@kya-os/mcp-i-core 1.2.3-canary.7 → 1.3.0-canary.clientinfo.20251126003544

package/src/__tests__/runtime/tool-protection-enforcement.test.ts

@@ -0,0 +1,908 @@
+/**
+ * Tool Protection Enforcement Tests
+ *
+ * Tests for tool protection enforcement in processToolCall.
+ */
+
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import { MCPIRuntimeBase } from "../../runtime/base";
+import { ProviderRuntimeConfig } from "../../config";
+import {
+  createMockProviders,
+  MockClockProvider,
+} from "../utils/mock-providers";
+import { ToolProtectionService } from "../../services/tool-protection.service";
+import { DelegationRequiredError } from "../../types/tool-protection";
+import { AccessControlApiService } from "../../services/access-control.service";
+import type { VerifyDelegationAPIResponse } from "@kya-os/contracts/agentshield-api";
+
+describe("MCPIRuntimeBase - Tool Protection Enforcement", () => {
+  let runtime: MCPIRuntimeBase;
+  let config: ProviderRuntimeConfig;
+  let mockProviders: ReturnType<typeof createMockProviders>;
+  let mockToolProtectionService: {
+    checkToolProtection: ReturnType<typeof vi.fn>;
+  };
+  let mockAccessControlService: {
+    verifyDelegation: ReturnType<typeof vi.fn>;
+  };
+
+  beforeEach(async () => {
+    vi.clearAllMocks();
+    mockProviders = createMockProviders();
+
+    // Create mock tool protection service
+    mockToolProtectionService = {
+      checkToolProtection: vi.fn(),
+    };
+
+    // Create mock access control service
+    mockAccessControlService = {
+      verifyDelegation: vi.fn(),
+    };
+
+    config = {
+      ...mockProviders,
+      environment: "development",
+      session: {
+        timestampSkewSeconds: 120,
+        ttlMinutes: 30,
+      },
+      audit: {
+        enabled: true,
+        logFunction: vi.fn(),
+        includePayloads: true,
+      },
+      toolProtectionService: mockToolProtectionService as any,
+    };
+    runtime = new MCPIRuntimeBase(config);
+    // Inject mock access control service
+    (runtime as any).accessControlService = mockAccessControlService as any;
+    await runtime.initialize();
+  });
+
+  describe("processToolCall with tool protection", () => {
+    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
+    const session = {
+      id: "session123",
+      audience: "https://client.example.com",
+      nonce: "test-nonce",
+    };
+
+    it("should allow tool execution when no protection required", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
+
+      const result = await runtime.processToolCall(
+        "unprotectedTool",
+        { arg: "value" },
+        mockHandler,
+        session
+      );
+
+      expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
+      expect(result).toEqual({ result: "success" });
+      expect(
+        mockToolProtectionService.checkToolProtection
+      ).toHaveBeenCalledWith("unprotectedTool", "did:key:zmock123");
+    });
+
+    it("should block tool execution when protection required and no delegation", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      await expect(
+        runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        )
+      ).rejects.toThrow(DelegationRequiredError);
+
+      expect(mockHandler).not.toHaveBeenCalled();
+    });
+
+    it("should allow tool execution when protection required and delegation provided", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      // Mock successful delegation verification
+      mockAccessControlService.verifyDelegation.mockResolvedValue({
+        success: true,
+        data: {
+          valid: true,
+          delegation_id: "test-delegation-id",
+          credential: {
+            agent_did: "did:key:zmock123",
+            scopes: ["files:write"],
+            issued_at: Date.now(),
+            created_at: Date.now(),
+          },
+        },
+      } as VerifyDelegationAPIResponse);
+
+      const sessionWithDelegation = {
+        ...session,
+        delegationToken: "valid-delegation-token",
+      };
+
+      const result = await runtime.processToolCall(
+        "protectedTool",
+        { arg: "value" },
+        mockHandler,
+        sessionWithDelegation
+      );
+
+      // Verify delegation was checked
+      expect(mockAccessControlService.verifyDelegation).toHaveBeenCalledWith(
+        expect.objectContaining({
+          agent_did: "did:key:zmock123",
+          delegation_token: "valid-delegation-token",
+          scopes: ["files:write"],
+        }),
+        expect.objectContaining({
+          delegationToken: "valid-delegation-token",
+        })
+      );
+
+      expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
+      expect(result).toEqual({ result: "success" });
+    });
+
+    it("should allow tool execution when protection required and consentProof provided", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      // Mock successful delegation verification using consent proof as credential_jwt
+      mockAccessControlService.verifyDelegation.mockResolvedValue({
+        success: true,
+        data: {
+          valid: true,
+          delegation_id: "test-delegation-id",
+          credential: {
+            agent_did: "did:key:zmock123",
+            scopes: ["files:write"],
+            issued_at: Date.now(),
+            created_at: Date.now(),
+          },
+        },
+      } as VerifyDelegationAPIResponse);
+
+      const sessionWithConsent = {
+        ...session,
+        consentProof: "valid-consent-proof",
+      };
+
+      const result = await runtime.processToolCall(
+        "protectedTool",
+        { arg: "value" },
+        mockHandler,
+        sessionWithConsent
+      );
+
+      // Verify delegation was checked using consent proof
+      expect(mockAccessControlService.verifyDelegation).toHaveBeenCalledWith(
+        expect.objectContaining({
+          agent_did: "did:key:zmock123",
+          credential_jwt: "valid-consent-proof",
+          scopes: ["files:write"],
+        }),
+        expect.objectContaining({
+          credentialJwt: "valid-consent-proof",
+        })
+      );
+
+      expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
+      expect(result).toEqual({ result: "success" });
+    });
+
+    it("should block tool execution when delegation verification fails", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      // Mock failed delegation verification
+      mockAccessControlService.verifyDelegation.mockResolvedValue({
+        success: true,
+        data: {
+          valid: false,
+          reason: "Delegation token expired",
+        },
+      } as VerifyDelegationAPIResponse);
+
+      const sessionWithDelegation = {
+        ...session,
+        delegationToken: "expired-delegation-token",
+      };
+
+      await expect(
+        runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          sessionWithDelegation
+        )
+      ).rejects.toThrow(DelegationRequiredError);
+
+      expect(mockAccessControlService.verifyDelegation).toHaveBeenCalled();
+      expect(mockHandler).not.toHaveBeenCalled();
+    });
+
+    it("should block tool execution when delegation has wrong scopes", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      // Mock delegation with insufficient scopes
+      mockAccessControlService.verifyDelegation.mockResolvedValue({
+        success: true,
+        data: {
+          valid: false,
+          reason: "Insufficient scopes",
+          credential: {
+            agent_did: "did:key:zmock123",
+            scopes: ["files:read"], // Only read, not write
+            issued_at: Date.now(),
+            created_at: Date.now(),
+          },
+        },
+      } as VerifyDelegationAPIResponse);
+
+      const sessionWithDelegation = {
+        ...session,
+        delegationToken: "insufficient-scope-token",
+      };
+
+      await expect(
+        runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          sessionWithDelegation
+        )
+      ).rejects.toThrow(DelegationRequiredError);
+
+      expect(mockAccessControlService.verifyDelegation).toHaveBeenCalledWith(
+        expect.objectContaining({
+          scopes: ["files:write"],
+        }),
+        expect.any(Object)
+      );
+      expect(mockHandler).not.toHaveBeenCalled();
+    });
+
+    it("should handle API errors during verification gracefully", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      // Mock API error
+      const { AgentShieldAPIError } = await import(
+        "@kya-os/contracts/agentshield-api"
+      );
+      mockAccessControlService.verifyDelegation.mockRejectedValue(
+        new AgentShieldAPIError("network_error", "API unavailable", {})
+      );
+
+      const sessionWithDelegation = {
+        ...session,
+        delegationToken: "valid-token",
+      };
+
+      // Should fail securely by requiring delegation
+      await expect(
+        runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          sessionWithDelegation
+        )
+      ).rejects.toThrow(DelegationRequiredError);
+
+      expect(mockHandler).not.toHaveBeenCalled();
+    });
+
+    it("should allow tool execution when access control service not configured (graceful degradation)", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      // Remove access control service
+      (runtime as any).accessControlService = undefined;
+
+      const sessionWithDelegation = {
+        ...session,
+        delegationToken: "valid-delegation-token",
+      };
+
+      // Should allow execution with warning (graceful degradation)
+      const result = await runtime.processToolCall(
+        "protectedTool",
+        { arg: "value" },
+        mockHandler,
+        sessionWithDelegation
+      );
+
+      expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
+      expect(result).toEqual({ result: "success" });
+    });
+
+    describe("user_identifier validation", () => {
+      const userDidA = "did:key:zUserA123456789";
+      const userDidB = "did:key:zUserB987654321";
+
+      it("should reject delegation when user_identifier does not match session userDid", async () => {
+        mockToolProtectionService.checkToolProtection.mockResolvedValue({
+          requiresDelegation: true,
+          requiredScopes: ["files:write"],
+        });
+
+        // Mock verification response with User B's user_identifier
+        mockAccessControlService.verifyDelegation.mockResolvedValue({
+          success: true,
+          data: {
+            valid: true,
+            delegation_id: "test-delegation-id",
+            credential: {
+              agent_did: "did:key:zmock123",
+              user_identifier: userDidB, // ❌ User B's identifier, not User A's
+              scopes: ["files:write"],
+              issued_at: Date.now(),
+              created_at: Date.now(),
+            },
+          },
+        } as VerifyDelegationAPIResponse);
+
+        // Session with User A's DID
+        const sessionWithUserA = {
+          ...session,
+          userDid: userDidA, // User A's DID
+          delegationToken: "delegation-token-for-user-b",
+        };
+
+        // Should reject delegation due to user_identifier mismatch
+        await expect(
+          runtime.processToolCall(
+            "protectedTool",
+            { arg: "value" },
+            mockHandler,
+            sessionWithUserA
+          )
+        ).rejects.toThrow(DelegationRequiredError);
+
+        expect(mockAccessControlService.verifyDelegation).toHaveBeenCalled();
+        expect(mockHandler).not.toHaveBeenCalled();
+      });
+
+      it("should accept delegation when user_identifier matches session userDid", async () => {
+        mockToolProtectionService.checkToolProtection.mockResolvedValue({
+          requiresDelegation: true,
+          requiredScopes: ["files:write"],
+        });
+
+        // Mock verification response with User A's user_identifier
+        mockAccessControlService.verifyDelegation.mockResolvedValue({
+          success: true,
+          data: {
+            valid: true,
+            delegation_id: "test-delegation-id",
+            credential: {
+              agent_did: "did:key:zmock123",
+              user_identifier: userDidA, // ✅ User A's identifier matches session
+              scopes: ["files:write"],
+              issued_at: Date.now(),
+              created_at: Date.now(),
+            },
+          },
+        } as VerifyDelegationAPIResponse);
+
+        // Session with User A's DID
+        const sessionWithUserA = {
+          ...session,
+          userDid: userDidA, // User A's DID
+          delegationToken: "delegation-token-for-user-a",
+        };
+
+        // Should accept delegation when user_identifier matches
+        const result = await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          sessionWithUserA
+        );
+
+        expect(mockAccessControlService.verifyDelegation).toHaveBeenCalled();
+        expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
+        expect(result).toEqual({ result: "success" });
+      });
+
+      it("should handle missing user_identifier gracefully (backward compatibility)", async () => {
+        mockToolProtectionService.checkToolProtection.mockResolvedValue({
+          requiresDelegation: true,
+          requiredScopes: ["files:write"],
+        });
+
+        // Mock verification response without user_identifier (legacy format)
+        mockAccessControlService.verifyDelegation.mockResolvedValue({
+          success: true,
+          data: {
+            valid: true,
+            delegation_id: "test-delegation-id",
+            credential: {
+              agent_did: "did:key:zmock123",
+              // No user_identifier field
+              scopes: ["files:write"],
+              issued_at: Date.now(),
+              created_at: Date.now(),
+            },
+          },
+        } as VerifyDelegationAPIResponse);
+
+        const sessionWithUserA = {
+          ...session,
+          userDid: userDidA,
+          delegationToken: "legacy-delegation-token",
+        };
+
+        // Should allow execution when user_identifier is missing (backward compatibility)
+        const result = await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          sessionWithUserA
+        );
+
+        expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
+        expect(result).toEqual({ result: "success" });
+      });
+
+      it("should handle missing session userDid gracefully", async () => {
+        mockToolProtectionService.checkToolProtection.mockResolvedValue({
+          requiresDelegation: true,
+          requiredScopes: ["files:write"],
+        });
+
+        // Mock verification response with user_identifier
+        mockAccessControlService.verifyDelegation.mockResolvedValue({
+          success: true,
+          data: {
+            valid: true,
+            delegation_id: "test-delegation-id",
+            credential: {
+              agent_did: "did:key:zmock123",
+              user_identifier: userDidA,
+              scopes: ["files:write"],
+              issued_at: Date.now(),
+              created_at: Date.now(),
+            },
+          },
+        } as VerifyDelegationAPIResponse);
+
+        // Session without userDid (legacy format)
+        const sessionWithoutUserDid = {
+          ...session,
+          // No userDid field
+          delegationToken: "delegation-token",
+        };
+
+        // Should allow execution when session userDid is missing (backward compatibility)
+        const result = await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          sessionWithoutUserDid
+        );
+
+        expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
+        expect(result).toEqual({ result: "success" });
+      });
+    });
+
+    it("should create proof after successful tool execution", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
+
+      await runtime.processToolCall(
+        "unprotectedTool",
+        { arg: "value" },
+        mockHandler,
+        session
+      );
+
+      const proof = runtime.getLastProof();
+      expect(proof).toBeDefined();
+      expect(proof.did).toBe("did:key:zmock123");
+      expect(proof.sessionId).toBe("session123");
+    });
+
+    it("should not create proof when tool execution is blocked", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      const initialProof = runtime.getLastProof();
+
+      await expect(
+        runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        )
+      ).rejects.toThrow(DelegationRequiredError);
+
+      // Proof should not be created when tool is blocked
+      const proofAfterBlock = runtime.getLastProof();
+      expect(proofAfterBlock).toBe(initialProof);
+    });
+  });
+
+  describe("DelegationRequiredError details", () => {
+    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
+    const session = {
+      id: "session123",
+      audience: "https://client.example.com",
+      nonce: "test-nonce",
+    };
+
+    it("should include tool name in error", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      try {
+        await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        );
+        expect.fail("Should have thrown DelegationRequiredError");
+      } catch (error: any) {
+        expect(error).toBeInstanceOf(DelegationRequiredError);
+        expect(error.toolName).toBe("protectedTool");
+        expect(error.message).toContain("protectedTool");
+      }
+    });
+
+    it("should include required scopes in error", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write", "files:read"],
+      });
+
+      try {
+        await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        );
+        expect.fail("Should have thrown DelegationRequiredError");
+      } catch (error: any) {
+        expect(error).toBeInstanceOf(DelegationRequiredError);
+        expect(error.requiredScopes).toEqual(["files:write", "files:read"]);
+      }
+    });
+
+    it("should include consent URL in error", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      try {
+        await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        );
+        expect.fail("Should have thrown DelegationRequiredError");
+      } catch (error: any) {
+        expect(error).toBeInstanceOf(DelegationRequiredError);
+        expect(error.consentUrl).toBeDefined();
+        expect(error.consentUrl).toContain("kya.vouched.id/bouncer/consent");
+        expect(error.consentUrl).toContain("tool=protectedTool");
+        expect(error.consentUrl).toContain("scopes=files%3Awrite");
+      }
+    });
+
+    it("should include resume token in error", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      try {
+        await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        );
+        expect.fail("Should have thrown DelegationRequiredError");
+      } catch (error: any) {
+        expect(error).toBeInstanceOf(DelegationRequiredError);
+        expect(error.resumeToken).toBeDefined();
+        expect(error.resumeToken).toMatch(/^resume_/);
+      }
+    });
+
+    it("should include intercepted call context in error", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      try {
+        await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value", nested: { data: "test" } },
+          mockHandler,
+          session
+        );
+        expect.fail("Should have thrown DelegationRequiredError");
+      } catch (error: any) {
+        expect(error).toBeInstanceOf(DelegationRequiredError);
+        expect(error.interceptedCall).toBeDefined();
+        expect(error.interceptedCall.toolName).toBe("protectedTool");
+        expect(error.interceptedCall.args).toEqual({
+          arg: "value",
+          nested: { data: "test" },
+        });
+        expect(error.interceptedCall.sessionId).toBe("session123");
+      }
+    });
+  });
+
+  describe("audit logging", () => {
+    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
+    const session = {
+      id: "session123",
+      audience: "https://client.example.com",
+      nonce: "test-nonce",
+    };
+
+    it("should log tool protection check when audit enabled", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
+
+      await runtime.processToolCall(
+        "testTool",
+        { arg: "value" },
+        mockHandler,
+        session
+      );
+
+      expect(config.audit!.logFunction).toHaveBeenCalled();
+      const logCalls = (config.audit!.logFunction as any).mock.calls;
+      const protectionLogCall = logCalls.find((call: any[]) => {
+        try {
+          const log = JSON.parse(call[0]);
+          return log.event === "tool_executed";
+        } catch {
+          return false;
+        }
+      });
+      expect(protectionLogCall).toBeDefined();
+    });
+
+    it("should log blocked tool call when audit enabled", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      const consoleWarnSpy = vi
+        .spyOn(console, "warn")
+        .mockImplementation(() => {});
+
+      try {
+        await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        );
+      } catch (error) {
+        // Expected
+      }
+
+      expect(consoleWarnSpy).toHaveBeenCalledWith(
+        expect.stringContaining("[MCP-I] BLOCKED"),
+        expect.any(Object)
+      );
+
+      consoleWarnSpy.mockRestore();
+    });
+
+    it("should not log when audit disabled", async () => {
+      const auditLogFn = vi.fn();
+      const configNoAudit = {
+        ...config,
+        audit: {
+          enabled: false,
+          logFunction: auditLogFn,
+        },
+      };
+      const runtimeNoAudit = new MCPIRuntimeBase(configNoAudit);
+      await runtimeNoAudit.initialize();
+
+      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
+
+      await runtimeNoAudit.processToolCall(
+        "testTool",
+        { arg: "value" },
+        mockHandler,
+        session
+      );
+
+      // Should not call log function for tool execution (initialization may still log)
+      const toolExecutionLogs = auditLogFn.mock.calls.filter((call: any[]) => {
+        try {
+          const log = JSON.parse(call[0]);
+          return log.event === "tool_executed";
+        } catch {
+          return false;
+        }
+      });
+      expect(toolExecutionLogs.length).toBe(0);
+    });
+  });
+
+  describe("tool protection service integration", () => {
+    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
+    const session = {
+      id: "session123",
+      audience: "https://client.example.com",
+      nonce: "test-nonce",
+    };
+
+    it("should use agent DID from identity for protection check", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
+
+      await runtime.processToolCall(
+        "testTool",
+        { arg: "value" },
+        mockHandler,
+        session
+      );
+
+      expect(
+        mockToolProtectionService.checkToolProtection
+      ).toHaveBeenCalledWith("testTool", "did:key:zmock123");
+    });
+
+    it("should handle tool protection service errors gracefully", async () => {
+      mockToolProtectionService.checkToolProtection.mockRejectedValue(
+        new Error("Service unavailable")
+      );
+
+      // If the service throws, the error propagates and tool execution is blocked
+      // This is the current behavior - service errors prevent tool execution
+      await expect(
+        runtime.processToolCall(
+          "testTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        )
+      ).rejects.toThrow("Service unavailable");
+    });
+
+    it("should work without tool protection service", async () => {
+      const configNoService = {
+        ...config,
+        toolProtectionService: undefined,
+      };
+      const runtimeNoService = new MCPIRuntimeBase(configNoService);
+      await runtimeNoService.initialize();
+
+      const result = await runtimeNoService.processToolCall(
+        "testTool",
+        { arg: "value" },
+        mockHandler,
+        session
+      );
+
+      expect(mockHandler).toHaveBeenCalled();
+      expect(result).toEqual({ result: "success" });
+    });
+  });
+
+  describe("edge cases", () => {
+    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
+    const session = {
+      id: "session123",
+      audience: "https://client.example.com",
+      nonce: "test-nonce",
+    };
+
+    it("should handle empty required scopes array", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: [],
+      });
+
+      await expect(
+        runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        )
+      ).rejects.toThrow(DelegationRequiredError);
+    });
+
+    it("should handle multiple required scopes", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["scope1", "scope2", "scope3"],
+      });
+
+      try {
+        await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          session
+        );
+        expect.fail("Should have thrown DelegationRequiredError");
+      } catch (error: any) {
+        expect(error.requiredScopes).toEqual(["scope1", "scope2", "scope3"]);
+        expect(error.consentUrl).toContain("scopes=scope1%2Cscope2%2Cscope3");
+      }
+    });
+
+    it("should handle session without id", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue({
+        requiresDelegation: true,
+        requiredScopes: ["files:write"],
+      });
+
+      const sessionWithoutId = {
+        audience: "https://client.example.com",
+        nonce: "test-nonce",
+      };
+
+      try {
+        await runtime.processToolCall(
+          "protectedTool",
+          { arg: "value" },
+          mockHandler,
+          sessionWithoutId
+        );
+        expect.fail("Should have thrown DelegationRequiredError");
+      } catch (error: any) {
+        expect(error.interceptedCall.sessionId).toBe("unknown");
+      }
+    });
+
+    it("should handle handler errors independently of protection", async () => {
+      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
+      const errorHandler = vi
+        .fn()
+        .mockRejectedValue(new Error("Handler failed"));
+
+      await expect(
+        runtime.processToolCall(
+          "errorTool",
+          { arg: "value" },
+          errorHandler,
+          session
+        )
+      ).rejects.toThrow("Handler failed");
+    });
+  });
+});