send override", () => {
   test("default secretDetection.action is redact", () => {
     expect(DEFAULT_CONFIG.secretDetection.action).toBe("redact");
   });
-
-  test("default secretDetection.blockIngress is true", () => {
-    expect(DEFAULT_CONFIG.secretDetection.blockIngress).toBe(true);
-  });
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/credentials-cli.test.ts

@@ -12,6 +12,7 @@ import type { CredentialMetadata } from "../tools/credentials/metadata-store.js"
 let secureKeyStore = new Map<string, string>();
 let metadataStore: CredentialMetadata[] = [];
 let idCounter = 0;
+let mockBrokerUnreachable = false;
 
 function nextUUID(): string {
   idCounter += 1;
@@ -45,6 +46,12 @@ mock.module("../security/secure-keys.js", () => ({
   getSecureKeyAsync: async (account: string): Promise<string | undefined> => {
     return secureKeyStore.get(account);
   },
+  getSecureKeyResultAsync: async (
+    account: string,
+  ): Promise<{ value: string | undefined; unreachable: boolean }> => ({
+    value: secureKeyStore.get(account),
+    unreachable: mockBrokerUnreachable,
+  }),
   _resetBackend: (): void => {},
 }));
 
@@ -264,6 +271,7 @@ describe("assistant credentials CLI", () => {
     secureKeyStore = new Map();
     metadataStore = [];
     idCounter = 0;
+    mockBrokerUnreachable = false;
     disconnectOAuthProviderCalls = [];
     disconnectOAuthProviderResult = "not-found";
     process.exitCode = 0;
@@ -870,6 +878,42 @@ describe("assistant credentials CLI", () => {
       expect(parsed.hasSecret).toBe(false);
       expect(parsed.scrubbedValue).toBe("(not set)");
     });
+
+    test("shows broker unreachable when metadata exists but broker is down", async () => {
+      seedMetadataOnly("twilio", "account_sid");
+      mockBrokerUnreachable = true;
+
+      const result = await runCli([
+        "inspect",
+        "--service",
+        "twilio",
+        "--field",
+        "account_sid",
+        "--json",
+      ]);
+      expect(result.exitCode).toBe(0);
+      const parsed = JSON.parse(result.stdout);
+      expect(parsed.ok).toBe(true);
+      expect(parsed.scrubbedValue).toBe("(broker unreachable)");
+      expect(parsed.brokerUnreachable).toBe(true);
+    });
+
+    test("shows unreachable error when no metadata and broker is down", async () => {
+      mockBrokerUnreachable = true;
+
+      const result = await runCli([
+        "inspect",
+        "--service",
+        "nonexistent",
+        "--field",
+        "field",
+        "--json",
+      ]);
+      expect(result.exitCode).toBe(1);
+      const parsed = JSON.parse(result.stdout);
+      expect(parsed.ok).toBe(false);
+      expect(parsed.error).toContain("Keychain broker is unreachable");
+    });
   });
 
   // =========================================================================
@@ -969,6 +1013,40 @@ describe("assistant credentials CLI", () => {
       expect(parsed.ok).toBe(false);
       expect(parsed.error).toContain("not found");
     });
+
+    test("returns unreachable error when broker is down", async () => {
+      mockBrokerUnreachable = true;
+
+      const result = await runCli([
+        "reveal",
+        "--service",
+        "twilio",
+        "--field",
+        "auth_token",
+        "--json",
+      ]);
+      expect(result.exitCode).toBe(1);
+      const parsed = JSON.parse(result.stdout);
+      expect(parsed.ok).toBe(false);
+      expect(parsed.error).toContain("Keychain broker is unreachable");
+    });
+
+    test("returns credential-not-found when broker is up", async () => {
+      mockBrokerUnreachable = false;
+
+      const result = await runCli([
+        "reveal",
+        "--service",
+        "twilio",
+        "--field",
+        "nonexistent",
+        "--json",
+      ]);
+      expect(result.exitCode).toBe(1);
+      const parsed = JSON.parse(result.stdout);
+      expect(parsed.ok).toBe(false);
+      expect(parsed.error).toBe("Credential not found");
+    });
   });
 
   // =========================================================================