@kya-os/mcp-i-core 1.3.13 → 1.3.15

package/src/__tests__/runtime/tool-protection-enforcement.test.ts

@@ -1,908 +0,0 @@
-/**
- * Tool Protection Enforcement Tests
- *
- * Tests for tool protection enforcement in processToolCall.
- */
-
-import { describe, it, expect, beforeEach, vi } from "vitest";
-import { MCPIRuntimeBase } from "../../runtime/base";
-import { ProviderRuntimeConfig } from "../../config";
-import {
-  createMockProviders,
-  MockClockProvider,
-} from "../utils/mock-providers";
-import { ToolProtectionService } from "../../services/tool-protection.service";
-import { DelegationRequiredError } from "../../types/tool-protection";
-import { AccessControlApiService } from "../../services/access-control.service";
-import type { VerifyDelegationAPIResponse } from "@kya-os/contracts/agentshield-api";
-
-describe("MCPIRuntimeBase - Tool Protection Enforcement", () => {
-  let runtime: MCPIRuntimeBase;
-  let config: ProviderRuntimeConfig;
-  let mockProviders: ReturnType<typeof createMockProviders>;
-  let mockToolProtectionService: {
-    checkToolProtection: ReturnType<typeof vi.fn>;
-  };
-  let mockAccessControlService: {
-    verifyDelegation: ReturnType<typeof vi.fn>;
-  };
-
-  beforeEach(async () => {
-    vi.clearAllMocks();
-    mockProviders = createMockProviders();
-
-    // Create mock tool protection service
-    mockToolProtectionService = {
-      checkToolProtection: vi.fn(),
-    };
-
-    // Create mock access control service
-    mockAccessControlService = {
-      verifyDelegation: vi.fn(),
-    };
-
-    config = {
-      ...mockProviders,
-      environment: "development",
-      session: {
-        timestampSkewSeconds: 120,
-        ttlMinutes: 30,
-      },
-      audit: {
-        enabled: true,
-        logFunction: vi.fn(),
-        includePayloads: true,
-      },
-      toolProtectionService: mockToolProtectionService as any,
-    };
-    runtime = new MCPIRuntimeBase(config);
-    // Inject mock access control service
-    (runtime as any).accessControlService = mockAccessControlService as any;
-    await runtime.initialize();
-  });
-
-  describe("processToolCall with tool protection", () => {
-    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
-    const session = {
-      id: "session123",
-      audience: "https://client.example.com",
-      nonce: "test-nonce",
-    };
-
-    it("should allow tool execution when no protection required", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
-
-      const result = await runtime.processToolCall(
-        "unprotectedTool",
-        { arg: "value" },
-        mockHandler,
-        session
-      );
-
-      expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
-      expect(result).toEqual({ result: "success" });
-      expect(
-        mockToolProtectionService.checkToolProtection
-      ).toHaveBeenCalledWith("unprotectedTool", "did:key:zmock123");
-    });
-
-    it("should block tool execution when protection required and no delegation", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      await expect(
-        runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        )
-      ).rejects.toThrow(DelegationRequiredError);
-
-      expect(mockHandler).not.toHaveBeenCalled();
-    });
-
-    it("should allow tool execution when protection required and delegation provided", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      // Mock successful delegation verification
-      mockAccessControlService.verifyDelegation.mockResolvedValue({
-        success: true,
-        data: {
-          valid: true,
-          delegation_id: "test-delegation-id",
-          credential: {
-            agent_did: "did:key:zmock123",
-            scopes: ["files:write"],
-            issued_at: Date.now(),
-            created_at: Date.now(),
-          },
-        },
-      } as VerifyDelegationAPIResponse);
-
-      const sessionWithDelegation = {
-        ...session,
-        delegationToken: "valid-delegation-token",
-      };
-
-      const result = await runtime.processToolCall(
-        "protectedTool",
-        { arg: "value" },
-        mockHandler,
-        sessionWithDelegation
-      );
-
-      // Verify delegation was checked
-      expect(mockAccessControlService.verifyDelegation).toHaveBeenCalledWith(
-        expect.objectContaining({
-          agent_did: "did:key:zmock123",
-          delegation_token: "valid-delegation-token",
-          scopes: ["files:write"],
-        }),
-        expect.objectContaining({
-          delegationToken: "valid-delegation-token",
-        })
-      );
-
-      expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
-      expect(result).toEqual({ result: "success" });
-    });
-
-    it("should allow tool execution when protection required and consentProof provided", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      // Mock successful delegation verification using consent proof as credential_jwt
-      mockAccessControlService.verifyDelegation.mockResolvedValue({
-        success: true,
-        data: {
-          valid: true,
-          delegation_id: "test-delegation-id",
-          credential: {
-            agent_did: "did:key:zmock123",
-            scopes: ["files:write"],
-            issued_at: Date.now(),
-            created_at: Date.now(),
-          },
-        },
-      } as VerifyDelegationAPIResponse);
-
-      const sessionWithConsent = {
-        ...session,
-        consentProof: "valid-consent-proof",
-      };
-
-      const result = await runtime.processToolCall(
-        "protectedTool",
-        { arg: "value" },
-        mockHandler,
-        sessionWithConsent
-      );
-
-      // Verify delegation was checked using consent proof
-      expect(mockAccessControlService.verifyDelegation).toHaveBeenCalledWith(
-        expect.objectContaining({
-          agent_did: "did:key:zmock123",
-          credential_jwt: "valid-consent-proof",
-          scopes: ["files:write"],
-        }),
-        expect.objectContaining({
-          credentialJwt: "valid-consent-proof",
-        })
-      );
-
-      expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
-      expect(result).toEqual({ result: "success" });
-    });
-
-    it("should block tool execution when delegation verification fails", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      // Mock failed delegation verification
-      mockAccessControlService.verifyDelegation.mockResolvedValue({
-        success: true,
-        data: {
-          valid: false,
-          reason: "Delegation token expired",
-        },
-      } as VerifyDelegationAPIResponse);
-
-      const sessionWithDelegation = {
-        ...session,
-        delegationToken: "expired-delegation-token",
-      };
-
-      await expect(
-        runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          sessionWithDelegation
-        )
-      ).rejects.toThrow(DelegationRequiredError);
-
-      expect(mockAccessControlService.verifyDelegation).toHaveBeenCalled();
-      expect(mockHandler).not.toHaveBeenCalled();
-    });
-
-    it("should block tool execution when delegation has wrong scopes", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      // Mock delegation with insufficient scopes
-      mockAccessControlService.verifyDelegation.mockResolvedValue({
-        success: true,
-        data: {
-          valid: false,
-          reason: "Insufficient scopes",
-          credential: {
-            agent_did: "did:key:zmock123",
-            scopes: ["files:read"], // Only read, not write
-            issued_at: Date.now(),
-            created_at: Date.now(),
-          },
-        },
-      } as VerifyDelegationAPIResponse);
-
-      const sessionWithDelegation = {
-        ...session,
-        delegationToken: "insufficient-scope-token",
-      };
-
-      await expect(
-        runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          sessionWithDelegation
-        )
-      ).rejects.toThrow(DelegationRequiredError);
-
-      expect(mockAccessControlService.verifyDelegation).toHaveBeenCalledWith(
-        expect.objectContaining({
-          scopes: ["files:write"],
-        }),
-        expect.any(Object)
-      );
-      expect(mockHandler).not.toHaveBeenCalled();
-    });
-
-    it("should handle API errors during verification gracefully", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      // Mock API error
-      const { AgentShieldAPIError } = await import(
-        "@kya-os/contracts/agentshield-api"
-      );
-      mockAccessControlService.verifyDelegation.mockRejectedValue(
-        new AgentShieldAPIError("network_error", "API unavailable", {})
-      );
-
-      const sessionWithDelegation = {
-        ...session,
-        delegationToken: "valid-token",
-      };
-
-      // Should fail securely by requiring delegation
-      await expect(
-        runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          sessionWithDelegation
-        )
-      ).rejects.toThrow(DelegationRequiredError);
-
-      expect(mockHandler).not.toHaveBeenCalled();
-    });
-
-    it("should allow tool execution when access control service not configured (graceful degradation)", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      // Remove access control service
-      (runtime as any).accessControlService = undefined;
-
-      const sessionWithDelegation = {
-        ...session,
-        delegationToken: "valid-delegation-token",
-      };
-
-      // Should allow execution with warning (graceful degradation)
-      const result = await runtime.processToolCall(
-        "protectedTool",
-        { arg: "value" },
-        mockHandler,
-        sessionWithDelegation
-      );
-
-      expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
-      expect(result).toEqual({ result: "success" });
-    });
-
-    describe("user_identifier validation", () => {
-      const userDidA = "did:key:zUserA123456789";
-      const userDidB = "did:key:zUserB987654321";
-
-      it("should reject delegation when user_identifier does not match session userDid", async () => {
-        mockToolProtectionService.checkToolProtection.mockResolvedValue({
-          requiresDelegation: true,
-          requiredScopes: ["files:write"],
-        });
-
-        // Mock verification response with User B's user_identifier
-        mockAccessControlService.verifyDelegation.mockResolvedValue({
-          success: true,
-          data: {
-            valid: true,
-            delegation_id: "test-delegation-id",
-            credential: {
-              agent_did: "did:key:zmock123",
-              user_identifier: userDidB, // ❌ User B's identifier, not User A's
-              scopes: ["files:write"],
-              issued_at: Date.now(),
-              created_at: Date.now(),
-            },
-          },
-        } as VerifyDelegationAPIResponse);
-
-        // Session with User A's DID
-        const sessionWithUserA = {
-          ...session,
-          userDid: userDidA, // User A's DID
-          delegationToken: "delegation-token-for-user-b",
-        };
-
-        // Should reject delegation due to user_identifier mismatch
-        await expect(
-          runtime.processToolCall(
-            "protectedTool",
-            { arg: "value" },
-            mockHandler,
-            sessionWithUserA
-          )
-        ).rejects.toThrow(DelegationRequiredError);
-
-        expect(mockAccessControlService.verifyDelegation).toHaveBeenCalled();
-        expect(mockHandler).not.toHaveBeenCalled();
-      });
-
-      it("should accept delegation when user_identifier matches session userDid", async () => {
-        mockToolProtectionService.checkToolProtection.mockResolvedValue({
-          requiresDelegation: true,
-          requiredScopes: ["files:write"],
-        });
-
-        // Mock verification response with User A's user_identifier
-        mockAccessControlService.verifyDelegation.mockResolvedValue({
-          success: true,
-          data: {
-            valid: true,
-            delegation_id: "test-delegation-id",
-            credential: {
-              agent_did: "did:key:zmock123",
-              user_identifier: userDidA, // ✅ User A's identifier matches session
-              scopes: ["files:write"],
-              issued_at: Date.now(),
-              created_at: Date.now(),
-            },
-          },
-        } as VerifyDelegationAPIResponse);
-
-        // Session with User A's DID
-        const sessionWithUserA = {
-          ...session,
-          userDid: userDidA, // User A's DID
-          delegationToken: "delegation-token-for-user-a",
-        };
-
-        // Should accept delegation when user_identifier matches
-        const result = await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          sessionWithUserA
-        );
-
-        expect(mockAccessControlService.verifyDelegation).toHaveBeenCalled();
-        expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
-        expect(result).toEqual({ result: "success" });
-      });
-
-      it("should handle missing user_identifier gracefully (backward compatibility)", async () => {
-        mockToolProtectionService.checkToolProtection.mockResolvedValue({
-          requiresDelegation: true,
-          requiredScopes: ["files:write"],
-        });
-
-        // Mock verification response without user_identifier (legacy format)
-        mockAccessControlService.verifyDelegation.mockResolvedValue({
-          success: true,
-          data: {
-            valid: true,
-            delegation_id: "test-delegation-id",
-            credential: {
-              agent_did: "did:key:zmock123",
-              // No user_identifier field
-              scopes: ["files:write"],
-              issued_at: Date.now(),
-              created_at: Date.now(),
-            },
-          },
-        } as VerifyDelegationAPIResponse);
-
-        const sessionWithUserA = {
-          ...session,
-          userDid: userDidA,
-          delegationToken: "legacy-delegation-token",
-        };
-
-        // Should allow execution when user_identifier is missing (backward compatibility)
-        const result = await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          sessionWithUserA
-        );
-
-        expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
-        expect(result).toEqual({ result: "success" });
-      });
-
-      it("should handle missing session userDid gracefully", async () => {
-        mockToolProtectionService.checkToolProtection.mockResolvedValue({
-          requiresDelegation: true,
-          requiredScopes: ["files:write"],
-        });
-
-        // Mock verification response with user_identifier
-        mockAccessControlService.verifyDelegation.mockResolvedValue({
-          success: true,
-          data: {
-            valid: true,
-            delegation_id: "test-delegation-id",
-            credential: {
-              agent_did: "did:key:zmock123",
-              user_identifier: userDidA,
-              scopes: ["files:write"],
-              issued_at: Date.now(),
-              created_at: Date.now(),
-            },
-          },
-        } as VerifyDelegationAPIResponse);
-
-        // Session without userDid (legacy format)
-        const sessionWithoutUserDid = {
-          ...session,
-          // No userDid field
-          delegationToken: "delegation-token",
-        };
-
-        // Should allow execution when session userDid is missing (backward compatibility)
-        const result = await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          sessionWithoutUserDid
-        );
-
-        expect(mockHandler).toHaveBeenCalledWith({ arg: "value" });
-        expect(result).toEqual({ result: "success" });
-      });
-    });
-
-    it("should create proof after successful tool execution", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
-
-      await runtime.processToolCall(
-        "unprotectedTool",
-        { arg: "value" },
-        mockHandler,
-        session
-      );
-
-      const proof = runtime.getLastProof();
-      expect(proof).toBeDefined();
-      expect(proof.did).toBe("did:key:zmock123");
-      expect(proof.sessionId).toBe("session123");
-    });
-
-    it("should not create proof when tool execution is blocked", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      const initialProof = runtime.getLastProof();
-
-      await expect(
-        runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        )
-      ).rejects.toThrow(DelegationRequiredError);
-
-      // Proof should not be created when tool is blocked
-      const proofAfterBlock = runtime.getLastProof();
-      expect(proofAfterBlock).toBe(initialProof);
-    });
-  });
-
-  describe("DelegationRequiredError details", () => {
-    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
-    const session = {
-      id: "session123",
-      audience: "https://client.example.com",
-      nonce: "test-nonce",
-    };
-
-    it("should include tool name in error", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      try {
-        await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        );
-        expect.fail("Should have thrown DelegationRequiredError");
-      } catch (error: any) {
-        expect(error).toBeInstanceOf(DelegationRequiredError);
-        expect(error.toolName).toBe("protectedTool");
-        expect(error.message).toContain("protectedTool");
-      }
-    });
-
-    it("should include required scopes in error", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write", "files:read"],
-      });
-
-      try {
-        await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        );
-        expect.fail("Should have thrown DelegationRequiredError");
-      } catch (error: any) {
-        expect(error).toBeInstanceOf(DelegationRequiredError);
-        expect(error.requiredScopes).toEqual(["files:write", "files:read"]);
-      }
-    });
-
-    it("should include consent URL in error", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      try {
-        await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        );
-        expect.fail("Should have thrown DelegationRequiredError");
-      } catch (error: any) {
-        expect(error).toBeInstanceOf(DelegationRequiredError);
-        expect(error.consentUrl).toBeDefined();
-        expect(error.consentUrl).toContain("kya.vouched.id/bouncer/consent");
-        expect(error.consentUrl).toContain("tool=protectedTool");
-        expect(error.consentUrl).toContain("scopes=files%3Awrite");
-      }
-    });
-
-    it("should include resume token in error", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      try {
-        await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        );
-        expect.fail("Should have thrown DelegationRequiredError");
-      } catch (error: any) {
-        expect(error).toBeInstanceOf(DelegationRequiredError);
-        expect(error.resumeToken).toBeDefined();
-        expect(error.resumeToken).toMatch(/^resume_/);
-      }
-    });
-
-    it("should include intercepted call context in error", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      try {
-        await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value", nested: { data: "test" } },
-          mockHandler,
-          session
-        );
-        expect.fail("Should have thrown DelegationRequiredError");
-      } catch (error: any) {
-        expect(error).toBeInstanceOf(DelegationRequiredError);
-        expect(error.interceptedCall).toBeDefined();
-        expect(error.interceptedCall.toolName).toBe("protectedTool");
-        expect(error.interceptedCall.args).toEqual({
-          arg: "value",
-          nested: { data: "test" },
-        });
-        expect(error.interceptedCall.sessionId).toBe("session123");
-      }
-    });
-  });
-
-  describe("audit logging", () => {
-    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
-    const session = {
-      id: "session123",
-      audience: "https://client.example.com",
-      nonce: "test-nonce",
-    };
-
-    it("should log tool protection check when audit enabled", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
-
-      await runtime.processToolCall(
-        "testTool",
-        { arg: "value" },
-        mockHandler,
-        session
-      );
-
-      expect(config.audit!.logFunction).toHaveBeenCalled();
-      const logCalls = (config.audit!.logFunction as any).mock.calls;
-      const protectionLogCall = logCalls.find((call: any[]) => {
-        try {
-          const log = JSON.parse(call[0]);
-          return log.event === "tool_executed";
-        } catch {
-          return false;
-        }
-      });
-      expect(protectionLogCall).toBeDefined();
-    });
-
-    it("should log blocked tool call when audit enabled", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      const consoleWarnSpy = vi
-        .spyOn(console, "warn")
-        .mockImplementation(() => {});
-
-      try {
-        await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        );
-      } catch (error) {
-        // Expected
-      }
-
-      expect(consoleWarnSpy).toHaveBeenCalledWith(
-        expect.stringContaining("[MCP-I] BLOCKED"),
-        expect.any(Object)
-      );
-
-      consoleWarnSpy.mockRestore();
-    });
-
-    it("should not log when audit disabled", async () => {
-      const auditLogFn = vi.fn();
-      const configNoAudit = {
-        ...config,
-        audit: {
-          enabled: false,
-          logFunction: auditLogFn,
-        },
-      };
-      const runtimeNoAudit = new MCPIRuntimeBase(configNoAudit);
-      await runtimeNoAudit.initialize();
-
-      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
-
-      await runtimeNoAudit.processToolCall(
-        "testTool",
-        { arg: "value" },
-        mockHandler,
-        session
-      );
-
-      // Should not call log function for tool execution (initialization may still log)
-      const toolExecutionLogs = auditLogFn.mock.calls.filter((call: any[]) => {
-        try {
-          const log = JSON.parse(call[0]);
-          return log.event === "tool_executed";
-        } catch {
-          return false;
-        }
-      });
-      expect(toolExecutionLogs.length).toBe(0);
-    });
-  });
-
-  describe("tool protection service integration", () => {
-    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
-    const session = {
-      id: "session123",
-      audience: "https://client.example.com",
-      nonce: "test-nonce",
-    };
-
-    it("should use agent DID from identity for protection check", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
-
-      await runtime.processToolCall(
-        "testTool",
-        { arg: "value" },
-        mockHandler,
-        session
-      );
-
-      expect(
-        mockToolProtectionService.checkToolProtection
-      ).toHaveBeenCalledWith("testTool", "did:key:zmock123");
-    });
-
-    it("should handle tool protection service errors gracefully", async () => {
-      mockToolProtectionService.checkToolProtection.mockRejectedValue(
-        new Error("Service unavailable")
-      );
-
-      // If the service throws, the error propagates and tool execution is blocked
-      // This is the current behavior - service errors prevent tool execution
-      await expect(
-        runtime.processToolCall(
-          "testTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        )
-      ).rejects.toThrow("Service unavailable");
-    });
-
-    it("should work without tool protection service", async () => {
-      const configNoService = {
-        ...config,
-        toolProtectionService: undefined,
-      };
-      const runtimeNoService = new MCPIRuntimeBase(configNoService);
-      await runtimeNoService.initialize();
-
-      const result = await runtimeNoService.processToolCall(
-        "testTool",
-        { arg: "value" },
-        mockHandler,
-        session
-      );
-
-      expect(mockHandler).toHaveBeenCalled();
-      expect(result).toEqual({ result: "success" });
-    });
-  });
-
-  describe("edge cases", () => {
-    const mockHandler = vi.fn().mockResolvedValue({ result: "success" });
-    const session = {
-      id: "session123",
-      audience: "https://client.example.com",
-      nonce: "test-nonce",
-    };
-
-    it("should handle empty required scopes array", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: [],
-      });
-
-      await expect(
-        runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        )
-      ).rejects.toThrow(DelegationRequiredError);
-    });
-
-    it("should handle multiple required scopes", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["scope1", "scope2", "scope3"],
-      });
-
-      try {
-        await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          session
-        );
-        expect.fail("Should have thrown DelegationRequiredError");
-      } catch (error: any) {
-        expect(error.requiredScopes).toEqual(["scope1", "scope2", "scope3"]);
-        expect(error.consentUrl).toContain("scopes=scope1%2Cscope2%2Cscope3");
-      }
-    });
-
-    it("should handle session without id", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue({
-        requiresDelegation: true,
-        requiredScopes: ["files:write"],
-      });
-
-      const sessionWithoutId = {
-        audience: "https://client.example.com",
-        nonce: "test-nonce",
-      };
-
-      try {
-        await runtime.processToolCall(
-          "protectedTool",
-          { arg: "value" },
-          mockHandler,
-          sessionWithoutId
-        );
-        expect.fail("Should have thrown DelegationRequiredError");
-      } catch (error: any) {
-        expect(error.interceptedCall.sessionId).toBe("unknown");
-      }
-    });
-
-    it("should handle handler errors independently of protection", async () => {
-      mockToolProtectionService.checkToolProtection.mockResolvedValue(null);
-      const errorHandler = vi
-        .fn()
-        .mockRejectedValue(new Error("Handler failed"));
-
-      await expect(
-        runtime.processToolCall(
-          "errorTool",
-          { arg: "value" },
-          errorHandler,
-          session
-        )
-      ).rejects.toThrow("Handler failed");
-    });
-  });
-});