@kya-os/mcp-i-core 1.3.13 → 1.3.15

package/src/config/__tests__/merged-config.spec.ts

@@ -1,445 +0,0 @@
-/**
- * Tests for Merged Configuration Handling
- *
- * TDD tests for the merged config API response format where tool protections
- * are embedded in the config at `toolProtection.tools`.
- *
- * These tests document the expected behavior BEFORE implementation.
- *
- * @since 1.6.0
- */
-
-import { describe, it, expect, beforeEach, vi } from 'vitest';
-import {
-  fetchRemoteConfig,
-  type RemoteConfigOptions,
-  type RemoteConfigCache
-} from '../remote-config.js';
-import type { MergedMCPIServerConfig } from '@kya-os/contracts/dashboard-config';
-
-describe('fetchRemoteConfig - Merged Config Format', () => {
-  let mockFetch: ReturnType<typeof vi.fn>;
-  let mockCache: RemoteConfigCache;
-
-  beforeEach(() => {
-    mockFetch = vi.fn();
-    mockCache = {
-      get: vi.fn(),
-      set: vi.fn()
-    };
-  });
-
-  describe('Embedded tool protections', () => {
-    it('should handle merged config with toolProtection.tools field', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      const mergedConfig: MergedMCPIServerConfig = {
-        identity: {
-          serverDid: 'did:key:test',
-          environment: 'production',
-          storageLocation: 'cloudflare-kv'
-        },
-        proofing: {
-          enabled: true,
-          destinations: [],
-          batchQueue: { maxBatchSize: 10, flushIntervalMs: 5000, maxRetries: 3 }
-        },
-        delegation: {
-          enabled: true,
-          enforceStrictly: true,
-          verifier: { type: 'agentshield' },
-          authorization: {}
-        },
-        toolProtection: {
-          source: 'agentshield',
-          tools: {
-            greet: {
-              requiresDelegation: true,
-              requiredScopes: ['greeting:write'],
-              riskLevel: 'low'
-            },
-            checkout: {
-              requiresDelegation: true,
-              requiredScopes: ['checkout:execute', 'payment:write'],
-              riskLevel: 'high'
-            }
-          }
-        },
-        audit: {
-          enabled: true,
-          includeProofHashes: true,
-          includePayloads: false
-        },
-        session: {
-          timestampSkewSeconds: 120,
-          ttlMinutes: 30
-        },
-        platform: {
-          type: 'cloudflare'
-        },
-        metadata: {
-          version: '1.6.0',
-          lastUpdated: new Date().toISOString(),
-          source: 'dashboard'
-        }
-      };
-
-      mockFetch.mockResolvedValue({
-        ok: true,
-        json: async () => ({
-          success: true,
-          data: { config: mergedConfig }
-        })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toBeDefined();
-      // The toolProtection.tools should be accessible
-      expect(result?.toolProtection?.tools).toBeDefined();
-      expect(result?.toolProtection?.tools?.greet).toEqual({
-        requiresDelegation: true,
-        requiredScopes: ['greeting:write'],
-        riskLevel: 'low'
-      });
-      expect(result?.toolProtection?.tools?.checkout).toEqual({
-        requiresDelegation: true,
-        requiredScopes: ['checkout:execute', 'payment:write'],
-        riskLevel: 'high'
-      });
-    });
-
-    it('should handle empty tools object when no tools discovered', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      const mergedConfig = {
-        identity: {
-          serverDid: 'did:key:test',
-          environment: 'production',
-          storageLocation: 'cloudflare-kv'
-        },
-        proofing: {
-          enabled: false,
-          destinations: [],
-          batchQueue: { maxBatchSize: 10, flushIntervalMs: 5000, maxRetries: 3 }
-        },
-        delegation: {
-          enabled: false,
-          enforceStrictly: false,
-          verifier: { type: 'memory' },
-          authorization: {}
-        },
-        toolProtection: {
-          source: 'agentshield',
-          tools: {} // Empty - no tools discovered yet
-        },
-        audit: {
-          enabled: false,
-          includeProofHashes: false,
-          includePayloads: false
-        },
-        session: {
-          timestampSkewSeconds: 120,
-          ttlMinutes: 30
-        },
-        platform: {
-          type: 'node'
-        },
-        metadata: {
-          version: '1.6.0',
-          lastUpdated: new Date().toISOString(),
-          source: 'dashboard'
-        }
-      };
-
-      mockFetch.mockResolvedValue({
-        ok: true,
-        json: async () => ({
-          success: true,
-          data: { config: mergedConfig }
-        })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toBeDefined();
-      expect(result?.toolProtection?.tools).toEqual({});
-    });
-
-    it('should gracefully handle missing tools field for backward compatibility', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      // Old API format without tools field
-      const oldFormatConfig = {
-        identity: {
-          serverDid: 'did:key:test',
-          environment: 'production',
-          storageLocation: 'cloudflare-kv'
-        },
-        proofing: {
-          enabled: false,
-          destinations: [],
-          batchQueue: { maxBatchSize: 10, flushIntervalMs: 5000, maxRetries: 3 }
-        },
-        delegation: {
-          enabled: false,
-          enforceStrictly: false,
-          verifier: { type: 'memory' },
-          authorization: {}
-        },
-        toolProtection: {
-          source: 'agentshield'
-          // No tools field - old format
-        },
-        audit: {
-          enabled: false,
-          includeProofHashes: false,
-          includePayloads: false
-        },
-        session: {
-          timestampSkewSeconds: 120,
-          ttlMinutes: 30
-        },
-        platform: {
-          type: 'node'
-        },
-        metadata: {
-          version: '1.5.0',
-          lastUpdated: new Date().toISOString(),
-          source: 'dashboard'
-        }
-      };
-
-      mockFetch.mockResolvedValue({
-        ok: true,
-        json: async () => ({
-          success: true,
-          data: { config: oldFormatConfig }
-        })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      // Should not throw and should return config (implementation will add empty tools)
-      expect(result).toBeDefined();
-      // Current implementation doesn't handle this - test documents expected behavior
-      // After implementation, toolProtection.tools should default to {}
-    });
-  });
-
-  describe('Response format with embedded tools', () => {
-    it('should handle response with deprecated top-level toolProtections field', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      const mergedConfig = {
-        identity: {
-          serverDid: 'did:key:test',
-          environment: 'production',
-          storageLocation: 'cloudflare-kv'
-        },
-        proofing: {
-          enabled: false,
-          destinations: [],
-          batchQueue: { maxBatchSize: 10, flushIntervalMs: 5000, maxRetries: 3 }
-        },
-        delegation: {
-          enabled: false,
-          enforceStrictly: false,
-          verifier: { type: 'memory' },
-          authorization: {}
-        },
-        toolProtection: {
-          source: 'agentshield',
-          tools: {
-            greet: { requiresDelegation: true, requiredScopes: ['greeting:write'] }
-          }
-        },
-        audit: {
-          enabled: false,
-          includeProofHashes: false,
-          includePayloads: false
-        },
-        session: {
-          timestampSkewSeconds: 120,
-          ttlMinutes: 30
-        },
-        platform: {
-          type: 'node'
-        },
-        metadata: {
-          version: '1.6.0',
-          lastUpdated: new Date().toISOString(),
-          source: 'dashboard'
-        }
-      };
-
-      // Response includes both embedded tools and deprecated top-level field
-      mockFetch.mockResolvedValue({
-        ok: true,
-        json: async () => ({
-          success: true,
-          data: {
-            config: mergedConfig,
-            // Deprecated: This field exists for backward compatibility
-            toolProtections: {
-              greet: { requiresDelegation: true, requiredScopes: ['greeting:write'] }
-            }
-          },
-          metadata: {
-            timestamp: new Date().toISOString(),
-            cachedUntil: new Date(Date.now() + 60000).toISOString()
-          }
-        })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toBeDefined();
-      // Should use config.toolProtection.tools (embedded), not top-level toolProtections
-      expect(result?.toolProtection?.tools?.greet).toEqual({
-        requiresDelegation: true,
-        requiredScopes: ['greeting:write']
-      });
-    });
-  });
-
-  describe('Caching with merged config', () => {
-    it('should cache merged config correctly', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      const mergedConfig = {
-        identity: {
-          serverDid: 'did:key:test',
-          environment: 'production',
-          storageLocation: 'cloudflare-kv'
-        },
-        proofing: {
-          enabled: false,
-          destinations: [],
-          batchQueue: { maxBatchSize: 10, flushIntervalMs: 5000, maxRetries: 3 }
-        },
-        delegation: {
-          enabled: false,
-          enforceStrictly: false,
-          verifier: { type: 'memory' },
-          authorization: {}
-        },
-        toolProtection: {
-          source: 'agentshield',
-          tools: {
-            greet: { requiresDelegation: true, requiredScopes: ['greeting:write'] }
-          }
-        },
-        audit: {
-          enabled: false,
-          includeProofHashes: false,
-          includePayloads: false
-        },
-        session: {
-          timestampSkewSeconds: 120,
-          ttlMinutes: 30
-        },
-        platform: {
-          type: 'node'
-        },
-        metadata: {
-          version: '1.6.0',
-          lastUpdated: new Date().toISOString(),
-          source: 'dashboard'
-        }
-      };
-
-      mockFetch.mockResolvedValue({
-        ok: true,
-        json: async () => ({
-          success: true,
-          data: { config: mergedConfig }
-        })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch,
-        cacheTtl: 300000
-      };
-
-      await fetchRemoteConfig(options, mockCache);
-
-      expect(mockCache.set).toHaveBeenCalledWith(
-        'config:project:test-project',
-        expect.stringContaining('toolProtection'),
-        300000
-      );
-    });
-
-    it('should return cached merged config with embedded tools', async () => {
-      const cachedConfig = {
-        identity: {
-          serverDid: 'did:key:test',
-          environment: 'production',
-          storageLocation: 'cloudflare-kv'
-        },
-        toolProtection: {
-          source: 'agentshield',
-          tools: {
-            greet: { requiresDelegation: true, requiredScopes: ['greeting:write'] }
-          }
-        },
-        // ... other fields
-      };
-
-      vi.mocked(mockCache.get).mockResolvedValue(
-        JSON.stringify({
-          config: cachedConfig,
-          expiresAt: Date.now() + 60000
-        })
-      );
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result?.toolProtection?.tools?.greet).toEqual({
-        requiresDelegation: true,
-        requiredScopes: ['greeting:write']
-      });
-      expect(mockFetch).not.toHaveBeenCalled();
-    });
-  });
-});
-

package/src/config/__tests__/remote-config.spec.ts

@@ -1,268 +0,0 @@
-/**
- * Tests for Remote Configuration Fetching
- *
- * Validates that remote config fetching works correctly with caching
- * and fallback behavior.
- */
-
-import { describe, it, expect, beforeEach, vi } from 'vitest';
-import {
-  fetchRemoteConfig,
-  type RemoteConfigOptions,
-  type RemoteConfigCache
-} from '../remote-config.js';
-import type { MCPIConfig } from '@kya-os/contracts/config';
-
-describe('fetchRemoteConfig', () => {
-  let mockFetch: ReturnType<typeof vi.fn>;
-  let mockCache: RemoteConfigCache;
-
-  beforeEach(() => {
-    mockFetch = vi.fn();
-    mockCache = {
-      get: vi.fn(),
-      set: vi.fn()
-    };
-  });
-
-  describe('Cache hit scenario', () => {
-    it('should return cached config if available and not expired', async () => {
-      const cachedConfig: MCPIConfig = {
-        environment: 'production',
-        identity: { enabled: true, environment: 'production' }
-      };
-
-      vi.mocked(mockCache.get).mockResolvedValue(
-        JSON.stringify({
-          config: cachedConfig,
-          expiresAt: Date.now() + 60000 // 1 minute in future
-        })
-      );
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toEqual(cachedConfig);
-      expect(mockCache.get).toHaveBeenCalledWith('config:project:test-project');
-      expect(mockFetch).not.toHaveBeenCalled();
-    });
-
-    it('should fetch fresh config if cache expired', async () => {
-      const cachedConfig: MCPIConfig = {
-        environment: 'production'
-      };
-
-      vi.mocked(mockCache.get).mockResolvedValue(
-        JSON.stringify({
-          config: cachedConfig,
-          expiresAt: Date.now() - 1000 // Expired
-        })
-      );
-
-      const freshConfig: MCPIConfig = {
-        environment: 'production',
-        identity: { enabled: true, environment: 'production' }
-      };
-
-      mockFetch.mockResolvedValue({
-        ok: true,
-        json: async () => ({ success: true, data: freshConfig })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toEqual(freshConfig);
-      expect(mockFetch).toHaveBeenCalled();
-    });
-  });
-
-  describe('Cache miss scenario', () => {
-    it('should fetch from API when cache is empty', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      const config: MCPIConfig = {
-        environment: 'production',
-        identity: { enabled: true, environment: 'production' }
-      };
-
-      mockFetch.mockResolvedValue({
-        ok: true,
-        json: async () => ({ success: true, data: config })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toEqual(config);
-      expect(mockCache.set).toHaveBeenCalled();
-    });
-
-    it('should use agentDid when projectId not available', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      const config: MCPIConfig = {
-        environment: 'production'
-      };
-
-      mockFetch.mockResolvedValue({
-        ok: true,
-        json: async () => ({ success: true, data: config })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        agentDid: 'did:key:test',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toEqual(config);
-      expect(mockCache.get).toHaveBeenCalledWith('config:agent:did:key:test');
-    });
-  });
-
-  describe('Error handling', () => {
-    it('should return null if API request fails', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      mockFetch.mockResolvedValue({
-        ok: false,
-        status: 404,
-        statusText: 'Not Found'
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toBeNull();
-    });
-
-    it('should return null if API throws error', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      mockFetch.mockRejectedValue(new Error('Network error'));
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toBeNull();
-    });
-
-    it('should return null if neither projectId nor agentDid provided', async () => {
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toBeNull();
-      expect(mockFetch).not.toHaveBeenCalled();
-    });
-
-    it('should handle cache read errors gracefully', async () => {
-      vi.mocked(mockCache.get).mockRejectedValue(new Error('Cache error'));
-
-      const config: MCPIConfig = {
-        environment: 'production'
-      };
-
-      mockFetch.mockResolvedValue({
-        ok: true,
-        json: async () => ({ success: true, data: config })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result = await fetchRemoteConfig(options, mockCache);
-
-      expect(result).toEqual(config);
-    });
-  });
-
-  describe('Response format handling', () => {
-    it('should handle different API response formats', async () => {
-      vi.mocked(mockCache.get).mockResolvedValue(null);
-
-      const config: MCPIConfig = {
-        environment: 'production'
-      };
-
-      // Format 1: { config: {...} }
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        json: async () => ({ config })
-      } as Response);
-
-      const options: RemoteConfigOptions = {
-        apiUrl: 'https://kya.vouched.id',
-        apiKey: 'test-key',
-        projectId: 'test-project',
-        fetchProvider: mockFetch
-      };
-
-      const result1 = await fetchRemoteConfig(options, mockCache);
-      expect(result1).toEqual(config);
-
-      // Format 2: { data: { config: {...} } }
-      mockCache.get.mockResolvedValue(null);
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        json: async () => ({ data: { config } })
-      } as Response);
-
-      const result2 = await fetchRemoteConfig(options, mockCache);
-      expect(result2).toEqual(config);
-
-      // Format 3: { success: true, data: {...} }
-      mockCache.get.mockResolvedValue(null);
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        json: async () => ({ success: true, data: config })
-      } as Response);
-
-      const result3 = await fetchRemoteConfig(options, mockCache);
-      expect(result3).toEqual(config);
-    });
-  });
-});
-