npm - @kya-os/mcp-i-core - Versions diffs - 1.3.13 → 1.3.15 - Mend

@kya-os/mcp-i-core 1.3.13 → 1.3.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

package/dist/config/remote-config.js +9 -12
package/dist/runtime/base.d.ts +2 -1
package/dist/runtime/base.js +34 -6
package/dist/services/access-control.service.js +5 -0
package/dist/services/tool-protection.service.js +17 -8
package/package.json +2 -2
package/.turbo/turbo-build.log +0 -4
package/.turbo/turbo-test$colon$coverage.log +0 -4586
package/.turbo/turbo-test.log +0 -4631
package/COMPLIANCE_IMPROVEMENT_REPORT.md +0 -483
package/Composer 3.md +0 -615
package/GPT-5.md +0 -1169
package/OPUS-plan.md +0 -352
package/PHASE_3_AND_4.1_SUMMARY.md +0 -585
package/PHASE_3_SUMMARY.md +0 -317
package/PHASE_4.1.3_SUMMARY.md +0 -428
package/PHASE_4.1_COMPLETE.md +0 -525
package/PHASE_4_USER_DID_IDENTITY_LINKING_PLAN.md +0 -1240
package/SCHEMA_COMPLIANCE_REPORT.md +0 -275
package/TEST_PLAN.md +0 -571
package/coverage/coverage-final.json +0 -60
package/dist/cache/oauth-config-cache.d.ts.map +0 -1
package/dist/cache/oauth-config-cache.js.map +0 -1
package/dist/cache/tool-protection-cache.d.ts.map +0 -1
package/dist/cache/tool-protection-cache.js.map +0 -1
package/dist/compliance/index.d.ts.map +0 -1
package/dist/compliance/index.js.map +0 -1
package/dist/compliance/schema-registry.d.ts.map +0 -1
package/dist/compliance/schema-registry.js.map +0 -1
package/dist/compliance/schema-verifier.d.ts.map +0 -1
package/dist/compliance/schema-verifier.js.map +0 -1
package/dist/config/remote-config.d.ts.map +0 -1
package/dist/config/remote-config.js.map +0 -1
package/dist/config.d.ts.map +0 -1
package/dist/config.js.map +0 -1
package/dist/delegation/audience-validator.d.ts.map +0 -1
package/dist/delegation/audience-validator.js.map +0 -1
package/dist/delegation/bitstring.d.ts.map +0 -1
package/dist/delegation/bitstring.js.map +0 -1
package/dist/delegation/cascading-revocation.d.ts.map +0 -1
package/dist/delegation/cascading-revocation.js.map +0 -1
package/dist/delegation/delegation-graph.d.ts.map +0 -1
package/dist/delegation/delegation-graph.js.map +0 -1
package/dist/delegation/did-key-resolver.d.ts.map +0 -1
package/dist/delegation/did-key-resolver.js.map +0 -1
package/dist/delegation/index.d.ts.map +0 -1
package/dist/delegation/index.js.map +0 -1
package/dist/delegation/statuslist-manager.d.ts.map +0 -1
package/dist/delegation/statuslist-manager.js.map +0 -1
package/dist/delegation/storage/index.d.ts.map +0 -1
package/dist/delegation/storage/index.js.map +0 -1
package/dist/delegation/storage/memory-graph-storage.d.ts.map +0 -1
package/dist/delegation/storage/memory-graph-storage.js.map +0 -1
package/dist/delegation/storage/memory-statuslist-storage.d.ts.map +0 -1
package/dist/delegation/storage/memory-statuslist-storage.js.map +0 -1
package/dist/delegation/utils.d.ts.map +0 -1
package/dist/delegation/utils.js.map +0 -1
package/dist/delegation/vc-issuer.d.ts.map +0 -1
package/dist/delegation/vc-issuer.js.map +0 -1
package/dist/delegation/vc-verifier.d.ts.map +0 -1
package/dist/delegation/vc-verifier.js.map +0 -1
package/dist/identity/idp-token-resolver.d.ts.map +0 -1
package/dist/identity/idp-token-resolver.js.map +0 -1
package/dist/identity/idp-token-storage.interface.d.ts.map +0 -1
package/dist/identity/idp-token-storage.interface.js.map +0 -1
package/dist/identity/user-did-manager.d.ts.map +0 -1
package/dist/identity/user-did-manager.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/index.js.map +0 -1
package/dist/providers/base.d.ts.map +0 -1
package/dist/providers/base.js.map +0 -1
package/dist/providers/memory.d.ts.map +0 -1
package/dist/providers/memory.js.map +0 -1
package/dist/runtime/audit-logger.d.ts.map +0 -1
package/dist/runtime/audit-logger.js.map +0 -1
package/dist/runtime/base.d.ts.map +0 -1
package/dist/runtime/base.js.map +0 -1
package/dist/services/access-control.service.d.ts.map +0 -1
package/dist/services/access-control.service.js.map +0 -1
package/dist/services/authorization/authorization-registry.d.ts.map +0 -1
package/dist/services/authorization/authorization-registry.js.map +0 -1
package/dist/services/authorization/types.d.ts.map +0 -1
package/dist/services/authorization/types.js.map +0 -1
package/dist/services/batch-delegation.service.d.ts.map +0 -1
package/dist/services/batch-delegation.service.js.map +0 -1
package/dist/services/crypto.service.d.ts.map +0 -1
package/dist/services/crypto.service.js.map +0 -1
package/dist/services/errors.d.ts.map +0 -1
package/dist/services/errors.js.map +0 -1
package/dist/services/index.d.ts.map +0 -1
package/dist/services/index.js.map +0 -1
package/dist/services/oauth-config.service.d.ts.map +0 -1
package/dist/services/oauth-config.service.js.map +0 -1
package/dist/services/oauth-provider-registry.d.ts.map +0 -1
package/dist/services/oauth-provider-registry.js.map +0 -1
package/dist/services/oauth-service.d.ts.map +0 -1
package/dist/services/oauth-service.js.map +0 -1
package/dist/services/oauth-token-retrieval.service.d.ts.map +0 -1
package/dist/services/oauth-token-retrieval.service.js.map +0 -1
package/dist/services/proof-verifier.d.ts.map +0 -1
package/dist/services/proof-verifier.js.map +0 -1
package/dist/services/provider-resolver.d.ts.map +0 -1
package/dist/services/provider-resolver.js.map +0 -1
package/dist/services/provider-validator.d.ts.map +0 -1
package/dist/services/provider-validator.js.map +0 -1
package/dist/services/session-registration.service.d.ts.map +0 -1
package/dist/services/session-registration.service.js.map +0 -1
package/dist/services/storage.service.d.ts.map +0 -1
package/dist/services/storage.service.js.map +0 -1
package/dist/services/tool-context-builder.d.ts.map +0 -1
package/dist/services/tool-context-builder.js.map +0 -1
package/dist/services/tool-protection.service.d.ts.map +0 -1
package/dist/services/tool-protection.service.js.map +0 -1
package/dist/types/oauth-required-error.d.ts.map +0 -1
package/dist/types/oauth-required-error.js.map +0 -1
package/dist/types/tool-protection.d.ts.map +0 -1
package/dist/types/tool-protection.js.map +0 -1
package/dist/utils/base58.d.ts.map +0 -1
package/dist/utils/base58.js.map +0 -1
package/dist/utils/base64.d.ts.map +0 -1
package/dist/utils/base64.js.map +0 -1
package/dist/utils/cors.d.ts.map +0 -1
package/dist/utils/cors.js.map +0 -1
package/dist/utils/did-helpers.d.ts.map +0 -1
package/dist/utils/did-helpers.js.map +0 -1
package/dist/utils/index.d.ts.map +0 -1
package/dist/utils/index.js.map +0 -1
package/dist/utils/storage-keys.d.ts.map +0 -1
package/dist/utils/storage-keys.js.map +0 -1
package/docs/API_REFERENCE.md +0 -1362
package/docs/COMPLIANCE_MATRIX.md +0 -691
package/docs/STATUSLIST2021_GUIDE.md +0 -696
package/docs/W3C_VC_DELEGATION_GUIDE.md +0 -710
package/src/__tests__/cache/tool-protection-cache.test.ts +0 -640
package/src/__tests__/config/provider-runtime-config.test.ts +0 -309
package/src/__tests__/delegation-e2e.test.ts +0 -690
package/src/__tests__/identity/user-did-manager.test.ts +0 -232
package/src/__tests__/index.test.ts +0 -56
package/src/__tests__/integration/full-flow.test.ts +0 -789
package/src/__tests__/integration.test.ts +0 -281
package/src/__tests__/providers/base.test.ts +0 -173
package/src/__tests__/providers/memory.test.ts +0 -319
package/src/__tests__/regression/phase2-regression.test.ts +0 -429
package/src/__tests__/runtime/audit-logger.test.ts +0 -154
package/src/__tests__/runtime/base-extensions.test.ts +0 -595
package/src/__tests__/runtime/base.test.ts +0 -869
package/src/__tests__/runtime/delegation-flow.test.ts +0 -164
package/src/__tests__/runtime/proof-client-did.test.ts +0 -376
package/src/__tests__/runtime/route-interception.test.ts +0 -686
package/src/__tests__/runtime/tool-protection-enforcement.test.ts +0 -908
package/src/__tests__/services/agentshield-integration.test.ts +0 -791
package/src/__tests__/services/cache-busting.test.ts +0 -125
package/src/__tests__/services/oauth-service-pkce.test.ts +0 -556
package/src/__tests__/services/provider-resolver-edge-cases.test.ts +0 -591
package/src/__tests__/services/tool-protection-merged-config.test.ts +0 -485
package/src/__tests__/services/tool-protection-oauth-provider.test.ts +0 -480
package/src/__tests__/services/tool-protection.service.test.ts +0 -1373
package/src/__tests__/utils/mock-providers.ts +0 -340
package/src/cache/oauth-config-cache.d.ts +0 -69
package/src/cache/oauth-config-cache.d.ts.map +0 -1
package/src/cache/oauth-config-cache.js.map +0 -1
package/src/cache/oauth-config-cache.ts +0 -123
package/src/cache/tool-protection-cache.ts +0 -171
package/src/compliance/EXAMPLE.md +0 -412
package/src/compliance/__tests__/schema-verifier.test.ts +0 -797
package/src/compliance/index.ts +0 -8
package/src/compliance/schema-registry.ts +0 -460
package/src/compliance/schema-verifier.ts +0 -708
package/src/config/__tests__/merged-config.spec.ts +0 -445
package/src/config/__tests__/remote-config.spec.ts +0 -268
package/src/config/remote-config.ts +0 -264
package/src/config.ts +0 -312
package/src/delegation/__tests__/audience-validator.test.ts +0 -112
package/src/delegation/__tests__/bitstring.test.ts +0 -346
package/src/delegation/__tests__/cascading-revocation.test.ts +0 -628
package/src/delegation/__tests__/delegation-graph.test.ts +0 -584
package/src/delegation/__tests__/did-key-resolver.test.ts +0 -265
package/src/delegation/__tests__/utils.test.ts +0 -152
package/src/delegation/__tests__/vc-issuer.test.ts +0 -442
package/src/delegation/__tests__/vc-verifier.test.ts +0 -922
package/src/delegation/audience-validator.ts +0 -52
package/src/delegation/bitstring.ts +0 -278
package/src/delegation/cascading-revocation.ts +0 -370
package/src/delegation/delegation-graph.ts +0 -299
package/src/delegation/did-key-resolver.ts +0 -179
package/src/delegation/index.ts +0 -14
package/src/delegation/statuslist-manager.ts +0 -353
package/src/delegation/storage/__tests__/memory-graph-storage.test.ts +0 -366
package/src/delegation/storage/__tests__/memory-statuslist-storage.test.ts +0 -228
package/src/delegation/storage/index.ts +0 -9
package/src/delegation/storage/memory-graph-storage.ts +0 -178
package/src/delegation/storage/memory-statuslist-storage.ts +0 -77
package/src/delegation/utils.ts +0 -221
package/src/delegation/vc-issuer.ts +0 -232
package/src/delegation/vc-verifier.ts +0 -568
package/src/identity/idp-token-resolver.ts +0 -181
package/src/identity/idp-token-storage.interface.ts +0 -94
package/src/identity/user-did-manager.ts +0 -526
package/src/index.ts +0 -310
package/src/providers/base.d.ts +0 -91
package/src/providers/base.d.ts.map +0 -1
package/src/providers/base.js.map +0 -1
package/src/providers/base.ts +0 -96
package/src/providers/memory.ts +0 -142
package/src/runtime/audit-logger.ts +0 -39
package/src/runtime/base.ts +0 -1392
package/src/services/__tests__/access-control.integration.test.ts +0 -443
package/src/services/__tests__/access-control.proof-response-validation.test.ts +0 -578
package/src/services/__tests__/access-control.service.test.ts +0 -970
package/src/services/__tests__/batch-delegation.service.test.ts +0 -351
package/src/services/__tests__/crypto.service.test.ts +0 -531
package/src/services/__tests__/oauth-provider-registry.test.ts +0 -142
package/src/services/__tests__/proof-verifier.integration.test.ts +0 -485
package/src/services/__tests__/proof-verifier.test.ts +0 -489
package/src/services/__tests__/provider-resolution.integration.test.ts +0 -202
package/src/services/__tests__/provider-resolver.test.ts +0 -213
package/src/services/__tests__/storage.service.test.ts +0 -358
package/src/services/access-control.service.ts +0 -990
package/src/services/authorization/authorization-registry.ts +0 -66
package/src/services/authorization/types.ts +0 -71
package/src/services/batch-delegation.service.ts +0 -137
package/src/services/crypto.service.ts +0 -302
package/src/services/errors.ts +0 -76
package/src/services/index.ts +0 -18
package/src/services/oauth-config.service.d.ts +0 -53
package/src/services/oauth-config.service.d.ts.map +0 -1
package/src/services/oauth-config.service.js.map +0 -1
package/src/services/oauth-config.service.ts +0 -192
package/src/services/oauth-provider-registry.d.ts +0 -57
package/src/services/oauth-provider-registry.d.ts.map +0 -1
package/src/services/oauth-provider-registry.js.map +0 -1
package/src/services/oauth-provider-registry.ts +0 -141
package/src/services/oauth-service.ts +0 -544
package/src/services/oauth-token-retrieval.service.ts +0 -245
package/src/services/proof-verifier.ts +0 -478
package/src/services/provider-resolver.d.ts +0 -48
package/src/services/provider-resolver.d.ts.map +0 -1
package/src/services/provider-resolver.js.map +0 -1
package/src/services/provider-resolver.ts +0 -146
package/src/services/provider-validator.ts +0 -170
package/src/services/session-registration.service.ts +0 -251
package/src/services/storage.service.ts +0 -566
package/src/services/tool-context-builder.ts +0 -237
package/src/services/tool-protection.service.ts +0 -1070
package/src/types/oauth-required-error.ts +0 -63
package/src/types/tool-protection.ts +0 -155
package/src/utils/__tests__/did-helpers.test.ts +0 -156
package/src/utils/base58.ts +0 -109
package/src/utils/base64.ts +0 -148
package/src/utils/cors.ts +0 -83
package/src/utils/did-helpers.ts +0 -210
package/src/utils/index.ts +0 -8
package/src/utils/storage-keys.ts +0 -278
package/tsconfig.json +0 -21
package/vitest.config.ts +0 -56

package/src/services/__tests__/access-control.proof-response-validation.test.ts DELETED Viewed

@@ -1,578 +0,0 @@
-/**
- * Proof Submission Response Validation Tests
- *
- * These tests verify that the proof submission response format matches
- * the schema defined in @kya-os/contracts, preventing regressions.
- *
- * CRITICAL: These tests ensure API parity between MCP-I and AgentShield/Bouncer.
- */
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import { AccessControlApiService } from "../access-control.service";
-import { proofSubmissionResponseSchema } from "@kya-os/contracts/agentshield-api";
-import type { ProofSubmissionRequest } from "@kya-os/contracts/agentshield-api";
-describe("Proof Submission Response Validation", () => {
-  let service: AccessControlApiService;
-  let mockFetch: ReturnType<typeof vi.fn>;
-  beforeEach(() => {
-    mockFetch = vi.fn();
-    service = new AccessControlApiService({
-      baseUrl: "https://kya.vouched.id",
-      apiKey: "test-api-key",
-      fetchProvider: {
-        fetch: mockFetch,
-      },
-      logger: vi.fn(),
-    });
-  });
-  describe("Wrapped Response Format (AgentShield API)", () => {
-    it("should validate wrapped response with success field in data", async () => {
-      const request: ProofSubmissionRequest = {
-        session_id: "test-session",
-        proofs: [
-          {
-            jws: "test.jws.signature",
-            meta: {
-              did: "did:key:test",
-              kid: "did:key:test#key-1",
-              ts: Date.now(),
-              nonce: "test-nonce",
-              audience: "https://kya.vouched.id",
-              sessionId: "test-session",
-              requestHash: "sha256:" + "a".repeat(64),
-              responseHash: "sha256:" + "b".repeat(64),
-              scopeId: "test:execute",
-            },
-          },
-        ],
-      };
-      // Simulate AgentShield API wrapped response
-      const wrappedResponse = {
-        success: true,
-        data: {
-          accepted: 1,
-          rejected: 0,
-          outcomes: {
-            success: 1,
-            failed: 0,
-            blocked: 0,
-            error: 0,
-          },
-        },
-        metadata: {
-          requestId: "test-request-id",
-          timestamp: new Date().toISOString(),
-        },
-      };
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        status: 200,
-        text: async () => JSON.stringify(wrappedResponse),
-        headers: new Headers(),
-      });
-      const result = await service.submitProofs(request);
-      expect(result).toMatchObject({
-        success: true,
-        accepted: 1,
-        rejected: 0,
-        outcomes: {
-          success: 1,
-          failed: 0,
-          blocked: 0,
-          error: 0,
-        },
-      });
-    });
-    it("should validate wrapped response with errors array", async () => {
-      const request: ProofSubmissionRequest = {
-        session_id: "test-session",
-        proofs: [
-          {
-            jws: "test.jws.signature",
-            meta: {
-              did: "did:key:test",
-              kid: "did:key:test#key-1",
-              ts: Date.now(),
-              nonce: "test-nonce",
-              audience: "https://kya.vouched.id",
-              sessionId: "test-session",
-              requestHash: "sha256:" + "a".repeat(64),
-              responseHash: "sha256:" + "b".repeat(64),
-              scopeId: "test:execute",
-            },
-          },
-        ],
-      };
-      const wrappedResponse = {
-        success: true,
-        data: {
-          accepted: 0,
-          rejected: 1,
-          outcomes: {
-            success: 0,
-            failed: 1,
-            blocked: 0,
-            error: 0,
-          },
-          errors: [
-            {
-              proof_index: 0,
-              error: {
-                code: "validation_error",
-                message: "Proof validation failed",
-                details: { reason: "invalid_signature" },
-              },
-            },
-          ],
-        },
-        metadata: {
-          requestId: "test-request-id",
-          timestamp: new Date().toISOString(),
-        },
-      };
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        status: 200,
-        text: async () => JSON.stringify(wrappedResponse),
-        headers: new Headers(),
-      });
-      const result = await service.submitProofs(request);
-      expect(result).toMatchObject({
-        success: true,
-        accepted: 0,
-        rejected: 1,
-        errors: [
-          {
-            proof_index: 0,
-            error: {
-              code: "validation_error",
-              message: "Proof validation failed",
-              details: { reason: "invalid_signature" },
-            },
-          },
-        ],
-      });
-    });
-    it("should validate wrapped response without outcomes (optional field)", async () => {
-      const request: ProofSubmissionRequest = {
-        session_id: "test-session",
-        proofs: [
-          {
-            jws: "test.jws.signature",
-            meta: {
-              did: "did:key:test",
-              kid: "did:key:test#key-1",
-              ts: Date.now(),
-              nonce: "test-nonce",
-              audience: "https://kya.vouched.id",
-              sessionId: "test-session",
-              requestHash: "sha256:" + "a".repeat(64),
-              responseHash: "sha256:" + "b".repeat(64),
-              scopeId: "test:execute",
-            },
-          },
-        ],
-      };
-      // Response without outcomes (should be valid per schema)
-      const wrappedResponse = {
-        success: true,
-        data: {
-          accepted: 1,
-          rejected: 0,
-          // outcomes omitted - should still validate
-        },
-        metadata: {
-          requestId: "test-request-id",
-          timestamp: new Date().toISOString(),
-        },
-      };
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        status: 200,
-        text: async () => JSON.stringify(wrappedResponse),
-        headers: new Headers(),
-      });
-      const result = await service.submitProofs(request);
-      expect(result).toMatchObject({
-        success: true,
-        accepted: 1,
-        rejected: 0,
-      });
-      // outcomes should be undefined or present, but not required
-      expect(result.outcomes).toBeUndefined();
-    });
-    it("should throw validation error if data object missing success field", async () => {
-      const request: ProofSubmissionRequest = {
-        session_id: "test-session",
-        proofs: [
-          {
-            jws: "test.jws.signature",
-            meta: {
-              did: "did:key:test",
-              kid: "did:key:test#key-1",
-              ts: Date.now(),
-              nonce: "test-nonce",
-              audience: "https://kya.vouched.id",
-              sessionId: "test-session",
-              requestHash: "sha256:" + "a".repeat(64),
-              responseHash: "sha256:" + "b".repeat(64),
-              scopeId: "test:execute",
-            },
-          },
-        ],
-      };
-      // Response where data object doesn't have success (should be added by service)
-      const wrappedResponse = {
-        success: true,
-        data: {
-          // Missing success field - service should add it
-          accepted: 1,
-          rejected: 0,
-          outcomes: {
-            success: 1,
-            failed: 0,
-            blocked: 0,
-            error: 0,
-          },
-        },
-        metadata: {
-          requestId: "test-request-id",
-          timestamp: new Date().toISOString(),
-        },
-      };
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        status: 200,
-        text: async () => JSON.stringify(wrappedResponse),
-        headers: new Headers(),
-      });
-      // Should succeed because service adds success field
-      const result = await service.submitProofs(request);
-      expect(result.success).toBe(true);
-    });
-    it("should validate schema directly matches AgentShield response format", () => {
-      // This test ensures the schema matches what AgentShield actually returns
-      const agentShieldResponseData = {
-        success: true,
-        accepted: 1,
-        rejected: 0,
-        outcomes: {
-          success: 1,
-          failed: 0,
-          blocked: 0,
-          error: 0,
-        },
-      };
-      const validation = proofSubmissionResponseSchema.safeParse(
-        agentShieldResponseData
-      );
-      expect(validation.success).toBe(true);
-      if (validation.success) {
-        expect(validation.data).toMatchObject(agentShieldResponseData);
-      }
-    });
-    it("should validate schema with errors array matches AgentShield format", () => {
-      const agentShieldResponseData = {
-        success: true,
-        accepted: 0,
-        rejected: 1,
-        outcomes: {
-          success: 0,
-          failed: 1,
-          blocked: 0,
-          error: 0,
-        },
-        errors: [
-          {
-            proof_index: 0,
-            error: {
-              code: "validation_error",
-              message: "Proof validation failed",
-              details: { reason: "invalid_signature" },
-            },
-          },
-        ],
-      };
-      const validation = proofSubmissionResponseSchema.safeParse(
-        agentShieldResponseData
-      );
-      expect(validation.success).toBe(true);
-      if (validation.success) {
-        expect(validation.data.errors).toHaveLength(1);
-        expect(validation.data.errors![0].proof_index).toBe(0);
-        expect(validation.data.errors![0].error.code).toBe("validation_error");
-      }
-    });
-  });
-  describe("Regression Prevention", () => {
-    it("should prevent regression: missing success field in data", () => {
-      // This test ensures we catch if AgentShield changes response format
-      const responseWithoutSuccess = {
-        accepted: 1,
-        rejected: 0,
-        outcomes: {
-          success: 1,
-          failed: 0,
-          blocked: 0,
-          error: 0,
-        },
-      };
-      const validation = proofSubmissionResponseSchema.safeParse(
-        responseWithoutSuccess
-      );
-      expect(validation.success).toBe(false);
-      if (!validation.success) {
-        expect(
-          validation.error.errors.some((e) => e.path.includes("success"))
-        ).toBe(true);
-      }
-    });
-    it("should prevent regression: wrong type for accepted/rejected", () => {
-      const invalidResponse = {
-        success: true,
-        accepted: "1", // Should be number
-        rejected: "0", // Should be number
-        outcomes: {
-          success: 1,
-          failed: 0,
-          blocked: 0,
-          error: 0,
-        },
-      };
-      const validation =
-        proofSubmissionResponseSchema.safeParse(invalidResponse);
-      expect(validation.success).toBe(false);
-    });
-    it("should prevent regression: missing required fields", () => {
-      const incompleteResponse = {
-        success: true,
-        // Missing accepted
-        rejected: 0,
-        outcomes: {
-          success: 1,
-          failed: 0,
-          blocked: 0,
-          error: 0,
-        },
-      };
-      const validation =
-        proofSubmissionResponseSchema.safeParse(incompleteResponse);
-      expect(validation.success).toBe(false);
-      if (!validation.success) {
-        expect(
-          validation.error.errors.some((e) => e.path.includes("accepted"))
-        ).toBe(true);
-      }
-    });
-  });
-  describe("JSON Deep Clone Fix (Cloudflare Workers Edge Case)", () => {
-    it("should correctly extract data from wrapped response after JSON deep clone", async () => {
-      const request: ProofSubmissionRequest = {
-        session_id: "test-session",
-        proofs: [
-          {
-            jws: "test.jws.signature",
-            meta: {
-              did: "did:key:test",
-              kid: "did:key:test#key-1",
-              ts: Date.now(),
-              nonce: "test-nonce",
-              audience: "https://kya.vouched.id",
-              sessionId: "test-session",
-              requestHash: "sha256:" + "a".repeat(64),
-              responseHash: "sha256:" + "b".repeat(64),
-              scopeId: "test:execute",
-            },
-          },
-        ],
-      };
-      // Simulate the exact response format from AgentShield API
-      // This matches the format seen in production logs
-      const wrappedResponse = {
-        success: true,
-        data: {
-          accepted: 1,
-          rejected: 0,
-          outcomes: {
-            success: 1,
-          },
-          errors: [],
-        },
-        metadata: {
-          requestId: "fc1fa88f-9b22-4161-b4fd-17d8215098ee",
-          timestamp: "2025-11-24T21:36:33.029Z",
-        },
-      };
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        status: 200,
-        text: async () => JSON.stringify(wrappedResponse),
-        headers: new Headers(),
-      });
-      const result = await service.submitProofs(request);
-      // Verify all fields are correctly extracted
-      expect(result.success).toBe(true);
-      expect(result.accepted).toBe(1);
-      expect(result.rejected).toBe(0);
-      expect(result.outcomes).toEqual({ success: 1 });
-      expect(result.errors).toEqual([]);
-    });
-    it("should handle response where data fields are numeric values (not undefined)", async () => {
-      const request: ProofSubmissionRequest = {
-        session_id: "test-session",
-        proofs: [
-          {
-            jws: "test.jws.signature",
-            meta: {
-              did: "did:key:test",
-              kid: "did:key:test#key-1",
-              ts: Date.now(),
-              nonce: "test-nonce",
-              audience: "https://kya.vouched.id",
-              sessionId: "test-session",
-              requestHash: "sha256:" + "a".repeat(64),
-              responseHash: "sha256:" + "b".repeat(64),
-              scopeId: "test:execute",
-            },
-          },
-        ],
-      };
-      // Test with zero values (edge case for falsy check)
-      const wrappedResponse = {
-        success: true,
-        data: {
-          accepted: 0,
-          rejected: 0,
-          outcomes: {},
-          errors: [],
-        },
-        metadata: {
-          requestId: "test-id",
-          timestamp: new Date().toISOString(),
-        },
-      };
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        status: 200,
-        text: async () => JSON.stringify(wrappedResponse),
-        headers: new Headers(),
-      });
-      const result = await service.submitProofs(request);
-      // Verify zero values are correctly extracted (not treated as undefined)
-      expect(result.success).toBe(true);
-      expect(result.accepted).toBe(0);
-      expect(result.rejected).toBe(0);
-    });
-    it("should handle response with nested outcomes object", async () => {
-      const request: ProofSubmissionRequest = {
-        session_id: "test-session",
-        proofs: [
-          {
-            jws: "test.jws.signature",
-            meta: {
-              did: "did:key:test",
-              kid: "did:key:test#key-1",
-              ts: Date.now(),
-              nonce: "test-nonce",
-              audience: "https://kya.vouched.id",
-              sessionId: "test-session",
-              requestHash: "sha256:" + "a".repeat(64),
-              responseHash: "sha256:" + "b".repeat(64),
-              scopeId: "test:execute",
-            },
-          },
-        ],
-      };
-      // Test with various outcome types
-      const wrappedResponse = {
-        success: true,
-        data: {
-          accepted: 3,
-          rejected: 2,
-          outcomes: {
-            success: 1,
-            failed: 1,
-            blocked: 1,
-            error: 2,
-          },
-          errors: [
-            {
-              proof_index: 0,
-              error: {
-                code: "validation_error",
-                message: "Invalid signature",
-              },
-            },
-          ],
-        },
-        metadata: {
-          requestId: "test-id",
-          timestamp: new Date().toISOString(),
-        },
-      };
-      mockFetch.mockResolvedValueOnce({
-        ok: true,
-        status: 200,
-        text: async () => JSON.stringify(wrappedResponse),
-        headers: new Headers(),
-      });
-      const result = await service.submitProofs(request);
-      expect(result.accepted).toBe(3);
-      expect(result.rejected).toBe(2);
-      expect(result.outcomes).toEqual({
-        success: 1,
-        failed: 1,
-        blocked: 1,
-        error: 2,
-      });
-      expect(result.errors).toHaveLength(1);
-      expect(result.errors![0].proof_index).toBe(0);
-    });
-  });
-});