@vellumai/assistant 0.9.0 → 0.10.0-staging.2

package/src/__tests__/credential-routes.test.ts

@@ -0,0 +1,360 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+import { BadRequestError } from "../runtime/routes/errors.js";
+import type { CredentialMetadata } from "../tools/credentials/metadata-store.js";
+
+// ---------------------------------------------------------------------------
+// Mutable mock state (closed over by the mock factories below)
+// ---------------------------------------------------------------------------
+
+let secureStore: Map<string, string>;
+let metadataStore: Map<string, CredentialMetadata>;
+let syncedServices: string[];
+let disconnectedProviders: string[];
+let credentialIdCounter: number;
+
+function metaKey(service: string, field: string): string {
+  return `${service}:${field}`;
+}
+
+// ---------------------------------------------------------------------------
+// Mocks for the routes' collaborators
+// ---------------------------------------------------------------------------
+
+mock.module("../runtime/auth/route-policy.js", () => ({
+  ACTOR_PRINCIPALS: [],
+}));
+
+mock.module("../security/credential-key.js", () => ({
+  credentialKey: (service: string, field: string) => `${service}:${field}`,
+}));
+
+mock.module("../security/secure-keys.js", () => ({
+  setSecureKeyAsync: mock(async (key: string, value: string) => {
+    secureStore.set(key, value);
+    return true;
+  }),
+  getSecureKeyAsync: mock(async (key: string) => secureStore.get(key)),
+  getSecureKeyResultAsync: mock(async (key: string) => ({
+    value: secureStore.get(key),
+    unreachable: false,
+  })),
+  deleteSecureKeyAsync: mock(async (key: string) =>
+    secureStore.delete(key) ? "deleted" : "not-found",
+  ),
+  getActiveBackendName: () => "encrypted-store",
+  getActiveBackendInfoAsync: mock(async () => ({ backend: "encrypted-store" })),
+}));
+
+mock.module("../tools/credentials/metadata-store.js", () => ({
+  assertMetadataWritable: () => {},
+  listCredentialMetadata: mock(() => Array.from(metadataStore.values())),
+  getCredentialMetadata: mock((service: string, field: string) =>
+    metadataStore.get(metaKey(service, field)),
+  ),
+  getCredentialMetadataById: mock((id: string) =>
+    Array.from(metadataStore.values()).find((m) => m.credentialId === id),
+  ),
+  upsertCredentialMetadata: mock(
+    (
+      service: string,
+      field: string,
+      policy?: {
+        allowedTools?: string[];
+        usageDescription?: string;
+        alias?: string | null;
+      },
+    ): CredentialMetadata => {
+      const key = metaKey(service, field);
+      const existing = metadataStore.get(key);
+      const now = Date.now();
+      const meta: CredentialMetadata = {
+        credentialId: existing?.credentialId ?? `cred-${++credentialIdCounter}`,
+        service,
+        field,
+        allowedTools: policy?.allowedTools ?? existing?.allowedTools ?? [],
+        allowedDomains: existing?.allowedDomains ?? [],
+        usageDescription:
+          policy?.usageDescription ?? existing?.usageDescription,
+        alias: policy?.alias ?? existing?.alias ?? undefined,
+        createdAt: existing?.createdAt ?? now,
+        updatedAt: now,
+      };
+      metadataStore.set(key, meta);
+      return meta;
+    },
+  ),
+  deleteCredentialMetadata: mock((service: string, field: string) =>
+    metadataStore.delete(metaKey(service, field)),
+  ),
+}));
+
+mock.module("../oauth/manual-token-connection.js", () => ({
+  syncManualTokenConnection: mock(async (service: string) => {
+    syncedServices.push(service);
+  }),
+}));
+
+mock.module("../oauth/oauth-store.js", () => ({
+  listConnections: mock(() => []),
+  getConnectionByProvider: mock(() => undefined),
+  disconnectOAuthProvider: mock(async (provider: string) => {
+    disconnectedProviders.push(provider);
+    return "not-found";
+  }),
+}));
+
+mock.module("../credential-execution/managed-catalog.js", () => ({
+  fetchManagedCatalog: mock(async () => ({ ok: true, descriptors: [] })),
+}));
+
+import { ROUTES } from "../runtime/routes/credential-routes.js";
+
+const setRoute = ROUTES.find((r) => r.operationId === "credentials_set");
+const listRoute = ROUTES.find((r) => r.operationId === "credentials_list");
+const deleteRoute = ROUTES.find((r) => r.operationId === "credentials_delete");
+
+type SetResponse = { credentialId: string; service: string; field: string };
+type ListResponse = {
+  credentials: Array<{
+    service: string;
+    field: string;
+    scrubbedValue: string;
+    hasSecret: boolean;
+  }>;
+  managedCredentials: unknown[];
+};
+type DeleteResponse = { service: string; field: string };
+
+const SECRET_VALUE = "super-secret-token-value";
+
+describe("credentials routes", () => {
+  beforeEach(() => {
+    secureStore = new Map();
+    metadataStore = new Map();
+    syncedServices = [];
+    disconnectedProviders = [];
+    credentialIdCounter = 0;
+  });
+
+  describe("credentials_set", () => {
+    test("stores the secret and returns identifiers without leaking the value", async () => {
+      /**
+       * Storing a credential via the route persists the plaintext to secure
+       * storage and creates metadata, but the response surfaces only the
+       * credential identifiers — never the secret itself.
+       */
+      // GIVEN the credentials_set route is registered
+      expect(setRoute).toBeDefined();
+
+      // WHEN a credential is stored with a label, description, and allowed tools
+      const result = (await setRoute!.handler({
+        body: {
+          service: "vercel",
+          field: "api_token",
+          value: SECRET_VALUE,
+          label: "Vercel API Token",
+          description: "Used to deploy pages",
+          allowedTools: ["publish_page"],
+        },
+      })) as SetResponse;
+
+      // THEN the response carries the credential identifiers only
+      expect(result.service).toBe("vercel");
+      expect(result.field).toBe("api_token");
+      expect(result.credentialId).toBe("cred-1");
+
+      // AND the secret is persisted to secure storage
+      expect(secureStore.get("vercel:api_token")).toBe(SECRET_VALUE);
+
+      // AND a manual-token connection sync is triggered for the service
+      expect(syncedServices).toContain("vercel");
+
+      // AND the plaintext value never appears in the response
+      expect(JSON.stringify(result)).not.toContain(SECRET_VALUE);
+    });
+
+    test("rejects a request missing the value", async () => {
+      /**
+       * The route validates required fields and rejects a store request that
+       * omits the secret value before touching storage.
+       */
+      // GIVEN a store request with no value
+      const body = { service: "vercel", field: "api_token" };
+
+      // WHEN the handler runs
+      const call = setRoute!.handler({ body });
+
+      // THEN it rejects with a BadRequestError and stores nothing
+      await expect(call).rejects.toBeInstanceOf(BadRequestError);
+      expect(secureStore.size).toBe(0);
+    });
+  });
+
+  describe("credentials_list", () => {
+    test("returns masked metadata without exposing stored secrets", async () => {
+      /**
+       * Listing credentials returns metadata and a scrubbed preview for each
+       * stored secret; the raw plaintext is never included in the output.
+       */
+      // GIVEN a stored credential
+      await setRoute!.handler({
+        body: {
+          service: "vercel",
+          field: "api_token",
+          value: SECRET_VALUE,
+          label: "Vercel API Token",
+        },
+      });
+
+      // WHEN the credentials are listed
+      const result = (await listRoute!.handler({ body: {} })) as ListResponse;
+
+      // THEN the listing includes the credential with a masked value
+      expect(result.credentials).toHaveLength(1);
+      const entry = result.credentials[0];
+      expect(entry.service).toBe("vercel");
+      expect(entry.field).toBe("api_token");
+      expect(entry.hasSecret).toBe(true);
+      expect(entry.scrubbedValue).toBe("****alue");
+
+      // AND the raw secret never appears anywhere in the response
+      expect(JSON.stringify(result)).not.toContain(SECRET_VALUE);
+    });
+
+    test("filters credentials by search substring", async () => {
+      /**
+       * The optional `search` filter restricts the listing to credentials
+       * whose service, field, alias, or description match the query.
+       */
+      // GIVEN two stored credentials in different services
+      await setRoute!.handler({
+        body: { service: "vercel", field: "api_token", value: "v-secret" },
+      });
+      await setRoute!.handler({
+        body: { service: "github", field: "token", value: "g-secret" },
+      });
+
+      // WHEN the listing is filtered by a service substring
+      const result = (await listRoute!.handler({
+        body: { search: "git" },
+      })) as ListResponse;
+
+      // THEN only the matching credential is returned
+      expect(result.credentials).toHaveLength(1);
+      expect(result.credentials[0].service).toBe("github");
+    });
+  });
+
+  describe("credentials_delete", () => {
+    test("removes the secret and metadata and echoes the identifiers", async () => {
+      /**
+       * Deleting a credential removes both the stored secret and its metadata,
+       * returning the service and field that were deleted.
+       */
+      // GIVEN a stored credential
+      await setRoute!.handler({
+        body: { service: "vercel", field: "api_token", value: SECRET_VALUE },
+      });
+      expect(secureStore.has("vercel:api_token")).toBe(true);
+
+      // WHEN the credential is deleted
+      const result = (await deleteRoute!.handler({
+        body: { service: "vercel", field: "api_token" },
+      })) as DeleteResponse;
+
+      // THEN the response echoes the identifiers
+      expect(result).toEqual({ service: "vercel", field: "api_token" });
+
+      // AND the secret and metadata are gone
+      expect(secureStore.has("vercel:api_token")).toBe(false);
+      expect(metadataStore.has("vercel:api_token")).toBe(false);
+    });
+
+    test("deletes the Slack user_token surgically, preserving the OAuth connection", async () => {
+      /**
+       * The Slack user_token grants only read access to channels the bot isn't
+       * a member of; Socket Mode runs on the bot + app tokens. Deleting just the
+       * user_token removes that secret without disconnecting the provider, so
+       * the integration's connected state does not flap.
+       */
+      // GIVEN a connected Slack channel with bot, app, and user tokens
+      secureStore.set("slack_channel:bot_token", "xoxb-bot");
+      secureStore.set("slack_channel:app_token", "xapp-app");
+      secureStore.set("slack_channel:user_token", "xoxp-user");
+
+      // WHEN only the user_token is deleted
+      const result = (await deleteRoute!.handler({
+        body: { service: "slack_channel", field: "user_token" },
+      })) as DeleteResponse;
+
+      // THEN the response echoes the identifiers
+      expect(result).toEqual({ service: "slack_channel", field: "user_token" });
+
+      // AND only the user_token is removed; bot + app tokens remain
+      expect(secureStore.has("slack_channel:user_token")).toBe(false);
+      expect(secureStore.has("slack_channel:bot_token")).toBe(true);
+      expect(secureStore.has("slack_channel:app_token")).toBe(true);
+
+      // AND the OAuth provider is never disconnected
+      expect(disconnectedProviders).not.toContain("slack_channel");
+    });
+
+    test("rejects deleting an absent Slack user_token without disconnecting the provider", async () => {
+      /**
+       * Deleting a Slack user_token that was never stored surfaces the same
+       * not-found rejection as any other missing credential — it must not be
+       * reported as an internal storage error, and it must still skip the
+       * OAuth teardown so a connected channel's bot + app tokens are untouched.
+       */
+      // GIVEN a connected Slack channel with only bot + app tokens (no user_token)
+      secureStore.set("slack_channel:bot_token", "xoxb-bot");
+      secureStore.set("slack_channel:app_token", "xapp-app");
+
+      // WHEN the absent user_token is deleted
+      const call = deleteRoute!.handler({
+        body: { service: "slack_channel", field: "user_token" },
+      });
+
+      // THEN it rejects with a BadRequestError (not an InternalError)
+      await expect(call).rejects.toBeInstanceOf(BadRequestError);
+
+      // AND the bot + app tokens remain and the provider is never disconnected
+      expect(secureStore.has("slack_channel:bot_token")).toBe(true);
+      expect(secureStore.has("slack_channel:app_token")).toBe(true);
+      expect(disconnectedProviders).not.toContain("slack_channel");
+    });
+
+    test("disconnects the provider when a connection-critical Slack token is deleted", async () => {
+      /**
+       * Deleting a token that powers the Socket Mode connection (bot_token)
+       * follows the generic path, which tears down the OAuth connection.
+       */
+      // GIVEN a stored Slack bot_token
+      secureStore.set("slack_channel:bot_token", "xoxb-bot");
+
+      // WHEN the bot_token is deleted
+      await deleteRoute!.handler({
+        body: { service: "slack_channel", field: "bot_token" },
+      });
+
+      // THEN the generic path disconnects the provider
+      expect(disconnectedProviders).toContain("slack_channel");
+    });
+
+    test("rejects deleting a credential that does not exist", async () => {
+      /**
+       * Deleting a credential with no stored secret, metadata, or OAuth
+       * connection rejects with a not-found error.
+       */
+      // GIVEN no stored credential for the service+field
+      const body = { service: "ghost", field: "token" };
+
+      // WHEN the handler runs
+      const call = deleteRoute!.handler({ body });
+
+      // THEN it rejects with a BadRequestError
+      await expect(call).rejects.toBeInstanceOf(BadRequestError);
+    });
+  });
+});

package/src/__tests__/credential-security-invariants.test.ts

@@ -95,17 +95,7 @@ import {
 
 describe("Invariant 1: secrets never enter LLM context", () => {
   for (const tc of contextInjectionCases) {
-    if (
-      tc.vector === "tool_output" &&
-      tc.tool === "credential_store" &&
-      tc.input.action === "store"
-    ) {
-      // Store output never includes the value
-      test(`${tc.label}: secret not in output`, () => {
-        expect(tc.forbiddenValue).toBeTruthy();
-        // Actual assertion is in credential-vault.test.ts baseline section
-      });
-    } else if (tc.vector === "confirmation_payload") {
+    if (tc.vector === "confirmation_payload") {
       // PR 23 added redaction to confirmation_request payloads via redactSensitiveFields
       test(`${tc.label}: secret redacted from confirmation payload`, () => {
         const payload = { ...tc.input };
@@ -132,7 +122,7 @@ describe("Invariant 1: secrets never enter LLM context", () => {
         }
       });
     } else {
-      // tool_output cases for list and browser_fill — already passing via baselines
+      // tool_output cases (browser_fill_credential) — already passing via baselines
       test(`${tc.label}: secret not in output`, () => {
         expect(tc.forbiddenValue).toBeTruthy();
       });
@@ -165,10 +155,10 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
     // Hard boundary: only these production files may import from secure-keys.
     // Any new import must be reviewed for secret-leak risk and added here.
     const ALLOWED_IMPORTERS = new Set([
-      "tools/credentials/vault.ts", // credential store tool
       "credential-execution/prompted-credential.ts", // shared prompt-action persistence (stores secret via setSecureKeyAsync)
       "tools/credentials/broker.ts", // brokered credential access
       "tools/network/web-search.ts", // web search API key lookup
+      "tools/network/web-fetch.ts", // web fetch provider (Firecrawl) API key lookup
       "daemon/handlers/config-telegram.ts", // Telegram bot token management
       "daemon/handlers/config-vercel.ts", // Vercel API token management
       "runtime/routes/integrations/twilio.ts", // Twilio credential management (HTTP control-plane)
@@ -248,6 +238,7 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "tools/credential-execution/make-authenticated-request.ts", // resolves the CES RPC client via getCesClient
       "tools/credential-execution/manage-secure-command-tool.ts", // resolves the CES RPC client via getCesClient
       "tools/executor.ts", // CES approval bridge resolves the CES RPC client via getCesClient
+      "tools/network/web-fetch.ts", // Firecrawl /scrape BYOK fetch provider API key lookup (firecrawl provider key)
     ]);
 
     const thisDir = dirname(fileURLToPath(import.meta.url));

package/src/__tests__/disk-pressure-policy.test.ts

@@ -108,6 +108,18 @@ describe("classifyDiskPressureTurnPolicy", () => {
       },
       expected: { action: "block", reason: "trusted-contact" },
     },
+    {
+      name: "unverified contact is blocked",
+      status: status(),
+      metadata: {
+        ...guardianTurn,
+        trustContext: {
+          sourceChannel: "telegram",
+          trustClass: "unverified_contact",
+        },
+      },
+      expected: { action: "block", reason: "trusted-contact" },
+    },
     {
       name: "non-guardian contact is blocked",
       status: status(),

package/src/__tests__/disk-usage.test.ts

@@ -6,6 +6,8 @@ const GIB = 1024 * MIB;
 let existingPaths = new Set<string>();
 const workspaceDir = "/workspace";
 let minikubeStorageSize: string | undefined;
+let isContainerized = false;
+let isPlatform = false;
 let statfsResult = {
   bsize: 4096,
   blocks: 0,
@@ -34,6 +36,8 @@ mock.module("node:child_process", () => ({
 
 mock.module("../config/env-registry.js", () => ({
   getMinikubeStorageSize: () => minikubeStorageSize,
+  getIsContainerized: () => isContainerized,
+  getIsPlatform: () => isPlatform,
 }));
 
 mock.module("../util/platform.js", () => ({
@@ -55,6 +59,8 @@ describe("disk usage sampler", () => {
   beforeEach(() => {
     existingPaths = new Set([workspaceDir]);
     minikubeStorageSize = undefined;
+    isContainerized = false;
+    isPlatform = false;
     statfsResult = statfsFor(100 * MIB, 25 * MIB);
     spawnResult = { status: 0, stdout: "" };
     spawnCalls = [];
@@ -119,6 +125,65 @@ describe("disk usage sampler", () => {
     ]);
   });
 
+  test("measures workspace du usage on a local Docker hatch", () => {
+    isContainerized = true;
+    isPlatform = false;
+    statfsResult = statfsFor(100 * GIB, 40 * GIB);
+    spawnResult = {
+      status: 0,
+      stdout: `${2 * GIB}\t/workspace\n`,
+    };
+
+    const usage = getDiskUsageInfo();
+
+    // Used reflects only the workspace (du), free reflects the host headroom
+    // the volume can grow into, and total is their sum.
+    expect(usage).toEqual({
+      path: "/workspace",
+      totalMb: 2048 + 40960,
+      usedMb: 2048,
+      freeMb: 40960,
+    });
+    expect(spawnCalls).toEqual([
+      { command: "du", args: ["-sb", "/workspace"] },
+    ]);
+  });
+
+  test("does not use du for platform-managed containerized instances", () => {
+    isContainerized = true;
+    isPlatform = true;
+    statfsResult = statfsFor(10 * GIB, 6 * GIB);
+
+    const usage = getDiskUsageInfo();
+
+    expect(usage).toEqual({
+      path: "/workspace",
+      totalMb: 10240,
+      usedMb: 4096,
+      freeMb: 6144,
+    });
+    expect(spawnCalls).toHaveLength(0);
+  });
+
+  test("falls back to statfs when du fails on a local Docker hatch", () => {
+    isContainerized = true;
+    isPlatform = false;
+    statfsResult = statfsFor(100 * GIB, 40 * GIB);
+    spawnResult = { status: 1, stdout: "" };
+
+    const usage = getDiskUsageInfo();
+
+    expect(usage).toEqual({
+      path: "/workspace",
+      totalMb: 102400,
+      usedMb: 61440,
+      freeMb: 40960,
+    });
+    expect(spawnCalls).toEqual([
+      { command: "du", args: ["-sb", "/workspace"] },
+    ]);
+  });
+
   test("returns null for malformed Kubernetes memory strings", () => {
     expect(parseK8sMemoryBytes("")).toBeNull();
     expect(parseK8sMemoryBytes("abc")).toBeNull();

package/src/__tests__/dynamic-page-surface.test.ts

@@ -5,7 +5,7 @@ import type {
   UiSurfaceShowDynamicPage,
 } from "../daemon/message-protocol.js";
 import { INTERACTIVE_SURFACE_TYPES } from "../daemon/message-protocol.js";
-import { uiShowTool } from "../tools/ui-surface/definitions.js";
+import { uiShowTool, uiUpdateTool } from "../tools/ui-surface/definitions.js";
 
 // ---------------------------------------------------------------------------
 // DynamicPageSurfaceData shape
@@ -151,6 +151,57 @@ describe("ui_show dynamic_page app substitute guard", () => {
     expect(proxied).toBe(false);
   });
 
+  test("redirects a weak open model to a declarative surface, not 'resend HTML'", async () => {
+    let proxied = false;
+
+    const result = await uiShowTool.execute(
+      {
+        surface_type: "dynamic_page",
+        title: "Fable 5 vs MiniMax M3",
+        data: {},
+      },
+      {
+        conversationId: "conversation-123",
+        workingDir: "/tmp",
+        trustClass: "guardian",
+        attribution: {
+          resolvedModel: "accounts/fireworks/models/minimax-m3",
+        } as never,
+        proxyToolResolver: async () => {
+          proxied = true;
+          return { content: "proxied", isError: false };
+        },
+      },
+    );
+
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain('surface_type: "table"');
+    expect(result.content).toContain("work_result");
+    expect(result.content).not.toContain("Resend ui_show with the full HTML");
+    expect(proxied).toBe(false);
+  });
+
+  test("keeps the resend-HTML hint for a capable model", async () => {
+    const result = await uiShowTool.execute(
+      {
+        surface_type: "dynamic_page",
+        title: "Fable 5 vs MiniMax M3",
+        data: {},
+      },
+      {
+        conversationId: "conversation-123",
+        workingDir: "/tmp",
+        trustClass: "guardian",
+        attribution: { resolvedModel: "claude-opus-4-8" } as never,
+        proxyToolResolver: async () => ({ content: "proxied", isError: false }),
+      },
+    );
+
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain("Resend ui_show with the full HTML");
+    expect(result.content).not.toContain('surface_type: "table"');
+  });
+
   test("rejects dynamic_page with whitespace-only html and does not proxy", async () => {
     let proxied = false;
 
@@ -300,6 +351,106 @@ describe("ui_show empty card guard", () => {
   });
 });
 
+describe("ui_update empty payload guard", () => {
+  function makeCtx(onProxy: () => void) {
+    return {
+      conversationId: "conversation-123",
+      workingDir: "/tmp",
+      trustClass: "guardian" as const,
+      proxyToolResolver: async () => {
+        onProxy();
+        return { content: "Surface updated", isError: false };
+      },
+    };
+  }
+
+  test("rejects an empty data object and does not proxy", async () => {
+    let proxied = false;
+    const result = await uiUpdateTool.execute(
+      { surface_id: "surf-1", data: {} },
+      makeCtx(() => {
+        proxied = true;
+      }),
+    );
+
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain("empty `data` payload");
+    expect(proxied).toBe(false);
+  });
+
+  test("rejects missing data and does not proxy", async () => {
+    let proxied = false;
+    const result = await uiUpdateTool.execute(
+      { surface_id: "surf-1" },
+      makeCtx(() => {
+        proxied = true;
+      }),
+    );
+
+    expect(result.isError).toBe(true);
+    expect(proxied).toBe(false);
+  });
+
+  test("rejects data containing only nested empty objects", async () => {
+    let proxied = false;
+    const result = await uiUpdateTool.execute(
+      { surface_id: "surf-1", data: { templateData: {} } },
+      makeCtx(() => {
+        proxied = true;
+      }),
+    );
+
+    expect(result.isError).toBe(true);
+    expect(proxied).toBe(false);
+  });
+
+  test("rejects a task_progress update with an empty steps array", async () => {
+    let proxied = false;
+    const result = await uiUpdateTool.execute(
+      { surface_id: "surf-1", data: { templateData: { steps: [] } } },
+      makeCtx(() => {
+        proxied = true;
+      }),
+    );
+
+    expect(result.isError).toBe(true);
+    expect(proxied).toBe(false);
+  });
+
+  test("allows a task_progress step update", async () => {
+    let proxied = false;
+    const result = await uiUpdateTool.execute(
+      {
+        surface_id: "surf-1",
+        data: {
+          templateData: {
+            steps: [{ label: "Read memo", status: "completed" }],
+          },
+        },
+      },
+      makeCtx(() => {
+        proxied = true;
+      }),
+    );
+
+    expect(result.isError).toBe(false);
+    expect(proxied).toBe(true);
+  });
+
+  test("allows a status-only update without resending steps", async () => {
+    let proxied = false;
+    const result = await uiUpdateTool.execute(
+      { surface_id: "surf-1", data: { templateData: { status: "completed" } } },
+      makeCtx(() => {
+        proxied = true;
+      }),
+    );
+
+    expect(result.isError).toBe(false);
+    expect(proxied).toBe(true);
+  });
+});
+
 // ---------------------------------------------------------------------------
 // task_progress ui_show appends the update hint to its return value
 // ---------------------------------------------------------------------------