@vellumai/vellum-gateway 0.7.0 → 0.7.1

package/ARCHITECTURE.md

@@ -128,7 +128,7 @@ The assistant daemon does not read or distribute a feature-flag token. All featu
 
 ### Channel Verification Session Control-Plane Proxy
 
-Channel verification session endpoints are exposed directly by the gateway and forwarded to runtime integration handlers even when the broad runtime proxy is disabled. This keeps assistant skills and user-facing tooling on gateway URLs only.
+Channel verification session endpoints are exposed directly by the gateway and forwarded to runtime integration handlers for dedicated auth handling. This keeps assistant skills and user-facing tooling on gateway URLs only.
 
 **Forwarded endpoints:**
 
@@ -158,7 +158,7 @@ The `/v1/guardian/refresh` endpoint is the only public ingress for rotating JWT
 
 ### Runtime Health Proxy
 
-Runtime health is exposed directly by the gateway at `GET /v1/health` and forwarded to the runtime's `GET /v1/health` endpoint even when the broad runtime proxy is disabled.
+Runtime health is exposed directly by the gateway at `GET /v1/health` and forwarded to the runtime's `GET /v1/health` endpoint for dedicated auth handling.
 
 **Authentication boundary:**
 
@@ -175,7 +175,7 @@ Runtime health is exposed directly by the gateway at `GET /v1/health` and forwar
 
 ### Telegram + Contacts Control-Plane Proxies
 
-Telegram integration setup/config endpoints and contacts/invites endpoints are also exposed directly by the gateway and forwarded to runtime handlers even when the broad runtime proxy is disabled.
+Telegram integration setup/config endpoints and contacts/invites endpoints are also exposed directly by the gateway and forwarded to runtime handlers for dedicated auth handling.
 
 **Forwarded Telegram endpoints:**
 
@@ -213,7 +213,7 @@ Telegram integration setup/config endpoints and contacts/invites endpoints are a
 
 ### Twilio Control-Plane Proxy
 
-Twilio integration setup/config endpoints are exposed directly by the gateway and forwarded to runtime handlers even when the broad runtime proxy is disabled. This keeps skills and clients on gateway URLs exclusively.
+Twilio integration setup/config endpoints are exposed directly by the gateway and forwarded to runtime handlers for dedicated auth handling. This keeps skills and clients on gateway URLs exclusively.
 
 **Forwarded endpoints:**
 
@@ -242,7 +242,7 @@ Twilio integration setup/config endpoints are exposed directly by the gateway an
 
 ### Channel Readiness Proxy
 
-Channel readiness endpoints are exposed directly by the gateway and forwarded to runtime handlers even when the broad runtime proxy is disabled.
+Channel readiness endpoints are exposed directly by the gateway and forwarded to runtime handlers for dedicated auth handling.
 
 **Forwarded endpoints:**
 

package/Dockerfile

@@ -12,6 +12,7 @@ COPY --from=bun /usr/local/bin/bun /usr/local/bin/bun
 COPY packages/assistant-client ./packages/assistant-client
 COPY packages/ces-client ./packages/ces-client
 COPY packages/service-contracts ./packages/service-contracts
+COPY packages/slack-text ./packages/slack-text
 
 # Install deps for shared packages that have their own file: dependencies.
 RUN cd /app/packages/ces-client && bun install --frozen-lockfile

package/README.md

@@ -1,6 +1,6 @@
 # Vellum Gateway
 
-Standalone service that serves as the public ingress boundary for all external webhooks and callbacks. It owns Telegram integration end-to-end, routes Twilio voice webhooks, handles OAuth callbacks, and optionally acts as an authenticated reverse proxy for the assistant runtime.
+Standalone service that serves as the public ingress boundary for all external webhooks and callbacks. It owns Telegram integration end-to-end, routes Twilio voice webhooks, handles OAuth callbacks, and acts as an authenticated reverse proxy for the assistant runtime.
 
 ## Architecture
 
@@ -10,7 +10,7 @@ Telegram → gateway/ → Assistant Runtime (/v1/assistants/:id/channels/inbound
 Client → gateway/ (Bearer auth) → Assistant Runtime (any path)
 ```
 
-The web app is **not** in the Telegram request path. When proxy mode is enabled, non-Telegram requests are forwarded to the assistant runtime with optional bearer token authentication.
+The web app is **not** in the Telegram request path. All non-Telegram requests that don't match a dedicated gateway route are forwarded to the assistant runtime with bearer token authentication.
 
 For ingress and channel architecture details, see [`ARCHITECTURE.md`](ARCHITECTURE.md).
 
@@ -218,13 +218,9 @@ The gateway is the **sole public ingress point** for all external webhooks. The
 
 When the ingress public base URL is configured (via `ingress.publicBaseUrl` in workspace config, read through `ConfigFileCache`), the gateway prioritizes it as the canonical URL for Twilio signature validation. If the signature only validates against the raw local request URL (fallback), a warning is logged indicating potential drift between the configured ingress URL and the actual webhook registration. The raw URL fallback is preserved for local-dev operability.
 
-## Default Mode: Dedicated Routes Only
+## Runtime Proxy
 
-By default, the broad runtime proxy is disabled. Dedicated gateway-managed routes (webhooks, delivery endpoints, explicit control-plane proxies such as `/v1/channel-verification-sessions/*`, `/v1/integrations/telegram/*`, `/v1/integrations/slack/*`, and `/v1/contacts/invites/*`, plus the authenticated runtime health route `/v1/health`) remain available, but arbitrary runtime passthrough routes return `404` unless the runtime proxy is enabled via workspace config.
-
-## Runtime Proxy Mode
-
-When the runtime proxy is enabled (via workspace config), the gateway forwards all non-Telegram HTTP requests to the assistant runtime. This allows the gateway to serve as a single ingress point for both Telegram and API traffic.
+The gateway acts as the single ingress point for all traffic. Dedicated gateway routes (webhooks, control-plane proxies, health checks) are matched first; any request that doesn't match a specific route is forwarded to the assistant runtime via a catch-all proxy.
 
 ### Auth behavior
 

package/bun.lock

@@ -8,6 +8,7 @@
         "@vellumai/assistant-client": "file:../packages/assistant-client",
         "@vellumai/ces-client": "file:../packages/ces-client",
         "@vellumai/service-contracts": "file:../packages/service-contracts",
+        "@vellumai/slack-text": "file:../packages/slack-text",
         "drizzle-kit": "0.30.6",
         "drizzle-orm": "0.45.2",
         "file-type": "21.3.0",
@@ -209,6 +210,8 @@
 
     "@vellumai/service-contracts": ["@vellumai/service-contracts@file:../packages/service-contracts", { "dependencies": { "zod": "4.3.6" }, "devDependencies": { "@types/bun": "1.2.4", "typescript": "5.7.3" } }],
 
+    "@vellumai/slack-text": ["@vellumai/slack-text@file:../packages/slack-text", { "devDependencies": { "@types/bun": "1.3.10", "typescript": "5.9.3" } }],
+
     "acorn": ["acorn@8.16.0", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw=="],
 
     "acorn-jsx": ["acorn-jsx@5.3.2", "", { "peerDependencies": { "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ=="],
@@ -499,6 +502,8 @@
 
     "@vellumai/service-contracts/typescript": ["typescript@5.7.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-84MVSjMEHP+FQRPy3pX9sTVV/INIex71s9TL2Gm5FG/WG1SqXeKyZ0k7/blY/4FdOzI12CBy1vGc4og/eus0fw=="],
 
+    "@vellumai/slack-text/@types/bun": ["@types/bun@1.3.10", "", { "dependencies": { "bun-types": "1.3.10" } }, "sha512-0+rlrUrOrTSskibryHbvQkDOWRJwJZqZlxrUs1u4oOoTln8+WIXBPmAuCF35SWB2z4Zl3E84Nl/D0P7803nigQ=="],
+
     "fast-glob/glob-parent": ["glob-parent@5.1.2", "", { "dependencies": { "is-glob": "^4.0.1" } }, "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="],
 
     "gel/which": ["which@4.0.0", "", { "dependencies": { "isexe": "^3.1.1" }, "bin": { "node-which": "bin/which.js" } }, "sha512-GlaYyEb07DPxYCKhKzplCWBJtvxZcZMrL+4UkrTSJHHPyZU4mYYTv3qaOe77H7EODLSSopAUFAc6W8U4yqvscg=="],
@@ -559,6 +564,8 @@
 
     "@vellumai/service-contracts/@types/bun/bun-types": ["bun-types@1.2.4", "", { "dependencies": { "@types/node": "*", "@types/ws": "~8.5.10" } }, "sha512-nDPymR207ZZEoWD4AavvEaa/KZe/qlrbMSchqpQwovPZCKc7pwMoENjEtHgMKaAjJhy+x6vfqSBA1QU3bJgs0Q=="],
 
+    "@vellumai/slack-text/@types/bun/bun-types": ["bun-types@1.3.10", "", { "dependencies": { "@types/node": "*" } }, "sha512-tcpfCCl6XWo6nCVnpcVrxQ+9AYN1iqMIzgrSKYMB/fjLtV2eyAVEg7AxQJuCq/26R6HpKWykQXuSOq/21RYcbg=="],
+
     "gel/which/isexe": ["isexe@3.1.5", "", {}, "sha512-6B3tLtFqtQS4ekarvLVMZ+X+VlvQekbe4taUkf/rhVO3d/h0M2rfARm/pXLcPEsjjMsFgrFgSrhQIxcSVrBz8w=="],
 
     "@typescript-eslint/typescript-estree/minimatch/brace-expansion/balanced-match": ["balanced-match@1.0.2", "", {}, "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="],

package/knip.json

@@ -4,6 +4,7 @@
   "ignoreDependencies": [
     "@vellumai/assistant-client",
     "@vellumai/ces-client",
-    "@vellumai/service-contracts"
+    "@vellumai/service-contracts",
+    "@vellumai/slack-text"
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/vellum-gateway",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "license": "MIT",
   "type": "module",
   "exports": {
@@ -27,6 +27,7 @@
     "@vellumai/assistant-client": "file:../packages/assistant-client",
     "@vellumai/ces-client": "file:../packages/ces-client",
     "@vellumai/service-contracts": "file:../packages/service-contracts",
+    "@vellumai/slack-text": "file:../packages/slack-text",
     "drizzle-kit": "0.30.6",
     "drizzle-orm": "0.45.2",
     "file-type": "21.3.0",

package/src/__tests__/browser-relay-websocket.test.ts

@@ -51,7 +51,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/channel-verification-session-proxy.test.ts

@@ -27,7 +27,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/config.test.ts

@@ -17,7 +17,6 @@ describe("config: hardcoded defaults", () => {
       default: 100 * 1024 * 1024,
     });
     expect(config.maxAttachmentConcurrency).toBe(3);
-    expect(config.runtimeProxyEnabled).toBe(false);
     expect(config.runtimeProxyRequireAuth).toBe(true);
     expect(config.trustProxy).toBe(false);
     expect(config.unmappedPolicy).toBe("reject");

package/src/__tests__/contacts-control-plane-proxy.test.ts

@@ -27,7 +27,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/credential-watcher-managed-bootstrap.test.ts

@@ -1,11 +1,13 @@
 import { afterEach, describe, expect, test } from "bun:test";
-import { createServer } from "node:net";
+import { createServer, type Server } from "node:net";
 import { spawn, type ChildProcess } from "node:child_process";
 import { mkdirSync, renameSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
 
+import { startFakeAssistantIpc } from "./fake-assistant-ipc.js";
+
 const TEST_SERVICE_TOKEN = "test-ces-service-token";
 
 const testDir = join(tmpdir(), `gw-managed-${Date.now()}-${Math.random()}`);
@@ -54,6 +56,7 @@ let gatewayProc: ChildProcess | null = null;
 let gatewayPort = 0;
 let cesPort = 0;
 let cesServer: ReturnType<typeof Bun.serve> | null = null;
+let fakeAssistantIpc: Server | null = null;
 
 /** Ask the OS for a free port by briefly binding to port 0. */
 function getFreePort(): Promise<number> {
@@ -95,11 +98,14 @@ async function startGateway(): Promise<void> {
     );
   gatewayPort = await getFreePort();
 
+  const workspaceDir = join(testDir, ".vellum", "workspace");
+  fakeAssistantIpc = startFakeAssistantIpc(workspaceDir);
+
   gatewayProc = spawn("bun", ["run", gatewayEntry], {
     env: {
       ...process.env,
       GATEWAY_SECURITY_DIR: join(testDir, ".vellum", "protected"),
-      VELLUM_WORKSPACE_DIR: join(testDir, ".vellum", "workspace"),
+      VELLUM_WORKSPACE_DIR: workspaceDir,
       GATEWAY_PORT: String(gatewayPort),
       CES_CREDENTIAL_URL: `http://127.0.0.1:${cesPort}`,
       CES_SERVICE_TOKEN: TEST_SERVICE_TOKEN,
@@ -190,6 +196,8 @@ function startFakeCes(opts: {
 }
 
 afterEach(async () => {
+  fakeAssistantIpc?.close();
+  fakeAssistantIpc = null;
   cesServer?.stop(true);
   cesServer = null;
   gatewayPort = 0;

package/src/__tests__/credential-watcher.test.ts

@@ -17,8 +17,11 @@ import {
 import { mkdirSync, renameSync, writeFileSync, rmSync } from "node:fs";
 import { hostname, tmpdir, userInfo } from "node:os";
 import { dirname, join } from "node:path";
+import type { Server } from "node:net";
 import { fileURLToPath } from "node:url";
 
+import { startFakeAssistantIpc } from "./fake-assistant-ipc.js";
+
 // ---------------------------------------------------------------------------
 // Constants — must match credential-reader.ts
 // ---------------------------------------------------------------------------
@@ -189,14 +192,19 @@ const gatewayEntry = join(gatewayRoot, "src", "index.ts");
 
 let gatewayProc: ChildProcess | null = null;
 let port = 0;
+let fakeAssistantIpc: Server | null = null;
 
 async function startGateway(): Promise<void> {
   port = 49152 + Math.floor(Math.random() * 16383);
+
+  const workspaceDir = join(testDir, ".vellum", "workspace");
+  fakeAssistantIpc = startFakeAssistantIpc(workspaceDir);
+
   gatewayProc = spawn("bun", ["run", gatewayEntry], {
     env: {
       ...process.env,
       GATEWAY_SECURITY_DIR: join(testDir, ".vellum", "protected"),
-      VELLUM_WORKSPACE_DIR: join(testDir, ".vellum", "workspace"),
+      VELLUM_WORKSPACE_DIR: workspaceDir,
       GATEWAY_PORT: String(port),
       // Ensure Telegram is NOT configured via env vars
       TELEGRAM_BOT_TOKEN: "",
@@ -229,6 +237,8 @@ async function startGateway(): Promise<void> {
 }
 
 afterEach(async () => {
+  fakeAssistantIpc?.close();
+  fakeAssistantIpc = null;
   if (gatewayProc) {
     const proc = gatewayProc;
     gatewayProc = null;

package/src/__tests__/db-connection-isolation.test.ts

@@ -0,0 +1,157 @@
+import { afterEach, expect, test } from "bun:test";
+import {
+  existsSync,
+  mkdirSync,
+  mkdtempSync,
+  realpathSync,
+  rmSync,
+  symlinkSync,
+  writeFileSync,
+} from "node:fs";
+import { homedir, tmpdir } from "node:os";
+import { join } from "node:path";
+
+import { initGatewayDb, resetGatewayDb } from "../db/connection.js";
+
+const originalSecurityDir = process.env.GATEWAY_SECURITY_DIR;
+const originalAllowRealSecurity =
+  process.env.VELLUM_ALLOW_REAL_GATEWAY_SECURITY_IN_TESTS;
+const originalTestRealSecurity =
+  process.env.VELLUM_TEST_REAL_GATEWAY_SECURITY_DIR;
+const originalHome = process.env.HOME;
+
+afterEach(() => {
+  resetGatewayDb();
+  if (originalSecurityDir === undefined) {
+    delete process.env.GATEWAY_SECURITY_DIR;
+  } else {
+    process.env.GATEWAY_SECURITY_DIR = originalSecurityDir;
+  }
+
+  if (originalAllowRealSecurity === undefined) {
+    delete process.env.VELLUM_ALLOW_REAL_GATEWAY_SECURITY_IN_TESTS;
+  } else {
+    process.env.VELLUM_ALLOW_REAL_GATEWAY_SECURITY_IN_TESTS =
+      originalAllowRealSecurity;
+  }
+
+  if (originalTestRealSecurity === undefined) {
+    delete process.env.VELLUM_TEST_REAL_GATEWAY_SECURITY_DIR;
+  } else {
+    process.env.VELLUM_TEST_REAL_GATEWAY_SECURITY_DIR =
+      originalTestRealSecurity;
+  }
+
+  if (originalHome === undefined) {
+    delete process.env.HOME;
+  } else {
+    process.env.HOME = originalHome;
+  }
+});
+
+test("initGatewayDb refuses test runs without an isolated security dir", async () => {
+  resetGatewayDb();
+  delete process.env.GATEWAY_SECURITY_DIR;
+  delete process.env.VELLUM_ALLOW_REAL_GATEWAY_SECURITY_IN_TESTS;
+
+  await expect(initGatewayDb()).rejects.toThrow(
+    "Refusing to open the gateway DB during tests without GATEWAY_SECURITY_DIR",
+  );
+});
+
+test("initGatewayDb refuses the real security dir during tests even when explicitly set", async () => {
+  resetGatewayDb();
+  process.env.GATEWAY_SECURITY_DIR = join(homedir(), ".vellum", "protected");
+  delete process.env.VELLUM_ALLOW_REAL_GATEWAY_SECURITY_IN_TESTS;
+
+  await expect(initGatewayDb()).rejects.toThrow(
+    "Refusing to open the real gateway security DB during tests",
+  );
+});
+
+test("initGatewayDb refuses symlink aliases to the real security dir during tests", async () => {
+  resetGatewayDb();
+  const testRoot = realpathSync(
+    mkdtempSync(join(tmpdir(), "vellum-gateway-db-isolation-")),
+  );
+
+  try {
+    const fakeHome = join(testRoot, "home");
+    const realSecurityDir = join(fakeHome, ".vellum", "protected");
+    const aliasParent = join(testRoot, "aliases");
+    const securityAlias = join(aliasParent, "gateway-security-link");
+
+    mkdirSync(realSecurityDir, { recursive: true });
+    mkdirSync(aliasParent, { recursive: true });
+    symlinkSync(realSecurityDir, securityAlias, "dir");
+
+    process.env.HOME = fakeHome;
+    process.env.GATEWAY_SECURITY_DIR = securityAlias;
+    process.env.VELLUM_TEST_REAL_GATEWAY_SECURITY_DIR = realSecurityDir;
+    delete process.env.VELLUM_ALLOW_REAL_GATEWAY_SECURITY_IN_TESTS;
+
+    await expect(initGatewayDb()).rejects.toThrow(
+      "Refusing to open the real gateway security DB during tests",
+    );
+  } finally {
+    rmSync(testRoot, { recursive: true, force: true });
+  }
+});
+
+test("initGatewayDb refuses missing children under symlink aliases to the real security dir", async () => {
+  resetGatewayDb();
+  const testRoot = realpathSync(
+    mkdtempSync(join(tmpdir(), "vellum-gateway-db-isolation-")),
+  );
+
+  try {
+    const fakeHome = join(testRoot, "home");
+    const realSecurityDir = join(fakeHome, ".vellum", "protected");
+    const aliasParent = join(testRoot, "aliases");
+    const securityLink = join(aliasParent, "gateway-security-link");
+    const missingChild = join(securityLink, "new-security-dir");
+
+    mkdirSync(realSecurityDir, { recursive: true });
+    mkdirSync(aliasParent, { recursive: true });
+    symlinkSync(realSecurityDir, securityLink, "dir");
+
+    process.env.HOME = fakeHome;
+    process.env.GATEWAY_SECURITY_DIR = missingChild;
+    process.env.VELLUM_TEST_REAL_GATEWAY_SECURITY_DIR = realSecurityDir;
+    delete process.env.VELLUM_ALLOW_REAL_GATEWAY_SECURITY_IN_TESTS;
+
+    await expect(initGatewayDb()).rejects.toThrow(
+      "Refusing to open the real gateway security DB during tests",
+    );
+  } finally {
+    rmSync(testRoot, { recursive: true, force: true });
+  }
+});
+
+test("initGatewayDb does not migrate legacy gateway DBs during tests", async () => {
+  resetGatewayDb();
+  const testRoot = realpathSync(
+    mkdtempSync(join(tmpdir(), "vellum-gateway-db-isolation-")),
+  );
+
+  try {
+    const fakeHome = join(testRoot, "home");
+    const legacyDir = join(fakeHome, ".vellum", "data");
+    const legacyDb = join(legacyDir, "gateway.sqlite");
+    const securityDir = join(testRoot, "gateway-security");
+
+    mkdirSync(legacyDir, { recursive: true });
+    writeFileSync(legacyDb, "legacy gateway db");
+
+    process.env.HOME = fakeHome;
+    process.env.GATEWAY_SECURITY_DIR = securityDir;
+    delete process.env.VELLUM_ALLOW_REAL_GATEWAY_SECURITY_IN_TESTS;
+
+    await initGatewayDb();
+
+    expect(existsSync(legacyDb)).toBe(true);
+    expect(existsSync(join(securityDir, "gateway.sqlite"))).toBe(true);
+  } finally {
+    rmSync(testRoot, { recursive: true, force: true });
+  }
+});

package/src/__tests__/fake-assistant-ipc.ts

@@ -0,0 +1,39 @@
+/**
+ * Minimal fake assistant IPC server for tests.
+ *
+ * Listens on assistant.sock inside the given workspace dir and responds
+ * to the "health" JSON-RPC call with { status: "ok" }. This satisfies
+ * the gateway's waitForAssistant() poll so it starts immediately.
+ */
+import { createServer, type Server } from "node:net";
+import { join } from "node:path";
+import { mkdirSync } from "node:fs";
+
+export function startFakeAssistantIpc(workspaceDir: string): Server {
+  mkdirSync(workspaceDir, { recursive: true });
+  const socketPath = join(workspaceDir, "assistant.sock");
+
+  const server = createServer((conn) => {
+    let buffer = "";
+    conn.on("data", (chunk) => {
+      buffer += chunk.toString();
+      let idx: number;
+      while ((idx = buffer.indexOf("\n")) !== -1) {
+        const line = buffer.slice(0, idx).trim();
+        buffer = buffer.slice(idx + 1);
+        if (!line) continue;
+        try {
+          const req = JSON.parse(line) as { id: string; method: string };
+          conn.write(
+            JSON.stringify({ id: req.id, result: { status: "ok" } }) + "\n",
+          );
+        } catch {
+          // ignore malformed
+        }
+      }
+    });
+  });
+
+  server.listen(socketPath);
+  return server;
+}

package/src/__tests__/feature-flags-route.test.ts

@@ -41,7 +41,7 @@ const TEST_REGISTRY = {
     },
     {
       id: "user-hosted-enabled",
-      scope: "macos",
+      scope: "client",
       key: "user-hosted-enabled",
       label: "User Hosted Enabled",
       description: "Enable user-hosted onboarding flow",
@@ -103,7 +103,7 @@ describe("GET /v1/feature-flags handler", () => {
     const defaults = loadFeatureFlagDefaults();
     const declaredKeys = Object.keys(defaults);
 
-    // Should return all declared assistant-scope flags (not macos-scope)
+    // Should return all declared assistant-scope flags (not client-scope)
     expect(body.flags.length).toBe(declaredKeys.length);
     expect(body.flags.length).toBeGreaterThan(0);
 
@@ -159,11 +159,11 @@ describe("GET /v1/feature-flags handler", () => {
     expect(res.status).toBe(200);
     const body = await res.json();
 
-    // The macos-scope flag should not appear
-    const macosFlag = body.flags.find(
+    // The client-scope flag should not appear
+    const clientFlag = body.flags.find(
       (f: { key: string }) => f.key === "user-hosted-enabled",
     );
-    expect(macosFlag).toBeUndefined();
+    expect(clientFlag).toBeUndefined();
   });
 
   test("returns all declared flags even when store has no persisted values", async () => {

package/src/__tests__/guardian-init-lockfile.test.ts

@@ -138,7 +138,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,
@@ -359,9 +358,12 @@ describe("guardian/init one-time-use lockfile", () => {
     const body = await res.json();
 
     // Verify contact records were written to the assistant DB
-    const assistantDb = new Database(join(testRoot, "data", "db", "assistant.db"), {
-      readonly: true,
-    });
+    const assistantDb = new Database(
+      join(testRoot, "data", "db", "assistant.db"),
+      {
+        readonly: true,
+      },
+    );
 
     const contact = assistantDb
       .query<

package/src/__tests__/ipc-feature-flag-routes.test.ts

@@ -39,7 +39,7 @@ const TEST_REGISTRY = {
     },
     {
       id: "user-hosted-enabled",
-      scope: "macos",
+      scope: "client",
       key: "user-hosted-enabled",
       label: "User Hosted Enabled",
       description: "Enable user-hosted onboarding flow",

package/src/__tests__/live-voice-websocket.test.ts

@@ -45,7 +45,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/load-guards.test.ts

@@ -22,7 +22,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/migration-teleport-gcs-proxy.test.ts

@@ -30,7 +30,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/oauth-callback.test.ts

@@ -34,7 +34,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/resolve-assistant.test.ts

@@ -9,7 +9,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/runtime-client.test.ts

@@ -38,7 +38,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/runtime-health-proxy.test.ts

@@ -27,7 +27,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/runtime-proxy-auth.test.ts

@@ -41,7 +41,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: true,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/runtime-proxy.test.ts

@@ -27,7 +27,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: true,
     runtimeProxyRequireAuth: false,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,

package/src/__tests__/slack-control-plane-proxy.test.ts

@@ -27,7 +27,6 @@ function makeConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig {
     defaultAssistantId: undefined,
     unmappedPolicy: "reject",
     port: 7830,
-    runtimeProxyEnabled: false,
     runtimeProxyRequireAuth: true,
     shutdownDrainMs: 5000,
     runtimeTimeoutMs: 30000,