npm - @kya-os/mcp-i-core - Versions diffs - 1.2.2-canary.30 → 1.2.2-canary.31 - Mend

@kya-os/mcp-i-core 1.2.2-canary.30 → 1.2.2-canary.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.turbo/turbo-build.log +5 -4
package/.turbo/turbo-test$colon$coverage.log +2435 -2591
package/.turbo/turbo-test.log +1389 -1389
package/package.json +2 -2

package/.turbo/turbo-test.log CHANGED Viewed

@@ -1,44 +1,45 @@
-> @kya-os/mcp-i-core@1.2.2-canary.28 test /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core
+> @kya-os/mcp-i-core@1.2.2-canary.30 test /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core
 > vitest run
  RUN  v4.0.5 /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should fetch from project-scoped endpoint when projectId is available
+ ✓ src/__tests__/cache/tool-protection-cache.test.ts (49 tests) 167ms
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should parse oauthProvider from camelCase field
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 2,
-  protectedTools: [ 'checkout' ],
+  protectedTools: [ 'read_repos', 'send_email' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.646Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.920Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should handle new endpoint format with toolProtections object
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should parse oauthProvider from snake_case field
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'protected_tool' ],
+  toolCount: 1,
+  protectedTools: [ 'read_repos' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.647Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.923Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should parse oauthProvider from new endpoint format (Phase 2)
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should prefer camelCase over snake_case when both present
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'read_repos', 'send_email' ],
+  toolCount: 1,
+  protectedTools: [ 'read_repos' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.647Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.924Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should preserve oauthProvider through cache operations
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should handle missing oauthProvider field (backward compatible)
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
@@ -46,159 +47,121 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.648Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.924Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should fetch from agent-scoped endpoint when projectId is not available
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should parse oauthProvider from array format with camelCase
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 2,
-  protectedTools: [ 'checkout' ],
+  protectedTools: [ 'read_repos', 'send_email' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.648Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.925Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should handle old endpoint format with tools array
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should parse oauthProvider from array format with snake_case
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'tool1' ],
+  toolCount: 1,
+  protectedTools: [ 'read_repos' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.648Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.925Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should parse oauthProvider from old endpoint format (tools array)
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should prefer camelCase over snake_case in array format
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'read_repos', 'send_email' ],
+  toolCount: 1,
+  protectedTools: [ 'read_repos' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.648Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.925Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should handle old endpoint format with tools object
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should parse oauthProvider from object format with camelCase
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 2,
-  protectedTools: [ 'tool1' ],
+  protectedTools: [ 'read_repos', 'send_email' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.648Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.925Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should parse oauthProvider from old endpoint format (tools object)
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should parse oauthProvider from object format with snake_case
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'read_repos', 'send_email' ],
+  toolCount: 1,
+  protectedTools: [ 'read_repos' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.649Z'
-}
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
-[ToolProtectionService] Cache miss, fetching from API {
-  source: 'api-fetch-start',
-  cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  apiUrl: 'https://kya.vouched.id',
-  endpoint: '/api/v1/bouncer/config?agent_did=did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
-}
-[ToolProtectionService] Fetching from API: https://kya.vouched.id/api/v1/bouncer/config?agent_did=did%3Akey%3Az6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK {
-  method: 'config?agent_did (old)',
-  projectId: 'none',
-  apiKeyPresent: true,
-  apiKeyLength: 18,
-  apiKeyMasked: 'test-api...'
-}
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
-[ToolProtectionService] API response received {
-  source: 'api-fetch-complete',
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  responseKeys: [ 'success', 'data', 'metadata' ],
-  dataKeys: [ 'tools' ],
-  rawToolProtections: null,
-  rawTools: [
-    { name: 'valid_tool', requiresDelegation: true },
-    { requiresDelegation: false }
-  ],
-  responseMetadata: {}
+  cacheExpiresAt: '2025-11-24T05:14:57.925Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should prefer camelCase over snake_case in object format
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
-  protectedTools: [ 'valid_tool' ],
+  protectedTools: [ 'read_repos' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.649Z'
-}
-[ToolProtectionService] API fetch successful, config cached {
-  source: 'cache-write',
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
-  toolCount: 1,
-  tools: [ { name: 'valid_tool', requiresDelegation: true, scopeCount: 0 } ],
-  ttlMs: 300000,
-  ttlMinutes: 5,
-  expiresAt: '2025-11-24T00:12:31.649Z',
-  expiresIn: '300s'
+  cacheExpiresAt: '2025-11-24T05:14:57.925Z'
 }
-stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch error handling > should handle network errors gracefully
-[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should cache successful API responses
-  agentDid: 'did:key:z6MkhaXgBZDv...',
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Caching > should cache oauthProvider field correctly
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
-  protectedTools: [ 'tool1' ],
-  error: 'ECONNREFUSED',
-  cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
+  protectedTools: [ 'read_repos' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project-123',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:57.926Z'
 }
-  projectId: 'none',
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > oauthProvider field inclusion > should include oauthProvider in returned ToolProtection objects when present
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 2,
+  protectedTools: [ 'tool_with_provider', 'tool_without_provider' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.652Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.926Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should use default cache TTL when not specified
+stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > oauthProvider field inclusion > should handle empty string oauthProvider gracefully
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 0,
-  protectedTools: [],
+  toolCount: 1,
+  protectedTools: [ 'tool_with_empty_provider' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
+  projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.652Z'
+  cacheExpiresAt: '2025-11-24T05:14:57.926Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should use custom cache TTL when specified
+ ✓ src/__tests__/services/tool-protection-oauth-provider.test.ts (14 tests) 8ms
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use X-API-Key header for new endpoint
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 0,
   protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 600000,
-  cacheExpiresAt: '2025-11-24T00:17:31.652Z'
+  projectId: 'test-project-123',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.126Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle empty toolProtections object
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use Authorization Bearer header for old endpoint
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 0,
@@ -206,319 +169,153 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.652Z'
+  cacheExpiresAt: '2025-11-24T05:14:58.138Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle null requiredScopes
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use project-scoped endpoint when projectId is available
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'tool1' ],
+  toolCount: 0,
+  protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
+  projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.653Z'
+  cacheExpiresAt: '2025-11-24T05:14:58.141Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle mixed camelCase and snake_case in response
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use agent-scoped endpoint when projectId is not available
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'tool1' ],
+  toolCount: 0,
+  protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.653Z'
+  cacheExpiresAt: '2025-11-24T05:14:58.142Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool has no protection
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode projectId in URL
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
+  toolCount: 0,
   protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
+  projectId: 'project/with/special-chars',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.653Z'
+  cacheExpiresAt: '2025-11-24T05:14:58.142Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool is not in config
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode agent DID in URL
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'other_tool' ],
+  toolCount: 0,
+  protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.653Z'
-}
-stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool is not in config
-[ToolProtectionService] Protection check {
-[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
-  tool: 'unknown_tool',
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  found: false,
-  isWildcard: true,
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  error: 'Network error',
-  requiresDelegation: false,
-  availableTools: [ 'other_tool' ]
+  cacheExpiresAt: '2025-11-24T05:14:58.142Z'
 }
-  cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle new endpoint format (toolProtections object)
 [ToolProtectionService] Config loaded from API {
-}
   source: 'api',
   toolCount: 2,
-  protectedTools: [ '*' ],
+  protectedTools: [ 'checkout' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
+  projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.653Z'
-}
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
-[ToolProtectionService] Protection check {
-  tool: 'unknown_tool',
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  found: true,
-  isWildcard: true,
-  requiresDelegation: true,
-  availableTools: [ '*', 'specific_tool' ]
+  cacheExpiresAt: '2025-11-24T05:14:58.142Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should prioritize specific tool protection over wildcard
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools array)
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 2,
-  protectedTools: [ '*' ],
+  protectedTools: [ 'checkout' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.654Z'
-}
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
-[ToolProtectionService] Protection check {
-  tool: 'any_tool',
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  found: true,
-  isWildcard: true,
-  requiresDelegation: true,
-  availableTools: [ '*' ]
+  cacheExpiresAt: '2025-11-24T05:14:58.143Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return protection config when tool requires delegation
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools object)
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'protected_tool' ],
+  toolCount: 2,
+  protectedTools: [ 'checkout' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.654Z'
-}
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return protection config when tool requires delegation
-[ToolProtectionService] Protection check {
-  tool: 'protected_tool',
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  found: true,
-  isWildcard: false,
-  requiresDelegation: true,
-  availableTools: [ 'protected_tool' ]
+  cacheExpiresAt: '2025-11-24T05:14:58.143Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle snake_case field names
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
   protectedTools: [ 'tool1' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
+  projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.655Z'
+  cacheExpiresAt: '2025-11-24T05:14:58.143Z'
 }
-stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle camelCase field names
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
   protectedTools: [ 'tool1' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
+  projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.655Z'
+  cacheExpiresAt: '2025-11-24T05:14:58.143Z'
 }
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use X-API-Key header for new endpoint
+stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Error Handling > should handle network timeout
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should prefer camelCase over snake_case when both present
+[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 0,
-  protectedTools: [],
+stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Fallback Behavior > should cache fallback config
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.678Z'
+[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
+  cacheExpiresAt: '2025-11-24T05:14:58.144Z'
 }
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use Authorization Bearer header for old endpoint
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should cache successful API responses
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 0,
-  protectedTools: [],
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
+  projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.683Z'
+  cacheExpiresAt: '2025-11-24T05:14:58.145Z'
 }
- ✓ src/__tests__/services/tool-protection.service.test.ts (49 tests) 15ms
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use project-scoped endpoint when projectId is available
-stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Error Handling > should handle network timeout
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 0,
-[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
   protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.686Z'
+  cacheTtlMs: 1000,
+  cacheExpiresAt: '2025-11-24T05:09:59.145Z'
 }
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use agent-scoped endpoint when projectId is not available
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 0,
-  protectedTools: [],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.687Z'
-stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Fallback Behavior > should cache fallback config
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode projectId in URL
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 0,
-  protectedTools: [],
-[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'project/with/special-chars',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.687Z'
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode agent DID in URL
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 0,
-  protectedTools: [],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.688Z'
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle new endpoint format (toolProtections object)
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'checkout' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.688Z'
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools array)
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'checkout' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.688Z'
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools object)
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'checkout' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.689Z'
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle snake_case field names
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'tool1' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.689Z'
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle camelCase field names
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'tool1' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.689Z'
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should prefer camelCase over snake_case when both present
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'tool1' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.689Z'
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should cache successful API responses
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'tool1' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.692Z'
-}
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 0,
-  protectedTools: [],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 1000,
-  cacheExpiresAt: '2025-11-24T00:07:32.692Z'
-}
+stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
+[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
 stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should submit proofs successfully
 [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
-  correlationId: 'cdf89417-bb4e-43ad-a8a9-447046ca7443',
+  correlationId: '762e5785-e88b-4b9b-84ef-c449a0742d9e',
   status: 200,
   statusText: '',
   headers: { 'content-type': 'application/json' },
@@ -527,7 +324,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
 }
 [AccessControl] 🔍 PARSED RESPONSE DATA: {
-  correlationId: 'cdf89417-bb4e-43ad-a8a9-447046ca7443',
+  correlationId: '762e5785-e88b-4b9b-84ef-c449a0742d9e',
   status: 200,
   responseDataType: 'object',
   responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
@@ -557,7 +354,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
 stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle all_proofs_rejected error gracefully
 [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
-  correlationId: '33847abb-0cf4-4314-ac3b-b001281354e9',
+  correlationId: 'caa80a3c-b7ce-47da-b6e5-80f380071705',
   status: 400,
   statusText: '',
   headers: { 'content-type': 'application/json' },
@@ -566,7 +363,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   fullResponseText: '{"success":false,"error":{"code":"all_proofs_rejected","message":"All proofs rejected","details":{"rejected":1,"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid signature"}}]}}}'
 }
 [AccessControl] 🔍 PARSED RESPONSE DATA: {
-  correlationId: '33847abb-0cf4-4314-ac3b-b001281354e9',
+  correlationId: 'caa80a3c-b7ce-47da-b6e5-80f380071705',
   status: 400,
   responseDataType: 'object',
   responseDataKeys: [ 'success', 'error' ],
@@ -593,16 +390,16 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
 stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle wrapped response format
 [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
-  correlationId: '95f2790c-d1b6-4fbf-aa56-a15e0e2165e0',
+  correlationId: '75be2049-eeb3-4da6-a042-f68b77b18097',
   status: 200,
   statusText: '',
   headers: { 'content-type': 'application/json' },
   responseTextLength: 206,
-  responseTextPreview: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T00:07:31.731Z"}}',
-  fullResponseText: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T00:07:31.731Z"}}'
+  responseTextPreview: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T05:09:58.365Z"}}',
+  fullResponseText: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T05:09:58.365Z"}}'
 }
 [AccessControl] 🔍 PARSED RESPONSE DATA: {
-  correlationId: '95f2790c-d1b6-4fbf-aa56-a15e0e2165e0',
+  correlationId: '75be2049-eeb3-4da6-a042-f68b77b18097',
   status: 200,
   responseDataType: 'object',
   responseDataKeys: [ 'success', 'data', 'metadata' ],
@@ -621,7 +418,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
     '  },\n' +
     '  "metadata": {\n' +
     '    "requestId": "test-request-id",\n' +
-    '    "timestamp": "2025-11-24T00:07:31.731Z"\n' +
+    '    "timestamp": "2025-11-24T05:09:58.365Z"\n' +
     '  }\n' +
     '}'
 }
@@ -640,11 +437,11 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   },
   "metadata": {
     "requestId": "test-request-id",
-    "timestamp": "2025-11-24T00:07:31.731Z"
+    "timestamp": "2025-11-24T05:09:58.365Z"
   }
 }
 [AccessControl] 🔍 DATA OBJECT STRUCTURE: {
-  correlationId: '95f2790c-d1b6-4fbf-aa56-a15e0e2165e0',
+  correlationId: '75be2049-eeb3-4da6-a042-f68b77b18097',
   dataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
   hasAccepted: true,
   hasRejected: true,
@@ -670,7 +467,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
 stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle response with missing outcomes field (outcomes is optional)
 [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
-  correlationId: '8b230c4d-7525-401e-9840-92ffe27b6a9b',
+  correlationId: 'f69b29f6-355f-47e9-bada-f8b962b21821',
   status: 200,
   statusText: '',
   headers: { 'content-type': 'application/json' },
@@ -679,7 +476,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   fullResponseText: '{"success":true,"accepted":1,"rejected":0}'
 }
 [AccessControl] 🔍 PARSED RESPONSE DATA: {
-  correlationId: '8b230c4d-7525-401e-9840-92ffe27b6a9b',
+  correlationId: 'f69b29f6-355f-47e9-bada-f8b962b21821',
   status: 200,
   responseDataType: 'object',
   responseDataKeys: [ 'success', 'accepted', 'rejected' ],
@@ -693,7 +490,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
 stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle response with missing outcomes field (outcomes is optional)
 [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
-  correlationId: '19533ac6-9d3e-48d0-a81d-2b02656d2f22',
+  correlationId: 'b53cc831-c747-4dab-9042-3787447cab83',
   status: 200,
   statusText: '',
   headers: { 'content-type': 'application/json' },
@@ -702,7 +499,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
 }
 [AccessControl] 🔍 PARSED RESPONSE DATA: {
-  correlationId: '19533ac6-9d3e-48d0-a81d-2b02656d2f22',
+  correlationId: 'b53cc831-c747-4dab-9042-3787447cab83',
   status: 200,
   responseDataType: 'object',
   responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
@@ -732,7 +529,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
 stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle response with missing outcomes field (outcomes is optional)
 [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
-  correlationId: '730acd89-1153-4885-bf14-4d126eaf93f2',
+  correlationId: 'd6e6a1e3-ed14-44f2-989b-86047a1b5974',
   status: 200,
   statusText: '',
   headers: { 'content-type': 'application/json' },
@@ -741,7 +538,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{}}'
 }
 [AccessControl] 🔍 PARSED RESPONSE DATA: {
-  correlationId: '730acd89-1153-4885-bf14-4d126eaf93f2',
+  correlationId: 'd6e6a1e3-ed14-44f2-989b-86047a1b5974',
   status: 200,
   responseDataType: 'object',
   responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
@@ -754,9 +551,19 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   "outcomes": {}
 }
+stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
+[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
+stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should fall back to memory when Redis connection fails
+[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
+ ✓ src/__tests__/providers/memory.test.ts (34 tests) 10ms
+stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should use KV namespace when provided
+[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
 stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle wrapped response with invalid data structure
 [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
-  correlationId: 'c6deaac1-4e9e-4ec5-b541-d2bac59c2179',
+  correlationId: '2adaa064-cc18-4920-96e5-d607f32da995',
   status: 200,
   statusText: '',
   headers: { 'content-type': 'application/json' },
@@ -765,7 +572,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   fullResponseText: '{"success":true,"data":{"message":"Invalid format"}}'
 }
 [AccessControl] 🔍 PARSED RESPONSE DATA: {
-  correlationId: 'c6deaac1-4e9e-4ec5-b541-d2bac59c2179',
+  correlationId: '2adaa064-cc18-4920-96e5-d607f32da995',
   status: 200,
   responseDataType: 'object',
   responseDataKeys: [ 'success', 'data' ],
@@ -778,7 +585,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   }
 }
 [AccessControl] 🔍 DATA OBJECT STRUCTURE: {
-  correlationId: 'c6deaac1-4e9e-4ec5-b541-d2bac59c2179',
+  correlationId: '2adaa064-cc18-4920-96e5-d607f32da995',
   dataKeys: [ 'message' ],
   hasAccepted: false,
   hasRejected: false,
@@ -792,7 +599,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   fullData: '{\n  "message": "Invalid format"\n}'
 }
 [AccessControl] Wrapped response validation failed {
-  correlationId: 'c6deaac1-4e9e-4ec5-b541-d2bac59c2179',
+  correlationId: '2adaa064-cc18-4920-96e5-d607f32da995',
   zodErrors: [
     {
       code: 'invalid_type',
@@ -895,7 +702,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   responseData: { success: true, data: { message: 'Invalid format' } }
 }
 [AccessControl] Response validation failed {
-  correlationId: 'c6deaac1-4e9e-4ec5-b541-d2bac59c2179',
+  correlationId: '2adaa064-cc18-4920-96e5-d607f32da995',
   zodErrors: [
     {
       code: 'invalid_type',
@@ -980,865 +787,866 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
   }
 }
- ✓ src/services/__tests__/access-control.service.test.ts (23 tests) 37ms
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when no protection required
-[MCP-I] Checking tool protection: {
-  tool: 'unprotectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
+ ✓ src/services/__tests__/storage.service.test.ts (17 tests) 155ms
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyEd25519 > should return false on verification error
+[CryptoService] Ed25519 verification error: Error: Verification failed
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:62:9
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when no protection required
-[MCP-I] Tool protection check passed (no delegation required) {
-  tool: 'unprotectedTool',
-  agentDid: 'did:key:zmock123...',
-  reason: 'Tool not configured to require delegation'
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject invalid JWK format
+[CryptoService] Invalid Ed25519 JWK format
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong kty
+[CryptoService] Invalid Ed25519 JWK format
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-  tool: 'protectedTool',
-  requiredScopes: [ 'files:write' ],
-  agentDid: 'did:key:zmock123...',
-  resumeToken: 'resume_ubsac5_mice138y',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ubsac5_mice138y'
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong crv
+[CryptoService] Invalid Ed25519 JWK format
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with missing x field
+[CryptoService] Invalid Ed25519 JWK format
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
-[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegationToken: true,
-  hasConsentProof: false,
-  requiredScopes: [ 'files:write' ]
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with empty x field
+[CryptoService] Invalid Ed25519 JWK format
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
-[MCP-I] ✅ Delegation verification SUCCEEDED {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  delegationId: 'test-delegation-id',
-  credentialScopes: [ 'files:write' ],
-  requiredScopes: [ 'files:write' ]
-}
+ ✓ src/services/__tests__/access-control.service.test.ts (23 tests) 114ms
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject malformed JWS
+[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token '', "" is not valid JSON
+    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
+    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:230:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject non-EdDSA algorithms
+[CryptoService] Unsupported algorithm: RS256, expected EdDSA
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
-[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegationToken: false,
-  hasConsentProof: true,
-  requiredScopes: [ 'files:write' ]
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject HS256 algorithm
+[CryptoService] Unsupported algorithm: HS256, expected EdDSA
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
-[MCP-I] ✅ Delegation verification SUCCEEDED {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  delegationId: 'test-delegation-id',
-  credentialScopes: [ 'files:write' ],
-  requiredScopes: [ 'files:write' ]
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle empty JWS components
+[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected end of JSON input
+    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
+    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:271:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - single part
+[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
+    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
+    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:279:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
-[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegationToken: true,
-[MCP-I] ❌ Delegation verification FAILED {
-  tool: 'protectedTool',
-  hasConsentProof: false,
-  requiredScopes: [ 'files:write' ]
-  agentDid: 'did:key:zmock123...',
-  reason: 'Delegation token expired',
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - two parts
+[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
+    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
+    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:287:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-  errorCode: undefined,
-  errorMessage: undefined,
-  requiredScopes: [ 'files:write' ]
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - four parts
+[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
+    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
+    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:302:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid JSON header
+[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token 'o', "notjson" is not valid JSON
+    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
+    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:316:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
-[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegationToken: true,
-  hasConsentProof: false,
-  requiredScopes: [ 'files:write' ]
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid base64
+[CryptoService] Invalid JWS format: Error: Invalid payload base64: Invalid base64url string: Invalid character
+    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:107:15)
+    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:334:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
-[MCP-I] ❌ Delegation verification FAILED {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  reason: 'Insufficient scopes',
-  errorCode: undefined,
-  errorMessage: undefined,
-  requiredScopes: [ 'files:write' ]
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate expectedKid option
+[CryptoService] Key ID mismatch
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate alg option
+[CryptoService] Unsupported algorithm: EdDSA, expected RS256
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
-[MCP-I] ❌ Delegation verification error (API failure) {
-[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegationToken: true,
-  hasConsentProof: false,
-  requiredScopes: [ 'files:write' ]
-}
-  tool: 'protectedTool',
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate Ed25519 key length
+[CryptoService] Failed to extract public key: Error: Invalid Ed25519 public key length: 5
+    at CryptoService.jwkToBase64PublicKey (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:295:13)
+    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:249:32)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:398:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-  agentDid: 'did:key:zmock123...',
-  errorCode: 'network_error',
-  errorMessage: 'API unavailable',
-  errorDetails: {}
-}
+stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle signature verification error
+[CryptoService] Ed25519 verification error: Error: Crypto error
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:449:61
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when access control service not configured (graceful degradation)
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
+ ✓ src/services/__tests__/crypto.service.test.ts (34 tests) 12ms
+ ✓ src/__tests__/runtime/route-interception.test.ts (21 tests) 36ms
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should allow unprotected tool calls
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.614Z'
 }
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when access control service not configured (graceful degradation)
-[MCP-I] ⚠️ Delegation token provided but AccessControlApiService not configured - skipping verification {
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'checkout' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.616Z'
 }
-  agentDid: 'did:key:zmock123...',
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
-[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-  tool: 'protectedTool',
-  hasDelegationToken: true,
-  agentDid: 'did:key:zmock123...',
-  hasDelegationToken: true,
-  hasConsentProof: false,
-  requiredScopes: [ 'files:write' ]
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
+[ToolProtectionService] Protection check {
+  tool: 'checkout',
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  found: true,
+  isWildcard: false,
+  requiresDelegation: true,
+  availableTools: [ 'checkout' ]
 }
-  hasConsentProof: false
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should fetch tool protection config from AgentShield
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'protected_tool' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.617Z'
 }
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
-[MCP-I] 🔒 SECURITY: User identifier validation FAILED {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  delegationUserIdentifier: 'did:key:zUserB987654...',
-  sessionUserDid: 'did:key:zUserA123456...',
-  sessionId: 'session123...',
-  reason: 'user_identifier_mismatch',
-  severity: 'high'
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should cache tool protection config
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.618Z'
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
-}
+stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should use fallback config when API fails
+[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
-[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegationToken: true,
-  hasConsentProof: false,
-  requiredScopes: [ 'files:write' ]
+stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle tool protection service errors gracefully
+[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  error: 'Network error',
+  cacheKey: 'config:tool-protections:test-project'
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
-[MCP-I] ✅ User identifier validation PASSED {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  userDid: 'did:key:zUserA123456...',
-  sessionId: 'session123...'
-}
-[MCP-I] ✅ Delegation verification SUCCEEDED {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  delegationId: 'test-delegation-id',
-  credentialScopes: [ 'files:write' ],
-  requiredScopes: [ 'files:write' ]
-}
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should share cache across multiple service instances
+[ToolProtectionService] Config loaded from API {
+stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle network timeouts
+[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.619Z'
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
-[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegationToken: true,
-  hasConsentProof: false,
-  requiredScopes: [ 'files:write' ]
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
-[MCP-I] ✅ Delegation verification SUCCEEDED {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  delegationId: 'test-delegation-id',
-  credentialScopes: [ 'files:write' ],
-  requiredScopes: [ 'files:write' ]
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.619Z'
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: true
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.619Z'
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
-[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegationToken: true,
-  hasConsentProof: false,
-  requiredScopes: [ 'files:write' ]
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 3,
+  protectedTools: [ 'add_to_cart', 'checkout' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.620Z'
 }
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
-[MCP-I] ⚠️ Delegation has user_identifier but session missing userDid {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  delegationUserIdentifier: 'did:key:zUserA123456...',
-  sessionId: 'session123...'
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
+[ToolProtectionService] Protection check {
+  tool: 'add_to_cart',
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  found: true,
+  isWildcard: false,
+  requiresDelegation: true,
+  availableTools: [ 'search_products', 'add_to_cart', 'checkout' ]
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
-[MCP-I] ✅ Delegation verification SUCCEEDED {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  delegationId: 'test-delegation-id',
-  credentialScopes: [ 'files:write' ],
-  requiredScopes: [ 'files:write' ]
+stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Concurrent operations > should handle concurrent cache operations
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.620Z'
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should create proof after successful tool execution
-[MCP-I] Checking tool protection: {
-  tool: 'unprotectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.620Z'
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should create proof after successful tool execution
-[MCP-I] Tool protection check passed (no delegation required) {
-  tool: 'unprotectedTool',
-  agentDid: 'did:key:zmock123...',
-  reason: 'Tool not configured to require delegation'
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:58.620Z'
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should not create proof when tool execution is blocked
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
+stderr | src/services/__tests__/proof-verifier.test.ts > ProofVerifier Security > Signature Verification > should handle signature verification errors gracefully
+[CryptoService] Ed25519 verification error: Error: Crypto error
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.test.ts:328:9
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should not create proof when tool execution is blocked
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-  tool: 'protectedTool',
-  requiredScopes: [ 'files:write' ],
-  agentDid: 'did:key:zmock123...',
-  resumeToken: 'resume_ubsa59_mice1395',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ubsa59_mice1395'
+ ✓ src/services/__tests__/proof-verifier.test.ts (21 tests) 16ms
+stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should submit proof end-to-end
+[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: '83bd0f3c-1df2-43ae-8ec3-ab06bc247cf1',
+  status: 200,
+  statusText: '',
+  headers: { 'content-type': 'application/json' },
+  responseTextLength: 100,
+  responseTextPreview: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}',
+  fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include tool name in error
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: '83bd0f3c-1df2-43ae-8ec3-ab06bc247cf1',
+  status: 200,
+  responseDataType: 'object',
+  responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
+  responseData: '{\n' +
+    '  "success": true,\n' +
+    '  "accepted": 1,\n' +
+    '  "rejected": 0,\n' +
+    '  "outcomes": {\n' +
+    '    "success": 1,\n' +
+    '    "failed": 0,\n' +
+    '    "blocked": 0,\n' +
+    '    "error": 0\n' +
+    '  }\n' +
+    '}'
 }
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include tool name in error
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-  tool: 'protectedTool',
-  requiredScopes: [ 'files:write' ],
-  agentDid: 'did:key:zmock123...',
-  resumeToken: 'resume_ubsa59_mice1395',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ubsa59_mice1395'
+[AccessControl] Raw response received: {
+  "success": true,
+  "accepted": 1,
+  "rejected": 0,
+  "outcomes": {
+    "success": 1,
+    "failed": 0,
+    "blocked": 0,
+    "error": 0
+  }
 }
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include required scopes in error
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
+stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should handle proof submission with errors
+[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: '1b5aca91-901b-48b9-bbba-548df5ef52bf',
+  status: 200,
+  statusText: '',
+  headers: { 'content-type': 'application/json' },
+  responseTextLength: 200,
+  responseTextPreview: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}',
+  fullResponseText: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}'
 }
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include required scopes in error
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-  tool: 'protectedTool',
-  requiredScopes: [ 'files:write', 'files:read' ],
-  agentDid: 'did:key:zmock123...',
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
-[MCP-I] Checking tool protection: {
-  resumeToken: 'resume_ubsa59_mice1395',
-  tool: 'protectedTool',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite%2Cfiles%3Aread&session_id=session123&agent_did=&resume_token=resume_ubsa59_mice1395'
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: '1b5aca91-901b-48b9-bbba-548df5ef52bf',
+  status: 200,
+  responseDataType: 'object',
+  responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
+  responseData: '{\n' +
+    '  "success": true,\n' +
+    '  "accepted": 0,\n' +
+    '  "rejected": 1,\n' +
+    '  "outcomes": {\n' +
+    '    "success": 0,\n' +
+    '    "failed": 1,\n' +
+    '    "blocked": 0,\n' +
+    '    "error": 0\n' +
+    '  },\n' +
+    '  "errors": [\n' +
+    '    {\n' +
+    '      "proof_index": 0,\n' +
+    '      "error": {\n' +
+    '        "code": "invalid_signature",\n' +
+    '        "message": "Invalid JWS signature"\n' +
+    '      }\n' +
+    '    }\n' +
+    '  ]\n' +
+    '}'
 }
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
+[AccessControl] Raw response received: {
+  "success": true,
+  "accepted": 0,
+  "rejected": 1,
+  "outcomes": {
+    "success": 0,
+    "failed": 1,
+    "blocked": 0,
+    "error": 0
+  },
+  "errors": [
+    {
+      "proof_index": 0,
+      "error": {
+        "code": "invalid_signature",
+        "message": "Invalid JWS signature"
+      }
+    }
+  ]
 }
+stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Verification Flow > should verify proof using ProofVerifier
+[CryptoService] Key ID mismatch
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-  tool: 'protectedTool',
-  requiredScopes: [ 'files:write' ],
-  agentDid: 'did:key:zmock123...',
-  resumeToken: 'resume_ubs9mb_mice1396',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ubs9mb_mice1396'
-}
+ ✓ src/delegation/__tests__/vc-verifier.test.ts (35 tests) 463ms
+ ✓ src/__tests__/integration/full-flow.test.ts (21 tests) 15ms
+stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
+[ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
+    at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+    at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:252:7
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include resume token in error
-[MCP-I] Checking tool protection: {
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include resume token in error
-  tool: 'protectedTool',
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
-  tool: 'protectedTool',
-  requiredScopes: [ 'files:write' ],
-  agentDid: 'did:key:zmock123...',
-  resumeToken: 'resume_ubs9mb_mice1396',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ubs9mb_mice1396'
-}
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-  tool: 'protectedTool',
-  requiredScopes: [ 'files:write' ],
-  agentDid: 'did:key:zmock123...',
-  resumeToken: 'resume_e522e0_mice1396',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_e522e0_mice1396'
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
-[MCP-I] Checking tool protection: {
-  tool: 'testTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
-[MCP-I] Tool protection check passed (no delegation required) {
-  tool: 'testTool',
-  agentDid: 'did:key:zmock123...',
-  reason: 'Tool not configured to require delegation'
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log blocked tool call when audit enabled
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
-[MCP-I] Checking tool protection: {
-  tool: 'testTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
-[MCP-I] Tool protection check passed (no delegation required) {
-  tool: 'testTool',
-  agentDid: 'did:key:zmock123...',
-  reason: 'Tool not configured to require delegation'
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should handle tool protection service errors gracefully
-[MCP-I] Checking tool protection: {
-  tool: 'testTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle empty required scopes array
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-}
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle empty required scopes array
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle multiple required scopes
-[MCP-I] Checking tool protection: {
-  tool: 'protectedTool',
-  agentDid: 'did:key:zmock123...',
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-  hasDelegation: false
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle session without id
-  tool: 'protectedTool',
-  requiredScopes: [],
-[MCP-I] Checking tool protection: {
-  agentDid: 'did:key:zmock123...',
-  tool: 'protectedTool',
-  resumeToken: 'resume_ubs9lg_mice1397',
-  agentDid: 'did:key:zmock123...',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=&session_id=session123&agent_did=&resume_token=resume_ubs9lg_mice1397'
-  hasDelegation: false
-}
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle multiple required scopes
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle handler errors independently of protection
-  tool: 'protectedTool',
-[MCP-I] Checking tool protection: {
-  tool: 'errorTool',
-  agentDid: 'did:key:zmock123...',
-  hasDelegation: false
-  requiredScopes: [ 'scope1', 'scope2', 'scope3' ],
-}
-  agentDid: 'did:key:zmock123...',
-  resumeToken: 'resume_ubs9h5_mice139c',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=scope1%2Cscope2%2Cscope3&session_id=session123&agent_did=&resume_token=resume_ubs9h5_mice139c'
-}
-stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle handler errors independently of protection
-[MCP-I] Tool protection check passed (no delegation required) {
-  tool: 'errorTool',
-  agentDid: 'did:key:zmock123...',
-  reason: 'Tool not configured to require delegation'
-}
+stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
+[ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
+    at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+    at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:257:9
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
-stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle session without id
-[MCP-I] BLOCKED: Tool requires delegation but none provided {
-  tool: 'protectedTool',
-  requiredScopes: [ 'files:write' ],
-  agentDid: 'did:key:zmock123...',
-  resumeToken: 'resume_h9q92f_mice139c',
-  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=&agent_did=&resume_token=resume_h9q92f_mice139c'
+ ✓ src/services/__tests__/access-control.integration.test.ts (9 tests) 135ms
+ ✓ src/services/__tests__/proof-verifier.integration.test.ts (13 tests | 1 skipped) 159ms
+ ✓ src/delegation/__tests__/vc-issuer.test.ts (21 tests) 490ms
+ ✓ src/delegation/storage/__tests__/memory-graph-storage.test.ts (27 tests) 15ms
+ ✓ src/__tests__/runtime/base.test.ts (55 tests) 12ms
+ ✓ src/__tests__/providers/base.test.ts (14 tests) 7ms
+ ✓ src/delegation/__tests__/delegation-graph.test.ts (28 tests) 5ms
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should fetch from project-scoped endpoint when projectId is available
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 2,
+  protectedTools: [ 'checkout' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project-123',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.159Z'
 }
- ✓ src/delegation/__tests__/vc-verifier.test.ts (35 tests) 84ms
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should allow unprotected tool calls
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should handle new endpoint format with toolProtections object
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
-  protectedTools: [],
+  toolCount: 2,
+  protectedTools: [ 'protected_tool' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.773Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.161Z'
 }
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should parse oauthProvider from new endpoint format (Phase 2)
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'checkout' ],
+  toolCount: 2,
+  protectedTools: [ 'read_repos', 'send_email' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.775Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.161Z'
 }
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
-stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should use fallback config when API fails
-[ToolProtectionService] Protection check {
-[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
-  tool: 'checkout',
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  found: true,
-stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle tool protection service errors gracefully
-  isWildcard: false,
-  requiresDelegation: true,
-[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should preserve oauthProvider through cache operations
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'read_repos' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  availableTools: [ 'checkout' ]
+  projectId: 'test-project-123',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.161Z'
 }
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should fetch tool protection config from AgentShield
-  error: 'Network error',
-  cacheKey: 'config:tool-protections:test-project'
-}
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should fetch from agent-scoped endpoint when projectId is not available
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'protected_tool' ],
+  toolCount: 2,
+  protectedTools: [ 'checkout' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.775Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.161Z'
 }
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should cache tool protection config
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should handle old endpoint format with tools array
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
+  toolCount: 2,
   protectedTools: [ 'tool1' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.776Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.161Z'
 }
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should share cache across multiple service instances
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should parse oauthProvider from old endpoint format (tools array)
 [ToolProtectionService] Config loaded from API {
-stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle network timeouts
   source: 'api',
-  toolCount: 1,
-[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
-  protectedTools: [ 'tool1' ],
+  toolCount: 2,
+  protectedTools: [ 'read_repos', 'send_email' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.779Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.162Z'
 }
- ✓ src/__tests__/runtime/tool-protection-enforcement.test.ts (29 tests) 21ms
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should handle old endpoint format with tools object
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
+  toolCount: 2,
   protectedTools: [ 'tool1' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.779Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.162Z'
 }
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should parse oauthProvider from old endpoint format (tools object)
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'tool1' ],
+  toolCount: 2,
+  protectedTools: [ 'read_repos', 'send_email' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.779Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.162Z'
 }
-stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should submit proof end-to-end
-[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
-  correlationId: 'b9f3bfd5-7493-4d84-9433-945207c1aecf',
-  status: 200,
-  statusText: '',
-  headers: { 'content-type': 'application/json' },
-  responseTextLength: 100,
-  responseTextPreview: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}',
-  fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
+[ToolProtectionService] Cache miss, fetching from API {
+  source: 'api-fetch-start',
+  cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'none',
+  apiUrl: 'https://kya.vouched.id',
+  endpoint: '/api/v1/bouncer/config?agent_did=did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
 }
-[AccessControl] 🔍 PARSED RESPONSE DATA: {
-  correlationId: 'b9f3bfd5-7493-4d84-9433-945207c1aecf',
-  status: 200,
-  responseDataType: 'object',
-  responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
-  responseData: '{\n' +
-    '  "success": true,\n' +
-    '  "accepted": 1,\n' +
-    '  "rejected": 0,\n' +
-    '  "outcomes": {\n' +
-    '    "success": 1,\n' +
-    '    "failed": 0,\n' +
-    '    "blocked": 0,\n' +
-    '    "error": 0\n' +
-    '  }\n' +
-    '}'
+[ToolProtectionService] Fetching from API: https://kya.vouched.id/api/v1/bouncer/config?agent_did=did%3Akey%3Az6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK {
+  method: 'config?agent_did (old)',
+  projectId: 'none',
+  apiKeyPresent: true,
+  apiKeyLength: 18,
+  apiKeyMasked: 'test-api...'
 }
-[AccessControl] Raw response received: {
-  "success": true,
-  "accepted": 1,
-  "rejected": 0,
-  "outcomes": {
-    "success": 1,
-    "failed": 0,
-    "blocked": 0,
-    "error": 0
-  }
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
+[ToolProtectionService] API response received {
+  source: 'api-fetch-complete',
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'none',
+  responseKeys: [ 'success', 'data', 'metadata' ],
+  dataKeys: [ 'tools' ],
+  rawToolProtections: null,
+  rawTools: [
+    { name: 'valid_tool', requiresDelegation: true },
+    { requiresDelegation: false }
+  ],
+  responseMetadata: {}
 }
-stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should handle proof submission with errors
-[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
-  correlationId: '427b30ad-3c1c-4298-b6f8-ca91bc973942',
-  status: 200,
-  statusText: '',
-  headers: { 'content-type': 'application/json' },
-  responseTextLength: 200,
-  responseTextPreview: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}',
-  fullResponseText: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}'
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'valid_tool' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'none',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.162Z'
 }
-[AccessControl] 🔍 PARSED RESPONSE DATA: {
-  correlationId: '427b30ad-3c1c-4298-b6f8-ca91bc973942',
-  status: 200,
-  responseDataType: 'object',
-  responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
-  responseData: '{\n' +
-    '  "success": true,\n' +
-    '  "accepted": 0,\n' +
-    '  "rejected": 1,\n' +
-    '  "outcomes": {\n' +
-    '    "success": 0,\n' +
-    '    "failed": 1,\n' +
-    '    "blocked": 0,\n' +
-    '    "error": 0\n' +
-    '  },\n' +
-    '  "errors": [\n' +
-    '    {\n' +
-    '      "proof_index": 0,\n' +
-    '      "error": {\n' +
-    '        "code": "invalid_signature",\n' +
-    '        "message": "Invalid JWS signature"\n' +
-    '      }\n' +
-    '    }\n' +
-    '  ]\n' +
-    '}'
+[ToolProtectionService] API fetch successful, config cached {
+  source: 'cache-write',
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
+  toolCount: 1,
+  tools: [ { name: 'valid_tool', requiresDelegation: true, scopeCount: 0 } ],
+  ttlMs: 300000,
+  ttlMinutes: 5,
+  expiresAt: '2025-11-24T05:14:59.162Z',
+  expiresIn: '300s'
 }
-[AccessControl] Raw response received: {
-  "success": true,
-  "accepted": 0,
-  "rejected": 1,
-  "outcomes": {
-    "success": 0,
-    "failed": 1,
-    "blocked": 0,
-    "error": 0
-  },
-  "errors": [
-    {
-      "proof_index": 0,
-      "error": {
-        "code": "invalid_signature",
-        "message": "Invalid JWS signature"
-      }
-    }
-  ]
+stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch error handling > should handle network errors gracefully
+[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  error: 'ECONNREFUSED',
+  cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
 }
-stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Verification Flow > should verify proof using ProofVerifier
-[CryptoService] Key ID mismatch
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should cache successful API responses
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'none',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.165Z'
+}
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should use default cache TTL when not specified
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 3,
-  protectedTools: [ 'add_to_cart', 'checkout' ],
+  toolCount: 0,
+  protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.779Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.165Z'
 }
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
-[ToolProtectionService] Protection check {
-  tool: 'add_to_cart',
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should use custom cache TTL when specified
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 0,
+  protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  found: true,
-  isWildcard: false,
-  requiresDelegation: true,
-  availableTools: [ 'search_products', 'add_to_cart', 'checkout' ]
+  projectId: 'none',
+  cacheTtlMs: 600000,
+  cacheExpiresAt: '2025-11-24T05:19:59.166Z'
 }
-stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Concurrent operations > should handle concurrent cache operations
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle empty toolProtections object
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'tool1' ],
+  toolCount: 0,
+  protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.780Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.166Z'
 }
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle null requiredScopes
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
   protectedTools: [ 'tool1' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.780Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.166Z'
 }
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle mixed camelCase and snake_case in response
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
+  toolCount: 2,
   protectedTools: [ 'tool1' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:31.780Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.166Z'
 }
- ✓ src/__tests__/integration/full-flow.test.ts (21 tests) 12ms
- ✓ src/__tests__/runtime/base.test.ts (55 tests) 13ms
-stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
-[ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
-    at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-    at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:252:7
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
-stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
-[ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
-    at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-    at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:257:9
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
- ✓ src/__tests__/runtime/base-extensions.test.ts (38 tests) 10ms
- ✓ src/services/__tests__/proof-verifier.integration.test.ts (13 tests | 1 skipped) 53ms
- ✓ src/__tests__/runtime/route-interception.test.ts (21 tests) 25ms
- ✓ src/delegation/__tests__/vc-issuer.test.ts (21 tests) 94ms
- ✓ src/__tests__/cache/tool-protection-cache.test.ts (49 tests) 166ms
- ✓ src/services/__tests__/access-control.integration.test.ts (9 tests) 126ms
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool has no protection
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle API rate limiting gracefully
-  toolCount: 0,
-[ToolProtectionService] API fetch failed, using fallback config {
+  toolCount: 1,
   protectedTools: [],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 1000,
+  projectId: 'none',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.166Z'
+}
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool is not in config
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'other_tool' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  cacheExpiresAt: '2025-11-24T00:07:33.793Z'
-  error: 'Failed to fetch bouncer config: 429 Too Many Requests - Rate limit exceeded'
+  projectId: 'none',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.166Z'
 }
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool is not in config
+[ToolProtectionService] Protection check {
+  tool: 'unknown_tool',
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  found: false,
+  isWildcard: true,
+  requiresDelegation: false,
+  availableTools: [ 'other_tool' ]
 }
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle typical e-commerce tool protection config
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 4,
-  protectedTools: [ 'add_to_cart', 'checkout' ],
+  toolCount: 2,
+  protectedTools: [ '*' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:32.794Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.167Z'
 }
-stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle concurrent requests
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
+[ToolProtectionService] Protection check {
+  tool: 'unknown_tool',
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  found: true,
+  isWildcard: true,
+  requiresDelegation: true,
+  availableTools: [ '*', 'specific_tool' ]
+}
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should prioritize specific tool protection over wildcard
 [ToolProtectionService] Config loaded from API {
   source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'tool1' ],
+  toolCount: 2,
+  protectedTools: [ '*' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:32.795Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.167Z'
+}
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
+stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
+[ToolProtectionService] Protection check {
+[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
+  tool: 'any_tool',
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  found: true,
+  isWildcard: true,
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  requiresDelegation: true,
+  error: 'Network error',
+  cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
+  availableTools: [ '*' ]
 }
+}
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return protection config when tool requires delegation
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
-  protectedTools: [ 'tool1' ],
+  protectedTools: [ 'protected_tool' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:32.795Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.168Z'
 }
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return protection config when tool requires delegation
+[ToolProtectionService] Protection check {
+  tool: 'protected_tool',
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  found: true,
+  isWildcard: false,
+  requiresDelegation: true,
+  availableTools: [ 'protected_tool' ]
+}
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
   protectedTools: [ 'tool1' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
+  projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:32.795Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.168Z'
 }
- ✓ src/__tests__/services/agentshield-integration.test.ts (30 tests) 1119ms
-       ✓ should respect cache TTL  1102ms
-stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API request fails
-[RemoteConfig] API returned 404: Not Found
+stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'none',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.168Z'
+}
-stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API throws error
-[RemoteConfig] Failed to fetch config: Error: Network error
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:170:35
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
-    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
+ ✓ src/__tests__/services/tool-protection.service.test.ts (49 tests) 20ms
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 0,
+  protectedTools: [],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project-123',
+  cacheTtlMs: 1000,
+  cacheExpiresAt: '2025-11-24T05:10:00.247Z'
+}
-stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if neither projectId nor agentDid provided
-[RemoteConfig] Neither projectId nor agentDid provided
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle typical e-commerce tool protection config
+stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle API rate limiting gracefully
+[ToolProtectionService] API fetch failed, using fallback config {
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  error: 'Failed to fetch bouncer config: 429 Too Many Requests - Rate limit exceeded'
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 4,
+}
-stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should handle cache read errors gracefully
-[RemoteConfig] Cache read failed: Error: Cache error
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:198:50
+  protectedTools: [ 'add_to_cart', 'checkout' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project-123',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.247Z'
+}
+stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle concurrent requests
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project-123',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.248Z'
+}
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project-123',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.248Z'
+}
+[ToolProtectionService] Config loaded from API {
+  source: 'api',
+  toolCount: 1,
+  protectedTools: [ 'tool1' ],
+  agentDid: 'did:key:z6MkhaXgBZDv...',
+  projectId: 'test-project-123',
+  cacheTtlMs: 300000,
+  cacheExpiresAt: '2025-11-24T05:14:59.248Z'
+}
+stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.get errors gracefully
+[UserDidManager] Storage.get failed, generating new DID: Error: Storage error
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:187:67
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
@@ -1849,13 +1657,9 @@ stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error
     at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
     at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
- ✓ src/config/__tests__/remote-config.spec.ts (9 tests) 5ms
-stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
-[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyEd25519 > should return false on verification error
-[CryptoService] Ed25519 verification error: Error: Verification failed
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:62:9
+stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.set errors gracefully
+[UserDidManager] Storage.set failed, continuing with cached DID: Error: Storage error
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:196:67
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
@@ -1866,311 +1670,560 @@ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyE
     at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
     at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject invalid JWK format
-[CryptoService] Invalid Ed25519 JWK format
+stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.delete errors gracefully
+[UserDidManager] Storage.delete failed, continuing: Error: Storage error
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:206:70
+    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong kty
-[CryptoService] Invalid Ed25519 JWK format
+ ✓ src/__tests__/services/agentshield-integration.test.ts (30 tests) 1123ms
+       ✓ should respect cache TTL  1102ms
+ ✓ src/__tests__/identity/user-did-manager.test.ts (17 tests) 119ms
+ ✓ src/compliance/__tests__/schema-verifier.test.ts (30 tests) 6ms
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when no protection required
+[MCP-I] Checking tool protection: {
+  tool: 'unprotectedTool',
+  agentDid: 'did:key:zmock123...',
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  hasDelegation: false
+  tool: 'protectedTool',
+}
+  requiredScopes: [ 'files:write' ],
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong crv
-[CryptoService] Invalid Ed25519 JWK format
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when no protection required
+  agentDid: 'did:key:zmock123...',
+  resumeToken: 'resume_azvx3j_micou223',
+[MCP-I] Tool protection check passed (no delegation required) {
+  tool: 'unprotectedTool',
+  agentDid: 'did:key:zmock123...',
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_azvx3j_micou223'
+  reason: 'Tool not configured to require delegation'
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with missing x field
-[CryptoService] Invalid Ed25519 JWK format
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
+[MCP-I] Checking tool protection: {
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with empty x field
-[CryptoService] Invalid Ed25519 JWK format
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
+  hasDelegation: false
+[MCP-I] ❌ Delegation verification FAILED {
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject malformed JWS
-[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token '', "" is not valid JSON
-    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
-    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:230:42
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: true
+}
+  agentDid: 'did:key:zmock123...',
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject non-EdDSA algorithms
-[CryptoService] Unsupported algorithm: RS256, expected EdDSA
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
+  reason: 'Delegation token expired',
+[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: 'protectedTool',
+  errorCode: undefined,
+  errorMessage: undefined,
+  agentDid: 'did:key:zmock123...',
+  hasDelegationToken: true,
+  hasConsentProof: false,
+  requiredScopes: [ 'files:write' ]
+}
+  requiredScopes: [ 'files:write' ]
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject HS256 algorithm
-[CryptoService] Unsupported algorithm: HS256, expected EdDSA
+}
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle empty JWS components
-[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected end of JSON input
-    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
-    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:271:42
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+[MCP-I] ❌ Delegation verification FAILED {
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
+[MCP-I] ✅ Delegation verification SUCCEEDED {
+  tool: 'protectedTool',
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  agentDid: 'did:key:zmock123...',
+  reason: 'Insufficient scopes',
+  delegationId: 'test-delegation-id',
+  credentialScopes: [ 'files:write' ],
+  requiredScopes: [ 'files:write' ]
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - single part
-[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
-    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
-    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:279:42
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+  errorCode: undefined,
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
+  errorMessage: undefined,
+  requiredScopes: [ 'files:write' ]
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - two parts
-[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
-    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
-    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:287:42
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: true
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - four parts
-[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
-    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
-    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:302:42
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
+[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegationToken: false,
+  hasConsentProof: true,
+  requiredScopes: [ 'files:write' ]
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid JSON header
-[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token 'o', "notjson" is not valid JSON
-    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
-    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:316:42
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
+[MCP-I] ✅ Delegation verification SUCCEEDED {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  delegationId: 'test-delegation-id',
+  credentialScopes: [ 'files:write' ],
+  requiredScopes: [ 'files:write' ]
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid base64
-[CryptoService] Invalid JWS format: Error: Invalid payload base64: Invalid base64url string: Invalid character
-    at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:107:15)
-    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:334:42
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: true
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate expectedKid option
-[CryptoService] Key ID mismatch
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
+[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegationToken: true,
+  hasConsentProof: false,
+  requiredScopes: [ 'files:write' ]
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate alg option
-[CryptoService] Unsupported algorithm: EdDSA, expected RS256
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: true
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate Ed25519 key length
-[CryptoService] Failed to extract public key: Error: Invalid Ed25519 public key length: 5
-    at CryptoService.jwkToBase64PublicKey (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:295:13)
-    at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:249:32)
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:398:42
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
+[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegationToken: true,
+  hasConsentProof: false,
+  requiredScopes: [ 'files:write' ]
+}
-stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle signature verification error
-[CryptoService] Ed25519 verification error: Error: Crypto error
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:449:61
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
-    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+[MCP-I] ❌ Delegation verification error (API failure) {
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: true
+}
- ✓ src/services/__tests__/crypto.service.test.ts (34 tests) 17ms
-stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
-[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
+[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  errorCode: 'network_error',
+  errorMessage: 'API unavailable',
+  tool: 'protectedTool',
+  errorDetails: {}
+  agentDid: 'did:key:zmock123...',
+  hasDelegationToken: true,
+}
+  hasConsentProof: false,
+  requiredScopes: [ 'files:write' ]
+}
-stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should fall back to memory when Redis connection fails
-[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when access control service not configured (graceful degradation)
+[MCP-I] Checking tool protection: {
-stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should use KV namespace when provided
-[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when access control service not configured (graceful degradation)
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: true
+[MCP-I] ⚠️ Delegation token provided but AccessControlApiService not configured - skipping verification {
+  tool: 'protectedTool',
+}
+  agentDid: 'did:key:zmock123...',
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should parse oauthProvider from camelCase field
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'read_repos', 'send_email' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.003Z'
+  hasDelegationToken: true,
+  hasConsentProof: false
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+}
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: true
 }
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should parse oauthProvider from snake_case field
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'read_repos' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.009Z'
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
+[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+[MCP-I] 🔒 SECURITY: User identifier validation FAILED {
+  hasDelegationToken: true,
+  hasConsentProof: false,
+  requiredScopes: [ 'files:write' ]
 }
+  tool: 'protectedTool',
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should prefer camelCase over snake_case when both present
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'read_repos' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.010Z'
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
+  agentDid: 'did:key:zmock123...',
+  delegationUserIdentifier: 'did:key:zUserB987654...',
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  sessionUserDid: 'did:key:zUserA123456...',
+  sessionId: 'session123...',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: true
+}
+  reason: 'user_identifier_mismatch',
+  severity: 'high'
 }
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
+[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should handle missing oauthProvider field (backward compatible)
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'read_repos' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.010Z'
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegationToken: true,
+  hasConsentProof: false,
+  requiredScopes: [ 'files:write' ]
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
+}
+[MCP-I] ⚠️ Delegation has user_identifier but session missing userDid {
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
+[MCP-I] ✅ User identifier validation PASSED {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  delegationUserIdentifier: 'did:key:zUserA123456...',
+  userDid: 'did:key:zUserA123456...',
+  sessionId: 'session123...'
+  sessionId: 'session123...'
+}
+}
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should not create proof when tool execution is blocked
+[MCP-I] ✅ Delegation verification SUCCEEDED {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  delegationId: 'test-delegation-id',
+  credentialScopes: [ 'files:write' ],
+  tool: 'protectedTool',
+  requiredScopes: [ 'files:write' ],
+  requiredScopes: [ 'files:write' ]
+  agentDid: 'did:key:zmock123...',
+}
+  resumeToken: 'resume_azvxwt_micou22g',
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_azvxwt_micou22g'
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
+}
+[MCP-I] Checking tool protection: {
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include tool name in error
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: 'protectedTool',
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: true
+}
+  requiredScopes: [ 'files:write' ],
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
+[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegationToken: true,
+  hasConsentProof: false,
+  agentDid: 'did:key:zmock123...',
+  requiredScopes: [ 'files:write' ]
+  resumeToken: 'resume_azvxwt_micou22g',
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_azvxwt_micou22g'
+}
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include required scopes in error
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+[MCP-I] ✅ Delegation verification SUCCEEDED {
+  tool: 'protectedTool',
+  tool: 'protectedTool',
+  requiredScopes: [ 'files:write', 'files:read' ],
+  agentDid: 'did:key:zmock123...',
+  delegationId: 'test-delegation-id',
+  credentialScopes: [ 'files:write' ],
+  agentDid: 'did:key:zmock123...',
+  resumeToken: 'resume_azvxxo_micou22h',
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite%2Cfiles%3Aread&session_id=session123&agent_did=&resume_token=resume_azvxxo_micou22h'
+  requiredScopes: [ 'files:write' ]
+}
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  hasDelegation: true
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
+[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegationToken: true,
+  hasConsentProof: false,
+  tool: 'protectedTool',
+  requiredScopes: [ 'files:write' ],
+  requiredScopes: [ 'files:write' ]
+}
+  agentDid: 'did:key:zmock123...',
+  resumeToken: 'resume_azvxxo_micou22h',
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
+[MCP-I] ✅ Delegation verification SUCCEEDED {
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_azvxxo_micou22h'
+  tool: 'protectedTool',
+}
+  agentDid: 'did:key:zmock123...',
+  delegationId: 'test-delegation-id',
+  credentialScopes: [ 'files:write' ],
+  requiredScopes: [ 'files:write' ]
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should create proof after successful tool execution
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include resume token in error
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+[MCP-I] Checking tool protection: {
+  tool: 'unprotectedTool',
+  agentDid: 'did:key:zmock123...',
+  tool: 'protectedTool',
+  hasDelegation: false
+}
+  requiredScopes: [ 'files:write' ],
+  agentDid: 'did:key:zmock123...',
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should create proof after successful tool execution
+[MCP-I] Tool protection check passed (no delegation required) {
+  tool: 'unprotectedTool',
+  agentDid: 'did:key:zmock123...',
+  reason: 'Tool not configured to require delegation'
+  resumeToken: 'resume_azvxxo_micou22h',
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should not create proof when tool execution is blocked
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_azvxxo_micou22h'
+}
+}
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include tool name in error
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+  requiredScopes: [ 'files:write' ],
+  agentDid: 'did:key:zmock123...',
+}
+  resumeToken: 'resume_r6m55z_micou22h',
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include required scopes in error
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_r6m55z_micou22h'
+}
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include resume token in error
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
+[MCP-I] Checking tool protection: {
+  tool: 'testTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
+[MCP-I] Tool protection check passed (no delegation required) {
+  tool: 'testTool',
+  agentDid: 'did:key:zmock123...',
+  reason: 'Tool not configured to require delegation'
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log blocked tool call when audit enabled
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
+[MCP-I] Checking tool protection: {
+  tool: 'testTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+}
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
+[MCP-I] Tool protection check passed (no delegation required) {
+  tool: 'testTool',
+  agentDid: 'did:key:zmock123...',
+  reason: 'Tool not configured to require delegation'
 }
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should parse oauthProvider from array format with camelCase
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'read_repos', 'send_email' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.011Z'
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should handle tool protection service errors gracefully
+[MCP-I] Checking tool protection: {
+  tool: 'testTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
 }
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should parse oauthProvider from array format with snake_case
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'read_repos' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.011Z'
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle empty required scopes array
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle empty required scopes array
+[MCP-I] Checking tool protection: {
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
 }
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should prefer camelCase over snake_case in array format
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'read_repos' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.011Z'
+  tool: 'protectedTool',
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle multiple required scopes
+  requiredScopes: [],
+[MCP-I] Checking tool protection: {
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
+  resumeToken: 'resume_azvxyj_micou22j',
 }
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should parse oauthProvider from object format with camelCase
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'read_repos', 'send_email' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.011Z'
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle session without id
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=&session_id=session123&agent_did=&resume_token=resume_azvxyj_micou22j'
 }
+[MCP-I] Checking tool protection: {
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should parse oauthProvider from object format with snake_case
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'read_repos' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.011Z'
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle multiple required scopes
+  tool: 'protectedTool',
+  agentDid: 'did:key:zmock123...',
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  hasDelegation: false
 }
+  tool: 'protectedTool',
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should prefer camelCase over snake_case in object format
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'read_repos' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'none',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.012Z'
+  requiredScopes: [ 'scope1', 'scope2', 'scope3' ],
+  agentDid: 'did:key:zmock123...',
+  resumeToken: 'resume_azvxze_micou22j',
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=scope1%2Cscope2%2Cscope3&session_id=session123&agent_did=&resume_token=resume_azvxze_micou22j'
 }
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Caching > should cache oauthProvider field correctly
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'read_repos' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.012Z'
+stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle session without id
+[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: 'protectedTool',
+  requiredScopes: [ 'files:write' ],
+  agentDid: 'did:key:zmock123...',
+  resumeToken: 'resume_o1xye4_micou22j',
+  consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=&agent_did=&resume_token=resume_o1xye4_micou22j'
 }
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle handler errors independently of protection
+[MCP-I] Checking tool protection: {
+  tool: 'errorTool',
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > oauthProvider field inclusion > should include oauthProvider in returned ToolProtection objects when present
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 2,
-  protectedTools: [ 'tool_with_provider', 'tool_without_provider' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.013Z'
+  agentDid: 'did:key:zmock123...',
+  hasDelegation: false
 }
-stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > oauthProvider field inclusion > should handle empty string oauthProvider gracefully
-[ToolProtectionService] Config loaded from API {
-  source: 'api',
-  toolCount: 1,
-  protectedTools: [ 'tool_with_empty_provider' ],
-  agentDid: 'did:key:z6MkhaXgBZDv...',
-  projectId: 'test-project-123',
-  cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.013Z'
+stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle handler errors independently of protection
+[MCP-I] Tool protection check passed (no delegation required) {
+  tool: 'errorTool',
+  agentDid: 'did:key:zmock123...',
+  reason: 'Tool not configured to require delegation'
 }
- ✓ src/__tests__/services/tool-protection-oauth-provider.test.ts (14 tests) 11ms
- ✓ src/__tests__/runtime/delegation-flow.test.ts (4 tests) 4ms
- ✓ src/delegation/__tests__/delegation-graph.test.ts (28 tests) 35ms
- ✓ src/compliance/__tests__/schema-verifier.test.ts (30 tests) 43ms
- ✓ src/services/__tests__/storage.service.test.ts (17 tests) 81ms
-stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.get errors gracefully
-[UserDidManager] Storage.get failed, generating new DID: Error: Storage error
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:187:67
+stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle empty scopes array
+[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
+stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle ambiguous scopes (multiple providers inferred)
+[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
+ ✓ src/__tests__/runtime/tool-protection-enforcement.test.ts (29 tests) 27ms
+stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle unknown scope prefixes
+[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
+stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify gmail → google mapping works
+[ProviderResolver] Inferred provider "google" from scopes
+stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle scopes without colons
+[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
+stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle inferred provider not in registry
+[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "google" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
+stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify calendar → google mapping works
+[ProviderResolver] Inferred provider "google" from scopes
+stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify outlook → microsoft mapping works
+[ProviderResolver] Inferred provider "microsoft" from scopes
+stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Provider name case sensitivity > should handle provider names case-insensitively in inference
+stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Fallback behavior (Priority 3) > should use first configured provider when oauthProvider not specified
+[ProviderResolver] Inferred provider "github" from scopes
+[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
+stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Multiple scopes with same provider > should handle multiple scopes from same provider
+[ProviderResolver] Inferred provider "github" from scopes
+ ✓ src/__tests__/services/provider-resolver-edge-cases.test.ts (19 tests | 1 skipped) 6ms
+ ✓ src/delegation/__tests__/cascading-revocation.test.ts (23 tests) 9ms
+stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API request fails
+[RemoteConfig] API returned 404: Not Found
+stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API throws error
+[RemoteConfig] Failed to fetch config: Error: Network error
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:170:35
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
@@ -2181,9 +2234,12 @@ stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > erro
     at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
     at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
-stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.set errors gracefully
-[UserDidManager] Storage.set failed, continuing with cached DID: Error: Storage error
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:196:67
+stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if neither projectId nor agentDid provided
+[RemoteConfig] Neither projectId nor agentDid provided
+stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should handle cache read errors gracefully
+[RemoteConfig] Cache read failed: Error: Cache error
+    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:198:50
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
     at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
@@ -2194,63 +2250,57 @@ stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > erro
     at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
     at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
-stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.delete errors gracefully
-[UserDidManager] Storage.delete failed, continuing: Error: Storage error
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:206:70
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
+ ✓ src/config/__tests__/remote-config.spec.ts (9 tests) 8ms
+ ✓ src/__tests__/runtime/base-extensions.test.ts (38 tests) 13ms
+stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from github scope prefix
+[ProviderResolver] Inferred provider "github" from scopes
+stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from gmail scope prefix (maps to google)
+[ProviderResolver] Inferred provider "google" from scopes
- ✓ src/__tests__/identity/user-did-manager.test.ts (17 tests) 6ms
- ✓ src/__tests__/providers/memory.test.ts (34 tests) 42ms
+stderr | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should return null for ambiguous scopes
+[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
+ ✓ src/delegation/storage/__tests__/memory-statuslist-storage.test.ts (14 tests) 3ms
 stdout | src/__tests__/integration.test.ts > Integration Tests > Full handshake and tool execution flow > should complete full authentication and tool execution cycle
-[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zgawzmezJZQ6wgeXt7HYTSNpnhRFYVBOF","environment":"development","userDidGeneration":"disabled"},"timestamp":1763942853304,"timestampFormatted":"2025-11-24T00:07:33.304Z"}
+[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zKHMWEe9lvl8NzH-nOCmdsVYqmPMMH7HN","environment":"development","userDidGeneration":"disabled"},"timestamp":1763960999847,"timestampFormatted":"2025-11-24T05:09:59.847Z"}
+ ✓ src/services/__tests__/provider-resolver.test.ts (8 tests) 32ms
 stdout | src/__tests__/integration.test.ts > Integration Tests > Full handshake and tool execution flow > should complete full authentication and tool execution cycle
-[AUDIT] {"event":"tool_executed","data":{"tool":"greetingTool","sessionId":"fc3e2ac26e26d1afcf44f37e8734cc77","timestamp":1763942853304},"timestamp":1763942853304,"timestampFormatted":"2025-11-24T00:07:33.304Z"}
+stderr | src/services/__tests__/provider-resolution.integration.test.ts > Provider Resolution Integration > Backward compatibility > should work with Phase 1 tools (no oauthProvider field)
+[AUDIT] {"event":"tool_executed","data":{"tool":"greetingTool","sessionId":"9f53886c45af592429273c8da568fdce","timestamp":1763960999847},"timestamp":1763960999847,"timestampFormatted":"2025-11-24T05:09:59.847Z"}
+[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
 stdout | src/__tests__/integration.test.ts > Integration Tests > Session expiry handling > should handle expired sessions correctly
-[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:ze9fflR5vjBAYUnZX928lRvPuRcxjSk-z","environment":"development","userDidGeneration":"disabled"},"timestamp":1763942853307,"timestampFormatted":"2025-11-24T00:07:33.307Z"}
+[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zpsK-2MSeEbhehYrHSpEIND5oTsxgkKmI","environment":"development","userDidGeneration":"disabled"},"timestamp":1763960999852,"timestampFormatted":"2025-11-24T05:09:59.852Z"}
 stdout | src/__tests__/integration.test.ts > Integration Tests > Key rotation flow > should handle key rotation and maintain functionality
-[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z3ZDZtNttwmtt7ELJWFCeIzqlL8nzjMcH","environment":"development","userDidGeneration":"disabled"},"timestamp":1763942853307,"timestampFormatted":"2025-11-24T00:07:33.307Z"}
+[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z2CD4_NlghynWMgAKrUABicoh4gh3EJmm","environment":"development","userDidGeneration":"disabled"},"timestamp":1763960999853,"timestampFormatted":"2025-11-24T05:09:59.853Z"}
 stdout | src/__tests__/integration.test.ts > Integration Tests > Key rotation flow > should handle key rotation and maintain functionality
-[AUDIT] {"event":"keys_rotated","data":{"oldDid":"did:key:z3ZDZtNttwmtt7ELJWFCeIzqlL8nzjMcH","newDid":"did:key:z4J4RwFFWLeP9-gRswfbNpWtnaEVMBQwt","timestamp":1763942853307},"timestamp":1763942853307,"timestampFormatted":"2025-11-24T00:07:33.307Z"}
+[AUDIT] {"event":"keys_rotated","data":{"oldDid":"did:key:z2CD4_NlghynWMgAKrUABicoh4gh3EJmm","newDid":"did:key:zqmzLbyVWDwxXjge6z9ffPDl_9BQeepvI","timestamp":1763960999853},"timestamp":1763960999853,"timestampFormatted":"2025-11-24T05:09:59.853Z"}
 stdout | src/__tests__/integration.test.ts > Integration Tests > Well-known endpoints > should provide identity discovery endpoints
-[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z7vYoHwFRIEPr3gdS3vF692iZw-bYe9fH","environment":"development","userDidGeneration":"disabled"},"timestamp":1763942853308,"timestampFormatted":"2025-11-24T00:07:33.308Z"}
+[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zkadutnAN4bMvEgxVwssoDtIbAX48JPn3","environment":"development","userDidGeneration":"disabled"},"timestamp":1763960999854,"timestampFormatted":"2025-11-24T05:09:59.854Z"}
 stdout | src/__tests__/integration.test.ts > Integration Tests > Nonce replay protection > should prevent nonce reuse
-[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zO7YtLrN6P77XvtYcNzcZ1tbn2VrCV7Xo","environment":"development","userDidGeneration":"disabled"},"timestamp":1763942853308,"timestampFormatted":"2025-11-24T00:07:33.308Z"}
+[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zDhFktG7SJGk92VRCGU07zAlLCirOmruX","environment":"development","userDidGeneration":"disabled"},"timestamp":1763960999854,"timestampFormatted":"2025-11-24T05:09:59.854Z"}
 stdout | src/__tests__/integration.test.ts > Integration Tests > Error handling > should handle network errors gracefully
-[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zH8ooTd1wnDFYDUQAbOaeDNDv7VzURDE7","environment":"development","userDidGeneration":"disabled"},"timestamp":1763942853308,"timestampFormatted":"2025-11-24T00:07:33.308Z"}
+[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zs1HD3JSVKZ8XioGcoyUz-wYLR2RsBLsb","environment":"development","userDidGeneration":"disabled"},"timestamp":1763960999854,"timestampFormatted":"2025-11-24T05:09:59.854Z"}
 stdout | src/__tests__/integration.test.ts > Integration Tests > Error handling > should handle malformed DID documents
-[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zb5ziS5X4pWwyrngBvH0HMSjeDlBIMCzK","environment":"development","userDidGeneration":"disabled"},"timestamp":1763942853308,"timestampFormatted":"2025-11-24T00:07:33.308Z"}
+[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:za_s_4JU0rqmme1SyzGyQONhtUJtpD-Qc","environment":"development","userDidGeneration":"disabled"},"timestamp":1763960999855,"timestampFormatted":"2025-11-24T05:09:59.855Z"}
 stdout | src/__tests__/integration.test.ts > Integration Tests > Debug endpoint > should provide debug information in development
-[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z_K5ogsrvWrR3jcXVCAqoUe8Mg7YJabC8","environment":"development","userDidGeneration":"disabled"},"timestamp":1763942853309,"timestampFormatted":"2025-11-24T00:07:33.309Z"}
+[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zPUdqJV0bS81prnCGFRuS2AN8LA8y-Qi9","environment":"development","userDidGeneration":"disabled"},"timestamp":1763960999855,"timestampFormatted":"2025-11-24T05:09:59.855Z"}
 stdout | src/__tests__/integration.test.ts > Integration Tests > Debug endpoint > should be disabled in production
-[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zzYWh9Bo-lzescoRstmmSjQCiMfkE4hlh","environment":"development","userDidGeneration":"disabled"},"timestamp":1763942853309,"timestampFormatted":"2025-11-24T00:07:33.309Z"}
- ✓ src/__tests__/integration.test.ts (9 tests) 6ms
-stderr | src/services/__tests__/proof-verifier.test.ts > ProofVerifier Security > Signature Verification > should handle signature verification errors gracefully
-[CryptoService] Ed25519 verification error: Error: Crypto error
-    at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.test.ts:328:9
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
-    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
-    at new Promise (<anonymous>)
-    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
-    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
-    at processTicksAndRejections (node:internal/process/task_queues:103:5)
-    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
-    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
+[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zK-oxikLztFEWKM0ymHZ1l4pyrmK4GGH4","environment":"development","userDidGeneration":"disabled"},"timestamp":1763960999855,"timestampFormatted":"2025-11-24T05:09:59.855Z"}
- ✓ src/services/__tests__/proof-verifier.test.ts (21 tests) 13ms
- ✓ src/__tests__/providers/base.test.ts (14 tests) 4ms
+ ✓ src/services/__tests__/provider-resolution.integration.test.ts (6 tests) 4ms
+ ✓ src/__tests__/integration.test.ts (9 tests) 9ms
 stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Phase 1 tools (no oauthProvider) > should work with Phase 1 tools that don't specify oauthProvider
 [ToolProtectionService] Config loaded from API {
   source: 'api',
@@ -2259,12 +2309,10 @@ stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.429Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.851Z'
 }
-stderr | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > No Regressions > Phase 1 OAuth flow > should still work with Phase 1 OAuth flow (no oauthProvider)
 stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Old API endpoint format > should still support old endpoint format (tools array)
-[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
@@ -2272,19 +2320,18 @@ stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.433Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.861Z'
 }
 stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Old API endpoint format > should still support old endpoint format (tools object)
 [ToolProtectionService] Config loaded from API {
   source: 'api',
   toolCount: 1,
   protectedTools: [ 'old_tool' ],
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'none',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.433Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.861Z'
 }
 stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > snake_case field names > should still support snake_case field names
@@ -2295,9 +2342,12 @@ stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.433Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.861Z'
 }
+stderr | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > No Regressions > Phase 1 OAuth flow > should still work with Phase 1 OAuth flow (no oauthProvider)
+[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
 stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Mixed Phase 1 and Phase 2 tools > should handle mix of Phase 1 and Phase 2 tools in same project
 [ToolProtectionService] Config loaded from API {
   source: 'api',
@@ -2306,75 +2356,25 @@ stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression
   agentDid: 'did:key:z6MkhaXgBZDv...',
   projectId: 'test-project-123',
   cacheTtlMs: 300000,
-  cacheExpiresAt: '2025-11-24T00:12:33.434Z'
+  cacheExpiresAt: '2025-11-24T05:14:59.862Z'
 }
- ✓ src/__tests__/regression/phase2-regression.test.ts (12 tests) 6ms
-stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from github scope prefix
-[ProviderResolver] Inferred provider "github" from scopes
-stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from gmail scope prefix (maps to google)
-stderr | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should return null for ambiguous scopes
-[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
-stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle empty scopes array
-[ProviderResolver] Inferred provider "google" from scopes
-[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
- ✓ src/delegation/__tests__/cascading-revocation.test.ts (23 tests) 8ms
-stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify gmail → google mapping works
-[ProviderResolver] Inferred provider "google" from scopes
-stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle ambiguous scopes (multiple providers inferred)
-[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
-stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle unknown scope prefixes
-stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify calendar → google mapping works
-[ProviderResolver] Inferred provider "google" from scopes
-stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify outlook → microsoft mapping works
-[ProviderResolver] Inferred provider "microsoft" from scopes
-[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
-stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle scopes without colons
-[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
-stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle inferred provider not in registry
-[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "google" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
-stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Fallback behavior (Priority 3) > should use first configured provider when oauthProvider not specified
-[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
-stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Provider name case sensitivity > should handle provider names case-insensitively in inference
-[ProviderResolver] Inferred provider "github" from scopes
-stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Multiple scopes with same provider > should handle multiple scopes from same provider
-[ProviderResolver] Inferred provider "github" from scopes
- ✓ src/__tests__/services/provider-resolver-edge-cases.test.ts (19 tests | 1 skipped) 9ms
- ✓ src/delegation/storage/__tests__/memory-statuslist-storage.test.ts (14 tests) 2ms
- ✓ src/delegation/__tests__/bitstring.test.ts (30 tests) 4ms
- ✓ src/delegation/storage/__tests__/memory-graph-storage.test.ts (27 tests) 4ms
- ✓ src/services/__tests__/provider-resolver.test.ts (8 tests) 5ms
- ✓ src/__tests__/runtime/proof-client-did.test.ts (17 tests) 8ms
- ✓ src/services/__tests__/batch-delegation.service.test.ts (11 tests) 4ms
-stderr | src/services/__tests__/provider-resolution.integration.test.ts > Provider Resolution Integration > Backward compatibility > should work with Phase 1 tools (no oauthProvider field)
-[ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
- ✓ src/services/__tests__/provider-resolution.integration.test.ts (6 tests) 3ms
- ✓ src/services/__tests__/oauth-provider-registry.test.ts (9 tests) 5ms
  ✓ src/__tests__/runtime/audit-logger.test.ts (9 tests) 3ms
+ ✓ src/__tests__/regression/phase2-regression.test.ts (12 tests) 17ms
+ ✓ src/__tests__/runtime/proof-client-did.test.ts (17 tests) 7ms
+ ✓ src/delegation/__tests__/bitstring.test.ts (30 tests) 9ms
  ✓ src/__tests__/config/provider-runtime-config.test.ts (9 tests) 2ms
- ✓ src/delegation/__tests__/utils.test.ts (28 tests) 110ms
- ✓ src/utils/__tests__/did-helpers.test.ts (11 tests) 4ms
- ✓ src/delegation/__tests__/audience-validator.test.ts (5 tests) 11ms
- ↓ src/__tests__/delegation-e2e.test.ts (14 tests | 14 skipped)
+ ✓ src/services/__tests__/batch-delegation.service.test.ts (11 tests) 5ms
+ ✓ src/services/__tests__/oauth-provider-registry.test.ts (9 tests) 3ms
+ ✓ src/delegation/__tests__/utils.test.ts (28 tests) 4ms
+ ✓ src/__tests__/runtime/delegation-flow.test.ts (4 tests) 5ms
+ ✓ src/delegation/__tests__/audience-validator.test.ts (5 tests) 2ms
+ ✓ src/utils/__tests__/did-helpers.test.ts (11 tests) 2ms
  ✓ src/__tests__/index.test.ts (4 tests) 2ms
+ ↓ src/__tests__/delegation-e2e.test.ts (14 tests | 14 skipped)
  Test Files  42 passed | 1 skipped (43)
       Tests  864 passed | 16 skipped (880)
-   Start at  18:07:30
-   Duration  3.88s (transform 7.04s, setup 0ms, collect 13.19s, tests 2.23s, environment 13ms, prepare 1.77s)
+   Start at  23:09:55
+   Duration  4.61s (transform 12.69s, setup 0ms, collect 19.03s, tests 3.26s, environment 4ms, prepare 2.34s)