npm - auramaxx - Versions diffs - 0.0.13 → 0.0.14 - Mend

auramaxx 0.0.13 → 0.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

package/src/server/mcp/server.ts CHANGED Viewed

@@ -43,7 +43,9 @@ import {
   resolveDiaryDate,
 } from '../lib/diary';
 import {
+  canonicalizeCredentialFieldKey,
   getCredentialFieldValue,
+  getCredentialPrimaryFieldKey,
   NOTE_CONTENT_KEY,
 } from '../../../shared/credential-field-schema';
 import { defaultSecretEnvVarName, normalizeEnvVarName } from '../lib/secret-env';
@@ -1013,7 +1015,7 @@ async function resolveCredentialByName(
   name: string,
   authTokenOverride?: string,
 ): Promise<
-  | { credentialId: string; credentialName: string }
+  | { credentialId: string; credentialName: string; credentialType?: string }
   | { error: string; escalation?: McpToolResponse }
 > {
   const base = WALLET_BASE();
@@ -1045,7 +1047,7 @@ async function resolveCredentialByName(
       }
       if (!res.ok) continue;
-      const data = await res.json() as { credentials: Array<{ id: string; name: string; agentId: string }> };
+      const data = await res.json() as { credentials: Array<{ id: string; name: string; type?: string; agentId: string }> };
       if (!data.credentials || data.credentials.length === 0) continue;
       const decision = evaluateProjectScopeAccess({
@@ -1075,7 +1077,11 @@ async function resolveCredentialByName(
       const scopedCandidates = data.credentials.filter((c) => allowedIds.has(c.id));
       if (scopedCandidates.length === 0) continue;
-      return { credentialId: scopedCandidates[0].id, credentialName: scopedCandidates[0].name };
+      return {
+        credentialId: scopedCandidates[0].id,
+        credentialName: scopedCandidates[0].name,
+        credentialType: scopedCandidates[0].type,
+      };
     }
   } catch (err) {
     return { error: `Search failed: ${err}` };
@@ -1184,6 +1190,20 @@ function extractPrimarySecretValue(
   return noteField || sensitiveField || fields[0]?.value || '';
 }
+function findCredentialFieldValue(
+  credentialType: string | undefined,
+  fields: Array<{ key: string; value: string; type?: string; sensitive?: boolean }>,
+  requestedField: string,
+): string | undefined {
+  const trimmed = String(requestedField || '').trim();
+  if (!trimmed) return undefined;
+  const directMatch = fields.find((field) => field.key.toLowerCase() === trimmed.toLowerCase());
+  if (directMatch) return directMatch.value;
+  const canonicalKey = canonicalizeCredentialFieldKey(String(credentialType || 'custom'), trimmed).toLowerCase();
+  const canonicalMatch = fields.find((field) => field.key.toLowerCase() === canonicalKey);
+  return canonicalMatch?.value;
+}
 function renderSecretValue(secretValue: string, dangerPlaintext: boolean): string {
   return dangerPlaintext ? secretValue : '*******';
 }
@@ -1444,9 +1464,10 @@ function applyClaimResponseToPendingAuth(
 // ── get_secret ─────────────────────────────────────────────────────────
 server.tool(
   'get_secret',
-  'Look up a stored credential/secret by name or tag, inject its primary value into a default env var, and return redacted metadata unless dangerPlaintext is explicitly enabled.',
+  'Look up a stored credential/secret by name or tag, inject its primary value (or explicit field) into a default env var, and return redacted metadata unless dangerPlaintext is explicitly enabled.',
   {
     name: z.string().describe('Name or tag to search for (e.g. "GitHub", "openai", "deploy")'),
+    field: z.string().optional().describe('Optional explicit field key to read (e.g. "password", "cvv"). When omitted, reads the credential primary field.'),
     command: z.array(z.string()).optional().describe('Optional command + args to spawn with injected env var (e.g. ["node", "script.js"]). If omitted, sets env var in MCP server process and returns WHATDO guidance.'),
     dangerPlaintext: z.boolean().optional().describe('If true, include plaintext secret in output (unsafe). Defaults to false (masked).'),
     reqId: z.string().optional().describe('Optional approval request id for one-shot claim retry binding'),
@@ -1454,11 +1475,13 @@ server.tool(
   async (input) => {
     const {
       name,
+      field,
       command,
       dangerPlaintext,
       reqId,
-    } = input as { name: string; command?: string[]; dangerPlaintext?: boolean; reqId?: string };
+    } = input as { name: string; field?: string; command?: string[]; dangerPlaintext?: boolean; reqId?: string };
     const revealPlaintext = dangerPlaintext === true;
+    const requestedField = String(field || '').trim();
     if (isGetSecretRateLimited()) {
       return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Rate limited — too many get_secret requests. Try again in 1 minute.' }) }] };
@@ -1473,7 +1496,7 @@ server.tool(
     const credentialNameFromBinding = authContext.mode === 'one_shot' ? authContext.binding?.credentialName : undefined;
     const resolved = credentialIdFromBinding
-      ? { credentialId: credentialIdFromBinding, credentialName: credentialNameFromBinding || name }
+      ? { credentialId: credentialIdFromBinding, credentialName: credentialNameFromBinding || name, credentialType: undefined }
       : await resolveCredentialByName(name, authToken);
     if ('error' in resolved) {
       if ('escalation' in resolved && resolved.escalation) return resolved.escalation;
@@ -1481,6 +1504,17 @@ server.tool(
     }
     const { credentialId, credentialName } = resolved;
+    const requestedFields = requestedField
+      ? [requestedField]
+      : resolved.credentialType
+        ? [getCredentialPrimaryFieldKey(resolved.credentialType)]
+        : [];
+    const readPayload = requestedFields.length > 0
+      ? { requestedFields }
+      : {};
+    const readBody = requestedFields.length > 0
+      ? JSON.stringify(readPayload)
+      : undefined;
     if (authContext.mode === 'one_shot' && authContext.reqId && authContext.binding) {
       const bindingError = validateOneShotCredentialReadBinding({
         reqId: authContext.reqId,
@@ -1499,10 +1533,12 @@ server.tool(
         method: 'POST',
         headers: {
           'Authorization': `Bearer ${authToken}`,
+          ...(readBody ? { 'Content-Type': 'application/json' } : {}),
           'X-Secret-Surface': 'get_secret',
           'X-Credential-Name': credentialName || name,
           'X-Aura-Original-Command': `mcp get_secret ${JSON.stringify(name)}`,
         },
+        ...(readBody ? { body: readBody } : {}),
         signal: AbortSignal.timeout(5000),
       });
@@ -1516,7 +1552,7 @@ server.tool(
             permissions: ['secret:read'],
             endpoint: `/credentials/${credentialId}/read`,
             method: 'POST',
-            body: {},
+            body: readPayload,
           });
         }
         return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Read failed (${res.status}): ${text}` }) }] };
@@ -1549,8 +1585,17 @@ server.tool(
         }
       }
-      const secretValue = extractPrimarySecretValue(decrypted.fields);
+      const requestedValue = requestedField
+        ? findCredentialFieldValue(decrypted.type || resolved.credentialType, decrypted.fields, requestedField)
+        : undefined;
+      const secretValue = requestedValue !== undefined
+        ? requestedValue
+        : extractPrimarySecretValue(decrypted.fields);
       if (!secretValue) {
+        if (requestedField && requestedValue === undefined) {
+          const availableFields = decrypted.fields.map((entry) => entry.key).join(', ');
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Field "${requestedField}" not found on credential "${credentialName || name}"`, availableFields }) }] };
+        }
         return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Credential "${credentialName || name}" has no extractable secret value` }) }] };
       }
@@ -1933,9 +1978,10 @@ server.tool(
 // ── inject_secret ──────────────────────────────────────────────────────
 server.tool(
   'inject_secret',
-  'Look up a credential by name, extract its primary secret field, and inject it into env for MCP process or a child command. Output is redacted unless dangerPlaintext is enabled.',
+  'Look up a credential by name, extract its primary secret field (or explicit field), and inject it into env for MCP process or a child command. Output is redacted unless dangerPlaintext is enabled.',
   {
     name: z.string().describe('Name or tag of the credential to inject'),
+    field: z.string().optional().describe('Optional explicit field key to inject instead of the credential primary field.'),
     envVar: z.string().optional().describe('Optional environment variable name (defaults to AURA_{SECRETNAME}, e.g. "AURA_OPENAI_API_KEY")'),
     command: z.array(z.string()).optional().describe('Optional command + args to spawn with injected env var (e.g. ["node", "script.js"]). If omitted, sets env var in MCP server process and returns WHATDO guidance.'),
     dangerPlaintext: z.boolean().optional().describe('If true, include plaintext secret in output (unsafe). Defaults to false (masked).'),
@@ -1944,12 +1990,14 @@ server.tool(
   async (input) => {
     const {
       name,
+      field,
       envVar,
       command,
       dangerPlaintext,
       reqId,
-    } = input as { name: string; envVar?: string; command?: string[]; dangerPlaintext?: boolean; reqId?: string };
+    } = input as { name: string; field?: string; envVar?: string; command?: string[]; dangerPlaintext?: boolean; reqId?: string };
     const revealPlaintext = dangerPlaintext === true;
+    const requestedField = String(field || '').trim();
     const resolvedEnvVar = normalizeEnvVarName(envVar || defaultSecretEnvVarName(name));
     if (!resolvedEnvVar) {
       return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Invalid envVar. Expected shell env var format like AURA_SECRET or GITHUB_PAT.' }) }] };
@@ -1968,7 +2016,7 @@ server.tool(
     const credentialNameFromBinding = authContext.mode === 'one_shot' ? authContext.binding?.credentialName : undefined;
     const resolved = credentialIdFromBinding
-      ? { credentialId: credentialIdFromBinding, credentialName: credentialNameFromBinding || name }
+      ? { credentialId: credentialIdFromBinding, credentialName: credentialNameFromBinding || name, credentialType: undefined }
       : await resolveCredentialByName(name, authToken);
     if ('error' in resolved) {
       if ('escalation' in resolved && resolved.escalation) return resolved.escalation;
@@ -1976,6 +2024,17 @@ server.tool(
     }
     const base = WALLET_BASE();
+    const requestedFields = requestedField
+      ? [requestedField]
+      : resolved.credentialType
+        ? [getCredentialPrimaryFieldKey(resolved.credentialType)]
+        : [];
+    const readPayload = requestedFields.length > 0
+      ? { requestedFields }
+      : {};
+    const readBody = requestedFields.length > 0
+      ? JSON.stringify(readPayload)
+      : undefined;
     if (authContext.mode === 'one_shot' && authContext.reqId && authContext.binding) {
       const bindingError = validateOneShotCredentialReadBinding({
         reqId: authContext.reqId,
@@ -1994,11 +2053,13 @@ server.tool(
         method: 'POST',
         headers: {
           'Authorization': `Bearer ${authToken}`,
+          ...(readBody ? { 'Content-Type': 'application/json' } : {}),
           'X-Secret-Surface': 'inject_secret',
           'X-Secret-EnvVar': resolvedEnvVar,
           'X-Credential-Name': resolved.credentialName || name,
           'X-Aura-Original-Command': `mcp inject_secret ${JSON.stringify(name)}`,
         },
+        ...(readBody ? { body: readBody } : {}),
         signal: AbortSignal.timeout(5000),
       });
@@ -2012,7 +2073,7 @@ server.tool(
             permissions: ['secret:read'],
             endpoint: `/credentials/${resolved.credentialId}/read`,
             method: 'POST',
-            body: {},
+            body: readPayload,
           });
         }
         return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Read failed (${res.status}): ${text}` }) }] };
@@ -2021,10 +2082,18 @@ server.tool(
       const data = await res.json() as { encrypted: string };
       const decrypted = decryptCredentialPayload(data.encrypted);
-      // Extract primary secret field
-      secretValue = extractPrimarySecretValue(decrypted.fields);
+      const requestedValue = requestedField
+        ? findCredentialFieldValue(decrypted.type || resolved.credentialType, decrypted.fields, requestedField)
+        : undefined;
+      secretValue = requestedValue !== undefined
+        ? requestedValue
+        : extractPrimarySecretValue(decrypted.fields);
       if (!secretValue) {
+        if (requestedField && requestedValue === undefined) {
+          const availableFields = decrypted.fields.map((entry) => entry.key).join(', ');
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Field "${requestedField}" not found on credential "${resolved.credentialName || name}"`, availableFields }) }] };
+        }
         return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Credential "${name}" has no extractable secret value` }) }] };
       }
     } catch (err) {

package/src/server/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":"4.0.18","results":[[":tests/send.test.ts",{"duration":162.08154100000002,"failed":false}],[":tests/approve.test.ts",{"duration":257.27824999999996,"failed":false}],[":tests/unlock.test.ts",{"duration":213.61050000000003,"failed":false}],[":tests/setup.test.ts",{"duration":128.30779199999998,"failed":false}],[":tests/e2e.test.ts",{"duration":4341.373875,"failed":false}],[":tests/wallet.test.ts",{"duration":1768.446334,"failed":false}],[":tests/auth.test.ts",{"duration":174.709292,"failed":false}],[":tests/fund.test.ts",{"duration":820.6141660000001,"failed":false}],[":tests/integration/agent-flow.test.ts",{"duration":6350.61575,"failed":false}],[":tests/auth/permissions.test.ts",{"duration":6955.744291999999,"failed":false}],[":tests/auth/middleware.test.ts",{"duration":8667.608209,"failed":false}],[":tests/lib/sessions.test.ts",{"duration":100.3447920000001,"failed":false}],[":tests/lib/auth.test.ts",{"duration":4552.982083,"failed":false}],[":tests/endpoints/unlock.test.ts",{"duration":10486.351083,"failed":false}],[":tests/endpoints/wallet.test.ts",{"duration":4370.477584,"failed":false}],[":tests/endpoints/approve.test.ts",{"duration":497.64808300000004,"failed":false}],[":tests/endpoints/fund.test.ts",{"duration":1897.905,"failed":false}],[":tests/endpoints/send.test.ts",{"duration":2268.8852079999997,"failed":false}],[":tests/endpoints/auth.test.ts",{"duration":1334.914333,"failed":false}],[":tests/endpoints/setup.test.ts",{"duration":5293.225625,"failed":false}],[":tests/lib/uniswap.test.ts",{"duration":21.776292000000012,"failed":false}],[":tests/auth/apikeys.test.ts",{"duration":10995.417958,"failed":false}],[":tests/endpoints/wallet-data.test.ts",{"duration":2099.3379170000003,"failed":false}],[":tests/endpoints/swap.test.ts",{"duration":1653.693583,"failed":false}],[":tests/endpoints/token-clearing.test.ts",{"duration":1247.484042,"failed":false}],[":tests/endpoints/rate-limit.test.ts",{"duration":2154.356209,"failed":false}],[":tests/endpoints/solana-swap.test.ts",{"duration":998.2979999999999,"failed":false}],[":tests/endpoints/solana-wallet.test.ts",{"duration":1363.0256249999998,"failed":false}],[":tests/endpoints/solana-send.test.ts",{"duration":1039.8317080000002,"failed":false}],[":tests/lib/sessions-currency.test.ts",{"duration":56.1837079999998,"failed":false}],[":tests/endpoints/solana-fund.test.ts",{"duration":1418.0586249999997,"failed":false}],[":tests/lib/solana-wallet.test.ts",{"duration":161.13887499999998,"failed":false}],[":tests/lib/address.test.ts",{"duration":3.510084000000006,"failed":false}],[":tests/lib/strategy/sources.test.ts",{"duration":21.01504100000001,"failed":false}],[":tests/lib/strategy/loader.test.ts",{"duration":59.308375,"failed":false}],[":tests/lib/strategy/executor.test.ts",{"duration":7.492707999999993,"failed":false}],[":tests/lib/strategy/state.test.ts",{"duration":6.136792,"failed":false}],[":tests/lib/strategy/hooks.test.ts",{"duration":14.00120800000002,"failed":false}],[":tests/endpoints/widgets.test.ts",{"duration":2127.785625,"failed":false}],[":tests/lib/strategy/message.test.ts",{"duration":127.83229099999997,"failed":false}],[":tests/endpoints/actions.test.ts",{"duration":2396.4307919999997,"failed":false}],[":tests/endpoints/vault.test.ts",{"duration":7419.710874999999,"failed":false}],[":tests/integration/adapter-resolve.test.ts",{"duration":3486.7960000000003,"failed":false}],[":tests/lib/adapters.test.ts",{"duration":38.35904199999999,"failed":false}],[":tests/lib/strategy/tick.test.ts",{"duration":6.34379100000001,"failed":false}],[":tests/lib/relay.test.ts",{"duration":4.984791000000001,"failed":false}],[":tests/lib/ai.test.ts",{"duration":6.82841599999999,"failed":false}],[":tests/endpoints/launch.test.ts",{"duration":35837.233333,"failed":false}],[":tests/widget-installer.test.ts",{"duration":154.704459,"failed":false}],[":tests/mcp/tools.test.ts",{"duration":15.441082999999992,"failed":false}],[":tests/ai-integration/scenarios.test.ts",{"duration":7.4487499999999045,"failed":true}],[":tests/mcp/server.test.ts",{"duration":1333.480375,"failed":false}],[":tests/ai-integration/live.test.ts",{"duration":77572.38508299999,"failed":false}],[":tests/auth/apikeys-validate.test.ts",{"duration":10219.787667,"failed":false}],[":tests/lib/adapters-test.test.ts",{"duration":25429.400542,"failed":false}],[":tests/setup-integration/wizard-flow.test.ts",{"duration":124.21662500000002,"failed":false}],[":tests/setup-integration/adapter-test.test.ts",{"duration":166.0367080000001,"failed":false}],[":tests/setup-integration/edge-cases.test.ts",{"duration":156.02324999999996,"failed":false}],[":tests/setup-integration/apikey-validation.test.ts",{"duration":147.53583400000002,"failed":false}],[":tests/setup-integration/fresh-setup.test.ts",{"duration":107.81912499999999,"failed":false}],[":tests/lib/network.test.ts",{"duration":12.689417000000006,"failed":false}],[":tests/cli/process.test.ts",{"duration":33.650542,"failed":false}],[":tests/cli/init-steps.test.ts",{"duration":4.78708300000001,"failed":false}],[":tests/cli/init-flow.test.ts",{"duration":2517.034083,"failed":false}],[":tests/cli/http.test.ts",{"duration":1563.349083,"failed":false}],[":tests/lib/verified-summary.test.ts",{"duration":8.588290999999998,"failed":false}],[":tests/lib/defaults.test.ts",{"duration":89.18312500000002,"failed":false}],[":tests/endpoints/defaults.test.ts",{"duration":6137.610333,"failed":false}],[":tests/lib/adapters-chat.test.ts",{"duration":28.19304200000002,"failed":false}],[":tests/setup-integration/terminal-flow.test.ts",{"duration":248.770042,"failed":false}],[":tests/endpoints/transactions.test.ts",{"duration":1127.6649169999998,"failed":false}],[":tests/cron/scheduler.test.ts",{"duration":16.875292,"failed":false}],[":tests/endpoints/portfolio.test.ts",{"duration":381.701917,"failed":false}],[":tests/cron/native-price.test.ts",{"duration":58.4565419999999,"failed":false}],[":tests/resolve.test.ts",{"duration":13.15741700000001,"failed":false}],[":tests/lib/prices.test.ts",{"duration":103.56858299999999,"failed":false}],[":tests/swap-quote.test.ts",{"duration":945.5037500000001,"failed":false}],[":tests/send-token.test.ts",{"duration":996.399292,"failed":false}],[":tests/endpoints/price.test.ts",{"duration":61.327583000000004,"failed":false}],[":tests/lib/price.test.ts",{"duration":4.805790999999999,"failed":false}],[":tests/endpoints/token-search.test.ts",{"duration":35.89754199999993,"failed":false}],[":tests/lib/token-search.test.ts",{"duration":65.472708,"failed":false}],[":tests/lib/token-safety.test.ts",{"duration":5.724790999999996,"failed":false}],[":tests/endpoints/token-safety.test.ts",{"duration":41.85649999999987,"failed":false}],[":tests/lib/batch.test.ts",{"duration":11.763874999999999,"failed":false}],[":tests/endpoints/batch.test.ts",{"duration":48.719875,"failed":false}],[":tests/endpoints/token-balance.test.ts",{"duration":29.900082999999995,"failed":false}],[":tests/lib/events-decoder.test.ts",{"duration":4.558958999999987,"failed":false}],[":tests/lib/events-enricher.test.ts",{"duration":4.474500000000035,"failed":false}],[":tests/endpoints/address-transactions.test.ts",{"duration":962.0601669999999,"failed":false}],[":tests/endpoints/bookmarks.test.ts",{"duration":1349.6050840000003,"failed":false}],[":tests/endpoints/addressbook.test.ts",{"duration":995.706459,"failed":false}],[":tests/lib/strategy/session-logger.test.ts",{"duration":1471.763333,"failed":false}],[":tests/cron/incoming-scan.test.ts",{"duration":385.8459999999999,"failed":false}],[":tests/lib/auto-unlock.test.ts",{"duration":1104.2137500000001,"failed":false}],[":tests/lib/widget-tokens-tier.test.ts",{"duration":226.36699999999996,"failed":false}],[":tests/cron/strategy-runner.test.ts",{"duration":6.080332999999996,"failed":false}],[":tests/endpoints/strategy-routes.test.ts",{"duration":11390.736792,"failed":false}],[":tests/endpoints/apps.test.ts",{"duration":21435.455708999998,"failed":false}],[":tests/lib/events-fetcher.test.ts",{"duration":6.5429169999999885,"failed":false}],[":tests/app-installer.test.ts",{"duration":114.05204099999997,"failed":false}],[":tests/lib/app-tokens-tier.test.ts",{"duration":276.60683300000005,"failed":false}],[":tests/setup-integration/onboarding-e2e.test.ts",{"duration":445.7834579999999,"failed":true}],[":tests/cron/orphan-cleanup.test.ts",{"duration":6.764916999999997,"failed":false}],[":tests/lib/strategy/repository.test.ts",{"duration":28.425665999999865,"failed":false}],[":tests/setup-integration/autonomous-agent.test.ts",{"duration":7.406667000000027,"failed":true}],[":tests/lib/websocket-auth.test.ts",{"duration":235.461,"failed":false}],[":tests/lib/credentials.test.ts",{"duration":7320.739874999999,"failed":false}],[":tests/lib/credential-access.test.ts",{"duration":3.4029999999999916,"failed":false}],[":tests/lib/credential-scope.test.ts",{"duration":3.2806659999999965,"failed":false}],[":tests/endpoints/credential-ops.test.ts",{"duration":3004.8909169999997,"failed":false}],[":tests/endpoints/credentials.test.ts",{"duration":27923.241459,"failed":false}],[":tests/lib/credential-transport.test.ts",{"duration":138.75,"failed":false}],[":tests/lib/credential-vault.test.ts",{"duration":4433.612583,"failed":false}],[":tests/lib/resolve-action.test.ts",{"duration":4.514791000000002,"failed":false}],[":tests/credential-import.test.ts",{"duration":19.897791999999995,"failed":false}],[":tests/endpoints/passkey.test.ts",{"duration":14553.136708,"failed":false}],[":tests/lib/oauth2-refresh.test.ts",{"duration":3.752541000000008,"failed":false}],[":tests/lib/totp.test.ts",{"duration":7.506458999999992,"failed":false}],[":tests/lib/passkey-credential.test.ts",{"duration":9.192250000000001,"failed":false}],[":tests/cli/env.test.ts",{"duration":8.821500000000015,"failed":false}],[":tests/dotenv-parser.test.ts",{"duration":3.3828749999999985,"failed":false}],[":tests/cli/socket.test.ts",{"duration":164.548791,"failed":false}],[":tests/cli/vault.test.ts",{"duration":5.563457999999997,"failed":false}],[":tests/cli/credential-resolve.test.ts",{"duration":2.6654999999999944,"failed":false}],[":tests/cli/env-check-server-vault.test.ts",{"duration":239.821708,"failed":false}],[":tests/e2e-agent/validation.test.ts",{"duration":8.998582999999996,"failed":false}],[":tests/e2e-agent/artifacts.test.ts",{"duration":3.1474170000000044,"failed":false}],[":tests/e2e-agent/ci-lanes.test.ts",{"duration":1.272790999999998,"failed":false}],[":tests/lib/api-registry/validation.test.ts",{"duration":5.377708000000013,"failed":false}],[":tests/lib/aura-parser.test.ts",{"duration":10.007750000000001,"failed":false}],[":tests/lib/agent-auth/contracts.test.ts",{"duration":11.581041999999997,"failed":false}],[":tests/cli/doctor.test.ts",{"duration":9.576459,"failed":false}],[":tests/endpoints/import.test.ts",{"duration":8348.137416,"failed":false}],[":tests/endpoints/passkey-credentials.test.ts",{"duration":2573.4603340000003,"failed":false}],[":tests/lib/credential-health.test.ts",{"duration":3.1082080000000047,"failed":false}],[":tests/lib/agent-profiles.test.ts",{"duration":3.3868339999999932,"failed":false}],[":tests/mcp/profile-policy.test.ts",{"duration":3.01100000000001,"failed":false}],[":tests/endpoints/profile-parity.test.ts",{"duration":9.213209000000006,"failed":true}],[":tests/lib/profile-parity.test.ts",{"duration":1.7047079999999966,"failed":false}],[":tests/endpoints/credential-access-audit.test.ts",{"duration":1768.71025,"failed":false}],[":tests/lib/project-scope.test.ts",{"duration":8.761667000000003,"failed":false}],[":tests/docs/job-docs-validation.test.ts",{"duration":33.986999999999995,"failed":false}],[":tests/endpoints/credential-shares.test.ts",{"duration":6208.950334,"failed":false}],[":tests/lib/task-lifecycle.test.ts",{"duration":7.928124999999994,"failed":false}],[":tests/endpoints/tasks-lifecycle.test.ts",{"duration":191.46470899999997,"failed":false}],[":tests/cli/local-agent-trust.test.ts",{"duration":2.7987499999999983,"failed":false}],[":tests/cli/token.test.ts",{"duration":1.4059579999999983,"failed":false}],[":tests/endpoints/heartbeat.test.ts",{"duration":4575.689417,"failed":false}],[":tests/cli/bin-entrypoint.test.ts",{"duration":4248.5371669999995,"failed":false}],[":tests/sandbox/cli.test.ts",{"duration":332.983625,"failed":false}],[":tests/cli/vault-auth.test.ts",{"duration":195.026916,"failed":false}],[":tests/lib/encrypt.test.ts",{"duration":763.462208,"failed":false}],[":tests/cli/vault-share-gist.test.ts",{"duration":14.503625,"failed":false}],[":tests/lib/secret-gist-share.test.ts",{"duration":1.757791999999995,"failed":false}],[":tests/cli/vault-list-filters.test.ts",{"duration":14.040582999999984,"failed":false}],[":tests/cli/start.test.ts",{"duration":1.8407080000000065,"failed":false}],[":tests/cli/wallet.test.ts",{"duration":1.465874999999997,"failed":false}],[":tests/cli/prompt-select.test.ts",{"duration":4.252083999999996,"failed":false}],[":tests/cli/quickhack.test.ts",{"duration":1.982292000000001,"failed":false}],[":tests/lib/human-action-summary.test.ts",{"duration":2.1798750000000098,"failed":false}],[":tests/pipeline-db/paths.test.ts",{"duration":5.902790999999979,"failed":false}],[":tests/pipeline-db/bootstrap.test.ts",{"duration":39.007125,"failed":false}],[":tests/pipeline-db/snapshot.test.ts",{"duration":29.974833999999987,"failed":false}],[":tests/pipeline-db/dual-write.test.ts",{"duration":60.147583,"failed":false}],[":tests/pipeline-db/importer.test.ts",{"duration":33.614417,"failed":false}],[":tests/pipeline-lifecycle/service.test.ts",{"duration":32.389666000000005,"failed":false}],[":tests/pipeline-lifecycle/taskctl.test.ts",{"duration":2885.294625,"failed":false}],[":tests/pipeline-lifecycle/agent-cron-integration.test.ts",{"duration":28.44970900000004,"failed":false}],[":tests/pipeline-db/cutover-plan.test.ts",{"duration":2.5047919999999806,"failed":false}],[":tests/lib/approval-link.test.ts",{"duration":1.0141670000000005,"failed":false}],[":tests/lib/dont-ask-again-policy.test.ts",{"duration":1.2326669999999922,"failed":false}],[":tests/lib/update-check.test.ts",{"duration":1.4486670000000004,"failed":false}],[":tests/lib/auto-execute.test.ts",{"duration":108.225667,"failed":false}],[":tests/lib/auth-action.test.ts",{"duration":1998.647583,"failed":false}],[":tests/cli/auth-action-flag.test.ts",{"duration":3.1158340000000067,"failed":false}],[":tests/pipeline-lifecycle/tags.test.ts",{"duration":321.27825,"failed":false}],[":tests/endpoints/nuke.test.ts",{"duration":69.0028749999999,"failed":false}],[":tests/endpoints/apikeys.test.ts",{"duration":11085.063833,"failed":false}],[":tests/endpoints/security.test.ts",{"duration":9164.535417000001,"failed":false}],[":tests/endpoints/dashboard.test.ts",{"duration":103.2655420000001,"failed":false}],[":tests/endpoints/logs.test.ts",{"duration":183.44812500000035,"failed":false}],[":tests/endpoints/views.test.ts",{"duration":17.28716600000007,"failed":false}],[":tests/endpoints/flags.test.ts",{"duration":12.482625000000098,"failed":false}],[":tests/endpoints/lock.test.ts",{"duration":11063.760583,"failed":false}],[":tests/endpoints/backup.test.ts",{"duration":6926.148333000001,"failed":false}],[":tests/auth/approval-permissions-regression.test.ts",{"duration":2333.866833,"failed":false}],[":tests/sandbox/cli-cd-suite.test.ts",{"duration":578.572375,"failed":false}],[":tests/mcp/contract.test.ts",{"duration":78.60249999999999,"failed":false}],[":tests/lib/credential-paths.test.ts",{"duration":3899.7734170000003,"failed":false}],[":tests/runtime-vault-smoke.test.ts",{"duration":1521.938291,"failed":false}],[":tests/cli/taskctl-lock-smoke.test.ts",{"duration":0,"failed":false}],[":tests/cli/start-run.test.ts",{"duration":6.923584000000005,"failed":false}],[":tests/cli/restart-run.test.ts",{"duration":4.698082999999997,"failed":false}],[":tests/endpoints/approve-action.test.ts",{"duration":1056.1783329999998,"failed":false}],[":tests/cli/escalation.test.ts",{"duration":3.389707999999999,"failed":false}],[":tests/cli/actions-auth.test.ts",{"duration":39.753000000000014,"failed":false}],[":tests/lib/temp-policy.test.ts",{"duration":2.585374999999999,"failed":false}],[":tests/endpoints/escalation-migration-gate.test.ts",{"duration":11955.108208,"failed":false}],[":tests/lib/escalation-responder.test.ts",{"duration":24.61208400000001,"failed":false}],[":tests/cli/service.test.ts",{"duration":38.05449999999999,"failed":false}],[":tests/cli/init-runtime.test.ts",{"duration":4.873333000000002,"failed":false}],[":tests/cli/agent.test.ts",{"duration":7.902833000000001,"failed":false}],[":tests/runtime-agent-smoke.test.ts",{"duration":1154.7805830000002,"failed":false}],[":tests/endpoints/agent.test.ts",{"duration":6459.912458000001,"failed":false}],[":tests/lib/credential-agent.test.ts",{"duration":3084.496541,"failed":false}],[":tests/cli/agent-auth.test.ts",{"duration":528.433583,"failed":false}],[":tests/cli/agent-share-gist.test.ts",{"duration":16.512332999999984,"failed":false}],[":tests/cli/agent-list-filters.test.ts",{"duration":18.725041000000004,"failed":false}],[":tests/cli/env-check-server-agent.test.ts",{"duration":292.08354199999997,"failed":false}],[":tests/lib/import-from-openclaw-paths.test.ts",{"duration":0,"failed":true}],[":tests/endpoints/agent-profiles.test.ts",{"duration":3425.8750000000005,"failed":false}]]}
1	+ {"version":"4.0.18","results":[[":tests/send.test.ts",{"duration":162.08154100000002,"failed":false}],[":tests/approve.test.ts",{"duration":257.27824999999996,"failed":false}],[":tests/unlock.test.ts",{"duration":213.61050000000003,"failed":false}],[":tests/setup.test.ts",{"duration":128.30779199999998,"failed":false}],[":tests/e2e.test.ts",{"duration":3924.8372500000005,"failed":false}],[":tests/wallet.test.ts",{"duration":1768.446334,"failed":false}],[":tests/auth.test.ts",{"duration":174.709292,"failed":false}],[":tests/fund.test.ts",{"duration":820.6141660000001,"failed":false}],[":tests/integration/agent-flow.test.ts",{"duration":6088.6245,"failed":false}],[":tests/auth/permissions.test.ts",{"duration":6761.803000000001,"failed":false}],[":tests/auth/middleware.test.ts",{"duration":8629.632875,"failed":false}],[":tests/lib/sessions.test.ts",{"duration":171.32058299999994,"failed":false}],[":tests/lib/auth.test.ts",{"duration":4089.3444170000002,"failed":false}],[":tests/endpoints/unlock.test.ts",{"duration":10232.476333999999,"failed":false}],[":tests/endpoints/wallet.test.ts",{"duration":4418.335292,"failed":false}],[":tests/endpoints/approve.test.ts",{"duration":497.64808300000004,"failed":false}],[":tests/endpoints/fund.test.ts",{"duration":1718.8159589999998,"failed":false}],[":tests/endpoints/send.test.ts",{"duration":2154.865875,"failed":false}],[":tests/endpoints/auth.test.ts",{"duration":1208.190834,"failed":false}],[":tests/endpoints/setup.test.ts",{"duration":4987.754667,"failed":false}],[":tests/lib/uniswap.test.ts",{"duration":12.576917000000009,"failed":false}],[":tests/auth/apikeys.test.ts",{"duration":10823.350042,"failed":false}],[":tests/endpoints/wallet-data.test.ts",{"duration":2309.976375,"failed":false}],[":tests/endpoints/swap.test.ts",{"duration":2005.271917,"failed":false}],[":tests/endpoints/token-clearing.test.ts",{"duration":1286.3398750000001,"failed":false}],[":tests/endpoints/rate-limit.test.ts",{"duration":2103.539209,"failed":false}],[":tests/endpoints/solana-swap.test.ts",{"duration":1051.7639170000002,"failed":false}],[":tests/endpoints/solana-wallet.test.ts",{"duration":1333.433125,"failed":false}],[":tests/endpoints/solana-send.test.ts",{"duration":984.4620829999999,"failed":false}],[":tests/lib/sessions-currency.test.ts",{"duration":99.97837500000014,"failed":false}],[":tests/endpoints/solana-fund.test.ts",{"duration":1388.2830829999998,"failed":false}],[":tests/lib/solana-wallet.test.ts",{"duration":145.200958,"failed":false}],[":tests/lib/address.test.ts",{"duration":2.2885830000000027,"failed":false}],[":tests/lib/strategy/sources.test.ts",{"duration":20.033541,"failed":false}],[":tests/lib/strategy/loader.test.ts",{"duration":13.489082999999994,"failed":false}],[":tests/lib/strategy/executor.test.ts",{"duration":9.343333000000001,"failed":false}],[":tests/lib/strategy/state.test.ts",{"duration":9.851000000000013,"failed":false}],[":tests/lib/strategy/hooks.test.ts",{"duration":14.077292,"failed":false}],[":tests/endpoints/widgets.test.ts",{"duration":2127.785625,"failed":false}],[":tests/lib/strategy/message.test.ts",{"duration":113.09245800000002,"failed":false}],[":tests/endpoints/actions.test.ts",{"duration":2485.513375,"failed":false}],[":tests/endpoints/vault.test.ts",{"duration":7419.710874999999,"failed":false}],[":tests/integration/adapter-resolve.test.ts",{"duration":3415.2646250000003,"failed":false}],[":tests/lib/adapters.test.ts",{"duration":42.87712499999998,"failed":false}],[":tests/lib/strategy/tick.test.ts",{"duration":6.5871250000000146,"failed":false}],[":tests/lib/relay.test.ts",{"duration":5.1127500000000055,"failed":false}],[":tests/lib/ai.test.ts",{"duration":6.845791999999989,"failed":false}],[":tests/endpoints/launch.test.ts",{"duration":39822.157459,"failed":false}],[":tests/widget-installer.test.ts",{"duration":154.704459,"failed":false}],[":tests/mcp/tools.test.ts",{"duration":19.034333000000004,"failed":false}],[":tests/ai-integration/scenarios.test.ts",{"duration":7.4487499999999045,"failed":true}],[":tests/mcp/server.test.ts",{"duration":1053.348542,"failed":false}],[":tests/ai-integration/live.test.ts",{"duration":77572.38508299999,"failed":false}],[":tests/auth/apikeys-validate.test.ts",{"duration":10064.624082999999,"failed":false}],[":tests/lib/adapters-test.test.ts",{"duration":24669.032584,"failed":false}],[":tests/setup-integration/wizard-flow.test.ts",{"duration":124.21662500000002,"failed":false}],[":tests/setup-integration/adapter-test.test.ts",{"duration":166.0367080000001,"failed":false}],[":tests/setup-integration/edge-cases.test.ts",{"duration":156.02324999999996,"failed":false}],[":tests/setup-integration/apikey-validation.test.ts",{"duration":147.53583400000002,"failed":false}],[":tests/setup-integration/fresh-setup.test.ts",{"duration":107.81912499999999,"failed":false}],[":tests/lib/network.test.ts",{"duration":9.380416999999994,"failed":false}],[":tests/cli/process.test.ts",{"duration":59.56675,"failed":false}],[":tests/cli/init-steps.test.ts",{"duration":4.803083999999998,"failed":false}],[":tests/cli/init-flow.test.ts",{"duration":2356.2355420000004,"failed":false}],[":tests/cli/http.test.ts",{"duration":1539.509333,"failed":false}],[":tests/lib/verified-summary.test.ts",{"duration":6.6548329999999964,"failed":false}],[":tests/lib/defaults.test.ts",{"duration":60.831541000000016,"failed":false}],[":tests/endpoints/defaults.test.ts",{"duration":5807.414542,"failed":false}],[":tests/lib/adapters-chat.test.ts",{"duration":26.964458999999977,"failed":false}],[":tests/setup-integration/terminal-flow.test.ts",{"duration":248.770042,"failed":false}],[":tests/endpoints/transactions.test.ts",{"duration":1173.7453750000002,"failed":false}],[":tests/cron/scheduler.test.ts",{"duration":10.118041999999988,"failed":false}],[":tests/endpoints/portfolio.test.ts",{"duration":331.652916,"failed":false}],[":tests/cron/native-price.test.ts",{"duration":77.54324999999994,"failed":false}],[":tests/resolve.test.ts",{"duration":13.599375000000009,"failed":false}],[":tests/lib/prices.test.ts",{"duration":54.92983299999992,"failed":false}],[":tests/swap-quote.test.ts",{"duration":959.055208,"failed":false}],[":tests/send-token.test.ts",{"duration":953.917041,"failed":false}],[":tests/endpoints/price.test.ts",{"duration":48.3732500000001,"failed":false}],[":tests/lib/price.test.ts",{"duration":4.861209000000002,"failed":false}],[":tests/endpoints/token-search.test.ts",{"duration":41.01174999999989,"failed":false}],[":tests/lib/token-search.test.ts",{"duration":71.24962500000001,"failed":false}],[":tests/lib/token-safety.test.ts",{"duration":4.6863329999999905,"failed":false}],[":tests/endpoints/token-safety.test.ts",{"duration":42.42004199999997,"failed":false}],[":tests/lib/batch.test.ts",{"duration":5.325082999999992,"failed":false}],[":tests/endpoints/batch.test.ts",{"duration":51.468083999999976,"failed":false}],[":tests/endpoints/token-balance.test.ts",{"duration":33.105999999999995,"failed":false}],[":tests/lib/events-decoder.test.ts",{"duration":4.991375000000005,"failed":false}],[":tests/lib/events-enricher.test.ts",{"duration":5.042708000000005,"failed":false}],[":tests/endpoints/address-transactions.test.ts",{"duration":995.369167,"failed":false}],[":tests/endpoints/bookmarks.test.ts",{"duration":1299.437417,"failed":false}],[":tests/endpoints/addressbook.test.ts",{"duration":1003.398917,"failed":false}],[":tests/lib/strategy/session-logger.test.ts",{"duration":1463.488292,"failed":false}],[":tests/cron/incoming-scan.test.ts",{"duration":342.919041,"failed":false}],[":tests/lib/auto-unlock.test.ts",{"duration":995.2187919999999,"failed":false}],[":tests/lib/widget-tokens-tier.test.ts",{"duration":226.36699999999996,"failed":false}],[":tests/cron/strategy-runner.test.ts",{"duration":6.173999999999992,"failed":false}],[":tests/endpoints/strategy-routes.test.ts",{"duration":10984.715292,"failed":false}],[":tests/endpoints/apps.test.ts",{"duration":20728.988500000003,"failed":false}],[":tests/lib/events-fetcher.test.ts",{"duration":6.63654200000002,"failed":false}],[":tests/app-installer.test.ts",{"duration":121.90758300000002,"failed":false}],[":tests/lib/app-tokens-tier.test.ts",{"duration":273.176875,"failed":false}],[":tests/setup-integration/onboarding-e2e.test.ts",{"duration":445.7834579999999,"failed":true}],[":tests/cron/orphan-cleanup.test.ts",{"duration":6.969750000000005,"failed":false}],[":tests/lib/strategy/repository.test.ts",{"duration":38.93041599999992,"failed":false}],[":tests/setup-integration/autonomous-agent.test.ts",{"duration":7.406667000000027,"failed":true}],[":tests/lib/websocket-auth.test.ts",{"duration":224.16829199999998,"failed":false}],[":tests/lib/credentials.test.ts",{"duration":7162.027333,"failed":false}],[":tests/lib/credential-access.test.ts",{"duration":4.621292000000011,"failed":false}],[":tests/lib/credential-scope.test.ts",{"duration":3.140375000000006,"failed":false}],[":tests/endpoints/credential-ops.test.ts",{"duration":2956.245,"failed":false}],[":tests/endpoints/credentials.test.ts",{"duration":26834.984207999998,"failed":false}],[":tests/lib/credential-transport.test.ts",{"duration":116.04087499999997,"failed":false}],[":tests/lib/credential-vault.test.ts",{"duration":4433.612583,"failed":false}],[":tests/lib/resolve-action.test.ts",{"duration":4.583040999999994,"failed":false}],[":tests/credential-import.test.ts",{"duration":18.054874999999996,"failed":false}],[":tests/endpoints/passkey.test.ts",{"duration":13870.052208000001,"failed":false}],[":tests/lib/oauth2-refresh.test.ts",{"duration":3.757000000000005,"failed":false}],[":tests/lib/totp.test.ts",{"duration":6.120041999999998,"failed":false}],[":tests/lib/passkey-credential.test.ts",{"duration":7.424291999999994,"failed":false}],[":tests/cli/env.test.ts",{"duration":7.1997499999999945,"failed":false}],[":tests/dotenv-parser.test.ts",{"duration":7.199292,"failed":false}],[":tests/cli/socket.test.ts",{"duration":185.29004200000003,"failed":false}],[":tests/cli/vault.test.ts",{"duration":5.563457999999997,"failed":false}],[":tests/cli/credential-resolve.test.ts",{"duration":2.5222920000000073,"failed":false}],[":tests/cli/env-check-server-vault.test.ts",{"duration":239.821708,"failed":false}],[":tests/e2e-agent/validation.test.ts",{"duration":8.834457999999984,"failed":false}],[":tests/e2e-agent/artifacts.test.ts",{"duration":2.4147920000000056,"failed":false}],[":tests/e2e-agent/ci-lanes.test.ts",{"duration":1.2617089999999962,"failed":false}],[":tests/lib/api-registry/validation.test.ts",{"duration":5.282042000000004,"failed":false}],[":tests/lib/aura-parser.test.ts",{"duration":8.742790999999997,"failed":false}],[":tests/lib/agent-auth/contracts.test.ts",{"duration":7.681333000000009,"failed":false}],[":tests/cli/doctor.test.ts",{"duration":9.505791999999985,"failed":false}],[":tests/endpoints/import.test.ts",{"duration":8501.442541999999,"failed":false}],[":tests/endpoints/passkey-credentials.test.ts",{"duration":2548.2423750000003,"failed":false}],[":tests/lib/credential-health.test.ts",{"duration":2.742500000000007,"failed":false}],[":tests/lib/agent-profiles.test.ts",{"duration":4.791916000000015,"failed":false}],[":tests/mcp/profile-policy.test.ts",{"duration":3.4552499999999924,"failed":false}],[":tests/endpoints/profile-parity.test.ts",{"duration":9.213209000000006,"failed":true}],[":tests/lib/profile-parity.test.ts",{"duration":1.5870000000000033,"failed":false}],[":tests/endpoints/credential-access-audit.test.ts",{"duration":1706.509292,"failed":false}],[":tests/lib/project-scope.test.ts",{"duration":6.9360420000000005,"failed":false}],[":tests/docs/job-docs-validation.test.ts",{"duration":29.556416999999996,"failed":false}],[":tests/endpoints/credential-shares.test.ts",{"duration":5810.327,"failed":false}],[":tests/lib/task-lifecycle.test.ts",{"duration":7.928124999999994,"failed":false}],[":tests/endpoints/tasks-lifecycle.test.ts",{"duration":191.46470899999997,"failed":false}],[":tests/cli/local-agent-trust.test.ts",{"duration":4.082082999999997,"failed":false}],[":tests/cli/token.test.ts",{"duration":1.5038330000000002,"failed":false}],[":tests/endpoints/heartbeat.test.ts",{"duration":4186.430625,"failed":false}],[":tests/cli/bin-entrypoint.test.ts",{"duration":3969.1315409999997,"failed":false}],[":tests/sandbox/cli.test.ts",{"duration":289.17449999999997,"failed":false}],[":tests/cli/vault-auth.test.ts",{"duration":195.026916,"failed":false}],[":tests/lib/encrypt.test.ts",{"duration":739.814959,"failed":false}],[":tests/cli/vault-share-gist.test.ts",{"duration":14.503625,"failed":false}],[":tests/lib/secret-gist-share.test.ts",{"duration":1.593874999999997,"failed":false}],[":tests/cli/vault-list-filters.test.ts",{"duration":14.040582999999984,"failed":false}],[":tests/cli/start.test.ts",{"duration":1.595084,"failed":false}],[":tests/cli/wallet.test.ts",{"duration":1.361959000000013,"failed":false}],[":tests/cli/prompt-select.test.ts",{"duration":4.046291999999994,"failed":false}],[":tests/cli/quickhack.test.ts",{"duration":2.6738749999999953,"failed":false}],[":tests/lib/human-action-summary.test.ts",{"duration":2.1484590000000026,"failed":false}],[":tests/pipeline-db/paths.test.ts",{"duration":5.902790999999979,"failed":false}],[":tests/pipeline-db/bootstrap.test.ts",{"duration":39.007125,"failed":false}],[":tests/pipeline-db/snapshot.test.ts",{"duration":29.974833999999987,"failed":false}],[":tests/pipeline-db/dual-write.test.ts",{"duration":60.147583,"failed":false}],[":tests/pipeline-db/importer.test.ts",{"duration":33.614417,"failed":false}],[":tests/pipeline-lifecycle/service.test.ts",{"duration":32.389666000000005,"failed":false}],[":tests/pipeline-lifecycle/taskctl.test.ts",{"duration":2885.294625,"failed":false}],[":tests/pipeline-lifecycle/agent-cron-integration.test.ts",{"duration":28.44970900000004,"failed":false}],[":tests/pipeline-db/cutover-plan.test.ts",{"duration":2.5047919999999806,"failed":false}],[":tests/lib/approval-link.test.ts",{"duration":1.0255830000000046,"failed":false}],[":tests/lib/dont-ask-again-policy.test.ts",{"duration":1.217250000000007,"failed":false}],[":tests/lib/update-check.test.ts",{"duration":1.3213750000000033,"failed":false}],[":tests/lib/auto-execute.test.ts",{"duration":108.23875000000001,"failed":false}],[":tests/lib/auth-action.test.ts",{"duration":1955.904625,"failed":false}],[":tests/cli/auth-action-flag.test.ts",{"duration":3.093834000000001,"failed":false}],[":tests/pipeline-lifecycle/tags.test.ts",{"duration":321.27825,"failed":false}],[":tests/endpoints/nuke.test.ts",{"duration":69.0028749999999,"failed":false}],[":tests/endpoints/apikeys.test.ts",{"duration":11085.063833,"failed":false}],[":tests/endpoints/security.test.ts",{"duration":9164.535417000001,"failed":false}],[":tests/endpoints/dashboard.test.ts",{"duration":103.2655420000001,"failed":false}],[":tests/endpoints/logs.test.ts",{"duration":183.44812500000035,"failed":false}],[":tests/endpoints/views.test.ts",{"duration":17.28716600000007,"failed":false}],[":tests/endpoints/flags.test.ts",{"duration":12.482625000000098,"failed":false}],[":tests/endpoints/lock.test.ts",{"duration":11063.760583,"failed":false}],[":tests/endpoints/backup.test.ts",{"duration":6926.148333000001,"failed":false}],[":tests/auth/approval-permissions-regression.test.ts",{"duration":2318.2909170000003,"failed":false}],[":tests/sandbox/cli-cd-suite.test.ts",{"duration":615.319,"failed":false}],[":tests/mcp/contract.test.ts",{"duration":104.87708299999998,"failed":false}],[":tests/lib/credential-paths.test.ts",{"duration":3863.718,"failed":false}],[":tests/runtime-vault-smoke.test.ts",{"duration":1521.938291,"failed":false}],[":tests/cli/taskctl-lock-smoke.test.ts",{"duration":0,"failed":false}],[":tests/cli/start-run.test.ts",{"duration":5.826916999999995,"failed":false}],[":tests/cli/restart-run.test.ts",{"duration":4.38683300000001,"failed":false}],[":tests/endpoints/approve-action.test.ts",{"duration":1019.0898749999999,"failed":false}],[":tests/cli/escalation.test.ts",{"duration":2.666415999999998,"failed":false}],[":tests/cli/actions-auth.test.ts",{"duration":21.518292000000002,"failed":false}],[":tests/lib/temp-policy.test.ts",{"duration":2.778499999999994,"failed":false}],[":tests/endpoints/escalation-migration-gate.test.ts",{"duration":11809.859042,"failed":false}],[":tests/lib/escalation-responder.test.ts",{"duration":30.654416999999995,"failed":false}],[":tests/cli/service.test.ts",{"duration":37.195584,"failed":false}],[":tests/cli/init-runtime.test.ts",{"duration":4.815833999999995,"failed":false}],[":tests/cli/agent.test.ts",{"duration":4.056166999999988,"failed":false}],[":tests/runtime-agent-smoke.test.ts",{"duration":1155.657334,"failed":false}],[":tests/endpoints/agent.test.ts",{"duration":5853.5660419999995,"failed":false}],[":tests/lib/credential-agent.test.ts",{"duration":3026.8250000000003,"failed":false}],[":tests/cli/agent-auth.test.ts",{"duration":540.6860419999999,"failed":false}],[":tests/cli/agent-share-gist.test.ts",{"duration":27.42041599999999,"failed":false}],[":tests/cli/agent-list-filters.test.ts",{"duration":12.318375000000003,"failed":false}],[":tests/cli/env-check-server-agent.test.ts",{"duration":379.80316700000003,"failed":false}],[":tests/lib/import-from-openclaw-paths.test.ts",{"duration":0,"failed":true}],[":tests/endpoints/agent-profiles.test.ts",{"duration":3356.1236670000003,"failed":false}]]}

package/src/server/routes/credentials.ts CHANGED Viewed

@@ -51,6 +51,7 @@ import {
   summarizeCredentialHealthFlags,
 } from '../lib/credential-health';
 import {
+  canonicalizeCredentialFieldKey,
   NOTE_CONTENT_KEY,
   getCredentialFieldValue,
   normalizeCredentialFieldsForType,
@@ -480,6 +481,40 @@ function parseRequestedPolicyInput(body: unknown): {
   };
 }
+function parseRequestedReadFieldsInput(
+  body: unknown,
+  credentialType: CredentialType,
+): { requestedFields: string[]; requestsAllFields: boolean } {
+  const bodyPayload = body && typeof body === 'object' && !Array.isArray(body)
+    ? body as Record<string, unknown>
+    : {};
+  const requestedFieldsRaw: string[] = [];
+  const appendRequestedField = (value: unknown): void => {
+    if (typeof value !== 'string') return;
+    const trimmed = value.trim();
+    if (!trimmed) return;
+    requestedFieldsRaw.push(trimmed);
+  };
+  if (Array.isArray(bodyPayload.requestedFields)) {
+    for (const value of bodyPayload.requestedFields) {
+      appendRequestedField(value);
+    }
+  }
+  appendRequestedField(bodyPayload.requestedField);
+  appendRequestedField(bodyPayload.field);
+  const requestsAllFields = requestedFieldsRaw.some((value) => value === '*');
+  const requestedFields = Array.from(new Set(
+    requestedFieldsRaw
+      .filter((value) => value !== '*')
+      .map((value) => normalizeScope(canonicalizeCredentialFieldKey(credentialType, value))),
+  ));
+  return { requestedFields, requestsAllFields };
+}
 function buildCredentialRouteContract(input: {
   routeId: CredentialRouteContractId;
   credentialId: string;
@@ -1817,13 +1852,21 @@ router.post('/:id/read', async (req: Request<{ id: string }>, res: Response) =>
       ? []
       : resolveExcludeFields(auth.token.credentialAccess?.excludeFields, credential.type);
     const baseExcludedNormalized = new Set(baseExclude.map(field => normalizeScope(field)));
+    const requestedReadFields = parseRequestedReadFieldsInput(req.body, credential.type);
+    const excludedFieldsPresent = Array.from(new Set(
+      secrets
+        .map((field) => normalizeScope(field.key))
+        .filter((fieldKey) => baseExcludedNormalized.has(fieldKey)),
+    ));
     const requestedExcludedFields = isAdmin(auth)
       ? []
-      : Array.from(new Set(
-          secrets
-            .map((field) => field.key)
-            .filter((fieldKey) => baseExcludedNormalized.has(normalizeScope(fieldKey))),
-        ));
+      : requestedReadFields.requestsAllFields
+        ? excludedFieldsPresent
+        : Array.from(new Set(
+            requestedReadFields.requestedFields
+              .map((field) => normalizeScope(field))
+              .filter((fieldKey) => baseExcludedNormalized.has(fieldKey)),
+          ));
     if (requestedExcludedFields.length > 0) {
       const approvalTtl = await resolveOneShotApprovalTtl(auth);
       const approvalSummaryBase = `${auth.token.agentId || 'agent'} requests excluded fields (${requestedExcludedFields.join(', ')}) from credential "${credential.name}"`;

package/src/server/tests/cli/agent-auth.test.ts CHANGED Viewed

@@ -23,6 +23,15 @@ function hasClaimSecret(init: RequestInit | undefined, expected: string): boolea
   return false;
 }
+function makeTestAgentToken(permissions: string[]): string {
+  const payload = Buffer.from(JSON.stringify({
+    agentId: 'cli-agent',
+    permissions,
+    exp: Date.now() + 60_000,
+  }), 'utf8').toString('base64url');
+  return `${payload}.sig`;
+}
 const mocks = vi.hoisted(() => ({
   bootstrapViaSocket: vi.fn(),
   bootstrapViaAuthRequest: vi.fn(),
@@ -1234,6 +1243,44 @@ describe('agent CLI auth behavior', () => {
     expect(getApprovalContext('req-rejected')).not.toBeNull();
   });
+  it('auth claim maps 200 rejected status to claim_rejected and clears context', async () => {
+    process.env.WALLET_DATA_DIR = fs.mkdtempSync(path.join(os.tmpdir(), 'auramaxx-agent-auth-'));
+    putApprovalContext({
+      reqId: 'req-rejected-status',
+      secret: 'sec-rejected-status',
+      privateKeyPem: 'mock-private-key',
+      approvalScope: 'session_token',
+      ttlSeconds: 300,
+      retryCommandTemplate: 'npx auramaxx agent get "github" --reqId <reqId>',
+    });
+    vi.spyOn(globalThis, 'fetch').mockImplementation(async (input: RequestInfo | URL, init?: RequestInit) => {
+      const url = new URL(typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url);
+      const method = init?.method || 'GET';
+      if (url.pathname === '/auth/req-rejected-status' && method === 'GET' && hasClaimSecret(init, 'sec-rejected-status')) {
+        return new Response(JSON.stringify({ success: true, status: 'rejected' }), {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        });
+      }
+      throw new Error(`Unexpected fetch path: ${method} ${url.pathname}${url.search}`);
+    });
+    const logSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    const exitCode = await runAuthCli(['claim', 'req-rejected-status', '--json']);
+    expect(exitCode).toBe(1);
+    const payload = JSON.parse(String(logSpy.mock.calls[0][0])) as {
+      claimStatus?: string;
+      errorCode?: string;
+      retryReady?: boolean;
+    };
+    expect(payload.claimStatus).toBe('rejected');
+    expect(payload.errorCode).toBe('claim_rejected');
+    expect(payload.retryReady).toBe(false);
+    expect(getApprovalContext('req-rejected-status')).toBeNull();
+  });
   it('auth request --help exits without creating an auth request', async () => {
     const fetchSpy = vi.spyOn(globalThis, 'fetch').mockImplementation(async () => {
       throw new Error('fetch should not run for --help');
@@ -1489,4 +1536,71 @@ describe('agent CLI auth behavior', () => {
     expect(mocks.createReadToken.mock.calls[0]?.[1]).toBe('fallback-auth-token');
     expect(logSpy).toHaveBeenCalledWith('enc(gh-secret)');
   });
+  it('skips delegated read token mint when fallback token is parseable non-admin', async () => {
+    const nonAdminToken = makeTestAgentToken(['secret:read']);
+    mocks.bootstrapViaSocket.mockRejectedValueOnce(new Error('Cannot connect to AuraMaxx: connect ENOENT /tmp/aura-cli.sock'));
+    mocks.bootstrapViaAuthRequest.mockResolvedValueOnce(nonAdminToken);
+    mocks.generateEphemeralKeypair.mockReturnValueOnce({
+      publicKeyPem: 'ephemeral-public-key',
+      privateKeyPem: 'ephemeral-private-key',
+      publicKeyBase64: Buffer.from('ephemeral-public-key', 'utf8').toString('base64'),
+    });
+    mocks.decryptWithPrivateKey.mockImplementation((encrypted: string, privateKeyPem: string) => {
+      expect(privateKeyPem).toBe('ephemeral-private-key');
+      return encrypted;
+    });
+    vi.spyOn(globalThis, 'fetch').mockImplementation(async (input: RequestInfo | URL, init?: RequestInit) => {
+      const url = new URL(typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url);
+      const method = init?.method || 'GET';
+      if (url.pathname === '/credentials' && method === 'GET' && url.searchParams.get('q') === 'github') {
+        return new Response(JSON.stringify({
+          credentials: [{
+            id: 'cred-github',
+            name: 'github',
+            type: 'note',
+            agentId: 'primary',
+            meta: {},
+          }],
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+      if (url.pathname === '/setup/agents' && method === 'GET') {
+        return new Response(JSON.stringify({
+          agents: [{ id: 'primary', name: 'primary', isPrimary: true }],
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+      if (url.pathname === '/setup' && method === 'GET') {
+        return new Response(JSON.stringify({ projectScopeMode: 'auto' }), {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        });
+      }
+      if (url.pathname === '/credentials/cred-github/read' && method === 'POST') {
+        const headers = init?.headers as Record<string, string>;
+        expect(headers.Authorization).toBe(`Bearer ${nonAdminToken}`);
+        return new Response(JSON.stringify({
+          encrypted: JSON.stringify({
+            id: 'cred-github',
+            agentId: 'primary',
+            type: 'note',
+            fields: [{ key: 'value', value: 'gh-secret', sensitive: true }],
+          }),
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+      throw new Error(`Unexpected fetch path: ${method} ${url.pathname}${url.search}`);
+    });
+    const logSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    const exitCode = await runAgentCli(['get', 'github']);
+    expect(exitCode).toBe(0);
+    expect(mocks.createReadToken).not.toHaveBeenCalled();
+    expect(logSpy).toHaveBeenCalledWith('enc(gh-secret)');
+  });
 });

package/src/server/tests/cli/local-agent-trust.test.ts CHANGED Viewed

@@ -19,15 +19,20 @@ describe('local agent trust helpers', () => {
   });
   it('resolves mode selection for numbered and named inputs', () => {
-    expect(resolveLocalAgentModeChoice('')).toBe('dev');
-    expect(resolveLocalAgentModeChoice('1')).toBe('dev');
+    expect(resolveLocalAgentModeChoice('')).toBe('admin');
+    expect(resolveLocalAgentModeChoice('1')).toBe('admin');
+    expect(resolveLocalAgentModeChoice('maxx')).toBe('admin');
+    expect(resolveLocalAgentModeChoice('work')).toBe('admin');
+    expect(resolveLocalAgentModeChoice('admin')).toBe('admin');
+    expect(resolveLocalAgentModeChoice('2')).toBe('dev');
+    expect(resolveLocalAgentModeChoice('mid')).toBe('dev');
     expect(resolveLocalAgentModeChoice('dev')).toBe('dev');
-    expect(resolveLocalAgentModeChoice('2')).toBe('strict');
+    expect(resolveLocalAgentModeChoice('3')).toBe('strict');
+    expect(resolveLocalAgentModeChoice('sus')).toBe('strict');
+    expect(resolveLocalAgentModeChoice('local')).toBe('strict');
     expect(resolveLocalAgentModeChoice('strict')).toBe('strict');
-    expect(resolveLocalAgentModeChoice('3')).toBe('admin');
-    expect(resolveLocalAgentModeChoice('admin')).toBe('admin');
   });
   it('derives auto-approve defaults per profile mode', () => {