@amodalai/runtime 0.1.26 → 0.2.0

package/dist/src/routes/session-resolver.test.js

@@ -0,0 +1,206 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { resolveBundle, resolveSession } from './session-resolver.js';
+import { SessionError } from '../errors.js';
+// ---------------------------------------------------------------------------
+// Mock buildSessionComponents — we test the resolver, not the builder
+// ---------------------------------------------------------------------------
+const mockBuildSessionComponents = vi.fn();
+vi.mock('../session/session-builder.js', () => ({
+    buildSessionComponents: (...args) => mockBuildSessionComponents(...args),
+}));
+// ---------------------------------------------------------------------------
+// Fixtures
+// ---------------------------------------------------------------------------
+function stubBundle(name = 'test-agent') {
+    return {
+        config: { name, models: { main: { provider: 'test', model: 'test-model' } } },
+        connections: new Map(),
+        resolvedCredentials: {},
+        stores: [],
+        skills: [],
+        knowledge: [],
+        tools: [],
+        agents: { main: undefined },
+    };
+}
+function stubComponents() {
+    const factory = vi.fn();
+    return {
+        provider: { model: 'test-model', provider: 'test' },
+        toolRegistry: { size: 0 },
+        permissionChecker: { check: () => ({ allowed: true }) },
+        systemPrompt: 'test prompt',
+        toolContextFactory: factory,
+        userRoles: [],
+    };
+}
+function stubSession(id, hasFactory = true) {
+    return {
+        id,
+        tenantId: 'tenant-1',
+        userId: 'user-1',
+        model: 'test-model',
+        providerName: 'test',
+        toolContextFactory: hasFactory ? vi.fn() : undefined,
+    };
+}
+function stubSessionManager(overrides = {}) {
+    return {
+        get: vi.fn(),
+        resume: vi.fn(),
+        create: vi.fn(),
+        ...overrides,
+    };
+}
+function stubShared() {
+    return {
+        storeBackend: null,
+        mcpManager: null,
+        logger: { info: vi.fn(), warn: vi.fn(), debug: vi.fn(), error: vi.fn(), fatal: vi.fn(), child: vi.fn() },
+    };
+}
+// ---------------------------------------------------------------------------
+// resolveBundle
+// ---------------------------------------------------------------------------
+describe('resolveBundle', () => {
+    it('returns static bundle when no deployId', async () => {
+        const bundle = stubBundle();
+        const result = await resolveBundle({ staticBundle: bundle });
+        expect(result).toBe(bundle);
+    });
+    it('returns null when no bundle available', async () => {
+        const result = await resolveBundle({});
+        expect(result).toBeNull();
+    });
+    it('calls bundleProvider when deployId is provided', async () => {
+        const bundle = stubBundle();
+        const provider = vi.fn().mockResolvedValue(bundle);
+        const result = await resolveBundle({ bundleProvider: provider }, 'deploy-1', 'token-abc');
+        expect(provider).toHaveBeenCalledWith('deploy-1', 'token-abc');
+        expect(result).toBe(bundle);
+    });
+    it('falls back to static bundle when no deployId even if bundleProvider exists', async () => {
+        const staticBundle = stubBundle('static');
+        const provider = vi.fn();
+        const result = await resolveBundle({ staticBundle, bundleProvider: provider });
+        expect(provider).not.toHaveBeenCalled();
+        expect(result).toBe(staticBundle);
+    });
+});
+// ---------------------------------------------------------------------------
+// resolveSession
+// ---------------------------------------------------------------------------
+describe('resolveSession', () => {
+    beforeEach(() => {
+        vi.clearAllMocks();
+        mockBuildSessionComponents.mockReturnValue(stubComponents());
+    });
+    it('returns in-memory session with cached factory (no rebuild)', async () => {
+        const session = stubSession('sess-1');
+        const mgr = stubSessionManager({ get: vi.fn().mockReturnValue(session) });
+        const result = await resolveSession('sess-1', {
+            sessionManager: mgr,
+            bundleResolver: { staticBundle: stubBundle() },
+            shared: stubShared(),
+        });
+        expect(result.session).toBe(session);
+        expect(result.toolContextFactory).toBe(session.toolContextFactory);
+        expect(mockBuildSessionComponents).not.toHaveBeenCalled();
+    });
+    it('resumes from store when not in memory', async () => {
+        const resumed = stubSession('sess-2');
+        const mgr = stubSessionManager({
+            get: vi.fn().mockReturnValue(undefined),
+            resume: vi.fn().mockResolvedValue(resumed),
+        });
+        const result = await resolveSession('sess-2', {
+            sessionManager: mgr,
+            bundleResolver: { staticBundle: stubBundle() },
+            shared: stubShared(),
+        });
+        expect(result.session).toBe(resumed);
+        expect(mockBuildSessionComponents).toHaveBeenCalledOnce();
+        expect(mgr.resume).toHaveBeenCalledWith('sess-2', expect.objectContaining({ tenantId: expect.any(String) }));
+    });
+    it('creates new session when session_id not found', async () => {
+        const created = stubSession('sess-3');
+        const mgr = stubSessionManager({
+            get: vi.fn().mockReturnValue(undefined),
+            resume: vi.fn().mockResolvedValue(null),
+            create: vi.fn().mockReturnValue(created),
+        });
+        const result = await resolveSession('sess-not-found', {
+            sessionManager: mgr,
+            bundleResolver: { staticBundle: stubBundle() },
+            shared: stubShared(),
+        });
+        expect(result.session).toBe(created);
+        expect(mgr.create).toHaveBeenCalledOnce();
+    });
+    it('creates new session when no session_id provided', async () => {
+        const created = stubSession('sess-new');
+        const mgr = stubSessionManager({
+            create: vi.fn().mockReturnValue(created),
+        });
+        const result = await resolveSession(undefined, {
+            sessionManager: mgr,
+            bundleResolver: { staticBundle: stubBundle() },
+            shared: stubShared(),
+        });
+        expect(result.session).toBe(created);
+        expect(mgr.get).not.toHaveBeenCalled();
+    });
+    it('throws SessionError when no bundle available', async () => {
+        const mgr = stubSessionManager();
+        await expect(resolveSession(undefined, {
+            sessionManager: mgr,
+            bundleResolver: {},
+            shared: stubShared(),
+        })).rejects.toThrow(SessionError);
+    });
+    it('passes userRoles from role option', async () => {
+        const created = stubSession('sess-roles');
+        const mgr = stubSessionManager({
+            create: vi.fn().mockReturnValue(created),
+        });
+        await resolveSession(undefined, {
+            sessionManager: mgr,
+            bundleResolver: { staticBundle: stubBundle() },
+            shared: stubShared(),
+            role: 'analyst',
+        });
+        expect(mockBuildSessionComponents).toHaveBeenCalledWith(expect.objectContaining({ userRoles: ['analyst'] }));
+    });
+    it('passes auth context for tenantId and userId', async () => {
+        const created = stubSession('sess-auth');
+        const mgr = stubSessionManager({
+            create: vi.fn().mockReturnValue(created),
+        });
+        await resolveSession(undefined, {
+            sessionManager: mgr,
+            bundleResolver: { staticBundle: stubBundle() },
+            shared: stubShared(),
+            auth: { orgId: 'org-42', applicationId: 'app-1', authMethod: 'api_key', actor: 'user-99' },
+        });
+        expect(mgr.create).toHaveBeenCalledWith(expect.objectContaining({ tenantId: 'org-42', userId: 'user-99' }));
+    });
+    it('stores toolContextFactory on created session via CreateSessionOptions', async () => {
+        const created = stubSession('sess-factory');
+        const mockCreate = vi.fn().mockReturnValue(created);
+        const mgr = stubSessionManager({ create: mockCreate });
+        await resolveSession(undefined, {
+            sessionManager: mgr,
+            bundleResolver: { staticBundle: stubBundle() },
+            shared: stubShared(),
+        });
+        const createArg = mockCreate.mock.calls[0][0];
+        expect(createArg['toolContextFactory']).toBeDefined();
+        expect(typeof createArg['toolContextFactory']).toBe('function');
+    });
+});
+//# sourceMappingURL=session-resolver.test.js.map

package/dist/src/routes/session-resolver.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-resolver.test.js","sourceRoot":"","sources":["../../../src/routes/session-resolver.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAC,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAC,MAAM,QAAQ,CAAC;AAC5D,OAAO,EAAC,aAAa,EAAE,cAAc,EAAC,MAAM,uBAAuB,CAAC;AAKpE,OAAO,EAAC,YAAY,EAAC,MAAM,cAAc,CAAC;AAE1C,8EAA8E;AAC9E,sEAAsE;AACtE,8EAA8E;AAE9E,MAAM,0BAA0B,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;AAC3C,EAAE,CAAC,IAAI,CAAC,+BAA+B,EAAE,GAAG,EAAE,CAAC,CAAC;IAC9C,sBAAsB,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC;CACpF,CAAC,CAAC,CAAC;AAEJ,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,SAAS,UAAU,CAAC,IAAI,GAAG,YAAY;IACrC,OAAO;QACL,MAAM,EAAE,EAAC,IAAI,EAAE,MAAM,EAAE,EAAC,IAAI,EAAE,EAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAC,EAAC,EAA0B;QAChG,WAAW,EAAE,IAAI,GAAG,EAAE;QACtB,mBAAmB,EAAE,EAAE;QACvB,MAAM,EAAE,EAAE;QACV,MAAM,EAAE,EAAE;QACV,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,EAAE;QACT,MAAM,EAAE,EAAC,IAAI,EAAE,SAAS,EAAC;KACA,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,OAAO,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;IACxB,OAAO;QACL,QAAQ,EAAE,EAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAC;QACjD,YAAY,EAAE,EAAC,IAAI,EAAE,CAAC,EAAC;QACvB,iBAAiB,EAAE,EAAC,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAC,OAAO,EAAE,IAAa,EAAC,CAAC,EAAC;QAC5D,YAAY,EAAE,aAAa;QAC3B,kBAAkB,EAAE,OAAO;QAC3B,SAAS,EAAE,EAAE;KACd,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,EAAU,EAAE,UAAU,GAAG,IAAI;IAChD,OAAO;QACL,EAAE;QACF,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE,YAAY;QACnB,YAAY,EAAE,MAAM;QACpB,kBAAkB,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS;KAC/B,CAAC;AAC1B,CAAC;AAED,SAAS,kBAAkB,CAAC,YAA8C,EAAE;IAC1E,OAAO;QACL,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE;QACZ,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;QACf,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;QACf,GAAG,SAAS;KAC0B,CAAC;AAC3C,CAAC;AAED,SAAS,UAAU;IACjB,OAAO;QACL,YAAY,EAAE,IAAI;QAClB,UAAU,EAAE,IAAI;QAChB,MAAM,EAAE,EAAC,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,EAAyC;KAC/I,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,EAAC,YAAY,EAAE,MAAM,EAAC,CAAC,CAAC;QAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,EAAC,cAAc,EAAE,QAAQ,EAAC,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QACxF,MAAM,CAAC,QAAQ,CAAC,CAAC,oBAAoB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4EAA4E,EAAE,KAAK,IAAI,EAAE;QAC1F,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,EAAC,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAC,CAAC,CAAC;QAC7E,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,0BAA0B,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;QAC1E,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,kBAAkB,CAAC,EAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC,EAAC,CAAC,CAAC;QAExE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE;YAC5C,cAAc,EAAE,GAAG;YACnB,cAAc,EAAE,EAAC,YAAY,EAAE,UAAU,EAAE,EAAC;YAC5C,MAAM,EAAE,UAAU,EAAE;SACrB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACnE,MAAM,CAAC,0BAA0B,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,kBAAkB,CAAC;YAC7B,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,SAAS,CAAC;YACvC,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC;SAC3C,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE;YAC5C,cAAc,EAAE,GAAG;YACnB,cAAc,EAAE,EAAC,YAAY,EAAE,UAAU,EAAE,EAAC;YAC5C,MAAM,EAAE,UAAU,EAAE;SACrB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,0BAA0B,CAAC,CAAC,oBAAoB,EAAE,CAAC;QAC1D,MAAM,CAAE,GAAG,CAAC,MAAmC,CAAC,CAAC,oBAAoB,CACnE,QAAQ,EACR,MAAM,CAAC,gBAAgB,CAAC,EAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAC,CAAC,CACxD,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,kBAAkB,CAAC;YAC7B,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,SAAS,CAAC;YACvC,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC;YACvC,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;SACzC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,gBAAgB,EAAE;YACpD,cAAc,EAAE,GAAG;YACnB,cAAc,EAAE,EAAC,YAAY,EAAE,UAAU,EAAE,EAAC;YAC5C,MAAM,EAAE,UAAU,EAAE;SACrB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAE,GAAG,CAAC,MAAmC,CAAC,CAAC,oBAAoB,EAAE,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,kBAAkB,CAAC;YAC7B,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;SACzC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE;YAC7C,cAAc,EAAE,GAAG;YACnB,cAAc,EAAE,EAAC,YAAY,EAAE,UAAU,EAAE,EAAC;YAC5C,MAAM,EAAE,UAAU,EAAE;SACrB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAE,GAAG,CAAC,GAAgC,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,GAAG,GAAG,kBAAkB,EAAE,CAAC;QAEjC,MAAM,MAAM,CACV,cAAc,CAAC,SAAS,EAAE;YACxB,cAAc,EAAE,GAAG;YACnB,cAAc,EAAE,EAAE;YAClB,MAAM,EAAE,UAAU,EAAE;SACrB,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,OAAO,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,kBAAkB,CAAC;YAC7B,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;SACzC,CAAC,CAAC;QAEH,MAAM,cAAc,CAAC,SAAS,EAAE;YAC9B,cAAc,EAAE,GAAG;YACnB,cAAc,EAAE,EAAC,YAAY,EAAE,UAAU,EAAE,EAAC;YAC5C,MAAM,EAAE,UAAU,EAAE;YACpB,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,MAAM,CAAC,0BAA0B,CAAC,CAAC,oBAAoB,CACrD,MAAM,CAAC,gBAAgB,CAAC,EAAC,SAAS,EAAE,CAAC,SAAS,CAAC,EAAC,CAAC,CAClD,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,OAAO,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,kBAAkB,CAAC;YAC7B,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;SACzC,CAAC,CAAC;QAEH,MAAM,cAAc,CAAC,SAAS,EAAE;YAC9B,cAAc,EAAE,GAAG;YACnB,cAAc,EAAE,EAAC,YAAY,EAAE,UAAU,EAAE,EAAC;YAC5C,MAAM,EAAE,UAAU,EAAE;YACpB,IAAI,EAAE,EAAC,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAC;SACzF,CAAC,CAAC;QAEH,MAAM,CAAE,GAAG,CAAC,MAAmC,CAAC,CAAC,oBAAoB,CACnE,MAAM,CAAC,gBAAgB,CAAC,EAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAC,CAAC,CACjE,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,OAAO,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,kBAAkB,CAAC,EAAC,MAAM,EAAE,UAAU,EAAC,CAAC,CAAC;QAErD,MAAM,cAAc,CAAC,SAAS,EAAE;YAC9B,cAAc,EAAE,GAAG;YACnB,cAAc,EAAE,EAAC,YAAY,EAAE,UAAU,EAAE,EAAC;YAC5C,MAAM,EAAE,UAAU,EAAE;SACrB,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAA4B,CAAC;QACzE,MAAM,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACtD,MAAM,CAAC,OAAO,SAAS,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/routes/webhooks.d.ts

@@ -5,9 +5,11 @@
  */
 import { Router } from 'express';
 import type { AutomationDefinition } from '@amodalai/core';
-import type { AutomationRunnerFn } from '../cron/heartbeat-runner.js';
+import type { AutomationResult } from '../types.js';
+type AutomationRunnerFn = (automation: AutomationDefinition, payload?: Record<string, unknown>) => Promise<AutomationResult>;
 export interface WebhookRouterOptions {
     automations: AutomationDefinition[];
     runAutomation: AutomationRunnerFn;
 }
 export declare function createWebhookRouter(options: WebhookRouterOptions): Router;
+export {};

package/dist/src/routes/webhooks.js

@@ -4,9 +4,11 @@
  * SPDX-License-Identifier: MIT
  */
 import { Router } from 'express';
+import rateLimit from 'express-rate-limit';
 import { WebhookPayloadSchema } from '../types.js';
 import { validate } from '../middleware/request-validation.js';
 import { AppError } from '../middleware/error-handler.js';
+import { asyncHandler } from './route-helpers.js';
 export function createWebhookRouter(options) {
     const router = Router();
     // Build a lookup map: webhook source name → automation definition
@@ -16,9 +18,15 @@ export function createWebhookRouter(options) {
             webhookAutomations.set(a.name, a);
         }
     }
-    router.post('/webhooks/:name', validate(WebhookPayloadSchema), 
-    // eslint-disable-next-line @typescript-eslint/no-misused-promises -- TODO: wrap async route handler
-    async (req, res, next) => {
+    // Rate-limit inbound webhooks per IP so validation and automation
+    // dispatch can't be triggered unboundedly by an attacker.
+    const webhookLimiter = rateLimit({
+        windowMs: 60 * 1000,
+        max: 100,
+        standardHeaders: true,
+        legacyHeaders: false,
+    });
+    router.post('/webhooks/:name', webhookLimiter, validate(WebhookPayloadSchema), asyncHandler(async (req, res, next) => {
         try {
             const { name } = req.params;
             if (!name) {
@@ -39,7 +47,7 @@ export function createWebhookRouter(options) {
         catch (err) {
             next(err);
         }
-    });
+    }));
     return router;
 }
 //# sourceMappingURL=webhooks.js.map

package/dist/src/routes/webhooks.js.map

@@ -1 +1 @@
-{"version":3,"file":"webhooks.js","sourceRoot":"","sources":["../../../src/routes/webhooks.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,qCAAqC,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAQ1D,MAAM,UAAU,mBAAmB,CAAC,OAA6B;IAC/D,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,kEAAkE;IAClE,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAgC,CAAC;IACnE,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACjC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,MAAM,CAAC,IAAI,CACT,iBAAiB,EACjB,QAAQ,CAAC,oBAAoB,CAAC;IAC9B,oGAAoG;IACpG,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACvB,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;YAC5B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,QAAQ,CAAC,GAAG,EAAE,cAAc,EAAE,6BAA6B,CAAC,CAAC;YACzE,CAAC;YAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,QAAQ,CAChB,GAAG,EACH,sBAAsB,EACtB,gCAAgC,IAAI,GAAG,CACxC,CAAC;YACJ,CAAC;YAED,0DAA0D;YAC1D,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,KAAK,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAEhD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,QAAQ,EAAE,IAAI;gBACd,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"webhooks.js","sourceRoot":"","sources":["../../../src/routes/webhooks.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,SAAS,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,qCAAqC,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC1D,OAAO,EAAC,YAAY,EAAC,MAAM,oBAAoB,CAAC;AAUhD,MAAM,UAAU,mBAAmB,CAAC,OAA6B;IAC/D,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,kEAAkE;IAClE,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAgC,CAAC;IACnE,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACjC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,0DAA0D;IAC1D,MAAM,cAAc,GAAG,SAAS,CAAC;QAC/B,QAAQ,EAAE,EAAE,GAAG,IAAI;QACnB,GAAG,EAAE,GAAG;QACR,eAAe,EAAE,IAAI;QACrB,aAAa,EAAE,KAAK;KACrB,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CACT,iBAAiB,EACjB,cAAc,EACd,QAAQ,CAAC,oBAAoB,CAAC,EAC9B,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACpC,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;YAC5B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,QAAQ,CAAC,GAAG,EAAE,cAAc,EAAE,6BAA6B,CAAC,CAAC;YACzE,CAAC;YAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,QAAQ,CAChB,GAAG,EACH,sBAAsB,EACtB,gCAAgC,IAAI,GAAG,CACxC,CAAC;YACJ,CAAC;YAED,0DAA0D;YAC1D,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,KAAK,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAEhD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,QAAQ,EAAE,IAAI;gBACd,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/src/security/permission-checker.d.ts

@@ -0,0 +1,80 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+/**
+ * Permission checker interface for tool execution.
+ *
+ * Extracted from the request tool so that the same permission pipeline
+ * can be used by the agent loop (confirmation flow), egress proxy
+ * (Roadmap 5.1), async approval (Roadmap 5.3), and PII detection
+ * (Roadmap 5.2).
+ *
+ * The default implementation reads from access.json via ActionGate.
+ * Future implementations can add external policy services, audit
+ * logging, or rate limiting.
+ */
+import type { AccessConfig } from '@amodalai/types';
+/**
+ * Result of a permission check on a tool call.
+ */
+export type PermissionResult = {
+    allowed: true;
+    requiresConfirmation?: false;
+} | {
+    allowed: true;
+    requiresConfirmation: true;
+    reason: string;
+} | {
+    allowed: false;
+    reason: string;
+};
+/**
+ * Information about the tool call being checked.
+ */
+export interface PermissionCheckRequest {
+    /** The connection being accessed */
+    connection: string;
+    /** Endpoint path (e.g., "POST /articles") */
+    endpointPath: string;
+    /** Intent declared by the LLM */
+    intent: 'read' | 'write' | 'confirmed_write';
+    /** HTTP method */
+    method: string;
+    /** Request parameters (for threshold evaluation) */
+    params?: Record<string, unknown>;
+    /** Whether this is from a delegated/task agent */
+    isDelegated?: boolean;
+    /** Whether plan mode is active */
+    planModeActive?: boolean;
+    /** Whether the caller is read-only (task agents) */
+    readOnly?: boolean;
+}
+/**
+ * Interface for checking tool execution permissions.
+ *
+ * Implementations decide whether a tool call is allowed, requires
+ * confirmation, or is blocked. The request tool and agent loop both
+ * use this interface — the tool doesn't know how permissions are checked.
+ */
+export interface PermissionChecker {
+    check(request: PermissionCheckRequest): PermissionResult;
+}
+export interface AccessJsonPermissionCheckerConfig {
+    accessConfigs: Map<string, AccessConfig>;
+    isDelegated: boolean;
+}
+/**
+ * Permission checker that reads from access.json configuration.
+ *
+ * Wraps the existing ActionGate to evaluate confirmation tiers,
+ * thresholds, and delegation escalation. Adds the intent/method
+ * validation that was previously inline in the request tool.
+ */
+export declare class AccessJsonPermissionChecker implements PermissionChecker {
+    private readonly gate;
+    constructor(config: AccessJsonPermissionCheckerConfig);
+    check(request: PermissionCheckRequest): PermissionResult;
+    private gateDecisionToResult;
+}

package/dist/src/security/permission-checker.js

@@ -0,0 +1,75 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+import { ActionGate } from '@amodalai/core';
+/**
+ * Permission checker that reads from access.json configuration.
+ *
+ * Wraps the existing ActionGate to evaluate confirmation tiers,
+ * thresholds, and delegation escalation. Adds the intent/method
+ * validation that was previously inline in the request tool.
+ */
+export class AccessJsonPermissionChecker {
+    gate;
+    constructor(config) {
+        this.gate = new ActionGate({
+            accessConfigs: config.accessConfigs,
+            isDelegated: config.isDelegated,
+        });
+    }
+    check(request) {
+        const { method, intent, endpointPath, connection, params, readOnly, planModeActive } = request;
+        const isMutating = ['POST', 'PUT', 'PATCH', 'DELETE'].includes(method.toUpperCase());
+        // Block writes in read-only mode (task agents)
+        if (readOnly && isMutating) {
+            return { allowed: false, reason: 'Write operations are not allowed in read-only mode' };
+        }
+        // Block writes in plan mode
+        if (planModeActive && isMutating && intent !== 'read') {
+            return { allowed: false, reason: 'Write operations are blocked in plan mode. Present your plan for approval first.' };
+        }
+        // Enforce write intent for mutating methods
+        if (isMutating && intent === 'read') {
+            return {
+                allowed: false,
+                reason: `${method.toUpperCase()} requires intent "write" or "confirmed_write", not "read"`,
+            };
+        }
+        // For read-only operations, allow without gate check
+        if (!isMutating) {
+            return { allowed: true };
+        }
+        // Evaluate action gate for write operations
+        const gateResult = this.gate.evaluate(endpointPath, connection, params);
+        return this.gateDecisionToResult(gateResult.decision, gateResult.reason);
+    }
+    gateDecisionToResult(decision, reason) {
+        switch (decision) {
+            case 'allow':
+                return { allowed: true };
+            case 'confirm':
+                return {
+                    allowed: true,
+                    requiresConfirmation: true,
+                    reason: reason ?? 'This operation requires confirmation',
+                };
+            case 'review':
+                return {
+                    allowed: false,
+                    reason: reason ?? 'This operation requires human review and cannot be executed by the agent',
+                };
+            case 'never':
+                return {
+                    allowed: false,
+                    reason: reason ?? 'This operation is not allowed',
+                };
+            default: {
+                const _exhaustive = decision;
+                return { allowed: false, reason: `Unknown gate decision: ${String(_exhaustive)}` };
+            }
+        }
+    }
+}
+//# sourceMappingURL=permission-checker.js.map

package/dist/src/security/permission-checker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-checker.js","sourceRoot":"","sources":["../../../src/security/permission-checker.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgBH,OAAO,EAAC,UAAU,EAAC,MAAM,gBAAgB,CAAC;AA6D1C;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IACrB,IAAI,CAAa;IAElC,YAAY,MAAyC;QACnD,IAAI,CAAC,IAAI,GAAG,IAAI,UAAU,CAAC;YACzB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,WAAW,EAAE,MAAM,CAAC,WAAW;SAChC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAA+B;QACnC,MAAM,EAAC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAC,GAAG,OAAO,CAAC;QAC7F,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QAErF,+CAA+C;QAC/C,IAAI,QAAQ,IAAI,UAAU,EAAE,CAAC;YAC3B,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,oDAAoD,EAAC,CAAC;QACxF,CAAC;QAED,4BAA4B;QAC5B,IAAI,cAAc,IAAI,UAAU,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtD,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,kFAAkF,EAAC,CAAC;QACtH,CAAC;QAED,4CAA4C;QAC5C,IAAI,UAAU,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,EAAE,2DAA2D;aAC3F,CAAC;QACJ,CAAC;QAED,qDAAqD;QACrD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAC,OAAO,EAAE,IAAI,EAAC,CAAC;QACzB,CAAC;QAED,4CAA4C;QAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAExE,OAAO,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IAC3E,CAAC;IAEO,oBAAoB,CAAC,QAAsB,EAAE,MAAe;QAClE,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,OAAO;gBACV,OAAO,EAAC,OAAO,EAAE,IAAI,EAAC,CAAC;YACzB,KAAK,SAAS;gBACZ,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,oBAAoB,EAAE,IAAI;oBAC1B,MAAM,EAAE,MAAM,IAAI,sCAAsC;iBACzD,CAAC;YACJ,KAAK,QAAQ;gBACX,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,MAAM,IAAI,0EAA0E;iBAC7F,CAAC;YACJ,KAAK,OAAO;gBACV,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,MAAM,IAAI,+BAA+B;iBAClD,CAAC;YACJ,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,WAAW,GAAU,QAAQ,CAAC;gBACpC,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,MAAM,CAAC,WAAW,CAAC,EAAE,EAAC,CAAC;YACnF,CAAC;QACH,CAAC;IACH,CAAC;CACF"}

package/dist/src/security/permission-checker.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+export {};

package/dist/src/security/permission-checker.test.js

@@ -0,0 +1,208 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+import { describe, it, expect } from 'vitest';
+import { AccessJsonPermissionChecker } from './permission-checker.js';
+function makeAccess(overrides = {}) {
+    return {
+        endpoints: {
+            'POST /articles': {
+                returns: ['article'],
+                confirm: true,
+                reason: 'Creates a new article',
+                ...overrides,
+            },
+        },
+    };
+}
+function makeRequest(overrides = {}) {
+    return {
+        connection: 'blog-api',
+        endpointPath: 'POST /articles',
+        intent: 'write',
+        method: 'POST',
+        ...overrides,
+    };
+}
+describe('AccessJsonPermissionChecker', () => {
+    describe('read operations', () => {
+        it('allows GET requests without gate check', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map([['blog-api', makeAccess()]]),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ method: 'GET', intent: 'read', endpointPath: 'GET /articles' }));
+            expect(result.allowed).toBe(true);
+        });
+    });
+    describe('write intent enforcement', () => {
+        it('rejects mutating methods with read intent', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map(),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ method: 'POST', intent: 'read' }));
+            expect(result.allowed).toBe(false);
+            if (!result.allowed) {
+                expect(result.reason).toContain('requires intent "write"');
+            }
+        });
+        it('rejects DELETE with read intent', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map(),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ method: 'DELETE', intent: 'read' }));
+            expect(result.allowed).toBe(false);
+        });
+    });
+    describe('read-only mode (task agents)', () => {
+        it('blocks write operations in read-only mode', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map(),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ readOnly: true }));
+            expect(result.allowed).toBe(false);
+            if (!result.allowed) {
+                expect(result.reason).toContain('read-only mode');
+            }
+        });
+        it('allows GET in read-only mode', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map(),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ method: 'GET', intent: 'read', readOnly: true }));
+            expect(result.allowed).toBe(true);
+        });
+    });
+    describe('plan mode', () => {
+        it('blocks writes in plan mode', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map(),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ planModeActive: true }));
+            expect(result.allowed).toBe(false);
+            if (!result.allowed) {
+                expect(result.reason).toContain('plan mode');
+            }
+        });
+    });
+    describe('confirmation tiers', () => {
+        it('returns requiresConfirmation for confirm tier', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map([['blog-api', makeAccess({ confirm: true })]]),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ intent: 'write' }));
+            expect(result.allowed).toBe(true);
+            if (result.allowed) {
+                expect(result.requiresConfirmation).toBe(true);
+            }
+        });
+        it('blocks for review tier', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map([['blog-api', makeAccess({ confirm: 'review' })]]),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ intent: 'write' }));
+            expect(result.allowed).toBe(false);
+            if (!result.allowed) {
+                expect(result.reason).toBeDefined();
+            }
+        });
+        it('blocks for never tier', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map([['blog-api', makeAccess({ confirm: 'never' })]]),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ intent: 'write' }));
+            expect(result.allowed).toBe(false);
+        });
+        it('allows when no confirm field', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map([['blog-api', makeAccess({ confirm: undefined })]]),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ intent: 'write' }));
+            expect(result.allowed).toBe(true);
+            if (result.allowed) {
+                expect(result.requiresConfirmation).toBeFalsy();
+            }
+        });
+        it('allows when connection has no access config', () => {
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map(),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({ intent: 'write' }));
+            expect(result.allowed).toBe(true);
+        });
+    });
+    describe('delegation escalation', () => {
+        it('escalates confirm to review for delegated agents', () => {
+            const access = makeAccess({ confirm: true });
+            access.delegations = { enabled: true, escalateConfirm: true };
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map([['blog-api', access]]),
+                isDelegated: true,
+            });
+            const result = checker.check(makeRequest({ intent: 'write' }));
+            expect(result.allowed).toBe(false);
+            if (!result.allowed) {
+                expect(result.reason).toContain('Delegated');
+            }
+        });
+    });
+    describe('threshold escalation', () => {
+        it('escalates when threshold is exceeded', () => {
+            const access = makeAccess({
+                confirm: true,
+                thresholds: [{ field: 'amount', above: 10000, escalate: 'never' }],
+            });
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map([['blog-api', access]]),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({
+                intent: 'write',
+                params: { amount: 50000 },
+            }));
+            expect(result.allowed).toBe(false);
+        });
+        it('does not escalate when threshold is not exceeded', () => {
+            const access = makeAccess({
+                confirm: true,
+                thresholds: [{ field: 'amount', above: 10000, escalate: 'never' }],
+            });
+            const checker = new AccessJsonPermissionChecker({
+                accessConfigs: new Map([['blog-api', access]]),
+                isDelegated: false,
+            });
+            const result = checker.check(makeRequest({
+                intent: 'write',
+                params: { amount: 500 },
+            }));
+            // Still 'confirm' tier (not escalated to 'never')
+            expect(result.allowed).toBe(true);
+            if (result.allowed) {
+                expect(result.requiresConfirmation).toBe(true);
+            }
+        });
+    });
+    describe('exhaustive gate decisions', () => {
+        it('handles all four gate decisions', () => {
+            // allow — tested above (no confirm field)
+            // confirm — tested above (confirm: true)
+            // review — tested above (confirm: 'review')
+            // never — tested above (confirm: 'never')
+            // This test exists to document coverage, not add new assertions
+            expect(true).toBe(true);
+        });
+    });
+});
+//# sourceMappingURL=permission-checker.test.js.map