npm - vellum - Versions diffs - 0.2.13 → 0.2.14 - Mend

vellum 0.2.13 → 0.2.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (207) hide show

package/README.md +32 -0
package/bun.lock +2 -2
package/docs/skills.md +4 -4
package/package.json +2 -2
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +213 -3
package/src/__tests__/app-git-history.test.ts +176 -0
package/src/__tests__/app-git-service.test.ts +169 -0
package/src/__tests__/assistant-events-sse-hardening.test.ts +315 -0
package/src/__tests__/browser-skill-baseline-tool-payload.test.ts +8 -8
package/src/__tests__/browser-skill-endstate.test.ts +6 -6
package/src/__tests__/call-bridge.test.ts +105 -13
package/src/__tests__/call-domain.test.ts +163 -0
package/src/__tests__/call-orchestrator.test.ts +113 -0
package/src/__tests__/call-routes-http.test.ts +246 -6
package/src/__tests__/channel-approval-routes.test.ts +438 -0
package/src/__tests__/channel-approval.test.ts +266 -0
package/src/__tests__/channel-approvals.test.ts +393 -0
package/src/__tests__/channel-delivery-store.test.ts +447 -0
package/src/__tests__/checker.test.ts +607 -1048
package/src/__tests__/cli.test.ts +1 -56
package/src/__tests__/config-schema.test.ts +137 -18
package/src/__tests__/conflict-intent-tokenization.test.ts +141 -0
package/src/__tests__/conflict-policy.test.ts +121 -0
package/src/__tests__/conflict-store.test.ts +2 -0
package/src/__tests__/contacts-tools.test.ts +3 -3
package/src/__tests__/contradiction-checker.test.ts +99 -1
package/src/__tests__/credential-security-invariants.test.ts +22 -6
package/src/__tests__/credential-vault-unit.test.ts +780 -0
package/src/__tests__/elevenlabs-client.test.ts +62 -0
package/src/__tests__/ephemeral-permissions.test.ts +73 -23
package/src/__tests__/filesystem-tools.test.ts +579 -0
package/src/__tests__/gateway-only-enforcement.test.ts +114 -4
package/src/__tests__/handlers-add-trust-rule-metadata.test.ts +202 -0
package/src/__tests__/handlers-cu-observation-blob.test.ts +2 -1
package/src/__tests__/handlers-ipc-blob-probe.test.ts +2 -1
package/src/__tests__/handlers-slack-config.test.ts +2 -1
package/src/__tests__/handlers-telegram-config.test.ts +855 -0
package/src/__tests__/handlers-twitter-config.test.ts +141 -1
package/src/__tests__/hooks-runner.test.ts +6 -2
package/src/__tests__/host-file-edit-tool.test.ts +124 -0
package/src/__tests__/host-file-read-tool.test.ts +62 -0
package/src/__tests__/host-file-write-tool.test.ts +59 -0
package/src/__tests__/host-shell-tool.test.ts +251 -0
package/src/__tests__/ingress-reconcile.test.ts +581 -0
package/src/__tests__/ipc-snapshot.test.ts +100 -41
package/src/__tests__/ipc-validate.test.ts +50 -0
package/src/__tests__/key-migration.test.ts +23 -0
package/src/__tests__/memory-regressions.test.ts +99 -0
package/src/__tests__/memory-retrieval.benchmark.test.ts +1 -1
package/src/__tests__/oauth-callback-registry.test.ts +11 -4
package/src/__tests__/playbook-execution.test.ts +502 -0
package/src/__tests__/playbook-tools.test.ts +4 -6
package/src/__tests__/public-ingress-urls.test.ts +34 -0
package/src/__tests__/qdrant-manager.test.ts +267 -0
package/src/__tests__/recurrence-engine-rruleset.test.ts +97 -0
package/src/__tests__/recurrence-engine.test.ts +9 -0
package/src/__tests__/recurrence-types.test.ts +8 -0
package/src/__tests__/registry.test.ts +1 -1
package/src/__tests__/runtime-runs.test.ts +1 -25
package/src/__tests__/schedule-store.test.ts +16 -14
package/src/__tests__/schedule-tools.test.ts +83 -0
package/src/__tests__/scheduler-recurrence.test.ts +111 -10
package/src/__tests__/secret-allowlist.test.ts +18 -17
package/src/__tests__/secret-ingress-handler.test.ts +11 -0
package/src/__tests__/secret-scanner.test.ts +43 -0
package/src/__tests__/session-conflict-gate.test.ts +442 -6
package/src/__tests__/session-init.benchmark.test.ts +3 -0
package/src/__tests__/session-process-bridge.test.ts +242 -0
package/src/__tests__/session-skill-tools.test.ts +1 -1
package/src/__tests__/shell-identity.test.ts +256 -0
package/src/__tests__/skill-projection.benchmark.test.ts +11 -1
package/src/__tests__/subagent-tools.test.ts +637 -54
package/src/__tests__/task-management-tools.test.ts +936 -0
package/src/__tests__/task-runner.test.ts +2 -2
package/src/__tests__/terminal-tools.test.ts +840 -0
package/src/__tests__/tool-executor-shell-integration.test.ts +301 -0
package/src/__tests__/tool-executor.test.ts +85 -151
package/src/__tests__/tool-permission-simulate-handler.test.ts +336 -0
package/src/__tests__/trust-store.test.ts +27 -453
package/src/__tests__/twilio-provider.test.ts +153 -3
package/src/__tests__/twilio-routes-elevenlabs.test.ts +375 -0
package/src/__tests__/twilio-routes-twiml.test.ts +4 -4
package/src/__tests__/twilio-routes.test.ts +17 -262
package/src/__tests__/twitter-auth-handler.test.ts +2 -1
package/src/__tests__/twitter-cli-error-shaping.test.ts +208 -0
package/src/__tests__/twitter-cli-routing.test.ts +252 -0
package/src/__tests__/twitter-oauth-client.test.ts +209 -0
package/src/__tests__/workspace-policy.test.ts +213 -0
package/src/calls/call-bridge.ts +92 -19
package/src/calls/call-domain.ts +157 -5
package/src/calls/call-orchestrator.ts +93 -7
package/src/calls/call-store.ts +6 -0
package/src/calls/elevenlabs-client.ts +8 -0
package/src/calls/elevenlabs-config.ts +7 -5
package/src/calls/twilio-provider.ts +91 -0
package/src/calls/twilio-routes.ts +32 -37
package/src/calls/types.ts +3 -1
package/src/calls/voice-quality.ts +29 -7
package/src/cli/twitter.ts +200 -21
package/src/cli.ts +1 -20
package/src/config/bundled-skills/contacts/tools/contact-merge.ts +52 -4
package/src/config/bundled-skills/contacts/tools/contact-search.ts +55 -4
package/src/config/bundled-skills/contacts/tools/contact-upsert.ts +61 -4
package/src/config/bundled-skills/messaging/SKILL.md +17 -2
package/src/config/bundled-skills/messaging/tools/messaging-reply.ts +4 -1
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +5 -1
package/src/config/bundled-skills/messaging/tools/shared.ts +5 -0
package/src/config/bundled-skills/phone-calls/SKILL.md +142 -34
package/src/config/bundled-skills/playbooks/tools/playbook-create.ts +95 -6
package/src/config/bundled-skills/playbooks/tools/playbook-delete.ts +51 -6
package/src/config/bundled-skills/playbooks/tools/playbook-list.ts +73 -6
package/src/config/bundled-skills/playbooks/tools/playbook-update.ts +110 -6
package/src/config/bundled-skills/public-ingress/SKILL.md +22 -5
package/src/config/bundled-skills/twitter/SKILL.md +103 -17
package/src/config/defaults.ts +10 -4
package/src/config/schema.ts +80 -21
package/src/config/types.ts +1 -0
package/src/config/vellum-skills/telegram-setup/SKILL.md +56 -61
package/src/daemon/assistant-attachments.ts +4 -2
package/src/daemon/handlers/apps.ts +69 -0
package/src/daemon/handlers/config.ts +543 -24
package/src/daemon/handlers/index.ts +1 -0
package/src/daemon/handlers/sessions.ts +22 -6
package/src/daemon/handlers/shared.ts +2 -1
package/src/daemon/handlers/skills.ts +5 -20
package/src/daemon/ipc-contract-inventory.json +28 -0
package/src/daemon/ipc-contract.ts +168 -10
package/src/daemon/ipc-validate.ts +17 -0
package/src/daemon/lifecycle.ts +2 -0
package/src/daemon/server.ts +78 -72
package/src/daemon/session-attachments.ts +1 -1
package/src/daemon/session-conflict-gate.ts +62 -6
package/src/daemon/session-notifiers.ts +1 -1
package/src/daemon/session-process.ts +62 -3
package/src/daemon/session-tool-setup.ts +1 -2
package/src/daemon/tls-certs.ts +189 -0
package/src/daemon/video-thumbnail.ts +5 -3
package/src/hooks/manager.ts +5 -9
package/src/memory/app-git-service.ts +295 -0
package/src/memory/app-store.ts +21 -0
package/src/memory/conflict-intent.ts +47 -4
package/src/memory/conflict-policy.ts +73 -0
package/src/memory/conflict-store.ts +9 -1
package/src/memory/contradiction-checker.ts +28 -0
package/src/memory/conversation-key-store.ts +15 -0
package/src/memory/db.ts +81 -0
package/src/memory/embedding-local.ts +3 -13
package/src/memory/external-conversation-store.ts +234 -0
package/src/memory/job-handlers/conflict.ts +22 -2
package/src/memory/jobs-worker.ts +67 -28
package/src/memory/runs-store.ts +54 -7
package/src/memory/schema.ts +20 -0
package/src/messaging/provider.ts +9 -0
package/src/messaging/providers/telegram-bot/adapter.ts +162 -0
package/src/messaging/providers/telegram-bot/client.ts +104 -0
package/src/messaging/providers/telegram-bot/types.ts +15 -0
package/src/messaging/registry.ts +1 -0
package/src/permissions/checker.ts +48 -44
package/src/permissions/prompter.ts +0 -4
package/src/permissions/shell-identity.ts +227 -0
package/src/permissions/trust-store.ts +76 -53
package/src/permissions/types.ts +0 -19
package/src/permissions/workspace-policy.ts +114 -0
package/src/providers/retry.ts +12 -37
package/src/runtime/assistant-event-hub.ts +41 -4
package/src/runtime/channel-approval-parser.ts +60 -0
package/src/runtime/channel-approval-types.ts +71 -0
package/src/runtime/channel-approvals.ts +145 -0
package/src/runtime/gateway-client.ts +16 -0
package/src/runtime/http-server.ts +29 -9
package/src/runtime/routes/call-routes.ts +52 -2
package/src/runtime/routes/channel-routes.ts +296 -16
package/src/runtime/routes/events-routes.ts +97 -28
package/src/runtime/routes/run-routes.ts +2 -7
package/src/runtime/run-orchestrator.ts +0 -3
package/src/schedule/recurrence-engine.ts +26 -2
package/src/schedule/recurrence-types.ts +1 -1
package/src/schedule/schedule-store.ts +12 -3
package/src/security/secret-scanner.ts +7 -0
package/src/tasks/ephemeral-permissions.ts +0 -2
package/src/tasks/task-scheduler.ts +2 -1
package/src/tools/calls/call-start.ts +8 -0
package/src/tools/execution-target.ts +21 -0
package/src/tools/execution-timeout.ts +49 -0
package/src/tools/executor.ts +6 -135
package/src/tools/network/web-search.ts +9 -32
package/src/tools/policy-context.ts +29 -0
package/src/tools/schedule/update.ts +8 -1
package/src/tools/terminal/parser.ts +16 -18
package/src/tools/types.ts +4 -11
package/src/twitter/oauth-client.ts +102 -0
package/src/twitter/router.ts +101 -0
package/src/util/debounce.ts +88 -0
package/src/util/network-info.ts +47 -0
package/src/util/platform.ts +29 -4
package/src/util/promise-guard.ts +37 -0
package/src/util/retry.ts +98 -0
package/src/util/truncate.ts +1 -1
package/src/workspace/git-service.ts +129 -112
package/src/tools/contacts/contact-merge.ts +0 -55
package/src/tools/contacts/contact-search.ts +0 -58
package/src/tools/contacts/contact-upsert.ts +0 -64
package/src/tools/playbooks/index.ts +0 -4
package/src/tools/playbooks/playbook-create.ts +0 -96
package/src/tools/playbooks/playbook-delete.ts +0 -52
package/src/tools/playbooks/playbook-list.ts +0 -74
package/src/tools/playbooks/playbook-update.ts +0 -111

package/src/__tests__/ingress-reconcile.test.ts ADDED Viewed

@@ -0,0 +1,581 @@
+import { describe, test, expect, mock, beforeEach, afterEach } from 'bun:test';
+import { mkdtempSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import * as net from 'node:net';
+const testDir = mkdtempSync(join(tmpdir(), 'ingress-reconcile-test-'));
+// Track loadRawConfig / saveRawConfig calls
+let rawConfigStore: Record<string, unknown> = {};
+mock.module('../config/loader.js', () => ({
+  getConfig: () => ({}),
+  loadConfig: () => ({}),
+  loadRawConfig: () => ({ ...rawConfigStore }),
+  saveRawConfig: (cfg: Record<string, unknown>) => {
+    rawConfigStore = { ...cfg };
+  },
+  saveConfig: () => {},
+  invalidateConfigCache: () => {},
+}));
+// readHttpToken return value — controlled per test
+let httpTokenValue: string | null = null;
+mock.module('../util/platform.js', () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => testDir,
+  getIpcBlobDir: () => join(testDir, 'ipc-blobs'),
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+  readHttpToken: () => httpTokenValue,
+}));
+mock.module('../util/logger.js', () => ({
+  getLogger: () => ({
+    info: () => {},
+    warn: () => {},
+    error: () => {},
+    debug: () => {},
+    trace: () => {},
+    fatal: () => {},
+    isDebug: () => false,
+    child: () => ({
+      info: () => {},
+      warn: () => {},
+      error: () => {},
+      debug: () => {},
+      isDebug: () => false,
+    }),
+  }),
+}));
+// Mock providers registry to avoid side effects
+mock.module('../providers/registry.js', () => ({
+  initializeProviders: () => {},
+}));
+import { handleIngressConfig } from '../daemon/handlers/config.js';
+import type { HandlerContext } from '../daemon/handlers/shared.js';
+import type {
+  IngressConfigRequest,
+  ServerMessage,
+} from '../daemon/ipc-contract.js';
+import { DebouncerMap } from '../util/debounce.js';
+// Capture fetch calls for reconcile trigger verification
+interface ReconcileCall {
+  url: string;
+  method: string;
+  headers: Record<string, string>;
+  body: string;
+}
+let reconcileCalls: ReconcileCall[] = [];
+let fetchShouldFail = false;
+const originalFetch = globalThis.fetch;
+function createTestContext(): { ctx: HandlerContext; sent: ServerMessage[] } {
+  const sent: ServerMessage[] = [];
+  const ctx: HandlerContext = {
+    sessions: new Map(),
+    socketToSession: new Map(),
+    cuSessions: new Map(),
+    socketToCuSession: new Map(),
+    cuObservationParseSequence: new Map(),
+    socketSandboxOverride: new Map(),
+    sharedRequestTimestamps: [],
+    debounceTimers: new DebouncerMap({ defaultDelayMs: 200 }),
+    suppressConfigReload: false,
+    setSuppressConfigReload: () => {},
+    updateConfigFingerprint: () => {},
+    send: (_socket, msg) => { sent.push(msg); },
+    broadcast: () => {},
+    clearAllSessions: () => 0,
+    getOrCreateSession: () => { throw new Error('not implemented'); },
+    touchSession: () => {},
+  };
+  return { ctx, sent };
+}
+describe('Ingress reconcile trigger in handleIngressConfig', () => {
+  let savedIngressEnv: string | undefined;
+  let savedGatewayBaseEnv: string | undefined;
+  let savedGatewayPortEnv: string | undefined;
+  beforeEach(() => {
+    rawConfigStore = {};
+    httpTokenValue = null;
+    reconcileCalls = [];
+    fetchShouldFail = false;
+    savedIngressEnv = process.env.INGRESS_PUBLIC_BASE_URL;
+    savedGatewayBaseEnv = process.env.GATEWAY_INTERNAL_BASE_URL;
+    savedGatewayPortEnv = process.env.GATEWAY_PORT;
+    delete process.env.INGRESS_PUBLIC_BASE_URL;
+    delete process.env.GATEWAY_INTERNAL_BASE_URL;
+    delete process.env.GATEWAY_PORT;
+    // Install fetch interceptor
+    globalThis.fetch = (async (url: string | URL | Request, init?: RequestInit) => {
+      const urlStr = typeof url === 'string' ? url : url instanceof URL ? url.toString() : url.url;
+      if (urlStr.includes('/internal/telegram/reconcile')) {
+        const headers: Record<string, string> = {};
+        if (init?.headers) {
+          const h = init.headers as Record<string, string>;
+          for (const [k, v] of Object.entries(h)) {
+            headers[k] = v;
+          }
+        }
+        reconcileCalls.push({
+          url: urlStr,
+          method: init?.method ?? 'GET',
+          headers,
+          body: (init?.body as string) ?? '',
+        });
+        if (fetchShouldFail) {
+          throw new Error('ECONNREFUSED: gateway unavailable');
+        }
+        return new Response(JSON.stringify({ ok: true }), { status: 200 });
+      }
+      return originalFetch(url, init);
+    }) as typeof fetch;
+  });
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+    if (savedIngressEnv !== undefined) {
+      process.env.INGRESS_PUBLIC_BASE_URL = savedIngressEnv;
+    } else {
+      delete process.env.INGRESS_PUBLIC_BASE_URL;
+    }
+    if (savedGatewayBaseEnv !== undefined) {
+      process.env.GATEWAY_INTERNAL_BASE_URL = savedGatewayBaseEnv;
+    } else {
+      delete process.env.GATEWAY_INTERNAL_BASE_URL;
+    }
+    if (savedGatewayPortEnv !== undefined) {
+      process.env.GATEWAY_PORT = savedGatewayPortEnv;
+    } else {
+      delete process.env.GATEWAY_PORT;
+    }
+  });
+  // ── Token present/missing behavior ──────────────────────────────────────
+  test('skips reconcile trigger when no HTTP bearer token is available', async () => {
+    httpTokenValue = null;
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://my-tunnel.example.com',
+      enabled: true,
+    };
+    const { ctx, sent } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    // Allow any pending microtasks to flush
+    await new Promise((r) => setTimeout(r, 50));
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; success: boolean };
+    expect(res.success).toBe(true);
+    // No reconcile call should have been made
+    expect(reconcileCalls).toHaveLength(0);
+  });
+  test('triggers reconcile when HTTP bearer token is available', async () => {
+    httpTokenValue = 'test-bearer-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://my-tunnel.example.com',
+      enabled: true,
+    };
+    const { ctx, sent } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(sent).toHaveLength(1);
+    expect(reconcileCalls).toHaveLength(1);
+    expect(reconcileCalls[0]!.headers['Authorization']).toBe('Bearer test-bearer-token');
+  });
+  // ── Request payload normalization ───────────────────────────────────────
+  test('sends ingressPublicBaseUrl in reconcile body when URL is set', async () => {
+    httpTokenValue = 'test-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://my-tunnel.example.com',
+      enabled: true,
+    };
+    const { ctx } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(reconcileCalls).toHaveLength(1);
+    const body = JSON.parse(reconcileCalls[0]!.body);
+    expect(body.ingressPublicBaseUrl).toBe('https://my-tunnel.example.com');
+  });
+  test('sends POST to /internal/telegram/reconcile with correct content type', async () => {
+    httpTokenValue = 'test-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://example.com',
+      enabled: true,
+    };
+    const { ctx } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(reconcileCalls).toHaveLength(1);
+    expect(reconcileCalls[0]!.method).toBe('POST');
+    expect(reconcileCalls[0]!.headers['Content-Type']).toBe('application/json');
+  });
+  test('normalizes trailing slashes in publicBaseUrl before sending reconcile', async () => {
+    httpTokenValue = 'test-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://my-tunnel.example.com///',
+      enabled: true,
+    };
+    const { ctx } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(reconcileCalls).toHaveLength(1);
+    const body = JSON.parse(reconcileCalls[0]!.body);
+    // The handler trims trailing slashes before storing and propagating
+    expect(body.ingressPublicBaseUrl).toBe('https://my-tunnel.example.com');
+  });
+  test('uses GATEWAY_INTERNAL_BASE_URL when set', async () => {
+    httpTokenValue = 'test-token';
+    process.env.GATEWAY_INTERNAL_BASE_URL = 'http://custom-gateway:9999';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://example.com',
+      enabled: true,
+    };
+    const { ctx } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(reconcileCalls).toHaveLength(1);
+    expect(reconcileCalls[0]!.url).toBe('http://custom-gateway:9999/internal/telegram/reconcile');
+  });
+  test('defaults to localhost:7830 when no GATEWAY env vars set', async () => {
+    httpTokenValue = 'test-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://example.com',
+      enabled: true,
+    };
+    const { ctx } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(reconcileCalls).toHaveLength(1);
+    expect(reconcileCalls[0]!.url).toBe('http://127.0.0.1:7830/internal/telegram/reconcile');
+  });
+  test('uses GATEWAY_PORT when GATEWAY_INTERNAL_BASE_URL is not set', async () => {
+    httpTokenValue = 'test-token';
+    process.env.GATEWAY_PORT = '8888';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://example.com',
+      enabled: true,
+    };
+    const { ctx } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(reconcileCalls).toHaveLength(1);
+    expect(reconcileCalls[0]!.url).toBe('http://127.0.0.1:8888/internal/telegram/reconcile');
+  });
+  // ── Non-fatal failure behavior ──────────────────────────────────────────
+  test('reconcile failure does not cause handleIngressConfig to fail', async () => {
+    httpTokenValue = 'test-token';
+    fetchShouldFail = true;
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://my-tunnel.example.com',
+      enabled: true,
+    };
+    const { ctx, sent } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    // The handler should still succeed even though reconcile fetch threw
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; success: boolean; enabled: boolean; publicBaseUrl: string };
+    expect(res.type).toBe('ingress_config_response');
+    expect(res.success).toBe(true);
+    expect(res.enabled).toBe(true);
+    expect(res.publicBaseUrl).toBe('https://my-tunnel.example.com');
+    // The reconcile attempt was still made (it just failed gracefully)
+    expect(reconcileCalls).toHaveLength(1);
+  });
+  test('response is sent before reconcile fetch completes', async () => {
+    httpTokenValue = 'test-token';
+    // Track timing: response should be sent before fetch resolves
+    let fetchResolved = false;
+    const originalMockFetch = globalThis.fetch;
+    globalThis.fetch = (async (url: string | URL | Request, init?: RequestInit) => {
+      const urlStr = typeof url === 'string' ? url : url instanceof URL ? url.toString() : url.url;
+      if (urlStr.includes('/internal/telegram/reconcile')) {
+        // Delay the response to simulate network latency
+        await new Promise((r) => setTimeout(r, 100));
+        fetchResolved = true;
+        reconcileCalls.push({
+          url: urlStr,
+          method: init?.method ?? 'GET',
+          headers: {},
+          body: (init?.body as string) ?? '',
+        });
+        return new Response(JSON.stringify({ ok: true }), { status: 200 });
+      }
+      return originalFetch(url, init);
+    }) as typeof fetch;
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://example.com',
+      enabled: true,
+    };
+    const { ctx, sent } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    // Response should be available immediately (before fetch resolves)
+    expect(sent).toHaveLength(1);
+    expect(fetchResolved).toBe(false);
+    // Clean up: wait for the delayed fetch to complete
+    await new Promise((r) => setTimeout(r, 150));
+    globalThis.fetch = originalMockFetch;
+  });
+  // ── Set flow ────────────────────────────────────────────────────────────
+  test('set action with enabled=true and URL triggers reconcile with the URL', async () => {
+    httpTokenValue = 'test-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://set-test.example.com',
+      enabled: true,
+    };
+    const { ctx, sent } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; success: boolean; enabled: boolean };
+    expect(res.success).toBe(true);
+    expect(res.enabled).toBe(true);
+    expect(reconcileCalls).toHaveLength(1);
+    const body = JSON.parse(reconcileCalls[0]!.body);
+    expect(body.ingressPublicBaseUrl).toBe('https://set-test.example.com');
+  });
+  // ── Clear flow ──────────────────────────────────────────────────────────
+  test('set action with empty URL and enabled=true (clear URL) still triggers reconcile', async () => {
+    httpTokenValue = 'test-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: '',
+      enabled: true,
+    };
+    const { ctx, sent } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; success: boolean };
+    expect(res.success).toBe(true);
+    // Reconcile is called unconditionally on set action
+    // When no URL and no env fallback, effectiveUrl is undefined so
+    // the reconcile body should send empty string (clears the gateway's URL)
+    expect(reconcileCalls).toHaveLength(1);
+    const body = JSON.parse(reconcileCalls[0]!.body);
+    expect(body.ingressPublicBaseUrl).toBe('');
+  });
+  // ── Disable flow ────────────────────────────────────────────────────────
+  test('set action with enabled=false triggers reconcile with empty URL', async () => {
+    httpTokenValue = 'test-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://disabled-test.example.com',
+      enabled: false,
+    };
+    const { ctx, sent } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; success: boolean; enabled: boolean };
+    expect(res.success).toBe(true);
+    expect(res.enabled).toBe(false);
+    // Reconcile should still fire (to clear gateway's in-memory URL)
+    expect(reconcileCalls).toHaveLength(1);
+    const body = JSON.parse(reconcileCalls[0]!.body);
+    // When disabled, effectiveUrl is undefined, so the body sends empty string
+    expect(body.ingressPublicBaseUrl).toBe('');
+  });
+  test('disabling ingress removes INGRESS_PUBLIC_BASE_URL env var', () => {
+    httpTokenValue = 'test-token';
+    // First set ingress to populate env var
+    process.env.INGRESS_PUBLIC_BASE_URL = 'https://should-be-removed.example.com';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://disabled-test.example.com',
+      enabled: false,
+    };
+    const { ctx } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    // Env var should be cleared
+    expect(process.env.INGRESS_PUBLIC_BASE_URL).toBeUndefined();
+  });
+  // ── Get action does not trigger reconcile ───────────────────────────────
+  test('get action does not trigger reconcile', async () => {
+    httpTokenValue = 'test-token';
+    rawConfigStore = {
+      ingress: { publicBaseUrl: 'https://existing.example.com', enabled: true },
+    };
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'get',
+    };
+    const { ctx, sent } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; success: boolean; publicBaseUrl: string };
+    expect(res.success).toBe(true);
+    expect(res.publicBaseUrl).toBe('https://existing.example.com');
+    // No reconcile should have been triggered for a get action
+    expect(reconcileCalls).toHaveLength(0);
+  });
+  // ── Env var propagation ─────────────────────────────────────────────────
+  test('set action propagates URL to process.env when enabled', () => {
+    httpTokenValue = 'test-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://env-propagation.example.com',
+      enabled: true,
+    };
+    const { ctx } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    expect(process.env.INGRESS_PUBLIC_BASE_URL).toBe('https://env-propagation.example.com');
+  });
+  test('reconcile uses effective URL from process.env (not raw value)', async () => {
+    httpTokenValue = 'test-token';
+    const msg: IngressConfigRequest = {
+      type: 'ingress_config',
+      action: 'set',
+      publicBaseUrl: 'https://effective-url.example.com',
+      enabled: true,
+    };
+    const { ctx } = createTestContext();
+    handleIngressConfig(msg, {} as net.Socket, ctx);
+    await new Promise((r) => setTimeout(r, 50));
+    expect(reconcileCalls).toHaveLength(1);
+    const body = JSON.parse(reconcileCalls[0]!.body);
+    // The URL in the reconcile body should match the effective env var
+    expect(body.ingressPublicBaseUrl).toBe('https://effective-url.example.com');
+  });
+});