npm - @vellumai/vellum-gateway - Versions diffs - 0.5.9 → 0.5.11 - Mend

@vellumai/vellum-gateway 0.5.9 → 0.5.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/AGENTS.md +2 -2
package/ARCHITECTURE.md +6 -6
package/README.md +2 -2
package/package.json +1 -1
package/src/__tests__/credential-reader.test.ts +94 -229
package/src/__tests__/feature-flags-route.test.ts +197 -108
package/src/__tests__/remote-feature-flag-sync.test.ts +373 -0
package/src/__tests__/telegram-webhook-manager.test.ts +84 -0
package/src/credential-reader.ts +73 -358
package/src/credential-watcher.ts +16 -42
package/src/feature-flag-registry.json +57 -41
package/src/feature-flag-remote-store.ts +119 -0
package/src/http/routes/feature-flags.ts +10 -6
package/src/index.ts +66 -65
package/src/remote-feature-flag-sync.ts +153 -0
package/src/slack/thread-context.test.ts +204 -0
package/src/slack/thread-context.ts +153 -0
package/src/telegram/api.ts +3 -3
package/src/telegram/webhook-manager.ts +102 -14

package/AGENTS.md CHANGED Viewed

@@ -25,9 +25,9 @@ All assistant API requests from clients, CLI, skills, and user-facing tooling **
 **Ban on hardcoded runtime hosts/ports:** Do not embed `localhost:7821`, `127.0.0.1:7821`, or runtime-port-derived URLs in docs, skills, or user-facing guidance. Always reference gateway URLs instead. A CI guard test (`gateway-only-guard.test.ts`) enforces this — any new direct runtime URL reference in production code or skills will fail CI.
-**SKILL.md retrieval contract:** For config/status retrieval in bundled skills, use `bash` + canonical CLI surfaces. Start with `assistant config get` for generic config keys and secure credential surfaces (`credential_store`, `assistant keys`) for secrets. Do not use direct gateway `curl` for read-only retrieval paths. Do not use keychain lookup commands (`security find-generic-password`, `secret-tool`) in SKILL.md. `host_bash` is not allowed for Vellum CLI retrieval commands unless a documented exception is intentionally allowlisted.
+**SKILL.md retrieval contract:** For config/status retrieval in bundled skills, use `bash` + canonical CLI surfaces. Start with `assistant config get` for generic config keys and secure credential surfaces (`credential_store`, `assistant keys`) for secrets. Do not use direct gateway `curl` for read-only retrieval paths. Do not use credential store lookup commands (`security find-generic-password`, `secret-tool`) in SKILL.md. `host_bash` is not allowed for Vellum CLI retrieval commands unless a documented exception is intentionally allowlisted.
-**SKILL.md proxied outbound pattern:** For outbound third-party API calls from skills that require stored credentials, default to `bash` with `network_mode: "proxied"` and `credential_ids` instead of manual token/keychain plumbing. This keeps credentials out of chat and enforces credential policies consistently.
+**SKILL.md proxied outbound pattern:** For outbound third-party API calls from skills that require stored credentials, default to `bash` with `network_mode: "proxied"` and `credential_ids` instead of manual token/credential store plumbing. This keeps credentials out of chat and enforces credential policies consistently.
 **SKILL.md gateway URL pattern:** For gateway control-plane writes/actions that are not exposed through a CLI read command, use `$INTERNAL_GATEWAY_BASE_URL` (injected by `bash` and `host_bash`). Do not hardcode `localhost`/ports in skill examples, and do not instruct users/agents to manually export the variable from Settings. For public ingress URLs (e.g. OAuth redirect URIs, webhook registration), use `assistant config get ingress.publicBaseUrl` or load the `public-ingress` skill — do not inject public URLs as environment variables.

package/ARCHITECTURE.md CHANGED Viewed

@@ -43,11 +43,11 @@ The gateway exposes a REST API for reading and mutating assistant feature flags.
 | Method | Path                     | Description                                                                                                                                                                                                                                         |
 | ------ | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | GET    | `/v1/feature-flags`      | List all declared assistant feature flags from the defaults registry, merged with persisted values from the feature flag store. Returns `{ flags: FeatureFlagEntry[] }` where each entry has `key`, `enabled`, `defaultEnabled`, and `description`. |
-| PATCH  | `/v1/feature-flags/:key` | Set a single assistant feature flag. Body: `{ "enabled": true\|false }`. Key must match `feature_flags.<flagId>.enabled` and be declared in the defaults registry. Writes to `~/.vellum/protected/feature-flags.json`.                              |
+| PATCH  | `/v1/feature-flags/:key` | Set a single assistant feature flag. Body: `{ "enabled": true\|false }`. Key must be a simple kebab-case flag key declared in the defaults registry. Writes to `~/.vellum/protected/feature-flags.json`.                                            |
 **Unified registry:** All declared feature flags and their default values are defined in the unified registry at `meta/feature-flags/feature-flag-registry.json` (bundled copy at `gateway/src/feature-flag-registry.json`). The gateway loads this registry on startup via `gateway/src/feature-flag-defaults.ts`, filtering to `scope: "assistant"` flags. Labels come from the registry. The GET endpoint merges persisted overrides with registry defaults to produce the full flag list. The PATCH endpoint validates that the target flag key exists in the registry before accepting a write. Only declared keys are exposed by this API.
-**Flag key format:** The canonical key format is `feature_flags.<flagId>.enabled`. Only keys matching this pattern are accepted by the PATCH endpoint; other patterns are rejected with 400. All writes use the canonical format and are stored in the protected feature flag store (`~/.vellum/protected/feature-flags.json`).
+**Flag key format:** The canonical key format is simple kebab-case (e.g., `browser`, `ces-tools`). Only keys matching this pattern and declared in the registry are accepted by the PATCH endpoint; other patterns are rejected with 400. All writes use the canonical format and are stored in the protected feature flag store (`~/.vellum/protected/feature-flags.json`).
 **Storage:** Flag overrides are persisted in `~/.vellum/protected/feature-flags.json` (local) or `GATEWAY_SECURITY_DIR/feature-flags.json` (Docker). The store uses a versioned JSON format (`{ version: 1, values: Record<string, boolean> }`). The GET endpoint reads from the feature flag store and merges with registry defaults. The gateway writes atomically (temp file + rename, 0o600 permissions). The daemon's config watcher monitors the protected directory and hot-reloads changes, so flag mutations take effect on the next session or tool resolution without a restart.
@@ -62,7 +62,7 @@ The assistant feature flags API uses a dedicated feature-flag token stored at `~
 The feature-flag token is auto-generated on first gateway startup if the file does not exist. The gateway watches the token file for changes and hot-reloads without restart.
-**Protected feature flag store:** The canonical storage for assistant feature flag overrides is `~/.vellum/protected/feature-flags.json` (local) or `GATEWAY_SECURITY_DIR/feature-flags.json` (Docker). The store is managed by `gateway/src/feature-flag-store.ts` and uses a versioned JSON format with `Record<string, boolean>` values keyed by canonical flag keys (`feature_flags.<id>.enabled`). The gateway's PATCH handler writes exclusively to this store. The daemon's resolver reads it with highest priority, falling back to the defaults registry. Undeclared keys are ignored by the resolver.
+**Protected feature flag store:** The canonical storage for assistant feature flag overrides is `~/.vellum/protected/feature-flags.json` (local) or `GATEWAY_SECURITY_DIR/feature-flags.json` (Docker). The store is managed by `gateway/src/feature-flag-store.ts` and uses a versioned JSON format with `Record<string, boolean>` values keyed by canonical flag keys (simple kebab-case, e.g., `browser`). The gateway's PATCH handler writes exclusively to this store. The daemon's resolver reads it with highest priority, falling back to the defaults registry. Undeclared keys are ignored by the resolver.
 **Key source files:**
@@ -569,7 +569,7 @@ If no guardian binding exists for the channel, escalation fails closed -- the me
 ### Telegram Credential Flow
-In desktop deployments, Telegram bot tokens are stored in secure storage (the encrypted file store at `~/.vellum/protected/keys.enc`, with macOS Keychain access available via the keychain broker) and never in plaintext config files. When deploying the gateway standalone, operators may also supply credentials via environment variables (`TELEGRAM_BOT_TOKEN`, `TELEGRAM_WEBHOOK_SECRET`).
+In desktop deployments, Telegram bot tokens are stored in secure storage (CES HTTP API when available, or the encrypted file store at `~/.vellum/protected/keys.enc`) and never in plaintext config files. When deploying the gateway standalone, operators may also supply credentials via environment variables (`TELEGRAM_BOT_TOKEN`, `TELEGRAM_WEBHOOK_SECRET`).
 ```
 Entry points:
@@ -603,7 +603,7 @@ The `telegram_config` HTTP endpoint supports three actions:
 - **`set`** — validates the bot token against the Telegram API, stores it in secure storage, auto-generates a webhook secret if none exists (with rollback on failure), and self-heals webhook_secret metadata if it already exists. The gateway's credential watcher detects the storage change and triggers webhook reconciliation automatically
 - **`clear`** — deregisters the webhook by calling Telegram's `deleteWebhook` API directly (while the token is still available), then deletes the bot token and webhook secret from both secure storage and credential metadata. The gateway's credential watcher detects the storage change and updates its readiness state automatically
-The gateway reads Telegram credentials via its `credential-reader` module (`gateway/src/credential-reader.ts`), which uses a broker-first fallback strategy: it tries the keychain broker first, then falls back to the encrypted file store (`~/.vellum/protected/keys.enc`). When the broker is unavailable (e.g., daemon not running or non-macOS platform), the encrypted store is used directly.
+The gateway reads Telegram credentials via its `credential-reader` module (`gateway/src/credential-reader.ts`), which uses a CES-first fallback strategy: it tries the CES HTTP API first (when `CES_CREDENTIAL_URL` is configured), then falls back to the encrypted file store (`~/.vellum/protected/keys.enc`).
 ### Webhook Reconciliation
@@ -660,7 +660,7 @@ The Slack channel requires two tokens:
 | App token | `xapp-...` | Used for `apps.connections.open` to establish the Socket Mode WebSocket connection   |
 | Bot token | `xoxb-...` | Used for `chat.postMessage` to send outbound messages and for `auth.test` validation |
-Both tokens are stored in secure storage (`credential/slack_channel/app_token`, `credential/slack_channel/bot_token`) via the assistant's Slack channel config endpoints (see `assistant/ARCHITECTURE.md`). The gateway reads them via its `credential-reader` module using the same broker-first fallback strategy as Telegram credentials.
+Both tokens are stored in secure storage (`credential/slack_channel/app_token`, `credential/slack_channel/bot_token`) via the assistant's Slack channel config endpoints (see `assistant/ARCHITECTURE.md`). The gateway reads them via its `credential-reader` module using the same CES-first fallback strategy as Telegram credentials.
 **Auto-reconnect behavior:**

package/README.md CHANGED Viewed

@@ -28,8 +28,8 @@ bun run dev
 | Variable                  | Required | Default | Description                                                                                                                                                                                                                                                                                                                                                                            |
 | ------------------------- | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `TELEGRAM_BOT_TOKEN`      | No       | —       | Bot token from @BotFather (Telegram disabled when unset). When not set as an env var, the gateway reads from the assistant's secure credential store: keychain broker first (UDS to the assistant process), then the encrypted file store (`~/.vellum/protected/keys.enc`). When the broker is unavailable (assistant not running or non-macOS), the encrypted store is used directly. |
-| `TELEGRAM_WEBHOOK_SECRET` | No       | —       | Secret for verifying webhook requests (Telegram disabled when unset). Same credential reader fallback behavior as `TELEGRAM_BOT_TOKEN`.                                                                                                                                                                                                                                                |
+| `TELEGRAM_BOT_TOKEN`      | No       | —       | Bot token from @BotFather (Telegram disabled when unset). When not set as an env var, the gateway reads from the assistant's secure credential store: CES HTTP API first (when `CES_CREDENTIAL_URL` is configured), then the encrypted file store (`~/.vellum/protected/keys.enc`). |
+| `TELEGRAM_WEBHOOK_SECRET` | No       | —       | Secret for verifying webhook requests (Telegram disabled when unset). Same credential reader fallback behavior as `TELEGRAM_BOT_TOKEN`.                                                                                                                                            |
 | `GATEWAY_PORT`            | No       | `7830`  | Port for the gateway HTTP server                                                                                                                                                                                                                                                                                                                                                       |
 Most gateway behavior is now configured via hardcoded defaults or workspace config (`~/.vellum/workspace/config.json`) rather than environment variables. Channel operational settings (Telegram API base URL, timeouts, deliver auth bypass flags, runtime base URL, routing, proxy settings, attachment limits, shutdown drain) are managed via `workspace/config.json` through `ConfigFileCache`. See the channel-specific sections in `ARCHITECTURE.md` for details.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/vellum-gateway",
-  "version": "0.5.9",
+  "version": "0.5.11",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/__tests__/credential-reader.test.ts CHANGED Viewed

@@ -1,6 +1,5 @@
 import { describe, test, expect, mock, beforeEach, afterEach } from "bun:test";
-import { mkdirSync, writeFileSync, rmSync, unlinkSync } from "node:fs";
-import { createServer, type Server } from "node:net";
+import { mkdirSync, writeFileSync, rmSync } from "node:fs";
 import { join } from "node:path";
 import { hostname, tmpdir, userInfo } from "node:os";
 import { createCipheriv, pbkdf2Sync, randomBytes } from "node:crypto";
@@ -26,7 +25,8 @@ mock.module("../logger.js", () => ({
 import {
   readCredential,
-  readTelegramCredentials,
+  readServiceCredentials,
+  type ServiceCredentialSpec,
 } from "../credential-reader.js";
 // ---------------------------------------------------------------------------
@@ -144,88 +144,6 @@ function writeEncryptedStoreV2(entries: Record<string, string>): void {
   writeFileSync(join(protectedDir, "keys.enc"), JSON.stringify(store));
 }
-// ---------------------------------------------------------------------------
-// Broker test helpers — mock UDS server
-// ---------------------------------------------------------------------------
-const TEST_TOKEN = "test-auth-token-abc123";
-function writeBrokerToken(token: string): void {
-  const tokenDir = join(testDir, ".vellum", "protected");
-  mkdirSync(tokenDir, { recursive: true });
-  writeFileSync(join(tokenDir, "keychain-broker.token"), token);
-}
-/**
- * Create a mock keychain broker UDS server that responds to key.get requests.
- * Listens on the derived socket path (getRootDir() + keychain-broker.sock).
- * Returns the socket path and a handle to close the server.
- */
-function createMockBroker(credentials: Record<string, string>): {
-  socketPath: string;
-  server: Server;
-  close: () => void;
-} {
-  const socketPath = join(testDir, ".vellum", "keychain-broker.sock");
-  mkdirSync(join(testDir, ".vellum"), { recursive: true });
-  const server = createServer((conn) => {
-    let buf = "";
-    conn.on("data", (chunk) => {
-      buf += chunk.toString();
-      const idx = buf.indexOf("\n");
-      if (idx !== -1) {
-        const line = buf.slice(0, idx);
-        buf = buf.slice(idx + 1);
-        try {
-          const req = JSON.parse(line);
-          if (req.token !== TEST_TOKEN) {
-            conn.write(
-              JSON.stringify({
-                id: req.id,
-                ok: false,
-                error: { code: "UNAUTHORIZED", message: "bad token" },
-              }) + "\n",
-            );
-            return;
-          }
-          if (req.method === "key.get") {
-            const account = req.params?.account;
-            const value = credentials[account];
-            conn.write(
-              JSON.stringify({
-                id: req.id,
-                ok: true,
-                result:
-                  value !== undefined
-                    ? { found: true, value }
-                    : { found: false },
-              }) + "\n",
-            );
-          }
-        } catch {
-          // ignore malformed requests
-        }
-      }
-    });
-  });
-  server.listen(socketPath);
-  return {
-    socketPath,
-    server,
-    close: () => {
-      server.close();
-      try {
-        unlinkSync(socketPath);
-      } catch {
-        // best-effort
-      }
-    },
-  };
-}
 // ---------------------------------------------------------------------------
 // Setup / teardown
 // ---------------------------------------------------------------------------
@@ -244,51 +162,6 @@ afterEach(() => {
   }
 });
-// ---------------------------------------------------------------------------
-// Tests: encrypted store (existing)
-// ---------------------------------------------------------------------------
-describe("readTelegramCredentials", () => {
-  test("returns null when metadata file does not exist", async () => {
-    const result = await readTelegramCredentials();
-    expect(result).toBeNull();
-  });
-  test("returns null when metadata has no Telegram entries", async () => {
-    writeMetadata([{ service: "github", field: "token" }]);
-    const result = await readTelegramCredentials();
-    expect(result).toBeNull();
-  });
-  test("returns null when metadata exists but secrets are missing from encrypted store", async () => {
-    writeMetadata([
-      { service: "telegram", field: "bot_token" },
-      { service: "telegram", field: "webhook_secret" },
-    ]);
-    const result = await readTelegramCredentials();
-    expect(result).toBeNull();
-  });
-  test("returns credentials from encrypted store", async () => {
-    writeMetadata([
-      { service: "telegram", field: "bot_token" },
-      { service: "telegram", field: "webhook_secret" },
-    ]);
-    writeEncryptedStore({
-      [credentialKey("telegram", "bot_token")]: "enc-bot-token",
-      [credentialKey("telegram", "webhook_secret")]: "enc-webhook-secret",
-    });
-    const result = await readTelegramCredentials();
-    expect(result).toEqual({
-      botToken: "enc-bot-token",
-      webhookSecret: "enc-webhook-secret",
-    });
-  });
-});
 // ---------------------------------------------------------------------------
 // Tests: v2 encrypted store (store.key)
 // ---------------------------------------------------------------------------
@@ -322,24 +195,6 @@ describe("v2 encrypted store with store.key", () => {
     const result = await readCredential(credentialKey("test", "key"));
     expect(result).toBeUndefined();
   });
-  test("returns Telegram credentials from v2 store", async () => {
-    writeMetadata([
-      { service: "telegram", field: "bot_token" },
-      { service: "telegram", field: "webhook_secret" },
-    ]);
-    writeEncryptedStoreV2({
-      [credentialKey("telegram", "bot_token")]: "v2-bot-token",
-      [credentialKey("telegram", "webhook_secret")]: "v2-webhook-secret",
-    });
-    const result = await readTelegramCredentials();
-    expect(result).toEqual({
-      botToken: "v2-bot-token",
-      webhookSecret: "v2-webhook-secret",
-    });
-  });
 });
 // ---------------------------------------------------------------------------
@@ -358,84 +213,111 @@ describe("v1 encrypted store backward compatibility", () => {
 });
 // ---------------------------------------------------------------------------
-// Tests: broker credential reading
+// Tests: generic readServiceCredentials
 // ---------------------------------------------------------------------------
-describe("readCredential broker integration", () => {
-  test("returns undefined when socket file does not exist", async () => {
-    const result = await readCredential(credentialKey("test", "key"));
-    expect(result).toBeUndefined();
-  });
+describe("readServiceCredentials", () => {
+  const telegramSpec: ServiceCredentialSpec = {
+    service: "telegram",
+    requiredFields: ["bot_token", "webhook_secret"],
+  };
+  test("returns correct Record<string, string> for a valid spec", async () => {
+    writeMetadata([
+      { service: "telegram", field: "bot_token" },
+      { service: "telegram", field: "webhook_secret" },
+    ]);
-  test("falls back to encrypted store when socket file does not exist", async () => {
     writeEncryptedStore({
-      [credentialKey("test", "key")]: "encrypted-value",
+      [credentialKey("telegram", "bot_token")]: "my-bot-token",
+      [credentialKey("telegram", "webhook_secret")]: "my-webhook-secret",
     });
-    const result = await readCredential(credentialKey("test", "key"));
-    expect(result).toBe("encrypted-value");
+    const result = await readServiceCredentials(telegramSpec);
+    expect(result).toEqual({
+      bot_token: "my-bot-token",
+      webhook_secret: "my-webhook-secret",
+    });
+  });
+  test("returns null when metadata is missing", async () => {
+    // No metadata file written at all
+    const result = await readServiceCredentials(telegramSpec);
+    expect(result).toBeNull();
   });
-  test("falls back to encrypted store when broker token file is missing", async () => {
-    // Create socket file but no token file
-    mkdirSync(join(testDir, ".vellum"), { recursive: true });
-    writeFileSync(join(testDir, ".vellum", "keychain-broker.sock"), "");
+  test("returns null when metadata has no entries for the service", async () => {
+    writeMetadata([{ service: "github", field: "token" }]);
+    const result = await readServiceCredentials(telegramSpec);
+    expect(result).toBeNull();
+  });
+  test("returns null when metadata exists but encrypted values cannot be read", async () => {
+    writeMetadata([
+      { service: "telegram", field: "bot_token" },
+      { service: "telegram", field: "webhook_secret" },
+    ]);
+    // No encrypted store written — secrets are unreadable
+    const result = await readServiceCredentials(telegramSpec);
+    expect(result).toBeNull();
+  });
+  test("returns null when only some required fields exist in metadata", async () => {
+    writeMetadata([
+      { service: "telegram", field: "bot_token" },
+      // webhook_secret is missing from metadata
+    ]);
     writeEncryptedStore({
-      [credentialKey("test", "key")]: "encrypted-value",
+      [credentialKey("telegram", "bot_token")]: "my-bot-token",
+      [credentialKey("telegram", "webhook_secret")]: "my-webhook-secret",
     });
-    const result = await readCredential(credentialKey("test", "key"));
-    expect(result).toBe("encrypted-value");
+    const result = await readServiceCredentials(telegramSpec);
+    expect(result).toBeNull();
   });
-  test("reads credential from broker when available", async () => {
-    const broker = createMockBroker({
-      [credentialKey("test", "key")]: "broker-secret-value",
+  test("works for a hypothetical new service spec (extensibility)", async () => {
+    const customSpec: ServiceCredentialSpec = {
+      service: "test_service",
+      requiredFields: ["api_key", "secret"],
+    };
+    writeMetadata([
+      { service: "test_service", field: "api_key" },
+      { service: "test_service", field: "secret" },
+    ]);
+    writeEncryptedStore({
+      [credentialKey("test_service", "api_key")]: "custom-api-key",
+      [credentialKey("test_service", "secret")]: "custom-secret",
     });
-    try {
-      writeBrokerToken(TEST_TOKEN);
-      const result = await readCredential(credentialKey("test", "key"));
-      expect(result).toBe("broker-secret-value");
-    } finally {
-      broker.close();
-    }
-  });
-  test("broker result takes priority over encrypted store", async () => {
-    const broker = createMockBroker({
-      [credentialKey("test", "key")]: "broker-value",
+    const result = await readServiceCredentials(customSpec);
+    expect(result).toEqual({
+      api_key: "custom-api-key",
+      secret: "custom-secret",
     });
-    try {
-      writeBrokerToken(TEST_TOKEN);
-      writeEncryptedStore({
-        [credentialKey("test", "key")]: "encrypted-value",
-      });
-      const result = await readCredential(credentialKey("test", "key"));
-      expect(result).toBe("broker-value");
-    } finally {
-      broker.close();
-    }
   });
-  test("falls back to encrypted store when broker returns not found", async () => {
-    // Broker has no entry for the test credential key
-    const broker = createMockBroker({});
-    try {
-      writeBrokerToken(TEST_TOKEN);
-      writeEncryptedStore({
-        [credentialKey("test", "key")]: "encrypted-value",
-      });
-      const result = await readCredential(credentialKey("test", "key"));
-      expect(result).toBe("encrypted-value");
-    } finally {
-      broker.close();
-    }
+  test("works with v2 encrypted store", async () => {
+    writeMetadata([
+      { service: "telegram", field: "bot_token" },
+      { service: "telegram", field: "webhook_secret" },
+    ]);
+    writeEncryptedStoreV2({
+      [credentialKey("telegram", "bot_token")]: "v2-bot-token",
+      [credentialKey("telegram", "webhook_secret")]: "v2-webhook-secret",
+    });
+    const result = await readServiceCredentials(telegramSpec);
+    expect(result).toEqual({
+      bot_token: "v2-bot-token",
+      webhook_secret: "v2-webhook-secret",
+    });
   });
 });
@@ -448,26 +330,6 @@ describe("secret leak prevention", () => {
     return JSON.stringify(logCalls);
   }
-  test("broker read does not leak secret values into logs", async () => {
-    const secretValue = "super-secret-broker-credential-value";
-    const broker = createMockBroker({
-      [credentialKey("leak-test", "key")]: secretValue,
-    });
-    try {
-      writeBrokerToken(TEST_TOKEN);
-      const result = await readCredential(credentialKey("leak-test", "key"));
-      expect(result).toBe(secretValue);
-      const serialized = allLogStrings();
-      expect(serialized).not.toContain(secretValue);
-      // The auth token used for broker handshake should also stay out of logs
-      expect(serialized).not.toContain(TEST_TOKEN);
-    } finally {
-      broker.close();
-    }
-  });
   test("encrypted store read does not leak secret values into logs", async () => {
     const secretValue = "super-secret-encrypted-credential-value";
@@ -482,7 +344,7 @@ describe("secret leak prevention", () => {
     expect(serialized).not.toContain(secretValue);
   });
-  test("failed encrypted store read does not leak secret values into logs", async () => {
+  test("service credential read does not leak secret values into logs", async () => {
     const secretValue = "super-secret-telegram-token";
     writeMetadata([
@@ -494,7 +356,10 @@ describe("secret leak prevention", () => {
       [credentialKey("telegram", "webhook_secret")]: "webhook-secret-value",
     });
-    const result = await readTelegramCredentials();
+    const result = await readServiceCredentials({
+      service: "telegram",
+      requiredFields: ["bot_token", "webhook_secret"],
+    });
     expect(result).not.toBeNull();
     const serialized = allLogStrings();