@kya-os/mcp-i-core 1.2.2-canary.36 → 1.2.2-canary.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/.turbo/turbo-build.log +1 -1
  2. package/.turbo/turbo-test.log +1381 -1074
  3. package/dist/services/access-control.service.d.ts.map +1 -1
  4. package/dist/services/access-control.service.js +24 -21
  5. package/dist/services/access-control.service.js.map +1 -1
  6. package/package.json +2 -2
  7. package/src/services/__tests__/access-control.proof-response-validation.test.ts +179 -0
  8. package/src/services/access-control.service.ts +28 -25
package/.turbo/turbo-test.log CHANGED
@@ -1,23 +1,22 @@
1
1
 
2
- > @kya-os/mcp-i-core@1.2.2-canary.36 test /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core
2
+ > @kya-os/mcp-i-core@1.2.2-canary.37 test /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core
3
3
  > vitest run
4
4
 
5
5
 
6
6
  RUN v4.0.5 /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core
7
7
 
8
- ✓ src/__tests__/cache/tool-protection-cache.test.ts (49 tests) 194ms
9
8
  stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > Wrapped Response Format (AgentShield API) > should validate wrapped response with success field in data
10
9
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
11
- correlationId: '8707998e-3593-4d2e-84da-3df4e845449e',
10
+ correlationId: 'ea6b157d-a119-4da4-be23-27554a52c1b1',
12
11
  status: 200,
13
12
  statusText: undefined,
14
13
  headers: {},
15
14
  responseTextLength: 191,
16
- responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.241Z"}}',
17
- fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.241Z"}}'
15
+ responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.400Z"}}',
16
+ fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.400Z"}}'
18
17
  }
19
18
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
20
- correlationId: '8707998e-3593-4d2e-84da-3df4e845449e',
19
+ correlationId: 'ea6b157d-a119-4da4-be23-27554a52c1b1',
21
20
  status: 200,
22
21
  responseDataType: 'object',
23
22
  responseDataKeys: [ 'success', 'data', 'metadata' ],
@@ -35,7 +34,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
35
34
  ' },\n' +
36
35
  ' "metadata": {\n' +
37
36
  ' "requestId": "test-request-id",\n' +
38
- ' "timestamp": "2025-11-24T21:27:09.241Z"\n' +
37
+ ' "timestamp": "2025-11-24T22:24:12.400Z"\n' +
39
38
  ' }\n' +
40
39
  '}'
41
40
  }
@@ -53,11 +52,11 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
53
52
  },
54
53
  "metadata": {
55
54
  "requestId": "test-request-id",
56
- "timestamp": "2025-11-24T21:27:09.241Z"
55
+ "timestamp": "2025-11-24T22:24:12.400Z"
57
56
  }
58
57
  }
59
- [AccessControl] 🔍 DATA OBJECT STRUCTURE: {
60
- correlationId: '8707998e-3593-4d2e-84da-3df4e845449e',
58
+ [AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
59
+ correlationId: 'ea6b157d-a119-4da4-be23-27554a52c1b1',
61
60
  dataKeys: [ 'accepted', 'rejected', 'outcomes' ],
62
61
  hasAccepted: true,
63
62
  hasRejected: true,
@@ -83,7 +82,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
83
82
  '}'
84
83
  }
85
84
  [AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
86
- correlationId: '8707998e-3593-4d2e-84da-3df4e845449e',
85
+ correlationId: 'ea6b157d-a119-4da4-be23-27554a52c1b1',
87
86
  dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
88
87
  hasSuccess: true,
89
88
  successValue: true,
@@ -108,16 +107,16 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
108
107
 
109
108
  stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > Wrapped Response Format (AgentShield API) > should validate wrapped response with errors array
110
109
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
111
- correlationId: 'fe761a5f-5edf-4479-a037-def4f9d7fb3c',
110
+ correlationId: '26a86e15-8aea-45b0-b1c9-023fe034f7b6',
112
111
  status: 200,
113
112
  statusText: undefined,
114
113
  headers: {},
115
114
  responseTextLength: 333,
116
- responseTextPreview: '{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.258Z"}}',
117
- fullResponseText: '{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.258Z"}}'
115
+ responseTextPreview: '{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.411Z"}}',
116
+ fullResponseText: '{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.411Z"}}'
118
117
  }
119
118
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
120
- correlationId: 'fe761a5f-5edf-4479-a037-def4f9d7fb3c',
119
+ correlationId: '26a86e15-8aea-45b0-b1c9-023fe034f7b6',
121
120
  status: 200,
122
121
  responseDataType: 'object',
123
122
  responseDataKeys: [ 'success', 'data', 'metadata' ],
@@ -147,7 +146,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
147
146
  ' },\n' +
148
147
  ' "metadata": {\n' +
149
148
  ' "requestId": "test-request-id",\n' +
150
- ' "timestamp": "2025-11-24T21:27:09.258Z"\n' +
149
+ ' "timestamp": "2025-11-24T22:24:12.411Z"\n' +
151
150
  ' }\n' +
152
151
  '}'
153
152
  }
@@ -177,11 +176,11 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
177
176
  },
178
177
  "metadata": {
179
178
  "requestId": "test-request-id",
180
- "timestamp": "2025-11-24T21:27:09.258Z"
179
+ "timestamp": "2025-11-24T22:24:12.411Z"
181
180
  }
182
181
  }
183
- [AccessControl] 🔍 DATA OBJECT STRUCTURE: {
184
- correlationId: 'fe761a5f-5edf-4479-a037-def4f9d7fb3c',
182
+ [AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
183
+ correlationId: '26a86e15-8aea-45b0-b1c9-023fe034f7b6',
185
184
  dataKeys: [ 'accepted', 'rejected', 'outcomes', 'errors' ],
186
185
  hasAccepted: true,
187
186
  hasRejected: true,
@@ -219,7 +218,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
219
218
  '}'
220
219
  }
221
220
  [AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
222
- correlationId: 'fe761a5f-5edf-4479-a037-def4f9d7fb3c',
221
+ correlationId: '26a86e15-8aea-45b0-b1c9-023fe034f7b6',
223
222
  dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
224
223
  hasSuccess: true,
225
224
  successValue: true,
@@ -256,16 +255,16 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
256
255
 
257
256
  stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > Wrapped Response Format (AgentShield API) > should validate wrapped response without outcomes (optional field)
258
257
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
259
- correlationId: '28e2ed4d-794e-46d3-a8ed-a2afc5b6f5e2',
258
+ correlationId: '0c1cae26-4e3a-4cf9-9a09-7d6993ede1d3',
260
259
  status: 200,
261
260
  statusText: undefined,
262
261
  headers: {},
263
262
  responseTextLength: 133,
264
- responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.265Z"}}',
265
- fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.265Z"}}'
263
+ responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.412Z"}}',
264
+ fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.412Z"}}'
266
265
  }
267
266
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
268
- correlationId: '28e2ed4d-794e-46d3-a8ed-a2afc5b6f5e2',
267
+ correlationId: '0c1cae26-4e3a-4cf9-9a09-7d6993ede1d3',
269
268
  status: 200,
270
269
  responseDataType: 'object',
271
270
  responseDataKeys: [ 'success', 'data', 'metadata' ],
@@ -277,7 +276,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
277
276
  ' },\n' +
278
277
  ' "metadata": {\n' +
279
278
  ' "requestId": "test-request-id",\n' +
280
- ' "timestamp": "2025-11-24T21:27:09.265Z"\n' +
279
+ ' "timestamp": "2025-11-24T22:24:12.412Z"\n' +
281
280
  ' }\n' +
282
281
  '}'
283
282
  }
@@ -289,11 +288,11 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
289
288
  },
290
289
  "metadata": {
291
290
  "requestId": "test-request-id",
292
- "timestamp": "2025-11-24T21:27:09.265Z"
291
+ "timestamp": "2025-11-24T22:24:12.412Z"
293
292
  }
294
293
  }
295
- [AccessControl] 🔍 DATA OBJECT STRUCTURE: {
296
- correlationId: '28e2ed4d-794e-46d3-a8ed-a2afc5b6f5e2',
294
+ [AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
295
+ correlationId: '0c1cae26-4e3a-4cf9-9a09-7d6993ede1d3',
297
296
  dataKeys: [ 'accepted', 'rejected' ],
298
297
  hasAccepted: true,
299
298
  hasRejected: true,
@@ -310,7 +309,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
310
309
  fullData: '{\n "accepted": 1,\n "rejected": 0\n}'
311
310
  }
312
311
  [AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
313
- correlationId: '28e2ed4d-794e-46d3-a8ed-a2afc5b6f5e2',
312
+ correlationId: '0c1cae26-4e3a-4cf9-9a09-7d6993ede1d3',
314
313
  dataWithSuccessKeys: [ 'success', 'accepted', 'rejected' ],
315
314
  hasSuccess: true,
316
315
  successValue: true,
@@ -323,169 +322,9 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
323
322
  fullDataWithSuccess: '{\n "success": true,\n "accepted": 1,\n "rejected": 0\n}'
324
323
  }
325
324
 
326
- stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Error Handling > should handle network timeout
327
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use X-API-Key header for new endpoint
328
- [ToolProtectionService] Config loaded from API {
329
- source: 'api',
330
- toolCount: 0,
331
- protectedTools: [],
332
- agentDid: 'did:key:z6MkhaXgBZDv...',
333
- projectId: 'test-project-123',
334
- [ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
335
- cacheTtlMs: 300000,
336
- cacheExpiresAt: '2025-11-24T21:32:09.241Z'
337
- }
338
-
339
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use Authorization Bearer header for old endpoint
340
- [ToolProtectionService] Config loaded from API {
341
- source: 'api',
342
- toolCount: 0,
343
- protectedTools: [],
344
- agentDid: 'did:key:z6MkhaXgBZDv...',
345
- projectId: 'none',
346
- cacheTtlMs: 300000,
347
- cacheExpiresAt: '2025-11-24T21:32:09.244Z'
348
- }
349
-
350
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use project-scoped endpoint when projectId is available
351
- [ToolProtectionService] Config loaded from API {
352
- source: 'api',
353
- toolCount: 0,
354
- protectedTools: [],
355
-
356
- agentDid: 'did:key:z6MkhaXgBZDv...',
357
- projectId: 'test-project-123',
358
- stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Fallback Behavior > should cache fallback config
359
- cacheTtlMs: 300000,
360
- cacheExpiresAt: '2025-11-24T21:32:09.245Z'
361
- }
362
-
363
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use agent-scoped endpoint when projectId is not available
364
- [ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
365
- [ToolProtectionService] Config loaded from API {
366
- source: 'api',
367
- toolCount: 0,
368
- protectedTools: [],
369
- agentDid: 'did:key:z6MkhaXgBZDv...',
370
- projectId: 'none',
371
- cacheTtlMs: 300000,
372
-
373
- cacheExpiresAt: '2025-11-24T21:32:09.245Z'
374
- }
375
-
376
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode projectId in URL
377
- [ToolProtectionService] Config loaded from API {
378
- source: 'api',
379
- toolCount: 0,
380
- protectedTools: [],
381
- agentDid: 'did:key:z6MkhaXgBZDv...',
382
- projectId: 'project/with/special-chars',
383
- cacheTtlMs: 300000,
384
- cacheExpiresAt: '2025-11-24T21:32:09.246Z'
385
- }
386
-
387
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode agent DID in URL
388
- [ToolProtectionService] Config loaded from API {
389
- source: 'api',
390
- toolCount: 0,
391
- protectedTools: [],
392
- agentDid: 'did:key:z6MkhaXgBZDv...',
393
- projectId: 'none',
394
- cacheTtlMs: 300000,
395
- cacheExpiresAt: '2025-11-24T21:32:09.246Z'
396
- }
397
-
398
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle new endpoint format (toolProtections object)
399
- [ToolProtectionService] Config loaded from API {
400
- source: 'api',
401
- toolCount: 2,
402
- protectedTools: [ 'checkout' ],
403
- agentDid: 'did:key:z6MkhaXgBZDv...',
404
- projectId: 'test-project-123',
405
- cacheTtlMs: 300000,
406
- cacheExpiresAt: '2025-11-24T21:32:09.246Z'
407
- }
408
-
409
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools array)
410
- [ToolProtectionService] Config loaded from API {
411
- source: 'api',
412
- toolCount: 2,
413
- protectedTools: [ 'checkout' ],
414
- agentDid: 'did:key:z6MkhaXgBZDv...',
415
- projectId: 'none',
416
- cacheTtlMs: 300000,
417
- cacheExpiresAt: '2025-11-24T21:32:09.248Z'
418
- }
419
-
420
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools object)
421
- [ToolProtectionService] Config loaded from API {
422
- source: 'api',
423
- toolCount: 2,
424
- protectedTools: [ 'checkout' ],
425
- agentDid: 'did:key:z6MkhaXgBZDv...',
426
- projectId: 'none',
427
- cacheTtlMs: 300000,
428
- cacheExpiresAt: '2025-11-24T21:32:09.249Z'
429
- }
430
-
431
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle snake_case field names
432
- [ToolProtectionService] Config loaded from API {
433
- source: 'api',
434
- toolCount: 1,
435
- protectedTools: [ 'tool1' ],
436
- agentDid: 'did:key:z6MkhaXgBZDv...',
437
- projectId: 'test-project-123',
438
- cacheTtlMs: 300000,
439
- cacheExpiresAt: '2025-11-24T21:32:09.249Z'
440
- }
441
-
442
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle camelCase field names
443
- [ToolProtectionService] Config loaded from API {
444
- source: 'api',
445
- toolCount: 1,
446
- protectedTools: [ 'tool1' ],
447
- agentDid: 'did:key:z6MkhaXgBZDv...',
448
- projectId: 'test-project-123',
449
- cacheTtlMs: 300000,
450
- cacheExpiresAt: '2025-11-24T21:32:09.250Z'
451
- }
452
-
453
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should prefer camelCase over snake_case when both present
454
- [ToolProtectionService] Config loaded from API {
455
- source: 'api',
456
- toolCount: 1,
457
- protectedTools: [ 'tool1' ],
458
- agentDid: 'did:key:z6MkhaXgBZDv...',
459
- projectId: 'test-project-123',
460
- cacheTtlMs: 300000,
461
- cacheExpiresAt: '2025-11-24T21:32:09.250Z'
462
- }
463
-
464
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should cache successful API responses
465
- [ToolProtectionService] Config loaded from API {
466
- source: 'api',
467
- toolCount: 1,
468
- protectedTools: [ 'tool1' ],
469
- agentDid: 'did:key:z6MkhaXgBZDv...',
470
- projectId: 'test-project-123',
471
- cacheTtlMs: 300000,
472
- cacheExpiresAt: '2025-11-24T21:32:09.253Z'
473
- }
474
-
475
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
476
- [ToolProtectionService] Config loaded from API {
477
- source: 'api',
478
- toolCount: 0,
479
- protectedTools: [],
480
- agentDid: 'did:key:z6MkhaXgBZDv...',
481
- projectId: 'test-project-123',
482
- cacheTtlMs: 1000,
483
- cacheExpiresAt: '2025-11-24T21:27:10.254Z'
484
- }
485
-
486
325
  stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should submit proofs successfully
487
326
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
488
- correlationId: '2741baf3-0d00-4d89-b75f-f7a965771a8a',
327
+ correlationId: '8a2288e1-e205-4f2f-897d-c60ad883c16c',
489
328
  status: 200,
490
329
  statusText: '',
491
330
  headers: { 'content-type': 'application/json' },
@@ -494,7 +333,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
494
333
  fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
495
334
  }
496
335
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
497
- correlationId: '2741baf3-0d00-4d89-b75f-f7a965771a8a',
336
+ correlationId: '8a2288e1-e205-4f2f-897d-c60ad883c16c',
498
337
  status: 200,
499
338
  responseDataType: 'object',
500
339
  responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
@@ -524,7 +363,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
524
363
 
525
364
  stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle all_proofs_rejected error gracefully
526
365
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
527
- correlationId: '7df25795-5744-4c07-a552-30e1ef3709de',
366
+ correlationId: '8e2ab903-ee64-45ff-a8cc-7c5c162bd111',
528
367
  status: 400,
529
368
  statusText: '',
530
369
  headers: { 'content-type': 'application/json' },
@@ -533,7 +372,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
533
372
  fullResponseText: '{"success":false,"error":{"code":"all_proofs_rejected","message":"All proofs rejected","details":{"rejected":1,"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid signature"}}]}}}'
534
373
  }
535
374
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
536
- correlationId: '7df25795-5744-4c07-a552-30e1ef3709de',
375
+ correlationId: '8e2ab903-ee64-45ff-a8cc-7c5c162bd111',
537
376
  status: 400,
538
377
  responseDataType: 'object',
539
378
  responseDataKeys: [ 'success', 'error' ],
@@ -560,16 +399,16 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
560
399
 
561
400
  stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle wrapped response format
562
401
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
563
- correlationId: '5c904fce-908b-4c51-90e9-3b001a2a959f',
402
+ correlationId: '3f10c3cf-c6f1-49f1-9f6e-39180605db4c',
564
403
  status: 200,
565
404
  statusText: '',
566
405
  headers: { 'content-type': 'application/json' },
567
406
  responseTextLength: 206,
568
- responseTextPreview: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.280Z"}}',
569
- fullResponseText: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.280Z"}}'
407
+ responseTextPreview: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.422Z"}}',
408
+ fullResponseText: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.422Z"}}'
570
409
  }
571
410
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
572
- correlationId: '5c904fce-908b-4c51-90e9-3b001a2a959f',
411
+ correlationId: '3f10c3cf-c6f1-49f1-9f6e-39180605db4c',
573
412
  status: 200,
574
413
  responseDataType: 'object',
575
414
  responseDataKeys: [ 'success', 'data', 'metadata' ],
@@ -588,7 +427,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
588
427
  ' },\n' +
589
428
  ' "metadata": {\n' +
590
429
  ' "requestId": "test-request-id",\n' +
591
- ' "timestamp": "2025-11-24T21:27:09.280Z"\n' +
430
+ ' "timestamp": "2025-11-24T22:24:12.422Z"\n' +
592
431
  ' }\n' +
593
432
  '}'
594
433
  }
@@ -607,11 +446,11 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
607
446
  },
608
447
  "metadata": {
609
448
  "requestId": "test-request-id",
610
- "timestamp": "2025-11-24T21:27:09.280Z"
449
+ "timestamp": "2025-11-24T22:24:12.422Z"
611
450
  }
612
451
  }
613
- [AccessControl] 🔍 DATA OBJECT STRUCTURE: {
614
- correlationId: '5c904fce-908b-4c51-90e9-3b001a2a959f',
452
+ [AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
453
+ correlationId: '3f10c3cf-c6f1-49f1-9f6e-39180605db4c',
615
454
  dataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
616
455
  hasAccepted: true,
617
456
  hasRejected: true,
@@ -638,7 +477,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
638
477
  '}'
639
478
  }
640
479
  [AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
641
- correlationId: '5c904fce-908b-4c51-90e9-3b001a2a959f',
480
+ correlationId: '3f10c3cf-c6f1-49f1-9f6e-39180605db4c',
642
481
  dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
643
482
  hasSuccess: true,
644
483
  successValue: true,
@@ -663,7 +502,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
663
502
 
664
503
  stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle response with missing outcomes field (outcomes is optional)
665
504
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
666
- correlationId: '244e4a95-b546-4c7f-be74-34889a648656',
505
+ correlationId: 'd0a2a5db-0ac0-43dc-8f4e-dd8f279e1f05',
667
506
  status: 200,
668
507
  statusText: '',
669
508
  headers: { 'content-type': 'application/json' },
@@ -672,7 +511,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
672
511
  fullResponseText: '{"success":true,"accepted":1,"rejected":0}'
673
512
  }
674
513
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
675
- correlationId: '244e4a95-b546-4c7f-be74-34889a648656',
514
+ correlationId: 'd0a2a5db-0ac0-43dc-8f4e-dd8f279e1f05',
676
515
  status: 200,
677
516
  responseDataType: 'object',
678
517
  responseDataKeys: [ 'success', 'accepted', 'rejected' ],
@@ -686,7 +525,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
686
525
 
687
526
  stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle response with missing outcomes field (outcomes is optional)
688
527
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
689
- correlationId: '64dfd2fd-dbd4-4147-91ab-0c7d4de5c291',
528
+ correlationId: '20fdb9d9-56b6-4792-a387-4064d69810ae',
690
529
  status: 200,
691
530
  statusText: '',
692
531
  headers: { 'content-type': 'application/json' },
@@ -695,7 +534,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
695
534
  fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
696
535
  }
697
536
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
698
- correlationId: '64dfd2fd-dbd4-4147-91ab-0c7d4de5c291',
537
+ correlationId: '20fdb9d9-56b6-4792-a387-4064d69810ae',
699
538
  status: 200,
700
539
  responseDataType: 'object',
701
540
  responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
@@ -725,7 +564,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
725
564
 
726
565
  stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle response with missing outcomes field (outcomes is optional)
727
566
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
728
- correlationId: '8b2993e3-eede-4db1-a8a0-271240338bd5',
567
+ correlationId: '0ad4015b-7342-439d-8616-f2f7bbddb219',
729
568
  status: 200,
730
569
  statusText: '',
731
570
  headers: { 'content-type': 'application/json' },
@@ -734,7 +573,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
734
573
  fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{}}'
735
574
  }
736
575
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
737
- correlationId: '8b2993e3-eede-4db1-a8a0-271240338bd5',
576
+ correlationId: '0ad4015b-7342-439d-8616-f2f7bbddb219',
738
577
  status: 200,
739
578
  responseDataType: 'object',
740
579
  responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
@@ -749,7 +588,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
749
588
 
750
589
  stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle wrapped response with invalid data structure
751
590
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
752
- correlationId: '11f2d355-b2da-4bbe-8025-ef47207398f5',
591
+ correlationId: '44b9437e-e75f-4cb0-8923-a42dbdf0a650',
753
592
  status: 200,
754
593
  statusText: '',
755
594
  headers: { 'content-type': 'application/json' },
@@ -758,7 +597,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
758
597
  fullResponseText: '{"success":true,"data":{"message":"Invalid format"}}'
759
598
  }
760
599
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
761
- correlationId: '11f2d355-b2da-4bbe-8025-ef47207398f5',
600
+ correlationId: '44b9437e-e75f-4cb0-8923-a42dbdf0a650',
762
601
  status: 200,
763
602
  responseDataType: 'object',
764
603
  responseDataKeys: [ 'success', 'data' ],
@@ -770,8 +609,8 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
770
609
  "message": "Invalid format"
771
610
  }
772
611
  }
773
- [AccessControl] 🔍 DATA OBJECT STRUCTURE: {
774
- correlationId: '11f2d355-b2da-4bbe-8025-ef47207398f5',
612
+ [AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
613
+ correlationId: '44b9437e-e75f-4cb0-8923-a42dbdf0a650',
775
614
  dataKeys: [ 'message' ],
776
615
  hasAccepted: false,
777
616
  hasRejected: false,
@@ -788,7 +627,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
788
627
  fullData: '{\n "message": "Invalid format"\n}'
789
628
  }
790
629
  [AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
791
- correlationId: '11f2d355-b2da-4bbe-8025-ef47207398f5',
630
+ correlationId: '44b9437e-e75f-4cb0-8923-a42dbdf0a650',
792
631
  dataWithSuccessKeys: [ 'success', 'accepted', 'rejected' ],
793
632
  hasSuccess: true,
794
633
  successValue: true,
@@ -801,7 +640,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
801
640
  fullDataWithSuccess: '{\n "success": true\n}'
802
641
  }
803
642
  [AccessControl] ❌ MISSING REQUIRED FIELDS AFTER CONSTRUCTION: {
804
- correlationId: '11f2d355-b2da-4bbe-8025-ef47207398f5',
643
+ correlationId: '44b9437e-e75f-4cb0-8923-a42dbdf0a650',
805
644
  hasAccepted: true,
806
645
  acceptedType: 'undefined',
807
646
  acceptedValue: undefined,
@@ -817,16 +656,16 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
817
656
 
818
657
  stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > Wrapped Response Format (AgentShield API) > should throw validation error if data object missing success field
819
658
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
820
- correlationId: 'e1b45b6c-b040-4768-8549-68cd87c7d71a',
659
+ correlationId: '9115b4d2-1852-46ed-9130-eedad1228d12',
821
660
  status: 200,
822
661
  statusText: undefined,
823
662
  headers: {},
824
663
  responseTextLength: 191,
825
- responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.266Z"}}',
826
- fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T21:27:09.266Z"}}'
664
+ responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.412Z"}}',
665
+ fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-24T22:24:12.412Z"}}'
827
666
  }
828
667
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
829
- correlationId: 'e1b45b6c-b040-4768-8549-68cd87c7d71a',
668
+ correlationId: '9115b4d2-1852-46ed-9130-eedad1228d12',
830
669
  status: 200,
831
670
  responseDataType: 'object',
832
671
  responseDataKeys: [ 'success', 'data', 'metadata' ],
@@ -844,7 +683,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
844
683
  ' },\n' +
845
684
  ' "metadata": {\n' +
846
685
  ' "requestId": "test-request-id",\n' +
847
- ' "timestamp": "2025-11-24T21:27:09.266Z"\n' +
686
+ ' "timestamp": "2025-11-24T22:24:12.412Z"\n' +
848
687
  ' }\n' +
849
688
  '}'
850
689
  }
@@ -862,11 +701,11 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
862
701
  },
863
702
  "metadata": {
864
703
  "requestId": "test-request-id",
865
- "timestamp": "2025-11-24T21:27:09.266Z"
704
+ "timestamp": "2025-11-24T22:24:12.412Z"
866
705
  }
867
706
  }
868
- [AccessControl] 🔍 DATA OBJECT STRUCTURE: {
869
- correlationId: 'e1b45b6c-b040-4768-8549-68cd87c7d71a',
707
+ [AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
708
+ correlationId: '9115b4d2-1852-46ed-9130-eedad1228d12',
870
709
  dataKeys: [ 'accepted', 'rejected', 'outcomes' ],
871
710
  hasAccepted: true,
872
711
  hasRejected: true,
@@ -892,7 +731,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
892
731
  '}'
893
732
  }
894
733
  [AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
895
- correlationId: 'e1b45b6c-b040-4768-8549-68cd87c7d71a',
734
+ correlationId: '9115b4d2-1852-46ed-9130-eedad1228d12',
896
735
  dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
897
736
  hasSuccess: true,
898
737
  successValue: true,
@@ -915,145 +754,718 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
915
754
  '}'
916
755
  }
917
756
 
918
- src/services/__tests__/access-control.proof-response-validation.test.ts (9 tests) 28ms
919
- ✓ src/delegation/__tests__/cascading-revocation.test.ts (23 tests) 9ms
920
- ✓ src/__tests__/config/provider-runtime-config.test.ts (9 tests) 2ms
921
- ✓ src/delegation/__tests__/vc-verifier.test.ts (35 tests) 356ms
922
- ✓ src/services/__tests__/access-control.service.test.ts (23 tests) 260ms
923
- ✓ src/delegation/__tests__/vc-issuer.test.ts (21 tests) 188ms
924
- stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should submit proof end-to-end
757
+ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > JSON Deep Clone Fix (Cloudflare Workers Edge Case) > should correctly extract data from wrapped response after JSON deep clone
925
758
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
926
- correlationId: 'd81452e3-6d9a-4015-9340-c92ec6d86643',
759
+ correlationId: 'beaa0854-86a0-4a4e-b1c2-9019e14b5311',
927
760
  status: 200,
928
- statusText: '',
929
- headers: { 'content-type': 'application/json' },
930
- responseTextLength: 100,
931
- responseTextPreview: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}',
932
- fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
761
+ statusText: undefined,
762
+ headers: {},
763
+ responseTextLength: 191,
764
+ responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1},"errors":[]},"metadata":{"requestId":"fc1fa88f-9b22-4161-b4fd-17d8215098ee","timestamp":"2025-11-24T21:36:33.029Z"}}',
765
+ fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1},"errors":[]},"metadata":{"requestId":"fc1fa88f-9b22-4161-b4fd-17d8215098ee","timestamp":"2025-11-24T21:36:33.029Z"}}'
933
766
  }
934
767
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
935
- correlationId: 'd81452e3-6d9a-4015-9340-c92ec6d86643',
768
+ correlationId: 'beaa0854-86a0-4a4e-b1c2-9019e14b5311',
936
769
  status: 200,
937
770
  responseDataType: 'object',
938
- responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
771
+ responseDataKeys: [ 'success', 'data', 'metadata' ],
939
772
  responseData: '{\n' +
940
773
  ' "success": true,\n' +
941
- ' "accepted": 1,\n' +
942
- ' "rejected": 0,\n' +
943
- ' "outcomes": {\n' +
944
- ' "success": 1,\n' +
945
- ' "failed": 0,\n' +
946
- ' "blocked": 0,\n' +
947
- ' "error": 0\n' +
774
+ ' "data": {\n' +
775
+ ' "accepted": 1,\n' +
776
+ ' "rejected": 0,\n' +
777
+ ' "outcomes": {\n' +
778
+ ' "success": 1\n' +
779
+ ' },\n' +
780
+ ' "errors": []\n' +
781
+ ' },\n' +
782
+ ' "metadata": {\n' +
783
+ ' "requestId": "fc1fa88f-9b22-4161-b4fd-17d8215098ee",\n' +
784
+ ' "timestamp": "2025-11-24T21:36:33.029Z"\n' +
948
785
  ' }\n' +
949
786
  '}'
950
787
  }
951
788
  [AccessControl] Raw response received: {
952
789
  "success": true,
953
- "accepted": 1,
954
- "rejected": 0,
955
- "outcomes": {
956
- "success": 1,
957
- "failed": 0,
958
- "blocked": 0,
959
- "error": 0
790
+ "data": {
791
+ "accepted": 1,
792
+ "rejected": 0,
793
+ "outcomes": {
794
+ "success": 1
795
+ },
796
+ "errors": []
797
+ },
798
+ "metadata": {
799
+ "requestId": "fc1fa88f-9b22-4161-b4fd-17d8215098ee",
800
+ "timestamp": "2025-11-24T21:36:33.029Z"
960
801
  }
961
802
  }
803
+ [AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
804
+ correlationId: 'beaa0854-86a0-4a4e-b1c2-9019e14b5311',
805
+ dataKeys: [ 'accepted', 'rejected', 'outcomes', 'errors' ],
806
+ hasAccepted: true,
807
+ hasRejected: true,
808
+ hasOutcomes: true,
809
+ hasErrors: true,
810
+ acceptedType: 'number',
811
+ acceptedValue: 1,
812
+ rejectedType: 'number',
813
+ rejectedValue: 0,
814
+ outcomesType: 'object',
815
+ outcomesValue: { success: 1 },
816
+ errorsType: 'object',
817
+ errorsIsArray: true,
818
+ fullData: '{\n' +
819
+ ' "accepted": 1,\n' +
820
+ ' "rejected": 0,\n' +
821
+ ' "outcomes": {\n' +
822
+ ' "success": 1\n' +
823
+ ' },\n' +
824
+ ' "errors": []\n' +
825
+ '}'
826
+ }
827
+ [AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
828
+ correlationId: 'beaa0854-86a0-4a4e-b1c2-9019e14b5311',
829
+ dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
830
+ hasSuccess: true,
831
+ successValue: true,
832
+ hasAccepted: true,
833
+ acceptedValue: 1,
834
+ hasRejected: true,
835
+ rejectedValue: 0,
836
+ hasOutcomes: true,
837
+ outcomesValue: { success: 1 },
838
+ fullDataWithSuccess: '{\n' +
839
+ ' "success": true,\n' +
840
+ ' "accepted": 1,\n' +
841
+ ' "rejected": 0,\n' +
842
+ ' "outcomes": {\n' +
843
+ ' "success": 1\n' +
844
+ ' },\n' +
845
+ ' "errors": []\n' +
846
+ '}'
847
+ }
962
848
 
963
- stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should handle proof submission with errors
849
+ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > JSON Deep Clone Fix (Cloudflare Workers Edge Case) > should handle response where data fields are numeric values (not undefined)
964
850
  [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
965
- correlationId: 'ca388041-d0dc-4667-b6d7-2aeb05027351',
851
+ correlationId: 'dea8ab38-6efc-496d-949f-a1839864cdb6',
966
852
  status: 200,
967
- statusText: '',
968
- headers: { 'content-type': 'application/json' },
969
- responseTextLength: 200,
970
- responseTextPreview: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}',
971
- fullResponseText: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}'
853
+ statusText: undefined,
854
+ headers: {},
855
+ responseTextLength: 151,
856
+ responseTextPreview: '{"success":true,"data":{"accepted":0,"rejected":0,"outcomes":{},"errors":[]},"metadata":{"requestId":"test-id","timestamp":"2025-11-24T22:24:12.414Z"}}',
857
+ fullResponseText: '{"success":true,"data":{"accepted":0,"rejected":0,"outcomes":{},"errors":[]},"metadata":{"requestId":"test-id","timestamp":"2025-11-24T22:24:12.414Z"}}'
972
858
  }
973
859
  [AccessControl] 🔍 PARSED RESPONSE DATA: {
974
- correlationId: 'ca388041-d0dc-4667-b6d7-2aeb05027351',
860
+ correlationId: 'dea8ab38-6efc-496d-949f-a1839864cdb6',
975
861
  status: 200,
976
862
  responseDataType: 'object',
977
- responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
863
+ responseDataKeys: [ 'success', 'data', 'metadata' ],
978
864
  responseData: '{\n' +
979
865
  ' "success": true,\n' +
980
- ' "accepted": 0,\n' +
981
- ' "rejected": 1,\n' +
982
- ' "outcomes": {\n' +
983
- ' "success": 0,\n' +
984
- ' "failed": 1,\n' +
985
- ' "blocked": 0,\n' +
986
- ' "error": 0\n' +
866
+ ' "data": {\n' +
867
+ ' "accepted": 0,\n' +
868
+ ' "rejected": 0,\n' +
869
+ ' "outcomes": {},\n' +
870
+ ' "errors": []\n' +
987
871
  ' },\n' +
988
- ' "errors": [\n' +
989
- ' {\n' +
990
- ' "proof_index": 0,\n' +
991
- ' "error": {\n' +
992
- ' "code": "invalid_signature",\n' +
993
- ' "message": "Invalid JWS signature"\n' +
994
- ' }\n' +
995
- ' }\n' +
996
- ' ]\n' +
872
+ ' "metadata": {\n' +
873
+ ' "requestId": "test-id",\n' +
874
+ ' "timestamp": "2025-11-24T22:24:12.414Z"\n' +
875
+ ' }\n' +
997
876
  '}'
998
877
  }
999
878
  [AccessControl] Raw response received: {
1000
879
  "success": true,
1001
- "accepted": 0,
1002
- "rejected": 1,
1003
- "outcomes": {
1004
- "success": 0,
1005
- "failed": 1,
1006
- "blocked": 0,
1007
- "error": 0
880
+ "data": {
881
+ "accepted": 0,
882
+ "rejected": 0,
883
+ "outcomes": {},
884
+ "errors": []
1008
885
  },
1009
- "errors": [
1010
- {
1011
- "proof_index": 0,
1012
- "error": {
1013
- "code": "invalid_signature",
1014
- "message": "Invalid JWS signature"
886
+ "metadata": {
887
+ "requestId": "test-id",
888
+ "timestamp": "2025-11-24T22:24:12.414Z"
889
+ }
890
+ }
891
+ [AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
892
+ correlationId: 'dea8ab38-6efc-496d-949f-a1839864cdb6',
893
+ dataKeys: [ 'accepted', 'rejected', 'outcomes', 'errors' ],
894
+ hasAccepted: true,
895
+ hasRejected: true,
896
+ hasOutcomes: true,
897
+ hasErrors: true,
898
+ acceptedType: 'number',
899
+ acceptedValue: 0,
900
+ rejectedType: 'number',
901
+ rejectedValue: 0,
902
+ outcomesType: 'object',
903
+ outcomesValue: {},
904
+ errorsType: 'object',
905
+ errorsIsArray: true,
906
+ fullData: '{\n "accepted": 0,\n "rejected": 0,\n "outcomes": {},\n "errors": []\n}'
907
+ }
908
+ [AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
909
+ correlationId: 'dea8ab38-6efc-496d-949f-a1839864cdb6',
910
+ dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
911
+ hasSuccess: true,
912
+ successValue: true,
913
+ hasAccepted: true,
914
+ acceptedValue: 0,
915
+ hasRejected: true,
916
+ rejectedValue: 0,
917
+ hasOutcomes: true,
918
+ outcomesValue: {},
919
+ fullDataWithSuccess: '{\n' +
920
+ ' "success": true,\n' +
921
+ ' "accepted": 0,\n' +
922
+ ' "rejected": 0,\n' +
923
+ ' "outcomes": {},\n' +
924
+ ' "errors": []\n' +
925
+ '}'
926
+ }
927
+
928
+ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > JSON Deep Clone Fix (Cloudflare Workers Edge Case) > should handle response with nested outcomes object
929
+ [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
930
+ correlationId: '1983e035-996d-450b-ba1c-9fbed355bed8',
931
+ status: 200,
932
+ statusText: undefined,
933
+ headers: {},
934
+ responseTextLength: 278,
935
+ responseTextPreview: '{"success":true,"data":{"accepted":3,"rejected":2,"outcomes":{"success":1,"failed":1,"blocked":1,"error":2},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Invalid signature"}}]},"metadata":{"requestId":"test-id","timestamp":"2025-11-24T22:24:12.415Z"}}',
936
+ fullResponseText: '{"success":true,"data":{"accepted":3,"rejected":2,"outcomes":{"success":1,"failed":1,"blocked":1,"error":2},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Invalid signature"}}]},"metadata":{"requestId":"test-id","timestamp":"2025-11-24T22:24:12.415Z"}}'
937
+ }
938
+ [AccessControl] 🔍 PARSED RESPONSE DATA: {
939
+ correlationId: '1983e035-996d-450b-ba1c-9fbed355bed8',
940
+ status: 200,
941
+ responseDataType: 'object',
942
+ responseDataKeys: [ 'success', 'data', 'metadata' ],
943
+ responseData: '{\n' +
944
+ ' "success": true,\n' +
945
+ ' "data": {\n' +
946
+ ' "accepted": 3,\n' +
947
+ ' "rejected": 2,\n' +
948
+ ' "outcomes": {\n' +
949
+ ' "success": 1,\n' +
950
+ ' "failed": 1,\n' +
951
+ ' "blocked": 1,\n' +
952
+ ' "error": 2\n' +
953
+ ' },\n' +
954
+ ' "errors": [\n' +
955
+ ' {\n' +
956
+ ' "proof_index": 0,\n' +
957
+ ' "error": {\n' +
958
+ ' "code": "validation_error",\n' +
959
+ ' "message": "Invalid signature"\n' +
960
+ ' }\n' +
961
+ ' }\n' +
962
+ ' ]\n' +
963
+ ' },\n' +
964
+ ' "metadata": {\n' +
965
+ ' "requestId": "test-id",\n' +
966
+ ' "timestamp": "2025-11-24T22:24:12.415Z"\n' +
967
+ ' }\n' +
968
+ '}'
969
+ }
970
+ [AccessControl] Raw response received: {
971
+ "success": true,
972
+ "data": {
973
+ "accepted": 3,
974
+ "rejected": 2,
975
+ "outcomes": {
976
+ "success": 1,
977
+ "failed": 1,
978
+ "blocked": 1,
979
+ "error": 2
980
+ },
981
+ "errors": [
982
+ {
983
+ "proof_index": 0,
984
+ "error": {
985
+ "code": "validation_error",
986
+ "message": "Invalid signature"
987
+ }
1015
988
  }
1016
- }
1017
- ]
989
+ ]
990
+ },
991
+ "metadata": {
992
+ "requestId": "test-id",
993
+ "timestamp": "2025-11-24T22:24:12.415Z"
994
+ }
995
+ }
996
+ [AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
997
+ correlationId: '1983e035-996d-450b-ba1c-9fbed355bed8',
998
+ dataKeys: [ 'accepted', 'rejected', 'outcomes', 'errors' ],
999
+ hasAccepted: true,
1000
+ hasRejected: true,
1001
+ hasOutcomes: true,
1002
+ hasErrors: true,
1003
+ acceptedType: 'number',
1004
+ acceptedValue: 3,
1005
+ rejectedType: 'number',
1006
+ rejectedValue: 2,
1007
+ outcomesType: 'object',
1008
+ outcomesValue: { success: 1, failed: 1, blocked: 1, error: 2 },
1009
+ errorsType: 'object',
1010
+ errorsIsArray: true,
1011
+ fullData: '{\n' +
1012
+ ' "accepted": 3,\n' +
1013
+ ' "rejected": 2,\n' +
1014
+ ' "outcomes": {\n' +
1015
+ ' "success": 1,\n' +
1016
+ ' "failed": 1,\n' +
1017
+ ' "blocked": 1,\n' +
1018
+ ' "error": 2\n' +
1019
+ ' },\n' +
1020
+ ' "errors": [\n' +
1021
+ ' {\n' +
1022
+ ' "proof_index": 0,\n' +
1023
+ ' "error": {\n' +
1024
+ ' "code": "validation_error",\n' +
1025
+ ' "message": "Invalid signature"\n' +
1026
+ ' }\n' +
1027
+ ' }\n' +
1028
+ ' ]\n' +
1029
+ '}'
1030
+ }
1031
+ [AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
1032
+ correlationId: '1983e035-996d-450b-ba1c-9fbed355bed8',
1033
+ dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
1034
+ hasSuccess: true,
1035
+ successValue: true,
1036
+ hasAccepted: true,
1037
+ acceptedValue: 3,
1038
+ hasRejected: true,
1039
+ rejectedValue: 2,
1040
+ hasOutcomes: true,
1041
+ outcomesValue: { success: 1, failed: 1, blocked: 1, error: 2 },
1042
+ fullDataWithSuccess: '{\n' +
1043
+ ' "success": true,\n' +
1044
+ ' "accepted": 3,\n' +
1045
+ ' "rejected": 2,\n' +
1046
+ ' "outcomes": {\n' +
1047
+ ' "success": 1,\n' +
1048
+ ' "failed": 1,\n' +
1049
+ ' "blocked": 1,\n' +
1050
+ ' "error": 2\n' +
1051
+ ' },\n' +
1052
+ ' "errors": [\n' +
1053
+ ' {\n' +
1054
+ ' "proof_index": 0,\n' +
1055
+ ' "error": {\n' +
1056
+ ' "code": "validation_error",\n' +
1057
+ ' "message": "Invalid signature"\n' +
1058
+ ' }\n' +
1059
+ ' }\n' +
1060
+ ' ]\n' +
1061
+ '}'
1062
+ }
1063
+
1064
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyEd25519 > should return false on verification error
1065
+ [CryptoService] Ed25519 verification error: Error: Verification failed
1066
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:62:9
1067
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1068
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1069
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1070
+ at new Promise (<anonymous>)
1071
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1072
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1073
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1074
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
1075
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
1076
+
1077
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject invalid JWK format
1078
+ [CryptoService] Invalid Ed25519 JWK format
1079
+
1080
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong kty
1081
+ [CryptoService] Invalid Ed25519 JWK format
1082
+
1083
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong crv
1084
+ [CryptoService] Invalid Ed25519 JWK format
1085
+
1086
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with missing x field
1087
+ [CryptoService] Invalid Ed25519 JWK format
1088
+
1089
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with empty x field
1090
+ [CryptoService] Invalid Ed25519 JWK format
1091
+
1092
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject malformed JWS
1093
+ [CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token 'ž', "ž‹" is not valid JSON
1094
+ at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
1095
+ at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
1096
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:230:42
1097
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1098
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1099
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1100
+ at new Promise (<anonymous>)
1101
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1102
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1103
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1104
+
1105
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject non-EdDSA algorithms
1106
+ [CryptoService] Unsupported algorithm: RS256, expected EdDSA
1107
+
1108
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject HS256 algorithm
1109
+ [CryptoService] Unsupported algorithm: HS256, expected EdDSA
1110
+
1111
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle empty JWS components
1112
+ [CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected end of JSON input
1113
+ at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
1114
+ at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
1115
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:271:42
1116
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1117
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1118
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1119
+ at new Promise (<anonymous>)
1120
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1121
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1122
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1123
+
1124
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - single part
1125
+ [CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
1126
+ at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
1127
+ at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
1128
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:279:42
1129
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1130
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1131
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1132
+ at new Promise (<anonymous>)
1133
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1134
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1135
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1136
+
1137
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - two parts
1138
+ [CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
1139
+ at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
1140
+ at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
1141
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:287:42
1142
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1143
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1144
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1145
+ at new Promise (<anonymous>)
1146
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1147
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1148
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1149
+
1150
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - four parts
1151
+ [CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
1152
+ at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
1153
+ at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
1154
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:302:42
1155
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1156
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1157
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1158
+ at new Promise (<anonymous>)
1159
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1160
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1161
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1162
+
1163
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid JSON header
1164
+ [CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token 'o', "notjson" is not valid JSON
1165
+ at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
1166
+ at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
1167
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:316:42
1168
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1169
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1170
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1171
+ at new Promise (<anonymous>)
1172
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1173
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1174
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1175
+
1176
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid base64
1177
+ [CryptoService] Invalid JWS format: Error: Invalid payload base64: Invalid base64url string: Invalid character
1178
+ at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:107:15)
1179
+ at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
1180
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:334:42
1181
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1182
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1183
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1184
+ at new Promise (<anonymous>)
1185
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1186
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1187
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1188
+
1189
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate expectedKid option
1190
+ [CryptoService] Key ID mismatch
1191
+
1192
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate alg option
1193
+ [CryptoService] Unsupported algorithm: EdDSA, expected RS256
1194
+
1195
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate Ed25519 key length
1196
+ [CryptoService] Failed to extract public key: Error: Invalid Ed25519 public key length: 5
1197
+ at CryptoService.jwkToBase64PublicKey (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:295:13)
1198
+ at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:249:32)
1199
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:398:42
1200
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1201
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1202
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1203
+ at new Promise (<anonymous>)
1204
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1205
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1206
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1207
+
1208
+ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle signature verification error
1209
+ [CryptoService] Ed25519 verification error: Error: Crypto error
1210
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:449:61
1211
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1212
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1213
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1214
+ at new Promise (<anonymous>)
1215
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1216
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1217
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1218
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
1219
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
1220
+
1221
+ ✓ src/services/__tests__/crypto.service.test.ts (34 tests) 21ms
1222
+ ✓ src/services/__tests__/access-control.proof-response-validation.test.ts (12 tests) 16ms
1223
+ ✓ src/services/__tests__/access-control.service.test.ts (23 tests) 24ms
1224
+ ✓ src/__tests__/cache/tool-protection-cache.test.ts (49 tests) 181ms
1225
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use X-API-Key header for new endpoint
1226
+ [ToolProtectionService] Config loaded from API {
1227
+ source: 'api',
1228
+ toolCount: 0,
1229
+ protectedTools: [],
1230
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1231
+ projectId: 'test-project-123',
1232
+ cacheTtlMs: 300000,
1233
+ cacheExpiresAt: '2025-11-24T22:29:12.671Z'
1234
+ }
1235
+
1236
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use Authorization Bearer header for old endpoint
1237
+ [ToolProtectionService] Config loaded from API {
1238
+ source: 'api',
1239
+ toolCount: 0,
1240
+ protectedTools: [],
1241
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1242
+ projectId: 'none',
1243
+ cacheTtlMs: 300000,
1244
+ cacheExpiresAt: '2025-11-24T22:29:12.675Z'
1245
+ }
1246
+
1247
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use project-scoped endpoint when projectId is available
1248
+ [ToolProtectionService] Config loaded from API {
1249
+ source: 'api',
1250
+ toolCount: 0,
1251
+ protectedTools: [],
1252
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1253
+ projectId: 'test-project-123',
1254
+ cacheTtlMs: 300000,
1255
+ cacheExpiresAt: '2025-11-24T22:29:12.677Z'
1256
+ }
1257
+
1258
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use agent-scoped endpoint when projectId is not available
1259
+ [ToolProtectionService] Config loaded from API {
1260
+ source: 'api',
1261
+ toolCount: 0,
1262
+ protectedTools: [],
1263
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1264
+ projectId: 'none',
1265
+ cacheTtlMs: 300000,
1266
+ cacheExpiresAt: '2025-11-24T22:29:12.677Z'
1267
+ }
1268
+
1269
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode projectId in URL
1270
+ [ToolProtectionService] Config loaded from API {
1271
+ source: 'api',
1272
+ toolCount: 0,
1273
+ protectedTools: [],
1274
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1275
+ projectId: 'project/with/special-chars',
1276
+ cacheTtlMs: 300000,
1277
+ cacheExpiresAt: '2025-11-24T22:29:12.677Z'
1278
+ }
1279
+
1280
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode agent DID in URL
1281
+ [ToolProtectionService] Config loaded from API {
1282
+ source: 'api',
1283
+ toolCount: 0,
1284
+ protectedTools: [],
1285
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1286
+ projectId: 'none',
1287
+ cacheTtlMs: 300000,
1288
+ cacheExpiresAt: '2025-11-24T22:29:12.677Z'
1289
+ }
1290
+
1291
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle new endpoint format (toolProtections object)
1292
+ [ToolProtectionService] Config loaded from API {
1293
+ source: 'api',
1294
+ toolCount: 2,
1295
+ protectedTools: [ 'checkout' ],
1296
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1297
+ projectId: 'test-project-123',
1298
+ cacheTtlMs: 300000,
1299
+ cacheExpiresAt: '2025-11-24T22:29:12.678Z'
1300
+ }
1301
+
1302
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools array)
1303
+ [ToolProtectionService] Config loaded from API {
1304
+ source: 'api',
1305
+ toolCount: 2,
1306
+ protectedTools: [ 'checkout' ],
1307
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1308
+ projectId: 'none',
1309
+ cacheTtlMs: 300000,
1310
+ cacheExpiresAt: '2025-11-24T22:29:12.678Z'
1311
+ }
1312
+
1313
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools object)
1314
+ [ToolProtectionService] Config loaded from API {
1315
+ source: 'api',
1316
+ toolCount: 2,
1317
+ protectedTools: [ 'checkout' ],
1318
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1319
+ projectId: 'none',
1320
+ cacheTtlMs: 300000,
1321
+ cacheExpiresAt: '2025-11-24T22:29:12.678Z'
1322
+ }
1323
+
1324
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle snake_case field names
1325
+ [ToolProtectionService] Config loaded from API {
1326
+ source: 'api',
1327
+ toolCount: 1,
1328
+ protectedTools: [ 'tool1' ],
1329
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1330
+ projectId: 'test-project-123',
1331
+ cacheTtlMs: 300000,
1332
+ cacheExpiresAt: '2025-11-24T22:29:12.678Z'
1333
+ }
1334
+
1335
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle camelCase field names
1336
+ [ToolProtectionService] Config loaded from API {
1337
+ source: 'api',
1338
+ toolCount: 1,
1339
+ protectedTools: [ 'tool1' ],
1340
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1341
+ projectId: 'test-project-123',
1342
+ cacheTtlMs: 300000,
1343
+ cacheExpiresAt: '2025-11-24T22:29:12.679Z'
1344
+ }
1345
+
1346
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should prefer camelCase over snake_case when both present
1347
+ [ToolProtectionService] Config loaded from API {
1348
+ source: 'api',
1349
+ toolCount: 1,
1350
+ protectedTools: [ 'tool1' ],
1351
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1352
+ projectId: 'test-project-123',
1353
+ cacheTtlMs: 300000,
1354
+ cacheExpiresAt: '2025-11-24T22:29:12.679Z'
1018
1355
  }
1019
1356
 
1020
- stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Verification Flow > should verify proof using ProofVerifier
1021
- [CryptoService] Key ID mismatch
1357
+ stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Error Handling > should handle network timeout
1358
+ [ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
1022
1359
 
1023
- src/__tests__/runtime/route-interception.test.ts (21 tests) 28ms
1024
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
1025
- [MCP-I] BLOCKED: Tool requires delegation but none provided {
1026
- tool: 'protectedTool',
1360
+ stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Fallback Behavior > should cache fallback config
1361
+ [ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
1362
+
1363
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should cache successful API responses
1364
+ [ToolProtectionService] Config loaded from API {
1365
+ source: 'api',
1366
+ toolCount: 1,
1367
+ protectedTools: [ 'tool1' ],
1368
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1369
+ projectId: 'test-project-123',
1370
+ cacheTtlMs: 300000,
1371
+ cacheExpiresAt: '2025-11-24T22:29:12.683Z'
1372
+ }
1373
+
1374
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
1375
+ [ToolProtectionService] Config loaded from API {
1376
+ source: 'api',
1377
+ toolCount: 0,
1378
+ protectedTools: [],
1379
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1380
+ projectId: 'test-project-123',
1381
+ cacheTtlMs: 1000,
1382
+ cacheExpiresAt: '2025-11-24T22:24:13.683Z'
1383
+ }
1384
+
1385
+ stderr | src/services/__tests__/proof-verifier.test.ts > ProofVerifier Security > Signature Verification > should handle signature verification errors gracefully
1386
+ [CryptoService] Ed25519 verification error: Error: Crypto error
1387
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.test.ts:328:9
1388
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
1389
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
1390
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
1391
+ at new Promise (<anonymous>)
1392
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
1393
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
1394
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1395
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
1396
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
1397
+
1398
+ ✓ src/services/__tests__/proof-verifier.test.ts (21 tests) 15ms
1399
+ stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
1400
+ [ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
1401
+ at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
1402
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1403
+ at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
1404
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:252:7
1405
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
1406
+
1407
+ stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
1408
+ [ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
1409
+ at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
1410
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
1411
+ at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
1412
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:257:9
1413
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
1414
+
1415
+ ✓ src/services/__tests__/proof-verifier.integration.test.ts (13 tests | 1 skipped) 65ms
1416
+ stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
1417
+ [StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
1418
+
1419
+ stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
1420
+ [StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
1421
+
1422
+ stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should fall back to memory when Redis connection fails
1423
+ [StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
1424
+
1425
+ stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should use KV namespace when provided
1426
+ [StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
1427
+
1428
+ ✓ src/services/__tests__/storage.service.test.ts (17 tests) 17ms
1429
+ ✓ src/delegation/__tests__/vc-verifier.test.ts (35 tests) 195ms
1430
+ ✓ src/delegation/__tests__/vc-issuer.test.ts (21 tests) 377ms
1027
1431
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when no protection required
1028
1432
  [MCP-I] Checking tool protection: {
1029
1433
  tool: 'unprotectedTool',
1030
1434
  agentDid: 'did:key:zmock123...',
1031
1435
  hasDelegation: false
1032
1436
  }
1033
- requiredScopes: [ 'files:write' ],
1034
1437
 
1035
- agentDid: 'did:key:zmock123...',
1036
- resumeToken: 'resume_gw6kcs_midnqpi5',
1037
1438
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when no protection required
1038
1439
  [MCP-I] Tool protection check passed (no delegation required) {
1039
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_gw6kcs_midnqpi5'
1040
- }
1041
1440
  tool: 'unprotectedTool',
1042
1441
  agentDid: 'did:key:zmock123...',
1043
1442
  reason: 'Tool not configured to require delegation'
1044
1443
  }
1045
1444
 
1046
1445
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
1047
-
1048
1446
  [MCP-I] Checking tool protection: {
1049
1447
  tool: 'protectedTool',
1050
1448
  agentDid: 'did:key:zmock123...',
1051
1449
  hasDelegation: false
1052
1450
  }
1053
1451
 
1452
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
1453
+ [MCP-I] BLOCKED: Tool requires delegation but none provided {
1454
+ tool: 'protectedTool',
1455
+ requiredScopes: [ 'files:write' ],
1456
+ agentDid: 'did:key:zmock123...',
1457
+ resumeToken: 'resume_bfpxzb_midps2x1',
1458
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_bfpxzb_midps2x1'
1459
+ }
1460
+
1461
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
1462
+ [MCP-I] ❌ Delegation verification FAILED {
1463
+ tool: 'protectedTool',
1464
+ agentDid: 'did:key:zmock123...',
1054
1465
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
1055
1466
  [MCP-I] Checking tool protection: {
1056
1467
  tool: 'protectedTool',
1468
+ reason: 'Delegation token expired',
1057
1469
  agentDid: 'did:key:zmock123...',
1058
1470
  hasDelegation: true
1059
1471
  }
@@ -1062,22 +1474,37 @@ stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntime
1062
1474
  [MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
1063
1475
  tool: 'protectedTool',
1064
1476
  agentDid: 'did:key:zmock123...',
1477
+ errorCode: undefined,
1065
1478
  hasDelegationToken: true,
1479
+ errorMessage: undefined,
1066
1480
  hasConsentProof: false,
1067
1481
  requiredScopes: [ 'files:write' ]
1482
+ requiredScopes: [ 'files:write' ]
1483
+ }
1484
+
1485
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
1486
+ [MCP-I] ❌ Delegation verification FAILED {
1487
+ tool: 'protectedTool',
1488
+ agentDid: 'did:key:zmock123...',
1489
+ reason: 'Insufficient scopes',
1068
1490
  }
1491
+ errorCode: undefined,
1069
1492
 
1070
1493
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
1494
+ errorMessage: undefined,
1071
1495
  [MCP-I] ✅ Delegation verification SUCCEEDED {
1072
1496
  tool: 'protectedTool',
1073
1497
  agentDid: 'did:key:zmock123...',
1074
1498
  delegationId: 'test-delegation-id',
1075
1499
  credentialScopes: [ 'files:write' ],
1076
1500
  requiredScopes: [ 'files:write' ]
1501
+ requiredScopes: [ 'files:write' ]
1077
1502
  }
1078
1503
 
1079
1504
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
1080
1505
  [MCP-I] Checking tool protection: {
1506
+ }
1507
+
1081
1508
  tool: 'protectedTool',
1082
1509
  agentDid: 'did:key:zmock123...',
1083
1510
  hasDelegation: true
@@ -1101,15 +1528,12 @@ stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntime
1101
1528
  requiredScopes: [ 'files:write' ]
1102
1529
  }
1103
1530
 
1104
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
1105
1531
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
1106
1532
  [MCP-I] Checking tool protection: {
1107
1533
  tool: 'protectedTool',
1108
1534
  agentDid: 'did:key:zmock123...',
1109
- [MCP-I] ❌ Delegation verification FAILED {
1110
1535
  hasDelegation: true
1111
1536
  }
1112
- tool: 'protectedTool',
1113
1537
 
1114
1538
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
1115
1539
  [MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
@@ -1127,47 +1551,22 @@ stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntime
1127
1551
  hasDelegation: true
1128
1552
  }
1129
1553
 
1130
- agentDid: 'did:key:zmock123...',
1131
- reason: 'Delegation token expired',
1132
- errorCode: undefined,
1133
- errorMessage: undefined,
1134
- requiredScopes: [ 'files:write' ]
1135
- }
1136
-
1137
1554
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
1138
1555
  [MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
1139
1556
  tool: 'protectedTool',
1140
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
1141
- [MCP-I] ❌ Delegation verification FAILED {
1142
- tool: 'protectedTool',
1143
- agentDid: 'did:key:zmock123...',
1144
1557
  agentDid: 'did:key:zmock123...',
1145
1558
  hasDelegationToken: true,
1146
- reason: 'Insufficient scopes',
1147
1559
  hasConsentProof: false,
1148
1560
  requiredScopes: [ 'files:write' ]
1149
1561
  }
1150
1562
 
1151
- errorCode: undefined,
1152
- errorMessage: undefined,
1153
- requiredScopes: [ 'files:write' ]
1154
- }
1155
-
1156
- stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
1157
- [ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
1158
- at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
1159
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
1160
- at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
1161
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:252:7
1162
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
1163
-
1164
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
1165
1563
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
1166
1564
  [MCP-I] Checking tool protection: {
1167
- [MCP-I] ❌ Delegation verification error (API failure) {
1168
- tool: 'protectedTool',
1169
1565
  tool: 'protectedTool',
1566
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
1567
+ [MCP-I] ❌ Delegation verification error (API failure) {
1170
1568
  agentDid: 'did:key:zmock123...',
1569
+ tool: 'protectedTool',
1171
1570
  hasDelegation: true
1172
1571
  agentDid: 'did:key:zmock123...',
1173
1572
  }
@@ -1176,140 +1575,166 @@ stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntime
1176
1575
  [MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
1177
1576
  tool: 'protectedTool',
1178
1577
  agentDid: 'did:key:zmock123...',
1179
- hasDelegationToken: true,
1180
1578
  errorCode: 'network_error',
1181
- hasConsentProof: false,
1182
1579
  errorMessage: 'API unavailable',
1580
+ hasDelegationToken: true,
1581
+ hasConsentProof: false,
1183
1582
  errorDetails: {}
1583
+ }
1184
1584
  requiredScopes: [ 'files:write' ]
1185
1585
  }
1186
1586
 
1587
+
1187
1588
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when access control service not configured (graceful degradation)
1188
- }
1189
1589
  [MCP-I] Checking tool protection: {
1190
1590
  tool: 'protectedTool',
1191
-
1192
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when access control service not configured (graceful degradation)
1193
- [MCP-I] ⚠️ Delegation token provided but AccessControlApiService not configured - skipping verification {
1194
1591
  agentDid: 'did:key:zmock123...',
1195
- tool: 'protectedTool',
1196
1592
  hasDelegation: true
1197
1593
  }
1198
1594
 
1595
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when access control service not configured (graceful degradation)
1596
+ [MCP-I] ⚠️ Delegation token provided but AccessControlApiService not configured - skipping verification {
1597
+ tool: 'protectedTool',
1199
1598
  agentDid: 'did:key:zmock123...',
1200
1599
  hasDelegationToken: true,
1201
1600
  hasConsentProof: false
1202
1601
  }
1203
1602
 
1204
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
1205
1603
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
1206
- [MCP-I] 🔒 SECURITY: User identifier validation FAILED {
1207
1604
  [MCP-I] Checking tool protection: {
1208
1605
  tool: 'protectedTool',
1209
1606
  agentDid: 'did:key:zmock123...',
1210
1607
  hasDelegation: true
1211
- tool: 'protectedTool',
1212
- agentDid: 'did:key:zmock123...',
1213
1608
  }
1214
1609
 
1215
- delegationUserIdentifier: 'did:key:zUserB987654...',
1216
1610
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
1217
1611
  [MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
1218
- sessionUserDid: 'did:key:zUserA123456...',
1219
- sessionId: 'session123...',
1220
1612
  tool: 'protectedTool',
1613
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
1221
1614
  agentDid: 'did:key:zmock123...',
1222
1615
  hasDelegationToken: true,
1223
- reason: 'user_identifier_mismatch',
1224
1616
  hasConsentProof: false,
1225
- severity: 'high'
1226
- }
1227
-
1228
1617
  requiredScopes: [ 'files:write' ]
1229
1618
  }
1619
+ [MCP-I] 🔒 SECURITY: User identifier validation FAILED {
1620
+ tool: 'protectedTool',
1621
+ agentDid: 'did:key:zmock123...',
1230
1622
 
1623
+ delegationUserIdentifier: 'did:key:zUserB987654...',
1624
+ sessionUserDid: 'did:key:zUserA123456...',
1625
+ sessionId: 'session123...',
1231
1626
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
1232
1627
  [MCP-I] Checking tool protection: {
1233
1628
  tool: 'protectedTool',
1234
1629
  agentDid: 'did:key:zmock123...',
1235
1630
  hasDelegation: true
1236
1631
  }
1632
+ reason: 'user_identifier_mismatch',
1633
+ severity: 'high'
1634
+ }
1635
+
1237
1636
 
1637
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
1238
1638
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
1639
+ [MCP-I] ⚠️ Delegation has user_identifier but session missing userDid {
1239
1640
  [MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
1240
1641
  tool: 'protectedTool',
1241
1642
  agentDid: 'did:key:zmock123...',
1643
+ tool: 'protectedTool',
1242
1644
  hasDelegationToken: true,
1243
1645
  hasConsentProof: false,
1646
+ agentDid: 'did:key:zmock123...',
1244
1647
  requiredScopes: [ 'files:write' ]
1245
1648
  }
1246
1649
 
1247
1650
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
1248
1651
  [MCP-I] ✅ User identifier validation PASSED {
1249
1652
  tool: 'protectedTool',
1653
+ delegationUserIdentifier: 'did:key:zUserA123456...',
1250
1654
  agentDid: 'did:key:zmock123...',
1655
+ sessionId: 'session123...'
1656
+ }
1251
1657
  userDid: 'did:key:zUserA123456...',
1252
1658
  sessionId: 'session123...'
1253
1659
  }
1254
1660
  [MCP-I] ✅ Delegation verification SUCCEEDED {
1661
+
1255
1662
  tool: 'protectedTool',
1663
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should not create proof when tool execution is blocked
1256
1664
  agentDid: 'did:key:zmock123...',
1665
+ [MCP-I] BLOCKED: Tool requires delegation but none provided {
1257
1666
  delegationId: 'test-delegation-id',
1667
+ tool: 'protectedTool',
1258
1668
  credentialScopes: [ 'files:write' ],
1669
+ requiredScopes: [ 'files:write' ],
1670
+ agentDid: 'did:key:zmock123...',
1259
1671
  requiredScopes: [ 'files:write' ]
1260
1672
  }
1261
1673
 
1674
+ resumeToken: 'resume_bg3syy_midps2x8',
1675
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_bg3syy_midps2x8'
1262
1676
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
1263
1677
  [MCP-I] Checking tool protection: {
1678
+ }
1264
1679
  tool: 'protectedTool',
1265
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
1266
- [MCP-I] ⚠️ Delegation has user_identifier but session missing userDid {
1267
- tool: 'protectedTool',
1268
- agentDid: 'did:key:zmock123...',
1269
1680
  agentDid: 'did:key:zmock123...',
1270
1681
  hasDelegation: true
1271
1682
  }
1272
- delegationUserIdentifier: 'did:key:zUserA123456...',
1273
- sessionId: 'session123...'
1274
1683
 
1275
1684
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
1685
+
1276
1686
  [MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
1277
1687
  tool: 'protectedTool',
1278
1688
  agentDid: 'did:key:zmock123...',
1279
1689
  hasDelegationToken: true,
1690
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include tool name in error
1280
1691
  hasConsentProof: false,
1281
1692
  requiredScopes: [ 'files:write' ]
1282
1693
  }
1283
1694
 
1284
1695
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
1696
+ [MCP-I] BLOCKED: Tool requires delegation but none provided {
1697
+ tool: 'protectedTool',
1285
1698
  [MCP-I] ✅ Delegation verification SUCCEEDED {
1699
+ requiredScopes: [ 'files:write' ],
1700
+ agentDid: 'did:key:zmock123...',
1286
1701
  tool: 'protectedTool',
1287
1702
  agentDid: 'did:key:zmock123...',
1288
1703
  delegationId: 'test-delegation-id',
1289
1704
  credentialScopes: [ 'files:write' ],
1290
1705
  requiredScopes: [ 'files:write' ]
1291
1706
  }
1707
+ resumeToken: 'resume_bg3syy_midps2x8',
1292
1708
 
1293
- stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
1709
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_bg3syy_midps2x8'
1294
1710
  }
1295
-
1711
+ stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
1296
1712
  [MCP-I] Checking tool protection: {
1297
1713
  tool: 'protectedTool',
1298
1714
  agentDid: 'did:key:zmock123...',
1299
1715
  hasDelegation: true
1716
+
1717
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include required scopes in error
1718
+ [MCP-I] BLOCKED: Tool requires delegation but none provided {
1719
+ tool: 'protectedTool',
1300
1720
  }
1301
1721
 
1722
+ requiredScopes: [ 'files:write', 'files:read' ],
1302
1723
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
1724
+ agentDid: 'did:key:zmock123...',
1303
1725
  [MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
1304
1726
  tool: 'protectedTool',
1305
1727
  agentDid: 'did:key:zmock123...',
1306
1728
  hasDelegationToken: true,
1729
+ resumeToken: 'resume_bg3syy_midps2x9',
1730
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite%2Cfiles%3Aread&session_id=session123&agent_did=&resume_token=resume_bg3syy_midps2x9'
1307
1731
  hasConsentProof: false,
1308
1732
  requiredScopes: [ 'files:write' ]
1309
1733
  }
1310
1734
 
1311
1735
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
1312
1736
  [MCP-I] ✅ Delegation verification SUCCEEDED {
1737
+ }
1313
1738
  tool: 'protectedTool',
1314
1739
  agentDid: 'did:key:zmock123...',
1315
1740
  delegationId: 'test-delegation-id',
@@ -1338,130 +1763,112 @@ stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntime
1338
1763
  hasDelegation: false
1339
1764
  }
1340
1765
 
1341
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should not create proof when tool execution is blocked
1342
- [MCP-I] BLOCKED: Tool requires delegation but none provided {
1343
- tool: 'protectedTool',
1344
- requiredScopes: [ 'files:write' ],
1345
- agentDid: 'did:key:zmock123...',
1346
- resumeToken: 'resume_gw6or8_midnqpjr',
1347
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_gw6or8_midnqpjr'
1348
- }
1349
-
1350
1766
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include tool name in error
1351
1767
  [MCP-I] Checking tool protection: {
1352
1768
  tool: 'protectedTool',
1353
1769
  agentDid: 'did:key:zmock123...',
1354
1770
  hasDelegation: false
1355
1771
  }
1356
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include tool name in error
1357
1772
 
1358
1773
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include required scopes in error
1359
- [MCP-I] BLOCKED: Tool requires delegation but none provided {
1360
1774
  [MCP-I] Checking tool protection: {
1361
- tool: 'protectedTool',
1362
- requiredScopes: [ 'files:write' ],
1363
- agentDid: 'did:key:zmock123...',
1364
- resumeToken: 'resume_gw6or8_midnqpjr',
1365
1775
  tool: 'protectedTool',
1366
1776
  agentDid: 'did:key:zmock123...',
1367
1777
  hasDelegation: false
1368
1778
  }
1369
1779
 
1370
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_gw6or8_midnqpjr'
1371
- }
1372
-
1373
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include required scopes in error
1374
- [MCP-I] BLOCKED: Tool requires delegation but none provided {
1375
- tool: 'protectedTool',
1376
- requiredScopes: [ 'files:write', 'files:read' ],
1377
- agentDid: 'did:key:zmock123...',
1378
- resumeToken: 'resume_gw6os3_midnqpjs',
1379
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite%2Cfiles%3Aread&session_id=session123&agent_did=&resume_token=resume_gw6os3_midnqpjs'
1380
- }
1381
1780
 
1382
1781
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
1383
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
1384
1782
  [MCP-I] Checking tool protection: {
1783
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
1385
1784
  tool: 'protectedTool',
1386
1785
  agentDid: 'did:key:zmock123...',
1387
1786
  hasDelegation: false
1388
1787
  }
1389
1788
  [MCP-I] BLOCKED: Tool requires delegation but none provided {
1390
-
1391
1789
  tool: 'protectedTool',
1790
+
1392
1791
  requiredScopes: [ 'files:write' ],
1393
1792
  agentDid: 'did:key:zmock123...',
1394
- resumeToken: 'resume_gw6os3_midnqpjs',
1395
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_gw6os3_midnqpjs'
1793
+ resumeToken: 'resume_bg3t0o_midps2xa',
1794
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_bg3t0o_midps2xa'
1396
1795
  }
1397
1796
 
1398
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include resume token in error
1399
- [MCP-I] BLOCKED: Tool requires delegation but none provided {
1400
- tool: 'protectedTool',
1401
1797
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include resume token in error
1798
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include resume token in error
1402
1799
  [MCP-I] Checking tool protection: {
1403
1800
  tool: 'protectedTool',
1404
1801
  agentDid: 'did:key:zmock123...',
1405
1802
  hasDelegation: false
1803
+ [MCP-I] BLOCKED: Tool requires delegation but none provided {
1406
1804
  }
1407
1805
 
1806
+ tool: 'protectedTool',
1807
+ requiredScopes: [ 'files:write' ],
1408
1808
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
1409
1809
  [MCP-I] Checking tool protection: {
1410
- requiredScopes: [ 'files:write' ],
1411
1810
  tool: 'protectedTool',
1412
1811
  agentDid: 'did:key:zmock123...',
1413
1812
  hasDelegation: false
1414
1813
  }
1415
1814
 
1416
- agentDid: 'did:key:zmock123...',
1417
- resumeToken: 'resume_gw6os3_midnqpjs',
1418
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_gw6os3_midnqpjs'
1419
- }
1420
-
1421
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
1422
- [MCP-I] BLOCKED: Tool requires delegation but none provided {
1423
- tool: 'protectedTool',
1424
- requiredScopes: [ 'files:write' ],
1425
- agentDid: 'did:key:zmock123...',
1426
- resumeToken: 'resume_x2ww0e_midnqpjs',
1427
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_x2ww0e_midnqpjs'
1428
- }
1429
-
1430
1815
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
1816
+ agentDid: 'did:key:zmock123...',
1431
1817
  [MCP-I] Checking tool protection: {
1432
1818
  tool: 'testTool',
1819
+ resumeToken: 'resume_bg3t0o_midps2xa',
1433
1820
  agentDid: 'did:key:zmock123...',
1434
1821
  hasDelegation: false
1435
1822
  }
1436
1823
 
1437
1824
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
1438
1825
  [MCP-I] Tool protection check passed (no delegation required) {
1826
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_bg3t0o_midps2xa'
1439
1827
  tool: 'testTool',
1828
+ }
1440
1829
  agentDid: 'did:key:zmock123...',
1830
+
1441
1831
  reason: 'Tool not configured to require delegation'
1442
1832
  }
1443
1833
 
1834
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
1444
1835
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log blocked tool call when audit enabled
1445
1836
  [MCP-I] Checking tool protection: {
1446
1837
  tool: 'protectedTool',
1838
+ [MCP-I] BLOCKED: Tool requires delegation but none provided {
1839
+ tool: 'protectedTool',
1447
1840
  agentDid: 'did:key:zmock123...',
1841
+ requiredScopes: [ 'files:write' ],
1448
1842
  hasDelegation: false
1843
+ agentDid: 'did:key:zmock123...',
1844
+ }
1845
+ resumeToken: 'resume_rmu08z_midps2xb',
1846
+
1847
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_rmu08z_midps2xb'
1449
1848
  }
1450
1849
 
1850
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle empty required scopes array
1851
+ [MCP-I] BLOCKED: Tool requires delegation but none provided {
1852
+ tool: 'protectedTool',
1451
1853
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
1452
1854
  [MCP-I] Checking tool protection: {
1855
+ requiredScopes: [],
1453
1856
  tool: 'testTool',
1454
1857
  agentDid: 'did:key:zmock123...',
1455
1858
  hasDelegation: false
1456
1859
  }
1457
1860
 
1458
1861
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
1862
+ agentDid: 'did:key:zmock123...',
1459
1863
  [MCP-I] Tool protection check passed (no delegation required) {
1460
1864
  tool: 'testTool',
1461
1865
  agentDid: 'did:key:zmock123...',
1866
+ resumeToken: 'resume_bg3t2e_midps2xc',
1462
1867
  reason: 'Tool not configured to require delegation'
1463
1868
  }
1869
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=&session_id=session123&agent_did=&resume_token=resume_bg3t2e_midps2xc'
1464
1870
 
1871
+ }
1465
1872
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should handle tool protection service errors gracefully
1466
1873
  [MCP-I] Checking tool protection: {
1467
1874
  tool: 'testTool',
@@ -1469,6 +1876,7 @@ stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntime
1469
1876
  hasDelegation: false
1470
1877
  }
1471
1878
 
1879
+
1472
1880
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle empty required scopes array
1473
1881
  [MCP-I] Checking tool protection: {
1474
1882
  tool: 'protectedTool',
@@ -1476,224 +1884,153 @@ stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntime
1476
1884
  hasDelegation: false
1477
1885
  }
1478
1886
 
1479
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle empty required scopes array
1480
- [MCP-I] BLOCKED: Tool requires delegation but none provided {
1481
- tool: 'protectedTool',
1482
- requiredScopes: [],
1483
- agentDid: 'did:key:zmock123...',
1484
- resumeToken: 'resume_gw6osy_midnqpjt',
1485
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=&session_id=session123&agent_did=&resume_token=resume_gw6osy_midnqpjt'
1486
- }
1487
-
1488
1887
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle multiple required scopes
1489
1888
  [MCP-I] Checking tool protection: {
1889
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle multiple required scopes
1490
1890
  tool: 'protectedTool',
1491
1891
  agentDid: 'did:key:zmock123...',
1492
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle multiple required scopes
1493
1892
  hasDelegation: false
1494
1893
  [MCP-I] BLOCKED: Tool requires delegation but none provided {
1495
- }
1496
-
1497
1894
  tool: 'protectedTool',
1498
- requiredScopes: [ 'scope1', 'scope2', 'scope3' ],
1499
- agentDid: 'did:key:zmock123...',
1500
- resumeToken: 'resume_gw6ott_midnqpju',
1501
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=scope1%2Cscope2%2Cscope3&session_id=session123&agent_did=&resume_token=resume_gw6ott_midnqpju'
1502
1895
  }
1503
1896
 
1504
- stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle session without id
1505
- [MCP-I] BLOCKED: Tool requires delegation but none provided {
1506
1897
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle session without id
1507
1898
  [MCP-I] Checking tool protection: {
1508
1899
  tool: 'protectedTool',
1509
1900
  agentDid: 'did:key:zmock123...',
1510
- tool: 'protectedTool',
1511
1901
  hasDelegation: false
1512
1902
  }
1513
1903
 
1514
- requiredScopes: [ 'files:write' ],
1904
+ requiredScopes: [ 'scope1', 'scope2', 'scope3' ],
1515
1905
  agentDid: 'did:key:zmock123...',
1516
- resumeToken: 'resume_ty8p8j_midnqpju',
1517
- consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=&agent_did=&resume_token=resume_ty8p8j_midnqpju'
1518
- }
1519
-
1520
1906
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle handler errors independently of protection
1907
+ resumeToken: 'resume_bg3t2e_midps2xc',
1521
1908
  [MCP-I] Checking tool protection: {
1522
1909
  tool: 'errorTool',
1523
1910
  agentDid: 'did:key:zmock123...',
1524
1911
  hasDelegation: false
1525
1912
  }
1913
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=scope1%2Cscope2%2Cscope3&session_id=session123&agent_did=&resume_token=resume_bg3t2e_midps2xc'
1526
1914
 
1527
1915
  stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle handler errors independently of protection
1916
+ }
1528
1917
  [MCP-I] Tool protection check passed (no delegation required) {
1918
+
1919
+ stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle session without id
1529
1920
  tool: 'errorTool',
1530
1921
  agentDid: 'did:key:zmock123...',
1531
1922
  reason: 'Tool not configured to require delegation'
1532
1923
  }
1533
1924
 
1534
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should allow unprotected tool calls
1535
- [ToolProtectionService] Config loaded from API {
1536
- source: 'api',
1537
- toolCount: 1,
1538
- protectedTools: [],
1539
- agentDid: 'did:key:z6MkhaXgBZDv...',
1540
- projectId: 'test-project',
1541
- cacheTtlMs: 300000,
1542
- cacheExpiresAt: '2025-11-24T21:32:09.791Z'
1543
- }
1544
-
1545
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
1546
- [ToolProtectionService] Config loaded from API {
1547
- source: 'api',
1548
- toolCount: 1,
1549
- protectedTools: [ 'checkout' ],
1550
- agentDid: 'did:key:z6MkhaXgBZDv...',
1551
- projectId: 'test-project',
1552
- cacheTtlMs: 300000,
1553
- cacheExpiresAt: '2025-11-24T21:32:09.792Z'
1554
- }
1555
-
1556
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
1557
- [ToolProtectionService] Protection check {
1558
- tool: 'checkout',
1559
- agentDid: 'did:key:z6MkhaXgBZDv...',
1560
- found: true,
1561
- isWildcard: false,
1562
- requiresDelegation: true,
1563
- availableTools: [ 'checkout' ]
1564
- }
1565
-
1566
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should fetch tool protection config from AgentShield
1567
- [ToolProtectionService] Config loaded from API {
1568
- source: 'api',
1569
- toolCount: 1,
1570
- protectedTools: [ 'protected_tool' ],
1571
- agentDid: 'did:key:z6MkhaXgBZDv...',
1572
- projectId: 'test-project',
1573
- cacheTtlMs: 300000,
1574
- cacheExpiresAt: '2025-11-24T21:32:09.793Z'
1575
- }
1576
-
1577
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should cache tool protection config
1578
- [ToolProtectionService] Config loaded from API {
1579
- source: 'api',
1580
- toolCount: 1,
1581
- protectedTools: [ 'tool1' ],
1582
- agentDid: 'did:key:z6MkhaXgBZDv...',
1583
- projectId: 'test-project',
1584
- cacheTtlMs: 300000,
1585
- cacheExpiresAt: '2025-11-24T21:32:09.794Z'
1586
- }
1587
-
1588
- stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should use fallback config when API fails
1589
- [ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
1590
-
1591
- ✓ src/__tests__/runtime/tool-protection-enforcement.test.ts (29 tests) 72ms
1592
- stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle tool protection service errors gracefully
1593
- [ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
1594
- agentDid: 'did:key:z6MkhaXgBZDv...',
1595
- error: 'Network error',
1596
- cacheKey: 'config:tool-protections:test-project'
1597
- }
1598
-
1599
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should share cache across multiple service instances
1600
- stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle network timeouts
1601
- [ToolProtectionService] Config loaded from API {
1602
- source: 'api',
1603
- [ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
1604
- toolCount: 1,
1605
-
1606
- protectedTools: [ 'tool1' ],
1607
- agentDid: 'did:key:z6MkhaXgBZDv...',
1608
- projectId: 'test-project',
1609
- cacheTtlMs: 300000,
1610
- cacheExpiresAt: '2025-11-24T21:32:09.796Z'
1611
- }
1612
-
1613
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
1614
- [ToolProtectionService] Config loaded from API {
1615
- source: 'api',
1616
- toolCount: 1,
1617
- protectedTools: [ 'tool1' ],
1618
- agentDid: 'did:key:z6MkhaXgBZDv...',
1619
- projectId: 'test-project',
1620
- cacheTtlMs: 300000,
1621
- cacheExpiresAt: '2025-11-24T21:32:09.796Z'
1925
+ [MCP-I] BLOCKED: Tool requires delegation but none provided {
1926
+ tool: 'protectedTool',
1927
+ requiredScopes: [ 'files:write' ],
1928
+ agentDid: 'did:key:zmock123...',
1929
+ resumeToken: 'resume_oi5th4_midps2xd',
1930
+ consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=&agent_did=&resume_token=resume_oi5th4_midps2xd'
1622
1931
  }
1623
1932
 
1624
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
1625
- [ToolProtectionService] Config loaded from API {
1626
- source: 'api',
1627
- toolCount: 1,
1628
- protectedTools: [ 'tool1' ],
1629
- agentDid: 'did:key:z6MkhaXgBZDv...',
1630
- projectId: 'test-project',
1631
- cacheTtlMs: 300000,
1632
- cacheExpiresAt: '2025-11-24T21:32:09.796Z'
1933
+ stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should submit proof end-to-end
1934
+ [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
1935
+ correlationId: '62201c2c-5666-4b80-93aa-478e29b02b89',
1936
+ status: 200,
1937
+ statusText: '',
1938
+ headers: { 'content-type': 'application/json' },
1939
+ responseTextLength: 100,
1940
+ responseTextPreview: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}',
1941
+ fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
1633
1942
  }
1634
-
1635
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
1636
- [ToolProtectionService] Config loaded from API {
1637
- source: 'api',
1638
- toolCount: 3,
1639
- protectedTools: [ 'add_to_cart', 'checkout' ],
1640
- agentDid: 'did:key:z6MkhaXgBZDv...',
1641
- projectId: 'test-project',
1642
- cacheTtlMs: 300000,
1643
- cacheExpiresAt: '2025-11-24T21:32:09.797Z'
1943
+ [AccessControl] 🔍 PARSED RESPONSE DATA: {
1944
+ correlationId: '62201c2c-5666-4b80-93aa-478e29b02b89',
1945
+ status: 200,
1946
+ responseDataType: 'object',
1947
+ responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
1948
+ responseData: '{\n' +
1949
+ ' "success": true,\n' +
1950
+ ' "accepted": 1,\n' +
1951
+ ' "rejected": 0,\n' +
1952
+ ' "outcomes": {\n' +
1953
+ ' "success": 1,\n' +
1954
+ ' "failed": 0,\n' +
1955
+ ' "blocked": 0,\n' +
1956
+ ' "error": 0\n' +
1957
+ ' }\n' +
1958
+ '}'
1644
1959
  }
1645
-
1646
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
1647
- [ToolProtectionService] Protection check {
1648
- tool: 'add_to_cart',
1649
- agentDid: 'did:key:z6MkhaXgBZDv...',
1650
- found: true,
1651
- isWildcard: false,
1652
- requiresDelegation: true,
1653
- availableTools: [ 'search_products', 'add_to_cart', 'checkout' ]
1960
+ [AccessControl] Raw response received: {
1961
+ "success": true,
1962
+ "accepted": 1,
1963
+ "rejected": 0,
1964
+ "outcomes": {
1965
+ "success": 1,
1966
+ "failed": 0,
1967
+ "blocked": 0,
1968
+ "error": 0
1969
+ }
1654
1970
  }
1655
1971
 
1656
- stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Concurrent operations > should handle concurrent cache operations
1657
- [ToolProtectionService] Config loaded from API {
1658
- source: 'api',
1659
- toolCount: 1,
1660
- protectedTools: [ 'tool1' ],
1661
- agentDid: 'did:key:z6MkhaXgBZDv...',
1662
- projectId: 'test-project',
1663
- cacheTtlMs: 300000,
1664
- cacheExpiresAt: '2025-11-24T21:32:09.797Z'
1665
- }
1666
- [ToolProtectionService] Config loaded from API {
1667
- source: 'api',
1668
- toolCount: 1,
1669
- protectedTools: [ 'tool1' ],
1670
- agentDid: 'did:key:z6MkhaXgBZDv...',
1671
- projectId: 'test-project',
1672
- cacheTtlMs: 300000,
1673
- cacheExpiresAt: '2025-11-24T21:32:09.797Z'
1972
+ stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should handle proof submission with errors
1973
+ [AccessControl] 🔍 RAW API RESPONSE (before parsing): {
1974
+ correlationId: '2a0fcc38-ed6c-4aa0-9d78-2c5dce6cb8af',
1975
+ status: 200,
1976
+ statusText: '',
1977
+ headers: { 'content-type': 'application/json' },
1978
+ responseTextLength: 200,
1979
+ responseTextPreview: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}',
1980
+ fullResponseText: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}'
1674
1981
  }
1675
- [ToolProtectionService] Config loaded from API {
1676
- source: 'api',
1677
- toolCount: 1,
1678
- protectedTools: [ 'tool1' ],
1679
- agentDid: 'did:key:z6MkhaXgBZDv...',
1680
- projectId: 'test-project',
1681
- cacheTtlMs: 300000,
1682
- cacheExpiresAt: '2025-11-24T21:32:09.797Z'
1982
+ [AccessControl] 🔍 PARSED RESPONSE DATA: {
1983
+ correlationId: '2a0fcc38-ed6c-4aa0-9d78-2c5dce6cb8af',
1984
+ status: 200,
1985
+ responseDataType: 'object',
1986
+ responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
1987
+ responseData: '{\n' +
1988
+ ' "success": true,\n' +
1989
+ ' "accepted": 0,\n' +
1990
+ ' "rejected": 1,\n' +
1991
+ ' "outcomes": {\n' +
1992
+ ' "success": 0,\n' +
1993
+ ' "failed": 1,\n' +
1994
+ ' "blocked": 0,\n' +
1995
+ ' "error": 0\n' +
1996
+ ' },\n' +
1997
+ ' "errors": [\n' +
1998
+ ' {\n' +
1999
+ ' "proof_index": 0,\n' +
2000
+ ' "error": {\n' +
2001
+ ' "code": "invalid_signature",\n' +
2002
+ ' "message": "Invalid JWS signature"\n' +
2003
+ ' }\n' +
2004
+ ' }\n' +
2005
+ ' ]\n' +
2006
+ '}'
1683
2007
  }
2008
+ [AccessControl] Raw response received: {
2009
+ "success": true,
2010
+ "accepted": 0,
2011
+ "rejected": 1,
2012
+ "outcomes": {
2013
+ "success": 0,
2014
+ "failed": 1,
2015
+ "blocked": 0,
2016
+ "error": 0
2017
+ },
2018
+ "errors": [
2019
+ {
2020
+ "proof_index": 0,
2021
+ "error": {
2022
+ "code": "invalid_signature",
2023
+ "message": "Invalid JWS signature"
2024
+ }
2025
+ }
2026
+ ]
2027
+ }
2028
+
2029
+ stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Verification Flow > should verify proof using ProofVerifier
2030
+ [CryptoService] Key ID mismatch
1684
2031
 
1685
- ✓ src/__tests__/integration/full-flow.test.ts (21 tests) 15ms
1686
- stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
1687
- [ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
1688
- at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
1689
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
1690
- at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
1691
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:257:9
1692
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
1693
-
1694
- ✓ src/__tests__/runtime/base.test.ts (55 tests) 24ms
1695
- ✓ src/services/__tests__/proof-verifier.integration.test.ts (13 tests | 1 skipped) 165ms
1696
- ✓ src/services/__tests__/access-control.integration.test.ts (9 tests) 200ms
2032
+ ✓ src/__tests__/runtime/tool-protection-enforcement.test.ts (29 tests) 18ms
2033
+ src/__tests__/runtime/route-interception.test.ts (21 tests) 26ms
1697
2034
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should fetch from project-scoped endpoint when projectId is available
1698
2035
  [ToolProtectionService] Config loaded from API {
1699
2036
  source: 'api',
@@ -1702,7 +2039,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1702
2039
  agentDid: 'did:key:z6MkhaXgBZDv...',
1703
2040
  projectId: 'test-project-123',
1704
2041
  cacheTtlMs: 300000,
1705
- cacheExpiresAt: '2025-11-24T21:32:10.105Z'
2042
+ cacheExpiresAt: '2025-11-24T22:29:13.058Z'
1706
2043
  }
1707
2044
 
1708
2045
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should handle new endpoint format with toolProtections object
@@ -1713,7 +2050,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1713
2050
  agentDid: 'did:key:z6MkhaXgBZDv...',
1714
2051
  projectId: 'test-project-123',
1715
2052
  cacheTtlMs: 300000,
1716
- cacheExpiresAt: '2025-11-24T21:32:10.107Z'
2053
+ cacheExpiresAt: '2025-11-24T22:29:13.061Z'
1717
2054
  }
1718
2055
 
1719
2056
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should parse oauthProvider from new endpoint format (Phase 2)
@@ -1724,7 +2061,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1724
2061
  agentDid: 'did:key:z6MkhaXgBZDv...',
1725
2062
  projectId: 'test-project-123',
1726
2063
  cacheTtlMs: 300000,
1727
- cacheExpiresAt: '2025-11-24T21:32:10.107Z'
2064
+ cacheExpiresAt: '2025-11-24T22:29:13.062Z'
1728
2065
  }
1729
2066
 
1730
2067
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should preserve oauthProvider through cache operations
@@ -1735,7 +2072,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1735
2072
  agentDid: 'did:key:z6MkhaXgBZDv...',
1736
2073
  projectId: 'test-project-123',
1737
2074
  cacheTtlMs: 300000,
1738
- cacheExpiresAt: '2025-11-24T21:32:10.107Z'
2075
+ cacheExpiresAt: '2025-11-24T22:29:13.062Z'
1739
2076
  }
1740
2077
 
1741
2078
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should fetch from agent-scoped endpoint when projectId is not available
@@ -1746,7 +2083,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1746
2083
  agentDid: 'did:key:z6MkhaXgBZDv...',
1747
2084
  projectId: 'none',
1748
2085
  cacheTtlMs: 300000,
1749
- cacheExpiresAt: '2025-11-24T21:32:10.107Z'
2086
+ cacheExpiresAt: '2025-11-24T22:29:13.062Z'
1750
2087
  }
1751
2088
 
1752
2089
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should handle old endpoint format with tools array
@@ -1757,7 +2094,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1757
2094
  agentDid: 'did:key:z6MkhaXgBZDv...',
1758
2095
  projectId: 'none',
1759
2096
  cacheTtlMs: 300000,
1760
- cacheExpiresAt: '2025-11-24T21:32:10.108Z'
2097
+ cacheExpiresAt: '2025-11-24T22:29:13.062Z'
1761
2098
  }
1762
2099
 
1763
2100
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should parse oauthProvider from old endpoint format (tools array)
@@ -1768,7 +2105,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1768
2105
  agentDid: 'did:key:z6MkhaXgBZDv...',
1769
2106
  projectId: 'none',
1770
2107
  cacheTtlMs: 300000,
1771
- cacheExpiresAt: '2025-11-24T21:32:10.108Z'
2108
+ cacheExpiresAt: '2025-11-24T22:29:13.063Z'
1772
2109
  }
1773
2110
 
1774
2111
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should handle old endpoint format with tools object
@@ -1779,7 +2116,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1779
2116
  agentDid: 'did:key:z6MkhaXgBZDv...',
1780
2117
  projectId: 'none',
1781
2118
  cacheTtlMs: 300000,
1782
- cacheExpiresAt: '2025-11-24T21:32:10.108Z'
2119
+ cacheExpiresAt: '2025-11-24T22:29:13.063Z'
1783
2120
  }
1784
2121
 
1785
2122
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should parse oauthProvider from old endpoint format (tools object)
@@ -1790,7 +2127,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1790
2127
  agentDid: 'did:key:z6MkhaXgBZDv...',
1791
2128
  projectId: 'none',
1792
2129
  cacheTtlMs: 300000,
1793
- cacheExpiresAt: '2025-11-24T21:32:10.108Z'
2130
+ cacheExpiresAt: '2025-11-24T22:29:13.063Z'
1794
2131
  }
1795
2132
 
1796
2133
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
@@ -1833,7 +2170,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1833
2170
  agentDid: 'did:key:z6MkhaXgBZDv...',
1834
2171
  projectId: 'none',
1835
2172
  cacheTtlMs: 300000,
1836
- cacheExpiresAt: '2025-11-24T21:32:10.109Z'
2173
+ cacheExpiresAt: '2025-11-24T22:29:13.063Z'
1837
2174
  }
1838
2175
  [ToolProtectionService] API fetch successful, config cached {
1839
2176
  source: 'cache-write',
@@ -1843,37 +2180,38 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1843
2180
  tools: [ { name: 'valid_tool', requiresDelegation: true, scopeCount: 0 } ],
1844
2181
  ttlMs: 300000,
1845
2182
  ttlMinutes: 5,
1846
- expiresAt: '2025-11-24T21:32:10.109Z',
2183
+ expiresAt: '2025-11-24T22:29:13.063Z',
1847
2184
  expiresIn: '300s'
1848
2185
  }
1849
2186
 
1850
- stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should cache successful API responses
2187
+ src/delegation/__tests__/cascading-revocation.test.ts (23 tests) 7ms
1851
2188
  stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch error handling > should handle network errors gracefully
1852
2189
  [ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
1853
- [ToolProtectionService] Config loaded from API {
1854
2190
  agentDid: 'did:key:z6MkhaXgBZDv...',
2191
+ error: 'ECONNREFUSED',
2192
+ cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
2193
+ }
2194
+
2195
+ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should cache successful API responses
2196
+ [ToolProtectionService] Config loaded from API {
1855
2197
  source: 'api',
1856
2198
  toolCount: 1,
1857
2199
  protectedTools: [ 'tool1' ],
1858
- error: 'ECONNREFUSED',
1859
2200
  agentDid: 'did:key:z6MkhaXgBZDv...',
1860
2201
  projectId: 'none',
1861
2202
  cacheTtlMs: 300000,
1862
- cacheExpiresAt: '2025-11-24T21:32:10.112Z'
1863
- cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
1864
- }
2203
+ cacheExpiresAt: '2025-11-24T22:29:13.068Z'
1865
2204
  }
1866
2205
 
1867
2206
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should use default cache TTL when not specified
1868
2207
  [ToolProtectionService] Config loaded from API {
1869
2208
  source: 'api',
1870
2209
  toolCount: 0,
1871
-
1872
2210
  protectedTools: [],
1873
2211
  agentDid: 'did:key:z6MkhaXgBZDv...',
1874
2212
  projectId: 'none',
1875
2213
  cacheTtlMs: 300000,
1876
- cacheExpiresAt: '2025-11-24T21:32:10.112Z'
2214
+ cacheExpiresAt: '2025-11-24T22:29:13.068Z'
1877
2215
  }
1878
2216
 
1879
2217
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should use custom cache TTL when specified
@@ -1884,7 +2222,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1884
2222
  agentDid: 'did:key:z6MkhaXgBZDv...',
1885
2223
  projectId: 'none',
1886
2224
  cacheTtlMs: 600000,
1887
- cacheExpiresAt: '2025-11-24T21:37:10.112Z'
2225
+ cacheExpiresAt: '2025-11-24T22:34:13.068Z'
1888
2226
  }
1889
2227
 
1890
2228
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle empty toolProtections object
@@ -1895,7 +2233,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1895
2233
  agentDid: 'did:key:z6MkhaXgBZDv...',
1896
2234
  projectId: 'none',
1897
2235
  cacheTtlMs: 300000,
1898
- cacheExpiresAt: '2025-11-24T21:32:10.112Z'
2236
+ cacheExpiresAt: '2025-11-24T22:29:13.068Z'
1899
2237
  }
1900
2238
 
1901
2239
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle null requiredScopes
@@ -1906,7 +2244,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1906
2244
  agentDid: 'did:key:z6MkhaXgBZDv...',
1907
2245
  projectId: 'none',
1908
2246
  cacheTtlMs: 300000,
1909
- cacheExpiresAt: '2025-11-24T21:32:10.112Z'
2247
+ cacheExpiresAt: '2025-11-24T22:29:13.068Z'
1910
2248
  }
1911
2249
 
1912
2250
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle mixed camelCase and snake_case in response
@@ -1917,7 +2255,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1917
2255
  agentDid: 'did:key:z6MkhaXgBZDv...',
1918
2256
  projectId: 'none',
1919
2257
  cacheTtlMs: 300000,
1920
- cacheExpiresAt: '2025-11-24T21:32:10.112Z'
2258
+ cacheExpiresAt: '2025-11-24T22:29:13.069Z'
1921
2259
  }
1922
2260
 
1923
2261
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool has no protection
@@ -1928,7 +2266,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1928
2266
  agentDid: 'did:key:z6MkhaXgBZDv...',
1929
2267
  projectId: 'none',
1930
2268
  cacheTtlMs: 300000,
1931
- cacheExpiresAt: '2025-11-24T21:32:10.112Z'
2269
+ cacheExpiresAt: '2025-11-24T22:29:13.070Z'
1932
2270
  }
1933
2271
 
1934
2272
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool is not in config
@@ -1939,7 +2277,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1939
2277
  agentDid: 'did:key:z6MkhaXgBZDv...',
1940
2278
  projectId: 'none',
1941
2279
  cacheTtlMs: 300000,
1942
- cacheExpiresAt: '2025-11-24T21:32:10.112Z'
2280
+ cacheExpiresAt: '2025-11-24T22:29:13.071Z'
1943
2281
  }
1944
2282
 
1945
2283
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool is not in config
@@ -1953,7 +2291,6 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1953
2291
  }
1954
2292
 
1955
2293
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
1956
- stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
1957
2294
  [ToolProtectionService] Config loaded from API {
1958
2295
  source: 'api',
1959
2296
  toolCount: 2,
@@ -1961,7 +2298,7 @@ stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1961
2298
  agentDid: 'did:key:z6MkhaXgBZDv...',
1962
2299
  projectId: 'none',
1963
2300
  cacheTtlMs: 300000,
1964
- cacheExpiresAt: '2025-11-24T21:32:10.113Z'
2301
+ cacheExpiresAt: '2025-11-24T22:29:13.071Z'
1965
2302
  }
1966
2303
 
1967
2304
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
@@ -1972,7 +2309,6 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1972
2309
  isWildcard: true,
1973
2310
  requiresDelegation: true,
1974
2311
  availableTools: [ '*', 'specific_tool' ]
1975
- [ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
1976
2312
  }
1977
2313
 
1978
2314
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should prioritize specific tool protection over wildcard
@@ -1981,24 +2317,26 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
1981
2317
  toolCount: 2,
1982
2318
  protectedTools: [ '*' ],
1983
2319
  agentDid: 'did:key:z6MkhaXgBZDv...',
1984
- agentDid: 'did:key:z6MkhaXgBZDv...',
1985
- error: 'Network error',
1986
- cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
1987
- }
1988
2320
  projectId: 'none',
1989
2321
  cacheTtlMs: 300000,
1990
- cacheExpiresAt: '2025-11-24T21:32:10.114Z'
2322
+ cacheExpiresAt: '2025-11-24T22:29:13.073Z'
1991
2323
  }
1992
2324
 
2325
+ stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
1993
2326
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
1994
-
2327
+ [ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
1995
2328
  [ToolProtectionService] Protection check {
1996
2329
  tool: 'any_tool',
1997
2330
  agentDid: 'did:key:z6MkhaXgBZDv...',
2331
+ agentDid: 'did:key:z6MkhaXgBZDv...',
1998
2332
  found: true,
1999
2333
  isWildcard: true,
2000
2334
  requiresDelegation: true,
2335
+ error: 'Network error',
2001
2336
  availableTools: [ '*' ]
2337
+ }
2338
+ cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
2339
+
2002
2340
  }
2003
2341
 
2004
2342
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return protection config when tool requires delegation
@@ -2009,7 +2347,7 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
2009
2347
  agentDid: 'did:key:z6MkhaXgBZDv...',
2010
2348
  projectId: 'none',
2011
2349
  cacheTtlMs: 300000,
2012
- cacheExpiresAt: '2025-11-24T21:32:10.114Z'
2350
+ cacheExpiresAt: '2025-11-24T22:29:13.073Z'
2013
2351
  }
2014
2352
 
2015
2353
  stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return protection config when tool requires delegation
@@ -2022,119 +2360,318 @@ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtection
2022
2360
  availableTools: [ 'protected_tool' ]
2023
2361
  }
2024
2362
 
2025
- stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
2363
+ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
2364
+ [ToolProtectionService] Config loaded from API {
2365
+ source: 'api',
2366
+ toolCount: 1,
2367
+ protectedTools: [ 'tool1' ],
2368
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2369
+ projectId: 'none',
2370
+ cacheTtlMs: 300000,
2371
+ cacheExpiresAt: '2025-11-24T22:29:13.074Z'
2372
+ }
2373
+
2374
+ stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
2375
+ [ToolProtectionService] Config loaded from API {
2376
+ source: 'api',
2377
+ toolCount: 1,
2378
+ protectedTools: [ 'tool1' ],
2379
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2380
+ projectId: 'none',
2381
+ cacheTtlMs: 300000,
2382
+ cacheExpiresAt: '2025-11-24T22:29:13.074Z'
2383
+ }
2384
+
2385
+ ✓ src/__tests__/services/tool-protection.service.test.ts (49 tests) 22ms
2386
+ ✓ src/__tests__/runtime/base.test.ts (55 tests) 19ms
2387
+ ✓ src/__tests__/runtime/base-extensions.test.ts (38 tests) 19ms
2388
+ stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.get errors gracefully
2389
+ [UserDidManager] Storage.get failed, generating new DID: Error: Storage error
2390
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:187:67
2391
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2392
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2393
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2394
+ at new Promise (<anonymous>)
2395
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2396
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2397
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
2398
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2399
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2400
+
2401
+ stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.set errors gracefully
2402
+ [UserDidManager] Storage.set failed, continuing with cached DID: Error: Storage error
2403
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:196:67
2404
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2405
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2406
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2407
+ at new Promise (<anonymous>)
2408
+ at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2409
+ at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2410
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
2411
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2412
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2413
+
2414
+ stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.delete errors gracefully
2415
+ [UserDidManager] Storage.delete failed, continuing: Error: Storage error
2416
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:206:70
2417
+ at processTicksAndRejections (node:internal/process/task_queues:103:5)
2418
+ at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
2419
+
2420
+ ✓ src/__tests__/identity/user-did-manager.test.ts (17 tests) 13ms
2421
+ ✓ src/services/__tests__/access-control.integration.test.ts (9 tests) 124ms
2422
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should allow unprotected tool calls
2423
+ [ToolProtectionService] Config loaded from API {
2424
+ source: 'api',
2425
+ toolCount: 1,
2426
+ protectedTools: [],
2427
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2428
+ projectId: 'test-project',
2429
+ cacheTtlMs: 300000,
2430
+ cacheExpiresAt: '2025-11-24T22:29:13.350Z'
2431
+ }
2432
+
2433
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
2434
+ [ToolProtectionService] Config loaded from API {
2435
+ source: 'api',
2436
+ toolCount: 1,
2437
+ protectedTools: [ 'checkout' ],
2438
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2439
+ projectId: 'test-project',
2440
+ cacheTtlMs: 300000,
2441
+ cacheExpiresAt: '2025-11-24T22:29:13.351Z'
2442
+ }
2443
+
2444
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
2445
+ [ToolProtectionService] Protection check {
2446
+ tool: 'checkout',
2447
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2448
+ found: true,
2449
+ isWildcard: false,
2450
+ requiresDelegation: true,
2451
+ availableTools: [ 'checkout' ]
2452
+ }
2453
+
2454
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should fetch tool protection config from AgentShield
2455
+ [ToolProtectionService] Config loaded from API {
2456
+ source: 'api',
2457
+ toolCount: 1,
2458
+ protectedTools: [ 'protected_tool' ],
2459
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2460
+ projectId: 'test-project',
2461
+ cacheTtlMs: 300000,
2462
+ cacheExpiresAt: '2025-11-24T22:29:13.352Z'
2463
+ }
2464
+
2465
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should cache tool protection config
2466
+ [ToolProtectionService] Config loaded from API {
2467
+ source: 'api',
2468
+ toolCount: 1,
2469
+ protectedTools: [ 'tool1' ],
2470
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2471
+ projectId: 'test-project',
2472
+ cacheTtlMs: 300000,
2473
+ cacheExpiresAt: '2025-11-24T22:29:13.353Z'
2474
+ }
2475
+
2476
+ stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should use fallback config when API fails
2477
+ [ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
2478
+
2479
+ stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle tool protection service errors gracefully
2480
+ [ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
2481
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2482
+ error: 'Network error',
2483
+ cacheKey: 'config:tool-protections:test-project'
2484
+ }
2485
+
2486
+ stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle network timeouts
2487
+ [ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
2488
+
2489
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should share cache across multiple service instances
2490
+ [ToolProtectionService] Config loaded from API {
2491
+ source: 'api',
2492
+ toolCount: 1,
2493
+ protectedTools: [ 'tool1' ],
2494
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2495
+ projectId: 'test-project',
2496
+ cacheTtlMs: 300000,
2497
+ cacheExpiresAt: '2025-11-24T22:29:13.354Z'
2498
+ }
2499
+
2500
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
2501
+ [ToolProtectionService] Config loaded from API {
2502
+ source: 'api',
2503
+ toolCount: 1,
2504
+ protectedTools: [ 'tool1' ],
2505
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2506
+ projectId: 'test-project',
2507
+ cacheTtlMs: 300000,
2508
+ cacheExpiresAt: '2025-11-24T22:29:13.354Z'
2509
+ }
2510
+
2511
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
2512
+ [ToolProtectionService] Config loaded from API {
2513
+ source: 'api',
2514
+ toolCount: 1,
2515
+ protectedTools: [ 'tool1' ],
2516
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2517
+ projectId: 'test-project',
2518
+ cacheTtlMs: 300000,
2519
+ cacheExpiresAt: '2025-11-24T22:29:13.354Z'
2520
+ }
2521
+
2522
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
2523
+ [ToolProtectionService] Config loaded from API {
2524
+ source: 'api',
2525
+ toolCount: 3,
2526
+ protectedTools: [ 'add_to_cart', 'checkout' ],
2527
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2528
+ projectId: 'test-project',
2529
+ cacheTtlMs: 300000,
2530
+ cacheExpiresAt: '2025-11-24T22:29:13.354Z'
2531
+ }
2532
+
2533
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
2534
+ [ToolProtectionService] Protection check {
2535
+ tool: 'add_to_cart',
2536
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2537
+ found: true,
2538
+ isWildcard: false,
2539
+ requiresDelegation: true,
2540
+ availableTools: [ 'search_products', 'add_to_cart', 'checkout' ]
2541
+ }
2542
+
2543
+ stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Concurrent operations > should handle concurrent cache operations
2544
+ [ToolProtectionService] Config loaded from API {
2545
+ source: 'api',
2546
+ toolCount: 1,
2547
+ protectedTools: [ 'tool1' ],
2548
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2549
+ projectId: 'test-project',
2550
+ cacheTtlMs: 300000,
2551
+ cacheExpiresAt: '2025-11-24T22:29:13.355Z'
2552
+ }
2553
+ [ToolProtectionService] Config loaded from API {
2554
+ source: 'api',
2555
+ toolCount: 1,
2556
+ protectedTools: [ 'tool1' ],
2557
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2558
+ projectId: 'test-project',
2559
+ cacheTtlMs: 300000,
2560
+ cacheExpiresAt: '2025-11-24T22:29:13.355Z'
2561
+ }
2562
+ [ToolProtectionService] Config loaded from API {
2563
+ source: 'api',
2564
+ toolCount: 1,
2565
+ protectedTools: [ 'tool1' ],
2566
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2567
+ projectId: 'test-project',
2568
+ cacheTtlMs: 300000,
2569
+ cacheExpiresAt: '2025-11-24T22:29:13.355Z'
2570
+ }
2571
+
2572
+ ✓ src/__tests__/integration/full-flow.test.ts (21 tests) 12ms
2573
+ ✓ src/__tests__/providers/memory.test.ts (34 tests) 10ms
2574
+ stderr | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > No Regressions > Phase 1 OAuth flow > should still work with Phase 1 OAuth flow (no oauthProvider)
2575
+ stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Phase 1 tools (no oauthProvider) > should work with Phase 1 tools that don't specify oauthProvider
2576
+ [ToolProtectionService] Config loaded from API {
2577
+ [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2578
+ source: 'api',
2579
+ toolCount: 1,
2580
+ protectedTools: [ 'phase1_tool' ],
2581
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2582
+
2583
+ projectId: 'none',
2584
+ cacheTtlMs: 300000,
2585
+ cacheExpiresAt: '2025-11-24T22:29:13.361Z'
2586
+ }
2587
+
2588
+ stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Old API endpoint format > should still support old endpoint format (tools array)
2589
+ [ToolProtectionService] Config loaded from API {
2590
+ source: 'api',
2591
+ toolCount: 1,
2592
+ protectedTools: [ 'old_tool' ],
2593
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2594
+ projectId: 'none',
2595
+ cacheTtlMs: 300000,
2596
+ cacheExpiresAt: '2025-11-24T22:29:13.368Z'
2597
+ }
2598
+
2599
+ stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Old API endpoint format > should still support old endpoint format (tools object)
2600
+ [ToolProtectionService] Config loaded from API {
2601
+ source: 'api',
2602
+ toolCount: 1,
2603
+ protectedTools: [ 'old_tool' ],
2604
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2605
+ projectId: 'none',
2606
+ cacheTtlMs: 300000,
2607
+ cacheExpiresAt: '2025-11-24T22:29:13.370Z'
2608
+ }
2609
+
2610
+ stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > snake_case field names > should still support snake_case field names
2026
2611
  [ToolProtectionService] Config loaded from API {
2027
2612
  source: 'api',
2028
2613
  toolCount: 1,
2029
- protectedTools: [ 'tool1' ],
2614
+ protectedTools: [ 'tool_with_snake_case' ],
2030
2615
  agentDid: 'did:key:z6MkhaXgBZDv...',
2031
- projectId: 'none',
2616
+ projectId: 'test-project-123',
2032
2617
  cacheTtlMs: 300000,
2033
- cacheExpiresAt: '2025-11-24T21:32:10.115Z'
2618
+ cacheExpiresAt: '2025-11-24T22:29:13.370Z'
2034
2619
  }
2035
2620
 
2036
- stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
2621
+ stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Mixed Phase 1 and Phase 2 tools > should handle mix of Phase 1 and Phase 2 tools in same project
2037
2622
  [ToolProtectionService] Config loaded from API {
2038
2623
  source: 'api',
2039
- toolCount: 1,
2040
- protectedTools: [ 'tool1' ],
2624
+ toolCount: 2,
2625
+ protectedTools: [ 'phase1_tool', 'phase2_tool' ],
2041
2626
  agentDid: 'did:key:z6MkhaXgBZDv...',
2042
- projectId: 'none',
2627
+ projectId: 'test-project-123',
2043
2628
  cacheTtlMs: 300000,
2044
- cacheExpiresAt: '2025-11-24T21:32:10.115Z'
2629
+ cacheExpiresAt: '2025-11-24T22:29:13.371Z'
2045
2630
  }
2046
2631
 
2047
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyEd25519 > should return false on verification error
2048
- [CryptoService] Ed25519 verification error: Error: Verification failed
2049
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:62:9
2050
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2051
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2052
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2053
- at new Promise (<anonymous>)
2054
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2055
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2056
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2057
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2058
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2632
+ src/__tests__/regression/phase2-regression.test.ts (12 tests) 11ms
2633
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Full handshake and tool execution flow > should complete full authentication and tool execution cycle
2634
+ [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zbpsbpFxkSQb1iVhtLNeESvH8mhg7suz_","environment":"development","userDidGeneration":"disabled"},"timestamp":1764023053370,"timestampFormatted":"2025-11-24T22:24:13.370Z"}
2059
2635
 
2060
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject invalid JWK format
2061
- [CryptoService] Invalid Ed25519 JWK format
2636
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Full handshake and tool execution flow > should complete full authentication and tool execution cycle
2637
+ [AUDIT] {"event":"tool_executed","data":{"tool":"greetingTool","sessionId":"b791abf20fb642084411bcd1aebb9092","timestamp":1764023053370},"timestamp":1764023053370,"timestampFormatted":"2025-11-24T22:24:13.370Z"}
2062
2638
 
2063
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong kty
2064
- [CryptoService] Invalid Ed25519 JWK format
2639
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Session expiry handling > should handle expired sessions correctly
2640
+ [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zhRMN0XEtj_z-Vd9WDhZMuObd8NTphcyG","environment":"development","userDidGeneration":"disabled"},"timestamp":1764023053396,"timestampFormatted":"2025-11-24T22:24:13.396Z"}
2065
2641
 
2066
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong crv
2067
- [CryptoService] Invalid Ed25519 JWK format
2642
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Key rotation flow > should handle key rotation and maintain functionality
2643
+ [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zirae5Sfp8Z8zhg4_wC0XDhl2TOs98RNb","environment":"development","userDidGeneration":"disabled"},"timestamp":1764023053396,"timestampFormatted":"2025-11-24T22:24:13.396Z"}
2068
2644
 
2069
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with missing x field
2070
- [CryptoService] Invalid Ed25519 JWK format
2645
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Key rotation flow > should handle key rotation and maintain functionality
2646
+ [AUDIT] {"event":"keys_rotated","data":{"oldDid":"did:key:zirae5Sfp8Z8zhg4_wC0XDhl2TOs98RNb","newDid":"did:key:zE11g3QOgNtNhQWI5Cg1I5RwrnUbPR2_C","timestamp":1764023053396},"timestamp":1764023053396,"timestampFormatted":"2025-11-24T22:24:13.396Z"}
2071
2647
 
2072
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with empty x field
2073
- [CryptoService] Invalid Ed25519 JWK format
2648
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Well-known endpoints > should provide identity discovery endpoints
2649
+ [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z8evK7ya-cxhZWH7dpBi8nXPrnP2bZ1UK","environment":"development","userDidGeneration":"disabled"},"timestamp":1764023053397,"timestampFormatted":"2025-11-24T22:24:13.397Z"}
2074
2650
 
2075
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject malformed JWS
2076
- [CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token 'ž', "ž‹" is not valid JSON
2077
- at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
2078
- at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
2079
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:230:42
2080
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2081
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2082
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2083
- at new Promise (<anonymous>)
2084
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2085
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2086
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2651
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Nonce replay protection > should prevent nonce reuse
2652
+ [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z7LtUTT9dvGc_aBW8U3KA-WTw2IhJ1YV_","environment":"development","userDidGeneration":"disabled"},"timestamp":1764023053397,"timestampFormatted":"2025-11-24T22:24:13.397Z"}
2087
2653
 
2088
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject non-EdDSA algorithms
2089
- [CryptoService] Unsupported algorithm: RS256, expected EdDSA
2654
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Error handling > should handle network errors gracefully
2655
+ [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zkbu4fmX7Tz5my6O1V9r5bgSGhbQyxQWw","environment":"development","userDidGeneration":"disabled"},"timestamp":1764023053397,"timestampFormatted":"2025-11-24T22:24:13.397Z"}
2090
2656
 
2091
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject HS256 algorithm
2092
- [CryptoService] Unsupported algorithm: HS256, expected EdDSA
2657
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Error handling > should handle malformed DID documents
2658
+ [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zcuYsoOGhsJ2-vAzjQynEly08PnbjaTQ4","environment":"development","userDidGeneration":"disabled"},"timestamp":1764023053397,"timestampFormatted":"2025-11-24T22:24:13.397Z"}
2093
2659
 
2094
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle empty JWS components
2095
- [CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected end of JSON input
2096
- at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
2097
- at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
2098
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:271:42
2099
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2100
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2101
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2102
- at new Promise (<anonymous>)
2103
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2104
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2105
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2660
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Debug endpoint > should provide debug information in development
2661
+ [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zvLryzaIg4z4MFZKvL9m_Te--A9QM-3X4","environment":"development","userDidGeneration":"disabled"},"timestamp":1764023053397,"timestampFormatted":"2025-11-24T22:24:13.397Z"}
2106
2662
 
2107
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - single part
2108
- [CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
2109
- at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
2110
- at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
2111
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:279:42
2112
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2113
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2114
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2115
- at new Promise (<anonymous>)
2116
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2117
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2118
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2663
+ stdout | src/__tests__/integration.test.ts > Integration Tests > Debug endpoint > should be disabled in production
2664
+ [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zXSTNznD9nicCwc6fhFKt058_cfCFmFBo","environment":"development","userDidGeneration":"disabled"},"timestamp":1764023053398,"timestampFormatted":"2025-11-24T22:24:13.398Z"}
2119
2665
 
2120
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - two parts
2121
- [CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
2122
- at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
2123
- at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
2124
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:287:42
2125
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2126
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2127
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2128
- at new Promise (<anonymous>)
2129
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2130
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2131
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2666
+ src/__tests__/integration.test.ts (9 tests) 36ms
2667
+ src/__tests__/runtime/proof-client-did.test.ts (17 tests) 32ms
2668
+ src/compliance/__tests__/schema-verifier.test.ts (30 tests) 4ms
2669
+ stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API request fails
2670
+ [RemoteConfig] API returned 404: Not Found
2132
2671
 
2133
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - four parts
2134
- [CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
2135
- at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
2136
- at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
2137
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:302:42
2672
+ stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API throws error
2673
+ [RemoteConfig] Failed to fetch config: Error: Network error
2674
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:170:35
2138
2675
  at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2139
2676
  at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2140
2677
  at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
@@ -2142,25 +2679,15 @@ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJ
2142
2679
  at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2143
2680
  at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2144
2681
  at processTicksAndRejections (node:internal/process/task_queues:103:5)
2682
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2683
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2145
2684
 
2146
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid JSON header
2147
- [CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token 'o', "notjson" is not valid JSON
2148
- at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
2149
- at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
2150
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:316:42
2151
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2152
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2153
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2154
- at new Promise (<anonymous>)
2155
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2156
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2157
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2685
+ stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if neither projectId nor agentDid provided
2686
+ [RemoteConfig] Neither projectId nor agentDid provided
2158
2687
 
2159
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid base64
2160
- [CryptoService] Invalid JWS format: Error: Invalid payload base64: Invalid base64url string: Invalid character
2161
- at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:107:15)
2162
- at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
2163
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:334:42
2688
+ stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should handle cache read errors gracefully
2689
+ [RemoteConfig] Cache read failed: Error: Cache error
2690
+ at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:198:50
2164
2691
  at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2165
2692
  at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2166
2693
  at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
@@ -2168,77 +2695,127 @@ stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJ
2168
2695
  at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2169
2696
  at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2170
2697
  at processTicksAndRejections (node:internal/process/task_queues:103:5)
2698
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2699
+ at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2171
2700
 
2172
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate expectedKid option
2173
- [CryptoService] Key ID mismatch
2701
+ src/config/__tests__/remote-config.spec.ts (9 tests) 6ms
2702
+ src/delegation/__tests__/bitstring.test.ts (30 tests) 4ms
2703
+ stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify gmail → google mapping works
2704
+ [ProviderResolver] Inferred provider "google" from scopes
2174
2705
 
2175
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate alg option
2176
- [CryptoService] Unsupported algorithm: EdDSA, expected RS256
2706
+ stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify calendar → google mapping works
2707
+ [ProviderResolver] Inferred provider "google" from scopes
2708
+ stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle empty scopes array
2177
2709
 
2178
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate Ed25519 key length
2179
- [CryptoService] Failed to extract public key: Error: Invalid Ed25519 public key length: 5
2180
- at CryptoService.jwkToBase64PublicKey (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:295:13)
2181
- at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:249:32)
2182
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:398:42
2183
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2184
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2185
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2186
- at new Promise (<anonymous>)
2187
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2188
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2189
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2710
+ [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2190
2711
 
2191
- stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle signature verification error
2192
- [CryptoService] Ed25519 verification error: Error: Crypto error
2193
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:449:61
2194
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2195
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2196
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2197
- at new Promise (<anonymous>)
2198
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2199
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2200
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2201
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2202
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2712
+ stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify outlook microsoft mapping works
2713
+ [ProviderResolver] Inferred provider "microsoft" from scopes
2203
2714
 
2204
- src/services/__tests__/crypto.service.test.ts (34 tests) 25ms
2205
- src/__tests__/services/tool-protection.service.test.ts (49 tests) 20ms
2206
- stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
2207
- [StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
2715
+ stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle ambiguous scopes (multiple providers inferred)
2716
+ [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2208
2717
 
2209
- stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
2210
- [StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
2718
+ stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle unknown scope prefixes
2719
+ [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2211
2720
 
2212
- stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should fall back to memory when Redis connection fails
2213
- [StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
2721
+ stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle scopes without colons
2722
+ [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2723
+
2724
+ stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle inferred provider not in registry
2725
+ [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "google" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2726
+
2727
+ stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Provider name case sensitivity > should handle provider names case-insensitively in inference
2728
+ [ProviderResolver] Inferred provider "github" from scopes
2729
+ stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Fallback behavior (Priority 3) > should use first configured provider when oauthProvider not specified
2730
+ [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2731
+
2732
+
2733
+ stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Multiple scopes with same provider > should handle multiple scopes from same provider
2734
+ [ProviderResolver] Inferred provider "github" from scopes
2735
+
2736
+ ✓ src/__tests__/providers/base.test.ts (14 tests) 5ms
2737
+ ✓ src/__tests__/services/provider-resolver-edge-cases.test.ts (19 tests | 1 skipped) 33ms
2738
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
2739
+ [ToolProtectionService] Config loaded from API {
2740
+ stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle API rate limiting gracefully
2741
+ source: 'api',
2742
+ toolCount: 0,
2743
+ protectedTools: [],
2744
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2745
+ [ToolProtectionService] API fetch failed, using fallback config {
2746
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2747
+ error: 'Failed to fetch bouncer config: 429 Too Many Requests - Rate limit exceeded'
2748
+ projectId: 'test-project-123',
2749
+ cacheTtlMs: 1000,
2750
+ cacheExpiresAt: '2025-11-24T22:24:14.784Z'
2751
+ }
2752
+ }
2753
+
2754
+
2755
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle typical e-commerce tool protection config
2756
+ [ToolProtectionService] Config loaded from API {
2757
+ source: 'api',
2758
+ toolCount: 4,
2759
+ protectedTools: [ 'add_to_cart', 'checkout' ],
2760
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2761
+ projectId: 'test-project-123',
2762
+ cacheTtlMs: 300000,
2763
+ cacheExpiresAt: '2025-11-24T22:29:13.784Z'
2764
+ }
2765
+
2766
+ stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle concurrent requests
2767
+ [ToolProtectionService] Config loaded from API {
2768
+ source: 'api',
2769
+ toolCount: 1,
2770
+ protectedTools: [ 'tool1' ],
2771
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2772
+ projectId: 'test-project-123',
2773
+ cacheTtlMs: 300000,
2774
+ cacheExpiresAt: '2025-11-24T22:29:13.785Z'
2775
+ }
2776
+ [ToolProtectionService] Config loaded from API {
2777
+ source: 'api',
2778
+ toolCount: 1,
2779
+ protectedTools: [ 'tool1' ],
2780
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2781
+ projectId: 'test-project-123',
2782
+ cacheTtlMs: 300000,
2783
+ cacheExpiresAt: '2025-11-24T22:29:13.785Z'
2784
+ }
2785
+ [ToolProtectionService] Config loaded from API {
2786
+ source: 'api',
2787
+ toolCount: 1,
2788
+ protectedTools: [ 'tool1' ],
2789
+ agentDid: 'did:key:z6MkhaXgBZDv...',
2790
+ projectId: 'test-project-123',
2791
+ cacheTtlMs: 300000,
2792
+ cacheExpiresAt: '2025-11-24T22:29:13.785Z'
2793
+ }
2794
+
2795
+ ✓ src/__tests__/services/agentshield-integration.test.ts (30 tests) 1115ms
2796
+ ✓ should respect cache TTL 1101ms
2797
+ stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from github scope prefix
2798
+ [ProviderResolver] Inferred provider "github" from scopes
2799
+
2800
+ stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from gmail scope prefix (maps to google)
2801
+ [ProviderResolver] Inferred provider "google" from scopes
2214
2802
 
2215
- stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should use KV namespace when provided
2216
- [StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
2803
+ stderr | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should return null for ambiguous scopes
2804
+ [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2217
2805
 
2218
- stderr | src/services/__tests__/proof-verifier.test.ts > ProofVerifier Security > Signature Verification > should handle signature verification errors gracefully
2806
+ src/services/__tests__/provider-resolver.test.ts (8 tests) 5ms
2807
+ ✓ src/delegation/__tests__/delegation-graph.test.ts (28 tests) 7ms
2219
2808
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should parse oauthProvider from camelCase field
2220
- [CryptoService] Ed25519 verification error: Error: Crypto error
2221
2809
  [ToolProtectionService] Config loaded from API {
2222
2810
  source: 'api',
2223
2811
  toolCount: 2,
2224
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.test.ts:328:9
2225
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2226
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2227
2812
  protectedTools: [ 'read_repos', 'send_email' ],
2228
2813
  agentDid: 'did:key:z6MkhaXgBZDv...',
2229
2814
  projectId: 'test-project-123',
2230
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2231
- at new Promise (<anonymous>)
2232
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2233
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2234
2815
  cacheTtlMs: 300000,
2235
- cacheExpiresAt: '2025-11-24T21:32:10.294Z'
2816
+ cacheExpiresAt: '2025-11-24T22:29:13.875Z'
2236
2817
  }
2237
2818
 
2238
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2239
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2240
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2241
-
2242
2819
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should parse oauthProvider from snake_case field
2243
2820
  [ToolProtectionService] Config loaded from API {
2244
2821
  source: 'api',
@@ -2247,7 +2824,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2247
2824
  agentDid: 'did:key:z6MkhaXgBZDv...',
2248
2825
  projectId: 'test-project-123',
2249
2826
  cacheTtlMs: 300000,
2250
- cacheExpiresAt: '2025-11-24T21:32:10.297Z'
2827
+ cacheExpiresAt: '2025-11-24T22:29:13.878Z'
2251
2828
  }
2252
2829
 
2253
2830
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should prefer camelCase over snake_case when both present
@@ -2258,7 +2835,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2258
2835
  agentDid: 'did:key:z6MkhaXgBZDv...',
2259
2836
  projectId: 'test-project-123',
2260
2837
  cacheTtlMs: 300000,
2261
- cacheExpiresAt: '2025-11-24T21:32:10.297Z'
2838
+ cacheExpiresAt: '2025-11-24T22:29:13.879Z'
2262
2839
  }
2263
2840
 
2264
2841
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should handle missing oauthProvider field (backward compatible)
@@ -2269,10 +2846,9 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2269
2846
  agentDid: 'did:key:z6MkhaXgBZDv...',
2270
2847
  projectId: 'test-project-123',
2271
2848
  cacheTtlMs: 300000,
2272
- cacheExpiresAt: '2025-11-24T21:32:10.298Z'
2849
+ cacheExpiresAt: '2025-11-24T22:29:13.879Z'
2273
2850
  }
2274
2851
 
2275
- ✓ src/services/__tests__/proof-verifier.test.ts (21 tests) 11ms
2276
2852
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should parse oauthProvider from array format with camelCase
2277
2853
  [ToolProtectionService] Config loaded from API {
2278
2854
  source: 'api',
@@ -2281,7 +2857,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2281
2857
  agentDid: 'did:key:z6MkhaXgBZDv...',
2282
2858
  projectId: 'none',
2283
2859
  cacheTtlMs: 300000,
2284
- cacheExpiresAt: '2025-11-24T21:32:10.304Z'
2860
+ cacheExpiresAt: '2025-11-24T22:29:13.879Z'
2285
2861
  }
2286
2862
 
2287
2863
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should parse oauthProvider from array format with snake_case
@@ -2292,7 +2868,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2292
2868
  agentDid: 'did:key:z6MkhaXgBZDv...',
2293
2869
  projectId: 'none',
2294
2870
  cacheTtlMs: 300000,
2295
- cacheExpiresAt: '2025-11-24T21:32:10.304Z'
2871
+ cacheExpiresAt: '2025-11-24T22:29:13.880Z'
2296
2872
  }
2297
2873
 
2298
2874
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should prefer camelCase over snake_case in array format
@@ -2303,7 +2879,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2303
2879
  agentDid: 'did:key:z6MkhaXgBZDv...',
2304
2880
  projectId: 'none',
2305
2881
  cacheTtlMs: 300000,
2306
- cacheExpiresAt: '2025-11-24T21:32:10.304Z'
2882
+ cacheExpiresAt: '2025-11-24T22:29:13.880Z'
2307
2883
  }
2308
2884
 
2309
2885
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should parse oauthProvider from object format with camelCase
@@ -2314,7 +2890,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2314
2890
  agentDid: 'did:key:z6MkhaXgBZDv...',
2315
2891
  projectId: 'none',
2316
2892
  cacheTtlMs: 300000,
2317
- cacheExpiresAt: '2025-11-24T21:32:10.304Z'
2893
+ cacheExpiresAt: '2025-11-24T22:29:13.880Z'
2318
2894
  }
2319
2895
 
2320
2896
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should parse oauthProvider from object format with snake_case
@@ -2325,7 +2901,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2325
2901
  agentDid: 'did:key:z6MkhaXgBZDv...',
2326
2902
  projectId: 'none',
2327
2903
  cacheTtlMs: 300000,
2328
- cacheExpiresAt: '2025-11-24T21:32:10.305Z'
2904
+ cacheExpiresAt: '2025-11-24T22:29:13.880Z'
2329
2905
  }
2330
2906
 
2331
2907
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should prefer camelCase over snake_case in object format
@@ -2336,7 +2912,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2336
2912
  agentDid: 'did:key:z6MkhaXgBZDv...',
2337
2913
  projectId: 'none',
2338
2914
  cacheTtlMs: 300000,
2339
- cacheExpiresAt: '2025-11-24T21:32:10.305Z'
2915
+ cacheExpiresAt: '2025-11-24T22:29:13.880Z'
2340
2916
  }
2341
2917
 
2342
2918
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Caching > should cache oauthProvider field correctly
@@ -2347,7 +2923,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2347
2923
  agentDid: 'did:key:z6MkhaXgBZDv...',
2348
2924
  projectId: 'test-project-123',
2349
2925
  cacheTtlMs: 300000,
2350
- cacheExpiresAt: '2025-11-24T21:32:10.305Z'
2926
+ cacheExpiresAt: '2025-11-24T22:29:13.880Z'
2351
2927
  }
2352
2928
 
2353
2929
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > oauthProvider field inclusion > should include oauthProvider in returned ToolProtection objects when present
@@ -2358,7 +2934,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2358
2934
  agentDid: 'did:key:z6MkhaXgBZDv...',
2359
2935
  projectId: 'test-project-123',
2360
2936
  cacheTtlMs: 300000,
2361
- cacheExpiresAt: '2025-11-24T21:32:10.305Z'
2937
+ cacheExpiresAt: '2025-11-24T22:29:13.881Z'
2362
2938
  }
2363
2939
 
2364
2940
  stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > oauthProvider field inclusion > should handle empty string oauthProvider gracefully
@@ -2369,298 +2945,29 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
2369
2945
  agentDid: 'did:key:z6MkhaXgBZDv...',
2370
2946
  projectId: 'test-project-123',
2371
2947
  cacheTtlMs: 300000,
2372
- cacheExpiresAt: '2025-11-24T21:32:10.307Z'
2373
- }
2374
-
2375
- ✓ src/__tests__/services/tool-protection-oauth-provider.test.ts (14 tests) 14ms
2376
- ✓ src/services/__tests__/storage.service.test.ts (17 tests) 33ms
2377
- stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Phase 1 tools (no oauthProvider) > should work with Phase 1 tools that don't specify oauthProvider
2378
- [ToolProtectionService] Config loaded from API {
2379
- source: 'api',
2380
- toolCount: 1,
2381
- protectedTools: [ 'phase1_tool' ],
2382
- agentDid: 'did:key:z6MkhaXgBZDv...',
2383
- projectId: 'none',
2384
- cacheTtlMs: 300000,
2385
- cacheExpiresAt: '2025-11-24T21:32:10.317Z'
2386
- }
2387
-
2388
- stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Old API endpoint format > should still support old endpoint format (tools array)
2389
- [ToolProtectionService] Config loaded from API {
2390
- source: 'api',
2391
- toolCount: 1,
2392
- protectedTools: [ 'old_tool' ],
2393
- agentDid: 'did:key:z6MkhaXgBZDv...',
2394
- projectId: 'none',
2395
- cacheTtlMs: 300000,
2396
- cacheExpiresAt: '2025-11-24T21:32:10.321Z'
2397
- }
2398
-
2399
- stderr | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > No Regressions > Phase 1 OAuth flow > should still work with Phase 1 OAuth flow (no oauthProvider)
2400
- stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Old API endpoint format > should still support old endpoint format (tools object)
2401
- [ToolProtectionService] Config loaded from API {
2402
- [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2403
- source: 'api',
2404
- toolCount: 1,
2405
- protectedTools: [ 'old_tool' ],
2406
- agentDid: 'did:key:z6MkhaXgBZDv...',
2407
- projectId: 'none',
2408
- cacheTtlMs: 300000,
2409
- cacheExpiresAt: '2025-11-24T21:32:10.321Z'
2410
-
2411
- }
2412
-
2413
- stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > snake_case field names > should still support snake_case field names
2414
- [ToolProtectionService] Config loaded from API {
2415
- source: 'api',
2416
- toolCount: 1,
2417
- protectedTools: [ 'tool_with_snake_case' ],
2418
- agentDid: 'did:key:z6MkhaXgBZDv...',
2419
- projectId: 'test-project-123',
2420
- cacheTtlMs: 300000,
2421
- cacheExpiresAt: '2025-11-24T21:32:10.321Z'
2422
- }
2423
-
2424
- stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Mixed Phase 1 and Phase 2 tools > should handle mix of Phase 1 and Phase 2 tools in same project
2425
- [ToolProtectionService] Config loaded from API {
2426
- source: 'api',
2427
- toolCount: 2,
2428
- protectedTools: [ 'phase1_tool', 'phase2_tool' ],
2429
- agentDid: 'did:key:z6MkhaXgBZDv...',
2430
- projectId: 'test-project-123',
2431
- cacheTtlMs: 300000,
2432
- cacheExpiresAt: '2025-11-24T21:32:10.322Z'
2433
- }
2434
-
2435
- ✓ src/__tests__/regression/phase2-regression.test.ts (12 tests) 6ms
2436
- stdout | src/__tests__/integration.test.ts > Integration Tests > Full handshake and tool execution flow > should complete full authentication and tool execution cycle
2437
- [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zHrIAXiPd82_S4D4jgQVnnrEpM9cytCcW","environment":"development","userDidGeneration":"disabled"},"timestamp":1764019630327,"timestampFormatted":"2025-11-24T21:27:10.327Z"}
2438
-
2439
- stdout | src/__tests__/integration.test.ts > Integration Tests > Full handshake and tool execution flow > should complete full authentication and tool execution cycle
2440
- [AUDIT] {"event":"tool_executed","data":{"tool":"greetingTool","sessionId":"087bdca49ced15c22721f1060a548c8e","timestamp":1764019630327},"timestamp":1764019630327,"timestampFormatted":"2025-11-24T21:27:10.327Z"}
2441
-
2442
- stdout | src/__tests__/integration.test.ts > Integration Tests > Session expiry handling > should handle expired sessions correctly
2443
- [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zUTYHZ87G7YghsT2EBWJwJh17s2nUugJ5","environment":"development","userDidGeneration":"disabled"},"timestamp":1764019630342,"timestampFormatted":"2025-11-24T21:27:10.342Z"}
2444
-
2445
- stdout | src/__tests__/integration.test.ts > Integration Tests > Key rotation flow > should handle key rotation and maintain functionality
2446
- [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zGCVcbJoakpFxOVCaDxZC3cl-BNu3dvtn","environment":"development","userDidGeneration":"disabled"},"timestamp":1764019630343,"timestampFormatted":"2025-11-24T21:27:10.343Z"}
2447
-
2448
- stdout | src/__tests__/integration.test.ts > Integration Tests > Key rotation flow > should handle key rotation and maintain functionality
2449
- [AUDIT] {"event":"keys_rotated","data":{"oldDid":"did:key:zGCVcbJoakpFxOVCaDxZC3cl-BNu3dvtn","newDid":"did:key:zvXEK_BBk1qAaau-LEv6gsbbBCXtoMuL7","timestamp":1764019630343},"timestamp":1764019630343,"timestampFormatted":"2025-11-24T21:27:10.343Z"}
2450
-
2451
- ✓ src/__tests__/providers/memory.test.ts (34 tests) 15ms
2452
- stdout | src/__tests__/integration.test.ts > Integration Tests > Well-known endpoints > should provide identity discovery endpoints
2453
- [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zKOWuYWu7A7ZfSQ1WZd0qCs14PWDWkxiF","environment":"development","userDidGeneration":"disabled"},"timestamp":1764019630343,"timestampFormatted":"2025-11-24T21:27:10.343Z"}
2454
-
2455
- stdout | src/__tests__/integration.test.ts > Integration Tests > Nonce replay protection > should prevent nonce reuse
2456
- [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zHiFFzI1Uh2MZ7X32utWo4tgatqF4aRTp","environment":"development","userDidGeneration":"disabled"},"timestamp":1764019630343,"timestampFormatted":"2025-11-24T21:27:10.343Z"}
2457
-
2458
- stdout | src/__tests__/integration.test.ts > Integration Tests > Error handling > should handle network errors gracefully
2459
- [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zFWe89pbeL-6G20NEqLQcPD-NlAKxz_WW","environment":"development","userDidGeneration":"disabled"},"timestamp":1764019630344,"timestampFormatted":"2025-11-24T21:27:10.344Z"}
2460
-
2461
- stdout | src/__tests__/integration.test.ts > Integration Tests > Error handling > should handle malformed DID documents
2462
- [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z0B6tZqPGRmCXPWxrmhGe8F5R1X6ERiux","environment":"development","userDidGeneration":"disabled"},"timestamp":1764019630344,"timestampFormatted":"2025-11-24T21:27:10.344Z"}
2463
-
2464
- stdout | src/__tests__/integration.test.ts > Integration Tests > Debug endpoint > should provide debug information in development
2465
- [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zwvaoj9oPq89uorHnMZsdmvqWDO-VK-Vw","environment":"development","userDidGeneration":"disabled"},"timestamp":1764019630344,"timestampFormatted":"2025-11-24T21:27:10.344Z"}
2466
-
2467
- stdout | src/__tests__/integration.test.ts > Integration Tests > Debug endpoint > should be disabled in production
2468
- [AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zCzYL45UA04Cx8blnD1nJ27feOqEHJkrv","environment":"development","userDidGeneration":"disabled"},"timestamp":1764019630344,"timestampFormatted":"2025-11-24T21:27:10.344Z"}
2469
-
2470
- ✓ src/delegation/storage/__tests__/memory-statuslist-storage.test.ts (14 tests) 8ms
2471
- ✓ src/__tests__/integration.test.ts (9 tests) 19ms
2472
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
2473
- [ToolProtectionService] Config loaded from API {
2474
- source: 'api',
2475
- toolCount: 0,
2476
- protectedTools: [],
2477
- agentDid: 'did:key:z6MkhaXgBZDv...',
2478
- projectId: 'test-project-123',
2479
- cacheTtlMs: 1000,
2480
- cacheExpiresAt: '2025-11-24T21:27:11.354Z'
2481
- }
2482
-
2483
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle typical e-commerce tool protection config
2484
- [ToolProtectionService] Config loaded from API {
2485
- source: 'api',
2486
- toolCount: 4,
2487
- protectedTools: [ 'add_to_cart', 'checkout' ],
2488
- agentDid: 'did:key:z6MkhaXgBZDv...',
2489
- projectId: 'test-project-123',
2490
- cacheTtlMs: 300000,
2491
- cacheExpiresAt: '2025-11-24T21:32:10.355Z'
2492
- }
2493
-
2494
- stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle API rate limiting gracefully
2495
- [ToolProtectionService] API fetch failed, using fallback config {
2496
- agentDid: 'did:key:z6MkhaXgBZDv...',
2497
- stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle concurrent requests
2498
- error: 'Failed to fetch bouncer config: 429 Too Many Requests - Rate limit exceeded'
2499
- [ToolProtectionService] Config loaded from API {
2500
- source: 'api',
2501
- toolCount: 1,
2502
- protectedTools: [ 'tool1' ],
2503
- agentDid: 'did:key:z6MkhaXgBZDv...',
2504
- projectId: 'test-project-123',
2505
- cacheTtlMs: 300000,
2506
- cacheExpiresAt: '2025-11-24T21:32:10.355Z'
2948
+ cacheExpiresAt: '2025-11-24T22:29:13.881Z'
2507
2949
  }
2508
2950
 
2509
- }
2510
- [ToolProtectionService] Config loaded from API {
2511
- source: 'api',
2512
- toolCount: 1,
2513
- protectedTools: [ 'tool1' ],
2514
- agentDid: 'did:key:z6MkhaXgBZDv...',
2515
- projectId: 'test-project-123',
2516
- cacheTtlMs: 300000,
2517
- cacheExpiresAt: '2025-11-24T21:32:10.355Z'
2518
- }
2519
- [ToolProtectionService] Config loaded from API {
2520
- source: 'api',
2521
- toolCount: 1,
2522
- protectedTools: [ 'tool1' ],
2523
- agentDid: 'did:key:z6MkhaXgBZDv...',
2524
- projectId: 'test-project-123',
2525
- cacheTtlMs: 300000,
2526
- cacheExpiresAt: '2025-11-24T21:32:10.355Z'
2527
- }
2528
-
2529
- ✓ src/__tests__/services/agentshield-integration.test.ts (30 tests) 1115ms
2530
- ✓ should respect cache TTL 1101ms
2531
- stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify gmail → google mapping works
2532
- stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle empty scopes array
2533
- [ProviderResolver] Inferred provider "google" from scopes
2534
- [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2535
-
2536
-
2537
- stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle ambiguous scopes (multiple providers inferred)
2538
- stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify calendar → google mapping works
2539
- [ProviderResolver] Inferred provider "google" from scopes
2540
- [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2541
-
2542
-
2543
- stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify outlook → microsoft mapping works
2544
- stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle unknown scope prefixes
2545
- [ProviderResolver] Inferred provider "microsoft" from scopes
2546
-
2547
- [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2548
-
2549
- stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle scopes without colons
2550
- [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2551
-
2552
- stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle inferred provider not in registry
2553
- [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "google" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2554
-
2555
- stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Fallback behavior (Priority 3) > should use first configured provider when oauthProvider not specified
2556
- [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2557
- ✓ src/delegation/storage/__tests__/memory-graph-storage.test.ts (27 tests) 5ms
2558
- stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Provider name case sensitivity > should handle provider names case-insensitively in inference
2559
-
2560
- [ProviderResolver] Inferred provider "github" from scopes
2561
-
2562
- stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Multiple scopes with same provider > should handle multiple scopes from same provider
2563
- [ProviderResolver] Inferred provider "github" from scopes
2564
-
2565
- ✓ src/__tests__/services/provider-resolver-edge-cases.test.ts (19 tests | 1 skipped) 111ms
2566
- stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.get errors gracefully
2567
- [UserDidManager] Storage.get failed, generating new DID: Error: Storage error
2568
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:187:67
2569
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2570
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2571
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2572
- at new Promise (<anonymous>)
2573
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2574
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2575
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2576
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2577
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2578
-
2579
- stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.set errors gracefully
2580
- [UserDidManager] Storage.set failed, continuing with cached DID: Error: Storage error
2581
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:196:67
2582
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2583
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2584
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2585
- at new Promise (<anonymous>)
2586
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2587
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2588
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2589
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2590
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2591
-
2592
- stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.delete errors gracefully
2593
- [UserDidManager] Storage.delete failed, continuing: Error: Storage error
2594
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:206:70
2595
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2596
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
2597
-
2598
- ✓ src/__tests__/identity/user-did-manager.test.ts (17 tests) 6ms
2599
- ✓ src/__tests__/runtime/delegation-flow.test.ts (4 tests) 4ms
2600
- ✓ src/__tests__/runtime/base-extensions.test.ts (38 tests) 14ms
2601
- ✓ src/__tests__/runtime/proof-client-did.test.ts (17 tests) 7ms
2951
+ ✓ src/__tests__/services/tool-protection-oauth-provider.test.ts (14 tests) 7ms
2952
+ src/delegation/storage/__tests__/memory-graph-storage.test.ts (27 tests) 38ms
2602
2953
  stderr | src/services/__tests__/provider-resolution.integration.test.ts > Provider Resolution Integration > Backward compatibility > should work with Phase 1 tools (no oauthProvider field)
2603
2954
  [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2604
2955
 
2605
- ✓ src/services/__tests__/provider-resolution.integration.test.ts (6 tests) 4ms
2956
+ ✓ src/services/__tests__/provider-resolution.integration.test.ts (6 tests) 3ms
2957
+ ✓ src/__tests__/runtime/delegation-flow.test.ts (4 tests) 5ms
2958
+ ✓ src/__tests__/config/provider-runtime-config.test.ts (9 tests) 2ms
2959
+ ✓ src/__tests__/runtime/audit-logger.test.ts (9 tests) 2ms
2960
+ ✓ src/delegation/storage/__tests__/memory-statuslist-storage.test.ts (14 tests) 3ms
2606
2961
  ✓ src/services/__tests__/oauth-provider-registry.test.ts (9 tests) 3ms
2607
- ✓ src/delegation/__tests__/delegation-graph.test.ts (28 tests) 173ms
2608
- stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API request fails
2609
- [RemoteConfig] API returned 404: Not Found
2610
-
2611
- stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API throws error
2612
- [RemoteConfig] Failed to fetch config: Error: Network error
2613
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:170:35
2614
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2615
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2616
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2617
- at new Promise (<anonymous>)
2618
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2619
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2620
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2621
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2622
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2623
-
2624
- stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if neither projectId nor agentDid provided
2625
- [RemoteConfig] Neither projectId nor agentDid provided
2626
-
2627
- stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should handle cache read errors gracefully
2628
- [RemoteConfig] Cache read failed: Error: Cache error
2629
- at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:198:50
2630
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
2631
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
2632
- at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
2633
- at new Promise (<anonymous>)
2634
- at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
2635
- at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
2636
- at processTicksAndRejections (node:internal/process/task_queues:103:5)
2637
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2638
- at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
2639
-
2640
- stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from github scope prefix
2641
- [ProviderResolver] Inferred provider "github" from scopes
2642
-
2643
- stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from gmail scope prefix (maps to google)
2644
- [ProviderResolver] Inferred provider "google" from scopes
2645
-
2646
- stderr | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should return null for ambiguous scopes
2647
- [ProviderResolver] Tool does not specify oauthProvider. Using first configured provider "github" as fallback. This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.
2648
-
2649
- ✓ src/delegation/__tests__/bitstring.test.ts (30 tests) 5ms
2650
- ✓ src/compliance/__tests__/schema-verifier.test.ts (30 tests) 5ms
2651
- ✓ src/config/__tests__/remote-config.spec.ts (9 tests) 8ms
2652
- ✓ src/services/__tests__/provider-resolver.test.ts (8 tests) 8ms
2653
- ✓ src/utils/__tests__/did-helpers.test.ts (11 tests) 2ms
2654
- ✓ src/delegation/__tests__/utils.test.ts (28 tests) 5ms
2655
- ✓ src/services/__tests__/batch-delegation.service.test.ts (11 tests) 5ms
2656
- ✓ src/__tests__/runtime/audit-logger.test.ts (9 tests) 5ms
2657
- ✓ src/__tests__/providers/base.test.ts (14 tests) 5ms
2962
+ ✓ src/services/__tests__/batch-delegation.service.test.ts (11 tests) 3ms
2963
+ src/delegation/__tests__/utils.test.ts (28 tests) 2ms
2964
+ src/utils/__tests__/did-helpers.test.ts (11 tests) 3ms
2658
2965
  ✓ src/delegation/__tests__/audience-validator.test.ts (5 tests) 1ms
2659
2966
  ↓ src/__tests__/delegation-e2e.test.ts (14 tests | 14 skipped)
2660
2967
  ✓ src/__tests__/index.test.ts (4 tests) 2ms
2661
2968
 
2662
2969
  Test Files 43 passed | 1 skipped (44)
2663
- Tests 873 passed | 16 skipped (889)
2664
- Start at 15:27:06
2665
- Duration 5.26s (transform 11.76s, setup 0ms, collect 19.41s, tests 3.18s, environment 3ms, prepare 2.03s)
2970
+ Tests 876 passed | 16 skipped (892)
2971
+ Start at 16:24:11
2972
+ Duration 2.93s (transform 7.39s, setup 0ms, collect 12.71s, tests 2.51s, environment 6ms, prepare 2.12s)
2666
2973