@desplega.ai/agent-swarm 1.74.4 → 1.76.0

package/src/tests/credential-status-routing.test.ts

@@ -0,0 +1,150 @@
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
+import { unlink } from "node:fs/promises";
+import {
+  closeDb,
+  createAgent,
+  getAgentById,
+  getIdleWorkersWithCapacity,
+  initDb,
+  updateAgentCredentialState,
+} from "../be/db";
+
+/**
+ * Phase 3 of the worker credential safe-loop plan
+ * (thoughts/taras/plans/2026-05-06-worker-credential-safe-loop.md).
+ *
+ * Verifies that:
+ *   - The migration applies cleanly to a fresh DB.
+ *   - `waiting_for_credentials` is a valid status enum value.
+ *   - `credentialMissing` round-trips through the helper + reader.
+ *   - `getIdleWorkersWithCapacity` (the dispatcher's read site) routes
+ *     around blocked workers — they're implicitly excluded by the
+ *     `status = 'idle'` predicate.
+ *   - `updateAgentCredentialState(ready=true)` transitions blocked → idle
+ *     and clears the missing list.
+ */
+
+const TEST_DB_PATH = "./test-credential-status-routing.sqlite";
+
+describe("Phase 3 — credential status routing", () => {
+  beforeAll(async () => {
+    try {
+      await unlink(TEST_DB_PATH);
+    } catch {
+      // first run
+    }
+    initDb(TEST_DB_PATH);
+  });
+
+  afterAll(async () => {
+    closeDb();
+    try {
+      await unlink(TEST_DB_PATH);
+      await unlink(`${TEST_DB_PATH}-wal`);
+      await unlink(`${TEST_DB_PATH}-shm`);
+    } catch {
+      // best-effort
+    }
+  });
+
+  test("migration applies on fresh DB — waiting_for_credentials enum + credentialMissing column exist", () => {
+    // The fact that initDb succeeded above means migrations applied. Now
+    // verify we can actually create an agent and persist the new state
+    // without hitting the old CHECK constraint.
+    const agent = createAgent({
+      name: "routing-blocked",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+      maxTasks: 1,
+    });
+
+    const updated = updateAgentCredentialState(agent.id, false, [
+      "CLAUDE_CODE_OAUTH_TOKEN",
+      "ANTHROPIC_API_KEY",
+    ]);
+    expect(updated).not.toBeNull();
+    expect(updated!.status).toBe("waiting_for_credentials");
+    expect(updated!.credentialMissing).toEqual(["CLAUDE_CODE_OAUTH_TOKEN", "ANTHROPIC_API_KEY"]);
+
+    // Read-back through getAgentById should preserve the JSON parse.
+    const refetched = getAgentById(agent.id);
+    expect(refetched!.status).toBe("waiting_for_credentials");
+    expect(refetched!.credentialMissing).toEqual(["CLAUDE_CODE_OAUTH_TOKEN", "ANTHROPIC_API_KEY"]);
+  });
+
+  test("dispatcher routes around blocked workers — getIdleWorkersWithCapacity skips them", () => {
+    // Sanity: clear DB state by creating fresh agents in this test.
+    const ready = createAgent({
+      name: "routing-ready",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+      maxTasks: 5,
+    });
+    const blocked = createAgent({
+      name: "routing-blocked-2",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+      maxTasks: 5,
+    });
+    updateAgentCredentialState(blocked.id, false, ["DEVIN_API_KEY"]);
+
+    const idleWorkers = getIdleWorkersWithCapacity();
+    const idleIds = idleWorkers.map((a) => a.id);
+    expect(idleIds).toContain(ready.id);
+    expect(idleIds).not.toContain(blocked.id);
+  });
+
+  test("transition waiting → idle: dispatcher picks the agent up again", () => {
+    const agent = createAgent({
+      name: "routing-recovery",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+      maxTasks: 5,
+    });
+
+    // Park the agent.
+    updateAgentCredentialState(agent.id, false, ["OPENAI_API_KEY"]);
+    expect(getIdleWorkersWithCapacity().some((a) => a.id === agent.id)).toBe(false);
+
+    // Simulate creds arriving.
+    const recovered = updateAgentCredentialState(agent.id, true, null);
+    expect(recovered!.status).toBe("idle");
+    expect(recovered!.credentialMissing).toBeNull();
+
+    // Dispatcher should now pick the agent up.
+    expect(getIdleWorkersWithCapacity().some((a) => a.id === agent.id)).toBe(true);
+  });
+
+  test("ready=true clears any prior missing list even if missing[] is provided", () => {
+    const agent = createAgent({
+      name: "routing-clear",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+      maxTasks: 1,
+    });
+
+    updateAgentCredentialState(agent.id, false, ["X", "Y"]);
+    // Even if a caller passes a non-null `missing` with `ready=true`, the helper
+    // canonicalises to NULL so the dashboard doesn't render a stale list.
+    const cleared = updateAgentCredentialState(agent.id, true, ["X"]);
+    expect(cleared!.status).toBe("idle");
+    expect(cleared!.credentialMissing).toBeNull();
+  });
+
+  test("isLead agents are not eligible (predicate also filters isLead = 0)", () => {
+    const lead = createAgent({
+      name: "routing-lead",
+      isLead: true,
+      status: "idle",
+      capabilities: [],
+      maxTasks: 1,
+    });
+
+    expect(getIdleWorkersWithCapacity().some((a) => a.id === lead.id)).toBe(false);
+  });
+});

package/src/tests/credential-wait.test.ts

@@ -0,0 +1,282 @@
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { awaitCredentials, BootMaxWaitExceededError } from "../commands/credential-wait";
+
+/**
+ * Capture-only logger so test output stays clean and we can assert on
+ * specific lines emitted by the loop.
+ */
+function makeLogger() {
+  const lines: string[] = [];
+  return {
+    fn: (line: string) => lines.push(line),
+    lines,
+  };
+}
+
+/** Track every sleep duration the loop requests so we can assert on backoff. */
+function makeSleeper() {
+  const calls: number[] = [];
+  return {
+    fn: (ms: number) => {
+      calls.push(ms);
+      return Promise.resolve();
+    },
+    calls,
+  };
+}
+
+/** Save and restore env vars touched by the loop. */
+function withEnv(snapshot: Record<string, string | undefined>) {
+  const previous: Record<string, string | undefined> = {};
+  for (const k of Object.keys(snapshot)) previous[k] = process.env[k];
+  return () => {
+    for (const k of Object.keys(snapshot)) {
+      if (previous[k] === undefined) delete process.env[k];
+      else process.env[k] = previous[k]!;
+    }
+  };
+}
+
+describe("awaitCredentials", () => {
+  let restore: () => void = () => {};
+
+  beforeEach(() => {
+    // Wipe any harness creds the test runner might inherit so the loop
+    // starts in the "blocked" state for tests that expect it.
+    restore = withEnv({
+      CLAUDE_CODE_OAUTH_TOKEN: undefined,
+      ANTHROPIC_API_KEY: undefined,
+      OPENAI_API_KEY: undefined,
+      OPENROUTER_API_KEY: undefined,
+      CODEX_OAUTH: undefined,
+      DEVIN_API_KEY: undefined,
+      DEVIN_ORG_ID: undefined,
+    });
+    delete process.env.CLAUDE_CODE_OAUTH_TOKEN;
+    delete process.env.ANTHROPIC_API_KEY;
+    delete process.env.OPENAI_API_KEY;
+    delete process.env.OPENROUTER_API_KEY;
+    delete process.env.CODEX_OAUTH;
+    delete process.env.DEVIN_API_KEY;
+    delete process.env.DEVIN_ORG_ID;
+  });
+
+  afterEach(() => {
+    restore();
+  });
+
+  test("immediate-return when creds are already present", async () => {
+    const log = makeLogger();
+    const sleeper = makeSleeper();
+    let refreshCalls = 0;
+
+    const status = await awaitCredentials({
+      provider: "claude",
+      initialEnv: { CLAUDE_CODE_OAUTH_TOKEN: "tok" },
+      refreshEnv: async () => {
+        refreshCalls += 1;
+        return {};
+      },
+      sleep: sleeper.fn,
+      log: log.fn,
+    });
+
+    expect(status.ready).toBe(true);
+    expect(refreshCalls).toBe(0);
+    expect(sleeper.calls.length).toBe(0);
+    expect(log.lines.some((l) => l.startsWith("[boot] credentials ready"))).toBe(true);
+  });
+
+  test("loops until refreshEnv yields a valid credential", async () => {
+    const log = makeLogger();
+    const sleeper = makeSleeper();
+    const ticks: Array<{ ready: boolean; missing: string[]; attempt: number }> = [];
+
+    let callCount = 0;
+    const status = await awaitCredentials({
+      provider: "claude",
+      initialEnv: {}, // empty
+      refreshEnv: async () => {
+        callCount += 1;
+        // First two refreshes return nothing; third yields the token.
+        if (callCount < 3) return {};
+        return { CLAUDE_CODE_OAUTH_TOKEN: "tok" };
+      },
+      sleep: sleeper.fn,
+      log: log.fn,
+      onTick: (s, attempt) => ticks.push({ ready: s.ready, missing: [...s.missing], attempt }),
+      backoff: { initialMs: 100, maxMs: 1000, maxWaitSeconds: 0 },
+    });
+
+    expect(status.ready).toBe(true);
+    expect(callCount).toBe(3);
+    // Backoff sequence should have doubled until cap: 100ms, 200ms, 400ms.
+    expect(sleeper.calls).toEqual([100, 200, 400]);
+    // onTick fires per iteration (3 waiting ticks + 1 final ready tick).
+    expect(ticks.length).toBe(4);
+    expect(ticks[0]!.ready).toBe(false);
+    expect(ticks[ticks.length - 1]!.ready).toBe(true);
+  });
+
+  test("backoff caps at maxMs", async () => {
+    const log = makeLogger();
+    const sleeper = makeSleeper();
+
+    let callCount = 0;
+    await awaitCredentials({
+      provider: "claude",
+      initialEnv: {},
+      refreshEnv: async () => {
+        callCount += 1;
+        // Resolve only after 6 iterations.
+        if (callCount < 6) return {};
+        return { CLAUDE_CODE_OAUTH_TOKEN: "tok" };
+      },
+      sleep: sleeper.fn,
+      log: log.fn,
+      backoff: { initialMs: 100, maxMs: 500, maxWaitSeconds: 0 },
+    });
+
+    // 100, 200, 400, then capped at 500 forever.
+    expect(sleeper.calls).toEqual([100, 200, 400, 500, 500, 500]);
+  });
+
+  test("BOOT_MAX_WAIT_SECONDS throws BootMaxWaitExceededError when exceeded", async () => {
+    const log = makeLogger();
+    let fakeNow = 0;
+
+    await expect(
+      awaitCredentials({
+        provider: "claude",
+        initialEnv: {},
+        refreshEnv: async () => ({}), // never resolves
+        sleep: async (ms) => {
+          fakeNow += ms;
+        },
+        now: () => fakeNow,
+        log: log.fn,
+        backoff: { initialMs: 1000, maxMs: 1000, maxWaitSeconds: 5 },
+      }),
+    ).rejects.toBeInstanceOf(BootMaxWaitExceededError);
+  });
+
+  test("onTick errors are non-fatal", async () => {
+    const log = makeLogger();
+    const sleeper = makeSleeper();
+
+    let onTickCalls = 0;
+    let refreshCalls = 0;
+    const status = await awaitCredentials({
+      provider: "claude",
+      initialEnv: {},
+      refreshEnv: async () => {
+        refreshCalls += 1;
+        return refreshCalls >= 1 ? { CLAUDE_CODE_OAUTH_TOKEN: "tok" } : {};
+      },
+      sleep: sleeper.fn,
+      log: log.fn,
+      onTick: () => {
+        onTickCalls += 1;
+        throw new Error("status report failed");
+      },
+      backoff: { initialMs: 1, maxMs: 1, maxWaitSeconds: 0 },
+    });
+
+    expect(status.ready).toBe(true);
+    expect(onTickCalls).toBe(2); // one waiting tick + one final ready tick
+    expect(log.lines.some((l) => l.includes("onTick error"))).toBe(true);
+  });
+
+  test("refreshEnv errors are non-fatal — loop continues to next tick", async () => {
+    const log = makeLogger();
+    const sleeper = makeSleeper();
+
+    let refreshCalls = 0;
+    const status = await awaitCredentials({
+      provider: "claude",
+      initialEnv: {},
+      refreshEnv: async () => {
+        refreshCalls += 1;
+        if (refreshCalls === 1) throw new Error("network blip");
+        return { CLAUDE_CODE_OAUTH_TOKEN: "tok" };
+      },
+      sleep: sleeper.fn,
+      log: log.fn,
+      backoff: { initialMs: 1, maxMs: 1, maxWaitSeconds: 0 },
+    });
+
+    expect(status.ready).toBe(true);
+    expect(refreshCalls).toBe(2);
+    expect(log.lines.some((l) => l.includes("env refresh failed"))).toBe(true);
+  });
+
+  test("merges refreshed env into process.env", async () => {
+    const log = makeLogger();
+    delete process.env.CLAUDE_CODE_OAUTH_TOKEN;
+
+    const status = await awaitCredentials({
+      provider: "claude",
+      initialEnv: {},
+      refreshEnv: async () => ({ CLAUDE_CODE_OAUTH_TOKEN: "fresh-tok" }),
+      sleep: async () => {},
+      log: log.fn,
+      backoff: { initialMs: 1, maxMs: 1, maxWaitSeconds: 0 },
+    });
+
+    expect(status.ready).toBe(true);
+    // After the loop returns ready, process.env reflects the fresh value.
+    expect(process.env.CLAUDE_CODE_OAUTH_TOKEN).toBe("fresh-tok");
+  });
+
+  test("backoff config falls back to env-var defaults when override absent", async () => {
+    const log = makeLogger();
+    const sleeper = makeSleeper();
+
+    process.env.BOOT_INITIAL_BACKOFF_MS = "50";
+    process.env.BOOT_MAX_BACKOFF_MS = "100";
+
+    let callCount = 0;
+    await awaitCredentials({
+      provider: "claude",
+      initialEnv: { BOOT_INITIAL_BACKOFF_MS: "50", BOOT_MAX_BACKOFF_MS: "100" },
+      refreshEnv: async () => {
+        callCount += 1;
+        return callCount >= 4 ? { CLAUDE_CODE_OAUTH_TOKEN: "tok" } : {};
+      },
+      sleep: sleeper.fn,
+      log: log.fn,
+    });
+
+    // 50, 100 (capped), 100, 100.
+    expect(sleeper.calls).toEqual([50, 100, 100, 100]);
+
+    delete process.env.BOOT_INITIAL_BACKOFF_MS;
+    delete process.env.BOOT_MAX_BACKOFF_MS;
+  });
+
+  test("forwards CredCheckOptions for file-based providers", async () => {
+    const log = makeLogger();
+    const probedPaths: string[] = [];
+
+    const status = await awaitCredentials({
+      provider: "codex",
+      initialEnv: { HOME: "/home/worker" },
+      refreshEnv: async () => ({}),
+      sleep: async () => {},
+      log: log.fn,
+      backoff: { initialMs: 1, maxMs: 1, maxWaitSeconds: 0 },
+      credCheckOptions: {
+        homeDir: "/home/worker",
+        fs: {
+          existsSync: (p: string) => {
+            probedPaths.push(p);
+            return p === "/home/worker/.codex/auth.json";
+          },
+        },
+      },
+    });
+
+    expect(status.ready).toBe(true);
+    expect(probedPaths).toContain("/home/worker/.codex/auth.json");
+  });
+});

package/src/tests/harness-provider-resolution.test.ts

@@ -0,0 +1,242 @@
+/**
+ * Coverage for the swarm_config-overrides-HARNESS_PROVIDER work:
+ *
+ *   - `resolveHarnessProvider` precedence (resolvedEnv > fallbackEnv > "claude")
+ *     and invalid-value fallback.
+ *   - `validateConfigValue` rejects unknown providers (used by HTTP +
+ *     MCP write paths).
+ *   - `getResolvedConfig` honours scope precedence (repo > agent > global)
+ *     for HARNESS_PROVIDER, mirroring how MODEL_OVERRIDE already works.
+ *   - End-to-end through `PUT /api/config`: a typo'd HARNESS_PROVIDER is
+ *     rejected with 400 instead of being silently stored.
+ */
+
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
+import { unlink } from "node:fs/promises";
+import { createServer as createHttpServer, type Server } from "node:http";
+import {
+  closeDb,
+  createAgent,
+  getDb,
+  getResolvedConfig,
+  initDb,
+  upsertSwarmConfig,
+} from "../be/db";
+import { validateConfigValue } from "../be/swarm-config-guard";
+import { handleConfig } from "../http/config";
+import { resolveHarnessProvider } from "../utils/harness-provider";
+
+const TEST_DB_PATH = "./test-harness-provider-resolution.sqlite";
+const TEST_PORT = 13061;
+
+async function removeDbFiles(path: string): Promise<void> {
+  for (const suffix of ["", "-wal", "-shm"]) {
+    try {
+      await unlink(path + suffix);
+    } catch (error) {
+      if ((error as NodeJS.ErrnoException).code !== "ENOENT") throw error;
+    }
+  }
+}
+
+function makeTestServer(): Server {
+  return createHttpServer(async (req, res) => {
+    const url = new URL(req.url ?? "/", `http://localhost:${TEST_PORT}`);
+    const pathSegments = url.pathname.split("/").filter(Boolean);
+    const queryParams = url.searchParams;
+    try {
+      if (await handleConfig(req, res, pathSegments, queryParams)) return;
+    } catch (err) {
+      res.writeHead(500, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: (err as Error).message }));
+      return;
+    }
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ error: "Not found" }));
+  });
+}
+
+let server: Server;
+const baseUrl = `http://localhost:${TEST_PORT}`;
+
+beforeAll(async () => {
+  await removeDbFiles(TEST_DB_PATH);
+  initDb(TEST_DB_PATH);
+  server = makeTestServer();
+  await new Promise<void>((resolve) => {
+    server.listen(TEST_PORT, () => resolve());
+  });
+});
+
+afterAll(async () => {
+  await new Promise<void>((resolve) => {
+    server.close(() => resolve());
+  });
+  closeDb();
+  await removeDbFiles(TEST_DB_PATH);
+});
+
+beforeEach(() => {
+  getDb().prepare("DELETE FROM swarm_config").run();
+  getDb().prepare("DELETE FROM agents").run();
+});
+
+// ─── resolveHarnessProvider ──────────────────────────────────────────────────
+
+describe("resolveHarnessProvider", () => {
+  test("returns 'claude' when neither env has HARNESS_PROVIDER", () => {
+    expect(resolveHarnessProvider({}, {})).toBe("claude");
+  });
+
+  test("returns the value from resolvedEnv (swarm_config overlay) when present", () => {
+    expect(
+      resolveHarnessProvider({ HARNESS_PROVIDER: "codex" }, { HARNESS_PROVIDER: "claude" }),
+    ).toBe("codex");
+  });
+
+  test("falls back to fallbackEnv when resolvedEnv lacks the key", () => {
+    expect(resolveHarnessProvider({}, { HARNESS_PROVIDER: "pi" })).toBe("pi");
+  });
+
+  test("ignores empty string in resolvedEnv and falls back", () => {
+    expect(resolveHarnessProvider({ HARNESS_PROVIDER: "  " }, { HARNESS_PROVIDER: "codex" })).toBe(
+      "codex",
+    );
+  });
+
+  test("invalid value falls back to 'claude' (does not throw)", () => {
+    expect(resolveHarnessProvider({ HARNESS_PROVIDER: "not-a-provider" }, {})).toBe("claude");
+  });
+
+  test("trims whitespace before validating", () => {
+    expect(resolveHarnessProvider({ HARNESS_PROVIDER: "  codex  " }, {})).toBe("codex");
+  });
+});
+
+// ─── validateConfigValue ─────────────────────────────────────────────────────
+
+describe("validateConfigValue", () => {
+  test("returns null for keys without a validator", () => {
+    expect(validateConfigValue("FOO_BAR", "anything")).toBeNull();
+    expect(validateConfigValue("MODEL_OVERRIDE", "sonnet")).toBeNull();
+  });
+
+  test("accepts a valid HARNESS_PROVIDER", () => {
+    expect(validateConfigValue("HARNESS_PROVIDER", "codex")).toBeNull();
+    expect(validateConfigValue("harness_provider", "claude")).toBeNull(); // case-insensitive
+  });
+
+  test("rejects an unknown HARNESS_PROVIDER with a helpful error", () => {
+    const err = validateConfigValue("HARNESS_PROVIDER", "claude-cod");
+    expect(err).not.toBeNull();
+    expect(err).toMatch(/HARNESS_PROVIDER/);
+    expect(err).toMatch(/claude/);
+    expect(err).toMatch(/codex/);
+  });
+
+  test("rejects non-string values for HARNESS_PROVIDER", () => {
+    expect(validateConfigValue("HARNESS_PROVIDER", 42)).not.toBeNull();
+    expect(validateConfigValue("HARNESS_PROVIDER", null)).not.toBeNull();
+  });
+});
+
+// ─── getResolvedConfig — scope precedence for HARNESS_PROVIDER ───────────────
+
+describe("getResolvedConfig precedence for HARNESS_PROVIDER", () => {
+  test("agent scope wins over global scope", () => {
+    const a = createAgent({
+      name: "scope-test-1",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+    });
+
+    upsertSwarmConfig({ scope: "global", key: "HARNESS_PROVIDER", value: "claude" });
+    upsertSwarmConfig({
+      scope: "agent",
+      scopeId: a.id,
+      key: "HARNESS_PROVIDER",
+      value: "codex",
+    });
+
+    const resolved = getResolvedConfig(a.id);
+    const harness = resolved.find((c) => c.key === "HARNESS_PROVIDER");
+    expect(harness?.value).toBe("codex");
+  });
+
+  test("global scope applies when no agent-scoped row exists", () => {
+    const a = createAgent({
+      name: "scope-test-2",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+    });
+
+    upsertSwarmConfig({ scope: "global", key: "HARNESS_PROVIDER", value: "pi" });
+
+    const resolved = getResolvedConfig(a.id);
+    const harness = resolved.find((c) => c.key === "HARNESS_PROVIDER");
+    expect(harness?.value).toBe("pi");
+  });
+
+  test("nothing resolved when no rows exist (env fallback handled by runner)", () => {
+    const resolved = getResolvedConfig("agent-nonexistent");
+    expect(resolved.find((c) => c.key === "HARNESS_PROVIDER")).toBeUndefined();
+  });
+});
+
+// ─── PUT /api/config — guard rejects invalid HARNESS_PROVIDER ────────────────
+
+describe("PUT /api/config rejects invalid HARNESS_PROVIDER", () => {
+  test("400 when value is not in ProviderNameSchema", async () => {
+    const res = await fetch(`${baseUrl}/api/config`, {
+      method: "PUT",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        scope: "global",
+        key: "HARNESS_PROVIDER",
+        value: "not-a-real-provider",
+      }),
+    });
+    expect(res.status).toBe(400);
+    const body = (await res.json()) as { error: string };
+    expect(body.error).toMatch(/HARNESS_PROVIDER/);
+  });
+
+  test("200 for a valid value, persists row", async () => {
+    const res = await fetch(`${baseUrl}/api/config`, {
+      method: "PUT",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        scope: "global",
+        key: "HARNESS_PROVIDER",
+        value: "codex",
+      }),
+    });
+    expect(res.status).toBe(200);
+
+    const rows = getResolvedConfig();
+    const harness = rows.find((c) => c.key === "HARNESS_PROVIDER");
+    expect(harness?.value).toBe("codex");
+  });
+
+  test("400 still rejects via PUT when scope=agent", async () => {
+    const a = createAgent({
+      name: "scope-test-3",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+    });
+    const res = await fetch(`${baseUrl}/api/config`, {
+      method: "PUT",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        scope: "agent",
+        scopeId: a.id,
+        key: "HARNESS_PROVIDER",
+        value: "claude-codex",
+      }),
+    });
+    expect(res.status).toBe(400);
+  });
+});

package/src/tests/jira-sync.test.ts

@@ -1,4 +1,4 @@
-import { afterAll, beforeAll, beforeEach, describe, expect, mock, test } from "bun:test";
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
 import { unlink } from "node:fs/promises";
 import { closeDb, completeTask, createAgent, getDb, getTaskById, initDb } from "../be/db";
 import { upsertOAuthApp } from "../be/db-queries/oauth";