vellum 0.2.8 → 0.2.9

package/bun.lock

@@ -11,7 +11,7 @@
         "@huggingface/transformers": "^3.8.1",
         "@qdrant/js-client-rest": "^1.16.2",
         "@sentry/node": "^10.38.0",
-        "@vellumai/cli": "0.1.8",
+        "@vellumai/cli": "0.1.9",
         "@vellumai/vellum-gateway": "0.1.10",
         "agentmail": "^0.1.0",
         "archiver": "^7.0.1",
@@ -542,7 +542,7 @@
 
     "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.56.0", "", { "dependencies": { "@typescript-eslint/types": "8.56.0", "eslint-visitor-keys": "^5.0.0" } }, "sha512-q+SL+b+05Ud6LbEE35qe4A99P+htKTKVbyiNEe45eCbJFyh/HVK9QXwlrbz+Q4L8SOW4roxSVwXYj4DMBT7Ieg=="],
 
-    "@vellumai/cli": ["@vellumai/cli@0.1.8", "", { "dependencies": { "ink": "^6.7.0", "react": "^19.2.4" }, "bin": { "vellum-cli": "src/index.ts" } }, "sha512-36P6W1rV1dK9Qg0N3oFjffz1CSarkGBgqc2ZGEI1de9RPSkVWBI0QmKCZrPeg1/qDzEh3InUIsV1qjNIe7z1pg=="],
+    "@vellumai/cli": ["@vellumai/cli@0.1.9", "", { "dependencies": { "ink": "^6.7.0", "react": "^19.2.4" }, "bin": { "vellum-cli": "src/index.ts" } }, "sha512-R5f9e6K2w+k5AwicpM4lNaWnXWaD9MvCRv6YCS+c7KuMUx8yD/jzRzSJTX1cIRNLcyty1bHrpInOQ2Wl5JeZDw=="],
 
     "@vellumai/vellum-gateway": ["@vellumai/vellum-gateway@0.1.10", "", { "dependencies": { "file-type": "^21.3.0", "pino": "^9.6.0", "pino-pretty": "^13.1.3", "zod": "^4.3.6" } }, "sha512-a41fGexW8RpWL4RTfZ3EM+XJMvz7t26D1axu2xAtZioXW3ZWMLGuogHnIJsgglzESl49E6VmmUsUGeD+dseV2w=="],
 

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "vellum",
-  "version": "0.2.8",
+  "version": "0.2.9",
   "type": "module",
   "bin": {
     "vellum": "./src/index.ts"
   },
   "scripts": {
     "dev": "bun run src/index.ts",
+    "daemon:restart:http": "RUNTIME_HTTP_PORT=7821 bun run src/index.ts daemon restart",
     "db:generate": "drizzle-kit generate",
     "db:push": "drizzle-kit push",
     "ipc:inventory": "bun run scripts/ipc/check-contract-inventory.ts",
@@ -28,7 +29,7 @@
     "@huggingface/transformers": "^3.8.1",
     "@qdrant/js-client-rest": "^1.16.2",
     "@sentry/node": "^10.38.0",
-    "@vellumai/cli": "0.1.8",
+    "@vellumai/cli": "0.1.9",
     "@vellumai/vellum-gateway": "0.1.10",
     "agentmail": "^0.1.0",
     "archiver": "^7.0.1",

package/src/__tests__/config-schema.test.ts

@@ -646,7 +646,6 @@ describe('AssistantConfigSchema', () => {
     expect(result.calls).toEqual({
       enabled: true,
       provider: 'twilio',
-      webhookBaseUrl: '',
       maxDurationSeconds: 3600,
       userConsultTimeoutSeconds: 120,
       disclosure: {
@@ -659,11 +658,6 @@ describe('AssistantConfigSchema', () => {
     });
   });
 
-  test('calls.webhookBaseUrl defaults to empty string', () => {
-    const result = AssistantConfigSchema.parse({});
-    expect(result.calls.webhookBaseUrl).toBe('');
-  });
-
   test('accepts valid calls config overrides', () => {
     const result = AssistantConfigSchema.parse({
       calls: {

package/src/__tests__/forbidden-legacy-symbols.test.ts

@@ -0,0 +1,69 @@
+import { describe, test, expect } from 'bun:test';
+import { execSync } from 'node:child_process';
+import { resolve } from 'node:path';
+
+/**
+ * Guard test: fail if any legacy Twilio ingress symbols reappear in
+ * production source code, docs, configs, or scripts.
+ *
+ * Context: As part of the gateway-only ingress migration (#5948, #6000),
+ * all Twilio webhook configuration was consolidated into the gateway service.
+ * The assistant no longer manages its own Twilio webhook URLs — the gateway
+ * is the single ingress point for all telephony webhooks. Re-introducing
+ * these symbols in the assistant would bypass that architecture and create
+ * a split-brain ingress problem.
+ *
+ * Forbidden symbols:
+ *   - legacy uppercase Twilio webhook base env var
+ *   - twilioWebhookBaseUrl
+ *   - twilio_webhook_config
+ *   - calls.webhookBaseUrl
+ *
+ * Excluded directories:
+ *   - node_modules  — third-party code, not under our control
+ *   - __tests__     — test files (including this guard test) reference the
+ *                     symbols in grep patterns and assertions
+ *   - .private      — local-only developer notes and scratch files
+ */
+describe('forbidden legacy symbols', () => {
+  test('no production code references removed Twilio ingress symbols', () => {
+    const legacyEnvVar = ['TWILIO', 'WEBHOOK', 'BASE', 'URL'].join('_');
+    const forbiddenSymbols = [
+      legacyEnvVar,
+      'twilioWebhookBaseUrl',
+      'twilio_webhook_config',
+      'calls.webhookBaseUrl',
+    ];
+    const escapedPattern = forbiddenSymbols
+      .map((symbol) => symbol.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'))
+      .join('|');
+
+    const repoRoot = resolve(__dirname, '..', '..', '..');
+    let matches = '';
+    try {
+      matches = execSync(
+        `grep -rn -E "${escapedPattern}"` +
+        ' --include="*.ts" --include="*.tsx" --include="*.js" --include="*.mjs" --include="*.swift"' +
+        ' --include="*.json" --include="*.md" --include="*.yml" --include="*.yaml"' +
+        ' --include="*.sh"' +
+        ' --exclude-dir=node_modules --exclude-dir=__tests__ --exclude-dir=.private' +
+        ' .',
+        { cwd: repoRoot, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] },
+      );
+    } catch (err: unknown) {
+      // grep exits with code 1 when no matches are found — that is the expected (passing) case
+      const exitCode = (err as { status?: number }).status;
+      if (exitCode === 1) {
+        // No matches found — test passes
+        return;
+      }
+      // Any other error is unexpected
+      throw err;
+    }
+
+    // If we reach here, grep found matches (exit code 0) — fail the test
+    expect(matches.trim()).toBe(
+      '', // should be empty — if not, the matched lines appear in the failure message
+    );
+  });
+});

package/src/__tests__/gateway-only-enforcement.test.ts

@@ -4,8 +4,8 @@
  * Verifies:
  * - Direct Twilio webhook routes return 410 in gateway_only mode
  * - Internal forwarding routes (gateway→runtime) still work in gateway_only mode
- * - Relay WebSocket upgrade blocked for non-localhost origins in gateway_only mode
- * - Relay WebSocket upgrade allowed from localhost in gateway_only mode
+ * - Relay WebSocket upgrade blocked for non-private-network origins (isPrivateNetworkOrigin) in gateway_only mode
+ * - Relay WebSocket upgrade allowed from private network peers/origins in gateway_only mode
  * - All routes work normally in compat mode
  * - Startup warning when RUNTIME_HTTP_HOST is not loopback in gateway_only mode
  */
@@ -133,7 +133,7 @@ mock.module('../security/oauth-callback-registry.js', () => ({
   consumeCallbackError: () => true,
 }));
 
-import { RuntimeHttpServer } from '../runtime/http-server.js';
+import { RuntimeHttpServer, isPrivateAddress } from '../runtime/http-server.js';
 
 // ---------------------------------------------------------------------------
 // Helpers
@@ -156,13 +156,13 @@ describe('gateway-only ingress enforcement', () => {
 
   beforeEach(async () => {
     logMessages.length = 0;
-    port = 17800 + Math.floor(Math.random() * 1000);
     server = new RuntimeHttpServer({
-      port,
+      port: 0,
       hostname: '127.0.0.1',
       bearerToken: TEST_TOKEN,
     });
     await server.start();
+    port = server.actualPort;
   });
 
   afterEach(async () => {
@@ -294,7 +294,9 @@ describe('gateway-only ingress enforcement', () => {
     beforeEach(() => { mockIngressMode = 'gateway_only'; });
     afterEach(() => { mockIngressMode = 'compat'; });
 
-    test('blocks non-localhost origin', async () => {
+    test('blocks non-private-network origin', async () => {
+      // The peer address (127.0.0.1) passes the private network check,
+      // but the external Origin header triggers the secondary defense-in-depth block.
       const res = await fetch(`http://127.0.0.1:${port}/v1/calls/relay?callSessionId=sess-123`, {
         headers: {
           'Upgrade': 'websocket',
@@ -310,8 +312,9 @@ describe('gateway-only ingress enforcement', () => {
       expect(body.error).toContain('gateway-only mode');
     });
 
-    test('allows request with no origin header (localhost)', async () => {
-      // Without an origin header, isLoopbackOrigin returns true
+    test('allows request with no origin header (private network peer)', async () => {
+      // Without an origin header, isPrivateNetworkOrigin returns true.
+      // The peer address (127.0.0.1) passes the private network peer check.
       const res = await fetch(`http://127.0.0.1:${port}/v1/calls/relay?callSessionId=sess-123`, {
         headers: {
           'Upgrade': 'websocket',
@@ -325,7 +328,7 @@ describe('gateway-only ingress enforcement', () => {
       expect(res.status).not.toBe(403);
     });
 
-    test('allows localhost origin', async () => {
+    test('allows localhost origin from loopback peer', async () => {
       const res = await fetch(`http://127.0.0.1:${port}/v1/calls/relay?callSessionId=sess-123`, {
         headers: {
           'Upgrade': 'websocket',
@@ -400,6 +403,83 @@ describe('gateway-only ingress enforcement', () => {
     });
   });
 
+  // ── isPrivateAddress unit tests ─────────────────────────────────────
+
+  describe('isPrivateAddress', () => {
+    // Loopback
+    test.each([
+      '127.0.0.1',
+      '127.0.0.2',
+      '127.255.255.255',
+      '::1',
+      '::ffff:127.0.0.1',
+    ])('accepts loopback address %s', (addr) => {
+      expect(isPrivateAddress(addr)).toBe(true);
+    });
+
+    // RFC 1918 private ranges
+    test.each([
+      '10.0.0.1',
+      '10.255.255.255',
+      '172.16.0.1',
+      '172.31.255.255',
+      '192.168.0.1',
+      '192.168.1.100',
+    ])('accepts RFC 1918 private address %s', (addr) => {
+      expect(isPrivateAddress(addr)).toBe(true);
+    });
+
+    // Link-local
+    test.each([
+      '169.254.0.1',
+      '169.254.255.255',
+    ])('accepts link-local address %s', (addr) => {
+      expect(isPrivateAddress(addr)).toBe(true);
+    });
+
+    // IPv6 unique local (fc00::/7)
+    test.each([
+      'fc00::1',
+      'fd12:3456:789a::1',
+      'fdff::1',
+    ])('accepts IPv6 unique local address %s', (addr) => {
+      expect(isPrivateAddress(addr)).toBe(true);
+    });
+
+    // IPv6 link-local (fe80::/10)
+    test.each([
+      'fe80::1',
+      'fe80::abcd:1234',
+    ])('accepts IPv6 link-local address %s', (addr) => {
+      expect(isPrivateAddress(addr)).toBe(true);
+    });
+
+    // IPv4-mapped IPv6 private addresses
+    test.each([
+      '::ffff:10.0.0.1',
+      '::ffff:172.16.0.1',
+      '::ffff:192.168.1.1',
+      '::ffff:169.254.0.1',
+    ])('accepts IPv4-mapped IPv6 private address %s', (addr) => {
+      expect(isPrivateAddress(addr)).toBe(true);
+    });
+
+    // Public addresses — should be rejected
+    test.each([
+      '8.8.8.8',
+      '1.1.1.1',
+      '203.0.113.1',
+      '172.32.0.1',
+      '172.15.255.255',
+      '11.0.0.1',
+      '192.169.0.1',
+      '::ffff:8.8.8.8',
+      '2001:db8::1',
+    ])('rejects public address %s', (addr) => {
+      expect(isPrivateAddress(addr)).toBe(false);
+    });
+  });
+
   // ── Startup warning for non-loopback host ──────────────────────────
 
   describe('startup guard — non-loopback host warning', () => {
@@ -408,7 +488,7 @@ describe('gateway-only ingress enforcement', () => {
       logMessages.length = 0;
 
       const warnServer = new RuntimeHttpServer({
-        port: port + 100,
+        port: 0,
         hostname: '0.0.0.0',
         bearerToken: TEST_TOKEN,
       });
@@ -435,7 +515,7 @@ describe('gateway-only ingress enforcement', () => {
       // The main test server already uses 127.0.0.1, so restart with
       // a fresh server and capture logs
       const loopbackServer = new RuntimeHttpServer({
-        port: port + 200,
+        port: 0,
         hostname: '127.0.0.1',
         bearerToken: TEST_TOKEN,
       });

package/src/__tests__/ingress-url-consistency.test.ts

@@ -0,0 +1,214 @@
+import { describe, test, expect, beforeEach, afterEach, mock } from 'bun:test';
+import { createHmac } from 'node:crypto';
+
+// ---------------------------------------------------------------------------
+// Mocks — silence logger output during tests
+// ---------------------------------------------------------------------------
+
+function makeLoggerStub(): Record<string, unknown> {
+  const stub: Record<string, unknown> = {};
+  for (const m of ['info', 'warn', 'error', 'debug', 'trace', 'fatal', 'silent', 'child']) {
+    stub[m] = m === 'child' ? () => makeLoggerStub() : () => {};
+  }
+  return stub;
+}
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () => makeLoggerStub(),
+}));
+
+import {
+  getPublicBaseUrl,
+  getTwilioVoiceWebhookUrl,
+  getTwilioStatusCallbackUrl,
+  type IngressConfig,
+} from '../inbound/public-ingress-urls.js';
+
+// ---------------------------------------------------------------------------
+// Helpers — simulate Twilio signature validation the same way the gateway does
+// ---------------------------------------------------------------------------
+
+/**
+ * Reproduce the gateway's canonical URL reconstruction logic from
+ * gateway/src/twilio/validate-webhook.ts (lines 72-76).
+ */
+function reconstructGatewayCanonicalUrl(
+  ingressPublicBaseUrl: string | undefined,
+  requestUrl: string,
+): string {
+  const parsedUrl = new URL(requestUrl);
+  if (ingressPublicBaseUrl) {
+    return ingressPublicBaseUrl.replace(/\/$/, '') + parsedUrl.pathname + parsedUrl.search;
+  }
+  return requestUrl;
+}
+
+/**
+ * Reproduce Twilio's HMAC-SHA1 signature algorithm (same as
+ * gateway/src/twilio/verify.ts).
+ */
+function computeTwilioSignature(
+  url: string,
+  params: Record<string, string>,
+  authToken: string,
+): string {
+  const sortedKeys = Object.keys(params).sort();
+  let data = url;
+  for (const key of sortedKeys) {
+    data += key + params[key];
+  }
+  return createHmac('sha1', authToken).update(data).digest('base64');
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe('Ingress URL consistency between assistant and gateway', () => {
+  let savedIngressEnv: string | undefined;
+
+  beforeEach(() => {
+    savedIngressEnv = process.env.INGRESS_PUBLIC_BASE_URL;
+    delete process.env.INGRESS_PUBLIC_BASE_URL;
+  });
+
+  afterEach(() => {
+    if (savedIngressEnv !== undefined) {
+      process.env.INGRESS_PUBLIC_BASE_URL = savedIngressEnv;
+    } else {
+      delete process.env.INGRESS_PUBLIC_BASE_URL;
+    }
+  });
+
+  test('assistant callback URL and gateway signature reconstruction use same base when config is set', () => {
+    const config: IngressConfig = {
+      ingress: { publicBaseUrl: 'https://my-tunnel.ngrok.io' },
+    };
+
+    // What the assistant would generate as the Twilio voice webhook callback
+    const assistantCallbackUrl = getTwilioVoiceWebhookUrl(config, 'session-abc');
+
+    // Simulate: when hatch.ts spawns the gateway, it reads config.ingress.publicBaseUrl
+    // and passes it as INGRESS_PUBLIC_BASE_URL. The gateway stores this as
+    // config.ingressPublicBaseUrl.
+    const gatewayIngressPublicBaseUrl = getPublicBaseUrl(config);
+
+    // When Twilio calls the gateway, the gateway reconstructs the canonical URL
+    // from the inbound request URL (which is localhost) + the configured base.
+    const inboundRequestUrl = 'http://127.0.0.1:7830/webhooks/twilio/voice?callSessionId=session-abc';
+    const gatewayCanonicalUrl = reconstructGatewayCanonicalUrl(
+      gatewayIngressPublicBaseUrl,
+      inboundRequestUrl,
+    );
+
+    // Both must resolve to the same URL for Twilio signatures to validate
+    expect(gatewayCanonicalUrl).toBe(assistantCallbackUrl);
+  });
+
+  test('Twilio signature computed against assistant URL validates at gateway', () => {
+    const publicBase = 'https://my-tunnel.ngrok.io';
+    const authToken = 'test-twilio-auth-token-12345';
+    const config: IngressConfig = {
+      ingress: { publicBaseUrl: publicBase },
+    };
+
+    // Assistant generates the callback URL and registers it with Twilio
+    const callbackUrl = getTwilioStatusCallbackUrl(config);
+    expect(callbackUrl).toBe('https://my-tunnel.ngrok.io/webhooks/twilio/status');
+
+    // Twilio signs the request using the callback URL
+    const params = { CallSid: 'CA123', CallStatus: 'completed' };
+    const twilioSignature = computeTwilioSignature(callbackUrl, params, authToken);
+
+    // Gateway receives the request on its local address
+    const localRequestUrl = 'http://127.0.0.1:7830/webhooks/twilio/status';
+
+    // Gateway reconstructs the canonical URL using its configured base
+    // (which was passed from the assistant's config via INGRESS_PUBLIC_BASE_URL)
+    const gatewayIngressPublicBaseUrl = getPublicBaseUrl(config);
+    const canonicalUrl = reconstructGatewayCanonicalUrl(
+      gatewayIngressPublicBaseUrl,
+      localRequestUrl,
+    );
+
+    // Verify the signature matches
+    const recomputedSignature = computeTwilioSignature(canonicalUrl, params, authToken);
+    expect(recomputedSignature).toBe(twilioSignature);
+  });
+
+  test('mismatch scenario: gateway without config creates signature validation failure', () => {
+    const authToken = 'test-twilio-auth-token-12345';
+
+    // Assistant uses config-based URL
+    const assistantConfig: IngressConfig = {
+      ingress: { publicBaseUrl: 'https://my-tunnel.ngrok.io' },
+    };
+    const callbackUrl = getTwilioStatusCallbackUrl(assistantConfig);
+
+    // Twilio signs against the callback URL the assistant registered
+    const params = { CallSid: 'CA123', CallStatus: 'completed' };
+    const twilioSignature = computeTwilioSignature(callbackUrl, params, authToken);
+
+    // Gateway does NOT have the ingress URL configured (simulating the bug)
+    const localRequestUrl = 'http://127.0.0.1:7830/webhooks/twilio/status';
+    const canonicalUrlWithout = reconstructGatewayCanonicalUrl(undefined, localRequestUrl);
+
+    // Signature should NOT match — this proves the mismatch bug
+    const recomputedWithout = computeTwilioSignature(canonicalUrlWithout, params, authToken);
+    expect(recomputedWithout).not.toBe(twilioSignature);
+
+    // Now simulate the fix: gateway has the same ingress URL
+    const canonicalUrlWith = reconstructGatewayCanonicalUrl(
+      'https://my-tunnel.ngrok.io',
+      localRequestUrl,
+    );
+    const recomputedWith = computeTwilioSignature(canonicalUrlWith, params, authToken);
+    expect(recomputedWith).toBe(twilioSignature);
+  });
+
+  test('env var fallback produces consistent URLs across assistant and gateway', () => {
+    // When no config.ingress.publicBaseUrl is set, both assistant and gateway
+    // fall back to the INGRESS_PUBLIC_BASE_URL env var.
+    process.env.INGRESS_PUBLIC_BASE_URL = 'https://env-tunnel.example.com';
+
+    const config: IngressConfig = {};
+
+    // Assistant resolves the base URL from env
+    const assistantBase = getPublicBaseUrl(config);
+    expect(assistantBase).toBe('https://env-tunnel.example.com');
+
+    // Gateway would also read the same env var (process.env.INGRESS_PUBLIC_BASE_URL)
+    // and store it as config.ingressPublicBaseUrl.
+    const gatewayIngressPublicBaseUrl = process.env.INGRESS_PUBLIC_BASE_URL;
+
+    // Callback URL generated by assistant
+    const callbackUrl = getTwilioVoiceWebhookUrl(config, 'session-xyz');
+
+    // Gateway canonical URL reconstruction
+    const localUrl = 'http://127.0.0.1:7830/webhooks/twilio/voice?callSessionId=session-xyz';
+    const gatewayCanonical = reconstructGatewayCanonicalUrl(
+      gatewayIngressPublicBaseUrl,
+      localUrl,
+    );
+
+    expect(gatewayCanonical).toBe(callbackUrl);
+  });
+
+  test('trailing slashes are normalized consistently', () => {
+    const config: IngressConfig = {
+      ingress: { publicBaseUrl: 'https://my-tunnel.ngrok.io///' },
+    };
+
+    const assistantBase = getPublicBaseUrl(config);
+    expect(assistantBase).toBe('https://my-tunnel.ngrok.io');
+
+    const callbackUrl = getTwilioVoiceWebhookUrl(config, 'session-1');
+
+    // Gateway would receive the normalized value (hatch.ts trims trailing slashes)
+    const gatewayBase = 'https://my-tunnel.ngrok.io';
+    const localUrl = 'http://127.0.0.1:7830/webhooks/twilio/voice?callSessionId=session-1';
+    const gatewayCanonical = reconstructGatewayCanonicalUrl(gatewayBase, localUrl);
+
+    expect(gatewayCanonical).toBe(callbackUrl);
+  });
+});

package/src/__tests__/ipc-snapshot.test.ts

@@ -339,8 +339,8 @@ const clientMessages: Record<ClientMessageType, ClientMessage> = {
     type: 'slack_webhook_config',
     action: 'get',
   },
-  twilio_webhook_config: {
-    type: 'twilio_webhook_config',
+  ingress_config: {
+    type: 'ingress_config',
     action: 'get',
   },
   vercel_api_config: {
@@ -892,6 +892,11 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
     title: 'Urgent email from Alice',
     body: 'Meeting rescheduled to 3pm today.',
   },
+  agent_heartbeat_alert: {
+    type: 'agent_heartbeat_alert',
+    title: 'Agent heartbeat stalled',
+    body: 'No activity detected in the last 60 minutes.',
+  },
   watch_started: {
     type: 'watch_started',
     sessionId: 'sess-001',
@@ -1129,9 +1134,10 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
     webhookUrl: 'https://hooks.slack.com/services/T00/B00/xxx',
     success: true,
   },
-  twilio_webhook_config_response: {
-    type: 'twilio_webhook_config_response',
-    webhookBaseUrl: 'https://example.com/twilio',
+  ingress_config_response: {
+    type: 'ingress_config_response',
+    publicBaseUrl: 'https://example.com',
+    localGatewayTarget: 'http://127.0.0.1:7830',
     success: true,
   },
   vercel_api_config_response: {
@@ -1408,6 +1414,12 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
   open_tasks_window: {
     type: 'open_tasks_window',
   },
+  task_run_thread_created: {
+    type: 'task_run_thread_created',
+    conversationId: 'conv-task-run-001',
+    workItemId: 'wi-001',
+    title: 'Process report',
+  },
   subagent_spawned: {
     type: 'subagent_spawned',
     subagentId: 'sub-001',
@@ -1429,17 +1441,6 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
       sessionId: 'sub-sess-001',
     },
   },
-  agent_heartbeat_alert: {
-    type: 'agent_heartbeat_alert',
-    title: 'Agent unresponsive',
-    body: 'The agent has not responded for 5 minutes.',
-  },
-  task_run_thread_created: {
-    type: 'task_run_thread_created',
-    conversationId: 'conv-task-001',
-    workItemId: 'work-item-001',
-    title: 'Task run thread',
-  },
 };
 
 // ---------------------------------------------------------------------------

package/src/__tests__/oauth2-gateway-transport.test.ts

@@ -51,7 +51,13 @@ let mockOAuthCallbackUrl = '';
 
 mock.module('../inbound/public-ingress-urls.js', () => ({
   getOAuthCallbackUrl: () => mockOAuthCallbackUrl,
-  getPublicBaseUrl: () => 'https://gw.example.com',
+  getPublicBaseUrl: (config?: { ingress?: { publicBaseUrl?: string } }) => {
+    const url = config?.ingress?.publicBaseUrl ?? mockPublicBaseUrl;
+    if (!url) {
+      throw new Error('No public base URL configured.');
+    }
+    return url;
+  },
 }));
 
 // Mock fetch for token exchange