@vellumai/assistant 0.5.9 → 0.5.10

package/AGENTS.md

@@ -2,4 +2,4 @@
 
 For error handling conventions (throw vs result objects vs null), see [docs/error-handling.md](docs/error-handling.md).
 
-Subdirectory-scoped rules live in local AGENTS.md files: `src/cli/`, `src/runtime/`, `src/approvals/`, `src/notifications/`.
+Subdirectory-scoped rules live in local AGENTS.md files: `src/cli/`, `src/runtime/`, `src/approvals/`, `src/notifications/`, `src/workspace/migrations/`.

package/ARCHITECTURE.md

@@ -321,7 +321,7 @@ The WhatsApp channel enables inbound and outbound messaging via the Meta WhatsAp
 - `WHATSAPP_APP_SECRET` — App secret for webhook signature verification
 - `WHATSAPP_WEBHOOK_VERIFY_TOKEN` — Token for the Meta webhook subscription handshake
 
-These can be set via environment variables or stored in the credential vault (keychain / encrypted store) under the `whatsapp` service prefix.
+These can be set via environment variables or stored in the credential vault (CES / encrypted store) under the `whatsapp` service prefix.
 
 **Limitations (v1)**: Rich approval UI (inline buttons) is not supported. Contacts and location message types are acknowledged but not forwarded.
 
@@ -343,7 +343,7 @@ All endpoints are JWT-authenticated via `Authorization: Bearer <jwt>`.
 
 **Credential storage pattern:**
 
-Both tokens are stored in the secure key store (macOS Keychain with encrypted file fallback):
+Both tokens are stored in the secure key store (CES credential store with encrypted file fallback):
 
 | Secure key                           | Content                                                                    |
 | ------------------------------------ | -------------------------------------------------------------------------- |
@@ -667,9 +667,9 @@ All six enforcement points derive the flag key via `skillFlagKey(skill)` — whi
 
 ```mermaid
 graph LR
-    subgraph "macOS Keychain"
-        K1["API Key<br/>service: vellum-assistant<br/>account: anthropic<br/>stored via /usr/bin/security CLI"]
-        K2["Credential Secrets<br/>key: credential/{service}/{field}<br/>stored via secure-keys.ts<br/>(encrypted file fallback if Keychain unavailable)"]
+    subgraph "Credential Store"
+        K1["API Key<br/>service: vellum-assistant<br/>account: anthropic<br/>stored via CES"]
+        K2["Credential Secrets<br/>key: credential/{service}/{field}<br/>stored via secure-keys.ts<br/>(encrypted file fallback)"]
     end
 
     subgraph "UserDefaults (plist)"
@@ -1937,10 +1937,10 @@ Connected channels are resolved at signal emission time: vellum is always includ
 
 | What                                     | Where                                                             | Format                              | ORM/Driver                         | Retention                                               |
 | ---------------------------------------- | ----------------------------------------------------------------- | ----------------------------------- | ---------------------------------- | ------------------------------------------------------- |
-| API key                                  | macOS Keychain                                                    | Encrypted binary                    | `/usr/bin/security` CLI            | Permanent                                               |
-| Credential secrets                       | macOS Keychain (or encrypted file fallback)                       | Encrypted binary                    | `secure-keys.ts` wrapper           | Permanent (until deleted via tool)                      |
+| API key                                  | CES / encrypted file store                                        | Encrypted binary                    | CES API / `secure-keys.ts`         | Permanent                                               |
+| Credential secrets                       | CES / encrypted file store                                        | Encrypted binary                    | `secure-keys.ts` wrapper           | Permanent (until deleted via tool)                      |
 | Credential metadata                      | `~/.vellum/workspace/data/credentials/metadata.json`              | JSON                                | Atomic file write                  | Permanent (until deleted via tool)                      |
-| Integration OAuth tokens                 | macOS Keychain (or encrypted file fallback, via `secure-keys.ts`) | Encrypted binary                    | `TokenManager` auto-refresh        | Until disconnected or revoked                           |
+| Integration OAuth tokens                 | CES / encrypted file store (via `secure-keys.ts`)                 | Encrypted binary                    | `TokenManager` auto-refresh        | Until disconnected or revoked                           |
 | User preferences                         | UserDefaults                                                      | plist                               | Foundation                         | Permanent                                               |
 | Session logs                             | `~/Library/.../logs/session-*.json`                               | JSON per session                    | Swift Codable                      | Unbounded                                               |
 | Conversations & messages                 | `~/.vellum/workspace/data/db/assistant.db`                        | SQLite + WAL                        | Drizzle ORM (Bun)                  | Permanent                                               |

package/README.md

@@ -204,7 +204,7 @@ The runtime exposes a RESTful HTTP API for Twilio configuration, credential mana
 | Method | Path                                        | Description                                                                                                                                 |
 | ------ | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
 | GET    | `/v1/integrations/twilio/config`            | Returns current state: `hasCredentials` (boolean) and `phoneNumber` (if assigned)                                                           |
-| POST   | `/v1/integrations/twilio/credentials`       | Validates and stores Account SID and Auth Token in secure storage (Keychain / encrypted file)                                               |
+| POST   | `/v1/integrations/twilio/credentials`       | Validates and stores Account SID and Auth Token in secure storage (CES / encrypted file store)                                               |
 | DELETE | `/v1/integrations/twilio/credentials`       | Removes stored credentials. Preserves the phone number in config so re-entering credentials resumes working without reassigning the number. |
 | GET    | `/v1/integrations/twilio/numbers`           | Lists all incoming phone numbers on the Twilio account with their capabilities                                                              |
 | POST   | `/v1/integrations/twilio/numbers/provision` | Purchases a new phone number. Accepts optional `areaCode` and `country`. Auto-assigns and configures webhooks when ingress is available.    |

package/docs/architecture/integrations.md

@@ -122,7 +122,7 @@ sequenceDiagram
     participant Browser as System Browser
     participant Google as Google OAuth Server
     participant Store as SQLite OAuth Store
-    participant Vault as Secure Keychain
+    participant Vault as Credential Store
     participant TokenMgr as TokenManager
     participant Tool as Gmail Tool Executor
     participant API as Gmail REST API
@@ -173,7 +173,7 @@ sequenceDiagram
 
 | Decision                                   | Rationale                                                                                                                                                                                                                                        |
 | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| PKCE by default, optional client_secret    | Desktop apps prefer PKCE; some providers (Slack) require a secret, which is stored in the secure keychain (`oauth_app/{id}/client_secret`) for autonomous refresh                                                                                |
+| PKCE by default, optional client_secret    | Desktop apps prefer PKCE; some providers (Slack) require a secret, which is stored in the credential store (`oauth_app/{id}/client_secret`) for autonomous refresh                                                                                |
 | Shared connect orchestrator                | All OAuth providers route through `orchestrateOAuthConnect()`, which resolves profiles, enforces scope policy, runs the flow, stores tokens, and verifies identity. Adding a provider is a declarative profile entry, not new orchestration code |
 | Canonical credential naming                | All reads and writes use `client_id`/`client_secret` as canonical field names                                                                                                                                                                    |
 | Gateway callback transport                 | OAuth callbacks are now routed through the gateway at `${ingress.publicBaseUrl}/webhooks/oauth/callback` instead of a loopback redirect URI. This enables OAuth flows to work in remote and tunneled deployments.                                |
@@ -261,7 +261,7 @@ Result is a discriminated union: `{ success, deferred, grantedScopes, accountInf
 
 `assistant/src/daemon/handlers/oauth-connect.ts` handles `oauth_connect_start` messages. The handler:
 
-1. Resolves client credentials from the keychain using canonical names (`client_id`, `client_secret`).
+1. Resolves client credentials from the credential store using canonical names (`client_id`, `client_secret`).
 2. Validates that required credentials exist (including `client_secret` when the provider requires it).
 3. Delegates to `orchestrateOAuthConnect()`.
 4. Sends `oauth_connect_result` back to the client.
@@ -286,7 +286,7 @@ This replaces provider-specific handlers — any provider in the registry can be
 | `assistant/src/oauth/scope-policy.ts`            | Scope resolution and policy enforcement (pure, no I/O)                           |
 | `assistant/src/oauth/connect-orchestrator.ts`    | Shared connect orchestrator (profile → scopes → flow → tokens)                   |
 | `assistant/src/oauth/connect-types.ts`           | Shared types (`OAuthProviderBehavior`, `OAuthScopePolicy`, `OAuthConnectResult`) |
-| `assistant/src/oauth/token-persistence.ts`       | Token storage: keychain writes, metadata upsert, post-connect hooks              |
+| `assistant/src/oauth/token-persistence.ts`       | Token storage: credential store writes, metadata upsert, post-connect hooks      |
 | `assistant/src/daemon/handlers/oauth-connect.ts` | Generic `oauth_connect_start` / `oauth_connect_result` handler                   |
 
 ---

package/docs/architecture/keychain-broker.md

@@ -1,7 +1,7 @@
 # macOS Keychain Broker Architecture (Legacy)
 
 **Status:** Superseded by CES credential routing
-**Last Updated:** 2026-03-22
+**Last Updated:** 2026-03-24
 **Owners:** macOS client + assistant runtime
 
 ## Current State
@@ -16,24 +16,23 @@ See [`assistant/docs/credential-execution-service.md`](../credential-execution-s
 
 ### What remains
 
-The keychain broker is not fully deleted. These components still exist:
+The keychain broker is fully deleted. Only these historical migrations remain:
 
-| Component | Location | Why it exists |
-|---|---|---|
-| Keychain broker client | `assistant/src/security/keychain-broker-client.ts` | Used only by workspace migrations 015 and 016 |
-| Migration 015 | `assistant/src/workspace/migrations/015-migrate-credentials-to-keychain.ts` | Historical migration that copied encrypted store credentials into keychain |
+| Component     | Location                                                                      | Why it exists                                                                                      |
+| ------------- | ----------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- |
+| Migration 015 | `assistant/src/workspace/migrations/015-migrate-credentials-to-keychain.ts`   | Historical migration that copied encrypted store credentials into keychain                         |
 | Migration 016 | `assistant/src/workspace/migrations/016-migrate-credentials-from-keychain.ts` | Reverse migration that copies keychain credentials back to the encrypted store for CES unification |
-| Swift broker server | `clients/macos/vellum-assistant/Security/KeychainBrokerServer.swift` | UDS server in the macOS app; still compiled for release builds (`#if !DEBUG`) |
-| Swift broker service | `clients/macos/vellum-assistant/Security/KeychainBrokerService.swift` | `SecItem*` wrapper used by the broker server |
-| Gateway credential reader | `gateway/src/credential-reader.ts` | Still tries the keychain broker as a secondary fallback after CES, before the encrypted store |
 
-The broker client and Swift server remain because migrations 015/016 must be able to read/write the keychain for users who previously stored credentials there. These migrations are append-only and cannot be removed. The gateway's broker fallback provides a read path for credentials that may still be in the keychain during the migration window.
+Migrations 015/016 use inline `security` CLI helpers that shell out to `/usr/bin/security` directly, replacing the former broker client and UDS protocol. These migrations are append-only and cannot be removed.
 
 ### What was removed
 
+- **Keychain broker client** (`keychain-broker-client.ts`) -- the TypeScript client that communicated with the Swift UDS server. Migrations 015/016 now use inline `security` CLI helpers instead.
 - **`KeychainBackend`** class and `createKeychainBackend()` factory -- the daemon's `CredentialBackend` implementation that wrapped the broker client. Removed from `credential-backend.ts`.
 - **`resolveBackendAsync()` keychain resolution path** -- the daemon no longer considers `VELLUM_DESKTOP_APP` or `VELLUM_DEV` for backend selection. Backend resolution in `secure-keys.ts` now follows the CES RPC > CES HTTP > encrypted store priority.
 - **Dual-writing and broker-unavailable commit behavior** -- the daemon previously committed to the keychain backend even when the broker socket was unreachable, causing operations to fail visibly. This behavior is gone; CES RPC is the primary backend with encrypted store as a graceful fallback.
+- **Swift broker server** (`KeychainBrokerServer.swift`) -- the UDS server in the macOS app that accepted credential requests from the daemon and gateway. Deleted along with its `SecItem*` wrapper (`KeychainBrokerService.swift`).
+- **Gateway broker fallback** -- the gateway's `credential-reader.ts` no longer tries the keychain broker as a secondary fallback. Credential resolution is now CES HTTP > encrypted file store.
 
 ## Original Design (Historical)
 
@@ -51,15 +50,15 @@ The macOS app embedded a `KeychainBrokerServer` (NWListener on a Unix domain soc
 
 Transport: Unix domain socket at `~/.vellum/keychain-broker.sock`, newline-delimited JSON.
 
-| Method | Params | Result |
-|---|---|---|
-| `broker.ping` | none | `{ pong: true }` |
-| `key.get` | `{ account }` | `{ found, value? }` |
-| `key.set` | `{ account, value }` | `{ stored: true }` |
-| `key.delete` | `{ account }` | `{ deleted: true }` |
-| `key.list` | none | `{ accounts: string[] }` |
+| Method        | Params               | Result                   |
+| ------------- | -------------------- | ------------------------ |
+| `broker.ping` | none                 | `{ pong: true }`         |
+| `key.get`     | `{ account }`        | `{ found, value? }`      |
+| `key.set`     | `{ account, value }` | `{ stored: true }`       |
+| `key.delete`  | `{ account }`        | `{ deleted: true }`      |
+| `key.list`    | none                 | `{ accounts: string[] }` |
 
-This protocol is still used by migrations 015/016 via the broker client.
+This protocol is no longer used. Migrations 015/016 now use inline `security` CLI helpers that shell out to `/usr/bin/security` directly instead of communicating over UDS.
 
 ### Security model
 

package/docs/architecture/security.md

@@ -222,7 +222,7 @@ sequenceDiagram
     participant Prompter as SecretPrompter
     participant HTTP as HTTP Transport
     participant UI as SecretPromptManager (Swift)
-    participant Keychain as macOS Keychain
+    participant Store as Credential Store (CES / encrypted file)
 
     Model->>Vault: action: "prompt", service, field, label
     Vault->>Prompter: requestSecret(service, field, label, ...)
@@ -233,7 +233,7 @@ sequenceDiagram
         UI->>HTTP: secret_response {requestId, value, delivery: "store"}
         HTTP->>Prompter: resolve(value, "store")
         Prompter->>Vault: {value, delivery: "store"}
-        Vault->>Keychain: setSecureKeyAsync("credential/svc/field", value)
+        Vault->>Store: setSecureKeyAsync("credential/svc/field", value)
         Vault->>Model: "Credential stored securely" (no value in output)
     else One-Time Send (if enabled)
         UI->>HTTP: secret_response {requestId, value, delivery: "transient_send"}
@@ -265,7 +265,7 @@ graph TB
 The `allowOneTimeSend` config gate (default: `false`) enables a secondary "Send Once" button in the secret prompt UI. When used:
 
 - The secret value is handed to the `CredentialBroker`, which holds it in memory for the next `consume` or `browserFill` call
-- The value is **not** persisted to the keychain
+- The value is **not** persisted to the credential store
 - The broker discards the value after a single use
 - The vault tool output confirms delivery without including the secret value — the value is never returned to the model
 - The config gate must be explicitly enabled by the operator
@@ -274,7 +274,7 @@ The `allowOneTimeSend` config gate (default: `false`) enables a secondary "Send
 
 | Component           | Location                                             | What it stores                                                                                                                                               |
 | ------------------- | ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Secret values       | macOS Keychain (primary) or encrypted file fallback  | Encrypted credential values keyed as `credential/{service}/{field}`. Falls back to encrypted file backend on Linux/headless or when Keychain is unavailable. |
+| Secret values       | CES credential store or encrypted file store         | Encrypted credential values keyed as `credential/{service}/{field}`. Stored via CES RPC (primary), CES HTTP (containerized), or encrypted file store (fallback). |
 | Credential metadata | `~/.vellum/workspace/data/credentials/metadata.json` | Service, field, label, policy (allowedTools, allowedDomains), timestamps                                                                                     |
 | Config              | `~/.vellum/workspace/config.*`                       | `secretDetection` settings: enabled, action, entropyThreshold, allowOneTimeSend                                                                              |
 
@@ -283,7 +283,7 @@ The `allowOneTimeSend` config gate (default: `false`) enables a secondary "Send
 | File                                                 | Role                                                                  |
 | ---------------------------------------------------- | --------------------------------------------------------------------- |
 | `assistant/src/tools/credentials/vault.ts`           | `credential_store` tool — store, list, delete, prompt actions         |
-| `assistant/src/security/secure-keys.ts`              | Async secure key CRUD via keychain broker and encrypted file store    |
+| `assistant/src/security/secure-keys.ts`              | Async secure key CRUD via CES and encrypted file store               |
 | `assistant/src/tools/credentials/metadata-store.ts`  | JSON file metadata CRUD for credential records                        |
 | `assistant/src/tools/credentials/broker.ts`          | Brokered credential access with policy enforcement and transient send |
 | `assistant/src/tools/credentials/policy-validate.ts` | Policy input validation (allowedTools, allowedDomains)                |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.5.9",
+  "version": "0.5.10",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/__tests__/credentials-cli.test.ts

@@ -895,7 +895,7 @@ describe("assistant credentials CLI", () => {
       expect(result.exitCode).toBe(0);
       const parsed = JSON.parse(result.stdout);
       expect(parsed.ok).toBe(true);
-      expect(parsed.scrubbedValue).toBe("(broker unreachable)");
+      expect(parsed.scrubbedValue).toBe("(credential store unreachable)");
       expect(parsed.brokerUnreachable).toBe(true);
     });
 
@@ -913,7 +913,7 @@ describe("assistant credentials CLI", () => {
       expect(result.exitCode).toBe(1);
       const parsed = JSON.parse(result.stdout);
       expect(parsed.ok).toBe(false);
-      expect(parsed.error).toContain("Keychain broker is unreachable");
+      expect(parsed.error).toContain("Credential store is unreachable");
     });
   });
 
@@ -1029,7 +1029,7 @@ describe("assistant credentials CLI", () => {
       expect(result.exitCode).toBe(1);
       const parsed = JSON.parse(result.stdout);
       expect(parsed.ok).toBe(false);
-      expect(parsed.error).toContain("Keychain broker is unreachable");
+      expect(parsed.error).toContain("Credential store is unreachable");
     });
 
     test("returns credential-not-found when broker is up", async () => {

package/src/__tests__/workspace-migration-015-migrate-credentials-to-keychain.test.ts

@@ -1,252 +1,19 @@
-import { beforeEach, describe, expect, mock, test } from "bun:test";
+import { describe, expect, test } from "bun:test";
 
-// ---------------------------------------------------------------------------
-// Mock state
-// ---------------------------------------------------------------------------
-
-const isAvailableFn = mock((): boolean => true);
-const brokerSetFn = mock(
-  async (
-    _account: string,
-    _value: string,
-  ): Promise<{ status: string; code?: string; message?: string }> => ({
-    status: "ok",
-  }),
-);
-const createBrokerClientFn = mock(() => ({
-  isAvailable: isAvailableFn,
-  set: brokerSetFn,
-}));
-
-const listKeysFn = mock((): string[] => []);
-const getKeyFn = mock((_account: string): string | undefined => undefined);
-const deleteKeyFn = mock(
-  (_account: string): "deleted" | "not-found" | "error" => "deleted",
-);
-
-// ---------------------------------------------------------------------------
-// Mock modules — before importing module under test
-//
-// The logger is mocked with a silent Proxy to suppress pino output in tests.
-// The broker client and encrypted store are mocked to control migration
-// behavior without touching real keychain or filesystem state.
-// ---------------------------------------------------------------------------
-
-mock.module("../util/logger.js", () => ({
-  getLogger: () =>
-    new Proxy({} as Record<string, unknown>, {
-      get: () => () => {},
-    }),
-}));
-
-mock.module("../security/keychain-broker-client.js", () => ({
-  createBrokerClient: createBrokerClientFn,
-}));
-
-mock.module("../security/encrypted-store.js", () => ({
-  listKeys: listKeysFn,
-  getKey: getKeyFn,
-  deleteKey: deleteKeyFn,
-}));
-
-// Import after mocking
 import { migrateCredentialsToKeychainMigration } from "../workspace/migrations/015-migrate-credentials-to-keychain.js";
 
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-const WORKSPACE_DIR = "/mock-home/.vellum/workspace";
-
-// ---------------------------------------------------------------------------
-// Tests
-// ---------------------------------------------------------------------------
-
 describe("015-migrate-credentials-to-keychain migration", () => {
-  beforeEach(() => {
-    isAvailableFn.mockClear();
-    brokerSetFn.mockClear();
-    createBrokerClientFn.mockClear();
-    listKeysFn.mockClear();
-    getKeyFn.mockClear();
-    deleteKeyFn.mockClear();
-
-    // Defaults: mac production build
-    process.env.VELLUM_DESKTOP_APP = "1";
-    delete process.env.VELLUM_DEV;
-
-    isAvailableFn.mockReturnValue(true);
-    brokerSetFn.mockResolvedValue({ status: "ok" });
-    listKeysFn.mockReturnValue([]);
-    getKeyFn.mockReturnValue(undefined);
-    deleteKeyFn.mockReturnValue("deleted");
-  });
-
   test("has correct migration id", () => {
     expect(migrateCredentialsToKeychainMigration.id).toBe(
       "015-migrate-credentials-to-keychain",
     );
   });
 
-  test("skips when VELLUM_DESKTOP_APP is not set", async () => {
-    delete process.env.VELLUM_DESKTOP_APP;
-
-    await migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR);
-
-    expect(createBrokerClientFn).not.toHaveBeenCalled();
-    expect(listKeysFn).not.toHaveBeenCalled();
-  });
-
-  test("skips when VELLUM_DESKTOP_APP is not '1'", async () => {
-    process.env.VELLUM_DESKTOP_APP = "0";
-
-    await migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR);
-
-    expect(createBrokerClientFn).not.toHaveBeenCalled();
-  });
-
-  test("skips when VELLUM_DEV=1", async () => {
-    process.env.VELLUM_DEV = "1";
-
-    await migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR);
-
-    expect(createBrokerClientFn).not.toHaveBeenCalled();
-    expect(listKeysFn).not.toHaveBeenCalled();
+  test("run is a no-op", async () => {
+    await migrateCredentialsToKeychainMigration.run("/fake");
   });
 
-  test(
-    "throws when broker is not available after max retry attempts",
-    async () => {
-      isAvailableFn.mockReturnValue(false);
-
-      await expect(
-        migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR),
-      ).rejects.toThrow(
-        "Keychain broker not available after waiting — credential migration will be retried on next startup",
-      );
-
-      // Should have retried isAvailable multiple times
-      expect(isAvailableFn.mock.calls.length).toBeGreaterThan(1);
-
-      // Should not proceed to list or migrate keys
-      expect(listKeysFn).not.toHaveBeenCalled();
-      expect(brokerSetFn).not.toHaveBeenCalled();
-    },
-    { timeout: 10_000 },
-  );
-
-  test("succeeds when broker becomes available after retry", async () => {
-    // Broker unavailable for first 3 calls, then available
-    let callCount = 0;
-    isAvailableFn.mockImplementation(() => {
-      callCount++;
-      return callCount > 3;
-    });
-    listKeysFn.mockReturnValue(["retry-key"]);
-    getKeyFn.mockReturnValue("retry-secret");
-    brokerSetFn.mockResolvedValue({ status: "ok" });
-
-    await migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR);
-
-    // Should have called isAvailable 4 times (3 false + 1 true)
-    expect(isAvailableFn).toHaveBeenCalledTimes(4);
-
-    // Should have proceeded with migration
-    expect(brokerSetFn).toHaveBeenCalledWith("retry-key", "retry-secret");
-    expect(deleteKeyFn).toHaveBeenCalledWith("retry-key");
-  });
-
-  test("no-ops when encrypted store has no keys", async () => {
-    listKeysFn.mockReturnValue([]);
-
-    await migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR);
-
-    expect(brokerSetFn).not.toHaveBeenCalled();
-    expect(deleteKeyFn).not.toHaveBeenCalled();
-  });
-
-  test("successfully migrates keys from encrypted store to keychain", async () => {
-    listKeysFn.mockReturnValue(["account-a", "account-b"]);
-    getKeyFn.mockImplementation((account: string) => {
-      if (account === "account-a") return "secret-a";
-      if (account === "account-b") return "secret-b";
-      return undefined;
-    });
-    brokerSetFn.mockResolvedValue({ status: "ok" });
-
-    await migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR);
-
-    // Should have called broker.set for each key
-    expect(brokerSetFn).toHaveBeenCalledTimes(2);
-    expect(brokerSetFn).toHaveBeenCalledWith("account-a", "secret-a");
-    expect(brokerSetFn).toHaveBeenCalledWith("account-b", "secret-b");
-
-    // Should have deleted each key from encrypted store after successful migration
-    expect(deleteKeyFn).toHaveBeenCalledTimes(2);
-    expect(deleteKeyFn).toHaveBeenCalledWith("account-a");
-    expect(deleteKeyFn).toHaveBeenCalledWith("account-b");
-  });
-
-  test("continues on individual key failure and migrates others", async () => {
-    listKeysFn.mockReturnValue(["fail-key", "ok-key"]);
-    getKeyFn.mockImplementation((account: string) => {
-      if (account === "fail-key") return "fail-secret";
-      if (account === "ok-key") return "ok-secret";
-      return undefined;
-    });
-    brokerSetFn.mockImplementation(async (account: string) => {
-      if (account === "fail-key") {
-        return {
-          status: "rejected" as const,
-          code: "UNKNOWN",
-          message: "broker rejected",
-        };
-      }
-      return { status: "ok" as const };
-    });
-
-    await migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR);
-
-    // fail-key should NOT have been deleted (broker rejected it)
-    expect(deleteKeyFn).not.toHaveBeenCalledWith("fail-key");
-
-    // ok-key should have been migrated and deleted
-    expect(brokerSetFn).toHaveBeenCalledWith("ok-key", "ok-secret");
-    expect(deleteKeyFn).toHaveBeenCalledWith("ok-key");
-    expect(deleteKeyFn).toHaveBeenCalledTimes(1);
-  });
-
-  test("handles getKey returning undefined for a listed key", async () => {
-    listKeysFn.mockReturnValue(["ghost-key", "real-key"]);
-    getKeyFn.mockImplementation((account: string) => {
-      if (account === "ghost-key") return undefined;
-      if (account === "real-key") return "real-secret";
-      return undefined;
-    });
-    brokerSetFn.mockResolvedValue({ status: "ok" });
-
-    await migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR);
-
-    // ghost-key should not be sent to broker or deleted
-    expect(brokerSetFn).not.toHaveBeenCalledWith(
-      "ghost-key",
-      expect.anything(),
-    );
-    expect(deleteKeyFn).not.toHaveBeenCalledWith("ghost-key");
-
-    // real-key should be migrated
-    expect(brokerSetFn).toHaveBeenCalledWith("real-key", "real-secret");
-    expect(deleteKeyFn).toHaveBeenCalledWith("real-key");
-  });
-
-  test("handles broker unreachable status for individual keys", async () => {
-    listKeysFn.mockReturnValue(["key-1"]);
-    getKeyFn.mockReturnValue("secret-1");
-    brokerSetFn.mockResolvedValue({ status: "unreachable" });
-
-    await migrateCredentialsToKeychainMigration.run(WORKSPACE_DIR);
-
-    // Should not delete when broker is unreachable
-    expect(deleteKeyFn).not.toHaveBeenCalled();
+  test("down is a no-op", async () => {
+    await migrateCredentialsToKeychainMigration.down("/fake");
   });
 });