npm - @vellumai/assistant - Versions diffs - 0.5.6 → 0.5.8 - Mend

@vellumai/assistant 0.5.6 → 0.5.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (442) hide show

package/.env.example +16 -2
package/ARCHITECTURE.md +6 -75
package/Dockerfile +3 -2
package/README.md +0 -2
package/bun.lock +0 -414
package/docker-entrypoint.sh +9 -0
package/docs/architecture/keychain-broker.md +45 -240
package/docs/architecture/memory.md +13 -11
package/docs/architecture/security.md +0 -17
package/docs/credential-execution-service.md +2 -2
package/node_modules/@vellumai/ces-contracts/package.json +1 -0
package/node_modules/@vellumai/ces-contracts/src/error.ts +1 -1
package/node_modules/@vellumai/ces-contracts/src/grants.ts +1 -1
package/node_modules/@vellumai/ces-contracts/src/handles.ts +1 -1
package/node_modules/@vellumai/ces-contracts/src/index.ts +1 -1
package/node_modules/@vellumai/ces-contracts/src/rpc.ts +120 -1
package/node_modules/@vellumai/credential-storage/package.json +1 -0
package/node_modules/@vellumai/egress-proxy/package.json +1 -0
package/package.json +2 -3
package/src/__tests__/actor-token-service.test.ts +0 -114
package/src/__tests__/approval-cascade.test.ts +0 -1
package/src/__tests__/assistant-feature-flags-integration.test.ts +30 -29
package/src/__tests__/browser-fill-credential.test.ts +1 -1
package/src/__tests__/browser-skill-endstate.test.ts +6 -5
package/src/__tests__/btw-routes.test.ts +0 -39
package/src/__tests__/call-controller.test.ts +0 -1
package/src/__tests__/call-domain.test.ts +0 -128
package/src/__tests__/ces-rpc-credential-backend.test.ts +199 -0
package/src/__tests__/ces-startup-timeout.test.ts +40 -0
package/src/__tests__/channel-approval-routes.test.ts +0 -5
package/src/__tests__/channel-readiness-service.test.ts +1 -60
package/src/__tests__/checker.test.ts +4 -2
package/src/__tests__/cli-command-risk-guard.test.ts +112 -0
package/src/__tests__/config-schema-cmd.test.ts +0 -2
package/src/__tests__/config-schema.test.ts +3 -1
package/src/__tests__/conversation-abort-tool-results.test.ts +0 -1
package/src/__tests__/conversation-agent-loop-overflow.test.ts +0 -2
package/src/__tests__/conversation-agent-loop.test.ts +2 -4
package/src/__tests__/conversation-attention-telegram.test.ts +0 -5
package/src/__tests__/conversation-confirmation-signals.test.ts +0 -1
package/src/__tests__/conversation-error.test.ts +15 -1
package/src/__tests__/conversation-init.benchmark.test.ts +0 -2
package/src/__tests__/conversation-messaging-secret-redirect.test.ts +1 -1
package/src/__tests__/conversation-pre-run-repair.test.ts +0 -1
package/src/__tests__/conversation-provider-retry-repair.test.ts +0 -1
package/src/__tests__/conversation-queue.test.ts +0 -1
package/src/__tests__/conversation-skill-tools.test.ts +0 -54
package/src/__tests__/conversation-slash-queue.test.ts +0 -1
package/src/__tests__/conversation-slash-unknown.test.ts +0 -1
package/src/__tests__/conversation-title-service.test.ts +87 -0
package/src/__tests__/conversation-workspace-injection.test.ts +0 -1
package/src/__tests__/conversation-workspace-tool-tracking.test.ts +0 -1
package/src/__tests__/credential-execution-client.test.ts +5 -2
package/src/__tests__/credential-execution-feature-gates.test.ts +59 -30
package/src/__tests__/credential-execution-managed-contract.test.ts +35 -20
package/src/__tests__/credential-security-e2e.test.ts +1 -67
package/src/__tests__/credential-security-invariants.test.ts +6 -50
package/src/__tests__/credentials-cli.test.ts +82 -3
package/src/__tests__/daemon-credential-client.test.ts +123 -0
package/src/__tests__/db-migration-rollback.test.ts +2015 -1
package/src/__tests__/deterministic-verification-control-plane.test.ts +1 -0
package/src/__tests__/docker-signing-key-bootstrap.test.ts +34 -143
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +6 -4
package/src/__tests__/gateway-client-managed-outbound.test.ts +79 -1
package/src/__tests__/guardian-routing-state.test.ts +0 -5
package/src/__tests__/host-shell-tool.test.ts +6 -7
package/src/__tests__/http-user-message-parity.test.ts +3 -103
package/src/__tests__/inbound-invite-redemption.test.ts +0 -4
package/src/__tests__/inline-skill-load-permissions.test.ts +6 -8
package/src/__tests__/intent-routing.test.ts +0 -13
package/src/__tests__/jobs-store-qdrant-breaker.test.ts +178 -0
package/src/__tests__/journal-context.test.ts +335 -0
package/src/__tests__/keychain-broker-client.test.ts +161 -22
package/src/__tests__/memory-context-benchmark.benchmark.test.ts +0 -3
package/src/__tests__/memory-jobs-worker-backoff.test.ts +150 -0
package/src/__tests__/memory-lifecycle-e2e.test.ts +70 -25
package/src/__tests__/memory-recall-quality.test.ts +48 -17
package/src/__tests__/memory-regressions.test.ts +408 -363
package/src/__tests__/memory-retrieval.benchmark.test.ts +0 -3
package/src/__tests__/migration-export-http.test.ts +2 -2
package/src/__tests__/migration-import-commit-http.test.ts +2 -2
package/src/__tests__/migration-import-preflight-http.test.ts +2 -2
package/src/__tests__/migration-validate-http.test.ts +2 -2
package/src/__tests__/non-member-access-request.test.ts +2 -7
package/src/__tests__/notification-decision-fallback.test.ts +4 -0
package/src/__tests__/notification-decision-identity.test.ts +4 -0
package/src/__tests__/notification-decision-strategy.test.ts +71 -0
package/src/__tests__/oauth-cli.test.ts +5 -1
package/src/__tests__/permission-types.test.ts +1 -0
package/src/__tests__/provider-commit-message-generator.test.ts +0 -37
package/src/__tests__/provider-error-scenarios.test.ts +0 -267
package/src/__tests__/provider-managed-proxy-integration.test.ts +5 -6
package/src/__tests__/provider-streaming.benchmark.test.ts +2 -81
package/src/__tests__/qdrant-manager.test.ts +28 -2
package/src/__tests__/registry.test.ts +0 -6
package/src/__tests__/relay-server.test.ts +1 -2
package/src/__tests__/runtime-attachment-metadata.test.ts +0 -4
package/src/__tests__/script-proxy-injection-runtime.test.ts +1 -1
package/src/__tests__/secret-onetime-send.test.ts +1 -1
package/src/__tests__/secret-routes-managed-proxy.test.ts +0 -4
package/src/__tests__/secure-keys.test.ts +95 -272
package/src/__tests__/shell-identity.test.ts +96 -6
package/src/__tests__/skill-feature-flags-integration.test.ts +22 -14
package/src/__tests__/skill-feature-flags.test.ts +46 -45
package/src/__tests__/skill-load-feature-flag.test.ts +7 -10
package/src/__tests__/skill-load-inline-command.test.ts +8 -12
package/src/__tests__/skill-load-inline-includes.test.ts +6 -10
package/src/__tests__/skill-load-tool.test.ts +0 -2
package/src/__tests__/skill-memory.test.ts +17 -3
package/src/__tests__/skill-projection-feature-flag.test.ts +33 -29
package/src/__tests__/skills.test.ts +0 -2
package/src/__tests__/slack-inbound-verification.test.ts +0 -4
package/src/__tests__/stale-approval-dedup.test.ts +171 -0
package/src/__tests__/stt-hints.test.ts +437 -0
package/src/__tests__/suggestion-routes.test.ts +1 -32
package/src/__tests__/system-prompt.test.ts +0 -1
package/src/__tests__/task-memory-cleanup.test.ts +14 -0
package/src/__tests__/tool-executor-shell-integration.test.ts +5 -3
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +0 -5
package/src/__tests__/trusted-contact-multichannel.test.ts +0 -4
package/src/__tests__/twilio-routes-twiml.test.ts +139 -1
package/src/__tests__/update-bulletin.test.ts +0 -2
package/src/__tests__/vellum-self-knowledge-inline-command.test.ts +6 -9
package/src/__tests__/voice-quality.test.ts +58 -0
package/src/__tests__/voice-scoped-grant-consumer.test.ts +0 -7
package/src/__tests__/workspace-migration-015-migrate-credentials-to-keychain.test.ts +252 -0
package/src/__tests__/workspace-migration-016-migrate-credentials-from-keychain.test.ts +220 -0
package/src/__tests__/workspace-migration-down-functions.test.ts +1009 -0
package/src/__tests__/workspace-migrations-runner.test.ts +114 -0
package/src/acp/agent-process.ts +9 -1
package/src/agent/loop.ts +1 -1
package/src/approvals/guardian-request-resolvers.ts +164 -38
package/src/calls/__tests__/tts-text-sanitizer.test.ts +254 -0
package/src/calls/audio-store.test.ts +97 -0
package/src/calls/audio-store.ts +205 -0
package/src/calls/call-controller.ts +90 -8
package/src/calls/call-domain.ts +3 -0
package/src/calls/call-store.ts +10 -3
package/src/calls/fish-audio-client.ts +129 -0
package/src/calls/relay-server.ts +27 -0
package/src/calls/stt-hints.ts +189 -0
package/src/calls/tts-text-sanitizer.ts +61 -0
package/src/calls/twilio-routes.ts +34 -5
package/src/calls/types.ts +1 -0
package/src/calls/voice-ingress-preflight.ts +0 -42
package/src/calls/voice-quality.ts +38 -5
package/src/calls/voice-session-bridge.ts +7 -12
package/src/cli/commands/avatar.ts +2 -2
package/src/cli/commands/config.ts +1 -4
package/src/cli/commands/credentials.ts +128 -82
package/src/cli/commands/doctor.ts +2 -2
package/src/cli/commands/keys.ts +7 -7
package/src/cli/commands/memory.ts +1 -1
package/src/cli/commands/oauth/connections.ts +11 -29
package/src/cli/commands/oauth/index.ts +7 -0
package/src/cli/commands/oauth/platform.ts +525 -0
package/src/cli/commands/platform.ts +3 -3
package/src/cli/lib/daemon-credential-client.ts +284 -0
package/src/cli.ts +1 -1
package/src/config/assistant-feature-flags.ts +186 -5
package/src/config/bundled-skills/AGENTS.md +34 -0
package/src/config/bundled-skills/acp/SKILL.md +10 -0
package/src/config/bundled-skills/app-builder/SKILL.md +0 -4
package/src/config/bundled-skills/messaging/SKILL.md +5 -5
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +2 -2
package/src/config/bundled-skills/phone-calls/TOOLS.json +4 -0
package/src/config/bundled-skills/playbooks/tools/playbook-create.ts +1 -0
package/src/config/bundled-skills/playbooks/tools/playbook-update.ts +1 -0
package/src/config/bundled-skills/settings/SKILL.md +15 -2
package/src/config/bundled-skills/settings/TOOLS.json +47 -2
package/src/config/bundled-skills/settings/tools/avatar-remove.ts +59 -0
package/src/config/bundled-skills/settings/tools/avatar-update.ts +80 -0
package/src/config/bundled-skills/settings/tools/voice-config-update.ts +42 -0
package/src/config/bundled-skills/slack/SKILL.md +1 -1
package/src/config/bundled-tool-registry.ts +5 -11
package/src/config/defaults.ts +0 -2
package/src/config/env-registry.ts +5 -5
package/src/config/env.ts +21 -14
package/src/config/feature-flag-registry.json +49 -9
package/src/config/loader.ts +106 -42
package/src/config/schema.ts +9 -29
package/src/config/schemas/calls.ts +30 -0
package/src/config/schemas/fish-audio.ts +39 -0
package/src/config/schemas/inference.ts +2 -2
package/src/config/schemas/journal.ts +16 -0
package/src/config/schemas/memory-processing.ts +2 -2
package/src/config/schemas/security.ts +0 -4
package/src/config/types.ts +1 -1
package/src/contacts/contact-store.ts +39 -0
package/src/contacts/types.ts +2 -0
package/src/credential-execution/approval-bridge.ts +1 -0
package/src/credential-execution/executable-discovery.ts +28 -4
package/src/credential-execution/feature-gates.ts +16 -0
package/src/credential-execution/process-manager.ts +38 -0
package/src/credential-execution/startup-timeout.ts +36 -0
package/src/daemon/approval-generators.ts +3 -9
package/src/daemon/assistant-attachments.ts +9 -0
package/src/daemon/config-watcher.ts +5 -0
package/src/daemon/conversation-error.ts +13 -1
package/src/daemon/conversation-memory.ts +1 -2
package/src/daemon/conversation-process.ts +18 -1
package/src/daemon/conversation-surfaces.ts +30 -1
package/src/daemon/conversation-tool-setup.ts +0 -105
package/src/daemon/conversation.ts +21 -1
package/src/daemon/guardian-action-generators.ts +3 -9
package/src/daemon/handlers/config-vercel.ts +92 -0
package/src/daemon/handlers/skills.ts +2 -15
package/src/daemon/install-symlink.ts +195 -0
package/src/daemon/lifecycle.ts +234 -51
package/src/daemon/message-types/conversations.ts +4 -4
package/src/daemon/message-types/diagnostics.ts +3 -22
package/src/daemon/message-types/messages.ts +0 -2
package/src/daemon/message-types/upgrades.ts +8 -0
package/src/daemon/server.ts +32 -95
package/src/events/domain-events.ts +2 -1
package/src/inbound/platform-callback-registration.ts +3 -3
package/src/instrument.ts +8 -5
package/src/memory/app-store.ts +31 -0
package/src/memory/conversation-title-service.ts +50 -1
package/src/memory/db-init.ts +16 -0
package/src/memory/indexer.ts +19 -10
package/src/memory/items-extractor.ts +328 -321
package/src/memory/job-handlers/conversation-starters.ts +4 -1
package/src/memory/job-handlers/summarization.ts +26 -16
package/src/memory/jobs-store.ts +63 -6
package/src/memory/jobs-worker.ts +31 -7
package/src/memory/journal-memory.ts +214 -0
package/src/memory/migrations/001-job-deferrals.ts +19 -0
package/src/memory/migrations/004-entity-relation-dedup.ts +10 -0
package/src/memory/migrations/005-fingerprint-scope-unique.ts +76 -0
package/src/memory/migrations/006-scope-salted-fingerprints.ts +50 -0
package/src/memory/migrations/007-assistant-id-to-self.ts +10 -0
package/src/memory/migrations/008-remove-assistant-id-columns.ts +34 -0
package/src/memory/migrations/009-llm-usage-events-drop-assistant-id.ts +26 -0
package/src/memory/migrations/014-backfill-inbox-thread-state.ts +10 -0
package/src/memory/migrations/015-drop-active-search-index.ts +17 -0
package/src/memory/migrations/019-notification-tables-schema-migration.ts +12 -0
package/src/memory/migrations/020-rename-macos-ios-channel-to-vellum.ts +121 -0
package/src/memory/migrations/024-embedding-vector-blob.ts +74 -0
package/src/memory/migrations/026a-embeddings-nullable-vector-json.ts +82 -0
package/src/memory/migrations/036-normalize-phone-identities.ts +11 -0
package/src/memory/migrations/116-messages-fts.ts +106 -1
package/src/memory/migrations/126-backfill-guardian-principal-id.ts +52 -0
package/src/memory/migrations/127-guardian-principal-id-not-null.ts +77 -0
package/src/memory/migrations/134-contacts-notes-column.ts +13 -0
package/src/memory/migrations/135-backfill-contact-interaction-stats.ts +20 -0
package/src/memory/migrations/136-drop-assistant-id-columns.ts +52 -0
package/src/memory/migrations/140-backfill-usage-cache-accounting.ts +13 -0
package/src/memory/migrations/141-rename-verification-table.ts +54 -0
package/src/memory/migrations/142-rename-verification-session-id-column.ts +25 -0
package/src/memory/migrations/143-rename-guardian-verification-values.ts +35 -0
package/src/memory/migrations/144-rename-voice-to-phone.ts +136 -0
package/src/memory/migrations/145-drop-accounts-table.ts +32 -0
package/src/memory/migrations/147-migrate-reminders-to-schedules.ts +14 -1
package/src/memory/migrations/148-drop-reminders-table.ts +35 -1
package/src/memory/migrations/150-oauth-apps-client-secret-path.ts +69 -1
package/src/memory/migrations/162-guardian-timestamps-epoch-ms.ts +290 -0
package/src/memory/migrations/169-rename-gmail-provider-key-to-google.ts +51 -1
package/src/memory/migrations/174-rename-thread-starters-table.ts +47 -1
package/src/memory/migrations/176-drop-capability-card-state.ts +13 -0
package/src/memory/migrations/180-backfill-inline-attachments-to-disk.ts +16 -0
package/src/memory/migrations/181-rename-thread-starters-checkpoints.ts +28 -1
package/src/memory/migrations/190-call-session-skip-disclosure.ts +15 -0
package/src/memory/migrations/191-backfill-audio-attachment-mime-types.ts +64 -0
package/src/memory/migrations/192-contacts-user-file-column.ts +15 -0
package/src/memory/migrations/193-add-source-type-columns.ts +81 -0
package/src/memory/migrations/index.ts +5 -0
package/src/memory/migrations/registry.ts +98 -0
package/src/memory/migrations/validate-migration-state.ts +137 -11
package/src/memory/qdrant-circuit-breaker.ts +9 -0
package/src/memory/qdrant-manager.ts +64 -7
package/src/memory/retriever.test.ts +37 -25
package/src/memory/retriever.ts +24 -49
package/src/memory/schema/calls.ts +1 -0
package/src/memory/schema/contacts.ts +1 -0
package/src/memory/schema/memory-core.ts +2 -0
package/src/memory/search/formatting.ts +7 -44
package/src/memory/search/staleness.ts +4 -0
package/src/memory/search/tier-classifier.ts +10 -2
package/src/memory/search/types.ts +2 -5
package/src/memory/task-memory-cleanup.ts +4 -3
package/src/notifications/adapters/slack.ts +168 -6
package/src/notifications/broadcaster.ts +1 -0
package/src/notifications/copy-composer.ts +59 -2
package/src/notifications/decision-engine.ts +4 -1
package/src/notifications/signal.ts +2 -0
package/src/notifications/types.ts +2 -0
package/src/oauth/connection-resolver.ts +6 -4
package/src/permissions/checker.ts +0 -38
package/src/permissions/shell-identity.ts +76 -22
package/src/permissions/types.ts +4 -2
package/src/platform/client.ts +35 -7
package/src/prompts/journal-context.ts +133 -0
package/src/prompts/persona-resolver.ts +194 -0
package/src/prompts/system-prompt.ts +44 -4
package/src/prompts/templates/SOUL.md +10 -0
package/src/prompts/templates/users/default.md +1 -0
package/src/providers/provider-send-message.ts +3 -32
package/src/providers/registry.ts +29 -179
package/src/providers/types.ts +1 -1
package/src/runtime/access-request-helper.ts +4 -0
package/src/runtime/auth/__tests__/credential-service.test.ts +0 -1
package/src/runtime/auth/__tests__/external-assistant-id.test.ts +13 -68
package/src/runtime/auth/__tests__/guard-tests.test.ts +9 -50
package/src/runtime/auth/external-assistant-id.ts +13 -59
package/src/runtime/auth/route-policy.ts +17 -1
package/src/runtime/auth/token-service.ts +43 -138
package/src/runtime/channel-readiness-service.ts +1 -16
package/src/runtime/gateway-client.ts +47 -4
package/src/runtime/guardian-decision-types.ts +45 -4
package/src/runtime/http-server.ts +31 -3
package/src/runtime/middleware/error-handler.ts +1 -9
package/src/runtime/routes/access-request-decision.ts +2 -2
package/src/runtime/routes/app-management-routes.ts +2 -1
package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +219 -30
package/src/runtime/routes/approval-strategies/guardian-text-engine-strategy.ts +37 -14
package/src/runtime/routes/audio-routes.ts +40 -0
package/src/runtime/routes/btw-routes.ts +0 -17
package/src/runtime/routes/channel-readiness-routes.ts +9 -4
package/src/runtime/routes/conversation-query-routes.ts +63 -1
package/src/runtime/routes/conversation-routes.ts +4 -44
package/src/runtime/routes/debug-routes.ts +12 -9
package/src/runtime/routes/diagnostics-routes.ts +1 -477
package/src/runtime/routes/guardian-approval-interception.ts +168 -11
package/src/runtime/routes/guardian-approval-prompt.ts +6 -1
package/src/runtime/routes/guardian-approval-reply-helpers.ts +103 -21
package/src/runtime/routes/identity-routes.ts +19 -30
package/src/runtime/routes/inbound-message-handler.ts +31 -1
package/src/runtime/routes/inbound-stages/acl-enforcement.ts +64 -5
package/src/runtime/routes/inbound-stages/background-dispatch.ts +52 -40
package/src/runtime/routes/inbound-stages/secret-ingress-check.ts +4 -33
package/src/runtime/routes/inbound-stages/transcribe-audio.test.ts +1 -1
package/src/runtime/routes/integrations/twilio.ts +52 -10
package/src/runtime/routes/integrations/vercel.ts +89 -0
package/src/runtime/routes/log-export-routes.ts +5 -0
package/src/runtime/routes/memory-item-routes.test.ts +3 -3
package/src/runtime/routes/memory-item-routes.ts +46 -14
package/src/runtime/routes/migration-rollback-routes.ts +209 -0
package/src/runtime/routes/migration-routes.ts +17 -1
package/src/runtime/routes/notification-routes.ts +58 -0
package/src/runtime/routes/schedule-routes.ts +65 -0
package/src/runtime/routes/secret-routes.ts +141 -10
package/src/runtime/routes/settings-routes.ts +41 -1
package/src/runtime/routes/tts-routes.ts +96 -0
package/src/runtime/routes/upgrade-broadcast-routes.ts +26 -2
package/src/runtime/routes/workspace-commit-routes.ts +62 -0
package/src/runtime/routes/workspace-routes.test.ts +22 -1
package/src/runtime/routes/workspace-routes.ts +1 -1
package/src/runtime/routes/workspace-utils.ts +86 -2
package/src/security/ces-credential-client.ts +75 -29
package/src/security/ces-rpc-credential-backend.ts +86 -0
package/src/security/credential-backend.ts +22 -92
package/src/security/keychain-broker-client.ts +10 -2
package/src/security/secure-keys.ts +113 -115
package/src/skills/catalog-install.ts +6 -32
package/src/skills/skill-memory.ts +1 -0
package/src/subagent/manager.ts +2 -5
package/src/telemetry/usage-telemetry-reporter.ts +4 -2
package/src/tools/acp/spawn.ts +78 -1
package/src/tools/calls/call-start.ts +1 -0
package/src/tools/credentials/vault.ts +5 -3
package/src/tools/executor.ts +0 -4
package/src/tools/memory/definitions.ts +3 -2
package/src/tools/memory/handlers.ts +10 -7
package/src/tools/network/script-proxy/session-manager.ts +19 -4
package/src/tools/network/web-fetch.ts +3 -1
package/src/tools/skills/execute.ts +1 -1
package/src/tools/terminal/safe-env.ts +1 -0
package/src/tools/types.ts +0 -8
package/src/util/browser.ts +15 -0
package/src/util/errors.ts +0 -12
package/src/util/platform.ts +4 -51
package/src/workspace/git-service.ts +5 -2
package/src/workspace/migrations/001-avatar-rename.ts +15 -0
package/src/workspace/migrations/003-seed-device-id.ts +17 -1
package/src/workspace/migrations/004-extract-collect-usage-data.ts +33 -0
package/src/workspace/migrations/005-add-send-diagnostics.ts +3 -0
package/src/workspace/migrations/006-services-config.ts +49 -0
package/src/workspace/migrations/007-web-search-provider-rename.ts +27 -0
package/src/workspace/migrations/008-voice-timeout-and-max-steps.ts +3 -0
package/src/workspace/migrations/009-backfill-conversation-disk-view.ts +4 -0
package/src/workspace/migrations/010-app-dir-rename.ts +78 -0
package/src/workspace/migrations/011-backfill-installation-id.ts +11 -0
package/src/workspace/migrations/012-rename-conversation-disk-view-dirs.ts +44 -0
package/src/workspace/migrations/013-repair-conversation-disk-view.ts +5 -0
package/src/workspace/migrations/015-migrate-credentials-to-keychain.ts +153 -0
package/src/workspace/migrations/016-extract-feature-flags-to-protected.ts +156 -0
package/src/workspace/migrations/016-migrate-credentials-from-keychain.ts +150 -0
package/src/workspace/migrations/017-seed-persona-dirs.ts +96 -0
package/src/workspace/migrations/018-rekey-compound-credential-keys.ts +184 -0
package/src/workspace/migrations/019-scope-journal-to-guardian.ts +103 -0
package/src/workspace/migrations/migrate-to-workspace-volume.ts +27 -5
package/src/workspace/migrations/registry.ts +12 -0
package/src/workspace/migrations/runner.ts +106 -2
package/src/workspace/migrations/types.ts +4 -0
package/src/workspace/provider-commit-message-generator.ts +12 -21
package/src/__tests__/claude-code-skill-regression.test.ts +0 -206
package/src/__tests__/claude-code-tool-profiles.test.ts +0 -99
package/src/__tests__/diagnostics-export.test.ts +0 -288
package/src/__tests__/local-gateway-health.test.ts +0 -209
package/src/__tests__/provider-fail-open-selection.test.ts +0 -271
package/src/__tests__/provider-failover-actual-provider.test.ts +0 -66
package/src/__tests__/secret-ingress-handler.test.ts +0 -120
package/src/__tests__/swarm-conversation-integration.test.ts +0 -358
package/src/__tests__/swarm-dag-pathological.test.ts +0 -547
package/src/__tests__/swarm-orchestrator.test.ts +0 -463
package/src/__tests__/swarm-plan-validator.test.ts +0 -384
package/src/__tests__/swarm-recursion.test.ts +0 -197
package/src/__tests__/swarm-router-planner.test.ts +0 -234
package/src/__tests__/swarm-tool.test.ts +0 -185
package/src/__tests__/swarm-worker-backend.test.ts +0 -144
package/src/__tests__/swarm-worker-runner.test.ts +0 -288
package/src/commands/__tests__/cc-command-registry.test.ts +0 -396
package/src/commands/cc-command-registry.ts +0 -248
package/src/config/bundled-skills/claude-code/SKILL.md +0 -53
package/src/config/bundled-skills/claude-code/TOOLS.json +0 -47
package/src/config/bundled-skills/claude-code/tools/claude-code.ts +0 -12
package/src/config/bundled-skills/orchestration/SKILL.md +0 -33
package/src/config/bundled-skills/orchestration/TOOLS.json +0 -35
package/src/config/bundled-skills/orchestration/tools/swarm-delegate.ts +0 -12
package/src/config/schemas/swarm.ts +0 -82
package/src/logfire.ts +0 -135
package/src/memory/search/lexical.ts +0 -48
package/src/providers/failover.ts +0 -186
package/src/runtime/local-gateway-health.ts +0 -275
package/src/security/secret-ingress.ts +0 -68
package/src/swarm/backend-claude-code.ts +0 -225
package/src/swarm/checkpoint.ts +0 -137
package/src/swarm/graph-utils.ts +0 -53
package/src/swarm/index.ts +0 -55
package/src/swarm/limits.ts +0 -66
package/src/swarm/orchestrator.ts +0 -424
package/src/swarm/plan-validator.ts +0 -117
package/src/swarm/router-planner.ts +0 -162
package/src/swarm/router-prompts.ts +0 -39
package/src/swarm/synthesizer.ts +0 -81
package/src/swarm/types.ts +0 -72
package/src/swarm/worker-backend.ts +0 -131
package/src/swarm/worker-prompts.ts +0 -80
package/src/swarm/worker-runner.ts +0 -170
package/src/tools/claude-code/claude-code.ts +0 -610
package/src/tools/swarm/delegate.ts +0 -205

package/src/__tests__/memory-retrieval.benchmark.test.ts CHANGED Viewed

@@ -197,7 +197,6 @@ describe("Memory retrieval benchmark", () => {
     expect(recall.enabled).toBe(true);
     expect(recall.degraded).toBe(false);
     // Recency search finds conversation-scoped segments
-    expect(recall.recencyHits).toBeGreaterThan(0);
     // Relaxed threshold — guards against severe regressions, not precise benchmarking
     expect(recall.latencyMs).toBeLessThan(500);
   });
@@ -216,7 +215,6 @@ describe("Memory retrieval benchmark", () => {
     expect(recall.enabled).toBe(true);
     expect(recall.degraded).toBe(false);
-    expect(recall.recencyHits).toBeGreaterThan(0);
     expect(recall.latencyMs).toBeLessThan(1000);
   });
@@ -234,7 +232,6 @@ describe("Memory retrieval benchmark", () => {
     expect(recall.enabled).toBe(true);
     expect(recall.degraded).toBe(false);
-    expect(recall.recencyHits).toBeGreaterThan(0);
     expect(recall.latencyMs).toBeLessThan(2000);
   });

package/src/__tests__/migration-export-http.test.ts CHANGED Viewed

@@ -527,9 +527,9 @@ describe("integration: existing routes unaffected", () => {
   });
   test("GET /v1/health still works (not intercepted by migration routes)", async () => {
-    const { handleHealth } =
+    const { handleDetailedHealth } =
       await import("../runtime/routes/identity-routes.js");
-    const res = handleHealth();
+    const res = handleDetailedHealth();
     const body = (await res.json()) as Record<string, unknown>;
     expect(res.status).toBe(200);

package/src/__tests__/migration-import-commit-http.test.ts CHANGED Viewed

@@ -939,9 +939,9 @@ describe("route policy registration", () => {
 describe("integration: existing routes unaffected", () => {
   test("GET /v1/health still works", async () => {
-    const { handleHealth } =
+    const { handleDetailedHealth } =
       await import("../runtime/routes/identity-routes.js");
-    const res = handleHealth();
+    const res = handleDetailedHealth();
     const body = (await res.json()) as Record<string, unknown>;
     expect(res.status).toBe(200);

package/src/__tests__/migration-import-preflight-http.test.ts CHANGED Viewed

@@ -792,9 +792,9 @@ describe("route policy registration", () => {
 describe("integration: existing routes unaffected", () => {
   test("GET /v1/health still works", async () => {
-    const { handleHealth } =
+    const { handleDetailedHealth } =
       await import("../runtime/routes/identity-routes.js");
-    const res = handleHealth();
+    const res = handleDetailedHealth();
     const body = (await res.json()) as Record<string, unknown>;
     expect(res.status).toBe(200);

package/src/__tests__/migration-validate-http.test.ts CHANGED Viewed

@@ -684,9 +684,9 @@ describe("route policy registration", () => {
 describe("integration: existing routes unaffected", () => {
   test("GET /v1/health still works (not intercepted by migration routes)", async () => {
-    const { handleHealth } =
+    const { handleDetailedHealth } =
       await import("../runtime/routes/identity-routes.js");
-    const res = handleHealth();
+    const res = handleDetailedHealth();
     const body = (await res.json()) as Record<string, unknown>;
     expect(res.status).toBe(200);

package/src/__tests__/non-member-access-request.test.ts CHANGED Viewed

@@ -37,11 +37,6 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
-// Mock security check to always pass
-mock.module("../security/secret-ingress.js", () => ({
-  checkIngressForSecrets: () => ({ blocked: false }),
-}));
 mock.module("../config/env.js", () => ({
   isHttpAuthDisabled: () => true,
   getGatewayInternalBaseUrl: () => "http://127.0.0.1:7830",
@@ -191,7 +186,7 @@ describe("non-member access request notification", () => {
     expect(deliverReplyCalls.length).toBe(1);
     expect(
       (deliverReplyCalls[0].payload as Record<string, unknown>).text,
-    ).toContain("let them know");
+    ).toContain("know you tried talking to me");
   });
   test("guardian is notified when a non-member messages and a guardian binding exists", async () => {
@@ -290,7 +285,7 @@ describe("non-member access request notification", () => {
     expect(deliverReplyCalls.length).toBe(1);
     expect(
       (deliverReplyCalls[0].payload as Record<string, unknown>).text,
-    ).toContain("let them know");
+    ).toContain("know you tried talking to me");
     // Notification signal was emitted
     expect(emitSignalCalls.length).toBe(1);

package/src/__tests__/notification-decision-fallback.test.ts CHANGED Viewed

@@ -34,6 +34,10 @@ mock.module("../notifications/conversation-candidates.js", () => ({
   serializeCandidatesForPrompt: () => undefined,
 }));
+mock.module("../prompts/persona-resolver.js", () => ({
+  resolveGuardianPersona: () => null,
+}));
 let configuredProvider: { sendMessage: () => Promise<unknown> } | null = null;
 let extractedToolUse: unknown = null;

package/src/__tests__/notification-decision-identity.test.ts CHANGED Viewed

@@ -36,6 +36,10 @@ mock.module("../notifications/conversation-candidates.js", () => ({
   serializeCandidatesForPrompt: () => undefined,
 }));
+mock.module("../prompts/persona-resolver.js", () => ({
+  resolveGuardianPersona: () => null,
+}));
 // ── Identity context mock ─────────────────────────────────────────────
 let mockIdentityContext: string | null = null;

package/src/__tests__/notification-decision-strategy.test.ts CHANGED Viewed

@@ -18,6 +18,7 @@ import {
   hasInviteFlowDirective,
   normalizeForDirectiveMatching,
   sanitizeIdentityField,
+  sanitizeMessagePreview,
 } from "../notifications/copy-composer.js";
 import {
   enforceGuardianCallConversationAffinity,
@@ -596,6 +597,31 @@ describe("notification decision strategy", () => {
     });
   });
+  describe("access-request message preview sanitization", () => {
+    test("strips control characters from message previews", () => {
+      expect(sanitizeMessagePreview("Hello\nWorld")).toBe("Hello World");
+      expect(sanitizeMessagePreview("Test\r\nMessage")).toBe("Test Message");
+    });
+    test("clamps to 200 characters (not 120)", () => {
+      const longMessage = "A".repeat(250);
+      const result = sanitizeMessagePreview(longMessage);
+      expect(result.length).toBeLessThanOrEqual(201); // 200 + '…'
+      expect(result).toEndWith("…");
+      // Verify it allows messages longer than the identity field limit (120)
+      const midMessage = "B".repeat(150);
+      const midResult = sanitizeMessagePreview(midMessage);
+      expect(midResult).toBe(midMessage); // no truncation at 150 chars
+    });
+    test("preserves normal messages", () => {
+      expect(sanitizeMessagePreview("Hello, can you help me?")).toBe(
+        "Hello, can you help me?",
+      );
+    });
+  });
   describe("access-request identity line builder", () => {
     test("builds voice identity line with caller name and phone", () => {
       const line = buildAccessRequestIdentityLine({
@@ -627,6 +653,51 @@ describe("notification decision strategy", () => {
       expect(line).toContain("requesting access");
     });
+    test("uses <@U...> mention format for Slack external IDs", () => {
+      const line = buildAccessRequestIdentityLine({
+        senderIdentifier: "Alice",
+        actorExternalId: "U04BTP01B2S",
+        sourceChannel: "slack",
+      });
+      expect(line).toContain("<@U04BTP01B2S>");
+      expect(line).not.toContain("[U04BTP01B2S]");
+      expect(line).toContain("via slack");
+    });
+    test("does not use <@U...> format for non-Slack channels", () => {
+      const line = buildAccessRequestIdentityLine({
+        senderIdentifier: "Alice",
+        actorExternalId: "U04BTP01B2S",
+        sourceChannel: "telegram",
+      });
+      expect(line).toContain("[U04BTP01B2S]");
+      expect(line).not.toContain("<@U04BTP01B2S>");
+    });
+    test("does not duplicate Slack mention when senderIdentifier equals raw external ID", () => {
+      // When actorDisplayName and actorUsername are missing, senderIdentifier
+      // falls back to the raw actorExternalId. The identity line should produce
+      // exactly one <@U...> mention, not two.
+      const line = buildAccessRequestIdentityLine({
+        senderIdentifier: "U04BTP01B2S",
+        actorExternalId: "U04BTP01B2S",
+        sourceChannel: "slack",
+      });
+      const mentionCount = (line.match(/<@U04BTP01B2S>/g) || []).length;
+      expect(mentionCount).toBe(1);
+      expect(line).toContain("via slack");
+    });
+    test("does not use <@U...> format for non-user-ID external IDs on Slack", () => {
+      const line = buildAccessRequestIdentityLine({
+        senderIdentifier: "Alice",
+        actorExternalId: "someone@example.com",
+        sourceChannel: "slack",
+      });
+      expect(line).not.toContain("<@someone@example.com>");
+      expect(line).toContain("[someone@example.com]");
+    });
     test("sanitizes adversarial display names", () => {
       const line = buildAccessRequestIdentityLine({
         senderIdentifier: "Alice",

package/src/__tests__/oauth-cli.test.ts CHANGED Viewed

@@ -155,6 +155,10 @@ mock.module("../oauth/oauth-store.js", () => ({
 // Stub out transitive dependencies that token-manager would normally pull in
 mock.module("../security/secure-keys.js", () => ({
   getSecureKeyAsync: async (account: string) => mockGetSecureKey(account),
+  getSecureKeyResultAsync: async (account: string) => ({
+    value: mockGetSecureKey(account),
+    unreachable: false,
+  }),
   setSecureKeyAsync: async () => true,
   deleteSecureKeyAsync: async (account: string) => {
     if (secureKeyStore.has(account)) {
@@ -163,7 +167,7 @@ mock.module("../security/secure-keys.js", () => ({
     }
     return "not-found" as const;
   },
-  listSecureKeysAsync: async () => [...secureKeyStore.keys()],
+  listSecureKeysAsync: async () => ({ accounts: [...secureKeyStore.keys()], unreachable: false }),
   _resetBackend: () => {},
 }));

package/src/__tests__/permission-types.test.ts CHANGED Viewed

@@ -15,6 +15,7 @@ describe("isAllowDecision", () => {
     "always_allow",
     "always_allow_high_risk",
     "temporary_override",
+    "dangerously_skip_permissions",
   ];
   for (const decision of allowDecisions) {

package/src/__tests__/provider-commit-message-generator.test.ts CHANGED Viewed

@@ -69,13 +69,9 @@ const mockProvider: Provider = {
 let resolvedProvider: {
   provider: Provider;
   configuredProviderName: string;
-  selectedProviderName: string;
-  usedFallbackPrimary: boolean;
 } | null = {
   provider: mockProvider,
   configuredProviderName: "anthropic",
-  selectedProviderName: "anthropic",
-  usedFallbackPrimary: false,
 };
 mock.module("../providers/provider-send-message.js", () => ({
@@ -130,8 +126,6 @@ describe("ProviderCommitMessageGenerator", () => {
     resolvedProvider = {
       provider: mockProvider,
       configuredProviderName: "anthropic",
-      selectedProviderName: "anthropic",
-      usedFallbackPrimary: false,
     };
   });
@@ -343,8 +337,6 @@ describe("ProviderCommitMessageGenerator", () => {
     resolvedProvider = {
       provider: mockProvider,
       configuredProviderName: "ollama",
-      selectedProviderName: "ollama",
-      usedFallbackPrimary: false,
     };
     const gen = getCommitMessageGenerator();
     const result = await gen.generateCommitMessage(baseContext, {
@@ -364,8 +356,6 @@ describe("ProviderCommitMessageGenerator", () => {
     resolvedProvider = {
       provider: mockProvider,
       configuredProviderName: "exotic-provider",
-      selectedProviderName: "exotic-provider",
-      usedFallbackPrimary: false,
     };
     const gen = getCommitMessageGenerator();
     const result = await gen.generateCommitMessage(baseContext, {
@@ -383,8 +373,6 @@ describe("ProviderCommitMessageGenerator", () => {
     resolvedProvider = {
       provider: mockProvider,
       configuredProviderName: "ollama",
-      selectedProviderName: "ollama",
-      usedFallbackPrimary: false,
     };
     currentConfig.workspaceGit.commitMessageLLM.providerFastModelOverrides = {
       ollama: "llama3.2:3b",
@@ -404,29 +392,4 @@ describe("ProviderCommitMessageGenerator", () => {
     expect(options.config.model).toBe("llama3.2:3b");
   });
-  // 15. Fail-open fallback provider uses fallback provider's fast-model mapping
-  test("configured provider unavailable -> selected fallback provider model mapping is used", async () => {
-    currentConfig.services.inference.provider = "anthropic";
-    currentConfig.providerOrder = ["openai"];
-    mockSecureKeys = { openai: "sk-openai" };
-    resolvedProvider = {
-      provider: mockProvider,
-      configuredProviderName: "anthropic",
-      selectedProviderName: "openai",
-      usedFallbackPrimary: true,
-    };
-    mockSendMessage.mockResolvedValueOnce(
-      makeSuccessResponse("fix: fail-open commit"),
-    );
-    const gen = getCommitMessageGenerator();
-    const result = await gen.generateCommitMessage(baseContext, {
-      changedFiles: baseContext.changedFiles,
-    });
-    expect(result.source).toBe("llm");
-    const callArgs = mockSendMessage.mock.calls[0];
-    const options = callArgs[3] as { config: { model: string } };
-    expect(options.config.model).toBe("gpt-4o-mini");
-  });
 });

package/src/__tests__/provider-error-scenarios.test.ts CHANGED Viewed

@@ -107,7 +107,6 @@ mock.module("../util/retry.js", () => {
   };
 });
-import { FailoverProvider } from "../providers/failover.js";
 import { RetryProvider } from "../providers/retry.js";
 import { createStreamTimeout } from "../providers/stream-timeout.js";
 import type {
@@ -139,18 +138,6 @@ function successResponse(
   };
 }
-function makeProvider(name = "mock"): Provider & { calls: number } {
-  const p = {
-    name,
-    calls: 0,
-    async sendMessage(): Promise<ProviderResponse> {
-      p.calls++;
-      return successResponse();
-    },
-  };
-  return p;
-}
 /** Provider that fails N times then succeeds. */
 function makeFlaky(
   failCount: number,
@@ -646,220 +633,6 @@ describe("RetryProvider — streaming response handling", () => {
   });
 });
-// ---------------------------------------------------------------------------
-// FailoverProvider — model unavailability fallback
-// ---------------------------------------------------------------------------
-describe("FailoverProvider — model unavailability fallback", () => {
-  test("falls back to secondary when primary returns 500", async () => {
-    const primary = makeFailing(
-      new ProviderError("down", "primary", 500),
-      "primary",
-    );
-    const secondary = makeProvider("secondary");
-    const provider = new FailoverProvider([primary, secondary]);
-    const result = await provider.sendMessage(MESSAGES);
-    expect(primary.calls).toBe(1);
-    expect(secondary.calls).toBe(1);
-    expect(result.stopReason).toBe("end_turn");
-  });
-  test("falls back to secondary when primary returns 429", async () => {
-    const primary = makeFailing(
-      new ProviderError("rate limited", "primary", 429),
-      "primary",
-    );
-    const secondary = makeProvider("secondary");
-    const provider = new FailoverProvider([primary, secondary]);
-    const result = await provider.sendMessage(MESSAGES);
-    expect(primary.calls).toBe(1);
-    expect(secondary.calls).toBe(1);
-    expect(result.model).toBe("test-model");
-  });
-  test("falls back on ECONNREFUSED network error", async () => {
-    const err = new Error("connection refused");
-    (err as NodeJS.ErrnoException).code = "ECONNREFUSED";
-    const primary = makeFailing(err, "primary");
-    const secondary = makeProvider("secondary");
-    const provider = new FailoverProvider([primary, secondary]);
-    const result = await provider.sendMessage(MESSAGES);
-    expect(primary.calls).toBe(1);
-    expect(secondary.calls).toBe(1);
-    expect(result.content[0]).toMatchObject({ type: "text", text: "ok" });
-  });
-  test("falls back on ProviderError without status code (connection failure)", async () => {
-    const primary = makeFailing(
-      new ProviderError("connection failed", "primary"),
-      "primary",
-    );
-    const secondary = makeProvider("secondary");
-    const provider = new FailoverProvider([primary, secondary]);
-    const _result = await provider.sendMessage(MESSAGES);
-    expect(primary.calls).toBe(1);
-    expect(secondary.calls).toBe(1);
-  });
-  test("does NOT fall back on 400 Bad Request", async () => {
-    const primary = makeFailing(
-      new ProviderError("bad request", "primary", 400),
-      "primary",
-    );
-    const secondary = makeProvider("secondary");
-    const provider = new FailoverProvider([primary, secondary]);
-    await expect(provider.sendMessage(MESSAGES)).rejects.toThrow("bad request");
-    expect(primary.calls).toBe(1);
-    expect(secondary.calls).toBe(0);
-  });
-  test("does NOT fall back on 401 Unauthorized", async () => {
-    const primary = makeFailing(
-      new ProviderError("unauthorized", "primary", 401),
-      "primary",
-    );
-    const secondary = makeProvider("secondary");
-    const provider = new FailoverProvider([primary, secondary]);
-    await expect(provider.sendMessage(MESSAGES)).rejects.toThrow(
-      "unauthorized",
-    );
-    expect(secondary.calls).toBe(0);
-  });
-  test("throws last error when all providers fail", async () => {
-    const p1 = makeFailing(new ProviderError("p1 down", "p1", 500), "p1");
-    const p2 = makeFailing(new ProviderError("p2 down", "p2", 503), "p2");
-    const p3 = makeFailing(new ProviderError("p3 down", "p3", 502), "p3");
-    const provider = new FailoverProvider([p1, p2, p3]);
-    try {
-      await provider.sendMessage(MESSAGES);
-      expect(true).toBe(false);
-    } catch (err) {
-      expect(err).toBeInstanceOf(ProviderError);
-      // Last provider's error is thrown
-      expect((err as ProviderError).message).toBe("p3 down");
-    }
-    expect(p1.calls).toBe(1);
-    expect(p2.calls).toBe(1);
-    expect(p3.calls).toBe(1);
-  });
-  test("chains through three providers when first two fail", async () => {
-    const p1 = makeFailing(new ProviderError("p1 error", "p1", 500), "p1");
-    const p2 = makeFailing(new ProviderError("p2 error", "p2", 502), "p2");
-    const p3 = makeProvider("p3");
-    const provider = new FailoverProvider([p1, p2, p3]);
-    const result = await provider.sendMessage(MESSAGES);
-    expect(p1.calls).toBe(1);
-    expect(p2.calls).toBe(1);
-    expect(p3.calls).toBe(1);
-    expect(result.stopReason).toBe("end_turn");
-  });
-  test("requires at least one provider", () => {
-    expect(() => new FailoverProvider([])).toThrow(
-      "FailoverProvider requires at least one provider",
-    );
-  });
-});
-// ---------------------------------------------------------------------------
-// FailoverProvider — cooldown and recovery
-// ---------------------------------------------------------------------------
-describe("FailoverProvider — cooldown and recovery", () => {
-  test("skips provider in cooldown period", async () => {
-    const primary = makeFailing(
-      new ProviderError("down", "primary", 500),
-      "primary",
-    );
-    const secondary = makeProvider("secondary");
-    // Use a long cooldown so primary stays unhealthy
-    const provider = new FailoverProvider([primary, secondary], 60_000);
-    // First call: primary fails, secondary succeeds
-    await provider.sendMessage(MESSAGES);
-    expect(primary.calls).toBe(1);
-    expect(secondary.calls).toBe(1);
-    // Second call: primary is in cooldown, skipped — goes straight to secondary
-    await provider.sendMessage(MESSAGES);
-    expect(primary.calls).toBe(1); // not called again
-    expect(secondary.calls).toBe(2);
-  });
-  test("retries provider after cooldown expires", async () => {
-    let primaryCallCount = 0;
-    const primary: Provider = {
-      name: "primary",
-      async sendMessage() {
-        primaryCallCount++;
-        if (primaryCallCount === 1) {
-          throw new ProviderError("temporarily down", "primary", 500);
-        }
-        return successResponse();
-      },
-    };
-    const secondary = makeProvider("secondary");
-    // Very short cooldown
-    const provider = new FailoverProvider([primary, secondary], 1);
-    // First call: primary fails, marked unhealthy, secondary succeeds
-    await provider.sendMessage(MESSAGES);
-    expect(primaryCallCount).toBe(1);
-    // Wait for cooldown to expire
-    await new Promise((r) => setTimeout(r, 10));
-    // Second call: primary should be retried after cooldown expired
-    await provider.sendMessage(MESSAGES);
-    expect(primaryCallCount).toBe(2);
-  });
-  test("marks provider healthy after successful recovery", async () => {
-    let primaryCallCount = 0;
-    const primary: Provider = {
-      name: "primary",
-      async sendMessage() {
-        primaryCallCount++;
-        if (primaryCallCount === 1) {
-          throw new ProviderError("blip", "primary", 500);
-        }
-        return successResponse();
-      },
-    };
-    const secondary = makeProvider("secondary");
-    const provider = new FailoverProvider([primary, secondary], 1);
-    // First call: primary fails
-    await provider.sendMessage(MESSAGES);
-    expect(primaryCallCount).toBe(1);
-    // Wait for cooldown
-    await new Promise((r) => setTimeout(r, 10));
-    // Second call: primary recovers
-    await provider.sendMessage(MESSAGES);
-    expect(primaryCallCount).toBe(2);
-    // Third call: primary is healthy, used directly
-    await provider.sendMessage(MESSAGES);
-    expect(primaryCallCount).toBe(3);
-    expect(secondary.calls).toBe(1); // only called once during initial failover
-  });
-});
 // ---------------------------------------------------------------------------
 // createStreamTimeout — edge cases
@@ -910,43 +683,3 @@ describe("createStreamTimeout — edge cases", () => {
   });
 });
-// ---------------------------------------------------------------------------
-// RetryProvider + FailoverProvider — combined scenarios
-// ---------------------------------------------------------------------------
-describe("RetryProvider + FailoverProvider — combined", () => {
-  test("failover wrapping retry: each provider in the chain retries independently", async () => {
-    // Primary always fails with 500, secondary succeeds
-    const primary = makeFailing(
-      new ProviderError("primary down", "primary", 500),
-      "primary",
-    );
-    const secondary = makeProvider("secondary");
-    // Wrap each in RetryProvider, then combine with FailoverProvider
-    const retryPrimary = new RetryProvider(primary);
-    const retrySecondary = new RetryProvider(secondary);
-    const failover = new FailoverProvider([retryPrimary, retrySecondary]);
-    const result = await failover.sendMessage(MESSAGES);
-    expect(result.stopReason).toBe("end_turn");
-    // Primary should have been retried MAX_RETRIES + 1 times before failover
-    expect(primary.calls).toBe(DEFAULT_MAX_RETRIES + 1);
-    expect(secondary.calls).toBe(1);
-  });
-  test("single provider: retry exhaustion produces the original error", async () => {
-    const inner = makeFailing(new ProviderError("always fail", "solo", 500));
-    const retrying = new RetryProvider(inner);
-    try {
-      await retrying.sendMessage(MESSAGES);
-      expect(true).toBe(false);
-    } catch (err) {
-      expect(err).toBeInstanceOf(ProviderError);
-      expect((err as ProviderError).message).toBe("always fail");
-      expect((err as ProviderError).statusCode).toBe(500);
-    }
-    expect(inner.calls).toBe(DEFAULT_MAX_RETRIES + 1);
-  });
-});

package/src/__tests__/provider-managed-proxy-integration.test.ts CHANGED Viewed

@@ -193,13 +193,12 @@ describe("managed proxy integration — credential precedence", () => {
       const provider = getProvider("anthropic");
-      // Unwrap RetryProvider → LogfireProvider → AnthropicProvider to inspect
-      // the Anthropic SDK client's baseURL. The wrappers use private `inner`
-      // and AnthropicProvider stores the SDK client as private `client`.
+      // Unwrap RetryProvider → AnthropicProvider to inspect the Anthropic
+      // SDK client's baseURL. RetryProvider stores the inner provider as
+      // private `inner` and AnthropicProvider stores the SDK client as
+      // private `client`.
       const retryInner = (provider as any).inner;
-      // retryInner is the logfire wrapper; it also has an `inner` property
-      const logfireInner = (retryInner as any).inner ?? retryInner;
-      const anthropicClient = (logfireInner as any).client;
+      const anthropicClient = (retryInner as any).client;
       expect(anthropicClient).toBeDefined();
       const baseURL: string = anthropicClient.baseURL;