@checkstack/ai-backend 0.1.0

package/src/chat/chat-service.streamturn.test.ts

@@ -0,0 +1,417 @@
+import { describe, expect, test, mock, beforeEach, afterEach } from "bun:test";
+import { APICallError, type LanguageModelUsage } from "ai";
+import type { AuthUser } from "@checkstack/backend-api";
+import type { OpenAiCompatibleConnection } from "@checkstack/ai-common";
+import type { ClassifierTextGenerator } from "./classifier-service";
+import { OFF_TOPIC_REFUSAL } from "./classifier.logic";
+
+/**
+ * `streamTurn` integration-ish unit tests for the topical pre-classifier (Fix
+ * 3). We mock the `ai` module's `streamText` (so no live model is built) and the
+ * provider builder, then inject a fake classifier generator to drive each path:
+ *
+ *  - OFF_TOPIC short-circuits: streamText (the expensive tool loop) NEVER runs,
+ *    the canned refusal is persisted + streamed.
+ *  - classifier ERROR fails open: streamText runs (the normal turn proceeds).
+ *  - ON_TOPIC proceeds: streamText runs normally.
+ *
+ * These are DOM-free and run under `bun test` from the repo root.
+ */
+
+// Records each streamText call so we can assert whether the tool loop ran and
+// what message history it was handed (post-normalization).
+const streamTextCalls: Array<{ system: string; messages: unknown }> = [];
+// Captures the onError handler the service hands `toUIMessageStreamResponse`, so
+// a test can drive the (otherwise masked) provider-error surfacing path.
+let lastOnError: ((error: unknown) => string) | undefined;
+// Captures the onFinish callback the service hands streamText, so the test can
+// drive the normal-turn persistence/spend path deterministically.
+let lastOnFinish:
+  | ((args: {
+      text: string;
+      steps: Array<{ response: { messages: unknown[] } }>;
+      totalUsage: LanguageModelUsage;
+    }) => Promise<void> | void)
+  | undefined;
+
+const realAi = await import("ai");
+
+mock.module("ai", () => ({
+  ...realAi,
+  stepCountIs: () => ({}),
+  streamText: (args: {
+    system: string;
+    messages: unknown;
+    onFinish?: typeof lastOnFinish;
+  }) => {
+    streamTextCalls.push({ system: args.system, messages: args.messages });
+    lastOnFinish = args.onFinish;
+    return {
+      toUIMessageStreamResponse: (opts?: {
+        onError?: (error: unknown) => string;
+      }) => {
+        lastOnError = opts?.onError;
+        return new Response("normal-turn", { status: 200 });
+      },
+    };
+  },
+  // Real-enough SSE helpers for the short-circuit path (refusal stream).
+  createUIMessageStream: ({
+    execute,
+  }: {
+    execute: (o: { writer: { write: (c: unknown) => void } }) => void;
+  }) => {
+    const chunks: unknown[] = [];
+    execute({ writer: { write: (c) => chunks.push(c) } });
+    return chunks;
+  },
+  createUIMessageStreamResponse: ({ stream }: { stream: unknown[] }) =>
+    new Response(JSON.stringify(stream), { status: 200 }),
+}));
+
+// NOTE: we deliberately do NOT mock `./llm-provider`. `buildLanguageModel`
+// returns a real provider model object but makes no network call until
+// `streamText`/`generateText` runs, and `streamText` is mocked above — so the
+// real builder is safe here AND we avoid leaking a module mock into
+// `llm-provider.test.ts` (bun `mock.module` is process-global).
+
+// Imported AFTER the mocks so the service binds the mocked `ai`.
+const { createChatService } = await import("./chat-service");
+
+const principal: AuthUser = {
+  type: "user",
+  id: "u1",
+  accessRules: [],
+};
+
+const connection: OpenAiCompatibleConnection = {
+  baseUrl: "https://api.openai.com/v1",
+  apiKey: "sk-test",
+  defaultModel: "test-model",
+};
+
+/** Build a full AI-SDK usage object from input/output token counts. */
+function usage(inputTokens: number, outputTokens: number): LanguageModelUsage {
+  return {
+    inputTokens,
+    outputTokens,
+    totalTokens: inputTokens + outputTokens,
+    inputTokenDetails: {
+      noCacheTokens: undefined,
+      cacheReadTokens: undefined,
+      cacheWriteTokens: undefined,
+    },
+    outputTokenDetails: {
+      textTokens: undefined,
+      reasoningTokens: undefined,
+    },
+  };
+}
+
+/** A classifier generator that always returns the given verdict text. */
+function verdict(text: string): ClassifierTextGenerator {
+  return async () => ({ text, usage: usage(3, 1) });
+}
+
+/** A classifier generator that throws (simulates a classifier outage). */
+const classifierThrows: ClassifierTextGenerator = async () => {
+  throw new Error("classifier unavailable");
+};
+
+/** A minimal proposeApply double exposing only what streamDecision touches. */
+interface ProposalDouble {
+  rowId: string;
+  toolName: string;
+  status: string;
+  conversationId?: string;
+  summary?: string;
+}
+
+function makeService(
+  classifierGenerate: ClassifierTextGenerator,
+  describeProposalResult?: ProposalDouble,
+) {
+  const appended: Array<{ role: string; text: unknown }> = [];
+  const spendInserts: Array<Record<string, unknown>> = [];
+  const conversations = {
+    getConversation: async () => ({
+      id: "conv-1",
+      userId: "u1",
+      title: "t",
+      integrationId: "ai.openai-compatible.c1",
+      model: null,
+      permissionMode: "approve" as const,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+      archivedAt: null,
+    }),
+    appendMessage: async (a: { role: string; content: { text: unknown } }) => {
+      appended.push({ role: a.role, text: a.content.text });
+      return {} as never;
+    },
+    listMessages: async () => [
+      {
+        id: "m1",
+        conversationId: "conv-1",
+        role: "user" as const,
+        content: { text: "hi" },
+        toolCalls: null,
+        modelMessages: null,
+        createdAt: new Date(),
+      },
+    ],
+    updateConversation: async () => undefined,
+    createConversation: async () => ({}) as never,
+    listConversations: async () => [],
+    archiveConversation: async () => false,
+    deleteConversation: async () => false,
+  };
+  // db.insert(...).values(...) is awaited by recordSpend; capture the values.
+  const db = {
+    insert: () => ({
+      values: async (v: Record<string, unknown>) => {
+        spendInserts.push(v);
+      },
+    }),
+  } as never;
+  const loggerErrors: Array<{ message: string; meta: unknown }> = [];
+  const logger = {
+    info: () => {},
+    warn: () => {},
+    debug: () => {},
+    error: (message: string, meta?: unknown) => {
+      loggerErrors.push({ message, meta });
+    },
+  };
+  const service = createChatService({
+    resolver: { resolveTools: () => [] } as never,
+    proposeApply: {
+      describeProposal: async () => describeProposalResult,
+    } as never,
+    conversations: conversations as never,
+    connections: { resolve: async () => connection },
+    readInvoker: { invoke: async () => ({}) },
+    recordExecuted: async () => {},
+    db,
+    logger,
+    internalUrl: "http://localhost:3000",
+    classifierGenerate,
+  });
+  return { service, appended, spendInserts, loggerErrors };
+}
+
+beforeEach(() => {
+  streamTextCalls.length = 0;
+  lastOnFinish = undefined;
+  lastOnError = undefined;
+});
+
+afterEach(() => {
+  mock.restore();
+});
+
+describe("streamTurn topical pre-classifier", () => {
+  const turn = {
+    principal,
+    conversationId: "conv-1",
+    connectionId: "ai.openai-compatible.c1",
+    forwardHeaders: {},
+    userText: "write me a hello world react component",
+  };
+
+  test("OFF_TOPIC short-circuits: no tool loop, refusal persisted + streamed, classifier spend recorded", async () => {
+    const { service, appended, spendInserts } = makeService(
+      verdict("OFF_TOPIC"),
+    );
+    const res = await service.streamTurn(turn);
+    expect(res.status).toBe(200);
+
+    // The expensive tool loop (streamText) must NOT have run.
+    expect(streamTextCalls).toHaveLength(0);
+
+    // The user message is persisted up front; the refusal is persisted as the
+    // assistant message (no other assistant turn was generated).
+    const assistant = appended.filter((a) => a.role === "assistant");
+    expect(assistant).toHaveLength(1);
+    expect(assistant[0]?.text).toBe(OFF_TOPIC_REFUSAL);
+
+    // The refusal text was streamed over the SSE path. Parse the stream chunks
+    // (the mock JSON-serializes them, which escapes the quotes in the refusal)
+    // and reassemble the deltas rather than substring-matching escaped JSON.
+    const body = await res.text();
+    const chunks = JSON.parse(body) as Array<{ delta?: string }>;
+    const streamed = chunks.map((c) => c.delta ?? "").join("");
+    expect(streamed).toBe(OFF_TOPIC_REFUSAL);
+
+    // The classifier's own (small) token usage was recorded against the ledger.
+    expect(spendInserts).toHaveLength(1);
+    expect(spendInserts[0]?.inputTokens).toBe(3);
+    expect(spendInserts[0]?.outputTokens).toBe(1);
+  });
+
+  test("classifier ERROR fails open: the normal turn proceeds (tool loop runs)", async () => {
+    const { service } = makeService(classifierThrows);
+    const res = await service.streamTurn(turn);
+    expect(res.status).toBe(200);
+    // Fail-open: streamText (the normal turn) ran despite the classifier throw.
+    expect(streamTextCalls).toHaveLength(1);
+    expect(await res.text()).toBe("normal-turn");
+  });
+
+  test("ON_TOPIC proceeds: the normal turn runs and the classifier spend is recorded", async () => {
+    const { service, spendInserts } = makeService(verdict("ON_TOPIC"));
+    const res = await service.streamTurn({
+      ...turn,
+      userText: "summarize the open incidents",
+    });
+    expect(res.status).toBe(200);
+    expect(streamTextCalls).toHaveLength(1);
+    // The classifier usage was recorded even on the ON_TOPIC path.
+    expect(spendInserts).toHaveLength(1);
+
+    // Drive the normal turn's onFinish to verify the turn usage is also recorded.
+    expect(lastOnFinish).toBeDefined();
+    await lastOnFinish?.({
+      text: "Here are the open incidents.",
+      steps: [],
+      totalUsage: usage(50, 20),
+    });
+    // One more spend row (the turn) + the assistant message persisted.
+    expect(spendInserts).toHaveLength(2);
+  });
+
+  test("hands streamText a normalized message history (starts with a user row)", async () => {
+    const { service } = makeService(verdict("ON_TOPIC"));
+    await service.streamTurn({ ...turn, userText: "list incidents" });
+    expect(streamTextCalls).toHaveLength(1);
+    const messages = streamTextCalls[0]?.messages;
+    expect(Array.isArray(messages)).toBe(true);
+    // normalizeModelMessages guarantees a leading user row.
+    const first = (messages as Array<{ role: string }>)[0];
+    expect(first?.role).toBe("user");
+  });
+
+  test("surfaces a masked provider error (HTTP body) to the UI and the log", async () => {
+    const { service, loggerErrors } = makeService(verdict("ON_TOPIC"));
+    await service.streamTurn({ ...turn, userText: "summarize incidents" });
+    // The service must have installed an onError handler (else errors are masked).
+    expect(lastOnError).toBeDefined();
+
+    const apiError = new APICallError({
+      message: "Bad Request",
+      url: "https://openrouter.ai/api/v1/chat/completions",
+      requestBodyValues: {},
+      statusCode: 400,
+      responseBody: '{"error":{"code":"invalid_prompt","message":"bad"}}',
+    });
+    const surfaced = lastOnError?.(apiError);
+    expect(surfaced).toContain("HTTP 400");
+    expect(surfaced).toContain("invalid_prompt");
+
+    // It is also logged server-side with the structured provider detail.
+    expect(loggerErrors).toHaveLength(1);
+    expect(loggerErrors[0]?.message).toBe("AI chat model call failed");
+    const meta = loggerErrors[0]?.meta as { statusCode?: number };
+    expect(meta.statusCode).toBe(400);
+  });
+});
+
+describe("streamDecision (post-confirm-card acknowledgment)", () => {
+  const base = {
+    principal,
+    conversationId: "conv-1",
+    connectionId: "ai.openai-compatible.c1",
+    forwardHeaders: {},
+  };
+
+  test("apply: runs the model with a server-derived APPLIED note, no user bubble", async () => {
+    const { service, appended } = makeService(verdict("ON_TOPIC"), {
+      rowId: "row-1",
+      toolName: "healthcheck.propose",
+      status: "applied",
+      conversationId: "conv-1",
+      summary: 'Create health check "google-com-http"',
+    });
+    const res = await service.streamDecision({
+      ...base,
+      token: "propose:row-1.nonce",
+      decision: "apply",
+    });
+    expect(res.status).toBe(200);
+    expect(streamTextCalls).toHaveLength(1);
+
+    // The decision note is delivered to the model (server-derived summary).
+    const serialized = JSON.stringify(streamTextCalls[0]?.messages);
+    expect(serialized).toContain("APPLIED");
+    expect(serialized).toContain("Create health check");
+    expect(serialized).toContain("google-com-http");
+
+    // No user message is persisted for a decision turn (no user bubble); only
+    // the streamed assistant reply is persisted via onFinish (driven below).
+    expect(appended.filter((a) => a.role === "user")).toHaveLength(0);
+  });
+
+  test("apply: refuses (409) when the proposal is not actually applied", async () => {
+    const { service } = makeService(verdict("ON_TOPIC"), {
+      rowId: "row-1",
+      toolName: "healthcheck.propose",
+      status: "proposed",
+      conversationId: "conv-1",
+      summary: "Create health check X",
+    });
+    const res = await service.streamDecision({
+      ...base,
+      token: "propose:row-1.nonce",
+      decision: "apply",
+    });
+    expect(res.status).toBe(409);
+    // The model must NOT run if we cannot truthfully say it was applied.
+    expect(streamTextCalls).toHaveLength(0);
+  });
+
+  test("decline: runs the model with a DECLINED note (no status requirement)", async () => {
+    const { service } = makeService(verdict("ON_TOPIC"), {
+      rowId: "row-1",
+      toolName: "healthcheck.propose",
+      status: "proposed",
+      conversationId: "conv-1",
+      summary: "Create health check X",
+    });
+    const res = await service.streamDecision({
+      ...base,
+      token: "propose:row-1.nonce",
+      decision: "decline",
+    });
+    expect(res.status).toBe(200);
+    expect(streamTextCalls).toHaveLength(1);
+    expect(JSON.stringify(streamTextCalls[0]?.messages)).toContain("DECLINED");
+  });
+
+  test("refuses (404) a proposal that belongs to a different conversation", async () => {
+    const { service } = makeService(verdict("ON_TOPIC"), {
+      rowId: "row-1",
+      toolName: "healthcheck.propose",
+      status: "applied",
+      conversationId: "other-conv",
+      summary: "Create health check X",
+    });
+    const res = await service.streamDecision({
+      ...base,
+      token: "propose:row-1.nonce",
+      decision: "apply",
+    });
+    expect(res.status).toBe(404);
+    expect(streamTextCalls).toHaveLength(0);
+  });
+
+  test("refuses (404) an unknown/forged token", async () => {
+    const { service } = makeService(verdict("ON_TOPIC"), undefined);
+    const res = await service.streamDecision({
+      ...base,
+      token: "propose:nope.nope",
+      decision: "apply",
+    });
+    expect(res.status).toBe(404);
+    expect(streamTextCalls).toHaveLength(0);
+  });
+});

package/src/chat/chat-service.test.ts

@@ -0,0 +1,250 @@
+import { describe, expect, test, mock } from "bun:test";
+import { z } from "zod";
+import type { AuthUser } from "@checkstack/backend-api";
+import type { RegisteredAiTool } from "../tool-registry";
+import type { ProposeApplyService } from "../propose-apply/service";
+import type { ChatReadInvoker } from "./read-invoker";
+import {
+  buildChatToolCallbacks,
+  type ChatRecordExecuted,
+} from "./chat-service";
+import { ToolBudgetExceededError } from "../rate-limit/tool-budget";
+
+const principal: AuthUser = {
+  type: "user",
+  id: "u1",
+  accessRules: ["incident.incident.read"],
+};
+
+const readTool: RegisteredAiTool = {
+  name: "incident.list",
+  description: "list",
+  effect: "read",
+  input: z.object({ status: z.string().optional() }),
+  requiredAccessRules: ["incident.incident.read"],
+  execute: () => Promise.resolve({ rows: [] }),
+};
+
+/**
+ * A COMPOSITE read tool (no projection routing) — like `ai.searchDocs` /
+ * `ai.getDoc`. It has no entry in `readRouting`, so `runRead` must invoke its
+ * own `execute` rather than re-entering the live router.
+ */
+const compositeReadTool: RegisteredAiTool = {
+  name: "ai.searchDocs",
+  description: "search docs",
+  effect: "read",
+  input: z.object({ query: z.string() }),
+  requiredAccessRules: ["ai.chat.read"],
+  execute: ({ input }) =>
+    Promise.resolve({ echoed: (input as { query: string }).query }),
+};
+
+/** A fake db whose count query resolves to `used`, simulating the budget read. */
+function budgetDb(used: number) {
+  const where = mock(() => Promise.resolve([{ value: used }]));
+  const from = mock(() => ({ where }));
+  const select = mock(() => ({ from }));
+  return { select } as never;
+}
+
+function deps(over?: {
+  used?: number;
+  invoke?: ChatReadInvoker["invoke"];
+  recordExecuted?: ChatRecordExecuted;
+}) {
+  const recorded: Array<{
+    transport: string;
+    toolName: string;
+    argsHash: string;
+    conversationId: string;
+  }> = [];
+  const readInvoker: ChatReadInvoker = {
+    invoke: over?.invoke ?? (() => Promise.resolve({ rows: [1, 2] })),
+  };
+  const recordExecuted: ChatRecordExecuted =
+    over?.recordExecuted ??
+    (async ({ toolName, argsHash, conversationId }) => {
+      recorded.push({ transport: "chat", toolName, argsHash, conversationId });
+    });
+  const proposeApply = {} as ProposeApplyService;
+  const readRouting = new Map([
+    ["incident.list", { pluginId: "incident", procedureKey: "listIncidents" }],
+  ]);
+  const callbacks = buildChatToolCallbacks({
+    proposeApply,
+    readInvoker,
+    recordExecuted,
+    readRouting,
+    db: budgetDb(over?.used ?? 0),
+    conversationId: "conv-1",
+    forwardHeaders: { cookie: "session=x" },
+    internalUrl: "http://localhost:3000",
+  });
+  return { callbacks, recorded };
+}
+
+describe("chat read auditing + budget (P4 review item 2)", () => {
+  test("a chat read writes an ai_tool_calls row with transport 'chat' + args hash", async () => {
+    const { callbacks, recorded } = deps();
+    const result = await callbacks.runRead({
+      principal,
+      tool: readTool,
+      input: { status: "open" },
+    });
+    expect(result).toEqual({ rows: [1, 2] });
+    // The read was audit-recorded so it lands in the log AND counts to budget.
+    expect(recorded).toHaveLength(1);
+    expect(recorded[0]?.transport).toBe("chat");
+    expect(recorded[0]?.toolName).toBe("incident.list");
+    expect(recorded[0]?.conversationId).toBe("conv-1");
+    // The args hash is a SHA-256 hex digest, never the raw args.
+    expect(recorded[0]?.argsHash).toMatch(/^[0-9a-f]{64}$/);
+  });
+
+  test("enforceBudget passes when under budget", async () => {
+    const { callbacks } = deps({ used: 0 });
+    await expect(callbacks.enforceBudget(principal)).resolves.toBeUndefined();
+  });
+
+  test("an over-budget chat read is rejected before it runs (budget counts chat reads)", async () => {
+    let invoked = false;
+    const { callbacks } = deps({
+      used: 999,
+      invoke: () => {
+        invoked = true;
+        return Promise.resolve({});
+      },
+    });
+    // The SDK tool calls enforceBudget BEFORE runRead; over budget -> throw.
+    await expect(callbacks.enforceBudget(principal)).rejects.toBeInstanceOf(
+      ToolBudgetExceededError,
+    );
+    expect(invoked).toBe(false);
+  });
+
+  test("a read whose recordExecuted fails still surfaces (recording is awaited, audit-critical)", async () => {
+    // The audit row is awaited because the budget depends on it; a recording
+    // failure must propagate rather than silently undercount.
+    const { callbacks } = deps({
+      recordExecuted: () => Promise.reject(new Error("db down")),
+    });
+    await expect(
+      callbacks.runRead({ principal, tool: readTool, input: {} }),
+    ).rejects.toThrow("db down");
+  });
+});
+
+describe("runRead composite-read fallback (searchDocs/getDoc path)", () => {
+  test("a routing-less read tool runs its own execute (NOT the router)", async () => {
+    // The readInvoker must NOT be touched for a composite tool; if it were, the
+    // routing-less tool would error "has no routing" in the pre-fallback code.
+    const invoke = mock(() => Promise.reject(new Error("router should not run")));
+    const { callbacks, recorded } = deps({ invoke });
+
+    const docPrincipal: AuthUser = {
+      type: "user",
+      id: "u1",
+      accessRules: ["ai.chat.read"],
+    };
+    const result = await callbacks.runRead({
+      principal: docPrincipal,
+      tool: compositeReadTool,
+      input: { query: "health checks" },
+    });
+
+    // The tool's own execute produced the result.
+    expect(result).toEqual({ echoed: "health checks" });
+    // The live-router invoker was never called (no routing entry).
+    expect(invoke).not.toHaveBeenCalled();
+    // The composite read is still audit-recorded (audit + budget count).
+    expect(recorded).toHaveLength(1);
+    expect(recorded[0]?.toolName).toBe("ai.searchDocs");
+    expect(recorded[0]?.transport).toBe("chat");
+  });
+});
+
+/** A mutate tool used to exercise the per-turn propose/auto-apply dedupe. */
+const mutateTool: RegisteredAiTool = {
+  name: "healthcheck.update",
+  description: "update a health check",
+  effect: "mutate",
+  input: z.object({
+    id: z.string(),
+    body: z.record(z.string(), z.unknown()),
+  }),
+  requiredAccessRules: ["healthcheck.healthcheck.manage"],
+  execute: () => Promise.resolve({ ok: true }),
+};
+
+/** Build callbacks wired to a propose-spy ProposeApplyService (no real store). */
+function dedupeCallbacks(proposeMock: ReturnType<typeof mock>) {
+  // Partial service stub: only `propose`/`apply` are exercised here (the same
+  // pattern the existing harness uses with `{} as ProposeApplyService`).
+  const proposeApply = {
+    propose: proposeMock,
+    apply: mock(() =>
+      Promise.resolve({ toolCallId: "row-1", result: { ok: true } }),
+    ),
+  } as unknown as ProposeApplyService;
+  return buildChatToolCallbacks({
+    proposeApply,
+    readInvoker: { invoke: () => Promise.resolve({}) },
+    recordExecuted: async () => {},
+    readRouting: new Map(),
+    db: budgetDb(0),
+    conversationId: "conv-1",
+    forwardHeaders: {},
+    internalUrl: "http://localhost:3000",
+  });
+}
+
+describe("per-turn mutating-tool dedupe (no triple proposals)", () => {
+  const proposal = {
+    token: "propose:row-1.nonce",
+    summary: "Update health check",
+    payload: { id: "hc1" },
+    diff: undefined,
+    toolCallId: "row-1",
+    expiresAt: new Date("2026-06-03T00:00:00Z"),
+  };
+
+  test("a repeated identical propose returns a duplicate, proposed only once", async () => {
+    const proposeMock = mock(() => Promise.resolve(proposal));
+    const callbacks = dedupeCallbacks(proposeMock);
+    const input = { id: "hc1", body: { intervalSeconds: 120 } };
+
+    const first = await callbacks.propose({ principal, tool: mutateTool, input });
+    const second = await callbacks.propose({ principal, tool: mutateTool, input });
+
+    // First call creates the real confirm card (with a token + a stop note).
+    expect("__confirm" in first && first.__confirm).toBe(true);
+    expect("token" in first).toBe(true);
+    if ("note" in first) expect(first.note.length).toBeGreaterThan(0);
+
+    // Second identical call is deduped: no card, no new token, a clear note.
+    expect("__duplicate" in second && second.__duplicate).toBe(true);
+    expect("token" in second).toBe(false);
+
+    // The single-use proposal token is minted exactly ONCE for the repeat.
+    expect(proposeMock).toHaveBeenCalledTimes(1);
+  });
+
+  test("a DIFFERENT propose in the same turn is NOT deduped", async () => {
+    const proposeMock = mock(() => Promise.resolve(proposal));
+    const callbacks = dedupeCallbacks(proposeMock);
+
+    await callbacks.propose({
+      principal,
+      tool: mutateTool,
+      input: { id: "hc1", body: { intervalSeconds: 120 } },
+    });
+    await callbacks.propose({
+      principal,
+      tool: mutateTool,
+      input: { id: "hc2", body: { intervalSeconds: 120 } },
+    });
+
+    expect(proposeMock).toHaveBeenCalledTimes(2);
+  });
+});