auramaxx 0.0.13 → 0.0.15

package/src/server/tests/cli/agent-auth.test.ts

@@ -23,6 +23,15 @@ function hasClaimSecret(init: RequestInit | undefined, expected: string): boolea
   return false;
 }
 
+function makeTestAgentToken(permissions: string[]): string {
+  const payload = Buffer.from(JSON.stringify({
+    agentId: 'cli-agent',
+    permissions,
+    exp: Date.now() + 60_000,
+  }), 'utf8').toString('base64url');
+  return `${payload}.sig`;
+}
+
 const mocks = vi.hoisted(() => ({
   bootstrapViaSocket: vi.fn(),
   bootstrapViaAuthRequest: vi.fn(),
@@ -204,6 +213,82 @@ describe('agent CLI auth behavior', () => {
     expect(mocks.bootstrapViaAuthRequest).not.toHaveBeenCalled();
   });
 
+  it('inject honors --field by requesting and injecting that exact field', async () => {
+    mocks.bootstrapViaSocket.mockResolvedValueOnce('socket-token');
+    mocks.createReadToken.mockResolvedValueOnce('read-token');
+    mocks.decryptWithPrivateKey.mockImplementation((v: string) => v);
+
+    const readRequestBodies: Array<{ requestedFields?: string[] }> = [];
+
+    vi.spyOn(globalThis, 'fetch').mockImplementation(async (input: RequestInfo | URL, init?: RequestInit) => {
+      const url = new URL(typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url);
+      const method = init?.method || 'GET';
+
+      if (url.pathname === '/credentials' && method === 'GET' && url.searchParams.get('q') === 'visa_7890') {
+        return new Response(JSON.stringify({
+          credentials: [{
+            id: 'cred-card',
+            name: 'visa_7890',
+            type: 'card',
+            agentId: 'primary',
+            meta: {},
+          }],
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+
+      if (url.pathname === '/setup/agents' && method === 'GET') {
+        return new Response(JSON.stringify({
+          agents: [{ id: 'primary', name: 'primary', isPrimary: true }],
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+
+      if (url.pathname === '/setup' && method === 'GET') {
+        return new Response(JSON.stringify({ projectScopeMode: 'auto' }), {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        });
+      }
+
+      if (url.pathname === '/credentials/cred-card/read' && method === 'POST') {
+        if (typeof init?.body === 'string') {
+          readRequestBodies.push(JSON.parse(init.body) as { requestedFields?: string[] });
+        } else {
+          readRequestBodies.push({});
+        }
+        return new Response(JSON.stringify({
+          encrypted: JSON.stringify({
+            id: 'cred-card',
+            agentId: 'primary',
+            type: 'card',
+            fields: [
+              { key: 'number', value: '1234567890', sensitive: true },
+              { key: 'cvv', value: '123', sensitive: true },
+            ],
+          }),
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+
+      throw new Error(`Unexpected fetch path: ${method} ${url.pathname}${url.search}`);
+    });
+
+    const exitCode = await runAgentCli([
+      'inject',
+      'visa_7890',
+      '--field',
+      'cvv',
+      '--env',
+      'VISA_CVV',
+      '--',
+      'node',
+      '-e',
+      "process.exit(process.env.VISA_CVV === '123' ? 0 : 9)",
+    ]);
+
+    expect(exitCode).toBe(0);
+    expect(readRequestBodies).toHaveLength(1);
+    expect(readRequestBodies[0]?.requestedFields).toEqual(['cvv']);
+  });
+
   it('list supports --agent filter by name or id', async () => {
     mocks.bootstrapViaSocket.mockResolvedValue('socket-token');
 
@@ -1234,6 +1319,44 @@ describe('agent CLI auth behavior', () => {
     expect(getApprovalContext('req-rejected')).not.toBeNull();
   });
 
+  it('auth claim maps 200 rejected status to claim_rejected and clears context', async () => {
+    process.env.WALLET_DATA_DIR = fs.mkdtempSync(path.join(os.tmpdir(), 'auramaxx-agent-auth-'));
+    putApprovalContext({
+      reqId: 'req-rejected-status',
+      secret: 'sec-rejected-status',
+      privateKeyPem: 'mock-private-key',
+      approvalScope: 'session_token',
+      ttlSeconds: 300,
+      retryCommandTemplate: 'npx auramaxx agent get "github" --reqId <reqId>',
+    });
+
+    vi.spyOn(globalThis, 'fetch').mockImplementation(async (input: RequestInfo | URL, init?: RequestInit) => {
+      const url = new URL(typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url);
+      const method = init?.method || 'GET';
+      if (url.pathname === '/auth/req-rejected-status' && method === 'GET' && hasClaimSecret(init, 'sec-rejected-status')) {
+        return new Response(JSON.stringify({ success: true, status: 'rejected' }), {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        });
+      }
+      throw new Error(`Unexpected fetch path: ${method} ${url.pathname}${url.search}`);
+    });
+
+    const logSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    const exitCode = await runAuthCli(['claim', 'req-rejected-status', '--json']);
+    expect(exitCode).toBe(1);
+
+    const payload = JSON.parse(String(logSpy.mock.calls[0][0])) as {
+      claimStatus?: string;
+      errorCode?: string;
+      retryReady?: boolean;
+    };
+    expect(payload.claimStatus).toBe('rejected');
+    expect(payload.errorCode).toBe('claim_rejected');
+    expect(payload.retryReady).toBe(false);
+    expect(getApprovalContext('req-rejected-status')).toBeNull();
+  });
+
   it('auth request --help exits without creating an auth request', async () => {
     const fetchSpy = vi.spyOn(globalThis, 'fetch').mockImplementation(async () => {
       throw new Error('fetch should not run for --help');
@@ -1489,4 +1612,71 @@ describe('agent CLI auth behavior', () => {
     expect(mocks.createReadToken.mock.calls[0]?.[1]).toBe('fallback-auth-token');
     expect(logSpy).toHaveBeenCalledWith('enc(gh-secret)');
   });
+
+  it('skips delegated read token mint when fallback token is parseable non-admin', async () => {
+    const nonAdminToken = makeTestAgentToken(['secret:read']);
+    mocks.bootstrapViaSocket.mockRejectedValueOnce(new Error('Cannot connect to AuraMaxx: connect ENOENT /tmp/aura-cli.sock'));
+    mocks.bootstrapViaAuthRequest.mockResolvedValueOnce(nonAdminToken);
+    mocks.generateEphemeralKeypair.mockReturnValueOnce({
+      publicKeyPem: 'ephemeral-public-key',
+      privateKeyPem: 'ephemeral-private-key',
+      publicKeyBase64: Buffer.from('ephemeral-public-key', 'utf8').toString('base64'),
+    });
+    mocks.decryptWithPrivateKey.mockImplementation((encrypted: string, privateKeyPem: string) => {
+      expect(privateKeyPem).toBe('ephemeral-private-key');
+      return encrypted;
+    });
+
+    vi.spyOn(globalThis, 'fetch').mockImplementation(async (input: RequestInfo | URL, init?: RequestInit) => {
+      const url = new URL(typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url);
+      const method = init?.method || 'GET';
+
+      if (url.pathname === '/credentials' && method === 'GET' && url.searchParams.get('q') === 'github') {
+        return new Response(JSON.stringify({
+          credentials: [{
+            id: 'cred-github',
+            name: 'github',
+            type: 'note',
+            agentId: 'primary',
+            meta: {},
+          }],
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+
+      if (url.pathname === '/setup/agents' && method === 'GET') {
+        return new Response(JSON.stringify({
+          agents: [{ id: 'primary', name: 'primary', isPrimary: true }],
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+
+      if (url.pathname === '/setup' && method === 'GET') {
+        return new Response(JSON.stringify({ projectScopeMode: 'auto' }), {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        });
+      }
+
+      if (url.pathname === '/credentials/cred-github/read' && method === 'POST') {
+        const headers = init?.headers as Record<string, string>;
+        expect(headers.Authorization).toBe(`Bearer ${nonAdminToken}`);
+        return new Response(JSON.stringify({
+          encrypted: JSON.stringify({
+            id: 'cred-github',
+            agentId: 'primary',
+            type: 'note',
+            fields: [{ key: 'value', value: 'gh-secret', sensitive: true }],
+          }),
+        }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+      }
+
+      throw new Error(`Unexpected fetch path: ${method} ${url.pathname}${url.search}`);
+    });
+
+    const logSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    const exitCode = await runAgentCli(['get', 'github']);
+
+    expect(exitCode).toBe(0);
+    expect(mocks.createReadToken).not.toHaveBeenCalled();
+    expect(logSpy).toHaveBeenCalledWith('enc(gh-secret)');
+  });
 });

package/src/server/tests/cli/local-agent-trust.test.ts

@@ -19,15 +19,20 @@ describe('local agent trust helpers', () => {
   });
 
   it('resolves mode selection for numbered and named inputs', () => {
-    expect(resolveLocalAgentModeChoice('')).toBe('dev');
-    expect(resolveLocalAgentModeChoice('1')).toBe('dev');
+    expect(resolveLocalAgentModeChoice('')).toBe('admin');
+    expect(resolveLocalAgentModeChoice('1')).toBe('admin');
+    expect(resolveLocalAgentModeChoice('maxx')).toBe('admin');
+    expect(resolveLocalAgentModeChoice('work')).toBe('admin');
+    expect(resolveLocalAgentModeChoice('admin')).toBe('admin');
+
+    expect(resolveLocalAgentModeChoice('2')).toBe('dev');
+    expect(resolveLocalAgentModeChoice('mid')).toBe('dev');
     expect(resolveLocalAgentModeChoice('dev')).toBe('dev');
 
-    expect(resolveLocalAgentModeChoice('2')).toBe('strict');
+    expect(resolveLocalAgentModeChoice('3')).toBe('strict');
+    expect(resolveLocalAgentModeChoice('sus')).toBe('strict');
+    expect(resolveLocalAgentModeChoice('local')).toBe('strict');
     expect(resolveLocalAgentModeChoice('strict')).toBe('strict');
-
-    expect(resolveLocalAgentModeChoice('3')).toBe('admin');
-    expect(resolveLocalAgentModeChoice('admin')).toBe('admin');
   });
 
   it('derives auto-approve defaults per profile mode', () => {

package/src/server/tests/endpoints/credentials.test.ts

@@ -329,7 +329,7 @@ describe('Credential Endpoints', () => {
     expect(getDeletedRes.status).toBe(404);
   });
 
-  it('should request human approval when default excluded fields are present in credential reads', async () => {
+  it('should only request human approval when excluded fields are explicitly requested', async () => {
     const { publicKey, privateKey } = generateKeyPairSync('rsa', {
       modulusLength: 2048,
       publicKeyEncoding: { type: 'spki', format: 'pem' },
@@ -391,21 +391,39 @@ describe('Credential Endpoints', () => {
       .post(`/credentials/${loginId}/read`)
       .set('Authorization', `Bearer ${token}`)
       .send({});
-    expect(loginRead.status).toBe(403);
-    expect(loginRead.body.reasonCode).toBe('DENY_EXCLUDED_FIELD');
-    expect(loginRead.body.requiresHumanApproval).toBe(true);
-    const loginReqId = (loginRead.body.reqId ?? loginRead.body.requestId) as string | undefined;
+    expect(loginRead.status).toBe(200);
+    const loginDecrypted = decryptCredentialPayload(loginRead.body.encrypted, privateKey);
+    expect(loginDecrypted.fields.map((field) => field.key)).not.toContain('password');
+    expect(loginDecrypted.fields.map((field) => field.key)).toContain('notes');
+
+    const cardRead = await request(app)
+      .post(`/credentials/${cardId}/read`)
+      .set('Authorization', `Bearer ${token}`)
+      .send({});
+    expect(cardRead.status).toBe(200);
+    const cardDecrypted = decryptCredentialPayload(cardRead.body.encrypted, privateKey);
+    expect(cardDecrypted.fields.map((field) => field.key)).toContain('number');
+    expect(cardDecrypted.fields.map((field) => field.key)).not.toContain('cvv');
+
+    const loginExplicitRead = await request(app)
+      .post(`/credentials/${loginId}/read`)
+      .set('Authorization', `Bearer ${token}`)
+      .send({ requestedFields: ['password'] });
+    expect(loginExplicitRead.status).toBe(403);
+    expect(loginExplicitRead.body.reasonCode).toBe('DENY_EXCLUDED_FIELD');
+    expect(loginExplicitRead.body.requiresHumanApproval).toBe(true);
+    const loginReqId = (loginExplicitRead.body.reqId ?? loginExplicitRead.body.requestId) as string | undefined;
     expect(typeof loginReqId).toBe('string');
-    expect(typeof loginRead.body.secret).toBe('string');
+    expect(typeof loginExplicitRead.body.secret).toBe('string');
     const expectedPollUrl = `http://127.0.0.1:4242/auth/${encodeURIComponent(loginReqId as string)}`;
-    expect(loginRead.body.pollUrl).toBe(expectedPollUrl);
-    expect(loginRead.body.claim).toMatchObject({
+    expect(loginExplicitRead.body.pollUrl).toBe(expectedPollUrl);
+    expect(loginExplicitRead.body.claim).toMatchObject({
       method: 'GET',
       endpoint: `/auth/${encodeURIComponent(loginReqId as string)}`,
     });
-    expect(loginRead.body.approvalFlow?.mode).toBe('one_time_scoped_read');
-    expect(loginRead.body.requestedFields).toEqual(expect.arrayContaining(['password']));
-    expect(loginRead.body.effectiveExcludeFields).toEqual(expect.arrayContaining(['password']));
+    expect(loginExplicitRead.body.approvalFlow?.mode).toBe('one_time_scoped_read');
+    expect(loginExplicitRead.body.requestedFields).toEqual(expect.arrayContaining(['password']));
+    expect(loginExplicitRead.body.effectiveExcludeFields).toEqual(expect.arrayContaining(['password']));
 
     const loginApproval = await testPrisma.humanAction.findUnique({
       where: { id: loginReqId as string },
@@ -426,13 +444,13 @@ describe('Credential Endpoints', () => {
     expect(loginApprovalMeta.credentialAccess?.maxReads).toBe(1);
     expect(loginApprovalMeta.credentialAccess?.ttl).toBe(300);
 
-    const cardRead = await request(app)
+    const cardExplicitRead = await request(app)
       .post(`/credentials/${cardId}/read`)
       .set('Authorization', `Bearer ${token}`)
-      .send({});
-    expect(cardRead.status).toBe(403);
-    expect(cardRead.body.reasonCode).toBe('DENY_EXCLUDED_FIELD');
-    expect(cardRead.body.requestedFields).toEqual(expect.arrayContaining(['cvv']));
+      .send({ requestedFields: ['cvv'] });
+    expect(cardExplicitRead.status).toBe(403);
+    expect(cardExplicitRead.body.reasonCode).toBe('DENY_EXCLUDED_FIELD');
+    expect(cardExplicitRead.body.requestedFields).toEqual(expect.arrayContaining(['cvv']));
   });
 
   it('should issue scoped temporary read access after excluded-field approval', async () => {
@@ -487,7 +505,7 @@ describe('Credential Endpoints', () => {
     const deniedRead = await request(app)
       .post(`/credentials/${credentialId}/read`)
       .set('Authorization', `Bearer ${token}`)
-      .send({});
+      .send({ requestedFields: ['password'] });
     expect(deniedRead.status).toBe(403);
     expect(deniedRead.body.reasonCode).toBe('DENY_EXCLUDED_FIELD');
     expect(deniedRead.body.routeId).toBe(ESCALATION_ROUTE_IDS.CREDENTIALS_READ_EXCLUDED_FIELD);
@@ -594,6 +612,7 @@ describe('Credential Endpoints', () => {
       .post(`/credentials/${credentialId}/read`)
       .set('Authorization', `Bearer ${token}`)
       .send({
+        requestedFields: ['password'],
         requestedPolicySource: 'derived_403',
         requestedPolicy: {
           permissions: ['admin:*'],
@@ -642,6 +661,7 @@ describe('Credential Endpoints', () => {
       .post(`/credentials/${credentialId}/read`)
       .set('Authorization', `Bearer ${token}`)
       .send({
+        requestedFields: ['password'],
         requestedPolicySource: 'derived_403',
         requestedPolicy: 'bad-value',
       });
@@ -688,6 +708,7 @@ describe('Credential Endpoints', () => {
       .post(`/credentials/${credentialId}/read`)
       .set('Authorization', `Bearer ${token}`)
       .send({
+        requestedFields: ['password'],
         requestedPolicySource: 'agent',
         requestedPolicy: {
           permissions: ['secret:read'],
@@ -711,6 +732,7 @@ describe('Credential Endpoints', () => {
       .post(`/credentials/${credentialId}/read`)
       .set('Authorization', `Bearer ${token}`)
       .send({
+        requestedFields: ['password'],
         requestedPolicySource: 'agent',
         requestedPolicy: {
           permissions: ['admin:*'],
@@ -864,7 +886,7 @@ describe('Credential Endpoints', () => {
     const deniedRead = await request(app)
       .post(`/credentials/${credentialId}/read`)
       .set('Authorization', `Bearer ${token}`)
-      .send({});
+      .send({ requestedFields: ['password'] });
     expect(deniedRead.status).toBe(403);
     expect(deniedRead.body.reasonCode).toBe('DENY_EXCLUDED_FIELD');
     expect(deniedRead.body.routeId).toBe(ESCALATION_ROUTE_IDS.CREDENTIALS_READ_EXCLUDED_FIELD);

package/src/server/tests/endpoints/escalation-migration-gate.test.ts

@@ -226,7 +226,7 @@ describe('Escalation rollout migration gates', () => {
     const readExcludedFieldRes = await request(app)
       .post(`/credentials/${credentialId}/read`)
       .set('Authorization', `Bearer ${readExcludedFieldToken}`)
-      .send({});
+      .send({ requestedFields: ['password'] });
 
     expect(readExcludedFieldRes.status).toBe(403);
     expect(readExcludedFieldRes.body.contractVersion).toBe(ESCALATION_CONTRACT_VERSION);

package/src/server/tests/lib/agent-profiles.test.ts

@@ -53,6 +53,12 @@ describe('agent profiles resolver', () => {
     expect(policy.credentialAccess.maxReads).toBe(100);
     expect(policy.overrideDelta).toEqual(['maxReads', 'ttlSeconds']);
   });
+
+  it('scopes dev profile credential access to primary + legacy alias only', () => {
+    const policy = resolveProfileToEffectivePolicy({ profileId: 'dev' });
+    expect(policy.credentialAccess.read).toEqual(['agent:agent', 'agent:primary']);
+    expect(policy.credentialAccess.write).toEqual(['agent:agent', 'agent:primary']);
+  });
 });
 
 describe('describeProfile', () => {

package/src/server/tests/lib/update-check.test.ts

@@ -1,5 +1,12 @@
 import { describe, expect, it } from 'vitest';
-import { buildNpxLatestCommand, buildUpdateCommand, buildUpdateFallbackCommand, buildVersionInfo, isNewerVersion } from '../../lib/update-check';
+import {
+  buildNpxLatestCommand,
+  buildUpdateCommand,
+  buildUpdateFallbackCommand,
+  buildUpdateForceCommand,
+  buildVersionInfo,
+  isNewerVersion,
+} from '../../lib/update-check';
 
 describe('update-check helpers', () => {
   it('detects newer versions', () => {
@@ -12,6 +19,7 @@ describe('update-check helpers', () => {
     const info = buildVersionInfo('1.0.0', '1.1.0');
     expect(info.updateAvailable).toBe(true);
     expect(buildUpdateCommand()).toBe('npm install -g auramaxx --foreground-scripts');
+    expect(buildUpdateForceCommand()).toBe('npm install -g auramaxx --foreground-scripts --force');
     expect(buildNpxLatestCommand()).toBe('npx --yes auramaxx@latest');
     expect(buildNpxLatestCommand('auramaxx', ['restart'])).toBe('npx --yes auramaxx@latest restart');
     expect(buildUpdateFallbackCommand()).toBe('npx --yes auramaxx@latest start');

package/src/server/tests/mcp/server.test.ts

@@ -2844,6 +2844,148 @@ describe('MCP Server — Tool Registration', () => {
     vi.doUnmock('@modelcontextprotocol/sdk/server/stdio.js');
   });
 
+  it('get_secret and inject_secret should enforce explicit field reads without primary fallback', async () => {
+    const capturedHandlers: Array<{
+      name: string;
+      handler: (input: unknown) => Promise<unknown>;
+    }> = [];
+
+    vi.doMock('@modelcontextprotocol/sdk/server/mcp.js', () => ({
+      McpServer: class {
+        tool(name: string, _desc: string, _shape: unknown, handler: (input: unknown) => Promise<unknown>) {
+          capturedHandlers.push({ name, handler });
+        }
+        resource() {}
+        async connect() {}
+      },
+    }));
+    vi.doMock('@modelcontextprotocol/sdk/server/stdio.js', () => ({
+      StdioServerTransport: class {},
+    }));
+    vi.doMock('crypto', async () => {
+      const actual = await vi.importActual<typeof import('crypto')>('crypto');
+      return {
+        ...actual,
+        privateDecrypt: vi.fn((_opts: unknown, ciphertext: Buffer) => {
+          const marker = ciphertext.toString('utf8');
+          if (marker === 'cred-cipher') {
+            return Buffer.from(JSON.stringify({
+              id: 'cred-1',
+              agentId: 'primary',
+              type: 'card',
+              fields: [
+                { key: 'number', value: '1234567890', sensitive: true },
+                { key: 'cvv', value: '321', sensitive: true },
+              ],
+            }), 'utf8');
+          }
+          throw new Error(`Unexpected privateDecrypt input: ${marker}`);
+        }),
+      };
+    });
+
+    vi.resetModules();
+    const originalFetch = globalThis.fetch;
+    const originalToken = process.env.AURA_TOKEN;
+    const originalGetEnv = process.env.AURA_VISA_7890;
+    const originalInjectEnv = process.env.MY_SECRET;
+    process.env.AURA_TOKEN = 'base-token';
+
+    const readRequestBodies: Array<{ requestedFields?: string[] }> = [];
+    const credentialCipher = Buffer.from('cred-cipher', 'utf8').toString('base64');
+    const fetchMock = vi.fn(async (input: RequestInfo | URL, init?: RequestInit) => {
+      const url = String(input);
+      const method = init?.method || 'GET';
+
+      if (url.endsWith('/setup') && method === 'GET') {
+        return new Response(JSON.stringify({ projectScopeMode: 'auto' }), { status: 200 });
+      }
+
+      if (url.endsWith('/setup/agents') && method === 'GET') {
+        return new Response(JSON.stringify({ agents: [{ id: 'primary', name: 'primary' }] }), { status: 200 });
+      }
+
+      if (url.includes('/credentials?q=visa_7890') && method === 'GET') {
+        return new Response(JSON.stringify({
+          credentials: [{ id: 'cred-1', name: 'visa_7890', type: 'card', agentId: 'primary' }],
+        }), { status: 200 });
+      }
+
+      if (url.endsWith('/credentials/cred-1/read') && method === 'POST') {
+        if (init?.body) {
+          readRequestBodies.push(JSON.parse(String(init.body)) as { requestedFields?: string[] });
+        } else {
+          readRequestBodies.push({});
+        }
+        return new Response(JSON.stringify({ encrypted: credentialCipher }), { status: 200 });
+      }
+
+      return new Response('not mocked', { status: 500 });
+    });
+    globalThis.fetch = fetchMock as unknown as typeof fetch;
+
+    await import('../../mcp/server.js');
+    const getSecret = capturedHandlers.find((tool) => tool.name === 'get_secret');
+    const injectSecret = capturedHandlers.find((tool) => tool.name === 'inject_secret');
+    expect(getSecret).toBeDefined();
+    expect(injectSecret).toBeDefined();
+
+    const getCvv = await getSecret!.handler({
+      name: 'visa_7890',
+      field: 'cvv',
+      dangerPlaintext: true,
+    }) as { content: Array<{ text: string }> };
+    const getCvvPayload = JSON.parse(getCvv.content[0].text) as { secret?: string };
+    expect(getCvvPayload.secret).toBe('321');
+    expect(process.env.AURA_VISA_7890).toBe('321');
+
+    const getMissing = await getSecret!.handler({
+      name: 'visa_7890',
+      field: 'security_code',
+    }) as { content: Array<{ text: string }> };
+    const getMissingPayload = JSON.parse(getMissing.content[0].text) as { error?: string; availableFields?: string };
+    expect(getMissingPayload.error).toContain('Field "security_code" not found on credential "visa_7890"');
+    expect(getMissingPayload.availableFields).toContain('number');
+    expect(getMissingPayload.availableFields).toContain('cvv');
+
+    const injectCvv = await injectSecret!.handler({
+      name: 'visa_7890',
+      field: 'cvv',
+      envVar: 'MY_SECRET',
+      dangerPlaintext: true,
+    }) as { content: Array<{ text: string }> };
+    const injectCvvPayload = JSON.parse(injectCvv.content[0].text) as { secret?: string };
+    expect(injectCvvPayload.secret).toBe('321');
+    expect(process.env.MY_SECRET).toBe('321');
+
+    const injectMissing = await injectSecret!.handler({
+      name: 'visa_7890',
+      field: 'security_code',
+      envVar: 'MY_SECRET',
+    }) as { content: Array<{ text: string }> };
+    const injectMissingPayload = JSON.parse(injectMissing.content[0].text) as { error?: string; availableFields?: string };
+    expect(injectMissingPayload.error).toContain('Field "security_code" not found on credential "visa_7890"');
+    expect(injectMissingPayload.availableFields).toContain('number');
+    expect(injectMissingPayload.availableFields).toContain('cvv');
+
+    expect(readRequestBodies).toEqual([
+      { requestedFields: ['cvv'] },
+      { requestedFields: ['security_code'] },
+      { requestedFields: ['cvv'] },
+      { requestedFields: ['security_code'] },
+    ]);
+
+    if (originalGetEnv === undefined) delete process.env.AURA_VISA_7890;
+    else process.env.AURA_VISA_7890 = originalGetEnv;
+    if (originalInjectEnv === undefined) delete process.env.MY_SECRET;
+    else process.env.MY_SECRET = originalInjectEnv;
+    globalThis.fetch = originalFetch;
+    process.env.AURA_TOKEN = originalToken;
+    vi.doUnmock('crypto');
+    vi.doUnmock('@modelcontextprotocol/sdk/server/mcp.js');
+    vi.doUnmock('@modelcontextprotocol/sdk/server/stdio.js');
+  });
+
   it('write_diary should create a new diary note and fall back to primary when daily-logs is absent', async () => {
     const capturedHandlers: Array<{
       name: string;