switchroom 0.7.13 → 0.7.15

package/telegram-plugin/secret-detect/vault-error.test.ts

@@ -0,0 +1,134 @@
+/**
+ * Tests for the vault-CLI error parser + renderer (issue #969 P0b).
+ */
+
+import { describe, it, expect } from "vitest";
+import { parseVaultCliError, renderVaultCliError } from "./vault-error.js";
+
+describe("parseVaultCliError", () => {
+  it("classifies VAULT-SANDBOX-CONTEXT", () => {
+    const stderr =
+      "VAULT-SANDBOX-CONTEXT: direct vault access is unavailable inside an " +
+      "agent sandbox. The vault file is not mounted into agent containers; " +
+      "only the broker socket is. Run 'switchroom vault init' on the host shell, " +
+      "or use a broker-supported operation.";
+    const err = parseVaultCliError(stderr);
+    expect(err.kind).toBe("sandbox_context");
+    // The hint contains 'switchroom vault init' — parser must skip it.
+    expect(err.key).toBeUndefined();
+  });
+
+  it("classifies VAULT-NEEDS-APPROVAL and extracts the affected key", () => {
+    const stderr =
+      "VAULT-NEEDS-APPROVAL [unknown_key]: secret 'telegram_bot_token_klanker_20260510' " +
+      "does not exist in the vault yet. Agents can rotate existing keys via " +
+      "the broker but cannot create new ones; this requires operator approval.";
+    const err = parseVaultCliError(stderr);
+    expect(err.kind).toBe("needs_approval");
+    expect(err.key).toBe("telegram_bot_token_klanker_20260510");
+  });
+
+  it("classifies VAULT-BROKER-UNREACHABLE", () => {
+    const stderr =
+      "VAULT-BROKER-UNREACHABLE: cannot reach vault broker " +
+      "(ENOENT: no such file or directory, connect '/run/switchroom/broker/sock'). " +
+      "From inside the agent sandbox, direct vault access is not possible.";
+    const err = parseVaultCliError(stderr);
+    expect(err.kind).toBe("broker_unreachable");
+  });
+
+  it("classifies VAULT-BROKER-DENIED and extracts the KEY (not the agent name)", () => {
+    // Regression test: the canonical stderr has TWO single-quoted
+    // tokens — the agent name and the key name. The parser must pick
+    // the key (anchored after "key '") so the rendered host hint
+    // suggests granting access to the right key.
+    const stderr =
+      "VAULT-BROKER-DENIED [DENIED]: agent 'klanker' is not in the allow list for key 'shared_token'";
+    const err = parseVaultCliError(stderr);
+    expect(err.kind).toBe("broker_denied");
+    expect(err.key).toBe("shared_token");
+  });
+
+  it("returns 'other' for unrecognised errors", () => {
+    const err = parseVaultCliError("Error: something broke\nstack trace …");
+    expect(err.kind).toBe("other");
+    expect(err.key).toBeUndefined();
+  });
+
+  it("handles empty / undefined stderr gracefully", () => {
+    expect(parseVaultCliError("").kind).toBe("other");
+    expect(parseVaultCliError(undefined as unknown as string).kind).toBe("other");
+  });
+});
+
+describe("renderVaultCliError", () => {
+  it("renders sandbox_context with a host-CLI suggestion", () => {
+    const out = renderVaultCliError(
+      { kind: "sandbox_context", original: "x" },
+      { verb: "set", key: "my_key" },
+    );
+    expect(out.suppressRaw).toBe(true);
+    expect(out.html).toContain("must run on the host");
+    expect(out.html).toContain("switchroom vault set my_key");
+  });
+
+  it("renders needs_approval with the affected key + host hint + P1a teaser", () => {
+    const out = renderVaultCliError(
+      { kind: "needs_approval", original: "x", key: "telegram_bot_token" },
+      { verb: "save" },
+    );
+    expect(out.suppressRaw).toBe(true);
+    expect(out.html).toContain("operator approval required");
+    expect(out.html).toContain("<code>telegram_bot_token</code>");
+    expect(out.html).toContain("switchroom vault set telegram_bot_token");
+    expect(out.html).toContain("P1a"); // forward-pointer to the upcoming flow
+  });
+
+  it("renders broker_unreachable with the status command", () => {
+    const out = renderVaultCliError(
+      { kind: "broker_unreachable", original: "x" },
+      { verb: "set" },
+    );
+    expect(out.suppressRaw).toBe(true);
+    expect(out.html).toContain("broker isn't reachable");
+    expect(out.html).toContain("switchroom vault broker status");
+  });
+
+  it("renders broker_denied with a grant command + key", () => {
+    const out = renderVaultCliError(
+      { kind: "broker_denied", original: "x", key: "shared_token" },
+      { verb: "set" },
+    );
+    expect(out.suppressRaw).toBe(true);
+    expect(out.html).toContain("refused the request");
+    expect(out.html).toContain("switchroom vault grant");
+    expect(out.html).toContain("shared_token");
+  });
+
+  it("prefers verbHint.key over parser-extracted key (verbHint wins for host suggestion)", () => {
+    // The gateway always knows the key the user asked for; rendering
+    // must use that over any heuristic extraction so a parser glitch
+    // can't surface the wrong key in the host command suggestion.
+    const out = renderVaultCliError(
+      { kind: "broker_denied", original: "x", key: "parser-extracted" },
+      { verb: "set", key: "gateway-supplied" },
+    );
+    expect(out.html).toContain("gateway-supplied");
+    expect(out.html).not.toContain("parser-extracted");
+  });
+
+  it("returns suppressRaw=false for 'other' so the gateway falls back to a raw pre-block", () => {
+    const out = renderVaultCliError({ kind: "other", original: "weird error" }, { verb: "set" });
+    expect(out.suppressRaw).toBe(false);
+    expect(out.html).toBe("");
+  });
+
+  it("escapes HTML special characters in the key", () => {
+    const out = renderVaultCliError(
+      { kind: "needs_approval", original: "x", key: "key<with>html" },
+      { verb: "save" },
+    );
+    expect(out.html).not.toContain("<with>");
+    expect(out.html).toContain("key&lt;with&gt;html");
+  });
+});

package/telegram-plugin/secret-detect/vault-error.ts

@@ -0,0 +1,202 @@
+/**
+ * Vault CLI error classification (issue #969 P0b).
+ *
+ * `switchroom vault` emits stable stderr markers + exit codes when it
+ * detects a failure mode the Telegram gateway should surface with
+ * specific UX rather than a raw pre-block of error text. This module
+ * parses those markers (introduced in #971 / P0a) and translates them
+ * into a structured result the gateway can render against.
+ *
+ * Markers (from `src/cli/vault.ts`):
+ *
+ *   VAULT-SANDBOX-CONTEXT     (exit 7) — direct vault file IO is
+ *                                       unavailable inside an agent
+ *                                       container; the requested verb
+ *                                       has no broker equivalent.
+ *
+ *   VAULT-NEEDS-APPROVAL      (exit 5) — agent tried to write to a key
+ *                                       that doesn't exist yet. Broker
+ *                                       PUT cannot introduce new keys;
+ *                                       operator approval is required.
+ *                                       (P1a will wire up an inline
+ *                                       approval card; until then we
+ *                                       surface the host-CLI hint.)
+ *
+ *   VAULT-BROKER-UNREACHABLE  (exit 6) — broker socket missing/dead;
+ *                                       operator needs to inspect on
+ *                                       the host.
+ *
+ *   VAULT-BROKER-DENIED       (exit 2) — broker reachable but ACL or
+ *                                       grant refused; operator needs
+ *                                       to add an explicit grant.
+ */
+
+export type VaultCliErrorKind =
+  | "sandbox_context"
+  | "needs_approval"
+  | "broker_unreachable"
+  | "broker_denied"
+  | "other";
+
+export interface VaultCliError {
+  kind: VaultCliErrorKind;
+  /** The original stderr text (kept for fallback rendering / audit log). */
+  original: string;
+  /**
+   * Best-effort extraction of the affected key name, if surfaced by the
+   * marker. Used to compose host-CLI hints like
+   * `switchroom vault set <key>`.
+   */
+  key?: string;
+}
+
+const MARKER_TO_KIND: ReadonlyArray<readonly [string, VaultCliErrorKind]> = [
+  ["VAULT-SANDBOX-CONTEXT", "sandbox_context"],
+  ["VAULT-NEEDS-APPROVAL", "needs_approval"],
+  ["VAULT-BROKER-UNREACHABLE", "broker_unreachable"],
+  ["VAULT-BROKER-DENIED", "broker_denied"],
+];
+
+/**
+ * Classify a vault-CLI stderr blob into a structured error. Returns
+ * `kind: "other"` when no recognized marker is present — caller should
+ * fall back to a raw pre-block.
+ *
+ * Key extraction is marker-aware. The four markers don't all surface
+ * the key the same way:
+ *
+ *   VAULT-NEEDS-APPROVAL [unknown_key]: secret '<KEY>' does not …
+ *   VAULT-BROKER-DENIED  [<CODE>]: agent '<AGENT>' is not in the
+ *                          allow list for key '<KEY>'
+ *   VAULT-SANDBOX-CONTEXT: … 'switchroom vault set <KEY>' on the host.
+ *
+ * A naïve "first single-quoted token" regex would grab the agent name
+ * for broker_denied. Prefer the token after a `key '` anchor when the
+ * marker is broker_denied / needs_approval; for sandbox_context the
+ * gateway supplies the key directly via verbHint (extraction here is
+ * best-effort and may stay undefined).
+ */
+export function parseVaultCliError(stderr: string): VaultCliError {
+  const text = stderr ?? "";
+  for (const [marker, kind] of MARKER_TO_KIND) {
+    if (text.includes(marker)) {
+      const key = extractKey(text, kind);
+      return { kind, original: text, key };
+    }
+  }
+  return { kind: "other", original: text };
+}
+
+function extractKey(text: string, kind: VaultCliErrorKind): string | undefined {
+  // Prefer the explicit `key '<X>'` anchor when present — it's the
+  // unambiguous form used in broker_denied's stderr.
+  const anchored = text.match(/key '([A-Za-z0-9_.-]+)'/);
+  if (anchored) return anchored[1];
+
+  // needs_approval: `secret '<X>' does not …` is the canonical form;
+  // the only other quoted token in that message is the agent name in
+  // the suggestion clause (which is never present today, but guard
+  // against drift).
+  if (kind === "needs_approval") {
+    const m = text.match(/secret '([A-Za-z0-9_.-]+)'/);
+    if (m) return m[1];
+  }
+
+  // Fall back to first single-quoted token, skipping the
+  // `'switchroom vault …'` hint that sandbox_context emits.
+  const allQuoted = [...text.matchAll(/'([^']+)'/g)];
+  for (const m of allQuoted) {
+    const candidate = m[1];
+    if (candidate.includes("switchroom")) continue;
+    if (!/^[A-Za-z0-9_.-]+$/.test(candidate)) continue;
+    return candidate;
+  }
+  return undefined;
+}
+
+export interface VaultErrorRendering {
+  /** Telegram HTML message (no surrounding decoration). */
+  html: string;
+  /**
+   * When true, the gateway should NOT print the raw stderr blob — the
+   * rendered message already conveys the actionable next step. When
+   * false (kind="other"), the gateway should append the original
+   * output in a <pre> block as before.
+   */
+  suppressRaw: boolean;
+}
+
+function htmlEscape(s: string): string {
+  return s
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;");
+}
+
+/**
+ * Compose the user-facing Telegram HTML for a parsed vault error.
+ *
+ * @param err       Result from parseVaultCliError.
+ * @param verbHint  Optional descriptor of the in-progress action used
+ *                  to compose the host-side command suggestion (e.g.
+ *                  "set", "remove", "init").
+ */
+export function renderVaultCliError(
+  err: VaultCliError,
+  verbHint: { verb: "set" | "get" | "list" | "init" | "remove" | "save"; key?: string } = { verb: "set" },
+): VaultErrorRendering {
+  // The gateway always knows which key the user was acting on for
+  // get/set/remove — prefer that over the parser's best-effort
+  // extraction so a renderer mistake can't surface the wrong key in
+  // the host command suggestion (e.g. an agent name from a
+  // broker_denied message). Fall back to parser extraction only when
+  // the gateway didn't pass a key (e.g. list).
+  const key = verbHint.key ?? err.key;
+  switch (err.kind) {
+    case "sandbox_context":
+      return {
+        suppressRaw: true,
+        html:
+          `⚠️ <b>This action must run on the host.</b>\n` +
+          `The vault file isn't mounted inside the agent sandbox; only ` +
+          `the broker socket is. Open a host shell and run:\n` +
+          `<pre>switchroom vault ${verbHint.verb}${key ? ` ${htmlEscape(key)}` : ""}</pre>`,
+      };
+    case "needs_approval":
+      return {
+        suppressRaw: true,
+        html:
+          `⚠️ <b>New vault key — operator approval required.</b>\n` +
+          (key
+            ? `The agent tried to save <code>${htmlEscape(key)}</code>, but `
+            : `The agent tried to save a new key, but `) +
+          `agents can only rotate existing keys via the broker; introducing ` +
+          `a new key needs an operator action.\n\n` +
+          `For now, run on a host shell:\n` +
+          `<pre>switchroom vault set${key ? ` ${htmlEscape(key)}` : " &lt;key&gt;"}</pre>\n` +
+          `<i>A one-tap approval card is on the way (#969 P1a).</i>`,
+      };
+    case "broker_unreachable":
+      return {
+        suppressRaw: true,
+        html:
+          `⚠️ <b>Vault broker isn't reachable.</b>\n` +
+          `From inside the agent sandbox there's no fallback path. ` +
+          `Operator can check on the host:\n` +
+          `<pre>switchroom vault broker status</pre>`,
+      };
+    case "broker_denied":
+      return {
+        suppressRaw: true,
+        html:
+          `⚠️ <b>Vault broker refused the request.</b>\n` +
+          (key
+            ? `The agent isn't authorized to access <code>${htmlEscape(key)}</code>. `
+            : `The agent isn't authorized to access this key. `) +
+          `Operator can grant access from a host shell:\n` +
+          `<pre>switchroom vault grant &lt;agent&gt; --keys ${key ? htmlEscape(key) : "&lt;key&gt;"}</pre>`,
+      };
+    case "other":
+      return { suppressRaw: false, html: "" };
+  }
+}

package/telegram-plugin/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json

@@ -1 +0,0 @@
-{"version":"3.2.4","results":[[":tests/progress-card-driver.test.ts",{"duration":82.55005700000004,"failed":false}],[":tests/progress-card.test.ts",{"duration":50.04072000000002,"failed":false}],[":tests/telegram-format.test.ts",{"duration":0,"failed":false}],[":tests/stream-reply-handler.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-harness.test.ts",{"duration":4955.245276000001,"failed":false}],[":tests/streaming-orchestration.test.ts",{"duration":0,"failed":false}],[":tests/races.test.ts",{"duration":0,"failed":false}],[":tests/subagent-watcher.test.ts",{"duration":0,"failed":false}],[":tests/gateway-bridge.test.ts",{"duration":0,"failed":true}],[":tests/answer-stream.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-pin-manager.test.ts",{"duration":25.365711999999974,"failed":false}],[":tests/pty-tail.test.ts",{"duration":0,"failed":false}],[":tests/turn-end-regressions.test.ts",{"duration":0,"failed":false}],[":tests/session-tail.test.ts",{"duration":0,"failed":false}],[":tests/gateway-clean-shutdown-marker.test.ts",{"duration":0,"failed":true}],[":tests/e2e.test.ts",{"duration":0,"failed":false}],[":tests/setup-flow.test.ts",{"duration":0,"failed":false}],[":tests/tool-labels.test.ts",{"duration":0,"failed":false}],[":tests/registry-turns.test.ts",{"duration":0,"failed":true}],[":tests/welcome-text.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-oauth-code.test.ts",{"duration":0,"failed":false}],[":tests/draft-stream.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-stuck-warning.test.ts",{"duration":21.23773799999998,"failed":false}],[":tests/history.test.ts",{"duration":0,"failed":false}],[":tests/streaming-e2e.test.ts",{"duration":0,"failed":false}],[":tests/foreman-handlers.test.ts",{"duration":0,"failed":false}],[":tests/foreman-create-flow.test.ts",{"duration":0,"failed":false}],[":tests/operator-events.test.ts",{"duration":0,"failed":false}],[":tests/vault-grants-revoke.test.ts",{"duration":0,"failed":false}],[":tests/boot-probes.test.ts",{"duration":0,"failed":true}],[":tests/pty-partial-handler.test.ts",{"duration":0,"failed":false}],[":tests/auth-slot-commands.test.ts",{"duration":0,"failed":false}],[":tests/vault-subcommands.test.ts",{"duration":0,"failed":false}],[":tests/auth-dashboard.test.ts",{"duration":0,"failed":false}],[":tests/active-pins-sweep.test.ts",{"duration":0,"failed":false}],[":tests/turns-writer.test.ts",{"duration":0,"failed":true}],[":tests/retry-api-call.test.ts",{"duration":0,"failed":false}],[":tests/steering.test.ts",{"duration":0,"failed":false}],[":tests/outbound-ordering.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-client.test.ts",{"duration":0,"failed":false}],[":tests/gateway-startup-mutex.test.ts",{"duration":0,"failed":true}],[":tests/auth-dashboard-edge-cases.test.ts",{"duration":0,"failed":false}],[":tests/status-reactions.test.ts",{"duration":0,"failed":false}],[":tests/auto-fallback.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect.test.ts",{"duration":0,"failed":false}],[":tests/foreman-write-ops.test.ts",{"duration":0,"failed":false}],[":tests/boot-card-render.test.ts",{"duration":0,"failed":false}],[":tests/handoff-continuity.test.ts",{"duration":0,"failed":false}],[":tests/false-restart-banner.test.ts",{"duration":0,"failed":false}],[":tests/answer-stream-silent-markers.test.ts",{"duration":0,"failed":false}],[":tests/ipc-validator.test.ts",{"duration":0,"failed":false}],[":tests/stream-controller.test.ts",{"duration":0,"failed":false}],[":tests/gateway-409-retry-banner.test.ts",{"duration":0,"failed":false}],[":tests/stream-reply-error-paths.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-race.test.ts",{"duration":0,"failed":false}],[":tests/progress-update.test.ts",{"duration":0,"failed":true}],[":tests/restart-watchdog.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-cross-turn.test.ts",{"duration":0,"failed":false}],[":tests/boot-card-probe-target.test.ts",{"duration":0,"failed":false}],[":tests/active-reactions.test.ts",{"duration":0,"failed":false}],[":tests/quota-cache.test.ts",{"duration":0,"failed":true}],[":tests/streaming-metrics.test.ts",{"duration":0,"failed":false}],[":tests/operator-events-session-tail.test.ts",{"duration":0,"failed":false}],[":tests/foreman-state.test.ts",{"duration":0,"failed":true}],[":tests/ipc-protocol.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-pin-watchdog.test.ts",{"duration":0,"failed":false}],[":tests/telegram-button-constraints.test.ts",{"duration":0,"failed":false}],[":tests/bot-runtime.test.ts",{"duration":0,"failed":false}],[":tests/gateway-startup-network-retry.test.ts",{"duration":0,"failed":false}],[":tests/attachment-path.test.ts",{"duration":0,"failed":false}],[":tests/active-pins.test.ts",{"duration":0,"failed":false}],[":tests/subagent-tracker-hooks.test.ts",{"duration":0,"failed":true}],[":tests/fake-bot-api.test.ts",{"duration":0,"failed":false}],[":tests/quota-check.test.ts",{"duration":0,"failed":false}],[":tests/parse-mode-rotation.test.ts",{"duration":0,"failed":false}],[":tests/gateway-secret-detect.test.ts",{"duration":0,"failed":false}],[":tests/turn-flush-safety.test.ts",{"duration":0,"failed":false}],[":tests/multi-turn-continuity.test.ts",{"duration":0,"failed":false}],[":tests/status-accent.test.ts",{"duration":0,"failed":false}],[":tests/auth-code-auto-capture.test.ts",{"duration":0,"failed":false}],[":tests/auth-login-url-button.test.ts",{"duration":0,"failed":false}],[":tests/auth-dashboard-restart-flow.test.ts",{"duration":0,"failed":false}],[":tests/setup-state.test.ts",{"duration":0,"failed":true}],[":tests/progress-card-golden.test.ts",{"duration":6.658348999999987,"failed":false}],[":tests/unhandled-rejection-policy.test.ts",{"duration":0,"failed":true}],[":tests/typing-wrap.test.ts",{"duration":0,"failed":false}],[":tests/auth-account-identity-surface.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-secretlint.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-pipeline.test.ts",{"duration":0,"failed":false}],[":tests/operator-events-history.test.ts",{"duration":0,"failed":false}],[":tests/gateway-message-validator.test.ts",{"duration":0,"failed":false}],[":tests/silent-reply-guard.test.ts",{"duration":0,"failed":false}],[":tests/active-reactions-sweep.test.ts",{"duration":0,"failed":false}],[":tests/pin-event-log.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-fail-closed.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-validate-operator.test.ts",{"duration":0,"failed":false}],[":tests/idle-footer-wiring.test.ts",{"duration":0,"failed":true}],[":tests/boot-card-reason.test.ts",{"duration":0,"failed":true}],[":tests/plugin-logger.test.ts",{"duration":0,"failed":false}],[":tests/vault-grant-wizard.test.ts",{"duration":0,"failed":false}],[":tests/turn-signal-tracker.test.ts",{"duration":0,"failed":false}],[":tests/context-exhaustion.test.ts",{"duration":0,"failed":false}],[":tests/gateway-startup-reset.test.ts",{"duration":0,"failed":false}],[":tests/idle-footer.test.ts",{"duration":0,"failed":false}],[":tests/poll-health.test.ts",{"duration":0,"failed":false}],[":tests/turn-flush-prose-recovery.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-suppressor-no-silent-allow.test.ts",{"duration":0,"failed":false}],[":tests/boot-card-dedupe.test.ts",{"duration":0,"failed":true}],[":tests/protocol-fixtures.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-staging.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-audit.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-gitleaks.test.ts",{"duration":0,"failed":false}],[":tests/subagent-registry-bugs.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-driver-eviction.test.ts",{"duration":22.822707999999977,"failed":false}],[":tests/progress-card-driver-fleet-shadow.test.ts",{"duration":7.463677000000018,"failed":false}],[":tests/two-zone-card-lifecycle.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-concurrent-turns-isolation.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-bg-survives-next-turn.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-snapshot.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-stuck-edit-throttle.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-bg-done-when-all-terminal.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-html-balance.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-bg-detection.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-draft-flag.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-stuck-per-member.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-header-phases.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-stuck-recovery.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-stuck-header-escalation.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-fleet-row.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-cap.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-sanitise.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-close-paths-converge.test.ts",{"duration":10.167681000000016,"failed":false}],[":registry/subagents.test.ts",{"duration":0,"failed":true}],[":tests/issues-card.test.ts",{"duration":0,"failed":false}],[":registry/subagents-bugs.test.ts",{"duration":0,"failed":true}],[":tests/answer-stream-dedup.test.ts",{"duration":0,"failed":false}],[":tests/model-unavailable.test.ts",{"duration":0,"failed":false}],[":tests/preamble-suppressor.test.ts",{"duration":0,"failed":false}],[":tests/harness-ordering-invariants.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-spec.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-ipc-lifecycle.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-i6-turn-flush-replay-dedup.test.ts",{"duration":0,"failed":false}],[":tests/slot-banner-driver.e2e.test.ts",{"duration":0,"failed":false}],[":tests/waiting-ux.e2e.test.ts",{"duration":0,"failed":false}],[":tests/subagent-watcher-parent-marker.test.ts",{"duration":0,"failed":false}],[":tests/auth-code-redact.test.ts",{"duration":0,"failed":false}],[":tests/subagent-watcher-stall-notification.test.ts",{"duration":0,"failed":false}],[":tests/telegraph.test.ts",{"duration":0,"failed":true}],[":tests/recent-outbound-dedup.test.ts",{"duration":0,"failed":true}],[":tests/turn-flush-card-takeover.test.ts",{"duration":0,"failed":false}],[":tests/resolve-calling-subagent.test.ts",{"duration":0,"failed":true}],[":tests/secret-guard-pretool.test.ts",{"duration":0,"failed":true}],[":tests/first-paint.test.ts",{"duration":0,"failed":false}],[":tests/ask-user.test.ts",{"duration":0,"failed":true}],[":registry/api-registry.test.ts",{"duration":0,"failed":true}],[":tests/credits-watch.test.ts",{"duration":0,"failed":false}],[":admin-commands/dispatch.test.ts",{"duration":0,"failed":false}],[":tests/fleet-state.test.ts",{"duration":0,"failed":false}],[":tests/voice-transcribe.test.ts",{"duration":0,"failed":true}],[":tests/turn-active-marker.test.ts",{"duration":0,"failed":false}],[":tests/inline-keyboard-callbacks.test.ts",{"duration":0,"failed":false}],[":tests/issues-watcher.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-f1-ladder-integrity.test.ts",{"duration":0,"failed":false}],[":tests/gateway-disconnect-flush.test.ts",{"duration":0,"failed":false}],[":tests/reply-terminal-reaction.test.ts",{"duration":0,"failed":false}],[":tests/turn-flush-dedup-controller.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-f3-late-card.test.ts",{"duration":0,"failed":false}],[":tests/status-reactions-allowed-filter.test.ts",{"duration":0,"failed":false}],[":tests/pty-tail-real-fixture.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway.smoke.test.ts",{"duration":0,"failed":false}],[":tests/harness-parse-mode-validation.test.ts",{"duration":0,"failed":false}],[":tests/inbound-coalesce.test.ts",{"duration":0,"failed":false}],[":tests/gateway-update-placeholder-dispatch.test.ts",{"duration":0,"failed":true}],[":tests/interrupt-marker.test.ts",{"duration":0,"failed":true}],[":tests/dm-command-gate.test.ts",{"duration":0,"failed":false}],[":tests/auto-fallback-dispatcher.e2e.test.ts",{"duration":0,"failed":false}],[":tests/sync-chat-running-subagents.test.ts",{"duration":0,"failed":false}],[":tests/subagents-schema-init-order.test.ts",{"duration":0,"failed":true}],[":tests/draft-transport.test.ts",{"duration":0,"failed":false}],[":gateway/access-validator.test.ts",{"duration":0,"failed":false}],[":registry/turns-schema.test.ts",{"duration":0,"failed":true}],[":tests/update-factory-edited-and-reactions.test.ts",{"duration":0,"failed":false}],[":tests/gateway-no-reply-single-emit.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-f2-instant-draft.test.ts",{"duration":0,"failed":false}],[":tests/gateway-boot-marker-clear.test.ts",{"duration":0,"failed":false}],[":tests/fleet-state-watcher.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-validate-update-placeholder.test.ts",{"duration":0,"failed":false}],[":tests/permission-title.test.ts",{"duration":0,"failed":false}],[":tests/slot-banner.test.ts",{"duration":0,"failed":false}],[":tests/sticker-aliases.test.ts",{"duration":0,"failed":true}],[":tests/ipc-server-anonymous-refuse.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-validate-pty-partial.test.ts",{"duration":0,"failed":false}],[":channel-envelope-safety.test.ts",{"duration":0,"failed":false}],[":tests/bridge-anonymous-refuse.test.ts",{"duration":0,"failed":false}],[":tests/send-typing-action-validation.test.ts",{"duration":0,"failed":false}],[":tests/spawn-detached-cgroup-escape.test.ts",{"duration":0,"failed":false}],[":gateway/boot-sweep-filter.test.ts",{"duration":0,"failed":false}]]}