@adcp/client 4.14.0 → 4.16.0

package/dist/lib/testing/compliance/comply.js

@@ -47,13 +47,21 @@ const client_1 = require("../client");
 const orchestrator_1 = require("../orchestrator");
 const profiles_1 = require("./profiles");
 const mcp_1 = require("../../protocols/mcp");
+const test_controller_1 = require("../test-controller");
 /**
  * Maps each track to its constituent scenarios and a human-readable label.
  */
 const TRACK_DEFINITIONS = {
     core: {
         label: 'Core Protocol',
-        scenarios: ['health_check', 'discovery', 'capability_discovery', 'schema_compliance'],
+        scenarios: [
+            'health_check',
+            'discovery',
+            'capability_discovery',
+            'schema_compliance',
+            'controller_validation',
+            'deterministic_account',
+        ],
     },
     products: {
         label: 'Product Discovery',
@@ -69,29 +77,41 @@ const TRACK_DEFINITIONS = {
             'media_buy_lifecycle',
             'terminal_state_enforcement',
             'package_lifecycle',
+            'seller_governance_context',
+            'deterministic_media_buy',
+            'deterministic_budget',
         ],
     },
     creative: {
         label: 'Creative Management',
-        scenarios: ['creative_sync', 'creative_flow'],
+        scenarios: ['creative_sync', 'creative_flow', 'deterministic_creative'],
     },
     reporting: {
         label: 'Reporting',
         // full_sales_flow covers get_media_buy_delivery — but we assess it as a
         // separate track concern by checking if the agent has the tool
-        scenarios: ['full_sales_flow'],
+        scenarios: ['full_sales_flow', 'deterministic_delivery'],
     },
     governance: {
         label: 'Governance',
         scenarios: ['governance_property_lists', 'governance_content_standards', 'property_list_filters'],
     },
+    campaign_governance: {
+        label: 'Campaign Governance',
+        scenarios: [
+            'campaign_governance',
+            'campaign_governance_denied',
+            'campaign_governance_conditions',
+            'campaign_governance_delivery',
+        ],
+    },
     signals: {
         label: 'Signals',
         scenarios: ['signals_flow'],
     },
     si: {
         label: 'Sponsored Intelligence',
-        scenarios: ['si_session_lifecycle', 'si_availability', 'si_handoff'],
+        scenarios: ['si_session_lifecycle', 'si_availability', 'si_handoff', 'deterministic_session'],
     },
     audiences: {
         label: 'Audience Management',
@@ -113,6 +133,7 @@ const TRACK_RELEVANCE = {
     creative: ['sync_creatives', 'build_creative', 'list_creative_formats'],
     reporting: ['get_media_buy_delivery'],
     governance: ['create_property_list', 'list_content_standards'],
+    campaign_governance: ['sync_plans', 'check_governance'],
     signals: ['get_signals'],
     si: ['si_initiate_session'],
     audiences: ['sync_audiences'],
@@ -125,6 +146,7 @@ const TRACK_ORDER = [
     'creative',
     'reporting',
     'governance',
+    'campaign_governance',
     'signals',
     'si',
     'audiences',
@@ -248,8 +270,11 @@ function collectObservations(track, results, profile) {
     }
     // Media buy track observations
     if (track === 'media_buy') {
-        // Check for valid_actions support
+        // Check for valid_actions support (first match only)
+        let checkedValidActions = false;
         for (const result of results) {
+            if (checkedValidActions)
+                break;
             for (const step of result.steps ?? []) {
                 if (step.task === 'get_media_buys' && step.response_preview) {
                     try {
@@ -257,12 +282,135 @@ function collectObservations(track, results, profile) {
                         if (preview.valid_actions === undefined || preview.valid_actions === null) {
                             observations.push({
                                 category: 'best_practice',
-                                severity: 'suggestion',
+                                severity: 'warning',
                                 track,
                                 message: 'Agent does not return valid_actions in get_media_buys response. ' +
-                                    'valid_actions eliminates the need for buyers to internalize the state machine.',
+                                    'Without valid_actions, buyer agents must hardcode the state machine to know what operations are permitted.',
+                            });
+                        }
+                        // Check creative_deadline support
+                        if (preview.has_creative_deadline === false) {
+                            observations.push({
+                                category: 'best_practice',
+                                severity: 'suggestion',
+                                track,
+                                message: 'Agent does not return creative_deadline on media buys or packages. ' +
+                                    'Buyers need to know when creative uploads must be finalized to avoid rejected submissions.',
+                            });
+                        }
+                        // Check history entry shape when present
+                        if (preview.history_entries && preview.history_entries > 0 && preview.history_valid === false) {
+                            observations.push({
+                                category: 'best_practice',
+                                severity: 'warning',
+                                track,
+                                message: 'Agent returns history entries but some lack required fields (timestamp, action). ' +
+                                    'History entries must include at least timestamp and action to be useful for audit.',
+                            });
+                        }
+                        // Check dry_run/sandbox confirmation
+                        if (preview.sandbox === undefined || preview.sandbox === null) {
+                            observations.push({
+                                category: 'best_practice',
+                                severity: 'suggestion',
+                                track,
+                                message: 'Agent does not confirm sandbox mode in get_media_buys response. ' +
+                                    'Include sandbox: true so buyers can verify the agent honored dry_run mode.',
+                            });
+                        }
+                        checkedValidActions = true;
+                    }
+                    catch {
+                        // not always JSON
+                    }
+                    break;
+                }
+            }
+        }
+        // Check for confirmed_at and revision in create_media_buy responses (first match only)
+        let checkedCreateLifecycle = false;
+        for (const result of results) {
+            if (checkedCreateLifecycle)
+                break;
+            for (const step of result.steps ?? []) {
+                if (step.task === 'create_media_buy' && step.response_preview) {
+                    try {
+                        const preview = JSON.parse(step.response_preview);
+                        if (preview.confirmed_at === undefined || preview.confirmed_at === null) {
+                            observations.push({
+                                category: 'best_practice',
+                                severity: 'warning',
+                                track,
+                                message: 'Agent does not return confirmed_at in create_media_buy response. ' +
+                                    'A successful response constitutes order confirmation — confirmed_at provides an auditable timestamp for dispute resolution.',
+                            });
+                        }
+                        if (preview.revision === undefined || preview.revision === null) {
+                            observations.push({
+                                category: 'best_practice',
+                                severity: 'suggestion',
+                                track,
+                                message: 'Agent does not return revision in create_media_buy response. ' +
+                                    'Revision numbers enable optimistic concurrency for safe concurrent updates.',
                             });
                         }
+                        checkedCreateLifecycle = true;
+                    }
+                    catch {
+                        // not always JSON
+                    }
+                    break;
+                }
+            }
+        }
+        // Check for history support in get_media_buys responses (first match only)
+        let checkedHistory = false;
+        for (const result of results) {
+            if (checkedHistory)
+                break;
+            for (const step of result.steps ?? []) {
+                if (step.task === 'get_media_buys' && step.response_preview) {
+                    try {
+                        const preview = JSON.parse(step.response_preview);
+                        if (preview.history_entries !== undefined && preview.history_entries === 0) {
+                            observations.push({
+                                category: 'best_practice',
+                                severity: 'suggestion',
+                                track,
+                                message: 'Agent does not return revision history when include_history is requested. ' +
+                                    'History enables audit trails and helps buyers understand what changed.',
+                            });
+                        }
+                        checkedHistory = true;
+                    }
+                    catch {
+                        // not always JSON
+                    }
+                    break;
+                }
+            }
+        }
+        // Check canceled_by validation on canceled media buys (first match only)
+        let checkedCancellation = false;
+        for (const result of results) {
+            if (checkedCancellation)
+                break;
+            for (const step of result.steps ?? []) {
+                if (step.task === 'update_media_buy' && step.response_preview) {
+                    try {
+                        const preview = JSON.parse(step.response_preview);
+                        if (preview.status === 'canceled') {
+                            if (!preview.canceled_by) {
+                                observations.push({
+                                    category: 'completeness',
+                                    severity: 'warning',
+                                    track,
+                                    message: 'Agent transitions to canceled status but does not include canceled_by field. ' +
+                                        'Buyers need to distinguish buyer-initiated from seller-initiated cancellations.',
+                                });
+                            }
+                            checkedCancellation = true;
+                        }
                     }
                     catch {
                         // not always JSON
@@ -322,6 +470,34 @@ function collectObservations(track, results, profile) {
             }
         }
     }
+    // Campaign governance track observations
+    if (track === 'campaign_governance') {
+        let anyCheckMissingContext = false;
+        for (const result of results) {
+            for (const step of result.steps ?? []) {
+                if (step.task === 'check_governance' && step.passed && step.response_preview) {
+                    try {
+                        const preview = JSON.parse(step.response_preview);
+                        if (!preview.governance_context || preview.governance_context === '(absent)') {
+                            anyCheckMissingContext = true;
+                        }
+                    }
+                    catch {
+                        // not always JSON
+                    }
+                }
+            }
+        }
+        if (anyCheckMissingContext) {
+            observations.push({
+                category: 'best_practice',
+                severity: 'warning',
+                track,
+                message: 'Governance agent did not return governance_context on check_governance response. ' +
+                    'Without it, sellers cannot maintain governance continuity across the media buy lifecycle.',
+            });
+        }
+    }
     // Check for slow responses
     for (const result of results) {
         for (const step of result.steps ?? []) {
@@ -352,196 +528,253 @@ async function comply(agentUrl, options = {}) {
 }
 async function complyImpl(agentUrl, options) {
     const start = Date.now();
-    const { tracks: trackFilter, platform_type, ...testOptions } = options;
+    const { tracks: trackFilter, platform_type, timeout_ms, signal: externalSignal, ...testOptions } = options;
     const platformProfile = platform_type ? (0, profiles_1.getPlatformProfile)(platform_type) : undefined;
-    const effectiveOptions = {
-        ...testOptions,
-        dry_run: testOptions.dry_run !== false,
-        test_session_id: testOptions.test_session_id || `comply-${Date.now()}`,
-    };
-    // Discover agent capabilities first
-    const client = (0, client_1.createTestClient)(agentUrl, effectiveOptions.protocol ?? 'mcp', effectiveOptions);
-    const { profile, step: profileStep } = await (0, client_1.discoverAgentProfile)(client);
-    if (!profileStep.passed) {
-        const errorMsg = profileStep.error || 'Unknown error';
-        const observations = [];
-        // Check for auth errors — either explicit 401/Unauthorized or MCP SDK's generic
-        // "Failed to discover" which often wraps a 401
-        const isExplicitAuthError = errorMsg.includes('401') ||
-            errorMsg.includes('Unauthorized') ||
-            errorMsg.includes('unauthorized') ||
-            errorMsg.includes('authentication') ||
-            errorMsg.includes('JWS') ||
-            errorMsg.includes('JWT') ||
-            errorMsg.includes('signature verification');
-        // When MCP SDK wraps the error, probe the endpoint directly
-        let isAuthError = isExplicitAuthError;
-        if (!isAuthError && errorMsg.includes('Failed to discover')) {
-            try {
-                const probe = await fetch(agentUrl, { method: 'POST', headers: { 'Content-Type': 'application/json' } });
-                if (probe.status === 401 || probe.status === 403) {
-                    isAuthError = true;
+    // Validate timeout_ms
+    if (timeout_ms !== undefined) {
+        if (typeof timeout_ms !== 'number' || !Number.isFinite(timeout_ms) || timeout_ms <= 0) {
+            throw new TypeError(`timeout_ms must be a positive finite number, got: ${timeout_ms}`);
+        }
+    }
+    // Build a combined AbortSignal from timeout_ms and/or external signal
+    const needsAbort = timeout_ms !== undefined || externalSignal !== undefined;
+    const abortController = needsAbort ? new AbortController() : undefined;
+    let timeoutId;
+    const onExternalAbort = externalSignal ? () => abortController.abort(externalSignal.reason) : undefined;
+    if (timeout_ms !== undefined && abortController) {
+        timeoutId = setTimeout(() => abortController.abort(new Error(`comply() timed out after ${timeout_ms}ms`)), timeout_ms);
+    }
+    if (externalSignal && abortController) {
+        if (externalSignal.aborted) {
+            abortController.abort(externalSignal.reason);
+        }
+        else {
+            externalSignal.addEventListener('abort', onExternalAbort, { once: true });
+        }
+    }
+    const signal = abortController?.signal;
+    try {
+        const effectiveOptions = {
+            ...testOptions,
+            dry_run: testOptions.dry_run !== false,
+            test_session_id: testOptions.test_session_id || `comply-${Date.now()}`,
+        };
+        // Check for abort before starting
+        signal?.throwIfAborted();
+        // Discover agent capabilities once and share across all scenarios
+        const client = (0, client_1.createTestClient)(agentUrl, effectiveOptions.protocol ?? 'mcp', effectiveOptions);
+        const { profile, step: profileStep } = await (0, client_1.discoverAgentProfile)(client);
+        effectiveOptions._client = client;
+        effectiveOptions._profile = profile;
+        // Detect test controller for deterministic mode
+        let controllerDetection = { detected: false };
+        if (profileStep.passed && (0, test_controller_1.hasTestController)(profile)) {
+            controllerDetection = await (0, test_controller_1.detectController)(client, profile, effectiveOptions);
+            if (controllerDetection.detected) {
+                effectiveOptions._controllerCapabilities = controllerDetection;
+            }
+        }
+        if (!profileStep.passed) {
+            const errorMsg = profileStep.error || 'Unknown error';
+            const observations = [];
+            // Check for auth errors — either explicit 401/Unauthorized or MCP SDK's generic
+            // "Failed to discover" which often wraps a 401
+            const isExplicitAuthError = errorMsg.includes('401') ||
+                errorMsg.includes('Unauthorized') ||
+                errorMsg.includes('unauthorized') ||
+                errorMsg.includes('authentication') ||
+                errorMsg.includes('JWS') ||
+                errorMsg.includes('JWT') ||
+                errorMsg.includes('signature verification');
+            // When MCP SDK wraps the error, probe the endpoint directly
+            let isAuthError = isExplicitAuthError;
+            if (!isAuthError && errorMsg.includes('Failed to discover')) {
+                try {
+                    const probe = await fetch(agentUrl, {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        signal,
+                    });
+                    if (probe.status === 401 || probe.status === 403) {
+                        isAuthError = true;
+                    }
+                }
+                catch {
+                    // Network error — not an auth issue
                 }
             }
-            catch {
-                // Network error — not an auth issue
+            const headline = isAuthError ? `Authentication required` : `Agent unreachable — ${errorMsg}`;
+            if (isAuthError) {
+                // Check if agent supports OAuth
+                const { discoverOAuthMetadata } = await Promise.resolve().then(() => __importStar(require('../../auth/oauth/discovery')));
+                const oauthMeta = await discoverOAuthMetadata(agentUrl);
+                if (oauthMeta) {
+                    observations.push({
+                        category: 'auth',
+                        severity: 'error',
+                        message: `Agent requires OAuth (issuer: ${oauthMeta.issuer || 'unknown'}). Save credentials: adcp --save-auth <alias> ${agentUrl} --oauth`,
+                    });
+                }
+                else {
+                    observations.push({
+                        category: 'auth',
+                        severity: 'error',
+                        message: 'Agent returned 401. Check your --auth token.',
+                    });
+                }
             }
+            return {
+                agent_url: agentUrl,
+                agent_profile: profile,
+                tracks: [],
+                summary: {
+                    tracks_passed: 0,
+                    tracks_failed: 0,
+                    tracks_skipped: 0,
+                    tracks_partial: 0,
+                    tracks_expected: 0,
+                    headline,
+                },
+                observations,
+                tested_at: new Date().toISOString(),
+                total_duration_ms: Date.now() - start,
+                dry_run: effectiveOptions.dry_run !== false,
+            };
         }
-        const headline = isAuthError ? `Authentication required` : `Agent unreachable — ${errorMsg}`;
-        if (isAuthError) {
-            // Check if agent supports OAuth
-            const { discoverOAuthMetadata } = await Promise.resolve().then(() => __importStar(require('../../auth/oauth/discovery')));
-            const oauthMeta = await discoverOAuthMetadata(agentUrl);
-            if (oauthMeta) {
-                observations.push({
-                    category: 'auth',
-                    severity: 'error',
-                    message: `Agent requires OAuth (issuer: ${oauthMeta.issuer || 'unknown'}). Save credentials: adcp --save-auth <alias> ${agentUrl} --oauth`,
+        const tracksToRun = trackFilter ?? TRACK_ORDER;
+        const trackResults = [];
+        const allObservations = [];
+        for (const track of tracksToRun) {
+            // Check for abort between tracks
+            signal?.throwIfAborted();
+            const def = TRACK_DEFINITIONS[track];
+            if (!def)
+                continue;
+            if (!isTrackApplicable(track, profile.tools)) {
+                const isExpected = track !== 'core' && (platformProfile?.expected_tracks.includes(track) ?? false);
+                trackResults.push({
+                    track,
+                    status: isExpected ? 'expected' : 'skip',
+                    label: def.label,
+                    scenarios: [],
+                    skipped_scenarios: def.scenarios,
+                    observations: [],
+                    duration_ms: 0,
                 });
+                continue;
             }
-            else {
-                observations.push({
-                    category: 'auth',
-                    severity: 'error',
-                    message: 'Agent returned 401. Check your --auth token.',
+            const trackStart = Date.now();
+            const applicable = (0, orchestrator_1.getApplicableScenarios)(profile.tools, def.scenarios);
+            const skipped = def.scenarios.filter(s => !applicable.includes(s));
+            // Track is relevant (agent has some related tools) but no scenarios match
+            // the specific tool combinations. Report as pass with an observation.
+            if (applicable.length === 0) {
+                const relevantTools = TRACK_RELEVANCE[track].filter(t => profile.tools.includes(t));
+                const observations = [
+                    {
+                        category: 'completeness',
+                        severity: 'info',
+                        track,
+                        message: `Agent has ${relevantTools.join(', ')} but no test scenarios cover this tool combination. ` +
+                            `Compliance tests exist for: ${def.scenarios.join(', ')}.`,
+                        evidence: { tools_present: relevantTools, scenarios_available: def.scenarios },
+                    },
+                ];
+                allObservations.push(...observations);
+                trackResults.push({
+                    track,
+                    status: 'pass',
+                    label: def.label,
+                    scenarios: [],
+                    skipped_scenarios: skipped,
+                    observations,
+                    duration_ms: Date.now() - trackStart,
                 });
+                continue;
             }
-        }
-        return {
-            agent_url: agentUrl,
-            agent_profile: profile,
-            tracks: [],
-            summary: {
-                tracks_passed: 0,
-                tracks_failed: 0,
-                tracks_skipped: 0,
-                tracks_partial: 0,
-                tracks_expected: 0,
-                headline,
-            },
-            observations,
-            tested_at: new Date().toISOString(),
-            total_duration_ms: Date.now() - start,
-            dry_run: effectiveOptions.dry_run !== false,
-        };
-    }
-    const tracksToRun = trackFilter ?? TRACK_ORDER;
-    const trackResults = [];
-    const allObservations = [];
-    for (const track of tracksToRun) {
-        const def = TRACK_DEFINITIONS[track];
-        if (!def)
-            continue;
-        if (!isTrackApplicable(track, profile.tools)) {
-            const isExpected = track !== 'core' && (platformProfile?.expected_tracks.includes(track) ?? false);
-            trackResults.push({
-                track,
-                status: isExpected ? 'expected' : 'skip',
-                label: def.label,
-                scenarios: [],
-                skipped_scenarios: def.scenarios,
-                observations: [],
-                duration_ms: 0,
-            });
-            continue;
-        }
-        const trackStart = Date.now();
-        const applicable = (0, orchestrator_1.getApplicableScenarios)(profile.tools, def.scenarios);
-        const skipped = def.scenarios.filter(s => !applicable.includes(s));
-        // Track is relevant (agent has some related tools) but no scenarios match
-        // the specific tool combinations. Report as pass with an observation.
-        if (applicable.length === 0) {
-            const relevantTools = TRACK_RELEVANCE[track].filter(t => profile.tools.includes(t));
-            const observations = [
-                {
-                    category: 'completeness',
+            // Run each applicable scenario for this track
+            const results = [];
+            for (const scenario of applicable) {
+                // Check for abort between scenarios
+                signal?.throwIfAborted();
+                const result = await (0, agent_tester_1.testAgent)(agentUrl, scenario, effectiveOptions);
+                results.push(result);
+            }
+            const observations = collectObservations(track, results, profile);
+            // Detect auth-only failures when running without auth
+            const hasAuth = !!effectiveOptions.auth;
+            const authSkippedScenarios = !hasAuth ? results.filter(r => isAuthOnlyFailure(r)).map(r => r.scenario) : [];
+            if (authSkippedScenarios.length > 0) {
+                observations.push({
+                    category: 'auth',
                     severity: 'info',
                     track,
-                    message: `Agent has ${relevantTools.join(', ')} but no test scenarios cover this tool combination. ` +
-                        `Compliance tests exist for: ${def.scenarios.join(', ')}.`,
-                    evidence: { tools_present: relevantTools, scenarios_available: def.scenarios },
-                },
-            ];
+                    message: `${authSkippedScenarios.length} scenario(s) require authentication: ${authSkippedScenarios.join(', ')}. ` +
+                        `Re-run with --auth to test.`,
+                    evidence: { scenarios: authSkippedScenarios },
+                });
+            }
             allObservations.push(...observations);
+            const status = computeTrackStatus(results, skipped.length, hasAuth);
+            const hasDeterministicScenario = applicable.some(s => s.startsWith('deterministic_') || s === 'controller_validation');
+            const mode = hasDeterministicScenario ? 'deterministic' : 'observational';
             trackResults.push({
                 track,
-                status: 'pass',
+                status,
                 label: def.label,
-                scenarios: [],
+                scenarios: results,
                 skipped_scenarios: skipped,
                 observations,
                 duration_ms: Date.now() - trackStart,
+                mode,
             });
-            continue;
-        }
-        // Run each applicable scenario for this track
-        const results = [];
-        for (const scenario of applicable) {
-            const result = await (0, agent_tester_1.testAgent)(agentUrl, scenario, effectiveOptions);
-            results.push(result);
         }
-        const observations = collectObservations(track, results, profile);
-        // Detect auth-only failures when running without auth
-        const hasAuth = !!effectiveOptions.auth;
-        const authSkippedScenarios = !hasAuth ? results.filter(r => isAuthOnlyFailure(r)).map(r => r.scenario) : [];
-        if (authSkippedScenarios.length > 0) {
-            observations.push({
-                category: 'auth',
-                severity: 'info',
-                track,
-                message: `${authSkippedScenarios.length} scenario(s) require authentication: ${authSkippedScenarios.join(', ')}. ` +
-                    `Re-run with --auth to test.`,
-                evidence: { scenarios: authSkippedScenarios },
-            });
+        // Build platform coherence result if platform type was declared
+        let platformCoherence;
+        if (platformProfile) {
+            const findings = platformProfile.checkCoherence(profile);
+            const missingTracks = platformProfile.expected_tracks.filter(t => !isTrackApplicable(t, profile.tools) && t !== 'core');
+            // Add coherence findings as observations
+            for (const finding of findings) {
+                allObservations.push({
+                    category: 'coherence',
+                    severity: finding.severity,
+                    message: `${finding.expected} — ${finding.actual}. ${finding.guidance}`,
+                    evidence: { platform_type: platformProfile.type },
+                });
+            }
+            platformCoherence = {
+                platform_type: platformProfile.type,
+                label: platformProfile.label,
+                expected_tracks: platformProfile.expected_tracks,
+                missing_tracks: missingTracks,
+                findings,
+                coherent: findings.filter(f => f.severity === 'error' || f.severity === 'warning').length === 0 &&
+                    missingTracks.length === 0,
+            };
         }
-        allObservations.push(...observations);
-        const status = computeTrackStatus(results, skipped.length, hasAuth);
-        trackResults.push({
-            track,
-            status,
-            label: def.label,
-            scenarios: results,
-            skipped_scenarios: skipped,
-            observations,
-            duration_ms: Date.now() - trackStart,
-        });
+        const summary = buildSummary(trackResults);
+        return {
+            agent_url: agentUrl,
+            agent_profile: profile,
+            tracks: trackResults,
+            summary,
+            observations: allObservations,
+            platform_coherence: platformCoherence,
+            controller_detected: controllerDetection.detected,
+            controller_scenarios: controllerDetection.detected ? controllerDetection.scenarios : undefined,
+            tested_at: new Date().toISOString(),
+            total_duration_ms: Date.now() - start,
+            dry_run: effectiveOptions.dry_run !== false,
+        };
     }
-    // Build platform coherence result if platform type was declared
-    let platformCoherence;
-    if (platformProfile) {
-        const findings = platformProfile.checkCoherence(profile);
-        const missingTracks = platformProfile.expected_tracks.filter(t => !isTrackApplicable(t, profile.tools) && t !== 'core');
-        // Add coherence findings as observations
-        for (const finding of findings) {
-            allObservations.push({
-                category: 'coherence',
-                severity: finding.severity,
-                message: `${finding.expected} — ${finding.actual}. ${finding.guidance}`,
-                evidence: { platform_type: platformProfile.type },
-            });
+    finally {
+        if (timeoutId !== undefined)
+            clearTimeout(timeoutId);
+        if (onExternalAbort && externalSignal) {
+            externalSignal.removeEventListener('abort', onExternalAbort);
         }
-        platformCoherence = {
-            platform_type: platformProfile.type,
-            label: platformProfile.label,
-            expected_tracks: platformProfile.expected_tracks,
-            missing_tracks: missingTracks,
-            findings,
-            coherent: findings.filter(f => f.severity === 'error' || f.severity === 'warning').length === 0 &&
-                missingTracks.length === 0,
-        };
     }
-    const summary = buildSummary(trackResults);
-    return {
-        agent_url: agentUrl,
-        agent_profile: profile,
-        tracks: trackResults,
-        summary,
-        observations: allObservations,
-        platform_coherence: platformCoherence,
-        tested_at: new Date().toISOString(),
-        total_duration_ms: Date.now() - start,
-        dry_run: effectiveOptions.dry_run !== false,
-    };
 }
 function buildSummary(tracks) {
     const passed = tracks.filter(t => t.status === 'pass').length;