@desplega.ai/agent-swarm 1.80.0 → 1.80.2

package/src/tests/api-key.test.ts

@@ -0,0 +1,33 @@
+import { describe, expect, test } from "bun:test";
+import { getApiKey, setApiKey } from "../utils/api-key";
+
+describe("getApiKey", () => {
+  test("returns empty string when neither var is set", () => {
+    expect(getApiKey({})).toBe("");
+  });
+
+  test("returns API_KEY when only legacy var is set", () => {
+    expect(getApiKey({ API_KEY: "legacy" })).toBe("legacy");
+  });
+
+  test("returns AGENT_SWARM_API_KEY when only preferred var is set", () => {
+    expect(getApiKey({ AGENT_SWARM_API_KEY: "preferred" })).toBe("preferred");
+  });
+
+  test("prefers AGENT_SWARM_API_KEY over API_KEY when both set", () => {
+    expect(getApiKey({ AGENT_SWARM_API_KEY: "preferred", API_KEY: "legacy" })).toBe("preferred");
+  });
+
+  test("falls back to API_KEY if AGENT_SWARM_API_KEY is undefined", () => {
+    expect(getApiKey({ AGENT_SWARM_API_KEY: undefined, API_KEY: "x" })).toBe("x");
+  });
+});
+
+describe("setApiKey", () => {
+  test("populates both env var names", () => {
+    const env: Record<string, string | undefined> = {};
+    setApiKey("k", env);
+    expect(env.AGENT_SWARM_API_KEY).toBe("k");
+    expect(env.API_KEY).toBe("k");
+  });
+});

package/src/tests/codex-login.test.ts

@@ -70,7 +70,7 @@ describe("resolveCodexLoginConfig", () => {
     expect(promptSecret).toHaveBeenCalledWith(
       "Swarm API key",
       "env-secret",
-      "Press Enter to use API_KEY from the environment",
+      "Press Enter to use AGENT_SWARM_API_KEY/API_KEY from the environment",
     );
   });
 

package/src/tests/error-tracker.test.ts

@@ -6,6 +6,38 @@ import {
   trackErrorFromJson,
 } from "../utils/error-tracker";
 
+describe("SessionErrorTracker — getRateLimitResetAt", () => {
+  test("returns undefined when no rate_limit_event was processed", () => {
+    const tracker = new SessionErrorTracker();
+    expect(tracker.getRateLimitResetAt()).toBeUndefined();
+  });
+
+  test("returns ISO string after a rejected rate_limit_event", () => {
+    const tracker = new SessionErrorTracker();
+    const futureResetsAtSec = Math.floor(Date.now() / 1000) + 3600;
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: futureResetsAtSec },
+    });
+    const result = tracker.getRateLimitResetAt();
+    expect(result).toBeDefined();
+    expect(() => new Date(result!).toISOString()).not.toThrow();
+  });
+
+  test("returns undefined after only allowed/allowed_warning events", () => {
+    const tracker = new SessionErrorTracker();
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "allowed", resetsAt: 1779202200 },
+    });
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "allowed_warning", resetsAt: 1779202200 },
+    });
+    expect(tracker.getRateLimitResetAt()).toBeUndefined();
+  });
+});
+
 describe("SessionErrorTracker", () => {
   test("hasErrors returns false when no errors tracked", () => {
     const tracker = new SessionErrorTracker();
@@ -263,6 +295,18 @@ describe("trackErrorFromJson", () => {
     trackErrorFromJson({ type: "content_block_delta", delta: {} }, tracker);
     expect(tracker.hasErrors()).toBe(false);
   });
+
+  test("rate_limit_event is not treated as an error signal", () => {
+    const tracker = new SessionErrorTracker();
+    trackErrorFromJson(
+      {
+        type: "rate_limit_event",
+        rate_limit_info: { status: "rejected", resetsAt: 1779202200 },
+      },
+      tracker,
+    );
+    expect(tracker.hasErrors()).toBe(false);
+  });
 });
 
 describe("parseStderrForErrors", () => {

package/src/tests/linear-outbound-sync.test.ts

@@ -3,6 +3,7 @@ import { unlink } from "node:fs/promises";
 import { closeDb, initDb } from "../be/db";
 import { createTrackerSync, getTrackerSync, updateTrackerSync } from "../be/db-queries/tracker";
 import { initLinearOutboundSync, teardownLinearOutboundSync } from "../linear/outbound";
+import { taskSessionMap } from "../linear/sync";
 import { workflowEventBus } from "../workflows/event-bus";
 
 const TEST_DB_PATH = "./test-linear-outbound-sync.sqlite";
@@ -17,6 +18,19 @@ mock.module("../linear/client", () => ({
   resetLinearClient: () => {},
 }));
 
+// Mock the AgentSession helpers in linear/sync so we can assert which activity type
+// the outbound handlers post (`action` vs `thought` vs `response`/`error`).
+const mockPostAgentSessionThought = mock(() => Promise.resolve());
+const mockPostAgentSessionAction = mock(() => Promise.resolve());
+const mockEndAgentSession = mock(() => Promise.resolve());
+
+mock.module("../linear/sync", () => ({
+  postAgentSessionThought: mockPostAgentSessionThought,
+  postAgentSessionAction: mockPostAgentSessionAction,
+  endAgentSession: mockEndAgentSession,
+  taskSessionMap,
+}));
+
 beforeAll(() => {
   initDb(TEST_DB_PATH);
 });
@@ -31,11 +45,16 @@ afterAll(async () => {
 describe("Linear Outbound Sync", () => {
   beforeEach(() => {
     mockCreateComment.mockClear();
+    mockPostAgentSessionThought.mockClear();
+    mockPostAgentSessionAction.mockClear();
+    mockEndAgentSession.mockClear();
+    taskSessionMap.clear();
     initLinearOutboundSync();
   });
 
   afterEach(() => {
     teardownLinearOutboundSync();
+    taskSessionMap.clear();
   });
 
   test("task.completed posts comment to Linear when mapping exists", async () => {
@@ -177,6 +196,96 @@ describe("Linear Outbound Sync", () => {
     expect(mockCreateComment).toHaveBeenCalledTimes(1);
   });
 
+  test("task.progress posts an action activity with both action AND parameter when sessionId is mapped", async () => {
+    const taskId = "outbound-task-progress";
+    taskSessionMap.set(taskId, "linear-session-123");
+
+    workflowEventBus.emit("task.progress", {
+      taskId,
+      progress: "📋 Reviewing task details",
+    });
+
+    await new Promise((resolve) => setTimeout(resolve, 10));
+
+    // Posts as `action` so the update renders as a structured card in Linear's AgentSession
+    // panel. Linear's spec requires BOTH `action` AND `parameter` for action-type activities;
+    // the original bug was calling postAgentSessionAction with only a single string (parameter
+    // undefined), which Linear silently rejected.
+    expect(mockPostAgentSessionAction).toHaveBeenCalledTimes(1);
+    expect(mockPostAgentSessionThought).not.toHaveBeenCalled();
+
+    const args = mockPostAgentSessionAction.mock.calls[0] as unknown[];
+    expect(args[0]).toBe("linear-session-123");
+    // Both action label and parameter must be present and non-empty
+    expect(typeof args[1]).toBe("string");
+    expect((args[1] as string).length).toBeGreaterThan(0);
+    expect(typeof args[2]).toBe("string");
+    expect((args[2] as string).length).toBeGreaterThan(0);
+    // Parameter carries the actual progress text
+    expect(args[2] as string).toBe("📋 Reviewing task details");
+  });
+
+  test("task.progress slices long progress strings into the parameter (cap at 2000)", async () => {
+    const taskId = "outbound-task-progress-long";
+    taskSessionMap.set(taskId, "linear-session-long");
+
+    const longProgress = "x".repeat(5000);
+    workflowEventBus.emit("task.progress", { taskId, progress: longProgress });
+
+    await new Promise((resolve) => setTimeout(resolve, 10));
+
+    expect(mockPostAgentSessionAction).toHaveBeenCalledTimes(1);
+    const args = mockPostAgentSessionAction.mock.calls[0] as unknown[];
+    expect((args[2] as string).length).toBe(2000);
+  });
+
+  test("task.progress is a no-op when no sessionId is mapped for the task", async () => {
+    workflowEventBus.emit("task.progress", {
+      taskId: "outbound-task-progress-no-session",
+      progress: "should be dropped",
+    });
+
+    await new Promise((resolve) => setTimeout(resolve, 10));
+
+    expect(mockPostAgentSessionThought).not.toHaveBeenCalled();
+    expect(mockPostAgentSessionAction).not.toHaveBeenCalled();
+  });
+
+  test("task.progress is a no-op when progress string is missing", async () => {
+    taskSessionMap.set("outbound-task-progress-empty", "linear-session-empty");
+
+    workflowEventBus.emit("task.progress", {
+      taskId: "outbound-task-progress-empty",
+    });
+
+    await new Promise((resolve) => setTimeout(resolve, 10));
+
+    expect(mockPostAgentSessionThought).not.toHaveBeenCalled();
+    expect(mockPostAgentSessionAction).not.toHaveBeenCalled();
+  });
+
+  test("task.created for Linear-sourced tasks still posts an action activity (with parameter)", async () => {
+    const taskId = "outbound-task-created-linear";
+    taskSessionMap.set(taskId, "linear-session-created");
+
+    workflowEventBus.emit("task.created", {
+      taskId,
+      source: "linear",
+    });
+
+    await new Promise((resolve) => setTimeout(resolve, 10));
+
+    expect(mockPostAgentSessionAction).toHaveBeenCalledTimes(1);
+    expect(mockPostAgentSessionThought).not.toHaveBeenCalled();
+
+    const args = mockPostAgentSessionAction.mock.calls[0] as unknown[];
+    expect(args[0]).toBe("linear-session-created");
+    expect(args[1]).toBe("Processing");
+    // parameter (3rd positional arg) must be present for `action` activities to be valid
+    expect(typeof args[2]).toBe("string");
+    expect(args[2] as string).toContain(taskId);
+  });
+
   test("teardown removes event listeners", async () => {
     teardownLinearOutboundSync();
 

package/src/tests/mcp-tools.test.ts

@@ -0,0 +1,69 @@
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
+import { unlink } from "node:fs/promises";
+import { closeDb } from "../be/db";
+import { createServer } from "../server";
+
+const TEST_DB_PATH = "./test-mcp-tools.sqlite";
+
+type RegisteredTool = {
+  title?: string;
+  description?: string;
+  inputSchema?: unknown;
+  outputSchema?: unknown;
+  annotations?: Record<string, unknown>;
+};
+
+async function removeDbFiles(path: string): Promise<void> {
+  for (const suffix of ["", "-wal", "-shm"]) {
+    try {
+      await unlink(path + suffix);
+    } catch (error) {
+      if ((error as NodeJS.ErrnoException).code !== "ENOENT") throw error;
+    }
+  }
+}
+
+describe("script MCP tools", () => {
+  let tools: Record<string, RegisteredTool>;
+  let savedDatabasePath: string | undefined;
+
+  beforeAll(async () => {
+    savedDatabasePath = process.env.DATABASE_PATH;
+    process.env.DATABASE_PATH = TEST_DB_PATH;
+    await removeDbFiles(TEST_DB_PATH);
+    const server = createServer();
+    tools = (server as unknown as { _registeredTools: Record<string, RegisteredTool> })
+      ._registeredTools;
+  });
+
+  afterAll(async () => {
+    closeDb();
+    if (savedDatabasePath === undefined) delete process.env.DATABASE_PATH;
+    else process.env.DATABASE_PATH = savedDatabasePath;
+    await removeDbFiles(TEST_DB_PATH);
+  });
+
+  test("registers all script tools with schemas and documented descriptions", () => {
+    const expected = {
+      "script-search":
+        "Semantic search over swarm-shared TypeScript scripts (catalog persisted in the agent-swarm DB; callable from agents and workflows). For ephemeral throwaway TS on your local machine, use code-mode instead.",
+      "script-run":
+        "Run a named swarm-shared script (callable across agents and from workflow `swarm-script` nodes), OR inline source (auto-saved as scratch to the catalog). Use for swarm-visible, durable scripts. For local-only throwaway TS, use code-mode `run`.",
+      "script-upsert":
+        "Persist a TypeScript script to the swarm catalog under your agent scope (or global if you're a lead). Other agents and workflow nodes will be able to find and run it. For local-only scripts, use code-mode `save`.",
+      "script-delete":
+        "Remove a swarm-shared script from the catalog. Versions table preserves history.",
+      "script-query-types":
+        "Fetch the signature + the auto-generated `swarm-sdk.d.ts` (derived from the live MCP tool registry) + the `stdlib.d.ts` blobs — for IDE-style introspection before authoring or running a script. The same types are used by `script-upsert`'s typecheck pass, so they are authoritative.",
+    };
+
+    for (const [name, description] of Object.entries(expected)) {
+      expect(tools[name]).toBeDefined();
+      expect(tools[name].title).toBeTruthy();
+      expect(tools[name].description).toBe(description);
+      expect(tools[name].inputSchema).toBeTruthy();
+      expect(tools[name].outputSchema).toBeTruthy();
+      expect(tools[name].annotations).toBeTruthy();
+    }
+  });
+});

package/src/tests/rate-limit-event.test.ts

@@ -0,0 +1,292 @@
+import { describe, expect, test } from "bun:test";
+import { SessionErrorTracker, trackErrorFromJson } from "../utils/error-tracker";
+
+// Verbatim fixture from Linear CAI-1279 (session logs for task b7fbbdb9-4922-41d9-88ec-21febd6c4fec)
+const FIXTURE_REJECTED = {
+  type: "rate_limit_event",
+  rate_limit_info: {
+    status: "rejected",
+    resetsAt: 1779202200, // seconds since epoch — 2026-05-19T14:50:00Z
+    rateLimitType: "five_hour",
+    overageStatus: "rejected",
+    overageDisabledReason: "group_zero_credit_limit",
+    isUsingOverage: false,
+  },
+  uuid: "ff6e5299-429c-4fcb-ab34-0ce4e8fa6202",
+  session_id: "69dbe5a1-1130-45eb-983f-58a7a13c9c3c",
+};
+
+describe("SessionErrorTracker — rate_limit_event processing", () => {
+  test("stashes resetsAt (seconds) correctly as ms — verbatim CAI-1279 fixture", () => {
+    const tracker = new SessionErrorTracker();
+    tracker.processRateLimitEvent(FIXTURE_REJECTED);
+
+    const result = tracker.getRateLimitResetAt();
+    expect(result).toBeDefined();
+
+    // resetsAt: 1779202200 sec → 2026-05-19T14:50:00.000Z
+    // But since we clamp to [now+60s, now+6h] and this is a past timestamp,
+    // the value will be clamped to now+60s. What matters is the sec→ms conversion works.
+    // We verify the unit is correct by checking that 1779202200 * 1000 = ms,
+    // which is NOT the same as treating it as ms (would be 1970-01-21).
+    const parsedMs = new Date(result!).getTime();
+    const nowMs = Date.now();
+    expect(parsedMs).toBeGreaterThanOrEqual(nowMs + 59_000); // clamped to at least now+60s
+    expect(parsedMs).toBeLessThanOrEqual(nowMs + 7 * 60 * 60 * 1000); // not absurdly far
+  });
+
+  test("resetsAt treated as seconds, not milliseconds (unit conversion boundary)", () => {
+    const tracker = new SessionErrorTracker();
+    // A future resetsAt value (in seconds) — 1 hour from now
+    const oneHourFromNowSec = Math.floor(Date.now() / 1000) + 3600;
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: {
+        status: "rejected",
+        resetsAt: oneHourFromNowSec,
+      },
+    });
+
+    const result = tracker.getRateLimitResetAt();
+    expect(result).toBeDefined();
+
+    const parsedMs = new Date(result!).getTime();
+    const nowMs = Date.now();
+    // Should be ~1h from now (not 1970 if treated as ms, not year 57,000 if multiplied wrong)
+    expect(parsedMs).toBeGreaterThanOrEqual(nowMs + 50 * 60_000); // at least 50 min from now
+    expect(parsedMs).toBeLessThanOrEqual(nowMs + 70 * 60_000); // at most 70 min from now
+  });
+
+  test("status: rejected → stashes resetsAt", () => {
+    const tracker = new SessionErrorTracker();
+    const futureResetsAtSec = Math.floor(Date.now() / 1000) + 3600;
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: futureResetsAtSec },
+    });
+    expect(tracker.getRateLimitResetAt()).toBeDefined();
+  });
+
+  test("status: allowed → does NOT stash (no cooldown needed)", () => {
+    const tracker = new SessionErrorTracker();
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "allowed", resetsAt: 1779202200 },
+    });
+    expect(tracker.getRateLimitResetAt()).toBeUndefined();
+  });
+
+  test("status: allowed_warning → does NOT stash", () => {
+    const tracker = new SessionErrorTracker();
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "allowed_warning", resetsAt: 1779202200 },
+    });
+    expect(tracker.getRateLimitResetAt()).toBeUndefined();
+  });
+
+  test("malformed event (missing rate_limit_info) → does NOT stash, no throw", () => {
+    const tracker = new SessionErrorTracker();
+    tracker.processRateLimitEvent({ type: "rate_limit_event" });
+    expect(tracker.getRateLimitResetAt()).toBeUndefined();
+  });
+
+  test("malformed event (resetsAt is string) → does NOT stash, no throw", () => {
+    const tracker = new SessionErrorTracker();
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: "not-a-number" },
+    });
+    expect(tracker.getRateLimitResetAt()).toBeUndefined();
+  });
+
+  test("malformed event (resetsAt is negative) → does NOT stash", () => {
+    const tracker = new SessionErrorTracker();
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: -1 },
+    });
+    expect(tracker.getRateLimitResetAt()).toBeUndefined();
+  });
+
+  test("resetsAt already in the past → clamped to now+60s (clock skew defense)", () => {
+    const tracker = new SessionErrorTracker();
+    // Use a known-past timestamp (year 2020)
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: 1577836800 }, // 2020-01-01T00:00:00Z
+    });
+
+    const result = tracker.getRateLimitResetAt();
+    expect(result).toBeDefined();
+    const parsedMs = new Date(result!).getTime();
+    const nowMs = Date.now();
+    expect(parsedMs).toBeGreaterThanOrEqual(nowMs + 59_000);
+    expect(parsedMs).toBeLessThanOrEqual(nowMs + 65_000);
+  });
+
+  test("resetsAt absurdly far in future → clamped to now+6h (malformed defense)", () => {
+    const tracker = new SessionErrorTracker();
+    // Year 2099 in seconds
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: 4102444800 }, // 2100-01-01 in seconds
+    });
+
+    const result = tracker.getRateLimitResetAt();
+    expect(result).toBeDefined();
+    const parsedMs = new Date(result!).getTime();
+    const nowMs = Date.now();
+    const sixHoursMs = 6 * 60 * 60 * 1000;
+    expect(parsedMs).toBeLessThanOrEqual(nowMs + sixHoursMs + 1000); // within 6h (+1s tolerance)
+  });
+
+  test("multiple rate_limit_event lines → last rejected one wins", () => {
+    const tracker = new SessionErrorTracker();
+    const firstResetsAtSec = Math.floor(Date.now() / 1000) + 1800; // 30 min from now
+    const secondResetsAtSec = Math.floor(Date.now() / 1000) + 3600; // 60 min from now
+
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: firstResetsAtSec },
+    });
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: secondResetsAtSec },
+    });
+
+    const result = tracker.getRateLimitResetAt();
+    expect(result).toBeDefined();
+    const parsedMs = new Date(result!).getTime();
+    const nowMs = Date.now();
+    // Should reflect the SECOND event (~60 min), not the first (~30 min)
+    expect(parsedMs).toBeGreaterThanOrEqual(nowMs + 55 * 60_000);
+    expect(parsedMs).toBeLessThanOrEqual(nowMs + 65 * 60_000);
+  });
+
+  test("allowed event between two rejected events → last rejected wins", () => {
+    const tracker = new SessionErrorTracker();
+    const firstSec = Math.floor(Date.now() / 1000) + 1800;
+    const secondSec = Math.floor(Date.now() / 1000) + 3600;
+
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: firstSec },
+    });
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "allowed", resetsAt: 9999999999 }, // should be ignored
+    });
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: secondSec },
+    });
+
+    const result = tracker.getRateLimitResetAt();
+    expect(result).toBeDefined();
+    const parsedMs = new Date(result!).getTime();
+    const nowMs = Date.now();
+    // Should reflect the third (second rejected) event (~60 min)
+    expect(parsedMs).toBeGreaterThanOrEqual(nowMs + 55 * 60_000);
+    expect(parsedMs).toBeLessThanOrEqual(nowMs + 65 * 60_000);
+  });
+
+  test("no rate_limit_event at all → getRateLimitResetAt returns undefined", () => {
+    const tracker = new SessionErrorTracker();
+    expect(tracker.getRateLimitResetAt()).toBeUndefined();
+  });
+});
+
+describe("trackErrorFromJson — rate_limit_event routing", () => {
+  test("routes rate_limit_event to processRateLimitEvent, stashes reset time", () => {
+    const tracker = new SessionErrorTracker();
+    const futureResetsAtSec = Math.floor(Date.now() / 1000) + 3600;
+
+    trackErrorFromJson(
+      {
+        type: "rate_limit_event",
+        rate_limit_info: { status: "rejected", resetsAt: futureResetsAtSec },
+      },
+      tracker,
+    );
+
+    expect(tracker.getRateLimitResetAt()).toBeDefined();
+    // rate_limit_event itself is NOT an error signal — it's informational
+    expect(tracker.hasErrors()).toBe(false);
+  });
+
+  test("rate_limit_event with allowed status → no reset stashed, no errors", () => {
+    const tracker = new SessionErrorTracker();
+    trackErrorFromJson(
+      {
+        type: "rate_limit_event",
+        rate_limit_info: { status: "allowed", resetsAt: 1779202200 },
+      },
+      tracker,
+    );
+
+    expect(tracker.getRateLimitResetAt()).toBeUndefined();
+    expect(tracker.hasErrors()).toBe(false);
+  });
+
+  test("rate_limit_event does not block subsequent event processing", () => {
+    const tracker = new SessionErrorTracker();
+    const futureResetsAtSec = Math.floor(Date.now() / 1000) + 3600;
+
+    trackErrorFromJson(
+      {
+        type: "rate_limit_event",
+        rate_limit_info: { status: "rejected", resetsAt: futureResetsAtSec },
+      },
+      tracker,
+    );
+    trackErrorFromJson(
+      { type: "result", is_error: true, result: "Your group's usage limit is set to $0" },
+      tracker,
+    );
+
+    expect(tracker.getRateLimitResetAt()).toBeDefined();
+    expect(tracker.hasErrors()).toBe(true);
+  });
+});
+
+describe("three-tier resolver logic (unit test via clamp helper)", () => {
+  // Mirrors the clampResetTime inline helper in runner.ts
+  function clampResetTime(isoString: string): string {
+    const nowMs = Date.now();
+    const minMs = nowMs + 60_000;
+    const maxMs = nowMs + 6 * 60 * 60 * 1000;
+    const candidateMs = new Date(isoString).getTime();
+    return new Date(Math.min(Math.max(candidateMs, minMs), maxMs)).toISOString();
+  }
+
+  test("tier 1: rateLimitResetAt from structured event → used directly (after clamp)", () => {
+    const futureResetsAtSec = Math.floor(Date.now() / 1000) + 3600;
+    const tracker = new SessionErrorTracker();
+    tracker.processRateLimitEvent({
+      type: "rate_limit_event",
+      rate_limit_info: { status: "rejected", resetsAt: futureResetsAtSec },
+    });
+
+    const rateLimitResetAt = tracker.getRateLimitResetAt();
+    expect(rateLimitResetAt).toBeDefined();
+
+    // Simulate tier-1 branch: result.rateLimitResetAt is set
+    const rateLimitedUntil = clampResetTime(rateLimitResetAt!);
+    expect(rateLimitedUntil).toBeDefined();
+    const resolvedMs = new Date(rateLimitedUntil).getTime();
+    const nowMs = Date.now();
+    expect(resolvedMs).toBeGreaterThanOrEqual(nowMs + 59_000);
+  });
+
+  test("tier 3 fallback: no structured event, no parseable message → 5-min default", () => {
+    // Simulate: rateLimitResetAt is undefined, parseRateLimitResetTime returns undefined
+    const defaultCooldownMs = 5 * 60 * 1000;
+    const rateLimitedUntil = new Date(Date.now() + defaultCooldownMs).toISOString();
+
+    const resolvedMs = new Date(rateLimitedUntil).getTime();
+    const nowMs = Date.now();
+    expect(resolvedMs).toBeGreaterThanOrEqual(nowMs + 4 * 60_000);
+    expect(resolvedMs).toBeLessThanOrEqual(nowMs + 6 * 60_000);
+  });
+});

package/src/tests/redacted.test.ts

@@ -0,0 +1,29 @@
+import { describe, expect, test } from "bun:test";
+import { inspect } from "node:util";
+import { Redacted } from "../scripts-runtime/redacted";
+
+describe("Redacted", () => {
+  test("stringification surfaces are redacted", () => {
+    const secret = Redacted.make("hunter2", { type: "user", isSecret: true });
+    expect(String(secret)).toBe("<redacted>");
+    expect(JSON.stringify({ secret })).toBe('{"secret":"<redacted>"}');
+    expect(inspect(secret)).toContain("<redacted>");
+    expect(inspect(secret)).not.toContain("hunter2");
+  });
+
+  test("value round-trips the original value", () => {
+    const value = { nested: true };
+    const wrapped = Redacted.make(value);
+    expect(Redacted.value(wrapped)).toBe(value);
+  });
+
+  test("meta returns the stored metadata", () => {
+    const wrapped = Redacted.make("abc", { type: "system", isSecret: false });
+    expect(Redacted.meta(wrapped)).toEqual({ type: "system", isSecret: false });
+    expect(Redacted.isSecret(wrapped)).toBe(false);
+  });
+
+  test("unregistered objects throw", () => {
+    expect(() => Redacted.value({} as never)).toThrow("Redacted value was not in registry");
+  });
+});