Lab: Vault CEL expressions replaced with VaultSecretBag sentinels after model type upgrade

Description

When a model instance references a sensitive global argument via a CEL vault expression (${{ vault.get("vault", "key") }}), bumping the model type version and adding an upgrades entry causes the model YAML to be re-serialized with the in-memory VaultSecretBag sentinel (__SWAMP_VSEC_<hex>_<n>__) instead of the original CEL expression.

The sentinel prefix is per-process random (crypto.getRandomValues in VaultSecretBag), so subsequent invocations cannot resolve it. The literal sentinel string gets sent to upstream APIs as if it were the secret value.

Steps to reproduce

Define a model type with a sensitive global argument (z.string().meta({ sensitive: true }))

Create an instance with a CEL vault expression in the YAML:

globalArguments:
  apiKey: ${{ vault.get("myvault", "my-api-key") }}

Run any method — succeeds, secret resolves correctly

Bump the model type version and add an upgrade entry (even a no-op):

upgrades: [{
  fromVersion: "old", toVersion: "new",
  description: "No-op",
  upgradeAttributes: (old) => old,
}]

Run a method — the upgrade fires

Inspect models/<type>/<id>.yaml:

globalArguments:
  apiKey: __SWAMP_VSEC_a1b2c3d4_0__

All subsequent method runs send the literal sentinel to the API → auth failures

Expected

The upgrade pipeline should preserve the original CEL vault expression (or a stable vault reference) rather than persisting the transient per-process sentinel.

Workaround

Manually restore ${{ vault.get("vault", "key") }} in the model YAML.

Source pointer

src/domain/vaults/vault_secret_bag.ts — sentinels are valid only within the process that created the bag. The upgrade pipeline appears to capture resolved sentinels into persisted YAML.

Environment

swamp 20260206.200442.0-sha

Add swamp data delete command to remove a data artifact by model and name

add `swamp doctor extensions` subcommand for on-demand extension load diagnostics

AI agent skipped adversarial review step before smoke testing extension code

Better Auth rejects requests on hostnames not in hardcoded trustedOrigins (signup/signin broken on non-canonical hosts)

Local extension models in extensions/models are not discovered in fresh repo tutorial flow

ticket 1138 not clear - can we still use github?

Drag Windows into the Swamp

Add `swamp extension test` command to run built-in extension tests with coverage

swamp repo init --tool kiro does not create .kiro/settings/cli.json

Support multi-agent repo initialization (multiple --tool targets)

CLI dumps 300-line Cliffy Command object on unknown flags / subcommands

Docs: repository-configuration.md missing defaultDriver / defaultDriverConfig

Server-side parse query params on /lab/all so refresh preserves multi-filter URLs

fast-path sidecar TOCTOU: post-op HEAD can record generation from a concurrent writer's push, masking their data on next sync

Scorer should honour files/deno.json imports so bare specifiers resolve

@swamp/gcs-datastore: same minutes-slow zero-diff sync cliff as lab/164; mirror fingerprint fast path

cleanup for repoDriver

swamp datastore sync is minutes-slow at 4k-file scale even with zero-diff; outer 300s timeout fires

swamp-extension-publish skill: add quality rubric check before push

New @swamp extension: extension quality rubric checker for CI

swamp-extension-quality and swamp-extension-publish skills don't guide zod import map resolution for scorer

swamp repo upgrade deletes extension model source files

Add repo-level `defaultDriver` to `.swamp.yaml`

User report extensions registered lazily are silently skipped during method execution

swamp extension install: datastore push hangs ~8.5m then crashes with Deno TLS panic (tls_wrap.rs:1918 unwrap on None)

Add a preflight diagnostic for AI-tool audit integrations (so upstream CLI changes stop breaking us silently)

audit record --from-hook silently drops input from kiro-cli postToolUse hooks

codegen pipelines don't detect _lib/*.ts changes so manifest CalVer never bumps

Link to namespace extensions listing from profile pages

Trailing slash on /extensions/@<namespace>/ returns 404

No way to browse all extensions belonging to a collective by URL

DatastoreProvider.resolveCachePath declared optional but silently required at runtime

Accept-invite link returns HTML instead of JSON, breaking collective join

additionalFiles flatten to basenames on push and lack a runtime access API, creating a source-vs-pulled layout mismatch

Extension search returns inflated results for quoted phrase queries

Docs: document jsr:/https: imports and non-local pinning convention in user-facing manual

First-class jsr: specifier support in extension bundler

Cross-extension code sharing via manifest exports field

Extension models: document/resolve implicit-any in execute parameters when imported by test files

extension yank: allow unyank and version-specific yanks

extension source add does not discover brand new types — only overrides already-pulled types

Add light mode to swamp.club and swamp open UI

Add 'swamp open' command to open the swamp.club web UI

Add light mode to swamp.club website

Datastore sync surfaces opaque errors from extensions verbatim — no status code or body preview

@swamp/s3-datastore: first-attempt 403 masked as "UnknownError" from AWS SDK deserializer

Extension auto-resolve reports "already_installed" for truncated pulled-extension trees

Email delivery for mention notifications

Auto-update WARN is silent in --json mode (logger suppresses non-fatal)

open.ts web UI uses force:true pullExtension, same data-loss family as #126

Port bundle_freshness (content-fingerprint cache invalidation) to reports / drivers / datastores / vaults loaders

Mentions and notifications system for issues

Datastore auto-update in resolve_datastore.ts uses force:true, risking silent overwrite of local edits

Per-repo user-extension bundle cache doesn't invalidate on source changes

Adding methods to in-body `methods:{}` on `export const model` doesn't re-register

User extensions silently dropped when base type not yet registered at scan time

Footer floats when page content is shorter than viewport

workflow validate can silently overwrite local edits to pulled extensions via force-pull in auto-resolver

Extension pull should namespace files by extension to prevent filename collisions

Update CLAUDE.md co-author instructions to use swamp-club issue author lookup

Add swamp issue get CLI command to fetch issue details

swamp-club API: include issue author in GET /api/v1/lab/issues/{number} response

Install command curl-pipe-sh overflows the component on swamp.club homepage

'Assigned to me' overlaps 'Privacy policy' on short viewports

Collapsible left rail and repositionable right rail in Lab

Usernames aren't linked to their profile pages

Filter lab issues by author (opened by user)

Add skills extension type for bundling agent/human guidance documents

Remove traffic lights in column 2 of /lab

Multi-select combo filtering on /lab

data gc skips version-count GC when no lifetime-expired data exists

Content filter should identify the flagged word or phrase

Bog flow: text rendering and layout issues

Flow modal: text rendering issues

Normalize text sizing across issue list and detail views

Description 'Show more' button appears even when text fits

Inline editing: click-to-edit fields instead of pencil icons

Persist lab filter selection in localStorage

Update how-to guide with swamp-extension-publish skill

Fix incorrect favicon in Google search results