@desplega.ai/agent-swarm 1.93.0 → 1.95.0

package/src/tests/credential-check.test.ts

@@ -136,63 +136,98 @@ describe("checkCodexCredentials", () => {
 
 // ─── pi-mono ─────────────────────────────────────────────────────────────────
 
+/**
+ * Stub probes for Bedrock tests. These replace the real @aws-sdk/client-bedrock
+ * ListFoundationModels call so unit tests never hit AWS.
+ */
+const bedrockProbeSuccess = async () => {};
+const bedrockProbeAuthFail = async () => {
+  throw new Error("ExpiredTokenException: The security token included in the request is expired");
+};
+const bedrockProbeAccessFail = async () => {
+  throw new Error("AccessDeniedException: not authorized to perform: bedrock:ListFoundationModels");
+};
+const bedrockProbeRegionFail = async () => {
+  throw new Error(
+    "ValidationException: Provided region us-west-99 is not supported by Amazon Bedrock",
+  );
+};
+
 describe("checkPiMonoCredentials", () => {
   const HOME = "/home/worker";
   const AUTH = `${HOME}/.pi/agent/auth.json`;
 
-  test("ready (file) when ~/.pi/agent/auth.json exists", () => {
-    const status = checkPiMonoCredentials({}, { homeDir: HOME, fs: fsWith(new Set([AUTH])) });
+  test("ready (file) when ~/.pi/agent/auth.json exists", async () => {
+    const status = await checkPiMonoCredentials({}, { homeDir: HOME, fs: fsWith(new Set([AUTH])) });
     expect(status.ready).toBe(true);
     expect(status.satisfiedBy).toBe("file");
   });
 
-  test("permissive: ready when MODEL_OVERRIDE unset and any one supported key is present", () => {
+  test("permissive: ready when MODEL_OVERRIDE unset and any one supported key is present", async () => {
     expect(
-      checkPiMonoCredentials({ ANTHROPIC_API_KEY: "x" }, { homeDir: HOME, fs: noFiles }).ready,
+      (await checkPiMonoCredentials({ ANTHROPIC_API_KEY: "x" }, { homeDir: HOME, fs: noFiles }))
+        .ready,
     ).toBe(true);
     expect(
-      checkPiMonoCredentials({ OPENROUTER_API_KEY: "x" }, { homeDir: HOME, fs: noFiles }).ready,
+      (await checkPiMonoCredentials({ OPENROUTER_API_KEY: "x" }, { homeDir: HOME, fs: noFiles }))
+        .ready,
     ).toBe(true);
     expect(
-      checkPiMonoCredentials({ OPENAI_API_KEY: "x" }, { homeDir: HOME, fs: noFiles }).ready,
+      (await checkPiMonoCredentials({ OPENAI_API_KEY: "x" }, { homeDir: HOME, fs: noFiles })).ready,
     ).toBe(true);
   });
 
-  test("permissive: not ready when MODEL_OVERRIDE unset and no keys are set", () => {
-    const status = checkPiMonoCredentials({}, { homeDir: HOME, fs: noFiles });
+  test("permissive: not ready when MODEL_OVERRIDE unset and no keys are set", async () => {
+    const status = await checkPiMonoCredentials({}, { homeDir: HOME, fs: noFiles });
     expect(status.ready).toBe(false);
     expect(status.missing).toContain("ANTHROPIC_API_KEY");
     expect(status.missing).toContain("OPENROUTER_API_KEY");
     expect(status.missing).toContain("OPENAI_API_KEY");
   });
 
-  test("strict: MODEL_OVERRIDE=anthropic/... requires ANTHROPIC_API_KEY", () => {
+  test("strict: MODEL_OVERRIDE=anthropic/... requires ANTHROPIC_API_KEY", async () => {
     const env = { MODEL_OVERRIDE: "anthropic/claude-sonnet-4" };
-    expect(checkPiMonoCredentials(env, { homeDir: HOME, fs: noFiles }).ready).toBe(false);
+    expect((await checkPiMonoCredentials(env, { homeDir: HOME, fs: noFiles })).ready).toBe(false);
     expect(
-      checkPiMonoCredentials({ ...env, ANTHROPIC_API_KEY: "x" }, { homeDir: HOME, fs: noFiles })
-        .ready,
+      (
+        await checkPiMonoCredentials(
+          { ...env, ANTHROPIC_API_KEY: "x" },
+          { homeDir: HOME, fs: noFiles },
+        )
+      ).ready,
     ).toBe(true);
     // OPENROUTER_API_KEY does NOT satisfy an anthropic-prefixed model
     expect(
-      checkPiMonoCredentials({ ...env, OPENROUTER_API_KEY: "x" }, { homeDir: HOME, fs: noFiles })
-        .ready,
+      (
+        await checkPiMonoCredentials(
+          { ...env, OPENROUTER_API_KEY: "x" },
+          { homeDir: HOME, fs: noFiles },
+        )
+      ).ready,
     ).toBe(false);
   });
 
-  test("strict: MODEL_OVERRIDE=openrouter/... requires OPENROUTER_API_KEY", () => {
+  test("strict: MODEL_OVERRIDE=openrouter/... requires OPENROUTER_API_KEY", async () => {
     const env = { MODEL_OVERRIDE: "openrouter/google/gemini-2.5-flash-lite" };
     expect(
-      checkPiMonoCredentials({ ...env, OPENROUTER_API_KEY: "x" }, { homeDir: HOME, fs: noFiles })
-        .ready,
+      (
+        await checkPiMonoCredentials(
+          { ...env, OPENROUTER_API_KEY: "x" },
+          { homeDir: HOME, fs: noFiles },
+        )
+      ).ready,
     ).toBe(true);
     expect(
-      checkPiMonoCredentials({ ...env, ANTHROPIC_API_KEY: "x" }, { homeDir: HOME, fs: noFiles })
-        .ready,
+      (
+        await checkPiMonoCredentials(
+          { ...env, ANTHROPIC_API_KEY: "x" },
+          { homeDir: HOME, fs: noFiles },
+        )
+      ).ready,
     ).toBe(false);
   });
 
-  test("shortname `sonnet` accepts ANTHROPIC_API_KEY *or* OPENROUTER_API_KEY", () => {
+  test("shortname `sonnet` accepts ANTHROPIC_API_KEY *or* OPENROUTER_API_KEY", async () => {
     // Anthropic-shortname models (sonnet/haiku/opus) prefer the native
     // ANTHROPIC_* credential, but pi-mono-adapter reroutes through the
     // OpenRouter mirror when only OPENROUTER_API_KEY is available — so the
@@ -201,76 +236,180 @@ describe("checkPiMonoCredentials", () => {
     // tracked in HEARTBEAT.md (2026-04-13 → 2026-05-11).
     const env = { MODEL_OVERRIDE: "sonnet" };
     expect(
-      checkPiMonoCredentials({ ...env, ANTHROPIC_API_KEY: "x" }, { homeDir: HOME, fs: noFiles })
-        .ready,
+      (
+        await checkPiMonoCredentials(
+          { ...env, ANTHROPIC_API_KEY: "x" },
+          { homeDir: HOME, fs: noFiles },
+        )
+      ).ready,
     ).toBe(true);
     expect(
-      checkPiMonoCredentials({ ...env, OPENROUTER_API_KEY: "x" }, { homeDir: HOME, fs: noFiles })
-        .ready,
+      (
+        await checkPiMonoCredentials(
+          { ...env, OPENROUTER_API_KEY: "x" },
+          { homeDir: HOME, fs: noFiles },
+        )
+      ).ready,
     ).toBe(true);
     // Neither key set → still not ready, and missing includes both options.
-    const empty = checkPiMonoCredentials(env, { homeDir: HOME, fs: noFiles });
+    const empty = await checkPiMonoCredentials(env, { homeDir: HOME, fs: noFiles });
     expect(empty.ready).toBe(false);
     expect(empty.missing).toContain("ANTHROPIC_API_KEY");
     expect(empty.missing).toContain("OPENROUTER_API_KEY");
   });
 
-  test("haiku and opus shortnames also accept OPENROUTER_API_KEY", () => {
+  test("haiku and opus shortnames also accept OPENROUTER_API_KEY", async () => {
     for (const model of ["haiku", "opus"]) {
       const env = { MODEL_OVERRIDE: model };
       expect(
-        checkPiMonoCredentials({ ...env, OPENROUTER_API_KEY: "x" }, { homeDir: HOME, fs: noFiles })
-          .ready,
+        (
+          await checkPiMonoCredentials(
+            { ...env, OPENROUTER_API_KEY: "x" },
+            { homeDir: HOME, fs: noFiles },
+          )
+        ).ready,
       ).toBe(true);
     }
   });
 
-  // ─── amazon-bedrock: AWS SDK delegates credential resolution ───────────────
-  // When MODEL_OVERRIDE selects amazon-bedrock, pi-mono routes through the AWS
-  // SDK's default credential chain (env, ~/.aws/*, SSO, IMDS, assume-role,
-  // web-identity, …). agent-swarm does no presence check beyond detecting the
-  // `amazon-bedrock/` prefix — the SDK validates at first inference call.
-  // Mirrors the codex auth.json "presence-only" pattern.
+  // ─── amazon-bedrock prefix inference: probe triggered, result depends on creds ─
+  // When BEDROCK_AUTH_MODE is absent and MODEL_OVERRIDE starts with
+  // "amazon-bedrock/", the probe runs. Tests inject a stub to avoid hitting AWS.
 
-  test("amazon-bedrock: ready (sdk-delegated) with no env vars and no auth.json", () => {
+  test("amazon-bedrock: probe success → ready (sdk-delegated)", async () => {
     const env = { MODEL_OVERRIDE: "amazon-bedrock/anthropic.claude-sonnet-4-20250514-v1:0" };
-    const status = checkPiMonoCredentials(env, { homeDir: HOME, fs: noFiles });
+    const status = await checkPiMonoCredentials(env, {
+      homeDir: HOME,
+      fs: noFiles,
+      bedrockProbe: bedrockProbeSuccess,
+    });
     expect(status.ready).toBe(true);
     expect(status.satisfiedBy).toBe("sdk-delegated");
     expect(status.missing).toEqual([]);
   });
 
-  test("amazon-bedrock: stays sdk-delegated even when ANTHROPIC_API_KEY is also set", () => {
-    // The Anthropic-shape key is irrelevant here — the model is routed through
-    // AWS Bedrock, not Anthropic. Reporting satisfiedBy="env" would mislead.
+  test("amazon-bedrock: probe success even when ANTHROPIC_API_KEY also set (Bedrock wins)", async () => {
+    // The Anthropic-shape key is irrelevant — model is routed through AWS Bedrock.
     const env = {
       MODEL_OVERRIDE: "amazon-bedrock/anthropic.claude-sonnet-4-20250514-v1:0",
       ANTHROPIC_API_KEY: "x",
     };
-    const status = checkPiMonoCredentials(env, { homeDir: HOME, fs: noFiles });
+    const status = await checkPiMonoCredentials(env, {
+      homeDir: HOME,
+      fs: noFiles,
+      bedrockProbe: bedrockProbeSuccess,
+    });
     expect(status.ready).toBe(true);
     expect(status.satisfiedBy).toBe("sdk-delegated");
   });
 
-  test("amazon-bedrock: stays sdk-delegated even when auth.json exists", () => {
+  test("amazon-bedrock: probe success even when auth.json exists (Bedrock wins over file)", async () => {
     // auth.json holds Anthropic/OpenRouter/OpenAI creds — none used by Bedrock.
-    // Bedrock branch must win over the file probe.
     const env = { MODEL_OVERRIDE: "amazon-bedrock/anthropic.claude-sonnet-4-20250514-v1:0" };
-    const status = checkPiMonoCredentials(env, {
+    const status = await checkPiMonoCredentials(env, {
       homeDir: HOME,
       fs: fsWith(new Set([AUTH])),
+      bedrockProbe: bedrockProbeSuccess,
     });
     expect(status.ready).toBe(true);
     expect(status.satisfiedBy).toBe("sdk-delegated");
   });
 
-  test("amazon-bedrock: provider-prefix match is case-insensitive", () => {
-    // Mirrors modelToCredKeys' .toLowerCase() at line 54 of pi-mono-adapter.
+  test("amazon-bedrock: provider-prefix match is case-insensitive", async () => {
     const env = { MODEL_OVERRIDE: "Amazon-Bedrock/anthropic.claude-sonnet-4-20250514-v1:0" };
-    const status = checkPiMonoCredentials(env, { homeDir: HOME, fs: noFiles });
+    const status = await checkPiMonoCredentials(env, {
+      homeDir: HOME,
+      fs: noFiles,
+      bedrockProbe: bedrockProbeSuccess,
+    });
     expect(status.ready).toBe(true);
     expect(status.satisfiedBy).toBe("sdk-delegated");
   });
+
+  test("amazon-bedrock: probe auth failure → ready:false with aws-auth hint", async () => {
+    const env = { MODEL_OVERRIDE: "amazon-bedrock/anthropic.claude-sonnet-4-20250514-v1:0" };
+    const status = await checkPiMonoCredentials(env, {
+      homeDir: HOME,
+      fs: noFiles,
+      bedrockProbe: bedrockProbeAuthFail,
+    });
+    expect(status.ready).toBe(false);
+    expect(status.hint).toContain("aws sso login");
+  });
+
+  test("amazon-bedrock: probe access failure → ready:false with aws-access hint", async () => {
+    const env = { MODEL_OVERRIDE: "amazon-bedrock/anthropic.claude-sonnet-4-20250514-v1:0" };
+    const status = await checkPiMonoCredentials(env, {
+      homeDir: HOME,
+      fs: noFiles,
+      bedrockProbe: bedrockProbeAccessFail,
+    });
+    expect(status.ready).toBe(false);
+    expect(status.hint).toContain("bedrock:InvokeModel");
+  });
+
+  test("amazon-bedrock: probe region failure → ready:false (unclassified hint)", async () => {
+    const env = { MODEL_OVERRIDE: "amazon-bedrock/anthropic.claude-sonnet-4-20250514-v1:0" };
+    const status = await checkPiMonoCredentials(env, {
+      homeDir: HOME,
+      fs: noFiles,
+      bedrockProbe: bedrockProbeRegionFail,
+    });
+    expect(status.ready).toBe(false);
+    // Not matching a known AWS category → raw probe error surfaced in hint
+    expect(status.hint).toBeDefined();
+  });
+
+  // ─── BEDROCK_AUTH_MODE=sdk: explicit mode, decoupled from MODEL_OVERRIDE ────
+
+  test("BEDROCK_AUTH_MODE=sdk: probe triggered even without amazon-bedrock/ prefix", async () => {
+    // Explicit mode — MODEL_OVERRIDE can be anything (or absent); the Bedrock
+    // path is taken because the operator explicitly declared BEDROCK_AUTH_MODE=sdk.
+    const env = { BEDROCK_AUTH_MODE: "sdk", MODEL_OVERRIDE: "some-other-model" };
+    const status = await checkPiMonoCredentials(env, {
+      homeDir: HOME,
+      fs: noFiles,
+      bedrockProbe: bedrockProbeSuccess,
+    });
+    expect(status.ready).toBe(true);
+    expect(status.satisfiedBy).toBe("sdk-delegated");
+  });
+
+  test("BEDROCK_AUTH_MODE=sdk: probe failure → ready:false", async () => {
+    const env = { BEDROCK_AUTH_MODE: "sdk" };
+    const status = await checkPiMonoCredentials(env, {
+      homeDir: HOME,
+      fs: noFiles,
+      bedrockProbe: bedrockProbeAuthFail,
+    });
+    expect(status.ready).toBe(false);
+  });
+
+  test("BEDROCK_AUTH_MODE=bearer: does NOT trigger the sdk probe (falls through)", async () => {
+    // The bearer path is declared/validated but the full implementation is
+    // out of scope for PR1. With no other credentials set it should be not-ready
+    // via the standard permissive check, not via the sdk probe.
+    const env = { BEDROCK_AUTH_MODE: "bearer" };
+    // No other keys set, no auth.json → not-ready from the permissive path.
+    const status = await checkPiMonoCredentials(env, { homeDir: HOME, fs: noFiles });
+    expect(status.ready).toBe(false);
+    // Satisfying via any standard key still works for the bearer mode (PR1 scope).
+    const withKey = await checkPiMonoCredentials(
+      { BEDROCK_AUTH_MODE: "bearer", ANTHROPIC_API_KEY: "x" },
+      { homeDir: HOME, fs: noFiles },
+    );
+    expect(withKey.ready).toBe(true);
+    expect(withKey.satisfiedBy).toBe("env");
+  });
+
+  test("BEDROCK_AUTH_MODE absent + no MODEL_OVERRIDE=amazon-bedrock: no probe", async () => {
+    // Fallback inference: neither BEDROCK_AUTH_MODE nor an amazon-bedrock MODEL_OVERRIDE
+    // → standard permissive path, no AWS call.
+    const env = { ANTHROPIC_API_KEY: "x" };
+    const status = await checkPiMonoCredentials(env, { homeDir: HOME, fs: noFiles });
+    expect(status.ready).toBe(true);
+    expect(status.satisfiedBy).toBe("env");
+  });
 });
 
 // ─── opencode ────────────────────────────────────────────────────────────────

package/src/tests/harness-provider-resolution.test.ts

@@ -171,6 +171,29 @@ describe("validateConfigValue", () => {
     );
     expect(validateConfigValue("SWARM_USE_CLAUDE_BRIDGE", true)).toMatch(/SWARM_USE_CLAUDE_BRIDGE/);
   });
+
+  test("accepts valid BEDROCK_AUTH_MODE values: sdk, bearer", () => {
+    expect(validateConfigValue("BEDROCK_AUTH_MODE", "sdk")).toBeNull();
+    expect(validateConfigValue("BEDROCK_AUTH_MODE", "bearer")).toBeNull();
+    // key lookup is case-insensitive
+    expect(validateConfigValue("bedrock_auth_mode", "sdk")).toBeNull();
+  });
+
+  test("rejects invalid BEDROCK_AUTH_MODE values with a helpful error", () => {
+    const badValues = ["Sdk", "SDK", "BEARER", "iam", "sso", "basic", "", " sdk"];
+    for (const bad of badValues) {
+      const err = validateConfigValue("BEDROCK_AUTH_MODE", bad);
+      expect(err).not.toBeNull();
+      expect(err).toMatch(/BEDROCK_AUTH_MODE/);
+      expect(err).toMatch(/sdk/);
+      expect(err).toMatch(/bearer/);
+    }
+  });
+
+  test("BEDROCK_AUTH_MODE is optional — absent key is not validated (returns null)", () => {
+    // Undefined / unset key → no validator → null (no error)
+    expect(validateConfigValue("OTHER_KEY", "sdk")).toBeNull();
+  });
 });
 
 // ─── getResolvedConfig — scope precedence for HARNESS_PROVIDER ───────────────

package/src/tests/http-api-integration.test.ts

@@ -1012,6 +1012,25 @@ describe("Schedule CRUD", () => {
     expect(body.task.id).toBeDefined();
   });
 
+  test("POST /api/schedules/:id/run — propagates modelTier to the created task", async () => {
+    const { body: created } = await post("/api/schedules", {
+      body: {
+        name: "model-tier-manual-run",
+        taskTemplate: "Run model tier integration test",
+        cronExpression: "0 * * * *",
+        modelTier: "smart",
+      },
+    });
+
+    const { status, body } = await post(`/api/schedules/${created.id}/run`);
+    expect(status).toBe(200);
+    expect(body.task).toBeDefined();
+    expect(body.task.model).toBeUndefined();
+    expect(body.task.modelTier).toBe("smart");
+
+    await del(`/api/schedules/${created.id}`);
+  });
+
   test("POST /api/schedules/:id/run — disabled schedule returns 400", async () => {
     // Disable the schedule first
     await put(`/api/schedules/${scheduleId}`, {

package/src/tests/mcp-oauth-queries.test.ts

@@ -1,6 +1,13 @@
 import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import { unlink } from "node:fs/promises";
-import { closeDb, createMcpServer, createUser, initDb } from "../be/db";
+import {
+  closeDb,
+  createMcpServer,
+  createUser,
+  getMcpServerById,
+  initDb,
+  updateMcpServer,
+} from "../be/db";
 import {
   consumeMcpOAuthPending,
   deleteMcpOAuthToken,
@@ -221,6 +228,69 @@ describe("mcp_oauth_pending (state PK)", () => {
   });
 });
 
+describe("mcp_servers.extraAuthorizeParams round-trip", () => {
+  test("createMcpServer persists extraAuthorizeParams", () => {
+    const server = createMcpServer({
+      name: "bigquery-mcp",
+      transport: "http",
+      url: "https://bigquery.googleapis.com/",
+      scope: "swarm",
+      extraAuthorizeParams: '{"access_type":"offline","prompt":"consent"}',
+    });
+    expect(server.extraAuthorizeParams).toBe('{"access_type":"offline","prompt":"consent"}');
+
+    const fetched = getMcpServerById(server.id);
+    expect(fetched).not.toBeNull();
+    expect(fetched!.extraAuthorizeParams).toBe('{"access_type":"offline","prompt":"consent"}');
+  });
+
+  test("createMcpServer with no extraAuthorizeParams defaults to null", () => {
+    const server = createMcpServer({
+      name: "hubspot-mcp",
+      transport: "http",
+      url: "https://api.hubspot.com/",
+      scope: "swarm",
+    });
+    expect(server.extraAuthorizeParams).toBeNull();
+  });
+
+  test("updateMcpServer persists extraAuthorizeParams and bumps version", () => {
+    const server = createMcpServer({
+      name: "gdrive-mcp",
+      transport: "http",
+      url: "https://www.googleapis.com/drive/v3/",
+      scope: "swarm",
+    });
+    const versionBefore = server.version;
+
+    const updated = updateMcpServer(server.id, {
+      extraAuthorizeParams: '{"access_type":"offline","prompt":"consent"}',
+    });
+    expect(updated).not.toBeNull();
+    expect(updated!.extraAuthorizeParams).toBe('{"access_type":"offline","prompt":"consent"}');
+    expect(updated!.version).toBe(versionBefore + 1);
+  });
+
+  test("updateMcpServer can clear extraAuthorizeParams to null without bumping version twice", () => {
+    const server = createMcpServer({
+      name: "sheets-mcp",
+      transport: "http",
+      url: "https://sheets.googleapis.com/",
+      scope: "swarm",
+      extraAuthorizeParams: '{"access_type":"offline"}',
+    });
+
+    const cleared = updateMcpServer(server.id, { extraAuthorizeParams: undefined });
+    // No extraAuthorizeParams key → no version bump, field untouched
+    expect(cleared!.extraAuthorizeParams).toBe('{"access_type":"offline"}');
+    expect(cleared!.version).toBe(server.version);
+
+    const nulled = updateMcpServer(server.id, { extraAuthorizeParams: null as unknown as string });
+    expect(nulled!.extraAuthorizeParams).toBeNull();
+    expect(nulled!.version).toBe(server.version + 1);
+  });
+});
+
 describe("mcp_servers.authMethod accessor", () => {
   test("default is 'static' for newly created servers", () => {
     const server = makeServer("mcp-auth-default");

package/src/tests/mcp-oauth-wrapper.test.ts

@@ -137,6 +137,115 @@ describe("buildAuthorizeUrl (PKCE S256, RFC 8707)", () => {
     });
     expect(new URL(result.url).searchParams.has("scope")).toBe(false);
   });
+
+  test("extraParams are appended to the authorize URL (e.g. BigQuery offline access)", async () => {
+    const result = await buildAuthorizeUrl({
+      authorizeUrl: "https://as.example.com/authorize",
+      tokenUrl: "https://as.example.com/token",
+      clientId: "bq-client",
+      redirectUri: "https://swarm.example.com/callback",
+      scopes: ["https://www.googleapis.com/auth/bigquery"],
+      resource: "https://bigquery.googleapis.com/",
+      extraParams: { access_type: "offline", prompt: "consent" },
+    });
+
+    const u = new URL(result.url);
+    expect(u.searchParams.get("access_type")).toBe("offline");
+    expect(u.searchParams.get("prompt")).toBe("consent");
+  });
+
+  test("extraParams cannot override reserved OAuth params (redirect_uri, state, etc.)", async () => {
+    const result = await buildAuthorizeUrl({
+      authorizeUrl: "https://as.example.com/authorize",
+      tokenUrl: "https://as.example.com/token",
+      clientId: "c",
+      redirectUri: "https://swarm.example.com/cb",
+      scopes: ["read"],
+      resource: "https://mcp.example.com/",
+      state: "safe-state",
+      extraParams: {
+        redirect_uri: "https://evil.com",
+        state: "injected",
+        code_challenge: "malicious",
+        code_challenge_method: "plain",
+        response_type: "token",
+        client_id: "attacker",
+        scope: "admin",
+        resource: "https://evil.com/",
+      },
+    });
+    const u = new URL(result.url);
+    expect(u.searchParams.get("redirect_uri")).toBe("https://swarm.example.com/cb");
+    expect(u.searchParams.get("state")).toBe("safe-state");
+    expect(u.searchParams.get("code_challenge_method")).toBe("S256");
+    expect(u.searchParams.get("response_type")).toBe("code");
+    expect(u.searchParams.get("client_id")).toBe("c");
+    expect(u.searchParams.get("resource")).toBe("https://mcp.example.com/");
+    // Attacker values must not have landed
+    const challenge = u.searchParams.get("code_challenge");
+    expect(challenge).not.toBeNull();
+    expect(challenge).not.toBe("malicious");
+    expect(u.searchParams.get("scope")).toBe("read");
+  });
+
+  test("mixed-case reserved keys in extraParams are rejected (case-insensitive guard)", async () => {
+    const result = await buildAuthorizeUrl({
+      authorizeUrl: "https://as.example.com/authorize",
+      tokenUrl: "https://as.example.com/token",
+      clientId: "c",
+      redirectUri: "https://swarm.example.com/cb",
+      scopes: ["read"],
+      resource: "https://mcp.example.com/",
+      state: "safe-state",
+      extraParams: {
+        Redirect_Uri: "https://evil.example",
+        STATE: "evil-state",
+        Code_Challenge: "malicious-challenge",
+        SCOPE: "admin",
+      },
+    });
+    const u = new URL(result.url);
+    // Attacker mixed-case keys must NOT appear in the URL
+    expect(u.searchParams.get("Redirect_Uri")).toBeNull();
+    expect(u.searchParams.get("STATE")).toBeNull();
+    expect(u.searchParams.get("Code_Challenge")).toBeNull();
+    expect(u.searchParams.get("SCOPE")).toBeNull();
+    // Core params must retain their original legitimate values
+    expect(u.searchParams.get("redirect_uri")).toBe("https://swarm.example.com/cb");
+    expect(u.searchParams.get("state")).toBe("safe-state");
+    expect(u.searchParams.get("scope")).toBe("read");
+  });
+
+  test("null/undefined extraParams leaves URL unchanged (no blast radius for existing servers)", async () => {
+    const withExtra = await buildAuthorizeUrl({
+      authorizeUrl: "https://as.example.com/authorize",
+      tokenUrl: "https://as.example.com/token",
+      clientId: "c",
+      redirectUri: "https://swarm.example.com/cb",
+      scopes: ["read"],
+      resource: "https://mcp.example.com/",
+      extraParams: { access_type: "offline" },
+      state: "fixed-state",
+    });
+
+    const withoutExtra = await buildAuthorizeUrl({
+      authorizeUrl: "https://as.example.com/authorize",
+      tokenUrl: "https://as.example.com/token",
+      clientId: "c",
+      redirectUri: "https://swarm.example.com/cb",
+      scopes: ["read"],
+      resource: "https://mcp.example.com/",
+      state: "fixed-state",
+    });
+
+    const uWith = new URL(withExtra.url);
+    const uWithout = new URL(withoutExtra.url);
+    expect(uWith.searchParams.has("access_type")).toBe(true);
+    expect(uWithout.searchParams.has("access_type")).toBe(false);
+    // Core params are identical
+    expect(uWith.searchParams.get("client_id")).toBe(uWithout.searchParams.get("client_id"));
+    expect(uWith.searchParams.get("state")).toBe(uWithout.searchParams.get("state"));
+  });
 });
 
 // ─── Discovery (PRMD + AS metadata) ──────────────────────────────────────────