npm - @kya-os/mcp-i-core - Versions diffs - 1.3.1 → 1.3.2 - Mend

@kya-os/mcp-i-core 1.3.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/.turbo/turbo-build.log +1 -1
package/.turbo/turbo-test$colon$coverage.log +4424 -0
package/coverage/coverage-final.json +4 -4
package/dist/services/tool-protection.service.d.ts +13 -10
package/dist/services/tool-protection.service.d.ts.map +1 -1
package/dist/services/tool-protection.service.js +24 -113
package/dist/services/tool-protection.service.js.map +1 -1
package/package.json +1 -1
package/src/__tests__/services/cache-no-warming.test.ts +177 -0
package/src/services/tool-protection.service.ts +25 -136

package/.turbo/turbo-test$colon$coverage.log ADDED Viewed

@@ -0,0 +1,4424 @@
+> @kya-os/mcp-i-core@1.3.1 test:coverage /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core
+> vitest run --coverage
+[?25l
+[1m[46m RUN [49m[22m [36mv4.0.5 [39m[90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core[39m
+      [2mCoverage enabled with [22m[33mv8[39m
+[?2026h
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m0 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m0 passed[39m[22m[90m (0)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m208ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m0 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m0 passed[39m[22m[90m (0)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m315ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 0/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 0/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 0/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m0 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m0 passed[39m[22m[90m (121)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m426ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - new endpoint format[2m > [22m[2mshould fetch from project-scoped endpoint when projectId is available
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'checkout'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.913Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - new endpoint format[2m > [22m[2mshould handle new endpoint format with toolProtections object
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'protected_tool'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.915Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - new endpoint format[2m > [22m[2mshould parse oauthProvider from new endpoint format (Phase 2)
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'read_repos'[39m, [32m'send_email'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.915Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - new endpoint format[2m > [22m[2mshould preserve oauthProvider through cache operations
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'read_repos'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.915Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mAPI Authentication[2m > [22m[2mshould use X-API-Key header for new endpoint
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.908Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mAPI Authentication[2m > [22m[2mshould use Authorization Bearer header for old endpoint
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.916Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mEndpoint Selection[2m > [22m[2mshould use project-scoped endpoint when projectId is available
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.917Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mEndpoint Selection[2m > [22m[2mshould use agent-scoped endpoint when projectId is not available
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.917Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - old endpoint format[2m > [22m[2mshould fetch from agent-scoped endpoint when projectId is not available
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'checkout'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.916Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mEndpoint Selection[2m > [22m[2mshould encode projectId in URL
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'project/with/special-chars'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.917Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mEndpoint Selection[2m > [22m[2mshould encode agent DID in URL
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.918Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mResponse Format Compatibility[2m > [22m[2mshould handle new endpoint format (toolProtections object)
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'checkout'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.918Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mResponse Format Compatibility[2m > [22m[2mshould handle old endpoint format (tools array)
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'checkout'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.918Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mResponse Format Compatibility[2m > [22m[2mshould handle old endpoint format (tools object)
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'checkout'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.918Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mResponse Format Compatibility[2m > [22m[2mshould handle snake_case field names
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.918Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mResponse Format Compatibility[2m > [22m[2mshould handle camelCase field names
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.919Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mResponse Format Compatibility[2m > [22m[2mshould prefer camelCase over snake_case when both present
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.919Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - old endpoint format[2m > [22m[2mshould handle old endpoint format with tools array
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.918Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - old endpoint format[2m > [22m[2mshould parse oauthProvider from old endpoint format (tools array)
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'read_repos'[39m, [32m'send_email'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.919Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - old endpoint format[2m > [22m[2mshould handle old endpoint format with tools object
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.919Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - old endpoint format[2m > [22m[2mshould parse oauthProvider from old endpoint format (tools object)
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'read_repos'[39m, [32m'send_email'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.920Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - old endpoint format[2m > [22m[2mshould skip tools without name in array format
+[22m[39m[ToolProtectionService] Cache miss, fetching from API {
+  source: [32m'api-fetch-start'[39m,
+  cacheKey: [32m'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'[39m,
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  apiUrl: [32m'https://kya.vouched.id'[39m,
+  endpoint: [32m'/api/v1/bouncer/config?agent_did=did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'[39m
+}
+[ToolProtectionService] Fetching from API: https://kya.vouched.id/api/v1/bouncer/config?agent_did=did%3Akey%3Az6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK {
+  method: [32m'config?agent_did (old)'[39m,
+  projectId: [32m'none'[39m,
+  apiKeyPresent: [33mtrue[39m,
+  apiKeyLength: [33m18[39m,
+  apiKeyMasked: [32m'test-api...'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - old endpoint format[2m > [22m[2mshould skip tools without name in array format
+[22m[39m[ToolProtectionService] API response received {
+  source: [32m'api-fetch-complete'[39m,
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  responseKeys: [ [32m'success'[39m, [32m'data'[39m, [32m'metadata'[39m ],
+  dataKeys: [ [32m'tools'[39m ],
+  rawToolProtections: [1mnull[22m,
+  rawTools: [
+    { name: [32m'valid_tool'[39m, requiresDelegation: [33mtrue[39m },
+    { requiresDelegation: [33mfalse[39m }
+  ],
+  responseMetadata: {}
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch - old endpoint format[2m > [22m[2mshould skip tools without name in array format
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'valid_tool'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.921Z'[39m
+}
+[ToolProtectionService] API fetch successful, config cached {
+  source: [32m'cache-write'[39m,
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  cacheKey: [32m'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'[39m,
+  toolCount: [33m1[39m,
+  tools: [ { name: [32m'valid_tool'[39m, requiresDelegation: [33mtrue[39m, scopeCount: [33m0[39m } ],
+  ttlMs: [33m300000[39m,
+  ttlMinutes: [33m5[39m,
+  expiresAt: [32m'2025-11-25T07:11:38.921Z'[39m,
+  expiresIn: [32m'300s'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mError Handling[2m > [22m[2mshould handle network timeout
+[22m[39m[ToolProtectionService] API fetch failed, using fallback config { agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m, error: [32m'Network timeout'[39m }
+[90mstderr[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mFallback Behavior[2m > [22m[2mshould cache fallback config
+[22m[39m[ToolProtectionService] API fetch failed, using fallback config { agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m, error: [32m'Network error'[39m }
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mCaching Integration[2m > [22m[2mshould cache successful API responses
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.925Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mCaching Integration[2m > [22m[2mshould respect cache TTL
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m1000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:06:39.925Z'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mAPI fetch error handling[2m > [22m[2mshould handle network errors gracefully
+[22m[39m[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  error: [32m'ECONNREFUSED'[39m,
+  cacheKey: [32m'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mcaching behavior[2m > [22m[2mshould cache successful API responses
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.925Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mcaching behavior[2m > [22m[2mshould use default cache TTL when not specified
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.925Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2mcaching behavior[2m > [22m[2mshould use custom cache TTL when specified
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m600000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:16:38.925Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2medge cases[2m > [22m[2mshould handle empty toolProtections object
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.925Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2medge cases[2m > [22m[2mshould handle null requiredScopes
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.925Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mgetToolProtectionConfig[2m > [22m[2medge cases[2m > [22m[2mshould handle mixed camelCase and snake_case in response
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.925Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould return null when tool has no protection
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.929Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould return null when tool is not in config
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'other_tool'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.929Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould return null when tool is not in config
+[22m[39m[ToolProtectionService] Protection check {
+  tool: [32m'unknown_tool'[39m,
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  found: [33mfalse[39m,
+  isWildcard: [33mtrue[39m,
+  requiresDelegation: [33mfalse[39m,
+  availableTools: [ [32m'other_tool'[39m ]
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould return wildcard protection when tool not found and wildcard exists
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'*'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.930Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould return wildcard protection when tool not found and wildcard exists
+[22m[39m[ToolProtectionService] Protection check {
+  tool: [32m'unknown_tool'[39m,
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  found: [33mtrue[39m,
+  isWildcard: [33mtrue[39m,
+  requiresDelegation: [33mtrue[39m,
+  availableTools: [ [32m'*'[39m, [32m'specific_tool'[39m ]
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould prioritize specific tool protection over wildcard
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'*'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.930Z'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould use wildcard protection in fail-safe deny-all mode
+[22m[39m[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  error: [32m'Network error'[39m,
+  cacheKey: [32m'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould use wildcard protection in fail-safe deny-all mode
+[22m[39m[ToolProtectionService] Protection check {
+  tool: [32m'any_tool'[39m,
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  found: [33mtrue[39m,
+  isWildcard: [33mtrue[39m,
+  requiresDelegation: [33mtrue[39m,
+  availableTools: [ [32m'*'[39m ]
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould return protection config when tool requires delegation
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'protected_tool'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.930Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mcheckToolProtection[2m > [22m[2mshould return protection config when tool requires delegation
+[22m[39m[ToolProtectionService] Protection check {
+  tool: [32m'protected_tool'[39m,
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  found: [33mtrue[39m,
+  isWildcard: [33mfalse[39m,
+  requiresDelegation: [33mtrue[39m,
+  availableTools: [ [32m'protected_tool'[39m ]
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mintegration with NoOpToolProtectionCache[2m > [22m[2mshould work with NoOpToolProtectionCache
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.931Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection.service.test.ts[2m > [22m[2mToolProtectionService[2m > [22m[2mintegration with NoOpToolProtectionCache[2m > [22m[2mshould work with NoOpToolProtectionCache
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:38.931Z'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/services/__tests__/access-control.service.test.ts[2m > [22m[2mAccessControlApiService[2m > [22m[2msubmitProofs[2m > [22m[2mshould submit proofs successfully
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'1f3824df-b8b0-4dd4-b72c-dc64be03f626'[39m,
+  status: [33m200[39m,
+  statusText: [32m''[39m,
+  headers: { [32m'content-type'[39m: [32m'application/json'[39m },
+  responseTextLength: [33m100[39m,
+  responseTextPreview: [32m'{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'[39m,
+  fullResponseText: [32m'{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'1f3824df-b8b0-4dd4-b72c-dc64be03f626'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 0,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "accepted": 1,
+  "rejected": 0,
+  "outcomes": {
+    "success": 1,
+    "failed": 0,
+    "blocked": 0,
+    "error": 0
+  }
+}
+[90mstderr[2m | src/services/__tests__/access-control.service.test.ts[2m > [22m[2mAccessControlApiService[2m > [22m[2msubmitProofs[2m > [22m[2mshould handle all_proofs_rejected error gracefully
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'c266d84a-aca7-4503-ba92-aafcef512da7'[39m,
+  status: [33m400[39m,
+  statusText: [32m''[39m,
+  headers: { [32m'content-type'[39m: [32m'application/json'[39m },
+  responseTextLength: [33m209[39m,
+  responseTextPreview: [32m'{"success":false,"error":{"code":"all_proofs_rejected","message":"All proofs rejected","details":{"rejected":1,"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid signature"}}]}}}'[39m,
+  fullResponseText: [32m'{"success":false,"error":{"code":"all_proofs_rejected","message":"All proofs rejected","details":{"rejected":1,"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid signature"}}]}}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'c266d84a-aca7-4503-ba92-aafcef512da7'[39m,
+  status: [33m400[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'error'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": false,\n'[39m +
+    [32m'  "error": {\n'[39m +
+    [32m'    "code": "all_proofs_rejected",\n'[39m +
+    [32m'    "message": "All proofs rejected",\n'[39m +
+    [32m'    "details": {\n'[39m +
+    [32m'      "rejected": 1,\n'[39m +
+    [32m'      "errors": [\n'[39m +
+    [32m'        {\n'[39m +
+    [32m'          "proof_index": 0,\n'[39m +
+    [32m'          "error": {\n'[39m +
+    [32m'            "code": "invalid_signature",\n'[39m +
+    [32m'            "message": "Invalid signature"\n'[39m +
+    [32m'          }\n'[39m +
+    [32m'        }\n'[39m +
+    [32m'      ]\n'[39m +
+    [32m'    }\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[90mstderr[2m | src/services/__tests__/access-control.service.test.ts[2m > [22m[2mAccessControlApiService[2m > [22m[2msubmitProofs[2m > [22m[2mshould handle wrapped response format
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'ef86469f-27ec-4fa3-9c49-020e7e5f5062'[39m,
+  status: [33m200[39m,
+  statusText: [32m''[39m,
+  headers: { [32m'content-type'[39m: [32m'application/json'[39m },
+  responseTextLength: [33m206[39m,
+  responseTextPreview: [32m'{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.928Z"}}'[39m,
+  fullResponseText: [32m'{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.928Z"}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'ef86469f-27ec-4fa3-9c49-020e7e5f5062'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'data'[39m, [32m'metadata'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "data": {\n'[39m +
+    [32m'    "success": true,\n'[39m +
+    [32m'    "accepted": 1,\n'[39m +
+    [32m'    "rejected": 0,\n'[39m +
+    [32m'    "outcomes": {\n'[39m +
+    [32m'      "success": 1,\n'[39m +
+    [32m'      "failed": 0,\n'[39m +
+    [32m'      "blocked": 0,\n'[39m +
+    [32m'      "error": 0\n'[39m +
+    [32m'    }\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "metadata": {\n'[39m +
+    [32m'    "requestId": "test-request-id",\n'[39m +
+    [32m'    "timestamp": "2025-11-25T07:06:38.928Z"\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "data": {
+    "success": true,
+    "accepted": 1,
+    "rejected": 0,
+    "outcomes": {
+      "success": 1,
+      "failed": 0,
+      "blocked": 0,
+      "error": 0
+    }
+  },
+  "metadata": {
+    "requestId": "test-request-id",
+    "timestamp": "2025-11-25T07:06:38.928Z"
+  }
+}
+[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
+  correlationId: [32m'ef86469f-27ec-4fa3-9c49-020e7e5f5062'[39m,
+  dataKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  hasAccepted: [33mtrue[39m,
+  hasRejected: [33mtrue[39m,
+  hasOutcomes: [33mtrue[39m,
+  hasErrors: [33mfalse[39m,
+  acceptedType: [32m'number'[39m,
+  acceptedValue: [33m1[39m,
+  rejectedType: [32m'number'[39m,
+  rejectedValue: [33m0[39m,
+  outcomesType: [32m'object'[39m,
+  outcomesValue: { success: [33m1[39m, failed: [33m0[39m, blocked: [33m0[39m, error: [33m0[39m },
+  errorsType: [32m'undefined'[39m,
+  errorsIsArray: [33mfalse[39m,
+  fullData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 0,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
+  correlationId: [32m'ef86469f-27ec-4fa3-9c49-020e7e5f5062'[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  hasSuccess: [33mtrue[39m,
+  successValue: [33mtrue[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedValue: [33m1[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedValue: [33m0[39m,
+  hasOutcomes: [33mtrue[39m,
+  outcomesValue: { success: [33m1[39m, failed: [33m0[39m, blocked: [33m0[39m, error: [33m0[39m },
+  fullDataWithSuccess: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 0,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[90mstderr[2m | src/services/__tests__/access-control.service.test.ts[2m > [22m[2mAccessControlApiService[2m > [22m[2msubmitProofs[2m > [22m[2mshould handle response with missing outcomes field (outcomes is optional)
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'1e8fc168-26dd-488f-8522-f0ccc29a8d5f'[39m,
+  status: [33m200[39m,
+  statusText: [32m''[39m,
+  headers: { [32m'content-type'[39m: [32m'application/json'[39m },
+  responseTextLength: [33m42[39m,
+  responseTextPreview: [32m'{"success":true,"accepted":1,"rejected":0}'[39m,
+  fullResponseText: [32m'{"success":true,"accepted":1,"rejected":0}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'1e8fc168-26dd-488f-8522-f0ccc29a8d5f'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m ],
+  responseData: [32m'{\n  "success": true,\n  "accepted": 1,\n  "rejected": 0\n}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "accepted": 1,
+  "rejected": 0
+}
+[90mstderr[2m | src/services/__tests__/access-control.service.test.ts[2m > [22m[2mAccessControlApiService[2m > [22m[2msubmitProofs[2m > [22m[2mshould handle response with missing outcomes field (outcomes is optional)
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'bbb932c4-61a1-4777-a51c-461b01cbf650'[39m,
+  status: [33m200[39m,
+  statusText: [32m''[39m,
+  headers: { [32m'content-type'[39m: [32m'application/json'[39m },
+  responseTextLength: [33m100[39m,
+  responseTextPreview: [32m'{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'[39m,
+  fullResponseText: [32m'{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'bbb932c4-61a1-4777-a51c-461b01cbf650'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 0,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "accepted": 1,
+  "rejected": 0,
+  "outcomes": {
+    "success": 1,
+    "failed": 0,
+    "blocked": 0,
+    "error": 0
+  }
+}
+[90mstderr[2m | src/services/__tests__/access-control.service.test.ts[2m > [22m[2mAccessControlApiService[2m > [22m[2msubmitProofs[2m > [22m[2mshould handle response with missing outcomes field (outcomes is optional)
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'fc4a91ea-dc5c-4a8c-8637-0bd0baddbfe2'[39m,
+  status: [33m200[39m,
+  statusText: [32m''[39m,
+  headers: { [32m'content-type'[39m: [32m'application/json'[39m },
+  responseTextLength: [33m56[39m,
+  responseTextPreview: [32m'{"success":true,"accepted":1,"rejected":0,"outcomes":{}}'[39m,
+  fullResponseText: [32m'{"success":true,"accepted":1,"rejected":0,"outcomes":{}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'fc4a91ea-dc5c-4a8c-8637-0bd0baddbfe2'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  responseData: [32m'{\n  "success": true,\n  "accepted": 1,\n  "rejected": 0,\n  "outcomes": {}\n}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "accepted": 1,
+  "rejected": 0,
+  "outcomes": {}
+}
+[90mstderr[2m | src/services/__tests__/access-control.service.test.ts[2m > [22m[2mAccessControlApiService[2m > [22m[2msubmitProofs[2m > [22m[2mshould handle wrapped response with invalid data structure
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'349702f9-d6c6-4e34-b3ab-557933c40fa0'[39m,
+  status: [33m200[39m,
+  statusText: [32m''[39m,
+  headers: { [32m'content-type'[39m: [32m'application/json'[39m },
+  responseTextLength: [33m52[39m,
+  responseTextPreview: [32m'{"success":true,"data":{"message":"Invalid format"}}'[39m,
+  fullResponseText: [32m'{"success":true,"data":{"message":"Invalid format"}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'349702f9-d6c6-4e34-b3ab-557933c40fa0'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'data'[39m ],
+  responseData: [32m'{\n  "success": true,\n  "data": {\n    "message": "Invalid format"\n  }\n}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "data": {
+    "message": "Invalid format"
+  }
+}
+[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
+  correlationId: [32m'349702f9-d6c6-4e34-b3ab-557933c40fa0'[39m,
+  dataKeys: [ [32m'message'[39m ],
+  hasAccepted: [33mfalse[39m,
+  hasRejected: [33mfalse[39m,
+  hasOutcomes: [33mfalse[39m,
+  hasErrors: [33mfalse[39m,
+  acceptedType: [32m'undefined'[39m,
+  acceptedValue: [90mundefined[39m,
+  rejectedType: [32m'undefined'[39m,
+  rejectedValue: [90mundefined[39m,
+  outcomesType: [32m'undefined'[39m,
+  outcomesValue: [90mundefined[39m,
+  errorsType: [32m'undefined'[39m,
+  errorsIsArray: [33mfalse[39m,
+  fullData: [32m'{\n  "message": "Invalid format"\n}'[39m
+}
+[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
+  correlationId: [32m'349702f9-d6c6-4e34-b3ab-557933c40fa0'[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m ],
+  hasSuccess: [33mtrue[39m,
+  successValue: [33mtrue[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedValue: [90mundefined[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedValue: [90mundefined[39m,
+  hasOutcomes: [33mfalse[39m,
+  outcomesValue: [90mundefined[39m,
+  fullDataWithSuccess: [32m'{\n  "success": true\n}'[39m
+}
+[AccessControl] ❌ MISSING REQUIRED FIELDS AFTER CONSTRUCTION: {
+  correlationId: [32m'349702f9-d6c6-4e34-b3ab-557933c40fa0'[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedType: [32m'undefined'[39m,
+  acceptedValue: [90mundefined[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedType: [32m'undefined'[39m,
+  rejectedValue: [90mundefined[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m ],
+  fullDataWithSuccess: [32m'{\n  "success": true\n}'[39m,
+  dataToValidateKeys: [ [32m'message'[39m ],
+  fullDataToValidate: [32m'{\n  "message": "Invalid format"\n}'[39m,
+  originalResponseData: [32m'{\n  "success": true,\n  "data": {\n    "message": "Invalid format"\n  }\n}'[39m
+}
+[90mstderr[2m | src/services/__tests__/access-control.proof-response-validation.test.ts[2m > [22m[2mProof Submission Response Validation[2m > [22m[2mWrapped Response Format (AgentShield API)[2m > [22m[2mshould validate wrapped response with success field in data
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'02bbd300-e173-41aa-86a8-c4f29a3c56b4'[39m,
+  status: [33m200[39m,
+  statusText: [90mundefined[39m,
+  headers: {},
+  responseTextLength: [33m191[39m,
+  responseTextPreview: [32m'{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.943Z"}}'[39m,
+  fullResponseText: [32m'{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.943Z"}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'02bbd300-e173-41aa-86a8-c4f29a3c56b4'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'data'[39m, [32m'metadata'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "data": {\n'[39m +
+    [32m'    "accepted": 1,\n'[39m +
+    [32m'    "rejected": 0,\n'[39m +
+    [32m'    "outcomes": {\n'[39m +
+    [32m'      "success": 1,\n'[39m +
+    [32m'      "failed": 0,\n'[39m +
+    [32m'      "blocked": 0,\n'[39m +
+    [32m'      "error": 0\n'[39m +
+    [32m'    }\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "metadata": {\n'[39m +
+    [32m'    "requestId": "test-request-id",\n'[39m +
+    [32m'    "timestamp": "2025-11-25T07:06:38.943Z"\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "data": {
+    "accepted": 1,
+    "rejected": 0,
+    "outcomes": {
+      "success": 1,
+      "failed": 0,
+      "blocked": 0,
+      "error": 0
+    }
+  },
+  "metadata": {
+    "requestId": "test-request-id",
+    "timestamp": "2025-11-25T07:06:38.943Z"
+  }
+}
+[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
+  correlationId: [32m'02bbd300-e173-41aa-86a8-c4f29a3c56b4'[39m,
+  dataKeys: [ [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  hasAccepted: [33mtrue[39m,
+  hasRejected: [33mtrue[39m,
+  hasOutcomes: [33mtrue[39m,
+  hasErrors: [33mfalse[39m,
+  acceptedType: [32m'number'[39m,
+  acceptedValue: [33m1[39m,
+  rejectedType: [32m'number'[39m,
+  rejectedValue: [33m0[39m,
+  outcomesType: [32m'object'[39m,
+  outcomesValue: { success: [33m1[39m, failed: [33m0[39m, blocked: [33m0[39m, error: [33m0[39m },
+  errorsType: [32m'undefined'[39m,
+  errorsIsArray: [33mfalse[39m,
+  fullData: [32m'{\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 0,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
+  correlationId: [32m'02bbd300-e173-41aa-86a8-c4f29a3c56b4'[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  hasSuccess: [33mtrue[39m,
+  successValue: [33mtrue[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedValue: [33m1[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedValue: [33m0[39m,
+  hasOutcomes: [33mtrue[39m,
+  outcomesValue: { success: [33m1[39m, failed: [33m0[39m, blocked: [33m0[39m, error: [33m0[39m },
+  fullDataWithSuccess: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 0,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[90mstderr[2m | src/services/__tests__/access-control.proof-response-validation.test.ts[2m > [22m[2mProof Submission Response Validation[2m > [22m[2mWrapped Response Format (AgentShield API)[2m > [22m[2mshould validate wrapped response with errors array
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'c767aad0-4c12-4586-8025-0617fb71d28a'[39m,
+  status: [33m200[39m,
+  statusText: [90mundefined[39m,
+  headers: {},
+  responseTextLength: [33m333[39m,
+  responseTextPreview: [32m'{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.965Z"}}'[39m,
+  fullResponseText: [32m'{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.965Z"}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'c767aad0-4c12-4586-8025-0617fb71d28a'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'data'[39m, [32m'metadata'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "data": {\n'[39m +
+    [32m'    "accepted": 0,\n'[39m +
+    [32m'    "rejected": 1,\n'[39m +
+    [32m'    "outcomes": {\n'[39m +
+    [32m'      "success": 0,\n'[39m +
+    [32m'      "failed": 1,\n'[39m +
+    [32m'      "blocked": 0,\n'[39m +
+    [32m'      "error": 0\n'[39m +
+    [32m'    },\n'[39m +
+    [32m'    "errors": [\n'[39m +
+    [32m'      {\n'[39m +
+    [32m'        "proof_index": 0,\n'[39m +
+    [32m'        "error": {\n'[39m +
+    [32m'          "code": "validation_error",\n'[39m +
+    [32m'          "message": "Proof validation failed",\n'[39m +
+    [32m'          "details": {\n'[39m +
+    [32m'            "reason": "invalid_signature"\n'[39m +
+    [32m'          }\n'[39m +
+    [32m'        }\n'[39m +
+    [32m'      }\n'[39m +
+    [32m'    ]\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "metadata": {\n'[39m +
+    [32m'    "requestId": "test-request-id",\n'[39m +
+    [32m'    "timestamp": "2025-11-25T07:06:38.965Z"\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "data": {
+    "accepted": 0,
+    "rejected": 1,
+    "outcomes": {
+      "success": 0,
+      "failed": 1,
+      "blocked": 0,
+      "error": 0
+    },
+    "errors": [
+      {
+        "proof_index": 0,
+        "error": {
+          "code": "validation_error",
+          "message": "Proof validation failed",
+          "details": {
+            "reason": "invalid_signature"
+          }
+        }
+      }
+    ]
+  },
+  "metadata": {
+    "requestId": "test-request-id",
+    "timestamp": "2025-11-25T07:06:38.965Z"
+  }
+}
+[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
+  correlationId: [32m'c767aad0-4c12-4586-8025-0617fb71d28a'[39m,
+  dataKeys: [ [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m, [32m'errors'[39m ],
+  hasAccepted: [33mtrue[39m,
+  hasRejected: [33mtrue[39m,
+  hasOutcomes: [33mtrue[39m,
+  hasErrors: [33mtrue[39m,
+  acceptedType: [32m'number'[39m,
+  acceptedValue: [33m0[39m,
+  rejectedType: [32m'number'[39m,
+  rejectedValue: [33m1[39m,
+  outcomesType: [32m'object'[39m,
+  outcomesValue: { success: [33m0[39m, failed: [33m1[39m, blocked: [33m0[39m, error: [33m0[39m },
+  errorsType: [32m'object'[39m,
+  errorsIsArray: [33mtrue[39m,
+  fullData: [32m'{\n'[39m +
+    [32m'  "accepted": 0,\n'[39m +
+    [32m'  "rejected": 1,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 0,\n'[39m +
+    [32m'    "failed": 1,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "errors": [\n'[39m +
+    [32m'    {\n'[39m +
+    [32m'      "proof_index": 0,\n'[39m +
+    [32m'      "error": {\n'[39m +
+    [32m'        "code": "validation_error",\n'[39m +
+    [32m'        "message": "Proof validation failed",\n'[39m +
+    [32m'        "details": {\n'[39m +
+    [32m'          "reason": "invalid_signature"\n'[39m +
+    [32m'        }\n'[39m +
+    [32m'      }\n'[39m +
+    [32m'    }\n'[39m +
+    [32m'  ]\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
+  correlationId: [32m'c767aad0-4c12-4586-8025-0617fb71d28a'[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m, [32m'errors'[39m ],
+  hasSuccess: [33mtrue[39m,
+  successValue: [33mtrue[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedValue: [33m0[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedValue: [33m1[39m,
+  hasOutcomes: [33mtrue[39m,
+  outcomesValue: { success: [33m0[39m, failed: [33m1[39m, blocked: [33m0[39m, error: [33m0[39m },
+  fullDataWithSuccess: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 0,\n'[39m +
+    [32m'  "rejected": 1,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 0,\n'[39m +
+    [32m'    "failed": 1,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "errors": [\n'[39m +
+    [32m'    {\n'[39m +
+    [32m'      "proof_index": 0,\n'[39m +
+    [32m'      "error": {\n'[39m +
+    [32m'        "code": "validation_error",\n'[39m +
+    [32m'        "message": "Proof validation failed",\n'[39m +
+    [32m'        "details": {\n'[39m +
+    [32m'          "reason": "invalid_signature"\n'[39m +
+    [32m'        }\n'[39m +
+    [32m'      }\n'[39m +
+    [32m'    }\n'[39m +
+    [32m'  ]\n'[39m +
+    [32m'}'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/services/__tests__/access-control.service.test.ts [2m([22m[2m23 tests[22m[2m)[22m[32m 48[2mms[22m[39m
+ [32m✓[39m src/__tests__/services/tool-protection.service.test.ts [2m([22m[2m49 tests[22m[2m)[22m[32m 29[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/services/__tests__/access-control.proof-response-validation.test.ts[2m > [22m[2mProof Submission Response Validation[2m > [22m[2mWrapped Response Format (AgentShield API)[2m > [22m[2mshould validate wrapped response without outcomes (optional field)
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'3c3bdff1-ed1c-4a27-8892-28aa58dbf3a9'[39m,
+  status: [33m200[39m,
+  statusText: [90mundefined[39m,
+  headers: {},
+  responseTextLength: [33m133[39m,
+  responseTextPreview: [32m'{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.966Z"}}'[39m,
+  fullResponseText: [32m'{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.966Z"}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'3c3bdff1-ed1c-4a27-8892-28aa58dbf3a9'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'data'[39m, [32m'metadata'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "data": {\n'[39m +
+    [32m'    "accepted": 1,\n'[39m +
+    [32m'    "rejected": 0\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "metadata": {\n'[39m +
+    [32m'    "requestId": "test-request-id",\n'[39m +
+    [32m'    "timestamp": "2025-11-25T07:06:38.966Z"\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "data": {
+    "accepted": 1,
+    "rejected": 0
+  },
+  "metadata": {
+    "requestId": "test-request-id",
+    "timestamp": "2025-11-25T07:06:38.966Z"
+  }
+}
+[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
+  correlationId: [32m'3c3bdff1-ed1c-4a27-8892-28aa58dbf3a9'[39m,
+  dataKeys: [ [32m'accepted'[39m, [32m'rejected'[39m ],
+  hasAccepted: [33mtrue[39m,
+  hasRejected: [33mtrue[39m,
+  hasOutcomes: [33mfalse[39m,
+  hasErrors: [33mfalse[39m,
+  acceptedType: [32m'number'[39m,
+  acceptedValue: [33m1[39m,
+  rejectedType: [32m'number'[39m,
+  rejectedValue: [33m0[39m,
+  outcomesType: [32m'undefined'[39m,
+  outcomesValue: [90mundefined[39m,
+  errorsType: [32m'undefined'[39m,
+  errorsIsArray: [33mfalse[39m,
+  fullData: [32m'{\n  "accepted": 1,\n  "rejected": 0\n}'[39m
+}
+[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
+  correlationId: [32m'3c3bdff1-ed1c-4a27-8892-28aa58dbf3a9'[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m ],
+  hasSuccess: [33mtrue[39m,
+  successValue: [33mtrue[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedValue: [33m1[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedValue: [33m0[39m,
+  hasOutcomes: [33mfalse[39m,
+  outcomesValue: [90mundefined[39m,
+  fullDataWithSuccess: [32m'{\n  "success": true,\n  "accepted": 1,\n  "rejected": 0\n}'[39m
+}
+[90mstderr[2m | src/services/__tests__/access-control.proof-response-validation.test.ts[2m > [22m[2mProof Submission Response Validation[2m > [22m[2mWrapped Response Format (AgentShield API)[2m > [22m[2mshould throw validation error if data object missing success field
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'11f8c0d3-850b-4ec5-a094-f54907a62637'[39m,
+  status: [33m200[39m,
+  statusText: [90mundefined[39m,
+  headers: {},
+  responseTextLength: [33m191[39m,
+  responseTextPreview: [32m'{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.967Z"}}'[39m,
+  fullResponseText: [32m'{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T07:06:38.967Z"}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'11f8c0d3-850b-4ec5-a094-f54907a62637'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'data'[39m, [32m'metadata'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "data": {\n'[39m +
+    [32m'    "accepted": 1,\n'[39m +
+    [32m'    "rejected": 0,\n'[39m +
+    [32m'    "outcomes": {\n'[39m +
+    [32m'      "success": 1,\n'[39m +
+    [32m'      "failed": 0,\n'[39m +
+    [32m'      "blocked": 0,\n'[39m +
+    [32m'      "error": 0\n'[39m +
+    [32m'    }\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "metadata": {\n'[39m +
+    [32m'    "requestId": "test-request-id",\n'[39m +
+    [32m'    "timestamp": "2025-11-25T07:06:38.967Z"\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "data": {
+    "accepted": 1,
+    "rejected": 0,
+    "outcomes": {
+      "success": 1,
+      "failed": 0,
+      "blocked": 0,
+      "error": 0
+    }
+  },
+  "metadata": {
+    "requestId": "test-request-id",
+    "timestamp": "2025-11-25T07:06:38.967Z"
+  }
+}
+[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
+  correlationId: [32m'11f8c0d3-850b-4ec5-a094-f54907a62637'[39m,
+  dataKeys: [ [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  hasAccepted: [33mtrue[39m,
+  hasRejected: [33mtrue[39m,
+  hasOutcomes: [33mtrue[39m,
+  hasErrors: [33mfalse[39m,
+  acceptedType: [32m'number'[39m,
+  acceptedValue: [33m1[39m,
+  rejectedType: [32m'number'[39m,
+  rejectedValue: [33m0[39m,
+  outcomesType: [32m'object'[39m,
+  outcomesValue: { success: [33m1[39m, failed: [33m0[39m, blocked: [33m0[39m, error: [33m0[39m },
+  errorsType: [32m'undefined'[39m,
+  errorsIsArray: [33mfalse[39m,
+  fullData: [32m'{\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 0,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
+  correlationId: [32m'11f8c0d3-850b-4ec5-a094-f54907a62637'[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  hasSuccess: [33mtrue[39m,
+  successValue: [33mtrue[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedValue: [33m1[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedValue: [33m0[39m,
+  hasOutcomes: [33mtrue[39m,
+  outcomesValue: { success: [33m1[39m, failed: [33m0[39m, blocked: [33m0[39m, error: [33m0[39m },
+  fullDataWithSuccess: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 0,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[90mstderr[2m | src/services/__tests__/access-control.proof-response-validation.test.ts[2m > [22m[2mProof Submission Response Validation[2m > [22m[2mJSON Deep Clone Fix (Cloudflare Workers Edge Case)[2m > [22m[2mshould correctly extract data from wrapped response after JSON deep clone
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'191579b0-41a5-487a-a393-e17c65ff2a3f'[39m,
+  status: [33m200[39m,
+  statusText: [90mundefined[39m,
+  headers: {},
+  responseTextLength: [33m191[39m,
+  responseTextPreview: [32m'{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1},"errors":[]},"metadata":{"requestId":"fc1fa88f-9b22-4161-b4fd-17d8215098ee","timestamp":"2025-11-24T21:36:33.029Z"}}'[39m,
+  fullResponseText: [32m'{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1},"errors":[]},"metadata":{"requestId":"fc1fa88f-9b22-4161-b4fd-17d8215098ee","timestamp":"2025-11-24T21:36:33.029Z"}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'191579b0-41a5-487a-a393-e17c65ff2a3f'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'data'[39m, [32m'metadata'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "data": {\n'[39m +
+    [32m'    "accepted": 1,\n'[39m +
+    [32m'    "rejected": 0,\n'[39m +
+    [32m'    "outcomes": {\n'[39m +
+    [32m'      "success": 1\n'[39m +
+    [32m'    },\n'[39m +
+    [32m'    "errors": []\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "metadata": {\n'[39m +
+    [32m'    "requestId": "fc1fa88f-9b22-4161-b4fd-17d8215098ee",\n'[39m +
+    [32m'    "timestamp": "2025-11-24T21:36:33.029Z"\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "data": {
+    "accepted": 1,
+    "rejected": 0,
+    "outcomes": {
+      "success": 1
+    },
+    "errors": []
+  },
+  "metadata": {
+    "requestId": "fc1fa88f-9b22-4161-b4fd-17d8215098ee",
+    "timestamp": "2025-11-24T21:36:33.029Z"
+  }
+}
+[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
+  correlationId: [32m'191579b0-41a5-487a-a393-e17c65ff2a3f'[39m,
+  dataKeys: [ [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m, [32m'errors'[39m ],
+  hasAccepted: [33mtrue[39m,
+  hasRejected: [33mtrue[39m,
+  hasOutcomes: [33mtrue[39m,
+  hasErrors: [33mtrue[39m,
+  acceptedType: [32m'number'[39m,
+  acceptedValue: [33m1[39m,
+  rejectedType: [32m'number'[39m,
+  rejectedValue: [33m0[39m,
+  outcomesType: [32m'object'[39m,
+  outcomesValue: { success: [33m1[39m },
+  errorsType: [32m'object'[39m,
+  errorsIsArray: [33mtrue[39m,
+  fullData: [32m'{\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "errors": []\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
+  correlationId: [32m'191579b0-41a5-487a-a393-e17c65ff2a3f'[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m, [32m'errors'[39m ],
+  hasSuccess: [33mtrue[39m,
+  successValue: [33mtrue[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedValue: [33m1[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedValue: [33m0[39m,
+  hasOutcomes: [33mtrue[39m,
+  outcomesValue: { success: [33m1[39m },
+  fullDataWithSuccess: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "errors": []\n'[39m +
+    [32m'}'[39m
+}
+[90mstderr[2m | src/services/__tests__/access-control.proof-response-validation.test.ts[2m > [22m[2mProof Submission Response Validation[2m > [22m[2mJSON Deep Clone Fix (Cloudflare Workers Edge Case)[2m > [22m[2mshould handle response where data fields are numeric values (not undefined)
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'328fcc77-3532-43c2-8118-dffff23ce9e1'[39m,
+  status: [33m200[39m,
+  statusText: [90mundefined[39m,
+  headers: {},
+  responseTextLength: [33m151[39m,
+  responseTextPreview: [32m'{"success":true,"data":{"accepted":0,"rejected":0,"outcomes":{},"errors":[]},"metadata":{"requestId":"test-id","timestamp":"2025-11-25T07:06:38.971Z"}}'[39m,
+  fullResponseText: [32m'{"success":true,"data":{"accepted":0,"rejected":0,"outcomes":{},"errors":[]},"metadata":{"requestId":"test-id","timestamp":"2025-11-25T07:06:38.971Z"}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'328fcc77-3532-43c2-8118-dffff23ce9e1'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'data'[39m, [32m'metadata'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "data": {\n'[39m +
+    [32m'    "accepted": 0,\n'[39m +
+    [32m'    "rejected": 0,\n'[39m +
+    [32m'    "outcomes": {},\n'[39m +
+    [32m'    "errors": []\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "metadata": {\n'[39m +
+    [32m'    "requestId": "test-id",\n'[39m +
+    [32m'    "timestamp": "2025-11-25T07:06:38.971Z"\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "data": {
+    "accepted": 0,
+    "rejected": 0,
+    "outcomes": {},
+    "errors": []
+  },
+  "metadata": {
+    "requestId": "test-id",
+    "timestamp": "2025-11-25T07:06:38.971Z"
+  }
+}
+[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
+  correlationId: [32m'328fcc77-3532-43c2-8118-dffff23ce9e1'[39m,
+  dataKeys: [ [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m, [32m'errors'[39m ],
+  hasAccepted: [33mtrue[39m,
+  hasRejected: [33mtrue[39m,
+  hasOutcomes: [33mtrue[39m,
+  hasErrors: [33mtrue[39m,
+  acceptedType: [32m'number'[39m,
+  acceptedValue: [33m0[39m,
+  rejectedType: [32m'number'[39m,
+  rejectedValue: [33m0[39m,
+  outcomesType: [32m'object'[39m,
+  outcomesValue: {},
+  errorsType: [32m'object'[39m,
+  errorsIsArray: [33mtrue[39m,
+  fullData: [32m'{\n  "accepted": 0,\n  "rejected": 0,\n  "outcomes": {},\n  "errors": []\n}'[39m
+}
+[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
+  correlationId: [32m'328fcc77-3532-43c2-8118-dffff23ce9e1'[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m, [32m'errors'[39m ],
+  hasSuccess: [33mtrue[39m,
+  successValue: [33mtrue[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedValue: [33m0[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedValue: [33m0[39m,
+  hasOutcomes: [33mtrue[39m,
+  outcomesValue: {},
+  fullDataWithSuccess: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 0,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {},\n'[39m +
+    [32m'  "errors": []\n'[39m +
+    [32m'}'[39m
+}
+[90mstderr[2m | src/services/__tests__/access-control.proof-response-validation.test.ts[2m > [22m[2mProof Submission Response Validation[2m > [22m[2mJSON Deep Clone Fix (Cloudflare Workers Edge Case)[2m > [22m[2mshould handle response with nested outcomes object
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'41740bb6-ab5d-4ce6-b491-0d64d84fdea4'[39m,
+  status: [33m200[39m,
+  statusText: [90mundefined[39m,
+  headers: {},
+  responseTextLength: [33m278[39m,
+  responseTextPreview: [32m'{"success":true,"data":{"accepted":3,"rejected":2,"outcomes":{"success":1,"failed":1,"blocked":1,"error":2},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Invalid signature"}}]},"metadata":{"requestId":"test-id","timestamp":"2025-11-25T07:06:38.974Z"}}'[39m,
+  fullResponseText: [32m'{"success":true,"data":{"accepted":3,"rejected":2,"outcomes":{"success":1,"failed":1,"blocked":1,"error":2},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Invalid signature"}}]},"metadata":{"requestId":"test-id","timestamp":"2025-11-25T07:06:38.974Z"}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'41740bb6-ab5d-4ce6-b491-0d64d84fdea4'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'data'[39m, [32m'metadata'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "data": {\n'[39m +
+    [32m'    "accepted": 3,\n'[39m +
+    [32m'    "rejected": 2,\n'[39m +
+    [32m'    "outcomes": {\n'[39m +
+    [32m'      "success": 1,\n'[39m +
+    [32m'      "failed": 1,\n'[39m +
+    [32m'      "blocked": 1,\n'[39m +
+    [32m'      "error": 2\n'[39m +
+    [32m'    },\n'[39m +
+    [32m'    "errors": [\n'[39m +
+    [32m'      {\n'[39m +
+    [32m'        "proof_index": 0,\n'[39m +
+    [32m'        "error": {\n'[39m +
+    [32m'          "code": "validation_error",\n'[39m +
+    [32m'          "message": "Invalid signature"\n'[39m +
+    [32m'        }\n'[39m +
+    [32m'      }\n'[39m +
+    [32m'    ]\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "metadata": {\n'[39m +
+    [32m'    "requestId": "test-id",\n'[39m +
+    [32m'    "timestamp": "2025-11-25T07:06:38.974Z"\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "data": {
+    "accepted": 3,
+    "rejected": 2,
+    "outcomes": {
+      "success": 1,
+      "failed": 1,
+      "blocked": 1,
+      "error": 2
+    },
+    "errors": [
+      {
+        "proof_index": 0,
+        "error": {
+          "code": "validation_error",
+          "message": "Invalid signature"
+        }
+      }
+    ]
+  },
+  "metadata": {
+    "requestId": "test-id",
+    "timestamp": "2025-11-25T07:06:38.974Z"
+  }
+}
+[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
+  correlationId: [32m'41740bb6-ab5d-4ce6-b491-0d64d84fdea4'[39m,
+  dataKeys: [ [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m, [32m'errors'[39m ],
+  hasAccepted: [33mtrue[39m,
+  hasRejected: [33mtrue[39m,
+  hasOutcomes: [33mtrue[39m,
+  hasErrors: [33mtrue[39m,
+  acceptedType: [32m'number'[39m,
+  acceptedValue: [33m3[39m,
+  rejectedType: [32m'number'[39m,
+  rejectedValue: [33m2[39m,
+  outcomesType: [32m'object'[39m,
+  outcomesValue: { success: [33m1[39m, failed: [33m1[39m, blocked: [33m1[39m, error: [33m2[39m },
+  errorsType: [32m'object'[39m,
+  errorsIsArray: [33mtrue[39m,
+  fullData: [32m'{\n'[39m +
+    [32m'  "accepted": 3,\n'[39m +
+    [32m'  "rejected": 2,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 1,\n'[39m +
+    [32m'    "blocked": 1,\n'[39m +
+    [32m'    "error": 2\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "errors": [\n'[39m +
+    [32m'    {\n'[39m +
+    [32m'      "proof_index": 0,\n'[39m +
+    [32m'      "error": {\n'[39m +
+    [32m'        "code": "validation_error",\n'[39m +
+    [32m'        "message": "Invalid signature"\n'[39m +
+    [32m'      }\n'[39m +
+    [32m'    }\n'[39m +
+    [32m'  ]\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
+  correlationId: [32m'41740bb6-ab5d-4ce6-b491-0d64d84fdea4'[39m,
+  dataWithSuccessKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m, [32m'errors'[39m ],
+  hasSuccess: [33mtrue[39m,
+  successValue: [33mtrue[39m,
+  hasAccepted: [33mtrue[39m,
+  acceptedValue: [33m3[39m,
+  hasRejected: [33mtrue[39m,
+  rejectedValue: [33m2[39m,
+  hasOutcomes: [33mtrue[39m,
+  outcomesValue: { success: [33m1[39m, failed: [33m1[39m, blocked: [33m1[39m, error: [33m2[39m },
+  fullDataWithSuccess: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 3,\n'[39m +
+    [32m'  "rejected": 2,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 1,\n'[39m +
+    [32m'    "blocked": 1,\n'[39m +
+    [32m'    "error": 2\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "errors": [\n'[39m +
+    [32m'    {\n'[39m +
+    [32m'      "proof_index": 0,\n'[39m +
+    [32m'      "error": {\n'[39m +
+    [32m'        "code": "validation_error",\n'[39m +
+    [32m'        "message": "Invalid signature"\n'[39m +
+    [32m'      }\n'[39m +
+    [32m'    }\n'[39m +
+    [32m'  ]\n'[39m +
+    [32m'}'[39m
+}
+[90mstderr[2m | src/services/__tests__/storage.service.test.ts[2m > [22m[2mStorageService[2m > [22m[2mcreateStorageProviders[2m > [22m[2mshould prefer Redis over KV when both are configured
+[22m[39m[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
+[90mstderr[2m | src/services/__tests__/storage.service.test.ts[2m > [22m[2mStorageService[2m > [22m[2mcreateStorageProviders[2m > [22m[2mshould prefer Redis over KV when both are configured
+[22m[39m[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
+[90mstderr[2m | src/services/__tests__/storage.service.test.ts[2m > [22m[2mStorageService[2m > [22m[2mcreateStorageProviders[2m > [22m[2mshould fall back to memory when Redis connection fails
+[22m[39m[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
+[90mstderr[2m | src/services/__tests__/storage.service.test.ts[2m > [22m[2mStorageService[2m > [22m[2mcreateStorageProviders[2m > [22m[2mshould use KV namespace when provided
+[22m[39m[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 2/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 0/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 1/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.service.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 0/17[22m
+[2m Test Files [22m[1m[32m2 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m75 passed[39m[22m[90m (236)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m530ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/services/__tests__/access-control.proof-response-validation.test.ts [2m([22m[2m12 tests[22m[2m)[22m[32m 33[2mms[22m[39m
+ [32m✓[39m src/services/__tests__/storage.service.test.ts [2m([22m[2m17 tests[22m[2m)[22m[32m 42[2mms[22m[39m
+ [32m✓[39m src/__tests__/cache/tool-protection-cache.test.ts [2m([22m[2m49 tests[22m[2m)[22m[32m 163[2mms[22m[39m
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when no protection required
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'unprotectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when no protection required
+[22m[39m[MCP-I] Tool protection check passed (no delegation required) {
+  tool: [32m'unprotectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  reason: [32m'Tool not configured to require delegation'[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould block tool execution when protection required and no delegation
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould block tool execution when protection required and no delegation
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [ [32m'files:write'[39m ],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_3dxhya_mie8fxpu'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_3dxhya_mie8fxpu'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when protection required and delegation provided
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when protection required and delegation provided
+[22m[39m[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mtrue[39m,
+  hasConsentProof: [33mfalse[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when protection required and delegation provided
+[22m[39m[MCP-I] ✅ Delegation verification SUCCEEDED {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  delegationId: [32m'test-delegation-id'[39m,
+  credentialScopes: [ [32m'files:write'[39m ],
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when protection required and consentProof provided
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when protection required and consentProof provided
+[22m[39m[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mfalse[39m,
+  hasConsentProof: [33mtrue[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when protection required and consentProof provided
+[22m[39m[MCP-I] ✅ Delegation verification SUCCEEDED {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  delegationId: [32m'test-delegation-id'[39m,
+  credentialScopes: [ [32m'files:write'[39m ],
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould block tool execution when delegation verification fails
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould block tool execution when delegation verification fails
+[22m[39m[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mtrue[39m,
+  hasConsentProof: [33mfalse[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould block tool execution when delegation verification fails
+[22m[39m[MCP-I] ❌ Delegation verification FAILED {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  reason: [32m'Delegation token expired'[39m,
+  errorCode: [90mundefined[39m,
+  errorMessage: [90mundefined[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould block tool execution when delegation has wrong scopes
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould block tool execution when delegation has wrong scopes
+[22m[39m[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mtrue[39m,
+  hasConsentProof: [33mfalse[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould block tool execution when delegation has wrong scopes
+[22m[39m[MCP-I] ❌ Delegation verification FAILED {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  reason: [32m'Insufficient scopes'[39m,
+  errorCode: [90mundefined[39m,
+  errorMessage: [90mundefined[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould handle API errors during verification gracefully
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould handle API errors during verification gracefully
+[22m[39m[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mtrue[39m,
+  hasConsentProof: [33mfalse[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould handle API errors during verification gracefully
+[22m[39m[MCP-I] ❌ Delegation verification error (API failure) {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  errorCode: [32m'network_error'[39m,
+  errorMessage: [32m'API unavailable'[39m,
+  errorDetails: {}
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when access control service not configured (graceful degradation)
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould allow tool execution when access control service not configured (graceful degradation)
+[22m[39m[MCP-I] ⚠️ Delegation token provided but AccessControlApiService not configured - skipping verification {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mtrue[39m,
+  hasConsentProof: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould reject delegation when user_identifier does not match session userDid
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould reject delegation when user_identifier does not match session userDid
+[22m[39m[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mtrue[39m,
+  hasConsentProof: [33mfalse[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould reject delegation when user_identifier does not match session userDid
+[22m[39m[MCP-I] 🔒 SECURITY: User identifier validation FAILED {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  delegationUserIdentifier: [32m'did:key:zUserB987654...'[39m,
+  sessionUserDid: [32m'did:key:zUserA123456...'[39m,
+  sessionId: [32m'session123...'[39m,
+  reason: [32m'user_identifier_mismatch'[39m,
+  severity: [32m'high'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould accept delegation when user_identifier matches session userDid
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould accept delegation when user_identifier matches session userDid
+[22m[39m[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mtrue[39m,
+  hasConsentProof: [33mfalse[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould accept delegation when user_identifier matches session userDid
+[22m[39m[MCP-I] ✅ User identifier validation PASSED {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  userDid: [32m'did:key:zUserA123456...'[39m,
+  sessionId: [32m'session123...'[39m
+}
+[MCP-I] ✅ Delegation verification SUCCEEDED {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  delegationId: [32m'test-delegation-id'[39m,
+  credentialScopes: [ [32m'files:write'[39m ],
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould handle missing user_identifier gracefully (backward compatibility)
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould handle missing user_identifier gracefully (backward compatibility)
+[22m[39m[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mtrue[39m,
+  hasConsentProof: [33mfalse[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould handle missing user_identifier gracefully (backward compatibility)
+[22m[39m[MCP-I] ✅ Delegation verification SUCCEEDED {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  delegationId: [32m'test-delegation-id'[39m,
+  credentialScopes: [ [32m'files:write'[39m ],
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould handle missing session userDid gracefully
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mtrue[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould handle missing session userDid gracefully
+[22m[39m[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegationToken: [33mtrue[39m,
+  hasConsentProof: [33mfalse[39m,
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould handle missing session userDid gracefully
+[22m[39m[MCP-I] ✅ Delegation verification SUCCEEDED {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  delegationId: [32m'test-delegation-id'[39m,
+  credentialScopes: [ [32m'files:write'[39m ],
+  requiredScopes: [ [32m'files:write'[39m ]
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2muser_identifier validation[2m > [22m[2mshould handle missing session userDid gracefully
+[22m[39m[MCP-I] ⚠️ Delegation has user_identifier but session missing userDid {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  delegationUserIdentifier: [32m'did:key:zUserA123456...'[39m,
+  sessionId: [32m'session123...'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould create proof after successful tool execution
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'unprotectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould create proof after successful tool execution
+[22m[39m[MCP-I] Tool protection check passed (no delegation required) {
+  tool: [32m'unprotectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  reason: [32m'Tool not configured to require delegation'[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould not create proof when tool execution is blocked
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mprocessToolCall with tool protection[2m > [22m[2mshould not create proof when tool execution is blocked
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [ [32m'files:write'[39m ],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_3dx1la_mie8fxq6'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_3dx1la_mie8fxq6'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include tool name in error
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include tool name in error
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [ [32m'files:write'[39m ],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_3dx1la_mie8fxq7'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_3dx1la_mie8fxq7'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include required scopes in error
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include required scopes in error
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [ [32m'files:write'[39m, [32m'files:read'[39m ],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_3dx1kf_mie8fxq7'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite%2Cfiles%3Aread&session_id=session123&agent_did=&resume_token=resume_3dx1kf_mie8fxq7'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include consent URL in error
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include consent URL in error
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [ [32m'files:write'[39m ],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_3dx1kf_mie8fxq7'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_3dx1kf_mie8fxq7'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include resume token in error
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include resume token in error
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [ [32m'files:write'[39m ],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_3dx1kf_mie8fxq7'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_3dx1kf_mie8fxq7'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include intercepted call context in error
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mDelegationRequiredError details[2m > [22m[2mshould include intercepted call context in error
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [ [32m'files:write'[39m ],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_cst5nw_mie8fxq7'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_cst5nw_mie8fxq7'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2maudit logging[2m > [22m[2mshould log tool protection check when audit enabled
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'testTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2maudit logging[2m > [22m[2mshould log tool protection check when audit enabled
+[22m[39m[MCP-I] Tool protection check passed (no delegation required) {
+  tool: [32m'testTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  reason: [32m'Tool not configured to require delegation'[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2maudit logging[2m > [22m[2mshould log blocked tool call when audit enabled
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mtool protection service integration[2m > [22m[2mshould use agent DID from identity for protection check
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'testTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mtool protection service integration[2m > [22m[2mshould use agent DID from identity for protection check
+[22m[39m[MCP-I] Tool protection check passed (no delegation required) {
+  tool: [32m'testTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  reason: [32m'Tool not configured to require delegation'[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2mtool protection service integration[2m > [22m[2mshould handle tool protection service errors gracefully
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'testTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2medge cases[2m > [22m[2mshould handle empty required scopes array
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2medge cases[2m > [22m[2mshould handle empty required scopes array
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_3dx1ip_mie8fxq9'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=&session_id=session123&agent_did=&resume_token=resume_3dx1ip_mie8fxq9'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2medge cases[2m > [22m[2mshould handle multiple required scopes
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2medge cases[2m > [22m[2mshould handle multiple required scopes
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [ [32m'scope1'[39m, [32m'scope2'[39m, [32m'scope3'[39m ],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_3dx1ip_mie8fxq9'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=scope1%2Cscope2%2Cscope3&session_id=session123&agent_did=&resume_token=resume_3dx1ip_mie8fxq9'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2medge cases[2m > [22m[2mshould handle session without id
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'protectedTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2medge cases[2m > [22m[2mshould handle session without id
+[22m[39m[MCP-I] BLOCKED: Tool requires delegation but none provided {
+  tool: [32m'protectedTool'[39m,
+  requiredScopes: [ [32m'files:write'[39m ],
+  agentDid: [32m'did:key:zmock123...'[39m,
+  resumeToken: [32m'resume_9o4yw1_mie8fxq9'[39m,
+  consentUrl: [32m'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=&agent_did=&resume_token=resume_9o4yw1_mie8fxq9'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2medge cases[2m > [22m[2mshould handle handler errors independently of protection
+[22m[39m[MCP-I] Checking tool protection: {
+  tool: [32m'errorTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  hasDelegation: [33mfalse[39m
+}
+[90mstdout[2m | src/__tests__/runtime/tool-protection-enforcement.test.ts[2m > [22m[2mMCPIRuntimeBase - Tool Protection Enforcement[2m > [22m[2medge cases[2m > [22m[2mshould handle handler errors independently of protection
+[22m[39m[MCP-I] Tool protection check passed (no delegation required) {
+  tool: [32m'errorTool'[39m,
+  agentDid: [32m'did:key:zmock123...'[39m,
+  reason: [32m'Tool not configured to require delegation'[39m
+}
+ [32m✓[39m src/__tests__/runtime/base.test.ts [2m([22m[2m55 tests[22m[2m)[22m[32m 25[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/cache/tool-protection-cache.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 0/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 0/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection.service.test.ts[2m 49/49[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 10/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 24/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 0/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.proof-response-validation.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 0/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/storage.service.test.ts[2m 17/17[22m
+[2m Test Files [22m[1m[32m6 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m265 passed[39m[22m[90m (363)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m630ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/services/__tests__/access-control.integration.test.ts[2m > [22m[2mAccessControlApiService Integration[2m > [22m[2mProof Submission Flow[2m > [22m[2mshould submit proof end-to-end
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'f00d6bbf-782d-46be-84a5-233b9da98e7e'[39m,
+  status: [33m200[39m,
+  statusText: [32m''[39m,
+  headers: { [32m'content-type'[39m: [32m'application/json'[39m },
+  responseTextLength: [33m100[39m,
+  responseTextPreview: [32m'{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'[39m,
+  fullResponseText: [32m'{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'f00d6bbf-782d-46be-84a5-233b9da98e7e'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 1,\n'[39m +
+    [32m'  "rejected": 0,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 1,\n'[39m +
+    [32m'    "failed": 0,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  }\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "accepted": 1,
+  "rejected": 0,
+  "outcomes": {
+    "success": 1,
+    "failed": 0,
+    "blocked": 0,
+    "error": 0
+  }
+}
+[90mstderr[2m | src/services/__tests__/access-control.integration.test.ts[2m > [22m[2mAccessControlApiService Integration[2m > [22m[2mProof Submission Flow[2m > [22m[2mshould handle proof submission with errors
+[22m[39m[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
+  correlationId: [32m'f2190937-8716-43a7-a3cd-e61fac57a507'[39m,
+  status: [33m200[39m,
+  statusText: [32m''[39m,
+  headers: { [32m'content-type'[39m: [32m'application/json'[39m },
+  responseTextLength: [33m200[39m,
+  responseTextPreview: [32m'{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}'[39m,
+  fullResponseText: [32m'{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}'[39m
+}
+[AccessControl] 🔍 PARSED RESPONSE DATA: {
+  correlationId: [32m'f2190937-8716-43a7-a3cd-e61fac57a507'[39m,
+  status: [33m200[39m,
+  responseDataType: [32m'object'[39m,
+  responseDataKeys: [ [32m'success'[39m, [32m'accepted'[39m, [32m'rejected'[39m, [32m'outcomes'[39m, [32m'errors'[39m ],
+  responseData: [32m'{\n'[39m +
+    [32m'  "success": true,\n'[39m +
+    [32m'  "accepted": 0,\n'[39m +
+    [32m'  "rejected": 1,\n'[39m +
+    [32m'  "outcomes": {\n'[39m +
+    [32m'    "success": 0,\n'[39m +
+    [32m'    "failed": 1,\n'[39m +
+    [32m'    "blocked": 0,\n'[39m +
+    [32m'    "error": 0\n'[39m +
+    [32m'  },\n'[39m +
+    [32m'  "errors": [\n'[39m +
+    [32m'    {\n'[39m +
+    [32m'      "proof_index": 0,\n'[39m +
+    [32m'      "error": {\n'[39m +
+    [32m'        "code": "invalid_signature",\n'[39m +
+    [32m'        "message": "Invalid JWS signature"\n'[39m +
+    [32m'      }\n'[39m +
+    [32m'    }\n'[39m +
+    [32m'  ]\n'[39m +
+    [32m'}'[39m
+}
+[AccessControl] Raw response received: {
+  "success": true,
+  "accepted": 0,
+  "rejected": 1,
+  "outcomes": {
+    "success": 0,
+    "failed": 1,
+    "blocked": 0,
+    "error": 0
+  },
+  "errors": [
+    {
+      "proof_index": 0,
+      "error": {
+        "code": "invalid_signature",
+        "message": "Invalid JWS signature"
+      }
+    }
+  ]
+}
+[90mstderr[2m | src/services/__tests__/access-control.integration.test.ts[2m > [22m[2mAccessControlApiService Integration[2m > [22m[2mProof Verification Flow[2m > [22m[2mshould verify proof using ProofVerifier
+[22m[39m[CryptoService] Key ID mismatch
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 29/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 35/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 7/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/crypto.service.test.ts[2m 0/34[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 13/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m11 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m356 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (397)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m844ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/__tests__/runtime/tool-protection-enforcement.test.ts [2m([22m[2m29 tests[22m[2m)[22m[32m 30[2mms[22m[39m
+ [32m✓[39m src/__tests__/runtime/route-interception.test.ts [2m([22m[2m21 tests[22m[2m)[22m[32m 50[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 29/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 35/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 7/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/crypto.service.test.ts[2m 0/34[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 13/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m11 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m356 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (397)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m844ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/services/__tests__/proof-verifier.integration.test.ts[2m > [22m[2mProofVerifier Integration - Real DID Resolution[2m > [22m[2mdid:web Resolution (HTTP)[2m > [22m[2mshould handle HTTP errors gracefully
+[22m[39m[ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
+    at Object.resolveDID [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/proof-verifier.integration.test.ts:143:19[90m)[39m
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at ProofVerifier.fetchPublicKeyFromDID [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/proof-verifier.ts:348:22[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/proof-verifier.integration.test.ts:252:7
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:20
+[90mstderr[2m | src/services/__tests__/proof-verifier.integration.test.ts[2m > [22m[2mProofVerifier Integration - Real DID Resolution[2m > [22m[2mdid:web Resolution (HTTP)[2m > [22m[2mshould handle HTTP errors gracefully
+[22m[39m[ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
+    at Object.resolveDID [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/proof-verifier.integration.test.ts:143:19[90m)[39m
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at ProofVerifier.fetchPublicKeyFromDID [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/proof-verifier.ts:348:22[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/proof-verifier.integration.test.ts:257:9
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:20
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 29/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 35/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 7/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/crypto.service.test.ts[2m 0/34[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 13/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m11 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m356 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (397)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m844ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/delegation/__tests__/vc-verifier.test.ts [2m([22m[2m35 tests[22m[2m)[22m[32m 206[2mms[22m[39m
+ [32m✓[39m src/delegation/__tests__/vc-issuer.test.ts [2m([22m[2m21 tests[22m[2m)[22m[32m 268[2mms[22m[39m
+ [32m✓[39m src/services/__tests__/proof-verifier.integration.test.ts [2m([22m[2m13 tests[22m[2m | [22m[33m1 skipped[39m[2m)[22m[32m 164[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base.test.ts[2m 55/55[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/route-interception.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/tool-protection-enforcement.test.ts[2m 29/29[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-verifier.test.ts[2m 35/35[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 7/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/crypto.service.test.ts[2m 0/34[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 13/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m11 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m356 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (397)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m844ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyEd25519[2m > [22m[2mshould return false on verification error
+[22m[39m[CryptoService] Ed25519 verification error: Error: Verification failed
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:62:9
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould reject invalid JWK format
+[22m[39m[CryptoService] Invalid Ed25519 JWK format
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould reject JWK with wrong kty
+[22m[39m[CryptoService] Invalid Ed25519 JWK format
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould reject JWK with wrong crv
+[22m[39m[CryptoService] Invalid Ed25519 JWK format
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould reject JWK with missing x field
+[22m[39m[CryptoService] Invalid Ed25519 JWK format
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould reject JWK with empty x field
+[22m[39m[CryptoService] Invalid Ed25519 JWK format
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould reject malformed JWS
+[22m[39m[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token '', "" is not valid JSON
+    at CryptoService.parseJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:91:13[90m)[39m
+    at CryptoService.verifyJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:169:23[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:230:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould reject non-EdDSA algorithms
+[22m[39m[CryptoService] Unsupported algorithm: RS256, expected EdDSA
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould reject HS256 algorithm
+[22m[39m[CryptoService] Unsupported algorithm: HS256, expected EdDSA
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould handle empty JWS components
+[22m[39m[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected end of JSON input
+    at CryptoService.parseJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:91:13[90m)[39m
+    at CryptoService.verifyJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:169:23[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:271:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould handle malformed JWS - single part
+[22m[39m[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
+    at CryptoService.parseJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:78:13[90m)[39m
+    at CryptoService.verifyJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:169:23[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:279:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould handle malformed JWS - two parts
+[22m[39m[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
+    at CryptoService.parseJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:78:13[90m)[39m
+    at CryptoService.verifyJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:169:23[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:287:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould handle malformed JWS - four parts
+[22m[39m[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
+    at CryptoService.parseJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:78:13[90m)[39m
+    at CryptoService.verifyJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:169:23[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:302:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould handle malformed JWS - invalid JSON header
+[22m[39m[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token 'o', "notjson" is not valid JSON
+    at CryptoService.parseJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:91:13[90m)[39m
+    at CryptoService.verifyJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:169:23[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:316:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould handle malformed JWS - invalid base64
+[22m[39m[CryptoService] Invalid JWS format: Error: Invalid payload base64: Invalid base64url string: Invalid character
+    at CryptoService.parseJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:107:15[90m)[39m
+    at CryptoService.verifyJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:169:23[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:334:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould validate expectedKid option
+[22m[39m[CryptoService] Key ID mismatch
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould validate alg option
+[22m[39m[CryptoService] Unsupported algorithm: EdDSA, expected RS256
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould validate Ed25519 key length
+[22m[39m[CryptoService] Failed to extract public key: Error: Invalid Ed25519 public key length: 5
+    at CryptoService.jwkToBase64PublicKey [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:295:13[90m)[39m
+    at CryptoService.verifyJWS [90m(/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/crypto.service.ts:249:32[90m)[39m
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:398:42
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+[90mstderr[2m | src/services/__tests__/crypto.service.test.ts[2m > [22m[2mCryptoService[2m > [22m[2mverifyJWS[2m > [22m[2mshould handle signature verification error
+[22m[39m[CryptoService] Ed25519 verification error: Error: Crypto error
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/crypto.service.test.ts:449:61
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m 0/34[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/config/__tests__/remote-config.spec.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/crypto.service.test.ts[2m 34/34[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 13/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m13 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m392 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (431)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m946ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/services/__tests__/access-control.integration.test.ts [2m([22m[2m9 tests[22m[2m)[22m[32m 144[2mms[22m[39m
+ [32m✓[39m src/services/__tests__/crypto.service.test.ts [2m([22m[2m34 tests[22m[2m)[22m[32m 78[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/base.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m 0/34[22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/config/__tests__/remote-config.spec.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/vc-issuer.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/access-control.integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/crypto.service.test.ts[2m 34/34[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.integration.test.ts[2m 13/13[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m13 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m392 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (431)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m946ms
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/__tests__/providers/memory.test.ts [2m([22m[2m34 tests[22m[2m)[22m[32m 10[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/base.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m 34/34[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m 38/38[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/config/__tests__/remote-config.spec.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m19 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m529 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (534)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.18s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/services/__tests__/proof-verifier.test.ts[2m > [22m[2mProofVerifier Security[2m > [22m[2mSignature Verification[2m > [22m[2mshould handle signature verification errors gracefully
+[22m[39m[CryptoService] Ed25519 verification error: Error: Crypto error
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/services/__tests__/proof-verifier.test.ts:328:9
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/base.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m 34/34[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m 38/38[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/config/__tests__/remote-config.spec.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m19 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m529 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (534)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.18s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/__tests__/runtime/base-extensions.test.ts [2m([22m[2m38 tests[22m[2m)[22m[32m 12[2mms[22m[39m
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mTool protection enforcement flow[2m > [22m[2mshould allow unprotected tool calls
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.485Z'[39m
+}
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mTool protection enforcement flow[2m > [22m[2mshould intercept protected tool calls without delegation
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'checkout'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.485Z'[39m
+}
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mTool protection enforcement flow[2m > [22m[2mshould intercept protected tool calls without delegation
+[22m[39m[ToolProtectionService] Protection check {
+  tool: [32m'checkout'[39m,
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  found: [33mtrue[39m,
+  isWildcard: [33mfalse[39m,
+  requiresDelegation: [33mtrue[39m,
+  availableTools: [ [32m'checkout'[39m ]
+}
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mAgentShield integration flow[2m > [22m[2mshould fetch tool protection config from AgentShield
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'protected_tool'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.486Z'[39m
+}
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mAgentShield integration flow[2m > [22m[2mshould cache tool protection config
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.487Z'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/base.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m 34/34[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m 38/38[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/config/__tests__/remote-config.spec.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m19 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m529 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (534)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.18s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mAgentShield integration flow[2m > [22m[2mshould use fallback config when API fails
+[22m[39m[ToolProtectionService] API fetch failed, using fallback config { agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m, error: [32m'Network error'[39m }
+[90mstderr[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mError handling in full flow[2m > [22m[2mshould handle tool protection service errors gracefully
+[22m[39m[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  error: [32m'Network error'[39m,
+  cacheKey: [32m'config:tool-protections:test-project'[39m
+}
+[90mstderr[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mError handling in full flow[2m > [22m[2mshould handle network timeouts
+[22m[39m[ToolProtectionService] API fetch failed, using fallback config { agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m, error: [32m'Network timeout'[39m }
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/base.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m 34/34[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m 38/38[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/config/__tests__/remote-config.spec.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m19 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m529 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (534)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.18s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mCache integration in full flow[2m > [22m[2mshould share cache across multiple service instances
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.489Z'[39m
+}
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mCache integration in full flow[2m > [22m[2mshould clear cache when needed
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.489Z'[39m
+}
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mCache integration in full flow[2m > [22m[2mshould clear cache when needed
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.489Z'[39m
+}
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mReal-world e-commerce scenario[2m > [22m[2mshould handle complete e-commerce flow with tool protection
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m3[39m,
+  protectedTools: [ [32m'add_to_cart'[39m, [32m'checkout'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.489Z'[39m
+}
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mReal-world e-commerce scenario[2m > [22m[2mshould handle complete e-commerce flow with tool protection
+[22m[39m[ToolProtectionService] Protection check {
+  tool: [32m'add_to_cart'[39m,
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  found: [33mtrue[39m,
+  isWildcard: [33mfalse[39m,
+  requiresDelegation: [33mtrue[39m,
+  availableTools: [ [32m'search_products'[39m, [32m'add_to_cart'[39m, [32m'checkout'[39m ]
+}
+[90mstdout[2m | src/__tests__/integration/full-flow.test.ts[2m > [22m[2mFull Flow Integration[2m > [22m[2mConcurrent operations[2m > [22m[2mshould handle concurrent cache operations
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.490Z'[39m
+}
+[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.490Z'[39m
+}
+[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.490Z'[39m
+}
+ [32m✓[39m src/services/__tests__/proof-verifier.test.ts [2m([22m[2m21 tests[22m[2m)[22m[32m 14[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/base.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m 34/34[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m 38/38[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/config/__tests__/remote-config.spec.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m19 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m529 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (534)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.18s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/config/__tests__/remote-config.spec.ts[2m > [22m[2mfetchRemoteConfig[2m > [22m[2mError handling[2m > [22m[2mshould return null if API request fails
+[22m[39m[RemoteConfig] API returned 404: Not Found
+[90mstderr[2m | src/config/__tests__/remote-config.spec.ts[2m > [22m[2mfetchRemoteConfig[2m > [22m[2mError handling[2m > [22m[2mshould return null if API throws error
+[22m[39m[RemoteConfig] Failed to fetch config: Error: Network error
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/config/__tests__/remote-config.spec.ts:170:35
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+[90mstderr[2m | src/config/__tests__/remote-config.spec.ts[2m > [22m[2mfetchRemoteConfig[2m > [22m[2mError handling[2m > [22m[2mshould return null if neither projectId nor agentDid provided
+[22m[39m[RemoteConfig] Neither projectId nor agentDid provided
+[90mstderr[2m | src/config/__tests__/remote-config.spec.ts[2m > [22m[2mfetchRemoteConfig[2m > [22m[2mError handling[2m > [22m[2mshould handle cache read errors gracefully
+[22m[39m[RemoteConfig] Cache read failed: Error: Cache error
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/config/__tests__/remote-config.spec.ts:198:50
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/base.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m 34/34[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m 38/38[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/config/__tests__/remote-config.spec.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m19 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m529 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (534)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.18s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/__tests__/providers/base.test.ts [2m([22m[2m14 tests[22m[2m)[22m[32m 5[2mms[22m[39m
+ [32m✓[39m src/config/__tests__/remote-config.spec.ts [2m([22m[2m9 tests[22m[2m)[22m[32m 10[2mms[22m[39m
+ [32m✓[39m src/__tests__/integration/full-flow.test.ts [2m([22m[2m21 tests[22m[2m)[22m[32m 15[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/base.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/__tests__/providers/memory.test.ts[2m 34/34[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/base-extensions.test.ts[2m 38/38[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/config/__tests__/remote-config.spec.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/proof-verifier.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m [queued][22m
+[2m Test Files [22m[1m[32m19 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m529 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (534)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.18s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mFull handshake and tool execution flow[2m > [22m[2mshould complete full authentication and tool execution cycle
+[22m[39m[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zqOzzkIALhk-_RTB5UPLgb0-yy3LIUw2V","environment":"development","userDidGeneration":"disabled"},"timestamp":1764054399701,"timestampFormatted":"2025-11-25T07:06:39.701Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mFull handshake and tool execution flow[2m > [22m[2mshould complete full authentication and tool execution cycle
+[22m[39m[AUDIT] {"event":"tool_executed","data":{"tool":"greetingTool","sessionId":"89e5bb20677624b03210f79d4e9edd14","timestamp":1764054399701},"timestamp":1764054399701,"timestampFormatted":"2025-11-25T07:06:39.701Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mSession expiry handling[2m > [22m[2mshould handle expired sessions correctly
+[22m[39m[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zVfSmusJvK9igylqSoES3YAjEkvBbORE5","environment":"development","userDidGeneration":"disabled"},"timestamp":1764054399707,"timestampFormatted":"2025-11-25T07:06:39.707Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mKey rotation flow[2m > [22m[2mshould handle key rotation and maintain functionality
+[22m[39m[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zACmONplPFniTRjssN-8Y4MU1PHhE7AzY","environment":"development","userDidGeneration":"disabled"},"timestamp":1764054399708,"timestampFormatted":"2025-11-25T07:06:39.708Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mKey rotation flow[2m > [22m[2mshould handle key rotation and maintain functionality
+[22m[39m[AUDIT] {"event":"keys_rotated","data":{"oldDid":"did:key:zACmONplPFniTRjssN-8Y4MU1PHhE7AzY","newDid":"did:key:zlGgImf7O75-tk5FalCdDRgil3sn-SSBs","timestamp":1764054399708},"timestamp":1764054399708,"timestampFormatted":"2025-11-25T07:06:39.708Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mWell-known endpoints[2m > [22m[2mshould provide identity discovery endpoints
+[22m[39m[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zW-Q2Ws28I1FtwXmrOnWFN2Duo5eHWykG","environment":"development","userDidGeneration":"disabled"},"timestamp":1764054399708,"timestampFormatted":"2025-11-25T07:06:39.708Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mNonce replay protection[2m > [22m[2mshould prevent nonce reuse
+[22m[39m[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zQoj50x_zuZlkMeyK-4tj1K6BIq_G9JOt","environment":"development","userDidGeneration":"disabled"},"timestamp":1764054399709,"timestampFormatted":"2025-11-25T07:06:39.709Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mError handling[2m > [22m[2mshould handle network errors gracefully
+[22m[39m[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zeLTFuDtHsF4u34Q9yDZCzD8vM-sVwHX5","environment":"development","userDidGeneration":"disabled"},"timestamp":1764054399709,"timestampFormatted":"2025-11-25T07:06:39.709Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mError handling[2m > [22m[2mshould handle malformed DID documents
+[22m[39m[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z9EtraFALke-Cj0pB7QGItf0CiOOZVT8h","environment":"development","userDidGeneration":"disabled"},"timestamp":1764054399709,"timestampFormatted":"2025-11-25T07:06:39.709Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mDebug endpoint[2m > [22m[2mshould provide debug information in development
+[22m[39m[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zSpxypbJmnozF_wq7hZ9xitkOSBvDyZaj","environment":"development","userDidGeneration":"disabled"},"timestamp":1764054399709,"timestampFormatted":"2025-11-25T07:06:39.709Z"}
+[90mstdout[2m | src/__tests__/integration.test.ts[2m > [22m[2mIntegration Tests[2m > [22m[2mDebug endpoint[2m > [22m[2mshould be disabled in production
+[22m[39m[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z1-7njXcjiKEvP-OvcKG9mBv442vuO8mN","environment":"development","userDidGeneration":"disabled"},"timestamp":1764054399709,"timestampFormatted":"2025-11-25T07:06:39.709Z"}
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mScope inference edge cases (Priority 2)[2m > [22m[2mshould handle empty scopes array
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[90mstderr[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mScope inference edge cases (Priority 2)[2m > [22m[2mshould handle ambiguous scopes (multiple providers inferred)
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[90mstderr[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mScope inference edge cases (Priority 2)[2m > [22m[2mshould handle unknown scope prefixes
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mScope inference edge cases (Priority 2)[2m > [22m[2mshould verify gmail → google mapping works
+[22m[39m[ProviderResolver] Inferred provider "google" from scopes
+[90mstdout[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mScope inference edge cases (Priority 2)[2m > [22m[2mshould verify calendar → google mapping works
+[22m[39m[ProviderResolver] Inferred provider "google" from scopes
+[90mstdout[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mScope inference edge cases (Priority 2)[2m > [22m[2mshould verify outlook → microsoft mapping works
+[22m[39m[ProviderResolver] Inferred provider "microsoft" from scopes
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mScope inference edge cases (Priority 2)[2m > [22m[2mshould handle scopes without colons
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[90mstderr[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mScope inference edge cases (Priority 2)[2m > [22m[2mshould handle inferred provider not in registry
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "google" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[90mstderr[2m | src/__tests__/identity/user-did-manager.test.ts[2m > [22m[2mUserDidManager[2m > [22m[2merror handling[2m > [22m[2mshould handle storage.get errors gracefully
+[22m[39m[UserDidManager] Storage.get failed, generating new DID: Error: Storage error
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/__tests__/identity/user-did-manager.test.ts:187:67
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+[90mstderr[2m | src/__tests__/identity/user-did-manager.test.ts[2m > [22m[2mUserDidManager[2m > [22m[2merror handling[2m > [22m[2mshould handle storage.set errors gracefully
+[22m[39m[UserDidManager] Storage.set failed, continuing with cached DID: Error: Storage error
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/__tests__/identity/user-did-manager.test.ts:196:67
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:157:11
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:26
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1636:20
+    at new Promise (<anonymous>)
+    at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1602:10)
+    at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1309:12)
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+    at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:1468:8)
+[90mstderr[2m | src/__tests__/identity/user-did-manager.test.ts[2m > [22m[2mUserDidManager[2m > [22m[2merror handling[2m > [22m[2mshould handle storage.delete errors gracefully
+[22m[39m[UserDidManager] Storage.delete failed, continuing: Error: Storage error
+    at [90m/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/[39msrc/__tests__/identity/user-did-manager.test.ts:206:70
+[90m    at processTicksAndRejections (node:internal/process/task_queues:103:5)[39m
+    at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/[4m.pnpm[24m/@vitest+runner@4.0.5/node_modules/[4m@vitest/runner[24m/dist/index.js:753:20
+[90mstderr[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mFallback behavior (Priority 3 - configuredProvider)[2m > [22m[2mshould use configuredProvider when oauthProvider not specified
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "google" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mProvider name case sensitivity[2m > [22m[2mshould handle provider names case-insensitively in inference
+[22m[39m[ProviderResolver] Inferred provider "github" from scopes
+[90mstdout[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mMultiple scopes with same provider[2m > [22m[2mshould handle multiple scopes from same provider
+[22m[39m[ProviderResolver] Inferred provider "github" from scopes
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mconfiguredProvider behavior (Priority 3)[2m > [22m[2mshould use configuredProvider when tool has no oauthProvider
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/services/provider-resolver-edge-cases.test.ts[2m > [22m[2mProviderResolver - Edge Cases[2m > [22m[2mconfiguredProvider behavior (Priority 3)[2m > [22m[2mshould prefer scope-inferred provider over configuredProvider
+[22m[39m[ProviderResolver] Inferred provider "google" from scopes
+ [32m✓[39m src/__tests__/integration.test.ts [2m([22m[2m9 tests[22m[2m)[22m[32m 9[2mms[22m[39m
+[90mstdout[2m | src/__tests__/regression/phase2-regression.test.ts[2m > [22m[2mPhase 2 Regression Tests[2m > [22m[2mBackward Compatibility[2m > [22m[2mPhase 1 tools (no oauthProvider)[2m > [22m[2mshould work with Phase 1 tools that don't specify oauthProvider
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'phase1_tool'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.720Z'[39m
+}
+[90mstdout[2m | src/services/__tests__/provider-resolver.test.ts[2m > [22m[2mProviderResolver[2m > [22m[2mresolveProvider - Priority 2: Scope inference[2m > [22m[2mshould infer provider from github scope prefix
+[22m[39m[ProviderResolver] Inferred provider "github" from scopes
+[90mstdout[2m | src/services/__tests__/provider-resolver.test.ts[2m > [22m[2mProviderResolver[2m > [22m[2mresolveProvider - Priority 2: Scope inference[2m > [22m[2mshould infer provider from gmail scope prefix (maps to google)
+[22m[39m[ProviderResolver] Inferred provider "google" from scopes
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/services/__tests__/provider-resolver.test.ts[2m > [22m[2mProviderResolver[2m > [22m[2mresolveProvider - Priority 2: Scope inference[2m > [22m[2mshould fall back to configuredProvider for ambiguous scopes
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/regression/phase2-regression.test.ts[2m > [22m[2mPhase 2 Regression Tests[2m > [22m[2mBackward Compatibility[2m > [22m[2mOld API endpoint format[2m > [22m[2mshould still support old endpoint format (tools array)
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'old_tool'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.725Z'[39m
+}
+[90mstdout[2m | src/__tests__/regression/phase2-regression.test.ts[2m > [22m[2mPhase 2 Regression Tests[2m > [22m[2mBackward Compatibility[2m > [22m[2mOld API endpoint format[2m > [22m[2mshould still support old endpoint format (tools object)
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'old_tool'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.725Z'[39m
+}
+[90mstdout[2m | src/__tests__/regression/phase2-regression.test.ts[2m > [22m[2mPhase 2 Regression Tests[2m > [22m[2mBackward Compatibility[2m > [22m[2msnake_case field names[2m > [22m[2mshould still support snake_case field names
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool_with_snake_case'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.726Z'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/regression/phase2-regression.test.ts[2m > [22m[2mPhase 2 Regression Tests[2m > [22m[2mNo Regressions[2m > [22m[2mPhase 1 OAuth flow[2m > [22m[2mshould still work with Phase 1 OAuth flow (no oauthProvider)
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/regression/phase2-regression.test.ts[2m > [22m[2mPhase 2 Regression Tests[2m > [22m[2mMixed Phase 1 and Phase 2 tools[2m > [22m[2mshould handle mix of Phase 1 and Phase 2 tools in same project
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'phase1_tool'[39m, [32m'phase2_tool'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.726Z'[39m
+}
+ [32m✓[39m src/__tests__/identity/user-did-manager.test.ts [2m([22m[2m17 tests[22m[2m)[22m[32m 13[2mms[22m[39m
+ [32m✓[39m src/services/__tests__/provider-resolver.test.ts [2m([22m[2m8 tests[22m[2m)[22m[32m 5[2mms[22m[39m
+ [32m✓[39m src/__tests__/regression/phase2-regression.test.ts [2m([22m[2m12 tests[22m[2m)[22m[32m 10[2mms[22m[39m
+ [32m✓[39m src/delegation/__tests__/cascading-revocation.test.ts [2m([22m[2m23 tests[22m[2m)[22m[32m 8[2mms[22m[39m
+ [32m✓[39m src/__tests__/services/provider-resolver-edge-cases.test.ts [2m([22m[2m25 tests[22m[2m | [22m[33m1 skipped[39m[2m)[22m[32m 11[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/identity/user-did-manager.test.ts[2m 17/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/__tests__/integration/full-flow.test.ts[2m 21/21[22m
+[1m[33m ❯ [39m[22msrc/__tests__/regression/phase2-regression.test.ts[2m 12/12[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/cascading-revocation.test.ts[2m 23/23[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 0/28[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolver.test.ts[2m 8/8[22m
+[2m Test Files [22m[1m[32m25 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m622 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (686)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.28s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/delegation/__tests__/delegation-graph.test.ts [2m([22m[2m28 tests[22m[2m)[22m[32m 6[2mms[22m[39m
+ [32m✓[39m src/delegation/__tests__/bitstring.test.ts [2m([22m[2m30 tests[22m[2m)[22m[32m 35[2mms[22m[39m
+ [32m✓[39m src/services/__tests__/oauth-provider-registry.test.ts [2m([22m[2m9 tests[22m[2m)[22m[32m 3[2mms[22m[39m
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mNew endpoint format (toolProtections object)[2m > [22m[2mshould parse oauthProvider from camelCase field
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'read_repos'[39m, [32m'send_email'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.983Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mNew endpoint format (toolProtections object)[2m > [22m[2mshould parse oauthProvider from snake_case field
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'read_repos'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.989Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mNew endpoint format (toolProtections object)[2m > [22m[2mshould prefer camelCase over snake_case when both present
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'read_repos'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.989Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mNew endpoint format (toolProtections object)[2m > [22m[2mshould handle missing oauthProvider field (backward compatible)
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'read_repos'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.990Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mOld endpoint format (tools array)[2m > [22m[2mshould parse oauthProvider from array format with camelCase
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'read_repos'[39m, [32m'send_email'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.990Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mOld endpoint format (tools array)[2m > [22m[2mshould parse oauthProvider from array format with snake_case
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'read_repos'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.991Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mOld endpoint format (tools array)[2m > [22m[2mshould prefer camelCase over snake_case in array format
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'read_repos'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.991Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mOld endpoint format (tools object)[2m > [22m[2mshould parse oauthProvider from object format with camelCase
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'read_repos'[39m, [32m'send_email'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.991Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mOld endpoint format (tools object)[2m > [22m[2mshould parse oauthProvider from object format with snake_case
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'read_repos'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.991Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mOld endpoint format (tools object)[2m > [22m[2mshould prefer camelCase over snake_case in object format
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'read_repos'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'none'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.991Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2mCaching[2m > [22m[2mshould cache oauthProvider field correctly
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'read_repos'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.991Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2moauthProvider field inclusion[2m > [22m[2mshould include oauthProvider in returned ToolProtection objects when present
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m2[39m,
+  protectedTools: [ [32m'tool_with_provider'[39m, [32m'tool_without_provider'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.992Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/tool-protection-oauth-provider.test.ts[2m > [22m[2mToolProtectionService - oauthProvider Parsing[2m > [22m[2moauthProvider field inclusion[2m > [22m[2mshould handle empty string oauthProvider gracefully
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool_with_empty_provider'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:39.992Z'[39m
+}
+ [32m✓[39m src/__tests__/services/tool-protection-oauth-provider.test.ts [2m([22m[2m14 tests[22m[2m)[22m[32m 11[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/delegation-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/proof-client-did.test.ts[2m 0/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 30/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 28/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/utils.test.ts[2m 1/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/storage/__tests__/memory-graph-storage.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/batch-delegation.service.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolution.integration.test.ts[2m 0/6[22m
+[2m Test Files [22m[1m[32m29 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m704 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (790)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.58s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/services/__tests__/provider-resolution.integration.test.ts[2m > [22m[2mProvider Resolution Integration[2m > [22m[2mBackward compatibility[2m > [22m[2mshould work with Phase 1 tools (no oauthProvider field)
+[22m[39m[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/delegation-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/proof-client-did.test.ts[2m 0/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 30/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 28/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/utils.test.ts[2m 1/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/storage/__tests__/memory-graph-storage.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/batch-delegation.service.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolution.integration.test.ts[2m 0/6[22m
+[2m Test Files [22m[1m[32m29 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m704 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (790)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.58s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mCaching Integration[2m > [22m[2mshould respect cache TTL
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m0[39m,
+  protectedTools: [],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m1000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:06:41.030Z'[39m
+}
+[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mReal-world Scenarios[2m > [22m[2mshould handle typical e-commerce tool protection config
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m4[39m,
+  protectedTools: [ [32m'add_to_cart'[39m, [32m'checkout'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:40.030Z'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/delegation-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/proof-client-did.test.ts[2m 0/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 30/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 28/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/utils.test.ts[2m 1/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/storage/__tests__/memory-graph-storage.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/batch-delegation.service.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolution.integration.test.ts[2m 0/6[22m
+[2m Test Files [22m[1m[32m29 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m704 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (790)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.58s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstderr[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mReal-world Scenarios[2m > [22m[2mshould handle API rate limiting gracefully
+[22m[39m[ToolProtectionService] API fetch failed, using fallback config {
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  error: [32m'Failed to fetch bouncer config: 429 Too Many Requests - Rate limit exceeded'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/delegation-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/proof-client-did.test.ts[2m 0/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 30/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 28/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/utils.test.ts[2m 1/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/storage/__tests__/memory-graph-storage.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/batch-delegation.service.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolution.integration.test.ts[2m 0/6[22m
+[2m Test Files [22m[1m[32m29 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m704 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (790)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.58s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[90mstdout[2m | src/__tests__/services/agentshield-integration.test.ts[2m > [22m[2mAgentShield Integration[2m > [22m[2mReal-world Scenarios[2m > [22m[2mshould handle concurrent requests
+[22m[39m[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:40.031Z'[39m
+}
+[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:40.031Z'[39m
+}
+[ToolProtectionService] Config loaded from API {
+  source: [32m'api'[39m,
+  toolCount: [33m1[39m,
+  protectedTools: [ [32m'tool1'[39m ],
+  agentDid: [32m'did:key:z6MkhaXgBZDv...'[39m,
+  projectId: [32m'test-project-123'[39m,
+  cacheTtlMs: [33m300000[39m,
+  cacheExpiresAt: [32m'2025-11-25T07:11:40.031Z'[39m
+}
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/delegation-flow.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/proof-client-did.test.ts[2m 0/17[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/agentshield-integration.test.ts[2m 26/30[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/provider-resolver-edge-cases.test.ts[2m 25/25[22m
+[1m[33m ❯ [39m[22msrc/__tests__/services/tool-protection-oauth-provider.test.ts[2m 14/14[22m
+[1m[33m ❯ [39m[22msrc/compliance/__tests__/schema-verifier.test.ts[2m 0/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/bitstring.test.ts[2m 30/30[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/delegation-graph.test.ts[2m 28/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/utils.test.ts[2m 1/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/storage/__tests__/memory-graph-storage.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/batch-delegation.service.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/oauth-provider-registry.test.ts[2m 9/9[22m
+[1m[33m ❯ [39m[22msrc/services/__tests__/provider-resolution.integration.test.ts[2m 0/6[22m
+[2m Test Files [22m[1m[32m29 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m704 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (790)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.58s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/delegation/__tests__/utils.test.ts [2m([22m[2m28 tests[22m[2m)[22m[32m 3[2mms[22m[39m
+ [32m✓[39m src/services/__tests__/provider-resolution.integration.test.ts [2m([22m[2m6 tests[22m[2m)[22m[32m 4[2mms[22m[39m
+ [32m✓[39m src/__tests__/services/agentshield-integration.test.ts [2m([22m[2m30 tests[22m[2m)[22m[33m 1125[2mms[22m[39m
+       [33m[2m✓[22m[39m should respect cache TTL [33m 1105[2mms[22m[39m
+ [32m✓[39m src/__tests__/runtime/proof-client-did.test.ts [2m([22m[2m17 tests[22m[2m)[22m[32m 17[2mms[22m[39m
+ [32m✓[39m src/compliance/__tests__/schema-verifier.test.ts [2m([22m[2m30 tests[22m[2m)[22m[32m 5[2mms[22m[39m
+ [32m✓[39m src/services/__tests__/batch-delegation.service.test.ts [2m([22m[2m11 tests[22m[2m)[22m[32m 11[2mms[22m[39m
+ [32m✓[39m src/__tests__/runtime/audit-logger.test.ts [2m([22m[2m9 tests[22m[2m)[22m[32m 3[2mms[22m[39m
+ [32m✓[39m src/__tests__/config/provider-runtime-config.test.ts [2m([22m[2m9 tests[22m[2m)[22m[32m 2[2mms[22m[39m
+ [32m✓[39m src/utils/__tests__/did-helpers.test.ts [2m([22m[2m11 tests[22m[2m)[22m[32m 2[2mms[22m[39m
+ [32m✓[39m src/delegation/storage/__tests__/memory-graph-storage.test.ts [2m([22m[2m27 tests[22m[2m)[22m[32m 68[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/index.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/runtime/delegation-flow.test.ts[2m 0/4[22m
+[1m[33m ❯ [39m[22msrc/delegation/__tests__/utils.test.ts[2m 28/28[22m
+[1m[33m ❯ [39m[22msrc/delegation/storage/__tests__/memory-statuslist-storage.test.ts[2m 1/14[22m
+[2m Test Files [22m[1m[32m39 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m856 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (875)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.68s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/delegation/storage/__tests__/memory-statuslist-storage.test.ts [2m([22m[2m14 tests[22m[2m)[22m[32m 3[2mms[22m[39m
+ [32m✓[39m src/__tests__/runtime/delegation-flow.test.ts [2m([22m[2m4 tests[22m[2m)[22m[32m 7[2mms[22m[39m
+ [32m✓[39m src/delegation/__tests__/audience-validator.test.ts [2m([22m[2m5 tests[22m[2m)[22m[32m 5[2mms[22m[39m
+[1m[33m ❯ [39m[22msrc/__tests__/delegation-e2e.test.ts[2m [queued][22m
+[1m[33m ❯ [39m[22msrc/__tests__/index.test.ts[2m 0/4[22m
+[2m Test Files [22m[1m[32m42 passed[39m[22m[90m (44)[39m
+[2m      Tests [22m[1m[32m878 passed[39m[22m[2m | [22m[33m2 skipped[39m[90m (884)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.78s
+[?2026l[?2026h[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K [32m✓[39m src/__tests__/index.test.ts [2m([22m[2m4 tests[22m[2m)[22m[32m 2[2mms[22m[39m
+ [2m[90m↓[39m[22m src/__tests__/delegation-e2e.test.ts [2m([22m[2m14 tests[22m[2m | [22m[33m14 skipped[39m[2m)[22m
+[2m Test Files [22m[1m[32m43 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (44)[39m
+[2m      Tests [22m[1m[32m882 passed[39m[22m[2m | [22m[33m16 skipped[39m[90m (898)[39m
+[2m   Start at [22m01:06:38
+[2m   Duration [22m1.99s
+[?2026l[K[1A[K[1A[K[1A[K[1A[K[1A[K[1A[K
+[2m Test Files [22m [1m[32m43 passed[39m[22m[2m | [22m[33m1 skipped[39m[90m (44)[39m
+[2m      Tests [22m [1m[32m882 passed[39m[22m[2m | [22m[33m16 skipped[39m[90m (898)[39m
+[2m   Start at [22m 01:06:38
+[2m   Duration [22m 2.01s[2m (transform 4.08s, setup 0ms, collect 7.26s, tests 2.72s, environment 16ms, prepare 1.69s)[22m
+[34m % [39m[2mCoverage report from [22m[33mv8[39m
+=============================== Coverage summary ===============================
+[33;1mStatements   : 65.61% ( 1597/2434 )[0m
+[33;1mBranches     : 58.79% ( 996/1694 )[0m
+[33;1mFunctions    : 66.16% ( 262/396 )[0m
+[33;1mLines        : 65.64% ( 1559/2375 )[0m
+================================================================================
+[?25h