@frontmcp/testing 0.7.2 → 0.8.1

package/esm/index.mjs

@@ -71,7 +71,12 @@ var PLATFORM_DETECTION_PATTERNS = {
 };
 function getPlatformCapabilities(platform) {
   const baseCapabilities = {
-    sampling: {}
+    sampling: {},
+    // Include elicitation.form by default for testing elicitation workflows
+    // Note: MCP SDK expects form to be an object, not boolean
+    elicitation: {
+      form: {}
+    }
   };
   if (platform === "ext-apps") {
     return {
@@ -209,6 +214,21 @@ var McpTestClientBuilder = class {
     this.config.capabilities = capabilities;
     return this;
   }
+  /**
+   * Set query parameters to append to the connection URL.
+   * Useful for testing mode switches like `?mode=skills_only`.
+   *
+   * @example
+   * ```typescript
+   * const client = await McpTestClient.create({ baseUrl })
+   *   .withQueryParams({ mode: 'skills_only' })
+   *   .buildAndConnect();
+   * ```
+   */
+  withQueryParams(params) {
+    this.config.queryParams = { ...this.config.queryParams, ...params };
+    return this;
+  }
   /**
    * Build the McpTestClient instance (does not connect)
    */
@@ -237,6 +257,7 @@ var StreamableHttpTransport = class {
   lastRequestHeaders = {};
   interceptors;
   publicMode;
+  elicitationHandler;
   constructor(config) {
     this.config = {
       baseUrl: config.baseUrl.replace(/\/$/, ""),
@@ -251,6 +272,7 @@ var StreamableHttpTransport = class {
     this.authToken = config.auth?.token;
     this.interceptors = config.interceptors;
     this.publicMode = config.publicMode ?? false;
+    this.elicitationHandler = config.elicitationHandler;
   }
   async connect() {
     this.state = "connecting";
@@ -343,7 +365,6 @@ var StreamableHttpTransport = class {
         body: JSON.stringify(message),
         signal: controller.signal
       });
-      clearTimeout(timeoutId);
       const newSessionId = response.headers.get("mcp-session-id");
       if (newSessionId) {
         this.sessionId = newSessionId;
@@ -363,28 +384,26 @@ var StreamableHttpTransport = class {
         };
       } else {
         const contentType = response.headers.get("content-type") ?? "";
-        const text = await response.text();
-        this.log("Response:", text);
-        if (!text.trim()) {
-          jsonResponse = {
-            jsonrpc: "2.0",
-            id: message.id ?? null,
-            result: void 0
-          };
-        } else if (contentType.includes("text/event-stream")) {
-          const { response: sseResponse, sseSessionId } = this.parseSSEResponseWithSession(text, message.id);
-          jsonResponse = sseResponse;
-          if (sseSessionId && !this.sessionId) {
-            this.sessionId = sseSessionId;
-            this.log("Session ID from SSE:", this.sessionId);
-          }
+        if (contentType.includes("text/event-stream")) {
+          jsonResponse = await this.handleSSEResponseWithElicitation(response, message);
         } else {
-          jsonResponse = JSON.parse(text);
+          const text = await response.text();
+          this.log("Response:", text);
+          if (!text.trim()) {
+            jsonResponse = {
+              jsonrpc: "2.0",
+              id: message.id ?? null,
+              result: void 0
+            };
+          } else {
+            jsonResponse = JSON.parse(text);
+          }
         }
       }
       if (this.interceptors) {
         jsonResponse = await this.interceptors.processResponse(message, jsonResponse, Date.now() - startTime);
       }
+      clearTimeout(timeoutId);
       return jsonResponse;
     } catch (error) {
       clearTimeout(timeoutId);
@@ -499,6 +518,9 @@ var StreamableHttpTransport = class {
   getInterceptors() {
     return this.interceptors;
   }
+  setElicitationHandler(handler) {
+    this.elicitationHandler = handler;
+  }
   getConnectionCount() {
     return this.connectionCount;
   }
@@ -527,6 +549,215 @@ var StreamableHttpTransport = class {
   // ═══════════════════════════════════════════════════════════════════
   // PRIVATE HELPERS
   // ═══════════════════════════════════════════════════════════════════
+  /**
+   * Handle SSE response with elicitation support.
+   *
+   * Streams the SSE response, detects elicitation/create requests, and handles them
+   * by calling the registered handler and sending the response back to the server.
+   */
+  async handleSSEResponseWithElicitation(response, originalRequest) {
+    this.log("handleSSEResponseWithElicitation: starting", { requestId: originalRequest.id });
+    const reader = response.body?.getReader();
+    if (!reader) {
+      this.log("handleSSEResponseWithElicitation: no response body");
+      return {
+        jsonrpc: "2.0",
+        id: originalRequest.id ?? null,
+        error: { code: -32e3, message: "No response body" }
+      };
+    }
+    const decoder = new TextDecoder();
+    let buffer = "";
+    let finalResponse = null;
+    let sseSessionId;
+    try {
+      let readCount = 0;
+      while (true) {
+        readCount++;
+        this.log(`handleSSEResponseWithElicitation: reading chunk ${readCount}`);
+        const { done, value } = await reader.read();
+        this.log(`handleSSEResponseWithElicitation: read result`, { done, valueLength: value?.length });
+        if (done) {
+          if (buffer.trim()) {
+            const parsed = this.parseSSEEvents(buffer, originalRequest.id);
+            for (const event of parsed.events) {
+              const handled = await this.handleSSEEvent(event);
+              if (handled.isFinal) {
+                finalResponse = handled.response;
+              }
+            }
+            if (parsed.sessionId && !sseSessionId) {
+              sseSessionId = parsed.sessionId;
+            }
+          }
+          break;
+        }
+        buffer += decoder.decode(value, { stream: true });
+        const eventEndPattern = /\n\n/g;
+        let lastEventEnd = 0;
+        let match;
+        while ((match = eventEndPattern.exec(buffer)) !== null) {
+          const eventText = buffer.slice(lastEventEnd, match.index);
+          lastEventEnd = match.index + 2;
+          if (eventText.trim()) {
+            const parsed = this.parseSSEEvents(eventText, originalRequest.id);
+            for (const event of parsed.events) {
+              const handled = await this.handleSSEEvent(event);
+              if (handled.isFinal) {
+                finalResponse = handled.response;
+              }
+            }
+            if (parsed.sessionId && !sseSessionId) {
+              sseSessionId = parsed.sessionId;
+            }
+          }
+        }
+        buffer = buffer.slice(lastEventEnd);
+      }
+    } finally {
+      reader.releaseLock();
+    }
+    if (sseSessionId && !this.sessionId) {
+      this.sessionId = sseSessionId;
+      this.log("Session ID from SSE:", this.sessionId);
+    }
+    if (finalResponse) {
+      return finalResponse;
+    }
+    return {
+      jsonrpc: "2.0",
+      id: originalRequest.id ?? null,
+      error: { code: -32e3, message: "No final response received in SSE stream" }
+    };
+  }
+  /**
+   * Parse SSE event text into structured events
+   */
+  parseSSEEvents(text, _requestId) {
+    const lines = text.split("\n");
+    const events = [];
+    let currentEvent = { type: "message", data: [] };
+    let sessionId;
+    for (const line of lines) {
+      if (line.startsWith("event: ")) {
+        currentEvent.type = line.slice(7);
+      } else if (line.startsWith("data: ")) {
+        currentEvent.data.push(line.slice(6));
+      } else if (line === "data:") {
+        currentEvent.data.push("");
+      } else if (line.startsWith("id: ")) {
+        const idValue = line.slice(4);
+        currentEvent.id = idValue;
+        const colonIndex = idValue.lastIndexOf(":");
+        if (colonIndex > 0) {
+          sessionId = idValue.substring(0, colonIndex);
+        } else {
+          sessionId = idValue;
+        }
+      } else if (line === "" && currentEvent.data.length > 0) {
+        events.push({
+          type: currentEvent.type,
+          data: currentEvent.data.join("\n"),
+          id: currentEvent.id
+        });
+        currentEvent = { type: "message", data: [] };
+      }
+    }
+    if (currentEvent.data.length > 0) {
+      events.push({
+        type: currentEvent.type,
+        data: currentEvent.data.join("\n"),
+        id: currentEvent.id
+      });
+    }
+    return { events, sessionId };
+  }
+  /**
+   * Handle a single SSE event, including elicitation requests
+   */
+  async handleSSEEvent(event) {
+    this.log("SSE Event:", { type: event.type, data: event.data.slice(0, 200) });
+    try {
+      const parsed = JSON.parse(event.data);
+      if ("method" in parsed && parsed.method === "elicitation/create") {
+        await this.handleElicitationRequest(parsed);
+        return {
+          isFinal: false,
+          response: { jsonrpc: "2.0", id: null, result: void 0 }
+        };
+      }
+      if ("result" in parsed || "error" in parsed) {
+        return { isFinal: true, response: parsed };
+      }
+      return {
+        isFinal: false,
+        response: { jsonrpc: "2.0", id: null, result: void 0 }
+      };
+    } catch {
+      this.log("Failed to parse SSE event data:", event.data);
+      return {
+        isFinal: false,
+        response: { jsonrpc: "2.0", id: null, result: void 0 }
+      };
+    }
+  }
+  /**
+   * Handle an elicitation/create request from the server
+   */
+  async handleElicitationRequest(request) {
+    const params = request.params;
+    this.log("Elicitation request received:", {
+      mode: params?.mode,
+      message: params?.message?.slice(0, 100)
+    });
+    const requestId = request.id;
+    if (requestId === void 0 || requestId === null) {
+      this.log("Elicitation request has no ID, cannot respond");
+      return;
+    }
+    if (!this.elicitationHandler) {
+      this.log("No elicitation handler registered, sending error");
+      await this.sendElicitationResponse(requestId, {
+        action: "decline"
+      });
+      return;
+    }
+    try {
+      const response = await this.elicitationHandler(params);
+      this.log("Elicitation handler response:", response);
+      await this.sendElicitationResponse(requestId, response);
+    } catch (error) {
+      this.log("Elicitation handler error:", error);
+      await this.sendElicitationResponse(requestId, {
+        action: "cancel"
+      });
+    }
+  }
+  /**
+   * Send an elicitation response back to the server
+   */
+  async sendElicitationResponse(requestId, response) {
+    const headers = this.buildHeaders();
+    const url = `${this.config.baseUrl}/`;
+    const rpcResponse = {
+      jsonrpc: "2.0",
+      id: requestId,
+      result: response
+    };
+    this.log("Sending elicitation response:", rpcResponse);
+    try {
+      const fetchResponse = await fetch(url, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(rpcResponse)
+      });
+      if (!fetchResponse.ok) {
+        this.log(`Elicitation response HTTP error: ${fetchResponse.status}`);
+      }
+    } catch (error) {
+      this.log("Failed to send elicitation response:", error);
+    }
+  }
   buildHeaders() {
     const headers = {
       "Content-Type": "application/json",
@@ -958,7 +1189,7 @@ var DEFAULT_CLIENT_INFO = {
   version: "0.4.0"
 };
 var McpTestClient = class {
-  // Platform and capabilities are optional - only set when testing platform-specific behavior
+  // Platform, capabilities, and queryParams are optional - only set when needed
   config;
   transport = null;
   initResult = null;
@@ -974,6 +1205,8 @@ var McpTestClient = class {
   _progressUpdates = [];
   // Interceptor chain
   _interceptors;
+  // Elicitation handler for server→client elicit requests
+  _elicitationHandler;
   // ═══════════════════════════════════════════════════════════════════
   // CONSTRUCTOR & FACTORY
   // ═══════════════════════════════════════════════════════════════════
@@ -988,7 +1221,8 @@ var McpTestClient = class {
       protocolVersion: config.protocolVersion ?? DEFAULT_PROTOCOL_VERSION,
       clientInfo: config.clientInfo ?? DEFAULT_CLIENT_INFO,
       platform: config.platform,
-      capabilities: config.capabilities
+      capabilities: config.capabilities,
+      queryParams: config.queryParams
     };
     if (config.auth?.token) {
       this._authState = {
@@ -1221,9 +1455,9 @@ var McpTestClient = class {
      * Send any JSON-RPC request
      */
     request: async (message) => {
-      this.ensureConnected();
+      const transport = this.getConnectedTransport();
       const start = Date.now();
-      const response = await this.transport.request(message);
+      const response = await transport.request(message);
       this.traceRequest(message.method, message.params, message.id, response, Date.now() - start);
       return response;
     },
@@ -1231,15 +1465,15 @@ var McpTestClient = class {
      * Send a notification (no response expected)
      */
     notify: async (message) => {
-      this.ensureConnected();
-      await this.transport.notify(message);
+      const transport = this.getConnectedTransport();
+      await transport.notify(message);
     },
     /**
      * Send raw string data (for error testing)
      */
     sendRaw: async (data) => {
-      this.ensureConnected();
-      return this.transport.sendRaw(data);
+      const transport = this.getConnectedTransport();
+      return transport.sendRaw(data);
     }
   };
   get lastRequestId() {
@@ -1295,6 +1529,63 @@ var McpTestClient = class {
     }
   };
   // ═══════════════════════════════════════════════════════════════════
+  // ELICITATION
+  // ═══════════════════════════════════════════════════════════════════
+  /**
+   * Register a handler for elicitation requests from the server.
+   *
+   * When a tool calls `this.elicit()` during execution, the server sends an
+   * `elicitation/create` request to the client. This handler is called to
+   * provide the response that would normally come from user interaction.
+   *
+   * @param handler - Function that receives the elicitation request and returns a response
+   *
+   * @example
+   * ```typescript
+   * // Simple acceptance
+   * mcp.onElicitation(async () => ({
+   *   action: 'accept',
+   *   content: { confirmed: true }
+   * }));
+   *
+   * // Conditional response based on request
+   * mcp.onElicitation(async (request) => {
+   *   if (request.message.includes('delete')) {
+   *     return { action: 'decline' };
+   *   }
+   *   return { action: 'accept', content: { approved: true } };
+   * });
+   *
+   * // Multi-step wizard
+   * let step = 0;
+   * mcp.onElicitation(async () => {
+   *   step++;
+   *   if (step === 1) return { action: 'accept', content: { name: 'Alice' } };
+   *   return { action: 'accept', content: { color: 'blue' } };
+   * });
+   * ```
+   */
+  onElicitation(handler) {
+    this._elicitationHandler = handler;
+    if (this.transport?.setElicitationHandler) {
+      this.transport.setElicitationHandler(handler);
+    }
+    this.log("debug", "Elicitation handler registered");
+  }
+  /**
+   * Clear the elicitation handler.
+   *
+   * After calling this, elicitation requests from the server will not be
+   * handled automatically. This can be used to test timeout scenarios.
+   */
+  clearElicitationHandler() {
+    this._elicitationHandler = void 0;
+    if (this.transport?.setElicitationHandler) {
+      this.transport.setElicitationHandler(void 0);
+    }
+    this.log("debug", "Elicitation handler cleared");
+  }
+  // ═══════════════════════════════════════════════════════════════════
   // LOGGING & DEBUGGING
   // ═══════════════════════════════════════════════════════════════════
   logs = {
@@ -1519,7 +1810,10 @@ var McpTestClient = class {
   // ═══════════════════════════════════════════════════════════════════
   async initialize() {
     const capabilities = this.config.capabilities ?? {
-      sampling: {}
+      sampling: {},
+      elicitation: {
+        form: {}
+      }
     };
     return this.request("initialize", {
       protocolVersion: this.config.protocolVersion,
@@ -1558,16 +1852,25 @@ var McpTestClient = class {
   // PRIVATE: TRANSPORT & REQUEST HELPERS
   // ═══════════════════════════════════════════════════════════════════
   createTransport() {
+    let baseUrl = this.config.baseUrl;
+    if (this.config.queryParams && Object.keys(this.config.queryParams).length > 0) {
+      const url = new URL(baseUrl);
+      Object.entries(this.config.queryParams).forEach(([key, value]) => {
+        url.searchParams.set(key, String(value));
+      });
+      baseUrl = url.toString();
+    }
     switch (this.config.transport) {
       case "streamable-http":
         return new StreamableHttpTransport({
-          baseUrl: this.config.baseUrl,
+          baseUrl,
           timeout: this.config.timeout,
           auth: this.config.auth,
           publicMode: this.config.publicMode,
           debug: this.config.debug,
           interceptors: this._interceptors,
-          clientInfo: this.config.clientInfo
+          clientInfo: this.config.clientInfo,
+          elicitationHandler: this._elicitationHandler
         });
       case "sse":
         throw new Error("SSE transport not yet implemented");
@@ -1576,12 +1879,12 @@ var McpTestClient = class {
     }
   }
   async request(method, params) {
-    this.ensureConnected();
+    const transport = this.getConnectedTransport();
     const id = ++this.requestIdCounter;
     this._lastRequestId = id;
     const start = Date.now();
     try {
-      const response = await this.transport.request({
+      const response = await transport.request({
         jsonrpc: "2.0",
         id,
         method,
@@ -1620,10 +1923,14 @@ var McpTestClient = class {
       };
     }
   }
-  ensureConnected() {
-    if (!this.transport?.isConnected()) {
+  /**
+   * Get the transport, throwing if not connected.
+   */
+  getConnectedTransport() {
+    if (!this.transport || !this.transport.isConnected()) {
       throw new Error("Not connected to MCP server. Call connect() first.");
     }
+    return this.transport;
   }
   updateSessionActivity() {
     if (this._sessionInfo) {
@@ -1876,6 +2183,9 @@ var TestTokenFactory = class {
       scope: options.scopes?.join(" "),
       ...options.claims
     };
+    if (!this.privateKey) {
+      throw new Error("Private key not initialized");
+    }
     const token = await new SignJWT(payload).setProtectedHeader({ alg: "RS256", kid: this.keyId }).sign(this.privateKey);
     return token;
   }
@@ -1935,6 +2245,9 @@ var TestTokenFactory = class {
       exp: now - 3600
       // Expired 1 hour ago
     };
+    if (!this.privateKey) {
+      throw new Error("Private key not initialized");
+    }
     const token = await new SignJWT(payload).setProtectedHeader({ alg: "RS256", kid: this.keyId }).sign(this.privateKey);
     return token;
   }
@@ -1961,6 +2274,9 @@ var TestTokenFactory = class {
    */
   async getPublicJwks() {
     await this.ensureKeys();
+    if (!this.jwk) {
+      throw new Error("JWK not initialized");
+    }
     return {
       keys: [this.jwk]
     };
@@ -2113,15 +2429,66 @@ function createTestUser(overrides) {
 
 // libs/testing/src/auth/mock-oauth-server.ts
 import { createServer } from "http";
+var _randomBytes;
+var _sha256Base64url;
+var _base64urlEncode;
+async function loadCryptoUtils() {
+  if (!_randomBytes) {
+    const utils = await import("@frontmcp/utils");
+    _randomBytes = utils.randomBytes;
+    _sha256Base64url = utils.sha256Base64url;
+    _base64urlEncode = utils.base64urlEncode;
+  }
+}
 var MockOAuthServer = class {
   tokenFactory;
   options;
   server = null;
   _info = null;
   connections = /* @__PURE__ */ new Set();
-  constructor(tokenFactory2, options = {}) {
-    this.tokenFactory = tokenFactory2;
+  /** Authorization code storage (code -> record) */
+  authCodes = /* @__PURE__ */ new Map();
+  /** Refresh token storage (token -> record) */
+  refreshTokens = /* @__PURE__ */ new Map();
+  /** Access token TTL in seconds */
+  accessTokenTtlSeconds;
+  /** Refresh token TTL in seconds */
+  refreshTokenTtlSeconds;
+  constructor(tokenFactory3, options = {}) {
+    this.tokenFactory = tokenFactory3;
     this.options = options;
+    this.accessTokenTtlSeconds = options.accessTokenTtlSeconds ?? 3600;
+    this.refreshTokenTtlSeconds = options.refreshTokenTtlSeconds ?? 30 * 24 * 3600;
+  }
+  // ═══════════════════════════════════════════════════════════════════
+  // CONFIGURATION METHODS
+  // ═══════════════════════════════════════════════════════════════════
+  /**
+   * Set auto-approve mode for authorization requests
+   */
+  setAutoApprove(enabled) {
+    this.options.autoApprove = enabled;
+  }
+  /**
+   * Set the test user returned on authorization
+   */
+  setTestUser(user) {
+    this.options.testUser = user;
+  }
+  /**
+   * Add a valid redirect URI
+   */
+  addValidRedirectUri(uri) {
+    const uris = this.options.validRedirectUris ?? [];
+    uris.push(uri);
+    this.options.validRedirectUris = uris;
+  }
+  /**
+   * Clear all stored authorization codes and refresh tokens
+   */
+  clearStoredTokens() {
+    this.authCodes.clear();
+    this.refreshTokens.clear();
   }
   /**
    * Start the mock OAuth server
@@ -2205,8 +2572,9 @@ var MockOAuthServer = class {
   // PRIVATE
   // ═══════════════════════════════════════════════════════════════════
   async handleRequest(req, res) {
-    const url = req.url ?? "/";
-    this.log(`${req.method} ${url}`);
+    const fullUrl = req.url ?? "/";
+    const [urlPath, queryString] = fullUrl.split("?");
+    this.log(`${req.method} ${urlPath}`);
     res.setHeader("Access-Control-Allow-Origin", "*");
     res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
     res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
@@ -2216,20 +2584,28 @@ var MockOAuthServer = class {
       return;
     }
     try {
-      if (url === "/.well-known/jwks.json" || url === "/.well-known/jwks") {
+      if (urlPath === "/.well-known/jwks.json" || urlPath === "/.well-known/jwks") {
         await this.handleJwks(req, res);
-      } else if (url === "/.well-known/openid-configuration") {
+      } else if (urlPath === "/.well-known/openid-configuration") {
         await this.handleOidcConfig(req, res);
-      } else if (url === "/.well-known/oauth-authorization-server") {
+      } else if (urlPath === "/.well-known/oauth-authorization-server") {
         await this.handleOAuthMetadata(req, res);
-      } else if (url === "/oauth/token") {
+      } else if (urlPath === "/oauth/authorize") {
+        await this.handleAuthorizeEndpoint(req, res, queryString);
+      } else if (urlPath === "/oauth/token") {
         await this.handleTokenEndpoint(req, res);
+      } else if (urlPath === "/userinfo") {
+        await this.handleUserInfoEndpoint(req, res);
+      } else if (urlPath === "/oauth/authorize/submit" && req.method === "POST") {
+        await this.handleAuthorizeSubmit(req, res);
       } else {
         res.writeHead(404, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: "not_found", error_description: "Endpoint not found" }));
       }
     } catch (error) {
-      this.log(`Error handling request: ${error}`);
+      const errorMsg = error instanceof Error ? `${error.message}
+${error.stack}` : String(error);
+      this.logError(`Error handling request to ${urlPath}: ${errorMsg}`);
       res.writeHead(500, { "Content-Type": "application/json" });
       res.end(JSON.stringify({ error: "server_error", error_description: "Internal server error" }));
     }
@@ -2247,13 +2623,13 @@ var MockOAuthServer = class {
       authorization_endpoint: `${issuer}/oauth/authorize`,
       token_endpoint: `${issuer}/oauth/token`,
       jwks_uri: `${issuer}/.well-known/jwks.json`,
-      response_types_supported: ["code", "token"],
+      response_types_supported: ["code"],
       subject_types_supported: ["public"],
       id_token_signing_alg_values_supported: ["RS256"],
       scopes_supported: ["openid", "profile", "email"],
       token_endpoint_auth_methods_supported: ["client_secret_basic", "client_secret_post", "none"],
       claims_supported: ["sub", "iss", "aud", "exp", "iat", "email", "name"],
-      grant_types_supported: ["authorization_code", "refresh_token", "client_credentials", "anonymous"]
+      grant_types_supported: ["authorization_code", "refresh_token", "anonymous"]
     };
     res.writeHead(200, { "Content-Type": "application/json" });
     res.end(JSON.stringify(config));
@@ -2266,8 +2642,8 @@ var MockOAuthServer = class {
       authorization_endpoint: `${issuer}/oauth/authorize`,
       token_endpoint: `${issuer}/oauth/token`,
       jwks_uri: `${issuer}/.well-known/jwks.json`,
-      response_types_supported: ["code", "token"],
-      grant_types_supported: ["authorization_code", "refresh_token", "client_credentials", "anonymous"],
+      response_types_supported: ["code"],
+      grant_types_supported: ["authorization_code", "refresh_token", "anonymous"],
       token_endpoint_auth_methods_supported: ["client_secret_basic", "client_secret_post", "none"],
       scopes_supported: ["openid", "profile", "email", "anonymous"]
     };
@@ -2275,9 +2651,112 @@ var MockOAuthServer = class {
     res.end(JSON.stringify(metadata));
     this.log("Served OAuth metadata");
   }
+  /**
+   * Handle authorization endpoint (GET /oauth/authorize)
+   * Supports auto-approve mode for E2E testing
+   */
+  async handleAuthorizeEndpoint(_req, res, queryString) {
+    const params = new URLSearchParams(queryString ?? "");
+    const clientId = params.get("client_id");
+    const redirectUri = params.get("redirect_uri");
+    const responseType = params.get("response_type");
+    const state = params.get("state") ?? void 0;
+    const scope = params.get("scope") ?? "openid";
+    const codeChallenge = params.get("code_challenge") ?? void 0;
+    const codeChallengeMethod = params.get("code_challenge_method") ?? void 0;
+    if (!clientId || !redirectUri || !responseType) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_request",
+          error_description: "Missing required parameters: client_id, redirect_uri, response_type"
+        })
+      );
+      return;
+    }
+    if (responseType !== "code") {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "unsupported_response_type",
+          error_description: "Only response_type=code is supported"
+        })
+      );
+      return;
+    }
+    if (!this.isValidRedirectUri(redirectUri)) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_request",
+          error_description: "Invalid redirect_uri"
+        })
+      );
+      return;
+    }
+    if (this.options.clientId && clientId !== this.options.clientId) {
+      this.redirectWithError(res, redirectUri, "unauthorized_client", "Invalid client_id", state);
+      return;
+    }
+    if (this.options.autoApprove) {
+      const testUser = this.options.testUser;
+      if (!testUser) {
+        this.logError("autoApprove is enabled but no testUser configured. Set testUser in MockOAuthServerOptions.");
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            error: "server_error",
+            error_description: "autoApprove is enabled but no testUser configured"
+          })
+        );
+        return;
+      }
+      const code = this.generateCode();
+      const scopes = scope.split(" ").filter(Boolean);
+      this.authCodes.set(code, {
+        code,
+        clientId,
+        redirectUri,
+        codeChallenge,
+        codeChallengeMethod,
+        scopes,
+        user: testUser,
+        state,
+        expiresAt: Date.now() + 5 * 60 * 1e3,
+        // 5 minutes
+        used: false
+      });
+      const callbackUrl = new URL(redirectUri);
+      callbackUrl.searchParams.set("code", code);
+      if (state) {
+        callbackUrl.searchParams.set("state", state);
+      }
+      this.log(`Auto-approved auth request, redirecting with code to ${callbackUrl.origin}${callbackUrl.pathname}`);
+      res.writeHead(302, { Location: callbackUrl.toString() });
+      res.end();
+      return;
+    }
+    const html = this.renderLoginPage(clientId, redirectUri, scope, state, codeChallenge, codeChallengeMethod);
+    res.writeHead(200, { "Content-Type": "text/html" });
+    res.end(html);
+  }
   async handleTokenEndpoint(req, res) {
     const body = await this.readBody(req);
     const params = new URLSearchParams(body);
+    const authHeader = req.headers["authorization"];
+    let clientSecret = params.get("client_secret") ?? void 0;
+    if (!clientSecret && authHeader?.startsWith("Basic ")) {
+      const decoded = Buffer.from(authHeader.slice(6), "base64").toString("utf8");
+      const colonIndex = decoded.indexOf(":");
+      if (colonIndex >= 0) {
+        clientSecret = decoded.slice(colonIndex + 1);
+      }
+    }
+    if (this.options.clientSecret && clientSecret !== this.options.clientSecret) {
+      res.writeHead(401, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "invalid_client", error_description: "Invalid client_secret" }));
+      return;
+    }
     const grantType = params.get("grant_type");
     if (grantType === "anonymous") {
       const token = await this.tokenFactory.createAnonymousToken();
@@ -2286,84 +2765,596 @@ var MockOAuthServer = class {
         JSON.stringify({
           access_token: token,
           token_type: "Bearer",
-          expires_in: 3600
+          expires_in: this.accessTokenTtlSeconds
         })
       );
       this.log("Issued anonymous token");
+    } else if (grantType === "authorization_code") {
+      await this.handleAuthorizationCodeGrant(params, res);
+    } else if (grantType === "refresh_token") {
+      await this.handleRefreshTokenGrant(params, res);
     } else {
       res.writeHead(400, { "Content-Type": "application/json" });
       res.end(
         JSON.stringify({
           error: "unsupported_grant_type",
-          error_description: "Only anonymous grant type is supported in mock server"
+          error_description: `Unsupported grant_type: ${grantType}`
         })
       );
     }
   }
-  readBody(req) {
-    return new Promise((resolve, reject) => {
-      const chunks = [];
-      req.on("data", (chunk) => chunks.push(chunk));
-      req.on("end", () => resolve(Buffer.concat(chunks).toString()));
-      req.on("error", reject);
-    });
-  }
-  log(message) {
-    if (this.options.debug) {
-      console.log(`[MockOAuthServer] ${message}`);
-    }
-  }
-};
-
-// libs/testing/src/auth/mock-api-server.ts
-import { createServer as createServer2 } from "http";
-var MockAPIServer = class {
-  options;
-  server = null;
-  _info = null;
-  routes;
-  constructor(options) {
-    this.options = options;
-    this.routes = options.routes ?? [];
-    for (const route of this.routes) {
-      this.validateRoute(route);
-    }
-  }
   /**
-   * Start the mock API server
+   * Handle authorization_code grant type
    */
-  async start() {
-    if (this.server) {
-      throw new Error("Mock API server is already running");
+  async handleAuthorizationCodeGrant(params, res) {
+    const code = params.get("code");
+    const redirectUri = params.get("redirect_uri");
+    const clientId = params.get("client_id");
+    const codeVerifier = params.get("code_verifier");
+    if (!code || !redirectUri || !clientId) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_request",
+          error_description: "Missing required parameters: code, redirect_uri, client_id"
+        })
+      );
+      return;
     }
-    const port = this.options.port ?? 0;
-    return new Promise((resolve, reject) => {
-      const server = createServer2(this.handleRequest.bind(this));
-      this.server = server;
-      server.on("error", (err) => {
-        this.log(`Server error: ${err.message}`);
-        reject(err);
-      });
-      server.listen(port, () => {
-        const address = server.address();
-        if (!address || typeof address === "string") {
-          reject(new Error("Failed to get server address"));
-          return;
-        }
-        const actualPort = address.port;
-        this._info = {
-          baseUrl: `http://localhost:${actualPort}`,
-          port: actualPort,
-          specUrl: `http://localhost:${actualPort}/openapi.json`
-        };
-        this.log(`Mock API server started at ${this._info.baseUrl}`);
-        resolve(this._info);
-      });
-    });
-  }
-  /**
-   * Stop the mock API server
-   */
+    const codeRecord = this.authCodes.get(code);
+    if (!codeRecord) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_grant",
+          error_description: "Authorization code not found or expired"
+        })
+      );
+      return;
+    }
+    if (codeRecord.used) {
+      this.authCodes.delete(code);
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_grant",
+          error_description: "Authorization code has already been used"
+        })
+      );
+      return;
+    }
+    if (codeRecord.expiresAt < Date.now()) {
+      this.authCodes.delete(code);
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_grant",
+          error_description: "Authorization code has expired"
+        })
+      );
+      return;
+    }
+    if (codeRecord.clientId !== clientId) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_grant",
+          error_description: "client_id mismatch"
+        })
+      );
+      return;
+    }
+    if (codeRecord.redirectUri !== redirectUri) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_grant",
+          error_description: "redirect_uri mismatch"
+        })
+      );
+      return;
+    }
+    if (codeRecord.codeChallenge) {
+      if (!codeVerifier) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            error: "invalid_grant",
+            error_description: "code_verifier required"
+          })
+        );
+        return;
+      }
+      const method = codeRecord.codeChallengeMethod ?? "plain";
+      if (method !== "S256" && method !== "plain") {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            error: "invalid_grant",
+            error_description: `Unsupported code_challenge_method: ${method}`
+          })
+        );
+        return;
+      }
+      const expectedChallenge = await this.computeCodeChallengeAsync(codeVerifier, method);
+      if (expectedChallenge !== codeRecord.codeChallenge) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            error: "invalid_grant",
+            error_description: "PKCE verification failed"
+          })
+        );
+        return;
+      }
+    }
+    codeRecord.used = true;
+    const accessToken = await this.tokenFactory.createTestToken({
+      sub: codeRecord.user.sub,
+      claims: {
+        email: codeRecord.user.email,
+        name: codeRecord.user.name,
+        ...codeRecord.user.claims ?? {}
+      }
+    });
+    const idToken = await this.tokenFactory.createTestToken({
+      sub: codeRecord.user.sub,
+      claims: {
+        email: codeRecord.user.email,
+        name: codeRecord.user.name,
+        ...codeRecord.user.claims ?? {}
+      }
+    });
+    const refreshToken = this.generateCode();
+    this.refreshTokens.set(refreshToken, {
+      token: refreshToken,
+      clientId,
+      user: codeRecord.user,
+      scopes: codeRecord.scopes,
+      expiresAt: Date.now() + this.refreshTokenTtlSeconds * 1e3
+    });
+    this.log(`Issued tokens for user: ${codeRecord.user.sub}`);
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(
+      JSON.stringify({
+        access_token: accessToken,
+        token_type: "Bearer",
+        expires_in: this.accessTokenTtlSeconds,
+        refresh_token: refreshToken,
+        id_token: idToken,
+        scope: codeRecord.scopes.join(" ")
+      })
+    );
+  }
+  /**
+   * Handle refresh_token grant type
+   */
+  async handleRefreshTokenGrant(params, res) {
+    const refreshToken = params.get("refresh_token");
+    const clientId = params.get("client_id");
+    if (!refreshToken || !clientId) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_request",
+          error_description: "Missing required parameters: refresh_token, client_id"
+        })
+      );
+      return;
+    }
+    const tokenRecord = this.refreshTokens.get(refreshToken);
+    if (!tokenRecord) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_grant",
+          error_description: "Refresh token not found or expired"
+        })
+      );
+      return;
+    }
+    if (tokenRecord.expiresAt < Date.now()) {
+      this.refreshTokens.delete(refreshToken);
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_grant",
+          error_description: "Refresh token has expired"
+        })
+      );
+      return;
+    }
+    if (tokenRecord.clientId !== clientId) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_grant",
+          error_description: "client_id mismatch"
+        })
+      );
+      return;
+    }
+    const accessToken = await this.tokenFactory.createTestToken({
+      sub: tokenRecord.user.sub,
+      claims: {
+        email: tokenRecord.user.email,
+        name: tokenRecord.user.name,
+        ...tokenRecord.user.claims ?? {}
+      }
+    });
+    this.refreshTokens.delete(refreshToken);
+    const newRefreshToken = this.generateCode();
+    this.refreshTokens.set(newRefreshToken, {
+      ...tokenRecord,
+      token: newRefreshToken,
+      expiresAt: Date.now() + this.refreshTokenTtlSeconds * 1e3
+    });
+    this.log(`Refreshed tokens for user: ${tokenRecord.user.sub}`);
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(
+      JSON.stringify({
+        access_token: accessToken,
+        token_type: "Bearer",
+        expires_in: this.accessTokenTtlSeconds,
+        refresh_token: newRefreshToken,
+        scope: tokenRecord.scopes.join(" ")
+      })
+    );
+  }
+  /**
+   * Handle userinfo endpoint (GET /userinfo)
+   */
+  async handleUserInfoEndpoint(req, res) {
+    const authHeader = req.headers["authorization"];
+    if (!authHeader?.startsWith("Bearer ")) {
+      res.writeHead(401, { "WWW-Authenticate": 'Bearer error="invalid_token"' });
+      res.end(JSON.stringify({ error: "invalid_token", error_description: "Missing or invalid Authorization header" }));
+      return;
+    }
+    const testUser = this.options.testUser;
+    if (!testUser) {
+      this.logError("UserInfo endpoint called but no testUser configured. Set testUser in MockOAuthServerOptions.");
+      res.writeHead(500, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "server_error", error_description: "No test user configured" }));
+      return;
+    }
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(
+      JSON.stringify({
+        sub: testUser.sub,
+        email: testUser.email,
+        name: testUser.name,
+        picture: testUser.picture,
+        ...testUser.claims ?? {}
+      })
+    );
+  }
+  /**
+   * Handle authorize form submission (POST /oauth/authorize/submit)
+   * Processes the manual login form for non-autoApprove testing
+   */
+  async handleAuthorizeSubmit(req, res) {
+    const body = await this.readBody(req);
+    const params = new URLSearchParams(body);
+    const clientId = params.get("client_id");
+    const redirectUri = params.get("redirect_uri");
+    const scope = params.get("scope") ?? "openid";
+    const state = params.get("state") ?? void 0;
+    const codeChallenge = params.get("code_challenge") ?? void 0;
+    const codeChallengeMethod = params.get("code_challenge_method") ?? void 0;
+    const action = params.get("action");
+    const sub = params.get("sub");
+    const email = params.get("email") ?? void 0;
+    const name = params.get("name") ?? void 0;
+    if (!clientId || !redirectUri || !sub) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_request",
+          error_description: "Missing required fields"
+        })
+      );
+      return;
+    }
+    if (!this.isValidRedirectUri(redirectUri)) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "invalid_request",
+          error_description: "Invalid redirect_uri"
+        })
+      );
+      return;
+    }
+    if (this.options.clientId && clientId !== this.options.clientId) {
+      this.redirectWithError(res, redirectUri, "unauthorized_client", "Invalid client_id", state);
+      return;
+    }
+    if (action === "deny") {
+      this.redirectWithError(res, redirectUri, "access_denied", "User denied the authorization request", state);
+      return;
+    }
+    const testUser = {
+      sub,
+      email,
+      name
+    };
+    const code = this.generateCode();
+    const scopes = scope.split(" ").filter(Boolean);
+    this.authCodes.set(code, {
+      code,
+      clientId,
+      redirectUri,
+      codeChallenge,
+      codeChallengeMethod,
+      scopes,
+      user: testUser,
+      state,
+      expiresAt: Date.now() + 5 * 60 * 1e3,
+      // 5 minutes
+      used: false
+    });
+    const callbackUrl = new URL(redirectUri);
+    callbackUrl.searchParams.set("code", code);
+    if (state) {
+      callbackUrl.searchParams.set("state", state);
+    }
+    this.log(
+      `Manual auth approved for user: ${sub}, redirecting with code to ${callbackUrl.origin}${callbackUrl.pathname}`
+    );
+    res.writeHead(302, { Location: callbackUrl.toString() });
+    res.end();
+  }
+  readBody(req) {
+    return new Promise((resolve, reject) => {
+      const chunks = [];
+      req.on("data", (chunk) => chunks.push(chunk));
+      req.on("end", () => resolve(Buffer.concat(chunks).toString()));
+      req.on("error", reject);
+    });
+  }
+  log(message) {
+    const shouldLog = this.options.debug || process.env["DEBUG"] === "1" || process.env["DEBUG_SERVER"] === "1";
+    if (shouldLog) {
+      console.log(`[MockOAuthServer] ${message}`);
+    }
+  }
+  logError(message) {
+    console.error(`[MockOAuthServer ERROR] ${message}`);
+  }
+  // ═══════════════════════════════════════════════════════════════════
+  // HELPER METHODS
+  // ═══════════════════════════════════════════════════════════════════
+  /**
+   * Validate redirect URI against configured valid URIs
+   * Supports wildcards for port (e.g., http://localhost:*)
+   */
+  isValidRedirectUri(redirectUri) {
+    const validUris = this.options.validRedirectUris;
+    if (!validUris || validUris.length === 0) {
+      return true;
+    }
+    if (redirectUri.length > 2048) {
+      return false;
+    }
+    for (const pattern of validUris) {
+      if (pattern === redirectUri) {
+        return true;
+      }
+      if (pattern.includes("*")) {
+        if (this.matchWildcardPattern(pattern, redirectUri)) {
+          return true;
+        }
+      }
+    }
+    return false;
+  }
+  /**
+   * Safe string-based wildcard matching (O(n) complexity)
+   * Avoids regex to prevent ReDoS vulnerabilities
+   */
+  matchWildcardPattern(pattern, input) {
+    const parts = pattern.split("*");
+    let remaining = input;
+    if (!remaining.startsWith(parts[0])) {
+      return false;
+    }
+    remaining = remaining.slice(parts[0].length);
+    for (let i = 1; i < parts.length; i++) {
+      const part = parts[i];
+      if (i === parts.length - 1) {
+        if (!remaining.endsWith(part)) {
+          return false;
+        }
+      } else {
+        const idx = remaining.indexOf(part);
+        if (idx === -1) {
+          return false;
+        }
+        remaining = remaining.slice(idx + part.length);
+      }
+    }
+    return true;
+  }
+  /**
+   * Redirect with OAuth error
+   */
+  redirectWithError(res, redirectUri, error, errorDescription, state) {
+    const url = new URL(redirectUri);
+    url.searchParams.set("error", error);
+    url.searchParams.set("error_description", errorDescription);
+    if (state) {
+      url.searchParams.set("state", state);
+    }
+    res.writeHead(302, { Location: url.toString() });
+    res.end();
+  }
+  /**
+   * Generate a random authorization code
+   */
+  async generateCodeAsync() {
+    await loadCryptoUtils();
+    return _base64urlEncode(_randomBytes(32));
+  }
+  /**
+   * Generate a random authorization code (sync wrapper for compatibility)
+   */
+  generateCode() {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    const base64 = Buffer.from(bytes).toString("base64");
+    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  }
+  /**
+   * Compute PKCE code challenge from verifier
+   */
+  async computeCodeChallengeAsync(verifier, method) {
+    if (method === "S256") {
+      await loadCryptoUtils();
+      return _sha256Base64url(verifier);
+    }
+    return verifier;
+  }
+  /**
+   * Render a simple login page for manual testing
+   */
+  renderLoginPage(clientId, redirectUri, scope, state, codeChallenge, codeChallengeMethod) {
+    const issuer = this._info?.issuer ?? "http://localhost";
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Mock OAuth Login</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: #f5f5f5;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 20px;
+    }
+    .container {
+      background: white;
+      padding: 40px;
+      border-radius: 12px;
+      box-shadow: 0 4px 20px rgba(0,0,0,0.1);
+      max-width: 400px;
+      width: 100%;
+    }
+    h1 { margin-top: 0; color: #333; }
+    .info { color: #666; font-size: 14px; margin-bottom: 20px; }
+    .field { margin-bottom: 15px; }
+    label { display: block; margin-bottom: 5px; font-weight: 500; }
+    input { width: 100%; padding: 10px; border: 1px solid #ddd; border-radius: 6px; box-sizing: border-box; }
+    button {
+      width: 100%;
+      padding: 12px;
+      background: #667eea;
+      color: white;
+      border: none;
+      border-radius: 6px;
+      cursor: pointer;
+      font-size: 16px;
+    }
+    button:hover { background: #5a6fd6; }
+    .deny { background: #e53e3e; margin-top: 10px; }
+    .deny:hover { background: #c53030; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>Mock OAuth Login</h1>
+    <p class="info">
+      <strong>Client:</strong> ${this.escapeHtml(clientId)}<br>
+      <strong>Scopes:</strong> ${this.escapeHtml(scope)}<br>
+      <strong>Issuer:</strong> ${this.escapeHtml(issuer)}
+    </p>
+    <form method="POST" action="/oauth/authorize/submit">
+      <input type="hidden" name="client_id" value="${this.escapeHtml(clientId)}">
+      <input type="hidden" name="redirect_uri" value="${this.escapeHtml(redirectUri)}">
+      <input type="hidden" name="scope" value="${this.escapeHtml(scope)}">
+      ${state ? `<input type="hidden" name="state" value="${this.escapeHtml(state)}">` : ""}
+      ${codeChallenge ? `<input type="hidden" name="code_challenge" value="${this.escapeHtml(codeChallenge)}">` : ""}
+      ${codeChallengeMethod ? `<input type="hidden" name="code_challenge_method" value="${this.escapeHtml(codeChallengeMethod)}">` : ""}
+      <div class="field">
+        <label for="sub">User ID (sub)</label>
+        <input type="text" id="sub" name="sub" value="test-user-123" required>
+      </div>
+      <div class="field">
+        <label for="email">Email</label>
+        <input type="email" id="email" name="email" value="test@example.com">
+      </div>
+      <div class="field">
+        <label for="name">Name</label>
+        <input type="text" id="name" name="name" value="Test User">
+      </div>
+      <button type="submit" name="action" value="approve">Approve</button>
+      <button type="submit" name="action" value="deny" class="deny">Deny</button>
+    </form>
+  </div>
+</body>
+</html>`;
+  }
+  /**
+   * Escape HTML to prevent XSS
+   */
+  escapeHtml(text) {
+    return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+  }
+};
+
+// libs/testing/src/auth/mock-api-server.ts
+import { createServer as createServer2 } from "http";
+var MockAPIServer = class {
+  options;
+  server = null;
+  _info = null;
+  routes;
+  constructor(options) {
+    this.options = options;
+    this.routes = options.routes ?? [];
+    for (const route of this.routes) {
+      this.validateRoute(route);
+    }
+  }
+  /**
+   * Start the mock API server
+   */
+  async start() {
+    if (this.server) {
+      throw new Error("Mock API server is already running");
+    }
+    const port = this.options.port ?? 0;
+    return new Promise((resolve, reject) => {
+      const server = createServer2(this.handleRequest.bind(this));
+      this.server = server;
+      server.on("error", (err) => {
+        this.log(`Server error: ${err.message}`);
+        reject(err);
+      });
+      server.listen(port, () => {
+        const address = server.address();
+        if (!address || typeof address === "string") {
+          reject(new Error("Failed to get server address"));
+          return;
+        }
+        const actualPort = address.port;
+        this._info = {
+          baseUrl: `http://localhost:${actualPort}`,
+          port: actualPort,
+          specUrl: `http://localhost:${actualPort}/openapi.json`
+        };
+        this.log(`Mock API server started at ${this._info.baseUrl}`);
+        resolve(this._info);
+      });
+    });
+  }
+  /**
+   * Stop the mock API server
+   */
   async stop() {
     const server = this.server;
     if (!server) {
@@ -2586,23 +3577,449 @@ var MockAPIServer = class {
   }
 };
 
-// libs/testing/src/server/test-server.ts
-import { spawn } from "child_process";
-var TestServer = class _TestServer {
-  process = null;
+// libs/testing/src/auth/mock-cimd-server.ts
+import { createServer as createServer3 } from "http";
+var MockCimdServer = class {
   options;
-  _info;
-  logs = [];
-  constructor(options, port) {
-    this.options = {
-      port,
-      command: options.command ?? "",
-      cwd: options.cwd ?? process.cwd(),
-      env: options.env ?? {},
+  server = null;
+  _info = null;
+  /** Map of path -> client */
+  clients = /* @__PURE__ */ new Map();
+  /** Map of path -> custom response (for error testing) */
+  customResponses = /* @__PURE__ */ new Map();
+  constructor(options = {}) {
+    this.options = options;
+  }
+  /**
+   * Start the mock CIMD server.
+   */
+  async start() {
+    if (this.server) {
+      throw new Error("Mock CIMD server is already running");
+    }
+    const port = this.options.port ?? 0;
+    return new Promise((resolve, reject) => {
+      const server = createServer3(this.handleRequest.bind(this));
+      this.server = server;
+      server.on("error", (err) => {
+        this.log(`Server error: ${err.message}`);
+        reject(err);
+      });
+      server.listen(port, () => {
+        const address = server.address();
+        if (!address || typeof address === "string") {
+          reject(new Error("Failed to get server address"));
+          return;
+        }
+        const actualPort = address.port;
+        this._info = {
+          baseUrl: `http://localhost:${actualPort}`,
+          port: actualPort
+        };
+        this.log(`Mock CIMD server started at ${this._info.baseUrl}`);
+        resolve(this._info);
+      });
+    });
+  }
+  /**
+   * Stop the mock CIMD server.
+   */
+  async stop() {
+    const server = this.server;
+    if (!server) {
+      return;
+    }
+    return new Promise((resolve, reject) => {
+      server.close((err) => {
+        if (err) {
+          reject(err);
+        } else {
+          this.server = null;
+          this._info = null;
+          this.log("Mock CIMD server stopped");
+          resolve();
+        }
+      });
+    });
+  }
+  /**
+   * Get server info.
+   */
+  get info() {
+    if (!this._info) {
+      throw new Error("Mock CIMD server is not running");
+    }
+    return this._info;
+  }
+  /**
+   * Register a client and return its client_id URL.
+   *
+   * @param options - Client configuration
+   * @returns The client_id URL to use in OAuth flows
+   */
+  registerClient(options) {
+    if (!this._info) {
+      throw new Error("Mock CIMD server is not running. Call start() first.");
+    }
+    const path = options.path ?? this.nameToPath(options.name);
+    const fullPath = `/clients/${path}/metadata.json`;
+    const clientId = `${this._info.baseUrl}${fullPath}`;
+    const document = {
+      client_id: clientId,
+      client_name: options.name,
+      redirect_uris: options.redirectUris ?? ["http://localhost:3000/callback"],
+      token_endpoint_auth_method: options.tokenEndpointAuthMethod ?? "none",
+      grant_types: options.grantTypes ?? ["authorization_code"],
+      response_types: options.responseTypes ?? ["code"],
+      ...options.clientUri && { client_uri: options.clientUri },
+      ...options.logoUri && { logo_uri: options.logoUri },
+      ...options.scope && { scope: options.scope },
+      ...options.contacts && { contacts: options.contacts }
+    };
+    this.clients.set(fullPath, { path: fullPath, document });
+    this.log(`Registered client: ${options.name} at ${fullPath}`);
+    return clientId;
+  }
+  /**
+   * Get the client_id URL for a previously registered client.
+   *
+   * @param name - The client name used during registration
+   * @returns The client_id URL
+   */
+  getClientId(name) {
+    if (!this._info) {
+      throw new Error("Mock CIMD server is not running");
+    }
+    const path = this.nameToPath(name);
+    const fullPath = `/clients/${path}/metadata.json`;
+    const client = this.clients.get(fullPath);
+    if (!client) {
+      throw new Error(`Client "${name}" not found. Register it first.`);
+    }
+    return client.document.client_id;
+  }
+  /**
+   * Register an invalid document for error testing.
+   *
+   * @param path - The path to serve the invalid document at
+   * @param document - The invalid document content
+   */
+  registerInvalidDocument(path, document) {
+    if (!this._info) {
+      throw new Error("Mock CIMD server is not running");
+    }
+    const fullPath = path.startsWith("/") ? path : `/${path}`;
+    this.clients.set(fullPath, {
+      path: fullPath,
+      document
+    });
+    this.log(`Registered invalid document at ${fullPath}`);
+  }
+  /**
+   * Register a custom error response for a path.
+   *
+   * @param path - The path to return the error at
+   * @param statusCode - HTTP status code to return
+   * @param body - Optional response body
+   */
+  registerFetchError(path, statusCode, body) {
+    const fullPath = path.startsWith("/") ? path : `/${path}`;
+    this.customResponses.set(fullPath, { status: statusCode, body });
+    this.log(`Registered error response at ${fullPath}: ${statusCode}`);
+  }
+  /**
+   * Remove a registered client.
+   *
+   * @param name - The client name to remove
+   */
+  removeClient(name) {
+    const path = this.nameToPath(name);
+    const fullPath = `/clients/${path}/metadata.json`;
+    this.clients.delete(fullPath);
+    this.log(`Removed client: ${name}`);
+  }
+  /**
+   * Clear all registered clients and custom responses.
+   */
+  clear() {
+    this.clients.clear();
+    this.customResponses.clear();
+    this.log("Cleared all clients and custom responses");
+  }
+  // ═══════════════════════════════════════════════════════════════════
+  // PRIVATE
+  // ═══════════════════════════════════════════════════════════════════
+  handleRequest(req, res) {
+    const url = req.url ?? "/";
+    const method = (req.method ?? "GET").toUpperCase();
+    this.log(`${method} ${url}`);
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Methods", "GET, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
+    if (method === "OPTIONS") {
+      res.writeHead(204);
+      res.end();
+      return;
+    }
+    if (method !== "GET") {
+      res.writeHead(405, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "method_not_allowed" }));
+      return;
+    }
+    const customResponse = this.customResponses.get(url);
+    if (customResponse) {
+      res.writeHead(customResponse.status, { "Content-Type": "application/json" });
+      res.end(customResponse.body ? JSON.stringify(customResponse.body) : "");
+      this.log(`Returned custom error response: ${customResponse.status}`);
+      return;
+    }
+    const client = this.clients.get(url);
+    if (client) {
+      res.writeHead(200, {
+        "Content-Type": "application/json",
+        "Cache-Control": "max-age=3600"
+      });
+      res.end(JSON.stringify(client.document));
+      this.log(`Served client metadata: ${client.document.client_name}`);
+      return;
+    }
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ error: "not_found", message: `No client at ${url}` }));
+    this.log(`Client not found: ${url}`);
+  }
+  nameToPath(name) {
+    return name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
+  }
+  log(message) {
+    if (this.options.debug) {
+      console.log(`[MockCimdServer] ${message}`);
+    }
+  }
+};
+
+// libs/testing/src/server/test-server.ts
+import { spawn } from "child_process";
+
+// libs/testing/src/errors/index.ts
+var TestClientError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "TestClientError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var ConnectionError = class extends TestClientError {
+  constructor(message, cause) {
+    super(message);
+    this.cause = cause;
+    this.name = "ConnectionError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var TimeoutError = class extends TestClientError {
+  constructor(message, timeoutMs) {
+    super(message);
+    this.timeoutMs = timeoutMs;
+    this.name = "TimeoutError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var McpProtocolError = class extends TestClientError {
+  constructor(message, code, data) {
+    super(message);
+    this.code = code;
+    this.data = data;
+    this.name = "McpProtocolError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var ServerStartError = class extends TestClientError {
+  constructor(message, cause) {
+    super(message);
+    this.cause = cause;
+    this.name = "ServerStartError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var AssertionError = class extends TestClientError {
+  constructor(message) {
+    super(message);
+    this.name = "AssertionError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+
+// libs/testing/src/server/port-registry.ts
+import { createServer as createServer4 } from "net";
+var E2E_PORT_RANGES = {
+  // Core E2E tests (50000-50099)
+  "demo-e2e-public": { start: 5e4, size: 10 },
+  "demo-e2e-cache": { start: 50010, size: 10 },
+  "demo-e2e-config": { start: 50020, size: 10 },
+  "demo-e2e-direct": { start: 50030, size: 10 },
+  "demo-e2e-errors": { start: 50040, size: 10 },
+  "demo-e2e-hooks": { start: 50050, size: 10 },
+  "demo-e2e-multiapp": { start: 50060, size: 10 },
+  "demo-e2e-notifications": { start: 50070, size: 10 },
+  "demo-e2e-providers": { start: 50080, size: 10 },
+  "demo-e2e-standalone": { start: 50090, size: 10 },
+  // Auth E2E tests (50100-50199)
+  "demo-e2e-orchestrated": { start: 50100, size: 10 },
+  "demo-e2e-transparent": { start: 50110, size: 10 },
+  "demo-e2e-cimd": { start: 50120, size: 10 },
+  // Feature E2E tests (50200-50299)
+  "demo-e2e-skills": { start: 50200, size: 10 },
+  "demo-e2e-remote": { start: 50210, size: 10 },
+  "demo-e2e-openapi": { start: 50220, size: 10 },
+  "demo-e2e-ui": { start: 50230, size: 10 },
+  "demo-e2e-codecall": { start: 50240, size: 10 },
+  "demo-e2e-remember": { start: 50250, size: 10 },
+  "demo-e2e-elicitation": { start: 50260, size: 10 },
+  "demo-e2e-agents": { start: 50270, size: 10 },
+  "demo-e2e-transport-recreation": { start: 50280, size: 10 },
+  // Infrastructure E2E tests (50300-50399)
+  "demo-e2e-redis": { start: 50300, size: 10 },
+  "demo-e2e-serverless": { start: 50310, size: 10 },
+  // Mock servers and utilities (50900-50999)
+  "mock-oauth": { start: 50900, size: 10 },
+  "mock-api": { start: 50910, size: 10 },
+  "mock-cimd": { start: 50920, size: 10 },
+  // Dynamic/unknown projects (51000+)
+  default: { start: 51e3, size: 100 }
+};
+var reservedPorts = /* @__PURE__ */ new Map();
+var projectPortIndex = /* @__PURE__ */ new Map();
+function getPortRange(project) {
+  const key = project;
+  if (key in E2E_PORT_RANGES) {
+    return E2E_PORT_RANGES[key];
+  }
+  return E2E_PORT_RANGES.default;
+}
+async function reservePort(project, preferredPort) {
+  const range = getPortRange(project);
+  if (preferredPort !== void 0) {
+    const reservation = await tryReservePort(preferredPort, project);
+    if (reservation) {
+      return {
+        port: preferredPort,
+        release: async () => {
+          await releasePort(preferredPort);
+        }
+      };
+    }
+    console.warn(`[PortRegistry] Preferred port ${preferredPort} not available for ${project}, allocating from range`);
+  }
+  let index = projectPortIndex.get(project) ?? 0;
+  const maxAttempts = range.size;
+  for (let attempt = 0; attempt < maxAttempts; attempt++) {
+    const port = range.start + index % range.size;
+    index = (index + 1) % range.size;
+    if (reservedPorts.has(port)) {
+      continue;
+    }
+    const reservation = await tryReservePort(port, project);
+    if (reservation) {
+      projectPortIndex.set(project, index);
+      return {
+        port,
+        release: async () => {
+          await releasePort(port);
+        }
+      };
+    }
+  }
+  const dynamicPort = await findAvailablePortInRange(51e3, 52e3);
+  if (dynamicPort) {
+    const reservation = await tryReservePort(dynamicPort, project);
+    if (reservation) {
+      return {
+        port: dynamicPort,
+        release: async () => {
+          await releasePort(dynamicPort);
+        }
+      };
+    }
+  }
+  throw new Error(
+    `[PortRegistry] Could not reserve a port for ${project}. Range: ${range.start}-${range.start + range.size - 1}. Currently reserved: ${Array.from(reservedPorts.keys()).join(", ")}`
+  );
+}
+async function tryReservePort(port, project) {
+  return new Promise((resolve) => {
+    const server = createServer4();
+    server.once("error", () => {
+      resolve(false);
+    });
+    server.listen(port, "::", () => {
+      reservedPorts.set(port, {
+        port,
+        project,
+        holder: server,
+        reservedAt: Date.now()
+      });
+      resolve(true);
+    });
+  });
+}
+async function releasePort(port) {
+  const reservation = reservedPorts.get(port);
+  if (!reservation) {
+    return;
+  }
+  return new Promise((resolve) => {
+    reservation.holder.close(() => {
+      reservedPorts.delete(port);
+      resolve();
+    });
+  });
+}
+async function findAvailablePortInRange(start, end) {
+  for (let port = start; port < end; port++) {
+    if (reservedPorts.has(port)) {
+      continue;
+    }
+    const available = await isPortAvailable(port);
+    if (available) {
+      return port;
+    }
+  }
+  return null;
+}
+async function isPortAvailable(port) {
+  return new Promise((resolve) => {
+    const server = createServer4();
+    server.once("error", () => {
+      resolve(false);
+    });
+    server.listen(port, "::", () => {
+      server.close(() => {
+        resolve(true);
+      });
+    });
+  });
+}
+
+// libs/testing/src/server/test-server.ts
+var DEBUG_SERVER = process.env["DEBUG_SERVER"] === "1" || process.env["DEBUG"] === "1";
+var TestServer = class _TestServer {
+  process = null;
+  options;
+  _info;
+  logs = [];
+  portRelease = null;
+  constructor(options, port, portRelease) {
+    this.options = {
+      port,
+      project: options.project,
+      command: options.command ?? "",
+      cwd: options.cwd ?? process.cwd(),
+      env: options.env ?? {},
       startupTimeout: options.startupTimeout ?? 3e4,
       healthCheckPath: options.healthCheckPath ?? "/health",
-      debug: options.debug ?? false
+      debug: options.debug ?? DEBUG_SERVER
     };
+    this.portRelease = portRelease ?? null;
     this._info = {
       baseUrl: `http://localhost:${port}`,
       port
@@ -2612,7 +4029,9 @@ var TestServer = class _TestServer {
    * Start a test server with custom command
    */
   static async start(options) {
-    const port = options.port ?? await findAvailablePort();
+    const project = options.project ?? "default";
+    const { port, release } = await reservePort(project, options.port);
+    await release();
     const server = new _TestServer(options, port);
     try {
       await server.startProcess();
@@ -2631,10 +4050,12 @@ var TestServer = class _TestServer {
         `Invalid project name: ${project}. Must contain only alphanumeric, underscore, and hyphen characters.`
       );
     }
-    const port = options.port ?? await findAvailablePort();
+    const { port, release } = await reservePort(project, options.port);
+    await release();
     const serverOptions = {
       ...options,
       port,
+      project,
       command: `npx nx serve ${project} --port ${port}`,
       cwd: options.cwd ?? process.cwd()
     };
@@ -2792,22 +4213,54 @@ var TestServer = class _TestServer {
       exitCode = code;
       this.log(`Server process exited with code ${code}`);
     });
-    await this.waitForReadyWithExitDetection(() => {
-      if (exitError) {
-        return { exited: true, error: exitError };
-      }
-      if (processExited) {
-        const recentLogs = this.logs.slice(-10).join("\n");
-        return {
-          exited: true,
-          error: new Error(`Server process exited unexpectedly with code ${exitCode}.
+    try {
+      await this.waitForReadyWithExitDetection(() => {
+        if (exitError) {
+          return { exited: true, error: exitError };
+        }
+        if (processExited) {
+          const allLogs = this.logs.join("\n");
+          const errorLogs = this.logs.filter((l) => l.includes("[ERROR]") || l.toLowerCase().includes("error")).join("\n");
+          return {
+            exited: true,
+            error: new ServerStartError(
+              `Server process exited unexpectedly with code ${exitCode}.
 
-Recent logs:
-${recentLogs}`)
-        };
-      }
-      return { exited: false };
-    });
+Command: ${this.options.command}
+CWD: ${this.options.cwd}
+Port: ${this.options.port}
+
+=== Error Logs ===
+${errorLogs || "No error logs captured"}
+
+=== Full Logs ===
+${allLogs || "No logs captured"}`
+            )
+          };
+        }
+        return { exited: false };
+      });
+    } catch (error) {
+      this.printLogsOnFailure("Server startup failed");
+      throw error;
+    }
+  }
+  /**
+   * Print server logs on failure for debugging
+   */
+  printLogsOnFailure(context) {
+    const allLogs = this.logs.join("\n");
+    if (allLogs) {
+      console.error(`
+[TestServer] ${context}`);
+      console.error(`[TestServer] Command: ${this.options.command}`);
+      console.error(`[TestServer] Port: ${this.options.port}`);
+      console.error(`[TestServer] CWD: ${this.options.cwd}`);
+      console.error(`[TestServer] === Server Logs ===
+${allLogs}`);
+      console.error(`[TestServer] === End Logs ===
+`);
+    }
   }
   /**
    * Wait for server to be ready, but also detect early process exit
@@ -2816,29 +4269,57 @@ ${recentLogs}`)
     const timeoutMs = this.options.startupTimeout;
     const deadline = Date.now() + timeoutMs;
     const checkInterval = 100;
+    let lastHealthCheckError = null;
+    let healthCheckAttempts = 0;
+    this.log(`Waiting for server to be ready (timeout: ${timeoutMs}ms)...`);
     while (Date.now() < deadline) {
       const exitStatus = checkExit();
       if (exitStatus.exited) {
-        throw exitStatus.error ?? new Error("Server process exited unexpectedly");
+        throw exitStatus.error ?? new ServerStartError("Server process exited unexpectedly");
       }
+      healthCheckAttempts++;
       try {
-        const response = await fetch(`${this._info.baseUrl}${this.options.healthCheckPath}`, {
+        const healthUrl = `${this._info.baseUrl}${this.options.healthCheckPath}`;
+        const response = await fetch(healthUrl, {
           method: "GET",
           signal: AbortSignal.timeout(1e3)
         });
         if (response.ok || response.status === 404) {
-          this.log("Server is ready");
+          this.log(`Server is ready after ${healthCheckAttempts} health check attempts`);
           return;
         }
-      } catch {
+        lastHealthCheckError = `HTTP ${response.status}: ${response.statusText}`;
+      } catch (err) {
+        lastHealthCheckError = err instanceof Error ? err.message : String(err);
+      }
+      const elapsed = Date.now() - (deadline - timeoutMs);
+      if (elapsed > 0 && elapsed % 5e3 < checkInterval) {
+        this.log(
+          `Still waiting for server... (${Math.round(elapsed / 1e3)}s elapsed, last error: ${lastHealthCheckError})`
+        );
       }
       await sleep2(checkInterval);
     }
     const finalExitStatus = checkExit();
     if (finalExitStatus.exited) {
-      throw finalExitStatus.error ?? new Error("Server process exited unexpectedly");
+      throw finalExitStatus.error ?? new ServerStartError("Server process exited unexpectedly");
     }
-    throw new Error(`Server did not become ready within ${timeoutMs}ms`);
+    const allLogs = this.logs.join("\n");
+    throw new ServerStartError(
+      `Server did not become ready within ${timeoutMs}ms.
+
+Command: ${this.options.command}
+CWD: ${this.options.cwd}
+Port: ${this.options.port}
+Health check URL: ${this._info.baseUrl}${this.options.healthCheckPath}
+Health check attempts: ${healthCheckAttempts}
+Last health check error: ${lastHealthCheckError ?? "none"}
+
+=== Server Logs ===
+${allLogs || "No logs captured"}
+
+TIP: Set DEBUG_SERVER=1 or DEBUG=1 environment variable for verbose output`
+    );
   }
   log(message) {
     if (this.options.debug) {
@@ -2846,22 +4327,6 @@ ${recentLogs}`)
     }
   }
 };
-async function findAvailablePort() {
-  const { createServer: createServer3 } = await import("net");
-  return new Promise((resolve, reject) => {
-    const server = createServer3();
-    server.listen(0, () => {
-      const address = server.address();
-      if (address && typeof address !== "string") {
-        const port = address.port;
-        server.close(() => resolve(port));
-      } else {
-        reject(new Error("Could not get port"));
-      }
-    });
-    server.on("error", reject);
-  });
-}
 function sleep2(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -3031,55 +4496,6 @@ function hasMimeType(result, mimeType) {
   return result.hasMimeType(mimeType);
 }
 
-// libs/testing/src/errors/index.ts
-var TestClientError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "TestClientError";
-    Object.setPrototypeOf(this, new.target.prototype);
-  }
-};
-var ConnectionError = class extends TestClientError {
-  constructor(message, cause) {
-    super(message);
-    this.cause = cause;
-    this.name = "ConnectionError";
-    Object.setPrototypeOf(this, new.target.prototype);
-  }
-};
-var TimeoutError = class extends TestClientError {
-  constructor(message, timeoutMs) {
-    super(message);
-    this.timeoutMs = timeoutMs;
-    this.name = "TimeoutError";
-    Object.setPrototypeOf(this, new.target.prototype);
-  }
-};
-var McpProtocolError = class extends TestClientError {
-  constructor(message, code, data) {
-    super(message);
-    this.code = code;
-    this.data = data;
-    this.name = "McpProtocolError";
-    Object.setPrototypeOf(this, new.target.prototype);
-  }
-};
-var ServerStartError = class extends TestClientError {
-  constructor(message, cause) {
-    super(message);
-    this.cause = cause;
-    this.name = "ServerStartError";
-    Object.setPrototypeOf(this, new.target.prototype);
-  }
-};
-var AssertionError = class extends TestClientError {
-  constructor(message) {
-    super(message);
-    this.name = "AssertionError";
-    Object.setPrototypeOf(this, new.target.prototype);
-  }
-};
-
 // libs/testing/src/fixtures/test-fixture.ts
 var currentConfig = {};
 var serverInstance = null;
@@ -3094,14 +4510,36 @@ async function initializeSharedResources() {
       serverInstance = TestServer.connect(currentConfig.baseUrl);
       serverStartedByUs = false;
     } else if (currentConfig.server) {
-      serverInstance = await TestServer.start({
-        port: currentConfig.port,
-        command: resolveServerCommand(currentConfig.server),
-        env: currentConfig.env,
-        startupTimeout: currentConfig.startupTimeout ?? 3e4,
-        debug: currentConfig.logLevel === "debug"
-      });
-      serverStartedByUs = true;
+      const serverCommand = resolveServerCommand(currentConfig.server);
+      const isDebug = currentConfig.logLevel === "debug" || process.env["DEBUG"] === "1" || process.env["DEBUG_SERVER"] === "1";
+      if (isDebug) {
+        console.log(`[TestFixture] Starting server: ${serverCommand}`);
+      }
+      try {
+        serverInstance = await TestServer.start({
+          project: currentConfig.project,
+          port: currentConfig.port,
+          command: serverCommand,
+          env: currentConfig.env,
+          startupTimeout: currentConfig.startupTimeout ?? 3e4,
+          debug: isDebug
+        });
+        serverStartedByUs = true;
+        if (isDebug) {
+          console.log(`[TestFixture] Server started at ${serverInstance.info.baseUrl}`);
+        }
+      } catch (error) {
+        const errMsg = error instanceof Error ? error.message : String(error);
+        throw new Error(
+          `Failed to start test server.
+
+Server entry: ${currentConfig.server}
+Project: ${currentConfig.project ?? "default"}
+Command: ${serverCommand}
+
+Error: ${errMsg}`
+        );
+      }
     } else {
       throw new Error(
         'test.use() requires either "server" (entry file path) or "baseUrl" (for external server) option'
@@ -3111,6 +4549,12 @@ async function initializeSharedResources() {
 }
 async function createTestFixtures() {
   await initializeSharedResources();
+  if (!serverInstance) {
+    throw new Error("Server instance not initialized");
+  }
+  if (!tokenFactory) {
+    throw new Error("Token factory not initialized");
+  }
   const clientInstance = await McpTestClient.create({
     baseUrl: serverInstance.info.baseUrl,
     transport: currentConfig.transport ?? "streamable-http",
@@ -3124,7 +4568,19 @@ async function createTestFixtures() {
     server
   };
 }
-async function cleanupTestFixtures(fixtures, _testFailed = false) {
+async function cleanupTestFixtures(fixtures, testFailed = false) {
+  if (testFailed && serverInstance) {
+    const logs = serverInstance.getLogs();
+    if (logs.length > 0) {
+      console.error("\n[TestFixture] === Server Logs (test failed) ===");
+      const recentLogs = logs.slice(-50);
+      if (logs.length > 50) {
+        console.error(`[TestFixture] (showing last 50 of ${logs.length} log entries)`);
+      }
+      console.error(recentLogs.join("\n"));
+      console.error("[TestFixture] === End Server Logs ===\n");
+    }
+  }
   if (fixtures.mcp.isConnected()) {
     await fixtures.mcp.disconnect();
   }
@@ -4799,10 +6255,1555 @@ var EXPECTED_GENERIC_TOOLS_LIST_META_KEYS = ["ui/resourceUri", "ui/mimeType", "u
 var EXPECTED_GENERIC_TOOL_CALL_META_KEYS = ["ui/html", "ui/mimeType", "ui/type"];
 var EXPECTED_FRONTMCP_TOOLS_LIST_META_KEYS = EXPECTED_GENERIC_TOOLS_LIST_META_KEYS;
 var EXPECTED_FRONTMCP_TOOL_CALL_META_KEYS = EXPECTED_GENERIC_TOOL_CALL_META_KEYS;
+
+// libs/testing/src/perf/metrics-collector.ts
+function isGcAvailable() {
+  return typeof global.gc === "function";
+}
+function forceGc() {
+  if (typeof global.gc === "function") {
+    global.gc();
+  }
+}
+async function forceFullGc(cycles = 3, delayMs = 10) {
+  if (!isGcAvailable()) {
+    return;
+  }
+  for (let i = 0; i < cycles; i++) {
+    forceGc();
+    if (i < cycles - 1 && delayMs > 0) {
+      await sleep4(delayMs);
+    }
+  }
+}
+var MetricsCollector = class {
+  cpuStartUsage = null;
+  baseline = null;
+  measurements = [];
+  /**
+   * Capture the baseline snapshot.
+   * Forces GC to get a clean memory state.
+   */
+  async captureBaseline(forceGcCycles = 3) {
+    await forceFullGc(forceGcCycles);
+    this.cpuStartUsage = process.cpuUsage();
+    const snapshot = this.captureSnapshot("baseline");
+    this.baseline = snapshot;
+    return snapshot;
+  }
+  /**
+   * Capture a snapshot of current memory and CPU state.
+   */
+  captureSnapshot(label) {
+    const memUsage = process.memoryUsage();
+    const cpuUsage = this.cpuStartUsage ? process.cpuUsage(this.cpuStartUsage) : process.cpuUsage();
+    const snapshot = {
+      memory: {
+        heapUsed: memUsage.heapUsed,
+        heapTotal: memUsage.heapTotal,
+        external: memUsage.external,
+        rss: memUsage.rss,
+        arrayBuffers: memUsage.arrayBuffers
+      },
+      cpu: {
+        user: cpuUsage.user,
+        system: cpuUsage.system,
+        total: cpuUsage.user + cpuUsage.system
+      },
+      timestamp: Date.now(),
+      label
+    };
+    if (label !== "baseline") {
+      this.measurements.push(snapshot);
+    }
+    return snapshot;
+  }
+  /**
+   * Start CPU tracking from this point.
+   */
+  startCpuTracking() {
+    this.cpuStartUsage = process.cpuUsage();
+  }
+  /**
+   * Get CPU usage since tracking started.
+   */
+  getCpuUsage() {
+    const usage = this.cpuStartUsage ? process.cpuUsage(this.cpuStartUsage) : process.cpuUsage();
+    return {
+      user: usage.user,
+      system: usage.system,
+      total: usage.user + usage.system
+    };
+  }
+  /**
+   * Get current memory metrics.
+   */
+  getMemoryMetrics() {
+    const memUsage = process.memoryUsage();
+    return {
+      heapUsed: memUsage.heapUsed,
+      heapTotal: memUsage.heapTotal,
+      external: memUsage.external,
+      rss: memUsage.rss,
+      arrayBuffers: memUsage.arrayBuffers
+    };
+  }
+  /**
+   * Get the baseline snapshot if captured.
+   */
+  getBaseline() {
+    return this.baseline;
+  }
+  /**
+   * Get all measurement snapshots.
+   */
+  getMeasurements() {
+    return [...this.measurements];
+  }
+  /**
+   * Calculate memory delta from baseline.
+   */
+  calculateMemoryDelta(current) {
+    if (!this.baseline) {
+      return null;
+    }
+    return {
+      heapUsed: current.heapUsed - this.baseline.memory.heapUsed,
+      heapTotal: current.heapTotal - this.baseline.memory.heapTotal,
+      rss: current.rss - this.baseline.memory.rss
+    };
+  }
+  /**
+   * Reset the collector state.
+   */
+  reset() {
+    this.cpuStartUsage = null;
+    this.baseline = null;
+    this.measurements = [];
+  }
+};
+function formatBytes(bytes) {
+  const absBytes = Math.abs(bytes);
+  const sign = bytes < 0 ? "-" : "";
+  if (absBytes < 1024) {
+    return `${sign}${absBytes} B`;
+  }
+  if (absBytes < 1024 * 1024) {
+    return `${sign}${(absBytes / 1024).toFixed(2)} KB`;
+  }
+  if (absBytes < 1024 * 1024 * 1024) {
+    return `${sign}${(absBytes / (1024 * 1024)).toFixed(2)} MB`;
+  }
+  return `${sign}${(absBytes / (1024 * 1024 * 1024)).toFixed(2)} GB`;
+}
+function formatMicroseconds(us) {
+  if (us < 1e3) {
+    return `${us.toFixed(2)} \xB5s`;
+  }
+  if (us < 1e6) {
+    return `${(us / 1e3).toFixed(2)} ms`;
+  }
+  return `${(us / 1e6).toFixed(2)} s`;
+}
+function formatDuration(ms) {
+  if (ms < 1e3) {
+    return `${ms.toFixed(2)} ms`;
+  }
+  if (ms < 6e4) {
+    return `${(ms / 1e3).toFixed(2)} s`;
+  }
+  return `${(ms / 6e4).toFixed(2)} min`;
+}
+function sleep4(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// libs/testing/src/perf/leak-detector.ts
+var DEFAULT_OPTIONS = {
+  iterations: 20,
+  threshold: 1024 * 1024,
+  // 1 MB
+  warmupIterations: 3,
+  forceGc: true,
+  delayMs: 10,
+  intervalSize: 10
+  // Default interval size for measurements
+};
+var DEFAULT_PARALLEL_OPTIONS = {
+  ...DEFAULT_OPTIONS,
+  workers: 5
+  // Default number of parallel workers
+};
+function linearRegression(samples) {
+  const n = samples.length;
+  if (n < 2) {
+    return { slope: 0, intercept: samples[0] ?? 0, rSquared: 0 };
+  }
+  let sumX = 0;
+  let sumY = 0;
+  for (let i = 0; i < n; i++) {
+    sumX += i;
+    sumY += samples[i];
+  }
+  const meanX = sumX / n;
+  const meanY = sumY / n;
+  let numerator = 0;
+  let denominator = 0;
+  for (let i = 0; i < n; i++) {
+    const dx = i - meanX;
+    const dy = samples[i] - meanY;
+    numerator += dx * dy;
+    denominator += dx * dx;
+  }
+  const slope = denominator !== 0 ? numerator / denominator : 0;
+  const intercept = meanY - slope * meanX;
+  let ssRes = 0;
+  let ssTot = 0;
+  for (let i = 0; i < n; i++) {
+    const predicted = intercept + slope * i;
+    const residual = samples[i] - predicted;
+    ssRes += residual * residual;
+    ssTot += (samples[i] - meanY) * (samples[i] - meanY);
+  }
+  const rSquared = ssTot !== 0 ? 1 - ssRes / ssTot : 0;
+  return { slope, intercept, rSquared };
+}
+var LeakDetector = class {
+  /**
+   * Run leak detection on an async operation.
+   *
+   * @param operation - The operation to test for leaks
+   * @param options - Detection options
+   * @returns Leak detection result
+   *
+   * @example
+   * ```typescript
+   * const detector = new LeakDetector();
+   * const result = await detector.detectLeak(
+   *   async () => mcp.tools.call('my-tool', {}),
+   *   { iterations: 50, threshold: 5 * 1024 * 1024 }
+   * );
+   * expect(result.hasLeak).toBe(false);
+   * ```
+   */
+  async detectLeak(operation, options) {
+    const opts = { ...DEFAULT_OPTIONS, ...options };
+    const { iterations, threshold, warmupIterations, forceGc: forceGc2, delayMs, intervalSize } = opts;
+    if (forceGc2 && !isGcAvailable()) {
+      console.warn("[LeakDetector] Manual GC not available. Run Node.js with --expose-gc for accurate results.");
+    }
+    for (let i = 0; i < warmupIterations; i++) {
+      await operation();
+    }
+    if (forceGc2) {
+      await forceFullGc();
+    }
+    const samples = [];
+    const startTime = Date.now();
+    for (let i = 0; i < iterations; i++) {
+      await operation();
+      if (forceGc2) {
+        await forceFullGc(2, 5);
+      }
+      samples.push(process.memoryUsage().heapUsed);
+      if (delayMs > 0) {
+        await sleep5(delayMs);
+      }
+    }
+    const durationMs = Date.now() - startTime;
+    return this.analyzeLeakPattern(samples, threshold, intervalSize, durationMs);
+  }
+  /**
+   * Run leak detection on a sync operation.
+   */
+  detectLeakSync(operation, options) {
+    const opts = { ...DEFAULT_OPTIONS, ...options };
+    const { iterations, threshold, warmupIterations, forceGc: forceGc2, intervalSize } = opts;
+    if (forceGc2 && !isGcAvailable()) {
+      console.warn("[LeakDetector] Manual GC not available. Run Node.js with --expose-gc for accurate results.");
+    }
+    for (let i = 0; i < warmupIterations; i++) {
+      operation();
+    }
+    if (forceGc2 && isGcAvailable() && global.gc) {
+      global.gc();
+      global.gc();
+      global.gc();
+    }
+    const samples = [];
+    for (let i = 0; i < iterations; i++) {
+      operation();
+      if (forceGc2 && isGcAvailable() && global.gc) {
+        global.gc();
+        global.gc();
+      }
+      samples.push(process.memoryUsage().heapUsed);
+    }
+    return this.analyzeLeakPattern(samples, threshold, intervalSize);
+  }
+  /**
+   * Run parallel leak detection using multiple clients.
+   * Each worker gets its own client for true parallel HTTP requests.
+   *
+   * @param operationFactory - Factory that receives a client and worker index, returns an operation function
+   * @param options - Detection options including worker count and client factory
+   * @returns Combined leak detection result with per-worker statistics
+   *
+   * @example
+   * ```typescript
+   * const detector = new LeakDetector();
+   * const result = await detector.detectLeakParallel(
+   *   (client, workerId) => async () => client.tools.call('my-tool', {}),
+   *   {
+   *     iterations: 1000,
+   *     workers: 5,
+   *     clientFactory: () => server.createClient(),
+   *   }
+   * );
+   * // 5 workers × ~80 req/s = ~400 req/s total
+   * console.log(result.totalRequestsPerSecond);
+   * ```
+   */
+  async detectLeakParallel(operationFactory, options) {
+    const opts = { ...DEFAULT_PARALLEL_OPTIONS, ...options };
+    const { iterations, threshold, warmupIterations, forceGc: forceGc2, workers, intervalSize, clientFactory } = opts;
+    const safeIntervalSize = Math.max(1, intervalSize);
+    if (forceGc2 && !isGcAvailable()) {
+      console.warn("[LeakDetector] Manual GC not available. Run Node.js with --expose-gc for accurate results.");
+    }
+    const clients = [];
+    let workerResults;
+    let globalDurationMs;
+    try {
+      console.log(`[LeakDetector] Creating ${workers} clients sequentially...`);
+      for (let i = 0; i < workers; i++) {
+        console.log(`[LeakDetector] Creating client ${i + 1}/${workers}...`);
+        const client = await clientFactory();
+        clients.push(client);
+      }
+      console.log(`[LeakDetector] All ${workers} clients connected`);
+      const operations = clients.map((client, workerId) => operationFactory(client, workerId));
+      console.log(`[LeakDetector] Running ${warmupIterations} warmup iterations per worker...`);
+      await Promise.all(
+        operations.map(async (operation) => {
+          for (let i = 0; i < warmupIterations; i++) {
+            await operation();
+          }
+        })
+      );
+      if (forceGc2) {
+        await forceFullGc();
+      }
+      console.log(`[LeakDetector] Starting parallel stress test: ${workers} workers \xD7 ${iterations} iterations`);
+      const globalStartTime = Date.now();
+      workerResults = await Promise.all(
+        operations.map(async (operation, workerId) => {
+          const samples = [];
+          const workerStartTime = Date.now();
+          for (let i = 0; i < iterations; i++) {
+            await operation();
+            if (forceGc2 && i > 0 && i % safeIntervalSize === 0) {
+              await forceFullGc(1, 2);
+            }
+            samples.push(process.memoryUsage().heapUsed);
+          }
+          const workerDurationMs = Date.now() - workerStartTime;
+          const requestsPerSecond = iterations / workerDurationMs * 1e3;
+          return {
+            workerId,
+            samples,
+            durationMs: workerDurationMs,
+            requestsPerSecond,
+            iterationsCompleted: iterations
+          };
+        })
+      );
+      globalDurationMs = Date.now() - globalStartTime;
+    } finally {
+      await Promise.all(
+        clients.map(async (client) => {
+          if (client.disconnect) {
+            await client.disconnect();
+          }
+        })
+      );
+    }
+    const allSamples = workerResults.flatMap((w) => w.samples);
+    const totalIterations = workers * iterations;
+    const totalRequestsPerSecond = totalIterations / globalDurationMs * 1e3;
+    const baseResult = this.analyzeLeakPattern(allSamples, threshold, intervalSize, globalDurationMs);
+    const workerSummary = workerResults.map((w) => `  Worker ${w.workerId}: ${w.requestsPerSecond.toFixed(1)} req/s`).join("\n");
+    const parallelMessage = `${baseResult.message}
+
+Parallel execution summary:
+  Workers: ${workers}
+  Total iterations: ${totalIterations}
+  Combined throughput: ${totalRequestsPerSecond.toFixed(1)} req/s
+  Duration: ${(globalDurationMs / 1e3).toFixed(2)}s
+Per-worker throughput:
+${workerSummary}`;
+    return {
+      ...baseResult,
+      message: parallelMessage,
+      workersUsed: workers,
+      totalRequestsPerSecond,
+      perWorkerStats: workerResults,
+      totalIterations,
+      durationMs: globalDurationMs,
+      requestsPerSecond: totalRequestsPerSecond
+    };
+  }
+  /**
+   * Analyze heap samples for leak patterns using linear regression.
+   */
+  analyzeLeakPattern(samples, threshold, intervalSize = 10, durationMs) {
+    if (samples.length < 2) {
+      return {
+        hasLeak: false,
+        leakSizePerIteration: 0,
+        totalGrowth: 0,
+        growthRate: 0,
+        rSquared: 0,
+        samples,
+        message: "Insufficient samples for leak detection",
+        intervals: [],
+        graphData: [],
+        durationMs,
+        requestsPerSecond: 0
+      };
+    }
+    const { slope, rSquared } = linearRegression(samples);
+    const totalGrowth = samples[samples.length - 1] - samples[0];
+    const growthRate = slope;
+    const requestsPerSecond = durationMs && durationMs > 0 ? samples.length / durationMs * 1e3 : 0;
+    const intervals = this.generateIntervals(samples, intervalSize);
+    const graphData = this.generateGraphData(samples);
+    const isSignificantGrowth = totalGrowth > threshold;
+    const isLinearGrowth = rSquared > 0.7;
+    const isHighGrowthRate = growthRate > threshold / samples.length;
+    const hasLeak = isSignificantGrowth && (isLinearGrowth || isHighGrowthRate);
+    const intervalSummary = intervals.map((i) => `  ${i.startIteration}-${i.endIteration}: ${i.deltaFormatted}`).join("\n");
+    const perfStats = durationMs ? `
+Performance: ${samples.length} iterations in ${(durationMs / 1e3).toFixed(2)}s (${requestsPerSecond.toFixed(1)} req/s)` : "";
+    let message;
+    if (hasLeak) {
+      message = `Memory leak detected: ${formatBytes(totalGrowth)} total growth, ${formatBytes(growthRate)}/iteration, R\xB2=${rSquared.toFixed(3)}
+Interval breakdown:
+${intervalSummary}${perfStats}`;
+    } else if (isSignificantGrowth) {
+      message = `Memory growth detected (${formatBytes(totalGrowth)}) but not linear (R\xB2=${rSquared.toFixed(3)}), may be normal allocation
+Interval breakdown:
+${intervalSummary}${perfStats}`;
+    } else {
+      message = `No leak detected: ${formatBytes(totalGrowth)} total, ${formatBytes(growthRate)}/iteration
+Interval breakdown:
+${intervalSummary}${perfStats}`;
+    }
+    return {
+      hasLeak,
+      leakSizePerIteration: hasLeak ? growthRate : 0,
+      totalGrowth,
+      growthRate,
+      rSquared,
+      samples,
+      message,
+      intervals,
+      graphData,
+      durationMs,
+      requestsPerSecond
+    };
+  }
+  /**
+   * Generate interval-based measurements for detailed analysis.
+   */
+  generateIntervals(samples, intervalSize) {
+    const intervals = [];
+    const safeIntervalSize = intervalSize <= 0 ? 1 : intervalSize;
+    const numIntervals = Math.ceil(samples.length / safeIntervalSize);
+    for (let i = 0; i < numIntervals; i++) {
+      const startIdx = i * safeIntervalSize;
+      const endIdx = Math.min((i + 1) * safeIntervalSize - 1, samples.length - 1);
+      if (startIdx >= samples.length) break;
+      const heapAtStart = samples[startIdx];
+      const heapAtEnd = samples[endIdx];
+      const delta = heapAtEnd - heapAtStart;
+      const iterationsInInterval = endIdx - startIdx + 1;
+      const growthRatePerIteration = iterationsInInterval > 1 ? delta / (iterationsInInterval - 1) : 0;
+      intervals.push({
+        startIteration: startIdx,
+        endIteration: endIdx,
+        heapAtStart,
+        heapAtEnd,
+        delta,
+        deltaFormatted: formatBytes(delta),
+        growthRatePerIteration
+      });
+    }
+    return intervals;
+  }
+  /**
+   * Generate graph data points for visualization.
+   */
+  generateGraphData(samples) {
+    if (samples.length === 0) return [];
+    const baselineHeap = samples[0];
+    return samples.map((heapUsed, iteration) => ({
+      iteration,
+      heapUsed,
+      heapUsedFormatted: formatBytes(heapUsed),
+      cumulativeDelta: heapUsed - baselineHeap,
+      cumulativeDeltaFormatted: formatBytes(heapUsed - baselineHeap)
+    }));
+  }
+};
+function sleep5(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function assertNoLeak(operation, options) {
+  const detector = new LeakDetector();
+  const result = await detector.detectLeak(operation, options);
+  if (result.hasLeak) {
+    throw new Error(`Memory leak detected: ${result.message}`);
+  }
+  return result;
+}
+function createLeakDetector() {
+  return new LeakDetector();
+}
+
+// libs/testing/src/perf/perf-fixtures.ts
+function createPerfFixtures(testName, project) {
+  return new PerfFixturesImpl(testName, project);
+}
+var PerfFixturesImpl = class {
+  constructor(testName, project) {
+    this.testName = testName;
+    this.project = project;
+    this.collector = new MetricsCollector();
+    this.leakDetector = new LeakDetector();
+  }
+  collector;
+  leakDetector;
+  baselineSnapshot = null;
+  startTime = 0;
+  issues = [];
+  leakResults = [];
+  /**
+   * Capture baseline snapshot with GC.
+   */
+  async baseline() {
+    this.startTime = Date.now();
+    this.baselineSnapshot = await this.collector.captureBaseline();
+    return this.baselineSnapshot;
+  }
+  /**
+   * Capture a measurement snapshot.
+   */
+  measure(label) {
+    return this.collector.captureSnapshot(label);
+  }
+  /**
+   * Run leak detection on an operation.
+   */
+  async checkLeak(operation, options) {
+    const result = await this.leakDetector.detectLeak(operation, options);
+    this.leakResults.push(result);
+    if (result.hasLeak) {
+      this.issues.push({
+        type: "memory-leak",
+        severity: "error",
+        message: result.message,
+        metric: "heapUsed",
+        actual: result.totalGrowth,
+        expected: options?.threshold ?? 1024 * 1024
+      });
+    }
+    return result;
+  }
+  /**
+   * Run parallel leak detection using multiple clients.
+   * Each worker gets its own client for true parallel HTTP requests.
+   *
+   * @param operationFactory - Factory that receives a client and worker index, returns an operation function
+   * @param options - Detection options including worker count and client factory
+   * @returns Combined leak detection result with per-worker statistics
+   *
+   * @example
+   * ```typescript
+   * const result = await perf.checkLeakParallel(
+   *   (client, workerId) => async () => {
+   *     await client.tools.call('loadSkills', { skillIds: ['review-pr'] });
+   *   },
+   *   {
+   *     iterations: 1000,
+   *     workers: 5,
+   *     clientFactory: () => server.createClient(),
+   *   }
+   * );
+   * // 5 workers × ~80 req/s = ~400 req/s total
+   * expect(result.totalRequestsPerSecond).toBeGreaterThan(300);
+   * ```
+   */
+  async checkLeakParallel(operationFactory, options) {
+    const result = await this.leakDetector.detectLeakParallel(operationFactory, options);
+    this.leakResults.push(result);
+    if (result.hasLeak) {
+      this.issues.push({
+        type: "memory-leak",
+        severity: "error",
+        message: result.message,
+        metric: "heapUsed",
+        actual: result.totalGrowth,
+        expected: options?.threshold ?? 1024 * 1024
+      });
+    }
+    return result;
+  }
+  /**
+   * Assert that metrics are within thresholds.
+   */
+  assertThresholds(thresholds) {
+    const finalSnapshot = this.collector.captureSnapshot("final");
+    const baseline = this.collector.getBaseline();
+    if (!baseline) {
+      throw new Error("Cannot assert thresholds without baseline. Call baseline() first.");
+    }
+    const duration = Date.now() - this.startTime;
+    const memoryDelta = this.collector.calculateMemoryDelta(finalSnapshot.memory);
+    if (thresholds.maxHeapDelta !== void 0 && memoryDelta) {
+      if (memoryDelta.heapUsed > thresholds.maxHeapDelta) {
+        const issue = {
+          type: "threshold-exceeded",
+          severity: "error",
+          message: `Heap delta ${formatBytes(memoryDelta.heapUsed)} exceeds threshold ${formatBytes(thresholds.maxHeapDelta)}`,
+          metric: "heapUsed",
+          actual: memoryDelta.heapUsed,
+          expected: thresholds.maxHeapDelta
+        };
+        this.issues.push(issue);
+        throw new Error(issue.message);
+      }
+    }
+    if (thresholds.maxDurationMs !== void 0) {
+      if (duration > thresholds.maxDurationMs) {
+        const issue = {
+          type: "threshold-exceeded",
+          severity: "error",
+          message: `Duration ${formatDuration(duration)} exceeds threshold ${formatDuration(thresholds.maxDurationMs)}`,
+          metric: "durationMs",
+          actual: duration,
+          expected: thresholds.maxDurationMs
+        };
+        this.issues.push(issue);
+        throw new Error(issue.message);
+      }
+    }
+    if (thresholds.maxCpuTime !== void 0) {
+      const cpuUsage = this.collector.getCpuUsage();
+      if (cpuUsage.total > thresholds.maxCpuTime) {
+        const issue = {
+          type: "threshold-exceeded",
+          severity: "error",
+          message: `CPU time ${cpuUsage.total}\xB5s exceeds threshold ${thresholds.maxCpuTime}\xB5s`,
+          metric: "cpuTime",
+          actual: cpuUsage.total,
+          expected: thresholds.maxCpuTime
+        };
+        this.issues.push(issue);
+        throw new Error(issue.message);
+      }
+    }
+    if (thresholds.maxRssDelta !== void 0 && memoryDelta) {
+      if (memoryDelta.rss > thresholds.maxRssDelta) {
+        const issue = {
+          type: "threshold-exceeded",
+          severity: "error",
+          message: `RSS delta ${formatBytes(memoryDelta.rss)} exceeds threshold ${formatBytes(thresholds.maxRssDelta)}`,
+          metric: "rss",
+          actual: memoryDelta.rss,
+          expected: thresholds.maxRssDelta
+        };
+        this.issues.push(issue);
+        throw new Error(issue.message);
+      }
+    }
+  }
+  /**
+   * Get all measurements so far.
+   */
+  getMeasurements() {
+    return this.collector.getMeasurements();
+  }
+  /**
+   * Get the current test name.
+   */
+  getTestName() {
+    return this.testName;
+  }
+  /**
+   * Get the project name.
+   */
+  getProject() {
+    return this.project;
+  }
+  /**
+   * Get all detected issues.
+   */
+  getIssues() {
+    return [...this.issues];
+  }
+  /**
+   * Build a complete PerfMeasurement for this test.
+   */
+  buildMeasurement() {
+    const endTime = Date.now();
+    const finalSnapshot = this.collector.captureSnapshot("final");
+    const baseline = this.collector.getBaseline();
+    const memoryDelta = baseline ? this.collector.calculateMemoryDelta(finalSnapshot.memory) : void 0;
+    return {
+      name: this.testName,
+      project: this.project,
+      baseline: baseline ?? finalSnapshot,
+      measurements: this.collector.getMeasurements(),
+      final: finalSnapshot,
+      timing: {
+        startTime: this.startTime || endTime,
+        endTime,
+        durationMs: endTime - (this.startTime || endTime)
+      },
+      memoryDelta: memoryDelta ?? void 0,
+      issues: this.getIssues(),
+      leakDetectionResults: this.leakResults.length > 0 ? this.leakResults : void 0
+    };
+  }
+  /**
+   * Reset the fixture state.
+   */
+  reset() {
+    this.collector.reset();
+    this.baselineSnapshot = null;
+    this.startTime = 0;
+    this.issues = [];
+    this.leakResults = [];
+  }
+};
+var MEASUREMENTS_KEY = "__FRONTMCP_PERF_MEASUREMENTS__";
+function getGlobalMeasurementsArray() {
+  if (!globalThis[MEASUREMENTS_KEY]) {
+    globalThis[MEASUREMENTS_KEY] = [];
+  }
+  return globalThis[MEASUREMENTS_KEY];
+}
+function addGlobalMeasurement(measurement) {
+  getGlobalMeasurementsArray().push(measurement);
+}
+function getGlobalMeasurements() {
+  return [...getGlobalMeasurementsArray()];
+}
+function clearGlobalMeasurements() {
+  const arr = getGlobalMeasurementsArray();
+  arr.length = 0;
+}
+
+// libs/testing/src/perf/perf-test.ts
+var currentConfig2 = {};
+var serverInstance2 = null;
+var tokenFactory2 = null;
+var serverStartedByUs2 = false;
+async function initializeSharedResources2() {
+  if (!tokenFactory2) {
+    tokenFactory2 = new TestTokenFactory();
+  }
+  if (!serverInstance2) {
+    if (currentConfig2.baseUrl) {
+      serverInstance2 = TestServer.connect(currentConfig2.baseUrl);
+      serverStartedByUs2 = false;
+    } else if (currentConfig2.server) {
+      const serverCommand = resolveServerCommand2(currentConfig2.server);
+      const isDebug = process.env["DEBUG"] === "1" || process.env["DEBUG_SERVER"] === "1";
+      if (isDebug) {
+        console.log(`[PerfTest] Starting server: ${serverCommand}`);
+      }
+      try {
+        serverInstance2 = await TestServer.start({
+          project: currentConfig2.project,
+          port: currentConfig2.port,
+          command: serverCommand,
+          env: currentConfig2.env,
+          startupTimeout: currentConfig2.startupTimeout ?? 3e4,
+          debug: isDebug
+        });
+        serverStartedByUs2 = true;
+        if (isDebug) {
+          console.log(`[PerfTest] Server started at ${serverInstance2.info.baseUrl}`);
+        }
+      } catch (error) {
+        const errMsg = error instanceof Error ? error.message : String(error);
+        throw new Error(
+          `Failed to start test server.
+
+Server entry: ${currentConfig2.server}
+Project: ${currentConfig2.project ?? "default"}
+Command: ${serverCommand}
+
+Error: ${errMsg}`
+        );
+      }
+    } else {
+      throw new Error('perfTest.use() requires either "server" (entry file path) or "baseUrl" option');
+    }
+  }
+}
+async function createTestFixtures2(testName) {
+  await initializeSharedResources2();
+  if (!serverInstance2) {
+    throw new Error("Server instance not initialized");
+  }
+  if (!tokenFactory2) {
+    throw new Error("Token factory not initialized");
+  }
+  const clientInstance = await McpTestClient.create({
+    baseUrl: serverInstance2.info.baseUrl,
+    transport: currentConfig2.transport ?? "streamable-http",
+    publicMode: currentConfig2.publicMode
+  }).buildAndConnect();
+  const auth = createAuthFixture2(tokenFactory2);
+  const server = createServerFixture2(serverInstance2);
+  const perfImpl = createPerfFixtures(testName, currentConfig2.project ?? "unknown");
+  if (currentConfig2.forceGcOnBaseline !== false) {
+    await perfImpl.baseline();
+  }
+  return {
+    fixtures: {
+      mcp: clientInstance,
+      auth,
+      server,
+      perf: perfImpl
+    },
+    perfImpl
+  };
+}
+async function cleanupTestFixtures2(fixtures, perfImpl, testFailed = false) {
+  const measurement = perfImpl.buildMeasurement();
+  addGlobalMeasurement(measurement);
+  if (testFailed && serverInstance2) {
+    const logs = serverInstance2.getLogs();
+    if (logs.length > 0) {
+      console.error("\n[PerfTest] === Server Logs (test failed) ===");
+      const recentLogs = logs.slice(-50);
+      if (logs.length > 50) {
+        console.error(`[PerfTest] (showing last 50 of ${logs.length} log entries)`);
+      }
+      console.error(recentLogs.join("\n"));
+      console.error("[PerfTest] === End Server Logs ===\n");
+    }
+  }
+  if (fixtures.mcp.isConnected()) {
+    await fixtures.mcp.disconnect();
+  }
+}
+async function cleanupSharedResources2() {
+  if (serverInstance2 && serverStartedByUs2) {
+    await serverInstance2.stop();
+  }
+  serverInstance2 = null;
+  tokenFactory2 = null;
+  serverStartedByUs2 = false;
+}
+function createAuthFixture2(factory) {
+  const users = {
+    admin: {
+      sub: "admin-001",
+      scopes: ["admin:*", "read", "write", "delete"],
+      email: "admin@test.local",
+      name: "Test Admin"
+    },
+    user: {
+      sub: "user-001",
+      scopes: ["read", "write"],
+      email: "user@test.local",
+      name: "Test User"
+    },
+    readOnly: {
+      sub: "readonly-001",
+      scopes: ["read"],
+      email: "readonly@test.local",
+      name: "Read Only User"
+    }
+  };
+  return {
+    createToken: (opts) => factory.createTestToken({
+      sub: opts.sub,
+      scopes: opts.scopes,
+      claims: {
+        email: opts.email,
+        name: opts.name,
+        ...opts.claims
+      },
+      exp: opts.expiresIn
+    }),
+    createExpiredToken: (opts) => factory.createExpiredToken(opts),
+    createInvalidToken: (opts) => factory.createTokenWithInvalidSignature(opts),
+    users: {
+      admin: users["admin"],
+      user: users["user"],
+      readOnly: users["readOnly"]
+    },
+    getJwks: () => factory.getPublicJwks(),
+    getIssuer: () => factory.getIssuer(),
+    getAudience: () => factory.getAudience()
+  };
+}
+function createServerFixture2(server) {
+  return {
+    info: server.info,
+    createClient: async (opts) => {
+      return McpTestClient.create({
+        baseUrl: server.info.baseUrl,
+        transport: opts?.transport ?? "streamable-http",
+        auth: opts?.token ? { token: opts.token } : void 0,
+        clientInfo: opts?.clientInfo,
+        publicMode: currentConfig2.publicMode
+      }).buildAndConnect();
+    },
+    createClientBuilder: () => {
+      return new McpTestClientBuilder({
+        baseUrl: server.info.baseUrl,
+        publicMode: currentConfig2.publicMode
+      });
+    },
+    restart: () => server.restart(),
+    getLogs: () => server.getLogs(),
+    clearLogs: () => server.clearLogs()
+  };
+}
+function resolveServerCommand2(server) {
+  if (server.includes(" ")) {
+    return server;
+  }
+  return `npx tsx ${server}`;
+}
+function perfTestWithFixtures(name, fn) {
+  it(name, async () => {
+    const { fixtures, perfImpl } = await createTestFixtures2(name);
+    let testFailed = false;
+    try {
+      await fn(fixtures);
+    } catch (error) {
+      testFailed = true;
+      throw error;
+    } finally {
+      await cleanupTestFixtures2(fixtures, perfImpl, testFailed);
+    }
+  });
+}
+function use2(config) {
+  currentConfig2 = { ...currentConfig2, ...config };
+  afterAll(async () => {
+    await cleanupSharedResources2();
+  });
+}
+function skip2(name, fn) {
+  it.skip(name, async () => {
+    const { fixtures, perfImpl } = await createTestFixtures2(name);
+    let testFailed = false;
+    try {
+      await fn(fixtures);
+    } catch (error) {
+      testFailed = true;
+      throw error;
+    } finally {
+      await cleanupTestFixtures2(fixtures, perfImpl, testFailed);
+    }
+  });
+}
+function only2(name, fn) {
+  it.only(name, async () => {
+    const { fixtures, perfImpl } = await createTestFixtures2(name);
+    let testFailed = false;
+    try {
+      await fn(fixtures);
+    } catch (error) {
+      testFailed = true;
+      throw error;
+    } finally {
+      await cleanupTestFixtures2(fixtures, perfImpl, testFailed);
+    }
+  });
+}
+function todo2(name) {
+  it.todo(name);
+}
+var perfTest = perfTestWithFixtures;
+perfTest.use = use2;
+perfTest.describe = describe;
+perfTest.beforeAll = beforeAll;
+perfTest.beforeEach = beforeEach;
+perfTest.afterEach = afterEach;
+perfTest.afterAll = afterAll;
+perfTest.skip = skip2;
+perfTest.only = only2;
+perfTest.todo = todo2;
+
+// libs/testing/src/perf/baseline-store.ts
+var BASELINE_START_MARKER = "<!-- PERF_BASELINE_START -->";
+var BASELINE_END_MARKER = "<!-- PERF_BASELINE_END -->";
+var DEFAULT_BASELINE_PATH = "perf-results/baseline.json";
+var BaselineStore = class {
+  baseline = null;
+  baselinePath;
+  constructor(baselinePath = DEFAULT_BASELINE_PATH) {
+    this.baselinePath = baselinePath;
+  }
+  /**
+   * Load baseline from local file.
+   */
+  async load() {
+    try {
+      const { readFile, fileExists } = await import("@frontmcp/utils");
+      if (!await fileExists(this.baselinePath)) {
+        return null;
+      }
+      const content = await readFile(this.baselinePath);
+      this.baseline = JSON.parse(content);
+      return this.baseline;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Save baseline to local file.
+   */
+  async save(baseline) {
+    const { writeFile, ensureDir } = await import("@frontmcp/utils");
+    const dir = this.baselinePath.substring(0, this.baselinePath.lastIndexOf("/"));
+    await ensureDir(dir);
+    await writeFile(this.baselinePath, JSON.stringify(baseline, null, 2));
+    this.baseline = baseline;
+  }
+  /**
+   * Get a test baseline by ID.
+   */
+  getTestBaseline(testId) {
+    if (!this.baseline) {
+      return null;
+    }
+    return this.baseline.tests[testId] ?? null;
+  }
+  /**
+   * Check if baseline is loaded.
+   */
+  isLoaded() {
+    return this.baseline !== null;
+  }
+  /**
+   * Get the loaded baseline.
+   */
+  getBaseline() {
+    return this.baseline;
+  }
+  /**
+   * Create a baseline from measurements.
+   */
+  static createFromMeasurements(measurements, release, commitHash) {
+    const tests = {};
+    const grouped = /* @__PURE__ */ new Map();
+    for (const m of measurements) {
+      const key = `${m.project}::${m.name}`;
+      if (!grouped.has(key)) {
+        grouped.set(key, []);
+      }
+      const group = grouped.get(key);
+      if (group) {
+        group.push(m);
+      }
+    }
+    for (const [key, testMeasurements] of grouped) {
+      const [project] = key.split("::");
+      const heapSamples = testMeasurements.map((m) => m.final?.memory.heapUsed ?? 0);
+      const durationSamples = testMeasurements.map((m) => m.timing.durationMs);
+      const cpuSamples = testMeasurements.map((m) => m.final?.cpu.total ?? 0);
+      tests[key] = {
+        testId: key,
+        project,
+        heapUsed: calculateMetricBaseline(heapSamples),
+        durationMs: calculateMetricBaseline(durationSamples),
+        cpuTime: calculateMetricBaseline(cpuSamples),
+        createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+        commitHash
+      };
+    }
+    return {
+      release,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      commitHash,
+      tests
+    };
+  }
+};
+function parseBaselineFromComment(commentBody) {
+  const startIdx = commentBody.indexOf(BASELINE_START_MARKER);
+  const endIdx = commentBody.indexOf(BASELINE_END_MARKER);
+  if (startIdx === -1 || endIdx === -1 || startIdx >= endIdx) {
+    return null;
+  }
+  const content = commentBody.substring(startIdx + BASELINE_START_MARKER.length, endIdx);
+  const jsonMatch = content.match(/```json\s*([\s\S]*?)\s*```/);
+  if (!jsonMatch) {
+    return null;
+  }
+  try {
+    return JSON.parse(jsonMatch[1]);
+  } catch {
+    return null;
+  }
+}
+function formatBaselineAsComment(baseline) {
+  const json = JSON.stringify(baseline, null, 2);
+  return `## Performance Baseline
+
+This comment contains the performance baseline for release ${baseline.release}.
+
+${BASELINE_START_MARKER}
+\`\`\`json
+${json}
+\`\`\`
+${BASELINE_END_MARKER}
+
+Generated at: ${baseline.timestamp}
+${baseline.commitHash ? `Commit: ${baseline.commitHash}` : ""}
+`;
+}
+function calculateMetricBaseline(samples) {
+  if (samples.length === 0) {
+    return {
+      mean: 0,
+      stdDev: 0,
+      min: 0,
+      max: 0,
+      p95: 0,
+      sampleCount: 0
+    };
+  }
+  const sorted = [...samples].sort((a, b) => a - b);
+  const n = sorted.length;
+  const sum = sorted.reduce((a, b) => a + b, 0);
+  const mean = sum / n;
+  const squaredDiffs = sorted.map((x) => Math.pow(x - mean, 2));
+  const variance = squaredDiffs.reduce((a, b) => a + b, 0) / n;
+  const stdDev = Math.sqrt(variance);
+  const min = sorted[0];
+  const max = sorted[n - 1];
+  const p95Index = Math.ceil(n * 0.95) - 1;
+  const p95 = sorted[Math.min(p95Index, n - 1)];
+  return {
+    mean,
+    stdDev,
+    min,
+    max,
+    p95,
+    sampleCount: n
+  };
+}
+var globalBaselineStore = null;
+function getBaselineStore(baselinePath) {
+  if (!globalBaselineStore || baselinePath) {
+    globalBaselineStore = new BaselineStore(baselinePath);
+  }
+  return globalBaselineStore;
+}
+
+// libs/testing/src/perf/regression-detector.ts
+var DEFAULT_CONFIG = {
+  warningThresholdPercent: 10,
+  errorThresholdPercent: 25,
+  minAbsoluteChange: 1024
+  // 1KB minimum to avoid noise
+};
+var RegressionDetector = class {
+  config;
+  constructor(config) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+  }
+  /**
+   * Detect regressions in a measurement compared to baseline.
+   */
+  detectRegression(measurement, baseline) {
+    const testId = `${measurement.project}::${measurement.name}`;
+    const metrics = [];
+    const currentHeap = measurement.final?.memory.heapUsed ?? 0;
+    const heapRegression = this.checkMetric("heapUsed", baseline.heapUsed.mean, currentHeap, formatBytes);
+    metrics.push(heapRegression);
+    const durationRegression = this.checkMetric(
+      "durationMs",
+      baseline.durationMs.mean,
+      measurement.timing.durationMs,
+      formatDuration
+    );
+    metrics.push(durationRegression);
+    const currentCpu = measurement.final?.cpu.total ?? 0;
+    const cpuRegression = this.checkMetric("cpuTime", baseline.cpuTime.mean, currentCpu, formatMicroseconds);
+    metrics.push(cpuRegression);
+    const hasRegression = metrics.some((m) => m.status === "regression");
+    const hasWarning = metrics.some((m) => m.status === "warning");
+    const status = hasRegression ? "regression" : hasWarning ? "warning" : "ok";
+    const message = this.buildMessage(testId, metrics, status);
+    return {
+      testId,
+      status,
+      metrics,
+      message
+    };
+  }
+  /**
+   * Detect regressions for multiple measurements.
+   */
+  detectRegressions(measurements, baselines) {
+    const results = [];
+    for (const measurement of measurements) {
+      const testId = `${measurement.project}::${measurement.name}`;
+      const baseline = baselines.tests[testId];
+      if (baseline) {
+        results.push(this.detectRegression(measurement, baseline));
+      }
+    }
+    return results;
+  }
+  /**
+   * Check a single metric for regression.
+   */
+  checkMetric(name, baseline, current, _formatter) {
+    const absoluteChange = current - baseline;
+    const changePercent = baseline > 0 ? absoluteChange / baseline * 100 : 0;
+    let status = "ok";
+    if (Math.abs(absoluteChange) > this.config.minAbsoluteChange) {
+      if (changePercent >= this.config.errorThresholdPercent) {
+        status = "regression";
+      } else if (changePercent >= this.config.warningThresholdPercent) {
+        status = "warning";
+      }
+    }
+    return {
+      metric: name,
+      baseline,
+      current,
+      changePercent,
+      absoluteChange,
+      status
+    };
+  }
+  /**
+   * Build a human-readable message for regression result.
+   */
+  buildMessage(testId, metrics, status) {
+    if (status === "ok") {
+      return `${testId}: All metrics within acceptable range`;
+    }
+    const issues = metrics.filter((m) => m.status !== "ok").map((m) => {
+      const direction = m.absoluteChange > 0 ? "+" : "";
+      return `${m.metric}: ${direction}${m.changePercent.toFixed(1)}%`;
+    });
+    const statusText = status === "regression" ? "REGRESSION" : "WARNING";
+    return `${testId}: ${statusText} - ${issues.join(", ")}`;
+  }
+};
+function summarizeRegressions(results) {
+  const total = results.length;
+  const ok = results.filter((r) => r.status === "ok").length;
+  const warnings = results.filter((r) => r.status === "warning").length;
+  const regressions = results.filter((r) => r.status === "regression").length;
+  let summary;
+  if (regressions > 0) {
+    summary = `${regressions} regression(s) detected out of ${total} tests`;
+  } else if (warnings > 0) {
+    summary = `${warnings} warning(s) detected out of ${total} tests`;
+  } else {
+    summary = `All ${total} tests within acceptable range`;
+  }
+  return { total, ok, warnings, regressions, summary };
+}
+var globalDetector = null;
+function getRegressionDetector(config) {
+  if (!globalDetector || config) {
+    globalDetector = new RegressionDetector(config);
+  }
+  return globalDetector;
+}
+
+// libs/testing/src/perf/report-generator.ts
+var ReportGenerator = class {
+  detector;
+  constructor() {
+    this.detector = new RegressionDetector();
+  }
+  /**
+   * Generate a complete performance report.
+   */
+  generateReport(measurements, baseline, gitInfo) {
+    const projectGroups = /* @__PURE__ */ new Map();
+    for (const m of measurements) {
+      if (!projectGroups.has(m.project)) {
+        projectGroups.set(m.project, []);
+      }
+      const group = projectGroups.get(m.project);
+      if (group) {
+        group.push(m);
+      }
+    }
+    const projects = [];
+    for (const [projectName, projectMeasurements] of projectGroups) {
+      const summary = this.calculateSummary(projectMeasurements);
+      const regressions = baseline ? this.detector.detectRegressions(projectMeasurements, baseline) : void 0;
+      projects.push({
+        project: projectName,
+        summary,
+        measurements: projectMeasurements,
+        regressions
+      });
+    }
+    const overallSummary = this.calculateSummary(measurements);
+    return {
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      commitHash: gitInfo?.commitHash,
+      branch: gitInfo?.branch,
+      summary: overallSummary,
+      projects,
+      baseline: baseline ? { release: baseline.release, timestamp: baseline.timestamp } : void 0
+    };
+  }
+  /**
+   * Generate Markdown report for PR comments.
+   */
+  generateMarkdownReport(report) {
+    const lines = [];
+    lines.push("## Performance Test Results");
+    lines.push("");
+    const statusEmoji = this.getStatusEmoji(report.summary);
+    lines.push(`**Status:** ${statusEmoji} ${this.getSummaryText(report.summary)}`);
+    lines.push("");
+    lines.push("### Summary");
+    lines.push("");
+    lines.push("| Metric | Value |");
+    lines.push("|--------|-------|");
+    lines.push(`| Total Tests | ${report.summary.totalTests} |`);
+    lines.push(`| Passed | ${report.summary.passedTests} |`);
+    lines.push(`| Warnings | ${report.summary.warningTests} |`);
+    lines.push(`| Failed | ${report.summary.failedTests} |`);
+    lines.push(`| Memory Leaks | ${report.summary.leakTests} |`);
+    lines.push("");
+    if (report.baseline) {
+      lines.push(`**Baseline:** ${report.baseline.release} (${report.baseline.timestamp})`);
+      lines.push("");
+    }
+    lines.push("### Project Breakdown");
+    lines.push("");
+    for (const project of report.projects) {
+      lines.push(`#### ${project.project}`);
+      lines.push("");
+      lines.push(this.generateProjectTable(project));
+      lines.push("");
+      const leakTests = project.measurements.filter((m) => m.leakDetectionResults && m.leakDetectionResults.length > 0);
+      if (leakTests.length > 0) {
+        const parallelTests = leakTests.filter((m) => m.leakDetectionResults?.some((r) => this.isParallelResult(r)));
+        if (parallelTests.length > 0) {
+          lines.push("**Parallel Stress Test Results:**");
+          lines.push("");
+          lines.push("| Test | Workers | Iterations | Duration | Total req/s |");
+          lines.push("|------|---------|------------|----------|-------------|");
+          for (const m of parallelTests) {
+            for (const result of m.leakDetectionResults || []) {
+              if (this.isParallelResult(result)) {
+                const parallelResult = result;
+                const durationStr = parallelResult.durationMs ? `${(parallelResult.durationMs / 1e3).toFixed(2)}s` : "N/A";
+                lines.push(
+                  `| ${m.name} | ${parallelResult.workersUsed} | ${parallelResult.totalIterations} | ${durationStr} | ${parallelResult.totalRequestsPerSecond.toFixed(1)} |`
+                );
+              }
+            }
+          }
+          lines.push("");
+        }
+        lines.push("**Memory Interval Analysis:**");
+        lines.push("");
+        for (const m of leakTests) {
+          for (const result of m.leakDetectionResults || []) {
+            if (result.intervals && result.intervals.length > 0) {
+              lines.push(`*${m.name}:*`);
+              lines.push("");
+              if (this.isParallelResult(result)) {
+                const parallelResult = result;
+                lines.push("| Worker | req/s | Iterations |");
+                lines.push("|--------|-------|------------|");
+                for (const worker of parallelResult.perWorkerStats) {
+                  lines.push(
+                    `| ${worker.workerId} | ${worker.requestsPerSecond.toFixed(1)} | ${worker.iterationsCompleted} |`
+                  );
+                }
+                lines.push("");
+              }
+              lines.push("| Interval | Heap Start | Heap End | Delta | Rate/iter |");
+              lines.push("|----------|------------|----------|-------|-----------|");
+              for (const interval of result.intervals) {
+                lines.push(
+                  `| ${interval.startIteration}-${interval.endIteration} | ${formatBytes(interval.heapAtStart)} | ${formatBytes(interval.heapAtEnd)} | ${interval.deltaFormatted} | ${formatBytes(interval.growthRatePerIteration)}/iter |`
+                );
+              }
+              lines.push("");
+              const durationStr = result.durationMs ? `${(result.durationMs / 1e3).toFixed(2)}s` : "N/A";
+              const rpsStr = result.requestsPerSecond ? `${result.requestsPerSecond.toFixed(1)} req/s` : "N/A";
+              lines.push(
+                `Total: ${formatBytes(result.totalGrowth)}, R\xB2=${result.rSquared.toFixed(3)} | ${result.samples.length} iterations in ${durationStr} (${rpsStr})`
+              );
+              lines.push("");
+            }
+          }
+        }
+      }
+      if (project.regressions && project.regressions.length > 0) {
+        const regressionsWithIssues = project.regressions.filter((r) => r.status !== "ok");
+        if (regressionsWithIssues.length > 0) {
+          lines.push("**Regressions:**");
+          for (const r of regressionsWithIssues) {
+            const emoji = r.status === "regression" ? "\u274C" : "\u26A0\uFE0F";
+            lines.push(`- ${emoji} ${r.message}`);
+          }
+          lines.push("");
+        }
+      }
+    }
+    lines.push("---");
+    lines.push(`Generated at: ${report.timestamp}`);
+    if (report.commitHash) {
+      lines.push(`Commit: \`${report.commitHash.substring(0, 8)}\``);
+    }
+    if (report.branch) {
+      lines.push(`Branch: \`${report.branch}\``);
+    }
+    return lines.join("\n");
+  }
+  /**
+   * Generate JSON report.
+   */
+  generateJsonReport(report) {
+    return JSON.stringify(report, null, 2);
+  }
+  /**
+   * Calculate summary statistics for measurements.
+   */
+  calculateSummary(measurements) {
+    let passedTests = 0;
+    let warningTests = 0;
+    let failedTests = 0;
+    let leakTests = 0;
+    for (const m of measurements) {
+      const hasError = m.issues.some((i) => i.severity === "error");
+      const hasWarning = m.issues.some((i) => i.severity === "warning");
+      const hasLeak = m.issues.some((i) => i.type === "memory-leak");
+      if (hasLeak) {
+        leakTests++;
+      }
+      if (hasError) {
+        failedTests++;
+      } else if (hasWarning) {
+        warningTests++;
+      } else {
+        passedTests++;
+      }
+    }
+    return {
+      totalTests: measurements.length,
+      passedTests,
+      warningTests,
+      failedTests,
+      leakTests
+    };
+  }
+  /**
+   * Get status emoji based on summary.
+   */
+  getStatusEmoji(summary) {
+    if (summary.failedTests > 0 || summary.leakTests > 0) {
+      return "X";
+    }
+    if (summary.warningTests > 0) {
+      return "!";
+    }
+    return "OK";
+  }
+  /**
+   * Get summary text.
+   */
+  getSummaryText(summary) {
+    if (summary.failedTests > 0) {
+      return `${summary.failedTests} test(s) failed`;
+    }
+    if (summary.leakTests > 0) {
+      return `${summary.leakTests} memory leak(s) detected`;
+    }
+    if (summary.warningTests > 0) {
+      return `${summary.warningTests} warning(s)`;
+    }
+    return "All tests passed";
+  }
+  /**
+   * Generate markdown table for project measurements.
+   */
+  generateProjectTable(project) {
+    const lines = [];
+    lines.push("| Test | Duration | Heap Delta | CPU Time | Status |");
+    lines.push("|------|----------|------------|----------|--------|");
+    for (const m of project.measurements) {
+      const status = this.getTestStatus(m);
+      const heapDelta = m.memoryDelta ? formatBytes(m.memoryDelta.heapUsed) : "N/A";
+      const cpuTime = m.final?.cpu.total ? formatMicroseconds(m.final.cpu.total) : "N/A";
+      lines.push(`| ${m.name} | ${formatDuration(m.timing.durationMs)} | ${heapDelta} | ${cpuTime} | ${status} |`);
+    }
+    return lines.join("\n");
+  }
+  /**
+   * Get test status indicator.
+   */
+  getTestStatus(m) {
+    const hasError = m.issues.some((i) => i.severity === "error");
+    const hasLeak = m.issues.some((i) => i.type === "memory-leak");
+    const hasWarning = m.issues.some((i) => i.severity === "warning");
+    if (hasLeak) {
+      return "LEAK";
+    }
+    if (hasError) {
+      return "FAIL";
+    }
+    if (hasWarning) {
+      return "WARN";
+    }
+    return "OK";
+  }
+  /**
+   * Check if a leak detection result is a parallel result.
+   */
+  isParallelResult(result) {
+    return typeof result === "object" && result !== null && "workersUsed" in result && "perWorkerStats" in result && "totalRequestsPerSecond" in result;
+  }
+};
+async function saveReports(measurements, outputDir, baseline, gitInfo) {
+  const { writeFile, ensureDir } = await import("@frontmcp/utils");
+  await ensureDir(outputDir);
+  const generator = new ReportGenerator();
+  const report = generator.generateReport(measurements, baseline, gitInfo);
+  const jsonPath = `${outputDir}/report.json`;
+  const markdownPath = `${outputDir}/report.md`;
+  await writeFile(jsonPath, generator.generateJsonReport(report));
+  await writeFile(markdownPath, generator.generateMarkdownReport(report));
+  return { jsonPath, markdownPath };
+}
+function createReportGenerator() {
+  return new ReportGenerator();
+}
 export {
   AssertionError,
   AuthHeaders,
   BASIC_UI_TOOL_CONFIG,
+  BaselineStore,
   ConnectionError,
   DefaultInterceptorChain,
   DefaultMockRegistry,
@@ -4813,13 +7814,19 @@ export {
   EXPECTED_OPENAI_TOOLS_LIST_META_KEYS,
   EXPECTED_OPENAI_TOOL_CALL_META_KEYS,
   FULL_UI_TOOL_CONFIG,
+  LeakDetector,
   McpAssertions,
   McpProtocolError,
   McpTestClient,
   McpTestClientBuilder,
+  MetricsCollector,
   MockAPIServer,
+  MockCimdServer,
   MockOAuthServer,
   PLATFORM_DETECTION_PATTERNS,
+  PerfFixturesImpl,
+  RegressionDetector,
+  ReportGenerator,
   ServerStartError,
   StreamableHttpTransport,
   TestClientError,
@@ -4828,24 +7835,38 @@ export {
   TestUsers,
   TimeoutError,
   UIAssertions,
+  assertNoLeak,
   basicUIToolInputSchema,
   basicUIToolOutputSchema,
   buildUserAgent,
+  clearGlobalMeasurements,
   containsPrompt,
   containsResource,
   containsResourceTemplate,
   containsTool,
+  createLeakDetector,
+  createPerfFixtures,
+  createReportGenerator,
   createTestUser,
   expect,
+  forceFullGc,
+  forceGc,
+  formatBaselineAsComment,
+  formatBytes,
+  formatDuration,
+  formatMicroseconds,
   fullUIToolInputSchema,
   fullUIToolOutputSchema,
   generateBasicUIToolOutput,
   generateFullUIToolOutput,
+  getBaselineStore,
   getForbiddenMetaPrefixes,
+  getGlobalMeasurements,
   getPlatformClientInfo,
   getPlatformMetaNamespace,
   getPlatformMimeType,
   getPlatformUserAgent,
+  getRegressionDetector,
   getToolCallMetaPrefixes,
   getToolsListMetaPrefixes,
   hasMimeType,
@@ -4855,11 +7876,16 @@ export {
   interceptors,
   isError,
   isExtAppsPlatform,
+  isGcAvailable,
   isOpenAIPlatform,
   isSuccessful,
   isUiPlatform,
   mcpMatchers,
   mockResponse,
+  parseBaselineFromComment,
+  perfTest,
+  saveReports,
+  summarizeRegressions,
   test,
   uiMatchers
 };