npm - @aria-cli/tools - Versions diffs - 1.0.9 → 1.0.11 - Mend

@aria-cli/tools 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (241) hide show

package/package.json +9 -5
package/src/__tests__/web-fetch-download.test.ts +0 -433
package/src/__tests__/web-tools.test.ts +0 -619
package/src/ask-user-interaction.ts +0 -33
package/src/cache/web-cache.ts +0 -110
package/src/definitions/arion.ts +0 -118
package/src/definitions/browser/browser.ts +0 -502
package/src/definitions/browser/index.ts +0 -5
package/src/definitions/browser/pw-downloads.ts +0 -142
package/src/definitions/browser/pw-interactions.ts +0 -282
package/src/definitions/browser/pw-responses.ts +0 -98
package/src/definitions/browser/pw-session.ts +0 -405
package/src/definitions/browser/pw-shared.ts +0 -85
package/src/definitions/browser/pw-snapshot.ts +0 -383
package/src/definitions/browser/pw-state.ts +0 -101
package/src/definitions/browser/types.ts +0 -203
package/src/definitions/code-intelligence.ts +0 -526
package/src/definitions/core.ts +0 -118
package/src/definitions/delegation.ts +0 -567
package/src/definitions/deploy.ts +0 -73
package/src/definitions/filesystem.ts +0 -217
package/src/definitions/frg.ts +0 -67
package/src/definitions/index.ts +0 -28
package/src/definitions/memory.ts +0 -150
package/src/definitions/messaging.ts +0 -734
package/src/definitions/meta.ts +0 -392
package/src/definitions/network.ts +0 -179
package/src/definitions/outlook.ts +0 -318
package/src/definitions/patch/apply-patch.ts +0 -235
package/src/definitions/patch/fuzzy-match.ts +0 -217
package/src/definitions/patch/index.ts +0 -1
package/src/definitions/patch/patch-parser.ts +0 -297
package/src/definitions/patch/sandbox-paths.ts +0 -129
package/src/definitions/process/index.ts +0 -5
package/src/definitions/process/process-registry.ts +0 -303
package/src/definitions/process/process.ts +0 -456
package/src/definitions/process/pty-keys.ts +0 -298
package/src/definitions/process/session-slug.ts +0 -147
package/src/definitions/quip.ts +0 -225
package/src/definitions/search.ts +0 -67
package/src/definitions/session-history.ts +0 -79
package/src/definitions/shell.ts +0 -202
package/src/definitions/slack.ts +0 -211
package/src/definitions/web.ts +0 -119
package/src/executors/apply-patch.ts +0 -1035
package/src/executors/arion.ts +0 -199
package/src/executors/code-intelligence.ts +0 -1179
package/src/executors/deploy.ts +0 -1066
package/src/executors/filesystem.ts +0 -1428
package/src/executors/frg-freshness.ts +0 -743
package/src/executors/frg.ts +0 -394
package/src/executors/index.ts +0 -280
package/src/executors/learning-meta.ts +0 -1367
package/src/executors/lsp-client.ts +0 -355
package/src/executors/memory.ts +0 -978
package/src/executors/meta.ts +0 -293
package/src/executors/process-registry.ts +0 -570
package/src/executors/pty-session-store.ts +0 -43
package/src/executors/pty.ts +0 -342
package/src/executors/restart.ts +0 -133
package/src/executors/search-freshness.ts +0 -249
package/src/executors/search-types.ts +0 -98
package/src/executors/search.ts +0 -89
package/src/executors/self-diagnose.ts +0 -552
package/src/executors/session-history.ts +0 -435
package/src/executors/shell-safety.ts +0 -519
package/src/executors/shell.ts +0 -1243
package/src/executors/utils.ts +0 -40
package/src/executors/web.ts +0 -786
package/src/extraction/content-extraction.ts +0 -281
package/src/extraction/index.ts +0 -5
package/src/headless-control-contract.ts +0 -1149
package/src/index.ts +0 -788
package/src/local-control-http-auth.ts +0 -2
package/src/mcp/client.ts +0 -218
package/src/mcp/connection.ts +0 -568
package/src/mcp/index.ts +0 -11
package/src/mcp/jsonrpc.ts +0 -195
package/src/mcp/types.ts +0 -199
package/src/network-control-adapter.ts +0 -88
package/src/network-runtime/address-types.ts +0 -218
package/src/network-runtime/db-owner-fencing.ts +0 -91
package/src/network-runtime/delivery-receipts.ts +0 -372
package/src/network-runtime/direct-endpoint-authority.ts +0 -35
package/src/network-runtime/index.ts +0 -316
package/src/network-runtime/local-control-contract.ts +0 -784
package/src/network-runtime/node-store-contract.ts +0 -46
package/src/network-runtime/pair-route-contract.ts +0 -97
package/src/network-runtime/peer-capabilities.ts +0 -48
package/src/network-runtime/peer-principal-ref.ts +0 -20
package/src/network-runtime/peer-state-machine.ts +0 -160
package/src/network-runtime/protocol-schemas.ts +0 -265
package/src/network-runtime/runtime-bootstrap-contract.ts +0 -83
package/src/outlook/desktop-session.ts +0 -409
package/src/policy.ts +0 -171
package/src/providers/brave.ts +0 -80
package/src/providers/duckduckgo.ts +0 -199
package/src/providers/exa.ts +0 -85
package/src/providers/firecrawl.ts +0 -77
package/src/providers/index.ts +0 -8
package/src/providers/jina.ts +0 -70
package/src/providers/router.ts +0 -121
package/src/providers/search-provider.ts +0 -74
package/src/providers/tavily.ts +0 -74
package/src/quip/desktop-session.ts +0 -435
package/src/registry/index.ts +0 -1
package/src/registry/registry.ts +0 -905
package/src/runtime-socket-local-control-client.ts +0 -632
package/src/security/dns-normalization.ts +0 -34
package/src/security/dns-pinning.ts +0 -138
package/src/security/external-content.ts +0 -129
package/src/security/ssrf.ts +0 -207
package/src/slack/desktop-session.ts +0 -493
package/src/tool-factory.ts +0 -91
package/src/types.ts +0 -1341
package/src/utils/retry.ts +0 -163
package/src/utils/safe-parse-json.ts +0 -176
package/src/utils/url.ts +0 -20
package/tests/benchmarks/registry.bench.ts +0 -57
package/tests/cache/web-cache.test.ts +0 -147
package/tests/critical-integration.test.ts +0 -1465
package/tests/definitions/apply-patch.test.ts +0 -586
package/tests/definitions/browser.test.ts +0 -495
package/tests/definitions/delegation-pause-resume.test.ts +0 -758
package/tests/definitions/execution.test.ts +0 -671
package/tests/definitions/messaging-inbox-scope.test.ts +0 -229
package/tests/definitions/messaging.test.ts +0 -1468
package/tests/definitions/outlook.test.ts +0 -30
package/tests/definitions/process.test.ts +0 -469
package/tests/definitions/slack.test.ts +0 -28
package/tests/definitions/tool-inventory.test.ts +0 -218
package/tests/e2e/delegation-quest-orchestration.e2e.test.ts +0 -433
package/tests/e2e/memory-tool-discovery-contract.e2e.test.ts +0 -81
package/tests/executors/apply-patch.test.ts +0 -538
package/tests/executors/arion.test.ts +0 -309
package/tests/executors/conversation-primitives.test.ts +0 -250
package/tests/executors/deploy.test.ts +0 -746
package/tests/executors/filesystem-tools.test.ts +0 -357
package/tests/executors/filesystem.test.ts +0 -959
package/tests/executors/frg-freshness.test.ts +0 -136
package/tests/executors/frg-merge.test.ts +0 -70
package/tests/executors/frg-session-content.test.ts +0 -40
package/tests/executors/frg.test.ts +0 -56
package/tests/executors/memory-bugfixes.test.ts +0 -257
package/tests/executors/memory-real-memoria.integration.test.ts +0 -316
package/tests/executors/memory.test.ts +0 -853
package/tests/executors/meta-tools.test.ts +0 -411
package/tests/executors/meta.test.ts +0 -683
package/tests/executors/path-containment.test.ts +0 -51
package/tests/executors/process-registry.test.ts +0 -505
package/tests/executors/pty.test.ts +0 -664
package/tests/executors/quest-security.test.ts +0 -249
package/tests/executors/read-file-media.test.ts +0 -230
package/tests/executors/recall-knowledge-schema.test.ts +0 -209
package/tests/executors/recall-tags.test.ts +0 -278
package/tests/executors/remember-null-safety.contract.test.ts +0 -41
package/tests/executors/restart.test.ts +0 -67
package/tests/executors/search-unified.test.ts +0 -381
package/tests/executors/session-history.test.ts +0 -340
package/tests/executors/session-transcript.test.ts +0 -561
package/tests/executors/shell-abort.test.ts +0 -416
package/tests/executors/shell-env-blocklist.test.ts +0 -648
package/tests/executors/shell-env-process.test.ts +0 -245
package/tests/executors/shell-process-registry.test.ts +0 -334
package/tests/executors/shell-tools.test.ts +0 -393
package/tests/executors/shell.test.ts +0 -690
package/tests/executors/web-abort-vs-timeout.test.ts +0 -213
package/tests/executors/web-integration.test.ts +0 -633
package/tests/executors/web-symlink.test.ts +0 -18
package/tests/executors/web.test.ts +0 -1400
package/tests/executors/write-stdin.test.ts +0 -145
package/tests/extraction/content-extraction.test.ts +0 -153
package/tests/guards/tools-default-test-lane.integration.test.ts +0 -21
package/tests/guards/tools-package-test-commands.e2e.test.ts +0 -43
package/tests/guards/tools-test-lane-manifest.contract.test.ts +0 -76
package/tests/guards/tools-vitest-workspace-alias.contract.test.ts +0 -63
package/tests/helpers/async-waits.ts +0 -53
package/tests/integration/headless-control-contract.integration.test.ts +0 -153
package/tests/integration/memory-tool-schema-parity.integration.test.ts +0 -67
package/tests/integration/meta-tools-round-trip.integration.test.ts +0 -506
package/tests/integration/quest-round-trip.test.ts +0 -303
package/tests/integration/registry-executor-flow.test.ts +0 -85
package/tests/integration.test.ts +0 -177
package/tests/loading-tier.test.ts +0 -126
package/tests/mcp/client-reconnect.test.ts +0 -267
package/tests/mcp/connection.test.ts +0 -846
package/tests/mcp/injectable-logger.test.ts +0 -83
package/tests/mcp/jsonrpc.test.ts +0 -109
package/tests/mcp/lifecycle.test.ts +0 -879
package/tests/network-runtime/address-types.contract.test.ts +0 -143
package/tests/network-runtime/continuity-bind-schema.contract.test.ts +0 -203
package/tests/network-runtime/local-control-contract.test.ts +0 -869
package/tests/network-runtime/local-control-invite-token.contract.test.ts +0 -146
package/tests/network-runtime/node-store-contract.test.ts +0 -11
package/tests/network-runtime/pair-protocol-nodeid.contract.test.ts +0 -15
package/tests/network-runtime/peer-state-machine.contract.test.ts +0 -148
package/tests/network-runtime/protocol-schemas.contract.test.ts +0 -512
package/tests/network-runtime/relay-pending-nodeid.contract.test.ts +0 -62
package/tests/network-runtime/runtime-bootstrap-contract.test.ts +0 -227
package/tests/network-runtime/runtime-socket-local-control-client.test.ts +0 -621
package/tests/network-runtime/wait-for-message-script.test.ts +0 -288
package/tests/parallel.test.ts +0 -71
package/tests/policy.test.ts +0 -184
package/tests/print-default-test-lane.ts +0 -14
package/tests/print-test-lane-manifest.ts +0 -22
package/tests/providers/brave.test.ts +0 -159
package/tests/providers/duckduckgo.test.ts +0 -207
package/tests/providers/exa.test.ts +0 -175
package/tests/providers/firecrawl.test.ts +0 -168
package/tests/providers/jina.test.ts +0 -144
package/tests/providers/router.test.ts +0 -328
package/tests/providers/tavily.test.ts +0 -165
package/tests/registry/discovery.test.ts +0 -154
package/tests/registry/injectable-logger.test.ts +0 -230
package/tests/registry/input-validation.test.ts +0 -361
package/tests/registry/interface-completeness.test.ts +0 -85
package/tests/registry/mcp-integration.test.ts +0 -103
package/tests/registry/mcp-read-only-hint.test.ts +0 -60
package/tests/registry/memoria-discovery.test.ts +0 -390
package/tests/registry/nested-validation.test.ts +0 -283
package/tests/registry/pseudo-tool-filtering.test.ts +0 -258
package/tests/registry/registration-lifecycle.test.ts +0 -133
package/tests/registry-validation.test.ts +0 -424
package/tests/registry.test.ts +0 -460
package/tests/security/dns-pinning.test.ts +0 -162
package/tests/security/external-content.test.ts +0 -144
package/tests/security/ssrf.test.ts +0 -118
package/tests/shell-safety-integration.test.ts +0 -32
package/tests/shell-safety.test.ts +0 -365
package/tests/slack/desktop-session.test.ts +0 -50
package/tests/test-lane-manifest.ts +0 -440
package/tests/test-utils.ts +0 -27
package/tests/tool-factory.test.ts +0 -188
package/tests/utils/retry.test.ts +0 -231
package/tests/utils/url.test.ts +0 -63
package/tsconfig.cjs.json +0 -24
package/tsconfig.json +0 -12
package/vitest.config.ts +0 -55
package/vitest.e2e.config.ts +0 -24
package/vitest.integration.config.ts +0 -24
package/vitest.native.config.ts +0 -24

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aria-cli/tools",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -31,12 +31,12 @@
     "vscode-languageserver-protocol": "^3.17.5",
     "zod": "^4.3.6",
     "zod-to-json-schema": "^3.25.1",
+    "@aria-cli/fastripgrep": "1.0.11",
     "@aria-cli/search": "0.1.0",
-    "@aria-cli/types": "1.0.9",
-    "@aria-cli/fastripgrep": "1.0.9"
+    "@aria-cli/types": "1.0.11"
   },
   "optionalDependencies": {
-    "@aria-cli/cli": "1.0.9"
+    "@aria-cli/cli": "1.0.11"
   },
   "devDependencies": {
     "@types/jsdom": "^28.0.0",
@@ -44,8 +44,12 @@
     "@types/turndown": "^5.0.6",
     "typescript": "^5.9.3",
     "vitest": "^4.0.18",
-    "@aria-cli/memoria": "1.0.9"
+    "@aria-cli/memoria": "1.0.11"
   },
+  "files": [
+    "dist/",
+    "dist-cjs/"
+  ],
   "scripts": {
     "dev": "tsc --watch",
     "test": "vitest run --config vitest.config.ts",

package/src/__tests__/web-fetch-download.test.ts DELETED Viewed

@@ -1,433 +0,0 @@
-/**
- * @aria/tools - Web fetch tool tests
- *
- * Tests for executeWebFetch executor.
- * Covers URL validation, SSRF protection, format parsing, and size limits.
- * All external calls (fetch, dns) are mocked -- no real network traffic.
- */
-import * as dns from "node:dns";
-import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
-import type { ToolContext } from "../types.js";
-import { executeWebFetch } from "../executors/web.js";
-import { fetchCache } from "../cache/web-cache.js";
-vi.mock("node:dns", () => ({
-  promises: {
-    lookup: vi.fn(),
-  },
-}));
-const createContext = (overrides: Partial<ToolContext> = {}): ToolContext => ({
-  workingDir: "/tmp/test",
-  env: {},
-  confirm: async () => true,
-  ...overrides,
-});
-/** Helper to create a mock Response with a readable body stream. */
-function mockResponse(body: string | Uint8Array, init?: ResponseInit): Response {
-  return new Response(body, init);
-}
-/**
- * Creates a chunked ReadableStream that yields data in small pieces,
- * useful for testing streaming size limits without Content-Length.
- */
-function chunkedResponse(chunks: Uint8Array[], init?: ResponseInit): Response {
-  const stream = new ReadableStream<Uint8Array>({
-    start(controller) {
-      for (const chunk of chunks) {
-        controller.enqueue(chunk);
-      }
-      controller.close();
-    },
-  });
-  return new Response(stream, init);
-}
-// ============================================================================
-// executeWebFetch
-// ============================================================================
-describe("executeWebFetch", () => {
-  let originalFetch: typeof global.fetch;
-  beforeEach(() => {
-    originalFetch = global.fetch;
-    fetchCache.clear();
-    // Default: resolve to public IP
-    vi.mocked(dns.promises.lookup).mockResolvedValue({
-      address: "93.184.216.34",
-      family: 4,
-    });
-  });
-  afterEach(() => {
-    global.fetch = originalFetch;
-    vi.restoreAllMocks();
-  });
-  // ---------- URL validation ----------
-  it("rejects invalid URL format", async () => {
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "not-a-url" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("Invalid URL");
-  });
-  it("rejects non-HTTP protocols", async () => {
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "ftp://files.example.com/data" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("protocol");
-  });
-  it("rejects file:// protocol", async () => {
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "file:///etc/passwd" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("protocol");
-  });
-  // ---------- SSRF protection ----------
-  it("rejects hostname resolving to loopback (127.0.0.1)", async () => {
-    vi.mocked(dns.promises.lookup).mockResolvedValue({
-      address: "127.0.0.1",
-      family: 4,
-    });
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://evil.example.com" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("private network");
-    expect(result.message).toContain("127.0.0.1");
-  });
-  it("rejects hostname resolving to AWS metadata (169.254.169.254)", async () => {
-    vi.mocked(dns.promises.lookup).mockResolvedValue({
-      address: "169.254.169.254",
-      family: 4,
-    });
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://metadata.example.com" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("private network");
-    expect(result.message).toContain("169.254.169.254");
-  });
-  it("rejects hostname resolving to 10.x private range", async () => {
-    vi.mocked(dns.promises.lookup).mockResolvedValue({
-      address: "10.0.0.1",
-      family: 4,
-    });
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://internal.corp" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("private network");
-  });
-  it("rejects hostname resolving to 192.168.x private range", async () => {
-    vi.mocked(dns.promises.lookup).mockResolvedValue({
-      address: "192.168.1.1",
-      family: 4,
-    });
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://router.local" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("private network");
-  });
-  it("rejects hostname resolving to IPv6 loopback (::1)", async () => {
-    vi.mocked(dns.promises.lookup).mockResolvedValue({
-      address: "::1",
-      family: 6,
-    });
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://ipv6-loop.example.com" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("private network");
-  });
-  it("allows hostname resolving to public IP (8.8.8.8)", async () => {
-    vi.mocked(dns.promises.lookup).mockResolvedValue({
-      address: "8.8.8.8",
-      family: 4,
-    });
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue(mockResponse("public content", { status: 200 })),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://safe.example.com" }, ctx);
-    expect(result.success).toBe(true);
-  });
-  it("returns error when DNS lookup fails", async () => {
-    vi.mocked(dns.promises.lookup).mockRejectedValue(
-      new Error("getaddrinfo ENOTFOUND nope.invalid"),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://nope.invalid" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("DNS resolution failed");
-  });
-  // ---------- Format parsing ----------
-  it("returns text content wrapped with security boundaries by default", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue(
-        mockResponse("Hello, world!", {
-          status: 200,
-          headers: { "Content-Type": "text/plain" },
-        }),
-      ),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://example.com/text" }, ctx);
-    expect(result.success).toBe(true);
-    const data = result.data as { content: string; status: number };
-    // Text content is now wrapped with external content security boundaries
-    expect(data.content).toContain("Hello, world!");
-    expect(data.content).toContain("EXTERNAL_UNTRUSTED_CONTENT");
-    expect(data.content).toContain("[Source: web_fetch]");
-    expect(data.status).toBe(200);
-  });
-  it("returns HTML content wrapped with security boundaries for format=html", async () => {
-    const html = "<html><body><p>Content</p></body></html>";
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue(
-        mockResponse(html, {
-          status: 200,
-          headers: { "Content-Type": "text/html" },
-        }),
-      ),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://example.com/page", format: "html" }, ctx);
-    expect(result.success).toBe(true);
-    const data = result.data as { content: string; contentType: string };
-    // HTML content is now wrapped with security boundaries
-    expect(data.content).toContain(html);
-    expect(data.content).toContain("EXTERNAL_UNTRUSTED_CONTENT");
-    expect(data.contentType).toBe("text/html");
-  });
-  it("parses JSON content with format=json", async () => {
-    const obj = { name: "aria", version: 1 };
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue(
-        mockResponse(JSON.stringify(obj), {
-          status: 200,
-          headers: { "Content-Type": "application/json" },
-        }),
-      ),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch(
-      { url: "https://api.example.com/data", format: "json" },
-      ctx,
-    );
-    expect(result.success).toBe(true);
-    const data = result.data as { content: { name: string; version: number } };
-    expect(data.content).toEqual({ name: "aria", version: 1 });
-  });
-  it("returns error for invalid JSON with format=json", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue(mockResponse("not json {{{", { status: 200 })),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch(
-      { url: "https://example.com/bad-json", format: "json" },
-      ctx,
-    );
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("parse JSON");
-  });
-  // ---------- Size limits ----------
-  it("rejects responses exceeding Content-Length limit", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue(
-        mockResponse("x", {
-          status: 200,
-          headers: { "Content-Length": "999999999" },
-        }),
-      ),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch(
-      { url: "https://example.com/huge", maxSizeBytes: 1024 },
-      ctx,
-    );
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("too large");
-  });
-  it("rejects chunked responses exceeding streaming size limit", async () => {
-    // Create chunks that exceed a small limit, without Content-Length header
-    const chunk1 = new Uint8Array(600).fill(65); // 'A' * 600
-    const chunk2 = new Uint8Array(600).fill(66); // 'B' * 600
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue(chunkedResponse([chunk1, chunk2], { status: 200 })),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch(
-      { url: "https://example.com/stream", maxSizeBytes: 1000 },
-      ctx,
-    );
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("exceeds maximum size");
-  });
-  it("accepts responses within size limit", async () => {
-    const content = "A".repeat(500);
-    vi.stubGlobal("fetch", vi.fn().mockResolvedValue(mockResponse(content, { status: 200 })));
-    const ctx = createContext();
-    const result = await executeWebFetch(
-      { url: "https://example.com/small", maxSizeBytes: 1024 },
-      ctx,
-    );
-    expect(result.success).toBe(true);
-    const data = result.data as { content: string };
-    // Content is now wrapped with security boundaries
-    expect(data.content).toContain(content);
-  });
-  // ---------- Custom headers ----------
-  it("passes custom headers to the request", async () => {
-    const mockFetch = vi.fn().mockResolvedValue(mockResponse("ok", { status: 200 }));
-    vi.stubGlobal("fetch", mockFetch);
-    const ctx = createContext();
-    await executeWebFetch(
-      {
-        url: "https://example.com/api",
-        headers: { Authorization: "Bearer token123", "X-Custom": "value" },
-      },
-      ctx,
-    );
-    expect(mockFetch).toHaveBeenCalledWith(
-      "https://example.com/api",
-      expect.objectContaining({
-        headers: { Authorization: "Bearer token123", "X-Custom": "value" },
-      }),
-    );
-  });
-  // ---------- Abort signal ----------
-  it("handles context abort signal", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockImplementation((_url: string, options?: RequestInit) => {
-        return new Promise((_resolve, reject) => {
-          const signal = options?.signal;
-          if (signal) {
-            signal.addEventListener("abort", () => {
-              const err = new Error("The operation was aborted");
-              err.name = "AbortError";
-              reject(err);
-            });
-          }
-        });
-      }),
-    );
-    const abortController = new AbortController();
-    const ctx = createContext({ abortSignal: abortController.signal });
-    setTimeout(() => abortController.abort(), 10);
-    const result = await executeWebFetch({ url: "https://example.com/slow" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("cancelled");
-  });
-  // ---------- HTTP errors ----------
-  it("returns error for non-OK HTTP status", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue(
-        mockResponse("Forbidden", {
-          status: 403,
-          statusText: "Forbidden",
-        }),
-      ),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://example.com/secret" }, ctx);
-    expect(result.success).toBe(false);
-    expect(result.message).toContain("403");
-  });
-  it("includes contentType in successful response", async () => {
-    vi.stubGlobal(
-      "fetch",
-      vi.fn().mockResolvedValue(
-        mockResponse("data", {
-          status: 200,
-          headers: { "Content-Type": "text/csv; charset=utf-8" },
-        }),
-      ),
-    );
-    const ctx = createContext();
-    const result = await executeWebFetch({ url: "https://example.com/data.csv" }, ctx);
-    expect(result.success).toBe(true);
-    const data = result.data as { contentType: string };
-    expect(data.contentType).toBe("text/csv; charset=utf-8");
-  });
-});
-// download tool removed in aria-c3x