@kya-os/mcp-i-core 1.3.2 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +1 -1
- package/.turbo/turbo-test$colon$coverage.log +2530 -2522
- package/.turbo/turbo-test.log +1635 -1635
- package/coverage/coverage-final.json +1 -1
- package/dist/services/oauth-config.service.d.ts.map +1 -1
- package/dist/services/oauth-config.service.js +27 -5
- package/dist/services/oauth-config.service.js.map +1 -1
- package/dist/services/tool-protection.service.d.ts +16 -12
- package/dist/services/tool-protection.service.d.ts.map +1 -1
- package/dist/services/tool-protection.service.js +134 -24
- package/dist/services/tool-protection.service.js.map +1 -1
- package/package.json +1 -1
- package/src/__tests__/services/cache-busting.test.ts +125 -0
- package/src/services/oauth-config.service.ts +28 -5
- package/src/services/tool-protection.service.ts +160 -25
- package/src/__tests__/services/cache-no-warming.test.ts +0 -177
package/.turbo/turbo-test.log
CHANGED
|
@@ -1,545 +1,339 @@
|
|
|
1
1
|
|
|
2
|
-
> @kya-os/mcp-i-core@1.3.
|
|
2
|
+
> @kya-os/mcp-i-core@1.3.3 test /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core
|
|
3
3
|
> vitest run
|
|
4
4
|
|
|
5
5
|
|
|
6
6
|
RUN v4.0.5 /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core
|
|
7
7
|
|
|
8
|
-
stdout | src/__tests__/services/
|
|
8
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use X-API-Key header for new endpoint
|
|
9
9
|
[ToolProtectionService] Config loaded from API {
|
|
10
10
|
source: 'api',
|
|
11
|
-
toolCount:
|
|
12
|
-
protectedTools: [
|
|
11
|
+
toolCount: 0,
|
|
12
|
+
protectedTools: [],
|
|
13
13
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
14
14
|
projectId: 'test-project-123',
|
|
15
15
|
cacheTtlMs: 300000,
|
|
16
|
-
cacheExpiresAt: '2025-11-
|
|
16
|
+
cacheExpiresAt: '2025-11-25T08:32:25.132Z'
|
|
17
17
|
}
|
|
18
18
|
|
|
19
|
-
stdout | src/__tests__/services/
|
|
19
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use Authorization Bearer header for old endpoint
|
|
20
20
|
[ToolProtectionService] Config loaded from API {
|
|
21
21
|
source: 'api',
|
|
22
|
-
toolCount:
|
|
23
|
-
protectedTools: [
|
|
22
|
+
toolCount: 0,
|
|
23
|
+
protectedTools: [],
|
|
24
24
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
25
|
-
projectId: '
|
|
25
|
+
projectId: 'none',
|
|
26
26
|
cacheTtlMs: 300000,
|
|
27
|
-
cacheExpiresAt: '2025-11-
|
|
27
|
+
cacheExpiresAt: '2025-11-25T08:32:25.137Z'
|
|
28
28
|
}
|
|
29
29
|
|
|
30
|
-
stdout | src/__tests__/services/
|
|
30
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use project-scoped endpoint when projectId is available
|
|
31
31
|
[ToolProtectionService] Config loaded from API {
|
|
32
32
|
source: 'api',
|
|
33
|
-
toolCount:
|
|
34
|
-
protectedTools: [
|
|
33
|
+
toolCount: 0,
|
|
34
|
+
protectedTools: [],
|
|
35
35
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
36
36
|
projectId: 'test-project-123',
|
|
37
37
|
cacheTtlMs: 300000,
|
|
38
|
-
cacheExpiresAt: '2025-11-
|
|
38
|
+
cacheExpiresAt: '2025-11-25T08:32:25.139Z'
|
|
39
39
|
}
|
|
40
40
|
|
|
41
|
-
stdout | src/__tests__/services/
|
|
41
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use agent-scoped endpoint when projectId is not available
|
|
42
42
|
[ToolProtectionService] Config loaded from API {
|
|
43
43
|
source: 'api',
|
|
44
|
-
toolCount:
|
|
45
|
-
protectedTools: [
|
|
44
|
+
toolCount: 0,
|
|
45
|
+
protectedTools: [],
|
|
46
46
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
47
|
-
projectId: '
|
|
47
|
+
projectId: 'none',
|
|
48
48
|
cacheTtlMs: 300000,
|
|
49
|
-
cacheExpiresAt: '2025-11-
|
|
49
|
+
cacheExpiresAt: '2025-11-25T08:32:25.140Z'
|
|
50
50
|
}
|
|
51
51
|
|
|
52
|
-
stdout | src/__tests__/services/
|
|
52
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode projectId in URL
|
|
53
53
|
[ToolProtectionService] Config loaded from API {
|
|
54
54
|
source: 'api',
|
|
55
|
-
toolCount:
|
|
56
|
-
protectedTools: [
|
|
55
|
+
toolCount: 0,
|
|
56
|
+
protectedTools: [],
|
|
57
57
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
58
|
-
projectId: '
|
|
58
|
+
projectId: 'project/with/special-chars',
|
|
59
59
|
cacheTtlMs: 300000,
|
|
60
|
-
cacheExpiresAt: '2025-11-
|
|
60
|
+
cacheExpiresAt: '2025-11-25T08:32:25.140Z'
|
|
61
61
|
}
|
|
62
62
|
|
|
63
|
-
stdout | src/__tests__/services/
|
|
63
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode agent DID in URL
|
|
64
64
|
[ToolProtectionService] Config loaded from API {
|
|
65
65
|
source: 'api',
|
|
66
|
-
toolCount:
|
|
67
|
-
protectedTools: [
|
|
66
|
+
toolCount: 0,
|
|
67
|
+
protectedTools: [],
|
|
68
68
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
69
69
|
projectId: 'none',
|
|
70
70
|
cacheTtlMs: 300000,
|
|
71
|
-
cacheExpiresAt: '2025-11-
|
|
71
|
+
cacheExpiresAt: '2025-11-25T08:32:25.141Z'
|
|
72
72
|
}
|
|
73
73
|
|
|
74
|
-
stdout | src/__tests__/services/
|
|
74
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle new endpoint format (toolProtections object)
|
|
75
75
|
[ToolProtectionService] Config loaded from API {
|
|
76
76
|
source: 'api',
|
|
77
77
|
toolCount: 2,
|
|
78
|
-
protectedTools: [ '
|
|
78
|
+
protectedTools: [ 'checkout' ],
|
|
79
79
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
80
|
-
projectId: '
|
|
80
|
+
projectId: 'test-project-123',
|
|
81
81
|
cacheTtlMs: 300000,
|
|
82
|
-
cacheExpiresAt: '2025-11-
|
|
82
|
+
cacheExpiresAt: '2025-11-25T08:32:25.143Z'
|
|
83
83
|
}
|
|
84
84
|
|
|
85
|
-
stdout | src/__tests__/services/
|
|
85
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools array)
|
|
86
86
|
[ToolProtectionService] Config loaded from API {
|
|
87
87
|
source: 'api',
|
|
88
88
|
toolCount: 2,
|
|
89
|
-
protectedTools: [ '
|
|
89
|
+
protectedTools: [ 'checkout' ],
|
|
90
90
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
91
91
|
projectId: 'none',
|
|
92
92
|
cacheTtlMs: 300000,
|
|
93
|
-
cacheExpiresAt: '2025-11-
|
|
93
|
+
cacheExpiresAt: '2025-11-25T08:32:25.144Z'
|
|
94
94
|
}
|
|
95
95
|
|
|
96
|
-
stdout | src/__tests__/services/
|
|
96
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle old endpoint format (tools object)
|
|
97
97
|
[ToolProtectionService] Config loaded from API {
|
|
98
98
|
source: 'api',
|
|
99
99
|
toolCount: 2,
|
|
100
|
-
protectedTools: [ '
|
|
100
|
+
protectedTools: [ 'checkout' ],
|
|
101
101
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
102
102
|
projectId: 'none',
|
|
103
103
|
cacheTtlMs: 300000,
|
|
104
|
-
cacheExpiresAt: '2025-11-
|
|
105
|
-
}
|
|
106
|
-
|
|
107
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
|
|
108
|
-
[ToolProtectionService] Cache miss, fetching from API {
|
|
109
|
-
source: 'api-fetch-start',
|
|
110
|
-
cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
|
|
111
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
112
|
-
projectId: 'none',
|
|
113
|
-
apiUrl: 'https://kya.vouched.id',
|
|
114
|
-
endpoint: '/api/v1/bouncer/config?agent_did=did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
|
|
115
|
-
}
|
|
116
|
-
[ToolProtectionService] Fetching from API: https://kya.vouched.id/api/v1/bouncer/config?agent_did=did%3Akey%3Az6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK {
|
|
117
|
-
method: 'config?agent_did (old)',
|
|
118
|
-
projectId: 'none',
|
|
119
|
-
apiKeyPresent: true,
|
|
120
|
-
apiKeyLength: 18,
|
|
121
|
-
apiKeyMasked: 'test-api...'
|
|
122
|
-
}
|
|
123
|
-
|
|
124
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
|
|
125
|
-
[ToolProtectionService] API response received {
|
|
126
|
-
source: 'api-fetch-complete',
|
|
127
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
128
|
-
projectId: 'none',
|
|
129
|
-
responseKeys: [ 'success', 'data', 'metadata' ],
|
|
130
|
-
dataKeys: [ 'tools' ],
|
|
131
|
-
rawToolProtections: null,
|
|
132
|
-
rawTools: [
|
|
133
|
-
{ name: 'valid_tool', requiresDelegation: true },
|
|
134
|
-
{ requiresDelegation: false }
|
|
135
|
-
],
|
|
136
|
-
responseMetadata: {}
|
|
104
|
+
cacheExpiresAt: '2025-11-25T08:32:25.144Z'
|
|
137
105
|
}
|
|
138
106
|
|
|
139
|
-
stdout | src/__tests__/services/
|
|
107
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle snake_case field names
|
|
140
108
|
[ToolProtectionService] Config loaded from API {
|
|
109
|
+
stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Error Handling > should handle network timeout
|
|
141
110
|
source: 'api',
|
|
142
111
|
toolCount: 1,
|
|
143
|
-
|
|
112
|
+
[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
|
|
113
|
+
protectedTools: [ 'tool1' ],
|
|
114
|
+
|
|
144
115
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
145
|
-
projectId: '
|
|
116
|
+
projectId: 'test-project-123',
|
|
117
|
+
stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Fallback Behavior > should cache fallback config
|
|
146
118
|
cacheTtlMs: 300000,
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
[ToolProtectionService] API fetch successful, config cached {
|
|
150
|
-
source: 'cache-write',
|
|
151
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
152
|
-
cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
|
|
153
|
-
toolCount: 1,
|
|
154
|
-
tools: [ { name: 'valid_tool', requiresDelegation: true, scopeCount: 0 } ],
|
|
155
|
-
ttlMs: 300000,
|
|
156
|
-
ttlMinutes: 5,
|
|
157
|
-
expiresAt: '2025-11-25T04:41:28.879Z',
|
|
158
|
-
expiresIn: '300s'
|
|
159
|
-
}
|
|
119
|
+
[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
|
|
120
|
+
cacheExpiresAt: '2025-11-25T08:32:25.144Z'
|
|
160
121
|
|
|
161
|
-
stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch error handling > should handle network errors gracefully
|
|
162
|
-
[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
|
|
163
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
164
|
-
error: 'ECONNREFUSED',
|
|
165
|
-
cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
|
|
166
122
|
}
|
|
167
123
|
|
|
168
|
-
stdout | src/__tests__/services/
|
|
124
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle camelCase field names
|
|
169
125
|
[ToolProtectionService] Config loaded from API {
|
|
170
126
|
source: 'api',
|
|
171
127
|
toolCount: 1,
|
|
172
128
|
protectedTools: [ 'tool1' ],
|
|
173
129
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
174
|
-
projectId: '
|
|
130
|
+
projectId: 'test-project-123',
|
|
175
131
|
cacheTtlMs: 300000,
|
|
176
|
-
cacheExpiresAt: '2025-11-
|
|
132
|
+
cacheExpiresAt: '2025-11-25T08:32:25.144Z'
|
|
177
133
|
}
|
|
178
134
|
|
|
179
|
-
stdout | src/__tests__/services/
|
|
135
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should prefer camelCase over snake_case when both present
|
|
180
136
|
[ToolProtectionService] Config loaded from API {
|
|
181
137
|
source: 'api',
|
|
182
|
-
toolCount:
|
|
183
|
-
protectedTools: [],
|
|
138
|
+
toolCount: 1,
|
|
139
|
+
protectedTools: [ 'tool1' ],
|
|
184
140
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
185
|
-
projectId: '
|
|
141
|
+
projectId: 'test-project-123',
|
|
186
142
|
cacheTtlMs: 300000,
|
|
187
|
-
cacheExpiresAt: '2025-11-
|
|
143
|
+
cacheExpiresAt: '2025-11-25T08:32:25.145Z'
|
|
188
144
|
}
|
|
189
145
|
|
|
190
|
-
stdout | src/__tests__/services/
|
|
146
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should cache successful API responses
|
|
191
147
|
[ToolProtectionService] Config loaded from API {
|
|
192
148
|
source: 'api',
|
|
193
|
-
toolCount:
|
|
194
|
-
protectedTools: [],
|
|
149
|
+
toolCount: 1,
|
|
150
|
+
protectedTools: [ 'tool1' ],
|
|
195
151
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
196
|
-
projectId: '
|
|
197
|
-
cacheTtlMs:
|
|
198
|
-
cacheExpiresAt: '2025-11-
|
|
152
|
+
projectId: 'test-project-123',
|
|
153
|
+
cacheTtlMs: 300000,
|
|
154
|
+
cacheExpiresAt: '2025-11-25T08:32:25.146Z'
|
|
199
155
|
}
|
|
200
156
|
|
|
201
|
-
stdout | src/__tests__/services/
|
|
157
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
|
|
202
158
|
[ToolProtectionService] Config loaded from API {
|
|
203
159
|
source: 'api',
|
|
204
160
|
toolCount: 0,
|
|
205
161
|
protectedTools: [],
|
|
206
162
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
207
|
-
projectId: '
|
|
208
|
-
cacheTtlMs:
|
|
209
|
-
cacheExpiresAt: '2025-11-
|
|
163
|
+
projectId: 'test-project-123',
|
|
164
|
+
cacheTtlMs: 1000,
|
|
165
|
+
cacheExpiresAt: '2025-11-25T08:27:26.146Z'
|
|
210
166
|
}
|
|
211
167
|
|
|
212
|
-
|
|
168
|
+
✓ src/__tests__/cache/tool-protection-cache.test.ts (49 tests) 162ms
|
|
169
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should fetch from project-scoped endpoint when projectId is available
|
|
213
170
|
[ToolProtectionService] Config loaded from API {
|
|
171
|
+
stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
|
|
172
|
+
[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
|
|
214
173
|
source: 'api',
|
|
215
|
-
toolCount:
|
|
216
|
-
|
|
174
|
+
toolCount: 2,
|
|
175
|
+
|
|
176
|
+
protectedTools: [ 'checkout' ],
|
|
217
177
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
218
|
-
projectId: '
|
|
178
|
+
projectId: 'test-project-123',
|
|
219
179
|
cacheTtlMs: 300000,
|
|
220
|
-
cacheExpiresAt: '2025-11-
|
|
180
|
+
cacheExpiresAt: '2025-11-25T08:32:25.558Z'
|
|
221
181
|
}
|
|
222
182
|
|
|
223
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig >
|
|
183
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should handle new endpoint format with toolProtections object
|
|
224
184
|
[ToolProtectionService] Config loaded from API {
|
|
225
185
|
source: 'api',
|
|
226
186
|
toolCount: 2,
|
|
227
|
-
protectedTools: [ '
|
|
187
|
+
protectedTools: [ 'protected_tool' ],
|
|
228
188
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
229
|
-
projectId: '
|
|
189
|
+
projectId: 'test-project-123',
|
|
230
190
|
cacheTtlMs: 300000,
|
|
231
|
-
cacheExpiresAt: '2025-11-
|
|
191
|
+
cacheExpiresAt: '2025-11-25T08:32:25.560Z'
|
|
232
192
|
}
|
|
233
193
|
|
|
234
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService >
|
|
194
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should parse oauthProvider from new endpoint format (Phase 2)
|
|
235
195
|
[ToolProtectionService] Config loaded from API {
|
|
236
196
|
source: 'api',
|
|
237
|
-
toolCount:
|
|
238
|
-
protectedTools: [],
|
|
197
|
+
toolCount: 2,
|
|
198
|
+
protectedTools: [ 'read_repos', 'send_email' ],
|
|
239
199
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
240
|
-
projectId: '
|
|
200
|
+
projectId: 'test-project-123',
|
|
241
201
|
cacheTtlMs: 300000,
|
|
242
|
-
cacheExpiresAt: '2025-11-
|
|
202
|
+
cacheExpiresAt: '2025-11-25T08:32:25.560Z'
|
|
243
203
|
}
|
|
244
204
|
|
|
245
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService >
|
|
205
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - new endpoint format > should preserve oauthProvider through cache operations
|
|
246
206
|
[ToolProtectionService] Config loaded from API {
|
|
247
207
|
source: 'api',
|
|
248
208
|
toolCount: 1,
|
|
249
|
-
protectedTools: [ '
|
|
209
|
+
protectedTools: [ 'read_repos' ],
|
|
250
210
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
251
|
-
projectId: '
|
|
211
|
+
projectId: 'test-project-123',
|
|
252
212
|
cacheTtlMs: 300000,
|
|
253
|
-
cacheExpiresAt: '2025-11-
|
|
254
|
-
}
|
|
255
|
-
|
|
256
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool is not in config
|
|
257
|
-
[ToolProtectionService] Protection check {
|
|
258
|
-
tool: 'unknown_tool',
|
|
259
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
260
|
-
found: false,
|
|
261
|
-
isWildcard: true,
|
|
262
|
-
requiresDelegation: false,
|
|
263
|
-
availableTools: [ 'other_tool' ]
|
|
213
|
+
cacheExpiresAt: '2025-11-25T08:32:25.560Z'
|
|
264
214
|
}
|
|
265
|
-
stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
|
|
266
|
-
[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
|
|
267
215
|
|
|
268
|
-
|
|
269
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
|
|
216
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should fetch from agent-scoped endpoint when projectId is not available
|
|
270
217
|
[ToolProtectionService] Config loaded from API {
|
|
271
218
|
source: 'api',
|
|
272
219
|
toolCount: 2,
|
|
273
|
-
|
|
274
|
-
protectedTools: [ '*' ],
|
|
275
|
-
cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
|
|
220
|
+
protectedTools: [ 'checkout' ],
|
|
276
221
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
277
222
|
projectId: 'none',
|
|
278
223
|
cacheTtlMs: 300000,
|
|
279
|
-
cacheExpiresAt: '2025-11-
|
|
280
|
-
}
|
|
281
|
-
}
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
|
|
285
|
-
[ToolProtectionService] Protection check {
|
|
286
|
-
tool: 'unknown_tool',
|
|
287
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
288
|
-
found: true,
|
|
289
|
-
isWildcard: true,
|
|
290
|
-
requiresDelegation: true,
|
|
291
|
-
availableTools: [ '*', 'specific_tool' ]
|
|
224
|
+
cacheExpiresAt: '2025-11-25T08:32:25.560Z'
|
|
292
225
|
}
|
|
293
226
|
|
|
294
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService >
|
|
227
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should handle old endpoint format with tools array
|
|
295
228
|
[ToolProtectionService] Config loaded from API {
|
|
296
229
|
source: 'api',
|
|
297
230
|
toolCount: 2,
|
|
298
|
-
protectedTools: [ '
|
|
231
|
+
protectedTools: [ 'tool1' ],
|
|
299
232
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
300
233
|
projectId: 'none',
|
|
301
234
|
cacheTtlMs: 300000,
|
|
302
|
-
cacheExpiresAt: '2025-11-
|
|
303
|
-
}
|
|
304
|
-
|
|
305
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
|
|
306
|
-
[ToolProtectionService] Protection check {
|
|
307
|
-
tool: 'any_tool',
|
|
308
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
309
|
-
found: true,
|
|
310
|
-
isWildcard: true,
|
|
311
|
-
requiresDelegation: true,
|
|
312
|
-
availableTools: [ '*' ]
|
|
235
|
+
cacheExpiresAt: '2025-11-25T08:32:25.561Z'
|
|
313
236
|
}
|
|
314
237
|
|
|
315
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService >
|
|
238
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should parse oauthProvider from old endpoint format (tools array)
|
|
316
239
|
[ToolProtectionService] Config loaded from API {
|
|
317
240
|
source: 'api',
|
|
318
|
-
toolCount:
|
|
319
|
-
protectedTools: [ '
|
|
241
|
+
toolCount: 2,
|
|
242
|
+
protectedTools: [ 'read_repos', 'send_email' ],
|
|
320
243
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
321
244
|
projectId: 'none',
|
|
322
245
|
cacheTtlMs: 300000,
|
|
323
|
-
cacheExpiresAt: '2025-11-
|
|
324
|
-
}
|
|
325
|
-
|
|
326
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return protection config when tool requires delegation
|
|
327
|
-
[ToolProtectionService] Protection check {
|
|
328
|
-
tool: 'protected_tool',
|
|
329
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
330
|
-
found: true,
|
|
331
|
-
isWildcard: false,
|
|
332
|
-
requiresDelegation: true,
|
|
333
|
-
availableTools: [ 'protected_tool' ]
|
|
246
|
+
cacheExpiresAt: '2025-11-25T08:32:25.561Z'
|
|
334
247
|
}
|
|
335
248
|
|
|
336
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService >
|
|
249
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should handle old endpoint format with tools object
|
|
337
250
|
[ToolProtectionService] Config loaded from API {
|
|
338
251
|
source: 'api',
|
|
339
|
-
toolCount:
|
|
252
|
+
toolCount: 2,
|
|
340
253
|
protectedTools: [ 'tool1' ],
|
|
341
254
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
342
255
|
projectId: 'none',
|
|
343
256
|
cacheTtlMs: 300000,
|
|
344
|
-
cacheExpiresAt: '2025-11-
|
|
257
|
+
cacheExpiresAt: '2025-11-25T08:32:25.561Z'
|
|
345
258
|
}
|
|
346
259
|
|
|
347
|
-
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService >
|
|
260
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should parse oauthProvider from old endpoint format (tools object)
|
|
348
261
|
[ToolProtectionService] Config loaded from API {
|
|
349
262
|
source: 'api',
|
|
350
|
-
toolCount:
|
|
351
|
-
protectedTools: [ '
|
|
263
|
+
toolCount: 2,
|
|
264
|
+
protectedTools: [ 'read_repos', 'send_email' ],
|
|
352
265
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
353
266
|
projectId: 'none',
|
|
354
267
|
cacheTtlMs: 300000,
|
|
355
|
-
cacheExpiresAt: '2025-11-
|
|
268
|
+
cacheExpiresAt: '2025-11-25T08:32:25.561Z'
|
|
356
269
|
}
|
|
357
270
|
|
|
358
|
-
stdout | src/__tests__/services/
|
|
359
|
-
[ToolProtectionService]
|
|
360
|
-
source: 'api',
|
|
361
|
-
|
|
362
|
-
protectedTools: [],
|
|
363
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
364
|
-
projectId: 'test-project-123',
|
|
365
|
-
cacheTtlMs: 300000,
|
|
366
|
-
cacheExpiresAt: '2025-11-25T04:41:28.883Z'
|
|
367
|
-
}
|
|
368
|
-
|
|
369
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > API Authentication > should use Authorization Bearer header for old endpoint
|
|
370
|
-
[ToolProtectionService] Config loaded from API {
|
|
371
|
-
source: 'api',
|
|
372
|
-
toolCount: 0,
|
|
373
|
-
protectedTools: [],
|
|
374
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
375
|
-
projectId: 'none',
|
|
376
|
-
cacheTtlMs: 300000,
|
|
377
|
-
cacheExpiresAt: '2025-11-25T04:41:28.886Z'
|
|
378
|
-
}
|
|
379
|
-
|
|
380
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use project-scoped endpoint when projectId is available
|
|
381
|
-
[ToolProtectionService] Config loaded from API {
|
|
382
|
-
source: 'api',
|
|
383
|
-
toolCount: 0,
|
|
384
|
-
protectedTools: [],
|
|
385
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
386
|
-
projectId: 'test-project-123',
|
|
387
|
-
cacheTtlMs: 300000,
|
|
388
|
-
cacheExpiresAt: '2025-11-25T04:41:28.888Z'
|
|
389
|
-
}
|
|
390
|
-
|
|
391
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should use agent-scoped endpoint when projectId is not available
|
|
392
|
-
[ToolProtectionService] Config loaded from API {
|
|
393
|
-
source: 'api',
|
|
394
|
-
toolCount: 0,
|
|
395
|
-
protectedTools: [],
|
|
396
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
397
|
-
projectId: 'none',
|
|
398
|
-
cacheTtlMs: 300000,
|
|
399
|
-
cacheExpiresAt: '2025-11-25T04:41:28.888Z'
|
|
400
|
-
}
|
|
401
|
-
|
|
402
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode projectId in URL
|
|
403
|
-
[ToolProtectionService] Config loaded from API {
|
|
404
|
-
source: 'api',
|
|
405
|
-
toolCount: 0,
|
|
406
|
-
protectedTools: [],
|
|
407
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
408
|
-
projectId: 'project/with/special-chars',
|
|
409
|
-
cacheTtlMs: 300000,
|
|
410
|
-
cacheExpiresAt: '2025-11-25T04:41:28.888Z'
|
|
411
|
-
}
|
|
412
|
-
|
|
413
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Endpoint Selection > should encode agent DID in URL
|
|
414
|
-
[ToolProtectionService] Config loaded from API {
|
|
415
|
-
source: 'api',
|
|
416
|
-
toolCount: 0,
|
|
417
|
-
protectedTools: [],
|
|
271
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
|
|
272
|
+
[ToolProtectionService] Cache miss, fetching from API {
|
|
273
|
+
source: 'api-fetch-start',
|
|
274
|
+
cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
|
|
418
275
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
419
276
|
projectId: 'none',
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
}
|
|
423
|
-
|
|
424
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Response Format Compatibility > should handle new endpoint format (toolProtections object)
|
|
425
|
-
[ToolProtectionService] Config loaded from API {
|
|
426
|
-
source: 'api',
|
|
427
|
-
toolCount: 2,
|
|
428
|
-
protectedTools: [ 'checkout' ],
|
|
429
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
430
|
-
projectId: 'test-project-123',
|
|
431
|
-
cacheTtlMs: 300000,
|
|
432
|
-
cacheExpiresAt: '2025-11-25T04:41:28.888Z'
|
|
277
|
+
apiUrl: 'https://kya.vouched.id',
|
|
278
|
+
endpoint: '/api/v1/bouncer/config?agent_did=did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
|
|
433
279
|
}
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
[ToolProtectionService] Config loaded from API {
|
|
437
|
-
source: 'api',
|
|
438
|
-
toolCount: 2,
|
|
439
|
-
protectedTools: [ 'checkout' ],
|
|
440
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
280
|
+
[ToolProtectionService] Fetching from API: https://kya.vouched.id/api/v1/bouncer/config?agent_did=did%3Akey%3Az6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK {
|
|
281
|
+
method: 'config?agent_did (old)',
|
|
441
282
|
projectId: 'none',
|
|
442
|
-
|
|
443
|
-
|
|
283
|
+
apiKeyPresent: true,
|
|
284
|
+
apiKeyLength: 18,
|
|
285
|
+
apiKeyMasked: 'test-api...'
|
|
444
286
|
}
|
|
445
287
|
|
|
446
|
-
stdout | src/__tests__/services/
|
|
447
|
-
[ToolProtectionService]
|
|
448
|
-
source: 'api',
|
|
449
|
-
toolCount: 2,
|
|
450
|
-
protectedTools: [ 'checkout' ],
|
|
288
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
|
|
289
|
+
[ToolProtectionService] API response received {
|
|
290
|
+
source: 'api-fetch-complete',
|
|
451
291
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
452
292
|
projectId: 'none',
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
protectedTools: [ 'tool1' ],
|
|
462
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
463
|
-
projectId: 'test-project-123',
|
|
464
|
-
cacheTtlMs: 300000,
|
|
465
|
-
cacheExpiresAt: '2025-11-25T04:41:28.889Z'
|
|
293
|
+
responseKeys: [ 'success', 'data', 'metadata' ],
|
|
294
|
+
dataKeys: [ 'tools' ],
|
|
295
|
+
rawToolProtections: null,
|
|
296
|
+
rawTools: [
|
|
297
|
+
{ name: 'valid_tool', requiresDelegation: true },
|
|
298
|
+
{ requiresDelegation: false }
|
|
299
|
+
],
|
|
300
|
+
responseMetadata: {}
|
|
466
301
|
}
|
|
467
302
|
|
|
468
|
-
stdout | src/__tests__/services/
|
|
303
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch - old endpoint format > should skip tools without name in array format
|
|
469
304
|
[ToolProtectionService] Config loaded from API {
|
|
470
305
|
source: 'api',
|
|
471
306
|
toolCount: 1,
|
|
472
|
-
protectedTools: [ '
|
|
307
|
+
protectedTools: [ 'valid_tool' ],
|
|
473
308
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
474
|
-
projectId: '
|
|
309
|
+
projectId: 'none',
|
|
475
310
|
cacheTtlMs: 300000,
|
|
476
|
-
cacheExpiresAt: '2025-11-
|
|
311
|
+
cacheExpiresAt: '2025-11-25T08:32:25.562Z'
|
|
477
312
|
}
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
[ToolProtectionService] Config loaded from API {
|
|
481
|
-
source: 'api',
|
|
482
|
-
toolCount: 1,
|
|
483
|
-
protectedTools: [ 'tool1' ],
|
|
313
|
+
[ToolProtectionService] API fetch successful, config cached {
|
|
314
|
+
source: 'cache-write',
|
|
484
315
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
485
|
-
|
|
486
|
-
cacheTtlMs: 300000,
|
|
487
|
-
cacheExpiresAt: '2025-11-25T04:41:28.889Z'
|
|
488
|
-
}
|
|
489
|
-
|
|
490
|
-
stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Error Handling > should handle network timeout
|
|
491
|
-
[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
|
|
492
|
-
|
|
493
|
-
✓ src/__tests__/services/tool-protection.service.test.ts (49 tests) 17ms
|
|
494
|
-
stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Fallback Behavior > should cache fallback config
|
|
495
|
-
[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
|
|
496
|
-
|
|
497
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should cache successful API responses
|
|
498
|
-
[ToolProtectionService] Config loaded from API {
|
|
499
|
-
source: 'api',
|
|
316
|
+
cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
|
|
500
317
|
toolCount: 1,
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
}
|
|
507
|
-
|
|
508
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
|
|
509
|
-
[ToolProtectionService] Config loaded from API {
|
|
510
|
-
source: 'api',
|
|
511
|
-
toolCount: 0,
|
|
512
|
-
protectedTools: [],
|
|
513
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
514
|
-
projectId: 'test-project-123',
|
|
515
|
-
cacheTtlMs: 1000,
|
|
516
|
-
cacheExpiresAt: '2025-11-25T04:36:29.891Z'
|
|
318
|
+
tools: [ { name: 'valid_tool', requiresDelegation: true, scopeCount: 0 } ],
|
|
319
|
+
ttlMs: 300000,
|
|
320
|
+
ttlMinutes: 5,
|
|
321
|
+
expiresAt: '2025-11-25T08:32:25.562Z',
|
|
322
|
+
expiresIn: '300s'
|
|
517
323
|
}
|
|
518
324
|
|
|
519
|
-
stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
|
|
520
|
-
[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
|
|
521
|
-
|
|
522
|
-
stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
|
|
523
|
-
[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
|
|
524
|
-
|
|
525
|
-
stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should fall back to memory when Redis connection fails
|
|
526
|
-
[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
|
|
527
|
-
|
|
528
|
-
stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should use KV namespace when provided
|
|
529
|
-
[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
|
|
530
|
-
|
|
531
325
|
stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > Wrapped Response Format (AgentShield API) > should validate wrapped response with success field in data
|
|
532
326
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
533
|
-
correlationId: '
|
|
327
|
+
correlationId: '5095ece6-9caa-448a-bef5-d29eb69aca11',
|
|
534
328
|
status: 200,
|
|
535
329
|
statusText: undefined,
|
|
536
330
|
headers: {},
|
|
537
331
|
responseTextLength: 191,
|
|
538
|
-
responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
539
|
-
fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
332
|
+
responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.548Z"}}',
|
|
333
|
+
fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.548Z"}}'
|
|
540
334
|
}
|
|
541
335
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
542
|
-
correlationId: '
|
|
336
|
+
correlationId: '5095ece6-9caa-448a-bef5-d29eb69aca11',
|
|
543
337
|
status: 200,
|
|
544
338
|
responseDataType: 'object',
|
|
545
339
|
responseDataKeys: [ 'success', 'data', 'metadata' ],
|
|
@@ -557,7 +351,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
557
351
|
' },\n' +
|
|
558
352
|
' "metadata": {\n' +
|
|
559
353
|
' "requestId": "test-request-id",\n' +
|
|
560
|
-
' "timestamp": "2025-11-
|
|
354
|
+
' "timestamp": "2025-11-25T08:27:25.548Z"\n' +
|
|
561
355
|
' }\n' +
|
|
562
356
|
'}'
|
|
563
357
|
}
|
|
@@ -575,11 +369,11 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
575
369
|
},
|
|
576
370
|
"metadata": {
|
|
577
371
|
"requestId": "test-request-id",
|
|
578
|
-
"timestamp": "2025-11-
|
|
372
|
+
"timestamp": "2025-11-25T08:27:25.548Z"
|
|
579
373
|
}
|
|
580
374
|
}
|
|
581
375
|
[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
|
|
582
|
-
correlationId: '
|
|
376
|
+
correlationId: '5095ece6-9caa-448a-bef5-d29eb69aca11',
|
|
583
377
|
dataKeys: [ 'accepted', 'rejected', 'outcomes' ],
|
|
584
378
|
hasAccepted: true,
|
|
585
379
|
hasRejected: true,
|
|
@@ -605,7 +399,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
605
399
|
'}'
|
|
606
400
|
}
|
|
607
401
|
[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
|
|
608
|
-
correlationId: '
|
|
402
|
+
correlationId: '5095ece6-9caa-448a-bef5-d29eb69aca11',
|
|
609
403
|
dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
|
|
610
404
|
hasSuccess: true,
|
|
611
405
|
successValue: true,
|
|
@@ -628,18 +422,21 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
628
422
|
'}'
|
|
629
423
|
}
|
|
630
424
|
|
|
425
|
+
stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should prefer Redis over KV when both are configured
|
|
426
|
+
[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
|
|
427
|
+
|
|
631
428
|
stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > Wrapped Response Format (AgentShield API) > should validate wrapped response with errors array
|
|
632
429
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
633
|
-
correlationId: '
|
|
430
|
+
correlationId: '2ce7b4d7-2260-47ae-8bd8-98ca9bd86702',
|
|
634
431
|
status: 200,
|
|
635
432
|
statusText: undefined,
|
|
636
433
|
headers: {},
|
|
637
434
|
responseTextLength: 333,
|
|
638
|
-
responseTextPreview: '{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
639
|
-
fullResponseText: '{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
435
|
+
responseTextPreview: '{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.564Z"}}',
|
|
436
|
+
fullResponseText: '{"success":true,"data":{"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Proof validation failed","details":{"reason":"invalid_signature"}}}]},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.564Z"}}'
|
|
640
437
|
}
|
|
641
438
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
642
|
-
correlationId: '
|
|
439
|
+
correlationId: '2ce7b4d7-2260-47ae-8bd8-98ca9bd86702',
|
|
643
440
|
status: 200,
|
|
644
441
|
responseDataType: 'object',
|
|
645
442
|
responseDataKeys: [ 'success', 'data', 'metadata' ],
|
|
@@ -669,7 +466,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
669
466
|
' },\n' +
|
|
670
467
|
' "metadata": {\n' +
|
|
671
468
|
' "requestId": "test-request-id",\n' +
|
|
672
|
-
' "timestamp": "2025-11-
|
|
469
|
+
' "timestamp": "2025-11-25T08:27:25.564Z"\n' +
|
|
673
470
|
' }\n' +
|
|
674
471
|
'}'
|
|
675
472
|
}
|
|
@@ -699,11 +496,11 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
699
496
|
},
|
|
700
497
|
"metadata": {
|
|
701
498
|
"requestId": "test-request-id",
|
|
702
|
-
"timestamp": "2025-11-
|
|
499
|
+
"timestamp": "2025-11-25T08:27:25.564Z"
|
|
703
500
|
}
|
|
704
501
|
}
|
|
705
502
|
[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
|
|
706
|
-
correlationId: '
|
|
503
|
+
correlationId: '2ce7b4d7-2260-47ae-8bd8-98ca9bd86702',
|
|
707
504
|
dataKeys: [ 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
708
505
|
hasAccepted: true,
|
|
709
506
|
hasRejected: true,
|
|
@@ -741,7 +538,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
741
538
|
'}'
|
|
742
539
|
}
|
|
743
540
|
[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
|
|
744
|
-
correlationId: '
|
|
541
|
+
correlationId: '2ce7b4d7-2260-47ae-8bd8-98ca9bd86702',
|
|
745
542
|
dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
746
543
|
hasSuccess: true,
|
|
747
544
|
successValue: true,
|
|
@@ -778,16 +575,16 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
778
575
|
|
|
779
576
|
stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > Wrapped Response Format (AgentShield API) > should validate wrapped response without outcomes (optional field)
|
|
780
577
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
781
|
-
correlationId: '
|
|
578
|
+
correlationId: '1311a219-a306-45c5-b22e-41bcb0b4240a',
|
|
782
579
|
status: 200,
|
|
783
580
|
statusText: undefined,
|
|
784
581
|
headers: {},
|
|
785
582
|
responseTextLength: 133,
|
|
786
|
-
responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
787
|
-
fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
583
|
+
responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.564Z"}}',
|
|
584
|
+
fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.564Z"}}'
|
|
788
585
|
}
|
|
789
586
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
790
|
-
correlationId: '
|
|
587
|
+
correlationId: '1311a219-a306-45c5-b22e-41bcb0b4240a',
|
|
791
588
|
status: 200,
|
|
792
589
|
responseDataType: 'object',
|
|
793
590
|
responseDataKeys: [ 'success', 'data', 'metadata' ],
|
|
@@ -799,7 +596,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
799
596
|
' },\n' +
|
|
800
597
|
' "metadata": {\n' +
|
|
801
598
|
' "requestId": "test-request-id",\n' +
|
|
802
|
-
' "timestamp": "2025-11-
|
|
599
|
+
' "timestamp": "2025-11-25T08:27:25.564Z"\n' +
|
|
803
600
|
' }\n' +
|
|
804
601
|
'}'
|
|
805
602
|
}
|
|
@@ -811,11 +608,11 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
811
608
|
},
|
|
812
609
|
"metadata": {
|
|
813
610
|
"requestId": "test-request-id",
|
|
814
|
-
"timestamp": "2025-11-
|
|
611
|
+
"timestamp": "2025-11-25T08:27:25.564Z"
|
|
815
612
|
}
|
|
816
613
|
}
|
|
817
614
|
[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
|
|
818
|
-
correlationId: '
|
|
615
|
+
correlationId: '1311a219-a306-45c5-b22e-41bcb0b4240a',
|
|
819
616
|
dataKeys: [ 'accepted', 'rejected' ],
|
|
820
617
|
hasAccepted: true,
|
|
821
618
|
hasRejected: true,
|
|
@@ -832,7 +629,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
832
629
|
fullData: '{\n "accepted": 1,\n "rejected": 0\n}'
|
|
833
630
|
}
|
|
834
631
|
[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
|
|
835
|
-
correlationId: '
|
|
632
|
+
correlationId: '1311a219-a306-45c5-b22e-41bcb0b4240a',
|
|
836
633
|
dataWithSuccessKeys: [ 'success', 'accepted', 'rejected' ],
|
|
837
634
|
hasSuccess: true,
|
|
838
635
|
successValue: true,
|
|
@@ -847,16 +644,16 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
847
644
|
|
|
848
645
|
stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > Wrapped Response Format (AgentShield API) > should throw validation error if data object missing success field
|
|
849
646
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
850
|
-
correlationId: '
|
|
647
|
+
correlationId: '9afbcecf-362c-4828-bafd-1d03f47b7ac7',
|
|
851
648
|
status: 200,
|
|
852
649
|
statusText: undefined,
|
|
853
650
|
headers: {},
|
|
854
651
|
responseTextLength: 191,
|
|
855
|
-
responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
856
|
-
fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
652
|
+
responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.565Z"}}',
|
|
653
|
+
fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.565Z"}}'
|
|
857
654
|
}
|
|
858
655
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
859
|
-
correlationId: '
|
|
656
|
+
correlationId: '9afbcecf-362c-4828-bafd-1d03f47b7ac7',
|
|
860
657
|
status: 200,
|
|
861
658
|
responseDataType: 'object',
|
|
862
659
|
responseDataKeys: [ 'success', 'data', 'metadata' ],
|
|
@@ -874,7 +671,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
874
671
|
' },\n' +
|
|
875
672
|
' "metadata": {\n' +
|
|
876
673
|
' "requestId": "test-request-id",\n' +
|
|
877
|
-
' "timestamp": "2025-11-
|
|
674
|
+
' "timestamp": "2025-11-25T08:27:25.565Z"\n' +
|
|
878
675
|
' }\n' +
|
|
879
676
|
'}'
|
|
880
677
|
}
|
|
@@ -892,11 +689,11 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
892
689
|
},
|
|
893
690
|
"metadata": {
|
|
894
691
|
"requestId": "test-request-id",
|
|
895
|
-
"timestamp": "2025-11-
|
|
692
|
+
"timestamp": "2025-11-25T08:27:25.565Z"
|
|
896
693
|
}
|
|
897
694
|
}
|
|
898
695
|
[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
|
|
899
|
-
correlationId: '
|
|
696
|
+
correlationId: '9afbcecf-362c-4828-bafd-1d03f47b7ac7',
|
|
900
697
|
dataKeys: [ 'accepted', 'rejected', 'outcomes' ],
|
|
901
698
|
hasAccepted: true,
|
|
902
699
|
hasRejected: true,
|
|
@@ -922,7 +719,7 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
922
719
|
'}'
|
|
923
720
|
}
|
|
924
721
|
[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
|
|
925
|
-
correlationId: '
|
|
722
|
+
correlationId: '9afbcecf-362c-4828-bafd-1d03f47b7ac7',
|
|
926
723
|
dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
|
|
927
724
|
hasSuccess: true,
|
|
928
725
|
successValue: true,
|
|
@@ -945,317 +742,305 @@ stderr | src/services/__tests__/access-control.proof-response-validation.test.ts
|
|
|
945
742
|
'}'
|
|
946
743
|
}
|
|
947
744
|
|
|
948
|
-
stderr | src/services/__tests__/
|
|
949
|
-
[
|
|
950
|
-
|
|
951
|
-
|
|
952
|
-
|
|
953
|
-
|
|
954
|
-
|
|
955
|
-
|
|
956
|
-
|
|
957
|
-
|
|
958
|
-
|
|
959
|
-
|
|
960
|
-
|
|
961
|
-
|
|
962
|
-
|
|
963
|
-
responseData: '{\n' +
|
|
964
|
-
' "success": true,\n' +
|
|
965
|
-
' "data": {\n' +
|
|
966
|
-
' "accepted": 1,\n' +
|
|
967
|
-
' "rejected": 0,\n' +
|
|
968
|
-
' "outcomes": {\n' +
|
|
969
|
-
' "success": 1\n' +
|
|
970
|
-
' },\n' +
|
|
971
|
-
' "errors": []\n' +
|
|
972
|
-
' },\n' +
|
|
973
|
-
' "metadata": {\n' +
|
|
974
|
-
' "requestId": "fc1fa88f-9b22-4161-b4fd-17d8215098ee",\n' +
|
|
975
|
-
' "timestamp": "2025-11-24T21:36:33.029Z"\n' +
|
|
976
|
-
' }\n' +
|
|
977
|
-
'}'
|
|
745
|
+
stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should fall back to memory when Redis connection fails
|
|
746
|
+
[StorageService] Failed to connect to Redis, falling back to memory: Redis package not available
|
|
747
|
+
|
|
748
|
+
stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > API fetch error handling > should handle network errors gracefully
|
|
749
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should cache successful API responses
|
|
750
|
+
[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
|
|
751
|
+
[ToolProtectionService] Config loaded from API {
|
|
752
|
+
source: 'api',
|
|
753
|
+
toolCount: 1,
|
|
754
|
+
protectedTools: [ 'tool1' ],
|
|
755
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
756
|
+
error: 'ECONNREFUSED',
|
|
757
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
758
|
+
projectId: 'none',
|
|
759
|
+
cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
|
|
978
760
|
}
|
|
979
|
-
|
|
980
|
-
|
|
981
|
-
|
|
982
|
-
"accepted": 1,
|
|
983
|
-
"rejected": 0,
|
|
984
|
-
"outcomes": {
|
|
985
|
-
"success": 1
|
|
986
|
-
},
|
|
987
|
-
"errors": []
|
|
988
|
-
},
|
|
989
|
-
"metadata": {
|
|
990
|
-
"requestId": "fc1fa88f-9b22-4161-b4fd-17d8215098ee",
|
|
991
|
-
"timestamp": "2025-11-24T21:36:33.029Z"
|
|
992
|
-
}
|
|
761
|
+
cacheTtlMs: 300000,
|
|
762
|
+
|
|
763
|
+
cacheExpiresAt: '2025-11-25T08:32:25.564Z'
|
|
993
764
|
}
|
|
994
|
-
|
|
995
|
-
|
|
996
|
-
|
|
997
|
-
|
|
998
|
-
|
|
999
|
-
|
|
1000
|
-
|
|
1001
|
-
|
|
1002
|
-
|
|
1003
|
-
|
|
1004
|
-
rejectedValue: 0,
|
|
1005
|
-
outcomesType: 'object',
|
|
1006
|
-
outcomesValue: { success: 1 },
|
|
1007
|
-
errorsType: 'object',
|
|
1008
|
-
errorsIsArray: true,
|
|
1009
|
-
fullData: '{\n' +
|
|
1010
|
-
' "accepted": 1,\n' +
|
|
1011
|
-
' "rejected": 0,\n' +
|
|
1012
|
-
' "outcomes": {\n' +
|
|
1013
|
-
' "success": 1\n' +
|
|
1014
|
-
' },\n' +
|
|
1015
|
-
' "errors": []\n' +
|
|
1016
|
-
'}'
|
|
765
|
+
|
|
766
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should use default cache TTL when not specified
|
|
767
|
+
[ToolProtectionService] Config loaded from API {
|
|
768
|
+
source: 'api',
|
|
769
|
+
toolCount: 0,
|
|
770
|
+
protectedTools: [],
|
|
771
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
772
|
+
projectId: 'none',
|
|
773
|
+
cacheTtlMs: 300000,
|
|
774
|
+
cacheExpiresAt: '2025-11-25T08:32:25.565Z'
|
|
1017
775
|
}
|
|
1018
|
-
|
|
1019
|
-
|
|
1020
|
-
|
|
1021
|
-
|
|
1022
|
-
|
|
1023
|
-
|
|
1024
|
-
|
|
1025
|
-
|
|
1026
|
-
|
|
1027
|
-
|
|
1028
|
-
outcomesValue: { success: 1 },
|
|
1029
|
-
fullDataWithSuccess: '{\n' +
|
|
1030
|
-
' "success": true,\n' +
|
|
1031
|
-
' "accepted": 1,\n' +
|
|
1032
|
-
' "rejected": 0,\n' +
|
|
1033
|
-
' "outcomes": {\n' +
|
|
1034
|
-
' "success": 1\n' +
|
|
1035
|
-
' },\n' +
|
|
1036
|
-
' "errors": []\n' +
|
|
1037
|
-
'}'
|
|
776
|
+
|
|
777
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > caching behavior > should use custom cache TTL when specified
|
|
778
|
+
[ToolProtectionService] Config loaded from API {
|
|
779
|
+
source: 'api',
|
|
780
|
+
toolCount: 0,
|
|
781
|
+
protectedTools: [],
|
|
782
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
783
|
+
projectId: 'none',
|
|
784
|
+
cacheTtlMs: 600000,
|
|
785
|
+
cacheExpiresAt: '2025-11-25T08:37:25.565Z'
|
|
1038
786
|
}
|
|
1039
787
|
|
|
1040
|
-
|
|
1041
|
-
[
|
|
1042
|
-
|
|
1043
|
-
|
|
1044
|
-
|
|
1045
|
-
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
|
|
788
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle empty toolProtections object
|
|
789
|
+
[ToolProtectionService] Config loaded from API {
|
|
790
|
+
source: 'api',
|
|
791
|
+
toolCount: 0,
|
|
792
|
+
protectedTools: [],
|
|
793
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
794
|
+
projectId: 'none',
|
|
795
|
+
cacheTtlMs: 300000,
|
|
796
|
+
cacheExpiresAt: '2025-11-25T08:32:25.565Z'
|
|
1049
797
|
}
|
|
1050
|
-
|
|
1051
|
-
|
|
1052
|
-
|
|
1053
|
-
|
|
1054
|
-
|
|
1055
|
-
|
|
1056
|
-
|
|
1057
|
-
|
|
1058
|
-
|
|
1059
|
-
|
|
1060
|
-
' "outcomes": {},\n' +
|
|
1061
|
-
' "errors": []\n' +
|
|
1062
|
-
' },\n' +
|
|
1063
|
-
' "metadata": {\n' +
|
|
1064
|
-
' "requestId": "test-id",\n' +
|
|
1065
|
-
' "timestamp": "2025-11-25T04:36:28.917Z"\n' +
|
|
1066
|
-
' }\n' +
|
|
1067
|
-
'}'
|
|
798
|
+
|
|
799
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle null requiredScopes
|
|
800
|
+
[ToolProtectionService] Config loaded from API {
|
|
801
|
+
source: 'api',
|
|
802
|
+
toolCount: 1,
|
|
803
|
+
protectedTools: [ 'tool1' ],
|
|
804
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
805
|
+
projectId: 'none',
|
|
806
|
+
cacheTtlMs: 300000,
|
|
807
|
+
cacheExpiresAt: '2025-11-25T08:32:25.565Z'
|
|
1068
808
|
}
|
|
1069
|
-
|
|
1070
|
-
|
|
1071
|
-
|
|
1072
|
-
|
|
1073
|
-
|
|
1074
|
-
|
|
1075
|
-
|
|
1076
|
-
|
|
1077
|
-
|
|
1078
|
-
|
|
1079
|
-
"timestamp": "2025-11-25T04:36:28.917Z"
|
|
1080
|
-
}
|
|
809
|
+
|
|
810
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > getToolProtectionConfig > edge cases > should handle mixed camelCase and snake_case in response
|
|
811
|
+
[ToolProtectionService] Config loaded from API {
|
|
812
|
+
source: 'api',
|
|
813
|
+
toolCount: 2,
|
|
814
|
+
protectedTools: [ 'tool1' ],
|
|
815
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
816
|
+
projectId: 'none',
|
|
817
|
+
cacheTtlMs: 300000,
|
|
818
|
+
cacheExpiresAt: '2025-11-25T08:32:25.565Z'
|
|
1081
819
|
}
|
|
1082
|
-
|
|
1083
|
-
|
|
1084
|
-
|
|
1085
|
-
|
|
1086
|
-
|
|
1087
|
-
|
|
1088
|
-
|
|
1089
|
-
|
|
1090
|
-
|
|
1091
|
-
|
|
1092
|
-
rejectedValue: 0,
|
|
1093
|
-
outcomesType: 'object',
|
|
1094
|
-
outcomesValue: {},
|
|
1095
|
-
errorsType: 'object',
|
|
1096
|
-
errorsIsArray: true,
|
|
1097
|
-
fullData: '{\n "accepted": 0,\n "rejected": 0,\n "outcomes": {},\n "errors": []\n}'
|
|
820
|
+
|
|
821
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool has no protection
|
|
822
|
+
[ToolProtectionService] Config loaded from API {
|
|
823
|
+
source: 'api',
|
|
824
|
+
toolCount: 1,
|
|
825
|
+
protectedTools: [],
|
|
826
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
827
|
+
projectId: 'none',
|
|
828
|
+
cacheTtlMs: 300000,
|
|
829
|
+
cacheExpiresAt: '2025-11-25T08:32:25.565Z'
|
|
1098
830
|
}
|
|
1099
|
-
|
|
1100
|
-
|
|
1101
|
-
|
|
1102
|
-
|
|
1103
|
-
|
|
1104
|
-
|
|
1105
|
-
|
|
1106
|
-
|
|
1107
|
-
|
|
1108
|
-
|
|
1109
|
-
outcomesValue: {},
|
|
1110
|
-
fullDataWithSuccess: '{\n' +
|
|
1111
|
-
' "success": true,\n' +
|
|
1112
|
-
' "accepted": 0,\n' +
|
|
1113
|
-
' "rejected": 0,\n' +
|
|
1114
|
-
' "outcomes": {},\n' +
|
|
1115
|
-
' "errors": []\n' +
|
|
1116
|
-
'}'
|
|
831
|
+
|
|
832
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool is not in config
|
|
833
|
+
[ToolProtectionService] Config loaded from API {
|
|
834
|
+
source: 'api',
|
|
835
|
+
toolCount: 1,
|
|
836
|
+
protectedTools: [ 'other_tool' ],
|
|
837
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
838
|
+
projectId: 'none',
|
|
839
|
+
cacheTtlMs: 300000,
|
|
840
|
+
cacheExpiresAt: '2025-11-25T08:32:25.565Z'
|
|
1117
841
|
}
|
|
1118
842
|
|
|
1119
|
-
|
|
843
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return null when tool is not in config
|
|
844
|
+
[ToolProtectionService] Protection check {
|
|
845
|
+
tool: 'unknown_tool',
|
|
846
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
847
|
+
found: false,
|
|
848
|
+
isWildcard: true,
|
|
849
|
+
requiresDelegation: false,
|
|
850
|
+
availableTools: [ 'other_tool' ]
|
|
851
|
+
}
|
|
852
|
+
|
|
853
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
|
|
854
|
+
[ToolProtectionService] Config loaded from API {
|
|
855
|
+
source: 'api',
|
|
856
|
+
toolCount: 2,
|
|
857
|
+
protectedTools: [ '*' ],
|
|
858
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
859
|
+
projectId: 'none',
|
|
860
|
+
cacheTtlMs: 300000,
|
|
861
|
+
cacheExpiresAt: '2025-11-25T08:32:25.565Z'
|
|
862
|
+
}
|
|
863
|
+
|
|
864
|
+
stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > JSON Deep Clone Fix (Cloudflare Workers Edge Case) > should correctly extract data from wrapped response after JSON deep clone
|
|
1120
865
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1121
|
-
correlationId: '
|
|
866
|
+
correlationId: 'd8573c78-f55c-4106-b217-44a81bb5f2cf',
|
|
1122
867
|
status: 200,
|
|
1123
868
|
statusText: undefined,
|
|
1124
869
|
headers: {},
|
|
1125
|
-
responseTextLength:
|
|
1126
|
-
responseTextPreview: '{"success":true,"data":{"accepted":
|
|
1127
|
-
fullResponseText: '{"success":true,"data":{"accepted":
|
|
870
|
+
responseTextLength: 191,
|
|
871
|
+
responseTextPreview: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1},"errors":[]},"metadata":{"requestId":"fc1fa88f-9b22-4161-b4fd-17d8215098ee","timestamp":"2025-11-24T21:36:33.029Z"}}',
|
|
872
|
+
fullResponseText: '{"success":true,"data":{"accepted":1,"rejected":0,"outcomes":{"success":1},"errors":[]},"metadata":{"requestId":"fc1fa88f-9b22-4161-b4fd-17d8215098ee","timestamp":"2025-11-24T21:36:33.029Z"}}'
|
|
1128
873
|
}
|
|
1129
874
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1130
|
-
correlationId: '
|
|
875
|
+
correlationId: 'd8573c78-f55c-4106-b217-44a81bb5f2cf',
|
|
1131
876
|
status: 200,
|
|
1132
877
|
responseDataType: 'object',
|
|
1133
878
|
responseDataKeys: [ 'success', 'data', 'metadata' ],
|
|
1134
879
|
responseData: '{\n' +
|
|
1135
880
|
' "success": true,\n' +
|
|
1136
881
|
' "data": {\n' +
|
|
1137
|
-
' "accepted":
|
|
1138
|
-
' "rejected":
|
|
882
|
+
' "accepted": 1,\n' +
|
|
883
|
+
' "rejected": 0,\n' +
|
|
1139
884
|
' "outcomes": {\n' +
|
|
1140
|
-
' "success": 1
|
|
1141
|
-
' "failed": 1,\n' +
|
|
1142
|
-
' "blocked": 1,\n' +
|
|
1143
|
-
' "error": 2\n' +
|
|
885
|
+
' "success": 1\n' +
|
|
1144
886
|
' },\n' +
|
|
1145
|
-
' "errors": [\n' +
|
|
1146
|
-
' {\n' +
|
|
1147
|
-
' "proof_index": 0,\n' +
|
|
1148
|
-
' "error": {\n' +
|
|
1149
|
-
' "code": "validation_error",\n' +
|
|
1150
|
-
' "message": "Invalid signature"\n' +
|
|
1151
|
-
' }\n' +
|
|
1152
|
-
' }\n' +
|
|
1153
|
-
' ]\n' +
|
|
887
|
+
' "errors": []\n' +
|
|
1154
888
|
' },\n' +
|
|
1155
889
|
' "metadata": {\n' +
|
|
1156
|
-
' "requestId": "
|
|
1157
|
-
' "timestamp": "2025-11-
|
|
890
|
+
' "requestId": "fc1fa88f-9b22-4161-b4fd-17d8215098ee",\n' +
|
|
891
|
+
' "timestamp": "2025-11-24T21:36:33.029Z"\n' +
|
|
1158
892
|
' }\n' +
|
|
1159
893
|
'}'
|
|
1160
894
|
}
|
|
1161
895
|
[AccessControl] Raw response received: {
|
|
1162
896
|
"success": true,
|
|
1163
897
|
"data": {
|
|
1164
|
-
"accepted":
|
|
1165
|
-
"rejected":
|
|
898
|
+
"accepted": 1,
|
|
899
|
+
"rejected": 0,
|
|
1166
900
|
"outcomes": {
|
|
1167
|
-
"success": 1
|
|
1168
|
-
"failed": 1,
|
|
1169
|
-
"blocked": 1,
|
|
1170
|
-
"error": 2
|
|
901
|
+
"success": 1
|
|
1171
902
|
},
|
|
1172
|
-
"errors": [
|
|
1173
|
-
{
|
|
1174
|
-
"proof_index": 0,
|
|
1175
|
-
"error": {
|
|
1176
|
-
"code": "validation_error",
|
|
1177
|
-
"message": "Invalid signature"
|
|
1178
|
-
}
|
|
1179
|
-
}
|
|
1180
|
-
]
|
|
903
|
+
"errors": []
|
|
1181
904
|
},
|
|
1182
905
|
"metadata": {
|
|
1183
|
-
"requestId": "
|
|
1184
|
-
"timestamp": "2025-11-
|
|
906
|
+
"requestId": "fc1fa88f-9b22-4161-b4fd-17d8215098ee",
|
|
907
|
+
"timestamp": "2025-11-24T21:36:33.029Z"
|
|
1185
908
|
}
|
|
1186
909
|
}
|
|
1187
910
|
[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
|
|
1188
|
-
correlationId: '
|
|
911
|
+
correlationId: 'd8573c78-f55c-4106-b217-44a81bb5f2cf',
|
|
1189
912
|
dataKeys: [ 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
1190
913
|
hasAccepted: true,
|
|
1191
914
|
hasRejected: true,
|
|
1192
915
|
hasOutcomes: true,
|
|
1193
916
|
hasErrors: true,
|
|
1194
917
|
acceptedType: 'number',
|
|
1195
|
-
acceptedValue:
|
|
918
|
+
acceptedValue: 1,
|
|
1196
919
|
rejectedType: 'number',
|
|
1197
|
-
rejectedValue:
|
|
920
|
+
rejectedValue: 0,
|
|
1198
921
|
outcomesType: 'object',
|
|
1199
|
-
outcomesValue: { success: 1
|
|
922
|
+
outcomesValue: { success: 1 },
|
|
1200
923
|
errorsType: 'object',
|
|
1201
924
|
errorsIsArray: true,
|
|
1202
925
|
fullData: '{\n' +
|
|
1203
|
-
' "accepted":
|
|
1204
|
-
' "rejected":
|
|
926
|
+
' "accepted": 1,\n' +
|
|
927
|
+
' "rejected": 0,\n' +
|
|
1205
928
|
' "outcomes": {\n' +
|
|
1206
|
-
' "success": 1
|
|
1207
|
-
' "failed": 1,\n' +
|
|
1208
|
-
' "blocked": 1,\n' +
|
|
1209
|
-
' "error": 2\n' +
|
|
929
|
+
' "success": 1\n' +
|
|
1210
930
|
' },\n' +
|
|
1211
|
-
' "errors": [\n' +
|
|
1212
|
-
' {\n' +
|
|
1213
|
-
' "proof_index": 0,\n' +
|
|
1214
|
-
' "error": {\n' +
|
|
1215
|
-
' "code": "validation_error",\n' +
|
|
1216
|
-
' "message": "Invalid signature"\n' +
|
|
1217
|
-
' }\n' +
|
|
1218
|
-
' }\n' +
|
|
1219
|
-
' ]\n' +
|
|
931
|
+
' "errors": []\n' +
|
|
1220
932
|
'}'
|
|
1221
933
|
}
|
|
1222
934
|
[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
|
|
1223
|
-
correlationId: '
|
|
935
|
+
correlationId: 'd8573c78-f55c-4106-b217-44a81bb5f2cf',
|
|
1224
936
|
dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
1225
937
|
hasSuccess: true,
|
|
1226
938
|
successValue: true,
|
|
1227
939
|
hasAccepted: true,
|
|
1228
|
-
acceptedValue:
|
|
940
|
+
acceptedValue: 1,
|
|
1229
941
|
hasRejected: true,
|
|
1230
|
-
rejectedValue:
|
|
942
|
+
rejectedValue: 0,
|
|
1231
943
|
hasOutcomes: true,
|
|
1232
|
-
outcomesValue: { success: 1
|
|
944
|
+
outcomesValue: { success: 1 },
|
|
1233
945
|
fullDataWithSuccess: '{\n' +
|
|
1234
946
|
' "success": true,\n' +
|
|
1235
|
-
' "accepted":
|
|
1236
|
-
' "rejected":
|
|
947
|
+
' "accepted": 1,\n' +
|
|
948
|
+
' "rejected": 0,\n' +
|
|
1237
949
|
' "outcomes": {\n' +
|
|
1238
|
-
' "success": 1
|
|
1239
|
-
' "failed": 1,\n' +
|
|
1240
|
-
' "blocked": 1,\n' +
|
|
1241
|
-
' "error": 2\n' +
|
|
950
|
+
' "success": 1\n' +
|
|
1242
951
|
' },\n' +
|
|
1243
|
-
' "errors": [\n' +
|
|
1244
|
-
' {\n' +
|
|
1245
|
-
' "proof_index": 0,\n' +
|
|
1246
|
-
' "error": {\n' +
|
|
1247
|
-
' "code": "validation_error",\n' +
|
|
1248
|
-
' "message": "Invalid signature"\n' +
|
|
1249
|
-
' }\n' +
|
|
1250
|
-
' }\n' +
|
|
1251
|
-
' ]\n' +
|
|
952
|
+
' "errors": []\n' +
|
|
1252
953
|
'}'
|
|
1253
954
|
}
|
|
1254
955
|
|
|
1255
|
-
stderr | src/services/__tests__/
|
|
1256
|
-
[
|
|
1257
|
-
|
|
1258
|
-
|
|
956
|
+
stderr | src/services/__tests__/storage.service.test.ts > StorageService > createStorageProviders > should use KV namespace when provided
|
|
957
|
+
[StorageService] Failed to initialize KV, falling back to memory: Failed to import Cloudflare storage providers: Cannot find package '@kya-os/mcp-i-cloudflare/providers/storage' imported from '/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/storage.service.ts'
|
|
958
|
+
|
|
959
|
+
stderr | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
|
|
960
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return wildcard protection when tool not found and wildcard exists
|
|
961
|
+
[ToolProtectionService] Protection check {
|
|
962
|
+
[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
|
|
963
|
+
tool: 'unknown_tool',
|
|
964
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
965
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
966
|
+
found: true,
|
|
967
|
+
isWildcard: true,
|
|
968
|
+
requiresDelegation: true,
|
|
969
|
+
error: 'Network error',
|
|
970
|
+
cacheKey: 'agent:did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK'
|
|
971
|
+
}
|
|
972
|
+
availableTools: [ '*', 'specific_tool' ]
|
|
973
|
+
}
|
|
974
|
+
|
|
975
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should prioritize specific tool protection over wildcard
|
|
976
|
+
|
|
977
|
+
[ToolProtectionService] Config loaded from API {
|
|
978
|
+
source: 'api',
|
|
979
|
+
toolCount: 2,
|
|
980
|
+
protectedTools: [ '*' ],
|
|
981
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
982
|
+
projectId: 'none',
|
|
983
|
+
cacheTtlMs: 300000,
|
|
984
|
+
cacheExpiresAt: '2025-11-25T08:32:25.570Z'
|
|
985
|
+
}
|
|
986
|
+
|
|
987
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should use wildcard protection in fail-safe deny-all mode
|
|
988
|
+
[ToolProtectionService] Protection check {
|
|
989
|
+
tool: 'any_tool',
|
|
990
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
991
|
+
found: true,
|
|
992
|
+
isWildcard: true,
|
|
993
|
+
requiresDelegation: true,
|
|
994
|
+
availableTools: [ '*' ]
|
|
995
|
+
}
|
|
996
|
+
|
|
997
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return protection config when tool requires delegation
|
|
998
|
+
[ToolProtectionService] Config loaded from API {
|
|
999
|
+
source: 'api',
|
|
1000
|
+
toolCount: 1,
|
|
1001
|
+
protectedTools: [ 'protected_tool' ],
|
|
1002
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1003
|
+
projectId: 'none',
|
|
1004
|
+
cacheTtlMs: 300000,
|
|
1005
|
+
cacheExpiresAt: '2025-11-25T08:32:25.573Z'
|
|
1006
|
+
}
|
|
1007
|
+
|
|
1008
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > checkToolProtection > should return protection config when tool requires delegation
|
|
1009
|
+
[ToolProtectionService] Protection check {
|
|
1010
|
+
tool: 'protected_tool',
|
|
1011
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1012
|
+
found: true,
|
|
1013
|
+
isWildcard: false,
|
|
1014
|
+
requiresDelegation: true,
|
|
1015
|
+
availableTools: [ 'protected_tool' ]
|
|
1016
|
+
}
|
|
1017
|
+
|
|
1018
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
|
|
1019
|
+
[ToolProtectionService] Config loaded from API {
|
|
1020
|
+
source: 'api',
|
|
1021
|
+
toolCount: 1,
|
|
1022
|
+
protectedTools: [ 'tool1' ],
|
|
1023
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1024
|
+
projectId: 'none',
|
|
1025
|
+
cacheTtlMs: 300000,
|
|
1026
|
+
cacheExpiresAt: '2025-11-25T08:32:25.574Z'
|
|
1027
|
+
}
|
|
1028
|
+
|
|
1029
|
+
stdout | src/__tests__/services/tool-protection.service.test.ts > ToolProtectionService > integration with NoOpToolProtectionCache > should work with NoOpToolProtectionCache
|
|
1030
|
+
[ToolProtectionService] Config loaded from API {
|
|
1031
|
+
source: 'api',
|
|
1032
|
+
toolCount: 1,
|
|
1033
|
+
protectedTools: [ 'tool1' ],
|
|
1034
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1035
|
+
projectId: 'none',
|
|
1036
|
+
cacheTtlMs: 300000,
|
|
1037
|
+
cacheExpiresAt: '2025-11-25T08:32:25.574Z'
|
|
1038
|
+
}
|
|
1039
|
+
|
|
1040
|
+
stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should submit proofs successfully
|
|
1041
|
+
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1042
|
+
correlationId: 'ba14ef48-f1b3-4cc7-a7df-ccb94677270f',
|
|
1043
|
+
status: 200,
|
|
1259
1044
|
statusText: '',
|
|
1260
1045
|
headers: { 'content-type': 'application/json' },
|
|
1261
1046
|
responseTextLength: 100,
|
|
@@ -1263,7 +1048,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1263
1048
|
fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
|
|
1264
1049
|
}
|
|
1265
1050
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1266
|
-
correlationId: '
|
|
1051
|
+
correlationId: 'ba14ef48-f1b3-4cc7-a7df-ccb94677270f',
|
|
1267
1052
|
status: 200,
|
|
1268
1053
|
responseDataType: 'object',
|
|
1269
1054
|
responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
|
|
@@ -1291,10 +1076,9 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1291
1076
|
}
|
|
1292
1077
|
}
|
|
1293
1078
|
|
|
1294
|
-
✓ src/services/__tests__/access-control.proof-response-validation.test.ts (12 tests) 23ms
|
|
1295
1079
|
stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle all_proofs_rejected error gracefully
|
|
1296
1080
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1297
|
-
correlationId: '
|
|
1081
|
+
correlationId: '59a067ff-653b-485c-8dc7-800a19b4412b',
|
|
1298
1082
|
status: 400,
|
|
1299
1083
|
statusText: '',
|
|
1300
1084
|
headers: { 'content-type': 'application/json' },
|
|
@@ -1303,7 +1087,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1303
1087
|
fullResponseText: '{"success":false,"error":{"code":"all_proofs_rejected","message":"All proofs rejected","details":{"rejected":1,"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid signature"}}]}}}'
|
|
1304
1088
|
}
|
|
1305
1089
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1306
|
-
correlationId: '
|
|
1090
|
+
correlationId: '59a067ff-653b-485c-8dc7-800a19b4412b',
|
|
1307
1091
|
status: 400,
|
|
1308
1092
|
responseDataType: 'object',
|
|
1309
1093
|
responseDataKeys: [ 'success', 'error' ],
|
|
@@ -1330,16 +1114,16 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1330
1114
|
|
|
1331
1115
|
stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle wrapped response format
|
|
1332
1116
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1333
|
-
correlationId: '
|
|
1117
|
+
correlationId: '9106d3c7-4ce9-4383-a629-1e339ad72e3d',
|
|
1334
1118
|
status: 200,
|
|
1335
1119
|
statusText: '',
|
|
1336
1120
|
headers: { 'content-type': 'application/json' },
|
|
1337
1121
|
responseTextLength: 206,
|
|
1338
|
-
responseTextPreview: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
1339
|
-
fullResponseText: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-
|
|
1122
|
+
responseTextPreview: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.572Z"}}',
|
|
1123
|
+
fullResponseText: '{"success":true,"data":{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}},"metadata":{"requestId":"test-request-id","timestamp":"2025-11-25T08:27:25.572Z"}}'
|
|
1340
1124
|
}
|
|
1341
1125
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1342
|
-
correlationId: '
|
|
1126
|
+
correlationId: '9106d3c7-4ce9-4383-a629-1e339ad72e3d',
|
|
1343
1127
|
status: 200,
|
|
1344
1128
|
responseDataType: 'object',
|
|
1345
1129
|
responseDataKeys: [ 'success', 'data', 'metadata' ],
|
|
@@ -1358,7 +1142,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1358
1142
|
' },\n' +
|
|
1359
1143
|
' "metadata": {\n' +
|
|
1360
1144
|
' "requestId": "test-request-id",\n' +
|
|
1361
|
-
' "timestamp": "2025-11-
|
|
1145
|
+
' "timestamp": "2025-11-25T08:27:25.572Z"\n' +
|
|
1362
1146
|
' }\n' +
|
|
1363
1147
|
'}'
|
|
1364
1148
|
}
|
|
@@ -1377,11 +1161,11 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1377
1161
|
},
|
|
1378
1162
|
"metadata": {
|
|
1379
1163
|
"requestId": "test-request-id",
|
|
1380
|
-
"timestamp": "2025-11-
|
|
1164
|
+
"timestamp": "2025-11-25T08:27:25.572Z"
|
|
1381
1165
|
}
|
|
1382
1166
|
}
|
|
1383
1167
|
[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
|
|
1384
|
-
correlationId: '
|
|
1168
|
+
correlationId: '9106d3c7-4ce9-4383-a629-1e339ad72e3d',
|
|
1385
1169
|
dataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
|
|
1386
1170
|
hasAccepted: true,
|
|
1387
1171
|
hasRejected: true,
|
|
@@ -1408,7 +1192,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1408
1192
|
'}'
|
|
1409
1193
|
}
|
|
1410
1194
|
[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
|
|
1411
|
-
correlationId: '
|
|
1195
|
+
correlationId: '9106d3c7-4ce9-4383-a629-1e339ad72e3d',
|
|
1412
1196
|
dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
|
|
1413
1197
|
hasSuccess: true,
|
|
1414
1198
|
successValue: true,
|
|
@@ -1431,10 +1215,9 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1431
1215
|
'}'
|
|
1432
1216
|
}
|
|
1433
1217
|
|
|
1434
|
-
✓ src/services/__tests__/storage.service.test.ts (17 tests) 18ms
|
|
1435
1218
|
stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle response with missing outcomes field (outcomes is optional)
|
|
1436
1219
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1437
|
-
correlationId: '
|
|
1220
|
+
correlationId: '885c6955-cc18-4a97-9b19-a8b48aae1883',
|
|
1438
1221
|
status: 200,
|
|
1439
1222
|
statusText: '',
|
|
1440
1223
|
headers: { 'content-type': 'application/json' },
|
|
@@ -1443,7 +1226,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1443
1226
|
fullResponseText: '{"success":true,"accepted":1,"rejected":0}'
|
|
1444
1227
|
}
|
|
1445
1228
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1446
|
-
correlationId: '
|
|
1229
|
+
correlationId: '885c6955-cc18-4a97-9b19-a8b48aae1883',
|
|
1447
1230
|
status: 200,
|
|
1448
1231
|
responseDataType: 'object',
|
|
1449
1232
|
responseDataKeys: [ 'success', 'accepted', 'rejected' ],
|
|
@@ -1457,7 +1240,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1457
1240
|
|
|
1458
1241
|
stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle response with missing outcomes field (outcomes is optional)
|
|
1459
1242
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1460
|
-
correlationId: '
|
|
1243
|
+
correlationId: 'b5bb745b-c0d9-43de-9565-81c330ffa3d6',
|
|
1461
1244
|
status: 200,
|
|
1462
1245
|
statusText: '',
|
|
1463
1246
|
headers: { 'content-type': 'application/json' },
|
|
@@ -1466,7 +1249,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1466
1249
|
fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
|
|
1467
1250
|
}
|
|
1468
1251
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1469
|
-
correlationId: '
|
|
1252
|
+
correlationId: 'b5bb745b-c0d9-43de-9565-81c330ffa3d6',
|
|
1470
1253
|
status: 200,
|
|
1471
1254
|
responseDataType: 'object',
|
|
1472
1255
|
responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
|
|
@@ -1496,7 +1279,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1496
1279
|
|
|
1497
1280
|
stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle response with missing outcomes field (outcomes is optional)
|
|
1498
1281
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1499
|
-
correlationId: '
|
|
1282
|
+
correlationId: '26cc8cbc-667f-433c-b030-cc32dbf142d1',
|
|
1500
1283
|
status: 200,
|
|
1501
1284
|
statusText: '',
|
|
1502
1285
|
headers: { 'content-type': 'application/json' },
|
|
@@ -1505,7 +1288,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1505
1288
|
fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{}}'
|
|
1506
1289
|
}
|
|
1507
1290
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1508
|
-
correlationId: '
|
|
1291
|
+
correlationId: '26cc8cbc-667f-433c-b030-cc32dbf142d1',
|
|
1509
1292
|
status: 200,
|
|
1510
1293
|
responseDataType: 'object',
|
|
1511
1294
|
responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
|
|
@@ -1520,7 +1303,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1520
1303
|
|
|
1521
1304
|
stderr | src/services/__tests__/access-control.service.test.ts > AccessControlApiService > submitProofs > should handle wrapped response with invalid data structure
|
|
1522
1305
|
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1523
|
-
correlationId: '
|
|
1306
|
+
correlationId: 'bf7c30ba-b609-424b-ac50-595a5875aac8',
|
|
1524
1307
|
status: 200,
|
|
1525
1308
|
statusText: '',
|
|
1526
1309
|
headers: { 'content-type': 'application/json' },
|
|
@@ -1529,7 +1312,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1529
1312
|
fullResponseText: '{"success":true,"data":{"message":"Invalid format"}}'
|
|
1530
1313
|
}
|
|
1531
1314
|
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1532
|
-
correlationId: '
|
|
1315
|
+
correlationId: 'bf7c30ba-b609-424b-ac50-595a5875aac8',
|
|
1533
1316
|
status: 200,
|
|
1534
1317
|
responseDataType: 'object',
|
|
1535
1318
|
responseDataKeys: [ 'success', 'data' ],
|
|
@@ -1542,7 +1325,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1542
1325
|
}
|
|
1543
1326
|
}
|
|
1544
1327
|
[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
|
|
1545
|
-
correlationId: '
|
|
1328
|
+
correlationId: 'bf7c30ba-b609-424b-ac50-595a5875aac8',
|
|
1546
1329
|
dataKeys: [ 'message' ],
|
|
1547
1330
|
hasAccepted: false,
|
|
1548
1331
|
hasRejected: false,
|
|
@@ -1559,7 +1342,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1559
1342
|
fullData: '{\n "message": "Invalid format"\n}'
|
|
1560
1343
|
}
|
|
1561
1344
|
[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
|
|
1562
|
-
correlationId: '
|
|
1345
|
+
correlationId: 'bf7c30ba-b609-424b-ac50-595a5875aac8',
|
|
1563
1346
|
dataWithSuccessKeys: [ 'success', 'accepted', 'rejected' ],
|
|
1564
1347
|
hasSuccess: true,
|
|
1565
1348
|
successValue: true,
|
|
@@ -1572,7 +1355,7 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1572
1355
|
fullDataWithSuccess: '{\n "success": true\n}'
|
|
1573
1356
|
}
|
|
1574
1357
|
[AccessControl] ❌ MISSING REQUIRED FIELDS AFTER CONSTRUCTION: {
|
|
1575
|
-
correlationId: '
|
|
1358
|
+
correlationId: 'bf7c30ba-b609-424b-ac50-595a5875aac8',
|
|
1576
1359
|
hasAccepted: true,
|
|
1577
1360
|
acceptedType: 'undefined',
|
|
1578
1361
|
acceptedValue: undefined,
|
|
@@ -1586,1157 +1369,1311 @@ stderr | src/services/__tests__/access-control.service.test.ts > AccessControlAp
|
|
|
1586
1369
|
originalResponseData: '{\n "success": true,\n "data": {\n "message": "Invalid format"\n }\n}'
|
|
1587
1370
|
}
|
|
1588
1371
|
|
|
1589
|
-
|
|
1590
|
-
|
|
1591
|
-
|
|
1592
|
-
|
|
1593
|
-
|
|
1594
|
-
|
|
1595
|
-
|
|
1596
|
-
|
|
1597
|
-
|
|
1598
|
-
[MCP-I] Tool protection check passed (no delegation required) {
|
|
1599
|
-
tool: 'unprotectedTool',
|
|
1600
|
-
agentDid: 'did:key:zmock123...',
|
|
1601
|
-
reason: 'Tool not configured to require delegation'
|
|
1602
|
-
}
|
|
1603
|
-
|
|
1604
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
|
|
1605
|
-
[MCP-I] Checking tool protection: {
|
|
1606
|
-
tool: 'protectedTool',
|
|
1607
|
-
agentDid: 'did:key:zmock123...',
|
|
1608
|
-
hasDelegation: false
|
|
1609
|
-
}
|
|
1610
|
-
|
|
1611
|
-
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
|
|
1612
|
-
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
1613
|
-
tool: 'protectedTool',
|
|
1614
|
-
requiredScopes: [ 'files:write' ],
|
|
1615
|
-
agentDid: 'did:key:zmock123...',
|
|
1616
|
-
resumeToken: 'resume_g6quf0_mie32tfw',
|
|
1617
|
-
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_g6quf0_mie32tfw'
|
|
1372
|
+
stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > JSON Deep Clone Fix (Cloudflare Workers Edge Case) > should handle response where data fields are numeric values (not undefined)
|
|
1373
|
+
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1374
|
+
correlationId: '74af62d5-2314-4f42-abfd-2b460cd1a4db',
|
|
1375
|
+
status: 200,
|
|
1376
|
+
statusText: undefined,
|
|
1377
|
+
headers: {},
|
|
1378
|
+
responseTextLength: 151,
|
|
1379
|
+
responseTextPreview: '{"success":true,"data":{"accepted":0,"rejected":0,"outcomes":{},"errors":[]},"metadata":{"requestId":"test-id","timestamp":"2025-11-25T08:27:25.567Z"}}',
|
|
1380
|
+
fullResponseText: '{"success":true,"data":{"accepted":0,"rejected":0,"outcomes":{},"errors":[]},"metadata":{"requestId":"test-id","timestamp":"2025-11-25T08:27:25.567Z"}}'
|
|
1618
1381
|
}
|
|
1619
|
-
|
|
1620
|
-
|
|
1621
|
-
|
|
1622
|
-
|
|
1623
|
-
|
|
1624
|
-
|
|
1382
|
+
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1383
|
+
correlationId: '74af62d5-2314-4f42-abfd-2b460cd1a4db',
|
|
1384
|
+
status: 200,
|
|
1385
|
+
responseDataType: 'object',
|
|
1386
|
+
responseDataKeys: [ 'success', 'data', 'metadata' ],
|
|
1387
|
+
responseData: '{\n' +
|
|
1388
|
+
' "success": true,\n' +
|
|
1389
|
+
' "data": {\n' +
|
|
1390
|
+
' "accepted": 0,\n' +
|
|
1391
|
+
' "rejected": 0,\n' +
|
|
1392
|
+
' "outcomes": {},\n' +
|
|
1393
|
+
' "errors": []\n' +
|
|
1394
|
+
' },\n' +
|
|
1395
|
+
' "metadata": {\n' +
|
|
1396
|
+
' "requestId": "test-id",\n' +
|
|
1397
|
+
' "timestamp": "2025-11-25T08:27:25.567Z"\n' +
|
|
1398
|
+
' }\n' +
|
|
1399
|
+
'}'
|
|
1625
1400
|
}
|
|
1626
|
-
|
|
1627
|
-
|
|
1628
|
-
|
|
1629
|
-
|
|
1630
|
-
|
|
1631
|
-
|
|
1632
|
-
|
|
1633
|
-
|
|
1401
|
+
[AccessControl] Raw response received: {
|
|
1402
|
+
"success": true,
|
|
1403
|
+
"data": {
|
|
1404
|
+
"accepted": 0,
|
|
1405
|
+
"rejected": 0,
|
|
1406
|
+
"outcomes": {},
|
|
1407
|
+
"errors": []
|
|
1408
|
+
},
|
|
1409
|
+
"metadata": {
|
|
1410
|
+
"requestId": "test-id",
|
|
1411
|
+
"timestamp": "2025-11-25T08:27:25.567Z"
|
|
1412
|
+
}
|
|
1634
1413
|
}
|
|
1635
|
-
|
|
1636
|
-
|
|
1637
|
-
[
|
|
1638
|
-
|
|
1639
|
-
|
|
1640
|
-
|
|
1641
|
-
|
|
1642
|
-
|
|
1414
|
+
[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
|
|
1415
|
+
correlationId: '74af62d5-2314-4f42-abfd-2b460cd1a4db',
|
|
1416
|
+
dataKeys: [ 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
1417
|
+
hasAccepted: true,
|
|
1418
|
+
hasRejected: true,
|
|
1419
|
+
hasOutcomes: true,
|
|
1420
|
+
hasErrors: true,
|
|
1421
|
+
acceptedType: 'number',
|
|
1422
|
+
acceptedValue: 0,
|
|
1423
|
+
rejectedType: 'number',
|
|
1424
|
+
rejectedValue: 0,
|
|
1425
|
+
outcomesType: 'object',
|
|
1426
|
+
outcomesValue: {},
|
|
1427
|
+
errorsType: 'object',
|
|
1428
|
+
errorsIsArray: true,
|
|
1429
|
+
fullData: '{\n "accepted": 0,\n "rejected": 0,\n "outcomes": {},\n "errors": []\n}'
|
|
1643
1430
|
}
|
|
1644
|
-
|
|
1645
|
-
|
|
1646
|
-
|
|
1647
|
-
|
|
1648
|
-
|
|
1649
|
-
|
|
1650
|
-
|
|
1431
|
+
[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
|
|
1432
|
+
correlationId: '74af62d5-2314-4f42-abfd-2b460cd1a4db',
|
|
1433
|
+
dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
1434
|
+
hasSuccess: true,
|
|
1435
|
+
successValue: true,
|
|
1436
|
+
hasAccepted: true,
|
|
1437
|
+
acceptedValue: 0,
|
|
1438
|
+
hasRejected: true,
|
|
1439
|
+
rejectedValue: 0,
|
|
1440
|
+
hasOutcomes: true,
|
|
1441
|
+
outcomesValue: {},
|
|
1442
|
+
fullDataWithSuccess: '{\n' +
|
|
1443
|
+
' "success": true,\n' +
|
|
1444
|
+
' "accepted": 0,\n' +
|
|
1445
|
+
' "rejected": 0,\n' +
|
|
1446
|
+
' "outcomes": {},\n' +
|
|
1447
|
+
' "errors": []\n' +
|
|
1448
|
+
'}'
|
|
1651
1449
|
}
|
|
1652
1450
|
|
|
1653
|
-
|
|
1654
|
-
|
|
1655
|
-
|
|
1656
|
-
|
|
1657
|
-
|
|
1658
|
-
|
|
1659
|
-
|
|
1451
|
+
✓ src/services/__tests__/access-control.service.test.ts (23 tests) 33ms
|
|
1452
|
+
✓ src/services/__tests__/storage.service.test.ts (17 tests) 24ms
|
|
1453
|
+
stderr | src/services/__tests__/access-control.proof-response-validation.test.ts > Proof Submission Response Validation > JSON Deep Clone Fix (Cloudflare Workers Edge Case) > should handle response with nested outcomes object
|
|
1454
|
+
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1455
|
+
correlationId: '4f2d7f1a-4273-422f-b4a3-a9fda410bda9',
|
|
1456
|
+
status: 200,
|
|
1457
|
+
statusText: undefined,
|
|
1458
|
+
headers: {},
|
|
1459
|
+
responseTextLength: 278,
|
|
1460
|
+
responseTextPreview: '{"success":true,"data":{"accepted":3,"rejected":2,"outcomes":{"success":1,"failed":1,"blocked":1,"error":2},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Invalid signature"}}]},"metadata":{"requestId":"test-id","timestamp":"2025-11-25T08:27:25.585Z"}}',
|
|
1461
|
+
fullResponseText: '{"success":true,"data":{"accepted":3,"rejected":2,"outcomes":{"success":1,"failed":1,"blocked":1,"error":2},"errors":[{"proof_index":0,"error":{"code":"validation_error","message":"Invalid signature"}}]},"metadata":{"requestId":"test-id","timestamp":"2025-11-25T08:27:25.585Z"}}'
|
|
1660
1462
|
}
|
|
1661
|
-
|
|
1662
|
-
|
|
1663
|
-
|
|
1664
|
-
|
|
1665
|
-
|
|
1666
|
-
|
|
1667
|
-
|
|
1668
|
-
|
|
1463
|
+
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1464
|
+
correlationId: '4f2d7f1a-4273-422f-b4a3-a9fda410bda9',
|
|
1465
|
+
status: 200,
|
|
1466
|
+
responseDataType: 'object',
|
|
1467
|
+
responseDataKeys: [ 'success', 'data', 'metadata' ],
|
|
1468
|
+
responseData: '{\n' +
|
|
1469
|
+
' "success": true,\n' +
|
|
1470
|
+
' "data": {\n' +
|
|
1471
|
+
' "accepted": 3,\n' +
|
|
1472
|
+
' "rejected": 2,\n' +
|
|
1473
|
+
' "outcomes": {\n' +
|
|
1474
|
+
' "success": 1,\n' +
|
|
1475
|
+
' "failed": 1,\n' +
|
|
1476
|
+
' "blocked": 1,\n' +
|
|
1477
|
+
' "error": 2\n' +
|
|
1478
|
+
' },\n' +
|
|
1479
|
+
' "errors": [\n' +
|
|
1480
|
+
' {\n' +
|
|
1481
|
+
' "proof_index": 0,\n' +
|
|
1482
|
+
' "error": {\n' +
|
|
1483
|
+
' "code": "validation_error",\n' +
|
|
1484
|
+
' "message": "Invalid signature"\n' +
|
|
1485
|
+
' }\n' +
|
|
1486
|
+
' }\n' +
|
|
1487
|
+
' ]\n' +
|
|
1488
|
+
' },\n' +
|
|
1489
|
+
' "metadata": {\n' +
|
|
1490
|
+
' "requestId": "test-id",\n' +
|
|
1491
|
+
' "timestamp": "2025-11-25T08:27:25.585Z"\n' +
|
|
1492
|
+
' }\n' +
|
|
1493
|
+
'}'
|
|
1669
1494
|
}
|
|
1670
|
-
|
|
1671
|
-
|
|
1672
|
-
|
|
1673
|
-
|
|
1674
|
-
|
|
1675
|
-
|
|
1676
|
-
|
|
1495
|
+
[AccessControl] Raw response received: {
|
|
1496
|
+
"success": true,
|
|
1497
|
+
"data": {
|
|
1498
|
+
"accepted": 3,
|
|
1499
|
+
"rejected": 2,
|
|
1500
|
+
"outcomes": {
|
|
1501
|
+
"success": 1,
|
|
1502
|
+
"failed": 1,
|
|
1503
|
+
"blocked": 1,
|
|
1504
|
+
"error": 2
|
|
1505
|
+
},
|
|
1506
|
+
"errors": [
|
|
1507
|
+
{
|
|
1508
|
+
"proof_index": 0,
|
|
1509
|
+
"error": {
|
|
1510
|
+
"code": "validation_error",
|
|
1511
|
+
"message": "Invalid signature"
|
|
1512
|
+
}
|
|
1513
|
+
}
|
|
1514
|
+
]
|
|
1515
|
+
},
|
|
1516
|
+
"metadata": {
|
|
1517
|
+
"requestId": "test-id",
|
|
1518
|
+
"timestamp": "2025-11-25T08:27:25.585Z"
|
|
1519
|
+
}
|
|
1520
|
+
}
|
|
1521
|
+
[AccessControl] 🔍 DATA OBJECT STRUCTURE (after deep clone): {
|
|
1522
|
+
correlationId: '4f2d7f1a-4273-422f-b4a3-a9fda410bda9',
|
|
1523
|
+
dataKeys: [ 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
1524
|
+
hasAccepted: true,
|
|
1525
|
+
hasRejected: true,
|
|
1526
|
+
hasOutcomes: true,
|
|
1527
|
+
hasErrors: true,
|
|
1528
|
+
acceptedType: 'number',
|
|
1529
|
+
acceptedValue: 3,
|
|
1530
|
+
rejectedType: 'number',
|
|
1531
|
+
rejectedValue: 2,
|
|
1532
|
+
outcomesType: 'object',
|
|
1533
|
+
outcomesValue: { success: 1, failed: 1, blocked: 1, error: 2 },
|
|
1534
|
+
errorsType: 'object',
|
|
1535
|
+
errorsIsArray: true,
|
|
1536
|
+
fullData: '{\n' +
|
|
1537
|
+
' "accepted": 3,\n' +
|
|
1538
|
+
' "rejected": 2,\n' +
|
|
1539
|
+
' "outcomes": {\n' +
|
|
1540
|
+
' "success": 1,\n' +
|
|
1541
|
+
' "failed": 1,\n' +
|
|
1542
|
+
' "blocked": 1,\n' +
|
|
1543
|
+
' "error": 2\n' +
|
|
1544
|
+
' },\n' +
|
|
1545
|
+
' "errors": [\n' +
|
|
1546
|
+
' {\n' +
|
|
1547
|
+
' "proof_index": 0,\n' +
|
|
1548
|
+
' "error": {\n' +
|
|
1549
|
+
' "code": "validation_error",\n' +
|
|
1550
|
+
' "message": "Invalid signature"\n' +
|
|
1551
|
+
' }\n' +
|
|
1552
|
+
' }\n' +
|
|
1553
|
+
' ]\n' +
|
|
1554
|
+
'}'
|
|
1555
|
+
}
|
|
1556
|
+
[AccessControl] 🔍 VALIDATING DATA WITH SUCCESS: {
|
|
1557
|
+
correlationId: '4f2d7f1a-4273-422f-b4a3-a9fda410bda9',
|
|
1558
|
+
dataWithSuccessKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
1559
|
+
hasSuccess: true,
|
|
1560
|
+
successValue: true,
|
|
1561
|
+
hasAccepted: true,
|
|
1562
|
+
acceptedValue: 3,
|
|
1563
|
+
hasRejected: true,
|
|
1564
|
+
rejectedValue: 2,
|
|
1565
|
+
hasOutcomes: true,
|
|
1566
|
+
outcomesValue: { success: 1, failed: 1, blocked: 1, error: 2 },
|
|
1567
|
+
fullDataWithSuccess: '{\n' +
|
|
1568
|
+
' "success": true,\n' +
|
|
1569
|
+
' "accepted": 3,\n' +
|
|
1570
|
+
' "rejected": 2,\n' +
|
|
1571
|
+
' "outcomes": {\n' +
|
|
1572
|
+
' "success": 1,\n' +
|
|
1573
|
+
' "failed": 1,\n' +
|
|
1574
|
+
' "blocked": 1,\n' +
|
|
1575
|
+
' "error": 2\n' +
|
|
1576
|
+
' },\n' +
|
|
1577
|
+
' "errors": [\n' +
|
|
1578
|
+
' {\n' +
|
|
1579
|
+
' "proof_index": 0,\n' +
|
|
1580
|
+
' "error": {\n' +
|
|
1581
|
+
' "code": "validation_error",\n' +
|
|
1582
|
+
' "message": "Invalid signature"\n' +
|
|
1583
|
+
' }\n' +
|
|
1584
|
+
' }\n' +
|
|
1585
|
+
' ]\n' +
|
|
1586
|
+
'}'
|
|
1677
1587
|
}
|
|
1678
1588
|
|
|
1679
|
-
|
|
1680
|
-
|
|
1681
|
-
[
|
|
1682
|
-
|
|
1683
|
-
|
|
1684
|
-
|
|
1685
|
-
|
|
1686
|
-
|
|
1687
|
-
|
|
1688
|
-
|
|
1689
|
-
|
|
1690
|
-
|
|
1691
|
-
|
|
1589
|
+
✓ src/__tests__/services/tool-protection.service.test.ts (49 tests) 21ms
|
|
1590
|
+
stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.get errors gracefully
|
|
1591
|
+
[UserDidManager] Storage.get failed, generating new DID: Error: Storage error
|
|
1592
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:187:67
|
|
1593
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1594
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1595
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1596
|
+
at new Promise (<anonymous>)
|
|
1597
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1598
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1599
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1600
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1601
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1602
|
+
|
|
1603
|
+
stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.set errors gracefully
|
|
1604
|
+
[UserDidManager] Storage.set failed, continuing with cached DID: Error: Storage error
|
|
1605
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:196:67
|
|
1606
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1607
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1608
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1609
|
+
at new Promise (<anonymous>)
|
|
1610
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1611
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1612
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1613
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1614
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1615
|
+
|
|
1616
|
+
stderr | src/__tests__/identity/user-did-manager.test.ts > UserDidManager > error handling > should handle storage.delete errors gracefully
|
|
1617
|
+
[UserDidManager] Storage.delete failed, continuing: Error: Storage error
|
|
1618
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:206:70
|
|
1619
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1620
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
|
|
1621
|
+
|
|
1622
|
+
✓ src/__tests__/identity/user-did-manager.test.ts (17 tests) 8ms
|
|
1623
|
+
✓ src/services/__tests__/access-control.proof-response-validation.test.ts (12 tests) 40ms
|
|
1624
|
+
stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
|
|
1625
|
+
[ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
|
|
1626
|
+
at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
|
|
1627
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1628
|
+
at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
|
|
1629
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:252:7
|
|
1630
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
|
|
1631
|
+
|
|
1632
|
+
stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
|
|
1633
|
+
[ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
|
|
1634
|
+
at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
|
|
1635
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1636
|
+
at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
|
|
1637
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:257:9
|
|
1638
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
|
|
1639
|
+
|
|
1640
|
+
✓ src/__tests__/runtime/base.test.ts (55 tests) 12ms
|
|
1641
|
+
✓ src/services/__tests__/proof-verifier.integration.test.ts (13 tests | 1 skipped) 90ms
|
|
1642
|
+
✓ src/delegation/__tests__/vc-issuer.test.ts (21 tests) 358ms
|
|
1643
|
+
✓ src/delegation/__tests__/vc-verifier.test.ts (35 tests) 260ms
|
|
1644
|
+
✓ src/__tests__/runtime/route-interception.test.ts (21 tests) 22ms
|
|
1645
|
+
stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should submit proof end-to-end
|
|
1646
|
+
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1647
|
+
correlationId: 'ecb14b21-78b7-4f74-8497-09ed922b7497',
|
|
1648
|
+
status: 200,
|
|
1649
|
+
statusText: '',
|
|
1650
|
+
headers: { 'content-type': 'application/json' },
|
|
1651
|
+
responseTextLength: 100,
|
|
1652
|
+
responseTextPreview: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}',
|
|
1653
|
+
fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
|
|
1692
1654
|
}
|
|
1693
|
-
|
|
1655
|
+
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1656
|
+
correlationId: 'ecb14b21-78b7-4f74-8497-09ed922b7497',
|
|
1657
|
+
status: 200,
|
|
1658
|
+
responseDataType: 'object',
|
|
1659
|
+
responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
|
|
1660
|
+
responseData: '{\n' +
|
|
1661
|
+
' "success": true,\n' +
|
|
1662
|
+
' "accepted": 1,\n' +
|
|
1663
|
+
' "rejected": 0,\n' +
|
|
1664
|
+
' "outcomes": {\n' +
|
|
1665
|
+
' "success": 1,\n' +
|
|
1666
|
+
' "failed": 0,\n' +
|
|
1667
|
+
' "blocked": 0,\n' +
|
|
1668
|
+
' "error": 0\n' +
|
|
1669
|
+
' }\n' +
|
|
1670
|
+
'}'
|
|
1671
|
+
}
|
|
1672
|
+
[AccessControl] Raw response received: {
|
|
1673
|
+
"success": true,
|
|
1674
|
+
"accepted": 1,
|
|
1675
|
+
"rejected": 0,
|
|
1676
|
+
"outcomes": {
|
|
1677
|
+
"success": 1,
|
|
1678
|
+
"failed": 0,
|
|
1679
|
+
"blocked": 0,
|
|
1680
|
+
"error": 0
|
|
1681
|
+
}
|
|
1682
|
+
}
|
|
1683
|
+
|
|
1684
|
+
stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should handle proof submission with errors
|
|
1685
|
+
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
1686
|
+
correlationId: '182cd97e-264f-499e-9d41-4480bb218ec4',
|
|
1687
|
+
status: 200,
|
|
1688
|
+
statusText: '',
|
|
1689
|
+
headers: { 'content-type': 'application/json' },
|
|
1690
|
+
responseTextLength: 200,
|
|
1691
|
+
responseTextPreview: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}',
|
|
1692
|
+
fullResponseText: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}'
|
|
1693
|
+
}
|
|
1694
|
+
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
1695
|
+
correlationId: '182cd97e-264f-499e-9d41-4480bb218ec4',
|
|
1696
|
+
status: 200,
|
|
1697
|
+
responseDataType: 'object',
|
|
1698
|
+
responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
1699
|
+
responseData: '{\n' +
|
|
1700
|
+
' "success": true,\n' +
|
|
1701
|
+
' "accepted": 0,\n' +
|
|
1702
|
+
' "rejected": 1,\n' +
|
|
1703
|
+
' "outcomes": {\n' +
|
|
1704
|
+
' "success": 0,\n' +
|
|
1705
|
+
' "failed": 1,\n' +
|
|
1706
|
+
' "blocked": 0,\n' +
|
|
1707
|
+
' "error": 0\n' +
|
|
1708
|
+
' },\n' +
|
|
1709
|
+
' "errors": [\n' +
|
|
1710
|
+
' {\n' +
|
|
1711
|
+
' "proof_index": 0,\n' +
|
|
1712
|
+
' "error": {\n' +
|
|
1713
|
+
' "code": "invalid_signature",\n' +
|
|
1714
|
+
' "message": "Invalid JWS signature"\n' +
|
|
1715
|
+
' }\n' +
|
|
1716
|
+
' }\n' +
|
|
1717
|
+
' ]\n' +
|
|
1718
|
+
'}'
|
|
1694
1719
|
}
|
|
1720
|
+
[AccessControl] Raw response received: {
|
|
1721
|
+
"success": true,
|
|
1722
|
+
"accepted": 0,
|
|
1723
|
+
"rejected": 1,
|
|
1724
|
+
"outcomes": {
|
|
1725
|
+
"success": 0,
|
|
1726
|
+
"failed": 1,
|
|
1727
|
+
"blocked": 0,
|
|
1728
|
+
"error": 0
|
|
1729
|
+
},
|
|
1730
|
+
"errors": [
|
|
1731
|
+
{
|
|
1732
|
+
"proof_index": 0,
|
|
1733
|
+
"error": {
|
|
1734
|
+
"code": "invalid_signature",
|
|
1735
|
+
"message": "Invalid JWS signature"
|
|
1736
|
+
}
|
|
1737
|
+
}
|
|
1738
|
+
]
|
|
1739
|
+
}
|
|
1740
|
+
|
|
1741
|
+
stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Verification Flow > should verify proof using ProofVerifier
|
|
1742
|
+
[CryptoService] Key ID mismatch
|
|
1743
|
+
|
|
1744
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyEd25519 > should return false on verification error
|
|
1745
|
+
[CryptoService] Ed25519 verification error: Error: Verification failed
|
|
1746
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:62:9
|
|
1747
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1748
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1749
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1750
|
+
at new Promise (<anonymous>)
|
|
1751
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1752
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1753
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1754
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1755
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1756
|
+
|
|
1757
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject invalid JWK format
|
|
1758
|
+
[CryptoService] Invalid Ed25519 JWK format
|
|
1759
|
+
|
|
1760
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong kty
|
|
1761
|
+
[CryptoService] Invalid Ed25519 JWK format
|
|
1762
|
+
|
|
1763
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong crv
|
|
1764
|
+
[CryptoService] Invalid Ed25519 JWK format
|
|
1765
|
+
|
|
1766
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with missing x field
|
|
1767
|
+
[CryptoService] Invalid Ed25519 JWK format
|
|
1768
|
+
|
|
1769
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with empty x field
|
|
1770
|
+
[CryptoService] Invalid Ed25519 JWK format
|
|
1771
|
+
|
|
1772
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject malformed JWS
|
|
1773
|
+
[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token '', "" is not valid JSON
|
|
1774
|
+
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
|
|
1775
|
+
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
1776
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:230:42
|
|
1777
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1778
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1779
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1780
|
+
at new Promise (<anonymous>)
|
|
1781
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1782
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1783
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1695
1784
|
|
|
1785
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject non-EdDSA algorithms
|
|
1786
|
+
[CryptoService] Unsupported algorithm: RS256, expected EdDSA
|
|
1696
1787
|
|
|
1697
|
-
stderr | src/__tests__/
|
|
1698
|
-
|
|
1699
|
-
[MCP-I] ❌ Delegation verification FAILED {
|
|
1700
|
-
[MCP-I] Checking tool protection: {
|
|
1701
|
-
tool: 'protectedTool',
|
|
1702
|
-
tool: 'protectedTool',
|
|
1703
|
-
agentDid: 'did:key:zmock123...',
|
|
1704
|
-
hasDelegation: true
|
|
1705
|
-
}
|
|
1788
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject HS256 algorithm
|
|
1789
|
+
[CryptoService] Unsupported algorithm: HS256, expected EdDSA
|
|
1706
1790
|
|
|
1707
|
-
|
|
1708
|
-
[
|
|
1709
|
-
|
|
1710
|
-
|
|
1711
|
-
|
|
1712
|
-
|
|
1713
|
-
|
|
1714
|
-
|
|
1715
|
-
|
|
1716
|
-
|
|
1717
|
-
|
|
1791
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle empty JWS components
|
|
1792
|
+
[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected end of JSON input
|
|
1793
|
+
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
|
|
1794
|
+
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
1795
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:271:42
|
|
1796
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1797
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1798
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1799
|
+
at new Promise (<anonymous>)
|
|
1800
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1801
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1802
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1718
1803
|
|
|
1719
|
-
|
|
1720
|
-
|
|
1721
|
-
|
|
1804
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - single part
|
|
1805
|
+
[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
|
|
1806
|
+
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
|
|
1807
|
+
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
1808
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:279:42
|
|
1809
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1810
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1811
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1812
|
+
at new Promise (<anonymous>)
|
|
1813
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1814
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1815
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1722
1816
|
|
|
1723
|
-
|
|
1724
|
-
[
|
|
1725
|
-
|
|
1726
|
-
|
|
1727
|
-
|
|
1728
|
-
|
|
1817
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - two parts
|
|
1818
|
+
[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
|
|
1819
|
+
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
|
|
1820
|
+
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
1821
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:287:42
|
|
1822
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1823
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1824
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1825
|
+
at new Promise (<anonymous>)
|
|
1826
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1827
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1828
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1729
1829
|
|
|
1730
|
-
|
|
1731
|
-
[
|
|
1732
|
-
|
|
1733
|
-
|
|
1734
|
-
|
|
1735
|
-
|
|
1736
|
-
|
|
1737
|
-
|
|
1830
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - four parts
|
|
1831
|
+
[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
|
|
1832
|
+
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
|
|
1833
|
+
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
1834
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:302:42
|
|
1835
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1836
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1837
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1838
|
+
at new Promise (<anonymous>)
|
|
1839
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1840
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1841
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1738
1842
|
|
|
1739
|
-
stderr | src/__tests__/
|
|
1740
|
-
[
|
|
1741
|
-
|
|
1742
|
-
|
|
1743
|
-
|
|
1744
|
-
|
|
1745
|
-
|
|
1746
|
-
|
|
1843
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid JSON header
|
|
1844
|
+
[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token 'o', "notjson" is not valid JSON
|
|
1845
|
+
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
|
|
1846
|
+
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
1847
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:316:42
|
|
1848
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1849
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1850
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1851
|
+
at new Promise (<anonymous>)
|
|
1852
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1853
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1854
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1747
1855
|
|
|
1748
|
-
|
|
1749
|
-
[
|
|
1750
|
-
|
|
1751
|
-
|
|
1752
|
-
|
|
1753
|
-
|
|
1856
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid base64
|
|
1857
|
+
[CryptoService] Invalid JWS format: Error: Invalid payload base64: Invalid base64url string: Invalid character
|
|
1858
|
+
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:107:15)
|
|
1859
|
+
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
1860
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:334:42
|
|
1861
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1862
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1863
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1864
|
+
at new Promise (<anonymous>)
|
|
1865
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1866
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1867
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1754
1868
|
|
|
1755
|
-
stderr | src/__tests__/
|
|
1756
|
-
[
|
|
1757
|
-
tool: 'protectedTool',
|
|
1758
|
-
agentDid: 'did:key:zmock123...',
|
|
1759
|
-
hasDelegationToken: true,
|
|
1760
|
-
hasConsentProof: false
|
|
1761
|
-
}
|
|
1869
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate expectedKid option
|
|
1870
|
+
[CryptoService] Key ID mismatch
|
|
1762
1871
|
|
|
1763
|
-
|
|
1764
|
-
[
|
|
1765
|
-
tool: 'protectedTool',
|
|
1766
|
-
agentDid: 'did:key:zmock123...',
|
|
1767
|
-
hasDelegation: true
|
|
1768
|
-
}
|
|
1872
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate alg option
|
|
1873
|
+
[CryptoService] Unsupported algorithm: EdDSA, expected RS256
|
|
1769
1874
|
|
|
1770
|
-
|
|
1771
|
-
[
|
|
1772
|
-
|
|
1773
|
-
|
|
1774
|
-
|
|
1775
|
-
|
|
1776
|
-
|
|
1777
|
-
|
|
1875
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should validate Ed25519 key length
|
|
1876
|
+
[CryptoService] Failed to extract public key: Error: Invalid Ed25519 public key length: 5
|
|
1877
|
+
at CryptoService.jwkToBase64PublicKey (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:295:13)
|
|
1878
|
+
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:249:32)
|
|
1879
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:398:42
|
|
1880
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1881
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1882
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1883
|
+
at new Promise (<anonymous>)
|
|
1884
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1885
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1886
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1778
1887
|
|
|
1779
|
-
stderr | src/__tests__/
|
|
1780
|
-
|
|
1781
|
-
|
|
1782
|
-
|
|
1783
|
-
|
|
1784
|
-
|
|
1785
|
-
|
|
1786
|
-
|
|
1888
|
+
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle signature verification error
|
|
1889
|
+
[CryptoService] Ed25519 verification error: Error: Crypto error
|
|
1890
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:449:61
|
|
1891
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1892
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1893
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1894
|
+
at new Promise (<anonymous>)
|
|
1895
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1896
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1897
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1898
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1899
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1787
1900
|
|
|
1788
|
-
|
|
1789
|
-
|
|
1790
|
-
|
|
1791
|
-
|
|
1792
|
-
|
|
1793
|
-
|
|
1794
|
-
agentDid: 'did:key:
|
|
1795
|
-
|
|
1796
|
-
|
|
1797
|
-
|
|
1798
|
-
sessionUserDid: 'did:key:zUserA123456...',
|
|
1799
|
-
sessionId: 'session123...',
|
|
1901
|
+
✓ src/services/__tests__/crypto.service.test.ts (34 tests) 16ms
|
|
1902
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should allow unprotected tool calls
|
|
1903
|
+
[ToolProtectionService] Config loaded from API {
|
|
1904
|
+
source: 'api',
|
|
1905
|
+
toolCount: 1,
|
|
1906
|
+
protectedTools: [],
|
|
1907
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1908
|
+
projectId: 'test-project',
|
|
1909
|
+
cacheTtlMs: 300000,
|
|
1910
|
+
cacheExpiresAt: '2025-11-25T08:32:25.936Z'
|
|
1800
1911
|
}
|
|
1801
|
-
reason: 'user_identifier_mismatch',
|
|
1802
|
-
severity: 'high'
|
|
1803
1912
|
|
|
1913
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
|
|
1914
|
+
[ToolProtectionService] Config loaded from API {
|
|
1915
|
+
source: 'api',
|
|
1916
|
+
toolCount: 1,
|
|
1917
|
+
protectedTools: [ 'checkout' ],
|
|
1918
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1919
|
+
projectId: 'test-project',
|
|
1920
|
+
cacheTtlMs: 300000,
|
|
1921
|
+
cacheExpiresAt: '2025-11-25T08:32:25.937Z'
|
|
1804
1922
|
}
|
|
1805
1923
|
|
|
1806
|
-
stdout | src/__tests__/
|
|
1807
|
-
[
|
|
1808
|
-
tool: '
|
|
1809
|
-
agentDid: 'did:key:
|
|
1810
|
-
|
|
1811
|
-
|
|
1924
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Tool protection enforcement flow > should intercept protected tool calls without delegation
|
|
1925
|
+
[ToolProtectionService] Protection check {
|
|
1926
|
+
tool: 'checkout',
|
|
1927
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1928
|
+
found: true,
|
|
1929
|
+
isWildcard: false,
|
|
1930
|
+
requiresDelegation: true,
|
|
1931
|
+
availableTools: [ 'checkout' ]
|
|
1812
1932
|
}
|
|
1813
|
-
|
|
1814
|
-
|
|
1815
|
-
|
|
1816
|
-
|
|
1817
|
-
|
|
1818
|
-
|
|
1933
|
+
|
|
1934
|
+
stderr | src/services/__tests__/proof-verifier.test.ts > ProofVerifier Security > Signature Verification > should handle signature verification errors gracefully
|
|
1935
|
+
[CryptoService] Ed25519 verification error: Error: Crypto error
|
|
1936
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.test.ts:328:9
|
|
1937
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
1938
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
1939
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
1940
|
+
at new Promise (<anonymous>)
|
|
1941
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
1942
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
1943
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
1944
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1945
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
1946
|
+
|
|
1947
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should fetch tool protection config from AgentShield
|
|
1948
|
+
[ToolProtectionService] Config loaded from API {
|
|
1949
|
+
source: 'api',
|
|
1950
|
+
toolCount: 1,
|
|
1951
|
+
protectedTools: [ 'protected_tool' ],
|
|
1952
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1953
|
+
projectId: 'test-project',
|
|
1954
|
+
cacheTtlMs: 300000,
|
|
1955
|
+
cacheExpiresAt: '2025-11-25T08:32:25.939Z'
|
|
1819
1956
|
}
|
|
1820
1957
|
|
|
1821
|
-
stdout | src/__tests__/
|
|
1822
|
-
[
|
|
1823
|
-
|
|
1824
|
-
|
|
1825
|
-
|
|
1958
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should cache tool protection config
|
|
1959
|
+
[ToolProtectionService] Config loaded from API {
|
|
1960
|
+
source: 'api',
|
|
1961
|
+
toolCount: 1,
|
|
1962
|
+
protectedTools: [ 'tool1' ],
|
|
1963
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1964
|
+
projectId: 'test-project',
|
|
1965
|
+
cacheTtlMs: 300000,
|
|
1966
|
+
cacheExpiresAt: '2025-11-25T08:32:25.940Z'
|
|
1826
1967
|
}
|
|
1827
1968
|
|
|
1828
|
-
|
|
1829
|
-
[
|
|
1830
|
-
|
|
1831
|
-
|
|
1832
|
-
|
|
1833
|
-
|
|
1834
|
-
|
|
1969
|
+
stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > AgentShield integration flow > should use fallback config when API fails
|
|
1970
|
+
[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network error' }
|
|
1971
|
+
|
|
1972
|
+
stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle tool protection service errors gracefully
|
|
1973
|
+
[ToolProtectionService] API fetch failed, no fallback, failing closed (deny-all) {
|
|
1974
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1975
|
+
error: 'Network error',
|
|
1976
|
+
cacheKey: 'config:tool-protections:test-project'
|
|
1835
1977
|
}
|
|
1836
1978
|
|
|
1837
|
-
|
|
1838
|
-
|
|
1839
|
-
|
|
1840
|
-
|
|
1841
|
-
|
|
1842
|
-
|
|
1843
|
-
|
|
1979
|
+
✓ src/services/__tests__/proof-verifier.test.ts (21 tests) 11ms
|
|
1980
|
+
stderr | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Error handling in full flow > should handle network timeouts
|
|
1981
|
+
[ToolProtectionService] API fetch failed, using fallback config { agentDid: 'did:key:z6MkhaXgBZDv...', error: 'Network timeout' }
|
|
1982
|
+
|
|
1983
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should share cache across multiple service instances
|
|
1984
|
+
[ToolProtectionService] Config loaded from API {
|
|
1985
|
+
source: 'api',
|
|
1986
|
+
toolCount: 1,
|
|
1987
|
+
protectedTools: [ 'tool1' ],
|
|
1988
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
1989
|
+
projectId: 'test-project',
|
|
1990
|
+
cacheTtlMs: 300000,
|
|
1991
|
+
cacheExpiresAt: '2025-11-25T08:32:25.942Z'
|
|
1844
1992
|
}
|
|
1845
1993
|
|
|
1846
|
-
stdout | src/__tests__/
|
|
1847
|
-
[
|
|
1848
|
-
|
|
1849
|
-
|
|
1850
|
-
|
|
1994
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
|
|
1995
|
+
[ToolProtectionService] Config loaded from API {
|
|
1996
|
+
source: 'api',
|
|
1997
|
+
toolCount: 1,
|
|
1998
|
+
protectedTools: [ 'tool1' ],
|
|
1999
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2000
|
+
projectId: 'test-project',
|
|
2001
|
+
cacheTtlMs: 300000,
|
|
2002
|
+
cacheExpiresAt: '2025-11-25T08:32:25.942Z'
|
|
1851
2003
|
}
|
|
1852
2004
|
|
|
1853
|
-
stdout | src/__tests__/
|
|
1854
|
-
[
|
|
1855
|
-
|
|
1856
|
-
|
|
1857
|
-
|
|
1858
|
-
|
|
1859
|
-
|
|
1860
|
-
|
|
1861
|
-
|
|
1862
|
-
tool: 'protectedTool',
|
|
1863
|
-
agentDid: 'did:key:zmock123...',
|
|
2005
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Cache integration in full flow > should clear cache when needed
|
|
2006
|
+
[ToolProtectionService] Config loaded from API {
|
|
2007
|
+
source: 'api',
|
|
2008
|
+
toolCount: 1,
|
|
2009
|
+
protectedTools: [ 'tool1' ],
|
|
2010
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2011
|
+
projectId: 'test-project',
|
|
2012
|
+
cacheTtlMs: 300000,
|
|
2013
|
+
cacheExpiresAt: '2025-11-25T08:32:25.942Z'
|
|
1864
2014
|
}
|
|
1865
2015
|
|
|
1866
|
-
|
|
1867
|
-
|
|
1868
|
-
|
|
1869
|
-
|
|
2016
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
|
|
2017
|
+
[ToolProtectionService] Config loaded from API {
|
|
2018
|
+
source: 'api',
|
|
2019
|
+
toolCount: 3,
|
|
2020
|
+
protectedTools: [ 'add_to_cart', 'checkout' ],
|
|
2021
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2022
|
+
projectId: 'test-project',
|
|
2023
|
+
cacheTtlMs: 300000,
|
|
2024
|
+
cacheExpiresAt: '2025-11-25T08:32:25.942Z'
|
|
1870
2025
|
}
|
|
1871
2026
|
|
|
1872
|
-
|
|
1873
|
-
|
|
1874
|
-
|
|
1875
|
-
|
|
1876
|
-
|
|
2027
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Real-world e-commerce scenario > should handle complete e-commerce flow with tool protection
|
|
2028
|
+
[ToolProtectionService] Protection check {
|
|
2029
|
+
tool: 'add_to_cart',
|
|
2030
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2031
|
+
found: true,
|
|
2032
|
+
isWildcard: false,
|
|
2033
|
+
requiresDelegation: true,
|
|
2034
|
+
availableTools: [ 'search_products', 'add_to_cart', 'checkout' ]
|
|
1877
2035
|
}
|
|
1878
2036
|
|
|
1879
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should
|
|
2037
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when no protection required
|
|
1880
2038
|
[MCP-I] Checking tool protection: {
|
|
1881
2039
|
tool: 'unprotectedTool',
|
|
1882
2040
|
agentDid: 'did:key:zmock123...',
|
|
1883
2041
|
hasDelegation: false
|
|
1884
2042
|
}
|
|
1885
2043
|
|
|
1886
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should
|
|
2044
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when no protection required
|
|
1887
2045
|
[MCP-I] Tool protection check passed (no delegation required) {
|
|
1888
2046
|
tool: 'unprotectedTool',
|
|
1889
2047
|
agentDid: 'did:key:zmock123...',
|
|
1890
2048
|
reason: 'Tool not configured to require delegation'
|
|
1891
2049
|
}
|
|
1892
2050
|
|
|
1893
|
-
stdout | src/__tests__/
|
|
1894
|
-
[
|
|
1895
|
-
|
|
1896
|
-
|
|
1897
|
-
|
|
1898
|
-
|
|
1899
|
-
|
|
1900
|
-
|
|
1901
|
-
|
|
1902
|
-
tool: 'protectedTool',
|
|
1903
|
-
requiredScopes: [ 'files:write' ],
|
|
1904
|
-
agentDid: 'did:key:zmock123...',
|
|
1905
|
-
resumeToken: 'resume_g6qtp6_mie32tg4',
|
|
1906
|
-
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_g6qtp6_mie32tg4'
|
|
2051
|
+
stdout | src/__tests__/integration/full-flow.test.ts > Full Flow Integration > Concurrent operations > should handle concurrent cache operations
|
|
2052
|
+
[ToolProtectionService] Config loaded from API {
|
|
2053
|
+
source: 'api',
|
|
2054
|
+
toolCount: 1,
|
|
2055
|
+
protectedTools: [ 'tool1' ],
|
|
2056
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2057
|
+
projectId: 'test-project',
|
|
2058
|
+
cacheTtlMs: 300000,
|
|
2059
|
+
cacheExpiresAt: '2025-11-25T08:32:25.943Z'
|
|
1907
2060
|
}
|
|
1908
|
-
|
|
1909
|
-
|
|
1910
|
-
|
|
1911
|
-
|
|
1912
|
-
agentDid: 'did:key:
|
|
1913
|
-
|
|
1914
|
-
|
|
2061
|
+
[ToolProtectionService] Config loaded from API {
|
|
2062
|
+
source: 'api',
|
|
2063
|
+
toolCount: 1,
|
|
2064
|
+
protectedTools: [ 'tool1' ],
|
|
2065
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2066
|
+
projectId: 'test-project',
|
|
2067
|
+
cacheTtlMs: 300000,
|
|
2068
|
+
cacheExpiresAt: '2025-11-25T08:32:25.943Z'
|
|
1915
2069
|
}
|
|
1916
|
-
[
|
|
1917
|
-
|
|
1918
|
-
|
|
1919
|
-
|
|
1920
|
-
agentDid: 'did:key:
|
|
1921
|
-
|
|
1922
|
-
|
|
2070
|
+
[ToolProtectionService] Config loaded from API {
|
|
2071
|
+
source: 'api',
|
|
2072
|
+
toolCount: 1,
|
|
2073
|
+
protectedTools: [ 'tool1' ],
|
|
2074
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2075
|
+
projectId: 'test-project',
|
|
2076
|
+
cacheTtlMs: 300000,
|
|
2077
|
+
cacheExpiresAt: '2025-11-25T08:32:25.943Z'
|
|
1923
2078
|
}
|
|
1924
2079
|
|
|
1925
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement >
|
|
2080
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
|
|
1926
2081
|
[MCP-I] Checking tool protection: {
|
|
1927
2082
|
tool: 'protectedTool',
|
|
1928
2083
|
agentDid: 'did:key:zmock123...',
|
|
1929
2084
|
hasDelegation: false
|
|
1930
2085
|
}
|
|
1931
2086
|
|
|
1932
|
-
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement >
|
|
2087
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when protection required and no delegation
|
|
1933
2088
|
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
1934
2089
|
tool: 'protectedTool',
|
|
1935
|
-
|
|
1936
|
-
[MCP-I] Checking tool protection: {
|
|
1937
|
-
requiredScopes: [ 'files:write', 'files:read' ],
|
|
1938
|
-
agentDid: 'did:key:zmock123...',
|
|
1939
|
-
tool: 'protectedTool',
|
|
1940
|
-
resumeToken: 'resume_g6qtob_mie32tg5',
|
|
1941
|
-
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite%2Cfiles%3Aread&session_id=session123&agent_did=&resume_token=resume_g6qtob_mie32tg5'
|
|
2090
|
+
requiredScopes: [ 'files:write' ],
|
|
1942
2091
|
agentDid: 'did:key:zmock123...',
|
|
2092
|
+
resumeToken: 'resume_ifp5x4_miebbtko',
|
|
2093
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ifp5x4_miebbtko'
|
|
1943
2094
|
}
|
|
1944
|
-
hasDelegation: false
|
|
1945
|
-
}
|
|
1946
|
-
|
|
1947
2095
|
|
|
1948
|
-
|
|
2096
|
+
✓ src/__tests__/integration/full-flow.test.ts (21 tests) 11ms
|
|
2097
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
|
|
1949
2098
|
[MCP-I] Checking tool protection: {
|
|
1950
2099
|
tool: 'protectedTool',
|
|
1951
|
-
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
|
|
1952
|
-
agentDid: 'did:key:zmock123...',
|
|
1953
|
-
hasDelegation: false
|
|
1954
|
-
}
|
|
1955
|
-
|
|
1956
|
-
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
1957
|
-
tool: 'protectedTool',
|
|
1958
|
-
requiredScopes: [ 'files:write' ],
|
|
1959
2100
|
agentDid: 'did:key:zmock123...',
|
|
1960
|
-
|
|
1961
|
-
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_g6qtob_mie32tg5'
|
|
2101
|
+
hasDelegation: true
|
|
1962
2102
|
}
|
|
1963
2103
|
|
|
1964
|
-
|
|
1965
|
-
[MCP-I]
|
|
2104
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
|
|
2105
|
+
[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
|
|
1966
2106
|
tool: 'protectedTool',
|
|
1967
|
-
requiredScopes: [ 'files:write' ],
|
|
1968
2107
|
agentDid: 'did:key:zmock123...',
|
|
1969
|
-
|
|
1970
|
-
|
|
2108
|
+
hasDelegationToken: true,
|
|
2109
|
+
hasConsentProof: false,
|
|
2110
|
+
requiredScopes: [ 'files:write' ]
|
|
1971
2111
|
}
|
|
1972
2112
|
|
|
1973
|
-
|
|
1974
|
-
[MCP-I]
|
|
1975
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
|
|
1976
|
-
[MCP-I] Checking tool protection: {
|
|
1977
|
-
tool: 'protectedTool',
|
|
1978
|
-
agentDid: 'did:key:zmock123...',
|
|
2113
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and delegation provided
|
|
2114
|
+
[MCP-I] ✅ Delegation verification SUCCEEDED {
|
|
1979
2115
|
tool: 'protectedTool',
|
|
1980
|
-
hasDelegation: false
|
|
1981
|
-
requiredScopes: [ 'files:write' ],
|
|
1982
|
-
agentDid: 'did:key:zmock123...',
|
|
1983
|
-
resumeToken: 'resume_mg0_mie32tg5',
|
|
1984
|
-
}
|
|
1985
|
-
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_mg0_mie32tg5'
|
|
1986
|
-
}
|
|
1987
|
-
|
|
1988
|
-
|
|
1989
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
|
|
1990
|
-
[MCP-I] Checking tool protection: {
|
|
1991
|
-
tool: 'testTool',
|
|
1992
|
-
agentDid: 'did:key:zmock123...',
|
|
1993
|
-
hasDelegation: false
|
|
1994
|
-
}
|
|
1995
|
-
|
|
1996
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
|
|
1997
|
-
[MCP-I] Tool protection check passed (no delegation required) {
|
|
1998
|
-
tool: 'testTool',
|
|
1999
2116
|
agentDid: 'did:key:zmock123...',
|
|
2000
|
-
|
|
2117
|
+
delegationId: 'test-delegation-id',
|
|
2118
|
+
credentialScopes: [ 'files:write' ],
|
|
2119
|
+
requiredScopes: [ 'files:write' ]
|
|
2001
2120
|
}
|
|
2002
2121
|
|
|
2003
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement >
|
|
2122
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
|
|
2004
2123
|
[MCP-I] Checking tool protection: {
|
|
2005
2124
|
tool: 'protectedTool',
|
|
2006
2125
|
agentDid: 'did:key:zmock123...',
|
|
2007
|
-
hasDelegation:
|
|
2008
|
-
}
|
|
2009
|
-
|
|
2010
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
|
|
2011
|
-
[MCP-I] Checking tool protection: {
|
|
2012
|
-
tool: 'testTool',
|
|
2013
|
-
agentDid: 'did:key:zmock123...',
|
|
2014
|
-
hasDelegation: false
|
|
2015
|
-
}
|
|
2016
|
-
|
|
2017
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
|
|
2018
|
-
[MCP-I] Tool protection check passed (no delegation required) {
|
|
2019
|
-
tool: 'testTool',
|
|
2020
|
-
agentDid: 'did:key:zmock123...',
|
|
2021
|
-
reason: 'Tool not configured to require delegation'
|
|
2022
|
-
}
|
|
2023
|
-
|
|
2024
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should handle tool protection service errors gracefully
|
|
2025
|
-
[MCP-I] Checking tool protection: {
|
|
2026
|
-
tool: 'testTool',
|
|
2027
|
-
agentDid: 'did:key:zmock123...',
|
|
2028
|
-
hasDelegation: false
|
|
2126
|
+
hasDelegation: true
|
|
2029
2127
|
}
|
|
2030
2128
|
|
|
2031
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement >
|
|
2032
|
-
[MCP-I]
|
|
2129
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
|
|
2130
|
+
[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
|
|
2033
2131
|
tool: 'protectedTool',
|
|
2034
2132
|
agentDid: 'did:key:zmock123...',
|
|
2035
|
-
|
|
2133
|
+
hasDelegationToken: false,
|
|
2134
|
+
hasConsentProof: true,
|
|
2135
|
+
requiredScopes: [ 'files:write' ]
|
|
2036
2136
|
}
|
|
2037
2137
|
|
|
2038
|
-
|
|
2039
|
-
|
|
2138
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when protection required and consentProof provided
|
|
2139
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
|
|
2140
|
+
[MCP-I] ❌ Delegation verification FAILED {
|
|
2141
|
+
[MCP-I] ✅ Delegation verification SUCCEEDED {
|
|
2142
|
+
tool: 'protectedTool',
|
|
2143
|
+
agentDid: 'did:key:zmock123...',
|
|
2144
|
+
reason: 'Delegation token expired',
|
|
2040
2145
|
tool: 'protectedTool',
|
|
2041
|
-
requiredScopes: [],
|
|
2042
2146
|
agentDid: 'did:key:zmock123...',
|
|
2043
|
-
|
|
2044
|
-
|
|
2147
|
+
delegationId: 'test-delegation-id',
|
|
2148
|
+
credentialScopes: [ 'files:write' ],
|
|
2149
|
+
requiredScopes: [ 'files:write' ]
|
|
2045
2150
|
}
|
|
2046
2151
|
|
|
2047
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement >
|
|
2152
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
|
|
2153
|
+
errorCode: undefined,
|
|
2048
2154
|
[MCP-I] Checking tool protection: {
|
|
2049
2155
|
tool: 'protectedTool',
|
|
2156
|
+
errorMessage: undefined,
|
|
2050
2157
|
agentDid: 'did:key:zmock123...',
|
|
2051
|
-
hasDelegation:
|
|
2158
|
+
hasDelegation: true
|
|
2052
2159
|
}
|
|
2053
2160
|
|
|
2054
|
-
|
|
2055
|
-
|
|
2161
|
+
requiredScopes: [ 'files:write' ]
|
|
2162
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation verification fails
|
|
2163
|
+
}
|
|
2164
|
+
[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
|
|
2056
2165
|
tool: 'protectedTool',
|
|
2057
|
-
requiredScopes: [ 'scope1', 'scope2', 'scope3' ],
|
|
2058
2166
|
agentDid: 'did:key:zmock123...',
|
|
2059
|
-
|
|
2060
|
-
|
|
2167
|
+
hasDelegationToken: true,
|
|
2168
|
+
hasConsentProof: false,
|
|
2169
|
+
|
|
2170
|
+
requiredScopes: [ 'files:write' ]
|
|
2171
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
|
|
2172
|
+
[MCP-I] ❌ Delegation verification FAILED {
|
|
2173
|
+
tool: 'protectedTool',
|
|
2061
2174
|
}
|
|
2175
|
+
agentDid: 'did:key:zmock123...',
|
|
2062
2176
|
|
|
2063
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement >
|
|
2177
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
|
|
2178
|
+
reason: 'Insufficient scopes',
|
|
2064
2179
|
[MCP-I] Checking tool protection: {
|
|
2065
2180
|
tool: 'protectedTool',
|
|
2066
2181
|
agentDid: 'did:key:zmock123...',
|
|
2067
|
-
hasDelegation:
|
|
2182
|
+
hasDelegation: true
|
|
2068
2183
|
}
|
|
2184
|
+
errorCode: undefined,
|
|
2069
2185
|
|
|
2070
|
-
|
|
2071
|
-
|
|
2186
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should block tool execution when delegation has wrong scopes
|
|
2187
|
+
errorMessage: undefined,
|
|
2188
|
+
[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
|
|
2072
2189
|
tool: 'protectedTool',
|
|
2073
|
-
requiredScopes: [ 'files:write' ],
|
|
2074
2190
|
agentDid: 'did:key:zmock123...',
|
|
2075
|
-
|
|
2076
|
-
|
|
2191
|
+
hasDelegationToken: true,
|
|
2192
|
+
requiredScopes: [ 'files:write' ]
|
|
2193
|
+
hasConsentProof: false,
|
|
2194
|
+
requiredScopes: [ 'files:write' ]
|
|
2195
|
+
}
|
|
2077
2196
|
}
|
|
2078
2197
|
|
|
2079
|
-
|
|
2198
|
+
|
|
2199
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
|
|
2200
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
|
|
2080
2201
|
[MCP-I] Checking tool protection: {
|
|
2081
|
-
tool: '
|
|
2202
|
+
tool: 'protectedTool',
|
|
2082
2203
|
agentDid: 'did:key:zmock123...',
|
|
2083
|
-
|
|
2084
|
-
|
|
2085
|
-
|
|
2086
|
-
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle handler errors independently of protection
|
|
2087
|
-
[MCP-I] Tool protection check passed (no delegation required) {
|
|
2088
|
-
tool: 'errorTool',
|
|
2204
|
+
[MCP-I] ❌ Delegation verification error (API failure) {
|
|
2205
|
+
tool: 'protectedTool',
|
|
2206
|
+
hasDelegation: true
|
|
2089
2207
|
agentDid: 'did:key:zmock123...',
|
|
2090
|
-
|
|
2091
|
-
}
|
|
2092
|
-
|
|
2093
|
-
stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should submit proof end-to-end
|
|
2094
|
-
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
2095
|
-
correlationId: '21f5c657-4a2d-4c29-a993-83645b4c4aa8',
|
|
2096
|
-
status: 200,
|
|
2097
|
-
statusText: '',
|
|
2098
|
-
headers: { 'content-type': 'application/json' },
|
|
2099
|
-
responseTextLength: 100,
|
|
2100
|
-
responseTextPreview: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}',
|
|
2101
|
-
fullResponseText: '{"success":true,"accepted":1,"rejected":0,"outcomes":{"success":1,"failed":0,"blocked":0,"error":0}}'
|
|
2102
|
-
}
|
|
2103
|
-
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
2104
|
-
correlationId: '21f5c657-4a2d-4c29-a993-83645b4c4aa8',
|
|
2105
|
-
status: 200,
|
|
2106
|
-
responseDataType: 'object',
|
|
2107
|
-
responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes' ],
|
|
2108
|
-
responseData: '{\n' +
|
|
2109
|
-
' "success": true,\n' +
|
|
2110
|
-
' "accepted": 1,\n' +
|
|
2111
|
-
' "rejected": 0,\n' +
|
|
2112
|
-
' "outcomes": {\n' +
|
|
2113
|
-
' "success": 1,\n' +
|
|
2114
|
-
' "failed": 0,\n' +
|
|
2115
|
-
' "blocked": 0,\n' +
|
|
2116
|
-
' "error": 0\n' +
|
|
2117
|
-
' }\n' +
|
|
2118
|
-
'}'
|
|
2119
|
-
}
|
|
2120
|
-
[AccessControl] Raw response received: {
|
|
2121
|
-
"success": true,
|
|
2122
|
-
"accepted": 1,
|
|
2123
|
-
"rejected": 0,
|
|
2124
|
-
"outcomes": {
|
|
2125
|
-
"success": 1,
|
|
2126
|
-
"failed": 0,
|
|
2127
|
-
"blocked": 0,
|
|
2128
|
-
"error": 0
|
|
2129
|
-
}
|
|
2130
|
-
}
|
|
2131
|
-
|
|
2132
|
-
stderr | src/services/__tests__/access-control.integration.test.ts > AccessControlApiService Integration > Proof Submission Flow > should handle proof submission with errors
|
|
2133
|
-
[AccessControl] 🔍 RAW API RESPONSE (before parsing): {
|
|
2134
|
-
correlationId: 'b485e7b1-a702-490a-9211-113cd960c835',
|
|
2135
|
-
status: 200,
|
|
2136
|
-
statusText: '',
|
|
2137
|
-
headers: { 'content-type': 'application/json' },
|
|
2138
|
-
responseTextLength: 200,
|
|
2139
|
-
responseTextPreview: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}',
|
|
2140
|
-
fullResponseText: '{"success":true,"accepted":0,"rejected":1,"outcomes":{"success":0,"failed":1,"blocked":0,"error":0},"errors":[{"proof_index":0,"error":{"code":"invalid_signature","message":"Invalid JWS signature"}}]}'
|
|
2141
|
-
}
|
|
2142
|
-
[AccessControl] 🔍 PARSED RESPONSE DATA: {
|
|
2143
|
-
correlationId: 'b485e7b1-a702-490a-9211-113cd960c835',
|
|
2144
|
-
status: 200,
|
|
2145
|
-
responseDataType: 'object',
|
|
2146
|
-
responseDataKeys: [ 'success', 'accepted', 'rejected', 'outcomes', 'errors' ],
|
|
2147
|
-
responseData: '{\n' +
|
|
2148
|
-
' "success": true,\n' +
|
|
2149
|
-
' "accepted": 0,\n' +
|
|
2150
|
-
' "rejected": 1,\n' +
|
|
2151
|
-
' "outcomes": {\n' +
|
|
2152
|
-
' "success": 0,\n' +
|
|
2153
|
-
' "failed": 1,\n' +
|
|
2154
|
-
' "blocked": 0,\n' +
|
|
2155
|
-
' "error": 0\n' +
|
|
2156
|
-
' },\n' +
|
|
2157
|
-
' "errors": [\n' +
|
|
2158
|
-
' {\n' +
|
|
2159
|
-
' "proof_index": 0,\n' +
|
|
2160
|
-
' "error": {\n' +
|
|
2161
|
-
' "code": "invalid_signature",\n' +
|
|
2162
|
-
' "message": "Invalid JWS signature"\n' +
|
|
2163
|
-
' }\n' +
|
|
2164
|
-
' }\n' +
|
|
2165
|
-
' ]\n' +
|
|
2166
|
-
'}'
|
|
2167
|
-
}
|
|
2168
|
-
[AccessControl] Raw response received: {
|
|
2169
|
-
"success": true,
|
|
2170
|
-
"accepted": 0,
|
|
2171
|
-
"rejected": 1,
|
|
2172
|
-
"outcomes": {
|
|
2173
|
-
"success": 0,
|
|
2174
|
-
"failed": 1,
|
|
2175
|
-
"blocked": 0,
|
|
2176
|
-
"error": 0
|
|
2177
|
-
},
|
|
2178
|
-
"errors": [
|
|
2179
|
-
{
|
|
2180
|
-
"proof_index": 0,
|
|
2181
|
-
"error": {
|
|
2182
|
-
"code": "invalid_signature",
|
|
2183
|
-
"message": "Invalid JWS signature"
|
|
2184
|
-
}
|
|
2185
|
-
}
|
|
2186
|
-
]
|
|
2208
|
+
errorCode: 'network_error',
|
|
2187
2209
|
}
|
|
2188
2210
|
|
|
2189
|
-
|
|
2190
|
-
[
|
|
2191
|
-
|
|
2192
|
-
|
|
2193
|
-
|
|
2194
|
-
|
|
2195
|
-
|
|
2196
|
-
|
|
2197
|
-
|
|
2198
|
-
|
|
2199
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:252:7
|
|
2200
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
|
|
2201
|
-
|
|
2202
|
-
✓ src/__tests__/runtime/route-interception.test.ts (21 tests) 37ms
|
|
2203
|
-
stderr | src/services/__tests__/proof-verifier.integration.test.ts > ProofVerifier Integration - Real DID Resolution > did:web Resolution (HTTP) > should handle HTTP errors gracefully
|
|
2204
|
-
[ProofVerifier] Failed to fetch public key from DID: Error: Failed to resolve did:web:nonexistent-domain-that-does-not-exist-12345.com: fetch failed
|
|
2205
|
-
at Object.resolveDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:143:19)
|
|
2206
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2207
|
-
at ProofVerifier.fetchPublicKeyFromDID (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/proof-verifier.ts:348:22)
|
|
2208
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.integration.test.ts:257:9
|
|
2209
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
|
|
2210
|
-
|
|
2211
|
-
✓ src/services/__tests__/proof-verifier.integration.test.ts (13 tests | 1 skipped) 51ms
|
|
2212
|
-
✓ src/delegation/__tests__/vc-issuer.test.ts (21 tests) 73ms
|
|
2213
|
-
✓ src/__tests__/cache/tool-protection-cache.test.ts (49 tests) 161ms
|
|
2214
|
-
stderr | src/services/__tests__/proof-verifier.test.ts > ProofVerifier Security > Signature Verification > should handle signature verification errors gracefully
|
|
2215
|
-
[CryptoService] Ed25519 verification error: Error: Crypto error
|
|
2216
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/proof-verifier.test.ts:328:9
|
|
2217
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2218
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2219
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2220
|
-
at new Promise (<anonymous>)
|
|
2221
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2222
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2223
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2224
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2225
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2226
|
-
|
|
2227
|
-
✓ src/services/__tests__/access-control.integration.test.ts (9 tests) 127ms
|
|
2228
|
-
✓ src/services/__tests__/proof-verifier.test.ts (21 tests) 10ms
|
|
2229
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyEd25519 > should return false on verification error
|
|
2230
|
-
[CryptoService] Ed25519 verification error: Error: Verification failed
|
|
2231
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:62:9
|
|
2232
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2233
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2234
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2235
|
-
at new Promise (<anonymous>)
|
|
2236
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2237
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2238
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2239
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2240
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2241
|
-
|
|
2242
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject invalid JWK format
|
|
2243
|
-
[CryptoService] Invalid Ed25519 JWK format
|
|
2244
|
-
|
|
2245
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong kty
|
|
2246
|
-
[CryptoService] Invalid Ed25519 JWK format
|
|
2247
|
-
|
|
2248
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with wrong crv
|
|
2249
|
-
[CryptoService] Invalid Ed25519 JWK format
|
|
2250
|
-
|
|
2251
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with missing x field
|
|
2252
|
-
[CryptoService] Invalid Ed25519 JWK format
|
|
2253
|
-
|
|
2254
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject JWK with empty x field
|
|
2255
|
-
[CryptoService] Invalid Ed25519 JWK format
|
|
2256
|
-
|
|
2257
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject malformed JWS
|
|
2258
|
-
[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected token '', "" is not valid JSON
|
|
2259
|
-
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
|
|
2260
|
-
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
2261
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:230:42
|
|
2262
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2263
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2264
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2265
|
-
at new Promise (<anonymous>)
|
|
2266
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2267
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2268
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2269
|
-
|
|
2270
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject non-EdDSA algorithms
|
|
2271
|
-
[CryptoService] Unsupported algorithm: RS256, expected EdDSA
|
|
2272
|
-
|
|
2273
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should reject HS256 algorithm
|
|
2274
|
-
[CryptoService] Unsupported algorithm: HS256, expected EdDSA
|
|
2275
|
-
|
|
2276
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle empty JWS components
|
|
2277
|
-
[CryptoService] Invalid JWS format: Error: Invalid header base64: Unexpected end of JSON input
|
|
2278
|
-
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:91:13)
|
|
2279
|
-
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
2280
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:271:42
|
|
2281
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2282
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2283
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2284
|
-
at new Promise (<anonymous>)
|
|
2285
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2286
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2287
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2211
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should handle API errors during verification gracefully
|
|
2212
|
+
[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
|
|
2213
|
+
errorMessage: 'API unavailable',
|
|
2214
|
+
tool: 'protectedTool',
|
|
2215
|
+
agentDid: 'did:key:zmock123...',
|
|
2216
|
+
hasDelegationToken: true,
|
|
2217
|
+
errorDetails: {}
|
|
2218
|
+
hasConsentProof: false,
|
|
2219
|
+
requiredScopes: [ 'files:write' ]
|
|
2220
|
+
}
|
|
2288
2221
|
|
|
2289
|
-
|
|
2290
|
-
[CryptoService] Invalid JWS format: Error: Invalid JWS format: expected header.payload.signature
|
|
2291
|
-
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:78:13)
|
|
2292
|
-
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
2293
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:279:42
|
|
2294
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2295
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2296
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2297
|
-
at new Promise (<anonymous>)
|
|
2298
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2299
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2300
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2222
|
+
}
|
|
2301
2223
|
|
|
2302
|
-
|
|
2303
|
-
|
|
2304
|
-
|
|
2305
|
-
|
|
2306
|
-
|
|
2307
|
-
|
|
2308
|
-
|
|
2309
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2310
|
-
at new Promise (<anonymous>)
|
|
2311
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2312
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2313
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2224
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when access control service not configured (graceful degradation)
|
|
2225
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should allow tool execution when access control service not configured (graceful degradation)
|
|
2226
|
+
[MCP-I] Checking tool protection: {
|
|
2227
|
+
tool: 'protectedTool',
|
|
2228
|
+
agentDid: 'did:key:zmock123...',
|
|
2229
|
+
hasDelegation: true
|
|
2230
|
+
}
|
|
2314
2231
|
|
|
2315
|
-
|
|
2316
|
-
[
|
|
2317
|
-
|
|
2318
|
-
|
|
2319
|
-
|
|
2320
|
-
|
|
2321
|
-
|
|
2322
|
-
|
|
2323
|
-
|
|
2324
|
-
|
|
2325
|
-
|
|
2326
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2232
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
|
|
2233
|
+
[MCP-I] Checking tool protection: {
|
|
2234
|
+
[MCP-I] ⚠️ Delegation token provided but AccessControlApiService not configured - skipping verification {
|
|
2235
|
+
tool: 'protectedTool',
|
|
2236
|
+
tool: 'protectedTool',
|
|
2237
|
+
agentDid: 'did:key:zmock123...',
|
|
2238
|
+
agentDid: 'did:key:zmock123...',
|
|
2239
|
+
hasDelegationToken: true,
|
|
2240
|
+
hasDelegation: true
|
|
2241
|
+
}
|
|
2242
|
+
hasConsentProof: false
|
|
2327
2243
|
|
|
2328
|
-
|
|
2329
|
-
[
|
|
2330
|
-
|
|
2331
|
-
|
|
2332
|
-
|
|
2333
|
-
|
|
2334
|
-
|
|
2335
|
-
|
|
2336
|
-
|
|
2337
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2338
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2339
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2244
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
|
|
2245
|
+
[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
|
|
2246
|
+
tool: 'protectedTool',
|
|
2247
|
+
agentDid: 'did:key:zmock123...',
|
|
2248
|
+
hasDelegationToken: true,
|
|
2249
|
+
hasConsentProof: false,
|
|
2250
|
+
requiredScopes: [ 'files:write' ]
|
|
2251
|
+
}
|
|
2252
|
+
}
|
|
2340
2253
|
|
|
2341
|
-
stderr | src/services/__tests__/crypto.service.test.ts > CryptoService > verifyJWS > should handle malformed JWS - invalid base64
|
|
2342
|
-
[CryptoService] Invalid JWS format: Error: Invalid payload base64: Invalid base64url string: Invalid character
|
|
2343
|
-
at CryptoService.parseJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:107:15)
|
|
2344
|
-
at CryptoService.verifyJWS (/Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/crypto.service.ts:169:23)
|
|
2345
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/services/__tests__/crypto.service.test.ts:334:42
|
|
2346
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2347
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2348
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2349
|
-
at new Promise (<anonymous>)
|
|
2350
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2351
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2352
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2353
2254
|
|
|
2354
|
-
stderr | src/
|
|
2355
|
-
|
|
2255
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should reject delegation when user_identifier does not match session userDid
|
|
2256
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
|
|
2257
|
+
[MCP-I] Checking tool protection: {
|
|
2258
|
+
[MCP-I] 🔒 SECURITY: User identifier validation FAILED {
|
|
2259
|
+
tool: 'protectedTool',
|
|
2260
|
+
agentDid: 'did:key:zmock123...',
|
|
2261
|
+
tool: 'protectedTool',
|
|
2262
|
+
agentDid: 'did:key:zmock123...',
|
|
2263
|
+
delegationUserIdentifier: 'did:key:zUserB987654...',
|
|
2264
|
+
hasDelegation: true
|
|
2265
|
+
}
|
|
2356
2266
|
|
|
2357
|
-
|
|
2358
|
-
|
|
2267
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
|
|
2268
|
+
sessionUserDid: 'did:key:zUserA123456...',
|
|
2269
|
+
sessionId: 'session123...',
|
|
2270
|
+
[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
|
|
2271
|
+
tool: 'protectedTool',
|
|
2272
|
+
reason: 'user_identifier_mismatch',
|
|
2273
|
+
severity: 'high'
|
|
2274
|
+
}
|
|
2359
2275
|
|
|
2360
|
-
|
|
2361
|
-
|
|
2362
|
-
|
|
2363
|
-
|
|
2364
|
-
|
|
2365
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2366
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2367
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2368
|
-
at new Promise (<anonymous>)
|
|
2369
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2370
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2371
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2276
|
+
agentDid: 'did:key:zmock123...',
|
|
2277
|
+
hasDelegationToken: true,
|
|
2278
|
+
hasConsentProof: false,
|
|
2279
|
+
requiredScopes: [ 'files:write' ]
|
|
2280
|
+
}
|
|
2372
2281
|
|
|
2373
|
-
|
|
2374
|
-
[
|
|
2375
|
-
|
|
2376
|
-
|
|
2377
|
-
|
|
2378
|
-
|
|
2379
|
-
|
|
2380
|
-
|
|
2381
|
-
|
|
2382
|
-
|
|
2383
|
-
|
|
2384
|
-
|
|
2282
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should accept delegation when user_identifier matches session userDid
|
|
2283
|
+
[MCP-I] ✅ User identifier validation PASSED {
|
|
2284
|
+
tool: 'protectedTool',
|
|
2285
|
+
agentDid: 'did:key:zmock123...',
|
|
2286
|
+
userDid: 'did:key:zUserA123456...',
|
|
2287
|
+
sessionId: 'session123...'
|
|
2288
|
+
}
|
|
2289
|
+
[MCP-I] ✅ Delegation verification SUCCEEDED {
|
|
2290
|
+
tool: 'protectedTool',
|
|
2291
|
+
agentDid: 'did:key:zmock123...',
|
|
2292
|
+
delegationId: 'test-delegation-id',
|
|
2293
|
+
credentialScopes: [ 'files:write' ],
|
|
2294
|
+
requiredScopes: [ 'files:write' ]
|
|
2295
|
+
}
|
|
2385
2296
|
|
|
2386
|
-
|
|
2387
|
-
|
|
2388
|
-
|
|
2297
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
|
|
2298
|
+
[MCP-I] Checking tool protection: {
|
|
2299
|
+
tool: 'protectedTool',
|
|
2300
|
+
agentDid: 'did:key:zmock123...',
|
|
2301
|
+
hasDelegation: true
|
|
2302
|
+
}
|
|
2389
2303
|
|
|
2390
|
-
stdout | src/__tests__/
|
|
2391
|
-
[
|
|
2304
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
|
|
2305
|
+
[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
|
|
2306
|
+
tool: 'protectedTool',
|
|
2307
|
+
agentDid: 'did:key:zmock123...',
|
|
2308
|
+
hasDelegationToken: true,
|
|
2309
|
+
hasConsentProof: false,
|
|
2310
|
+
requiredScopes: [ 'files:write' ]
|
|
2311
|
+
}
|
|
2392
2312
|
|
|
2393
|
-
stdout | src/__tests__/
|
|
2394
|
-
[
|
|
2313
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing user_identifier gracefully (backward compatibility)
|
|
2314
|
+
[MCP-I] ✅ Delegation verification SUCCEEDED {
|
|
2315
|
+
tool: 'protectedTool',
|
|
2316
|
+
agentDid: 'did:key:zmock123...',
|
|
2317
|
+
delegationId: 'test-delegation-id',
|
|
2318
|
+
credentialScopes: [ 'files:write' ],
|
|
2319
|
+
requiredScopes: [ 'files:write' ]
|
|
2320
|
+
}
|
|
2395
2321
|
|
|
2396
|
-
stdout | src/__tests__/
|
|
2397
|
-
[
|
|
2322
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
|
|
2323
|
+
[MCP-I] Checking tool protection: {
|
|
2324
|
+
tool: 'protectedTool',
|
|
2325
|
+
agentDid: 'did:key:zmock123...',
|
|
2326
|
+
hasDelegation: true
|
|
2327
|
+
}
|
|
2398
2328
|
|
|
2399
|
-
stdout | src/__tests__/
|
|
2400
|
-
[
|
|
2329
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
|
|
2330
|
+
[MCP-I] 🔐 Verifying delegation token with AccessControlApiService {
|
|
2331
|
+
tool: 'protectedTool',
|
|
2332
|
+
agentDid: 'did:key:zmock123...',
|
|
2333
|
+
hasDelegationToken: true,
|
|
2334
|
+
hasConsentProof: false,
|
|
2335
|
+
requiredScopes: [ 'files:write' ]
|
|
2336
|
+
}
|
|
2401
2337
|
|
|
2402
|
-
stdout | src/__tests__/
|
|
2403
|
-
[
|
|
2338
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
|
|
2339
|
+
[MCP-I] ✅ Delegation verification SUCCEEDED {
|
|
2340
|
+
tool: 'protectedTool',
|
|
2341
|
+
agentDid: 'did:key:zmock123...',
|
|
2342
|
+
delegationId: 'test-delegation-id',
|
|
2343
|
+
credentialScopes: [ 'files:write' ],
|
|
2344
|
+
requiredScopes: [ 'files:write' ]
|
|
2345
|
+
}
|
|
2404
2346
|
|
|
2405
|
-
|
|
2406
|
-
[
|
|
2347
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > user_identifier validation > should handle missing session userDid gracefully
|
|
2348
|
+
[MCP-I] ⚠️ Delegation has user_identifier but session missing userDid {
|
|
2349
|
+
tool: 'protectedTool',
|
|
2350
|
+
agentDid: 'did:key:zmock123...',
|
|
2351
|
+
delegationUserIdentifier: 'did:key:zUserA123456...',
|
|
2352
|
+
sessionId: 'session123...'
|
|
2353
|
+
}
|
|
2407
2354
|
|
|
2408
|
-
stdout | src/__tests__/
|
|
2409
|
-
[
|
|
2355
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should create proof after successful tool execution
|
|
2356
|
+
[MCP-I] Checking tool protection: {
|
|
2357
|
+
tool: 'unprotectedTool',
|
|
2358
|
+
agentDid: 'did:key:zmock123...',
|
|
2359
|
+
hasDelegation: false
|
|
2360
|
+
}
|
|
2410
2361
|
|
|
2411
|
-
stdout | src/__tests__/
|
|
2412
|
-
[
|
|
2362
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should create proof after successful tool execution
|
|
2363
|
+
[MCP-I] Tool protection check passed (no delegation required) {
|
|
2364
|
+
tool: 'unprotectedTool',
|
|
2365
|
+
agentDid: 'did:key:zmock123...',
|
|
2366
|
+
reason: 'Tool not configured to require delegation'
|
|
2367
|
+
}
|
|
2413
2368
|
|
|
2414
|
-
stdout | src/__tests__/
|
|
2415
|
-
[
|
|
2369
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should not create proof when tool execution is blocked
|
|
2370
|
+
[MCP-I] Checking tool protection: {
|
|
2371
|
+
tool: 'protectedTool',
|
|
2372
|
+
agentDid: 'did:key:zmock123...',
|
|
2373
|
+
hasDelegation: false
|
|
2374
|
+
}
|
|
2416
2375
|
|
|
2417
|
-
stdout | src/__tests__/
|
|
2418
|
-
[
|
|
2376
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include tool name in error
|
|
2377
|
+
[MCP-I] Checking tool protection: {
|
|
2378
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > processToolCall with tool protection > should not create proof when tool execution is blocked
|
|
2379
|
+
tool: 'protectedTool',
|
|
2380
|
+
agentDid: 'did:key:zmock123...',
|
|
2381
|
+
hasDelegation: false
|
|
2382
|
+
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
2383
|
+
tool: 'protectedTool',
|
|
2384
|
+
}
|
|
2419
2385
|
|
|
2420
|
-
|
|
2421
|
-
|
|
2422
|
-
|
|
2423
|
-
|
|
2424
|
-
source: 'api',
|
|
2425
|
-
toolCount: 1,
|
|
2426
|
-
protectedTools: [],
|
|
2427
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2428
|
-
projectId: 'test-project',
|
|
2429
|
-
cacheTtlMs: 300000,
|
|
2430
|
-
cacheExpiresAt: '2025-11-25T04:41:29.115Z'
|
|
2386
|
+
requiredScopes: [ 'files:write' ],
|
|
2387
|
+
agentDid: 'did:key:zmock123...',
|
|
2388
|
+
resumeToken: 'resume_ifp5ry_miebbtkt',
|
|
2389
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ifp5ry_miebbtkt'
|
|
2431
2390
|
}
|
|
2432
2391
|
|
|
2433
|
-
|
|
2434
|
-
[
|
|
2435
|
-
|
|
2436
|
-
|
|
2437
|
-
|
|
2438
|
-
|
|
2439
|
-
|
|
2440
|
-
cacheTtlMs: 300000,
|
|
2441
|
-
cacheExpiresAt: '2025-11-25T04:41:29.116Z'
|
|
2392
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include tool name in error
|
|
2393
|
+
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
2394
|
+
tool: 'protectedTool',
|
|
2395
|
+
requiredScopes: [ 'files:write' ],
|
|
2396
|
+
agentDid: 'did:key:zmock123...',
|
|
2397
|
+
resumeToken: 'resume_ifp5ry_miebbtkt',
|
|
2398
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ifp5ry_miebbtkt'
|
|
2442
2399
|
}
|
|
2443
2400
|
|
|
2444
|
-
stdout | src/__tests__/
|
|
2445
|
-
[
|
|
2446
|
-
tool: '
|
|
2447
|
-
agentDid: 'did:key:
|
|
2448
|
-
|
|
2449
|
-
isWildcard: false,
|
|
2450
|
-
requiresDelegation: true,
|
|
2451
|
-
availableTools: [ 'checkout' ]
|
|
2401
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include required scopes in error
|
|
2402
|
+
[MCP-I] Checking tool protection: {
|
|
2403
|
+
tool: 'protectedTool',
|
|
2404
|
+
agentDid: 'did:key:zmock123...',
|
|
2405
|
+
hasDelegation: false
|
|
2452
2406
|
}
|
|
2453
2407
|
|
|
2454
|
-
|
|
2455
|
-
[
|
|
2456
|
-
|
|
2457
|
-
|
|
2458
|
-
|
|
2459
|
-
|
|
2460
|
-
|
|
2461
|
-
cacheTtlMs: 300000,
|
|
2462
|
-
cacheExpiresAt: '2025-11-25T04:41:29.117Z'
|
|
2408
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include required scopes in error
|
|
2409
|
+
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
2410
|
+
tool: 'protectedTool',
|
|
2411
|
+
requiredScopes: [ 'files:write', 'files:read' ],
|
|
2412
|
+
agentDid: 'did:key:zmock123...',
|
|
2413
|
+
resumeToken: 'resume_ifp5ry_miebbtkt',
|
|
2414
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite%2Cfiles%3Aread&session_id=session123&agent_did=&resume_token=resume_ifp5ry_miebbtkt'
|
|
2463
2415
|
}
|
|
2464
2416
|
|
|
2465
|
-
stdout | src/__tests__/
|
|
2466
|
-
[
|
|
2467
|
-
|
|
2468
|
-
|
|
2469
|
-
|
|
2470
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2471
|
-
projectId: 'test-project',
|
|
2472
|
-
cacheTtlMs: 300000,
|
|
2473
|
-
cacheExpiresAt: '2025-11-25T04:41:29.118Z'
|
|
2417
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
|
|
2418
|
+
[MCP-I] Checking tool protection: {
|
|
2419
|
+
tool: 'protectedTool',
|
|
2420
|
+
agentDid: 'did:key:zmock123...',
|
|
2421
|
+
hasDelegation: false
|
|
2474
2422
|
}
|
|
2475
2423
|
|
|
2476
|
-
stderr | src/__tests__/
|
|
2477
|
-
[
|
|
2424
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include consent URL in error
|
|
2425
|
+
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
2426
|
+
tool: 'protectedTool',
|
|
2427
|
+
requiredScopes: [ 'files:write' ],
|
|
2428
|
+
agentDid: 'did:key:zmock123...',
|
|
2429
|
+
resumeToken: 'resume_ifp590_miebbtku',
|
|
2430
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ifp590_miebbtku'
|
|
2431
|
+
}
|
|
2478
2432
|
|
|
2479
|
-
|
|
2480
|
-
[
|
|
2481
|
-
|
|
2482
|
-
|
|
2483
|
-
|
|
2433
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include resume token in error
|
|
2434
|
+
[MCP-I] Checking tool protection: {
|
|
2435
|
+
tool: 'protectedTool',
|
|
2436
|
+
agentDid: 'did:key:zmock123...',
|
|
2437
|
+
hasDelegation: false
|
|
2484
2438
|
}
|
|
2485
2439
|
|
|
2486
|
-
stderr | src/__tests__/
|
|
2487
|
-
[
|
|
2440
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include resume token in error
|
|
2441
|
+
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
2442
|
+
tool: 'protectedTool',
|
|
2443
|
+
requiredScopes: [ 'files:write' ],
|
|
2444
|
+
agentDid: 'did:key:zmock123...',
|
|
2445
|
+
resumeToken: 'resume_ifp590_miebbtku',
|
|
2446
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_ifp590_miebbtku'
|
|
2447
|
+
}
|
|
2488
2448
|
|
|
2489
|
-
stdout | src/__tests__/
|
|
2490
|
-
[
|
|
2491
|
-
|
|
2492
|
-
|
|
2493
|
-
|
|
2494
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2495
|
-
projectId: 'test-project',
|
|
2496
|
-
cacheTtlMs: 300000,
|
|
2497
|
-
cacheExpiresAt: '2025-11-25T04:41:29.119Z'
|
|
2449
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
|
|
2450
|
+
[MCP-I] Checking tool protection: {
|
|
2451
|
+
tool: 'protectedTool',
|
|
2452
|
+
agentDid: 'did:key:zmock123...',
|
|
2453
|
+
hasDelegation: false
|
|
2498
2454
|
}
|
|
2499
2455
|
|
|
2500
|
-
|
|
2501
|
-
[
|
|
2502
|
-
|
|
2503
|
-
|
|
2504
|
-
|
|
2505
|
-
|
|
2506
|
-
|
|
2507
|
-
cacheTtlMs: 300000,
|
|
2508
|
-
cacheExpiresAt: '2025-11-25T04:41:29.119Z'
|
|
2456
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > DelegationRequiredError details > should include intercepted call context in error
|
|
2457
|
+
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
2458
|
+
tool: 'protectedTool',
|
|
2459
|
+
requiredScopes: [ 'files:write' ],
|
|
2460
|
+
agentDid: 'did:key:zmock123...',
|
|
2461
|
+
resumeToken: 'resume_28yy0p_miebbtku',
|
|
2462
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=session123&agent_did=&resume_token=resume_28yy0p_miebbtku'
|
|
2509
2463
|
}
|
|
2510
2464
|
|
|
2511
|
-
stdout | src/__tests__/
|
|
2512
|
-
[
|
|
2513
|
-
|
|
2514
|
-
|
|
2515
|
-
|
|
2516
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2517
|
-
projectId: 'test-project',
|
|
2518
|
-
cacheTtlMs: 300000,
|
|
2519
|
-
cacheExpiresAt: '2025-11-25T04:41:29.119Z'
|
|
2465
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
|
|
2466
|
+
[MCP-I] Checking tool protection: {
|
|
2467
|
+
tool: 'testTool',
|
|
2468
|
+
agentDid: 'did:key:zmock123...',
|
|
2469
|
+
hasDelegation: false
|
|
2520
2470
|
}
|
|
2521
2471
|
|
|
2522
|
-
stdout | src/__tests__/
|
|
2523
|
-
[
|
|
2524
|
-
|
|
2525
|
-
|
|
2526
|
-
|
|
2527
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2528
|
-
projectId: 'test-project',
|
|
2529
|
-
cacheTtlMs: 300000,
|
|
2530
|
-
cacheExpiresAt: '2025-11-25T04:41:29.120Z'
|
|
2472
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log tool protection check when audit enabled
|
|
2473
|
+
[MCP-I] Tool protection check passed (no delegation required) {
|
|
2474
|
+
tool: 'testTool',
|
|
2475
|
+
agentDid: 'did:key:zmock123...',
|
|
2476
|
+
reason: 'Tool not configured to require delegation'
|
|
2531
2477
|
}
|
|
2532
2478
|
|
|
2533
|
-
stdout | src/__tests__/
|
|
2534
|
-
[
|
|
2535
|
-
tool: '
|
|
2536
|
-
agentDid: 'did:key:
|
|
2537
|
-
|
|
2538
|
-
isWildcard: false,
|
|
2539
|
-
requiresDelegation: true,
|
|
2540
|
-
availableTools: [ 'search_products', 'add_to_cart', 'checkout' ]
|
|
2479
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > audit logging > should log blocked tool call when audit enabled
|
|
2480
|
+
[MCP-I] Checking tool protection: {
|
|
2481
|
+
tool: 'protectedTool',
|
|
2482
|
+
agentDid: 'did:key:zmock123...',
|
|
2483
|
+
hasDelegation: false
|
|
2541
2484
|
}
|
|
2542
2485
|
|
|
2543
|
-
stdout | src/__tests__/
|
|
2544
|
-
[
|
|
2545
|
-
|
|
2546
|
-
|
|
2547
|
-
|
|
2548
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2549
|
-
projectId: 'test-project',
|
|
2550
|
-
cacheTtlMs: 300000,
|
|
2551
|
-
cacheExpiresAt: '2025-11-25T04:41:29.120Z'
|
|
2486
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
|
|
2487
|
+
[MCP-I] Checking tool protection: {
|
|
2488
|
+
tool: 'testTool',
|
|
2489
|
+
agentDid: 'did:key:zmock123...',
|
|
2490
|
+
hasDelegation: false
|
|
2552
2491
|
}
|
|
2553
|
-
|
|
2554
|
-
|
|
2555
|
-
|
|
2556
|
-
|
|
2557
|
-
|
|
2558
|
-
|
|
2559
|
-
|
|
2560
|
-
|
|
2492
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle empty required scopes array
|
|
2493
|
+
|
|
2494
|
+
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
2495
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should use agent DID from identity for protection check
|
|
2496
|
+
[MCP-I] Tool protection check passed (no delegation required) {
|
|
2497
|
+
tool: 'testTool',
|
|
2498
|
+
tool: 'protectedTool',
|
|
2499
|
+
requiredScopes: [],
|
|
2500
|
+
agentDid: 'did:key:zmock123...',
|
|
2501
|
+
agentDid: 'did:key:zmock123...',
|
|
2502
|
+
reason: 'Tool not configured to require delegation'
|
|
2503
|
+
}
|
|
2504
|
+
|
|
2505
|
+
resumeToken: 'resume_ifp57a_miebbtkw',
|
|
2506
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > tool protection service integration > should handle tool protection service errors gracefully
|
|
2507
|
+
[MCP-I] Checking tool protection: {
|
|
2508
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=&session_id=session123&agent_did=&resume_token=resume_ifp57a_miebbtkw'
|
|
2509
|
+
tool: 'testTool',
|
|
2510
|
+
agentDid: 'did:key:zmock123...',
|
|
2511
|
+
hasDelegation: false
|
|
2561
2512
|
}
|
|
2562
|
-
[ToolProtectionService] Config loaded from API {
|
|
2563
|
-
source: 'api',
|
|
2564
|
-
toolCount: 1,
|
|
2565
|
-
protectedTools: [ 'tool1' ],
|
|
2566
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2567
|
-
projectId: 'test-project',
|
|
2568
|
-
cacheTtlMs: 300000,
|
|
2569
|
-
cacheExpiresAt: '2025-11-25T04:41:29.120Z'
|
|
2570
2513
|
}
|
|
2571
2514
|
|
|
2572
|
-
✓ src/__tests__/integration/full-flow.test.ts (21 tests) 11ms
|
|
2573
|
-
stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify gmail → google mapping works
|
|
2574
|
-
[ProviderResolver] Inferred provider "google" from scopes
|
|
2575
2515
|
|
|
2576
|
-
stdout | src/__tests__/
|
|
2577
|
-
[
|
|
2578
|
-
|
|
2579
|
-
|
|
2516
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle empty required scopes array
|
|
2517
|
+
[MCP-I] Checking tool protection: {
|
|
2518
|
+
tool: 'protectedTool',
|
|
2519
|
+
agentDid: 'did:key:zmock123...',
|
|
2520
|
+
hasDelegation: false
|
|
2521
|
+
}
|
|
2580
2522
|
|
|
2523
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle multiple required scopes
|
|
2524
|
+
[MCP-I] Checking tool protection: {
|
|
2525
|
+
tool: 'protectedTool',
|
|
2526
|
+
agentDid: 'did:key:zmock123...',
|
|
2527
|
+
hasDelegation: false
|
|
2528
|
+
}
|
|
2581
2529
|
|
|
2582
|
-
|
|
2583
|
-
[
|
|
2530
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle multiple required scopes
|
|
2531
|
+
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
2532
|
+
tool: 'protectedTool',
|
|
2533
|
+
requiredScopes: [ 'scope1', 'scope2', 'scope3' ],
|
|
2534
|
+
agentDid: 'did:key:zmock123...',
|
|
2535
|
+
resumeToken: 'resume_ifp57a_miebbtkw',
|
|
2536
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=scope1%2Cscope2%2Cscope3&session_id=session123&agent_did=&resume_token=resume_ifp57a_miebbtkw'
|
|
2537
|
+
}
|
|
2584
2538
|
|
|
2585
|
-
|
|
2586
|
-
[
|
|
2539
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle session without id
|
|
2540
|
+
[MCP-I] Checking tool protection: {
|
|
2541
|
+
tool: 'protectedTool',
|
|
2542
|
+
agentDid: 'did:key:zmock123...',
|
|
2543
|
+
hasDelegation: false
|
|
2544
|
+
}
|
|
2587
2545
|
|
|
2588
|
-
stderr | src/__tests__/
|
|
2589
|
-
[
|
|
2546
|
+
stderr | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle session without id
|
|
2547
|
+
[MCP-I] BLOCKED: Tool requires delegation but none provided {
|
|
2548
|
+
tool: 'protectedTool',
|
|
2549
|
+
requiredScopes: [ 'files:write' ],
|
|
2550
|
+
agentDid: 'did:key:zmock123...',
|
|
2551
|
+
resumeToken: 'resume_5dn4sk_miebbtkw',
|
|
2552
|
+
consentUrl: 'https://kya.vouched.id/bouncer/consent?tool=protectedTool&scopes=files%3Awrite&session_id=&agent_did=&resume_token=resume_5dn4sk_miebbtkw'
|
|
2553
|
+
}
|
|
2590
2554
|
|
|
2591
|
-
|
|
2592
|
-
[
|
|
2555
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle handler errors independently of protection
|
|
2556
|
+
[MCP-I] Checking tool protection: {
|
|
2557
|
+
tool: 'errorTool',
|
|
2558
|
+
agentDid: 'did:key:zmock123...',
|
|
2559
|
+
hasDelegation: false
|
|
2560
|
+
}
|
|
2593
2561
|
|
|
2594
|
-
|
|
2595
|
-
[
|
|
2562
|
+
stdout | src/__tests__/runtime/tool-protection-enforcement.test.ts > MCPIRuntimeBase - Tool Protection Enforcement > edge cases > should handle handler errors independently of protection
|
|
2563
|
+
[MCP-I] Tool protection check passed (no delegation required) {
|
|
2564
|
+
tool: 'errorTool',
|
|
2565
|
+
agentDid: 'did:key:zmock123...',
|
|
2566
|
+
reason: 'Tool not configured to require delegation'
|
|
2567
|
+
}
|
|
2596
2568
|
|
|
2597
|
-
|
|
2598
|
-
stdout | src/__tests__/
|
|
2599
|
-
[
|
|
2600
|
-
|
|
2569
|
+
✓ src/__tests__/runtime/tool-protection-enforcement.test.ts (29 tests) 13ms
|
|
2570
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Full handshake and tool execution flow > should complete full authentication and tool execution cycle
|
|
2571
|
+
[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zDEE6IXhMuINarLRZ3iWrLoFawYgseX8x","environment":"development","userDidGeneration":"disabled"},"timestamp":1764059245954,"timestampFormatted":"2025-11-25T08:27:25.954Z"}
|
|
2572
|
+
|
|
2573
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Full handshake and tool execution flow > should complete full authentication and tool execution cycle
|
|
2574
|
+
[AUDIT] {"event":"tool_executed","data":{"tool":"greetingTool","sessionId":"3511a148fea0301dc3375fdba8dc7f0b","timestamp":1764059245954},"timestamp":1764059245954,"timestampFormatted":"2025-11-25T08:27:25.954Z"}
|
|
2601
2575
|
|
|
2602
|
-
stdout | src/__tests__/
|
|
2603
|
-
[
|
|
2576
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Session expiry handling > should handle expired sessions correctly
|
|
2577
|
+
[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zL0iZDg1V2d0Pvw_fxfa4fgnkB4pGLmJk","environment":"development","userDidGeneration":"disabled"},"timestamp":1764059245957,"timestampFormatted":"2025-11-25T08:27:25.957Z"}
|
|
2604
2578
|
|
|
2579
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Key rotation flow > should handle key rotation and maintain functionality
|
|
2580
|
+
[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zUamSXX2NYY-a9zuz0f_z_N_aIzDXtHRk","environment":"development","userDidGeneration":"disabled"},"timestamp":1764059245958,"timestampFormatted":"2025-11-25T08:27:25.958Z"}
|
|
2605
2581
|
|
|
2606
|
-
|
|
2607
|
-
[
|
|
2582
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Key rotation flow > should handle key rotation and maintain functionality
|
|
2583
|
+
[AUDIT] {"event":"keys_rotated","data":{"oldDid":"did:key:zUamSXX2NYY-a9zuz0f_z_N_aIzDXtHRk","newDid":"did:key:zQFfKFilsrVf2t1HmzQ1mkw100kxC1IaK","timestamp":1764059245958},"timestamp":1764059245958,"timestampFormatted":"2025-11-25T08:27:25.958Z"}
|
|
2608
2584
|
|
|
2609
|
-
stdout | src/__tests__/
|
|
2610
|
-
[
|
|
2585
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Well-known endpoints > should provide identity discovery endpoints
|
|
2586
|
+
[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:z4dQcUS8PX6uQ6csYDjfNnw91Cz2EtqYy","environment":"development","userDidGeneration":"disabled"},"timestamp":1764059245958,"timestampFormatted":"2025-11-25T08:27:25.958Z"}
|
|
2611
2587
|
|
|
2612
|
-
|
|
2613
|
-
[
|
|
2588
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Nonce replay protection > should prevent nonce reuse
|
|
2589
|
+
[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zFZlTxeZ9RTD7NWhCuy_GXFcy0u-TLkVu","environment":"development","userDidGeneration":"disabled"},"timestamp":1764059245958,"timestampFormatted":"2025-11-25T08:27:25.958Z"}
|
|
2614
2590
|
|
|
2615
|
-
|
|
2616
|
-
[
|
|
2617
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:170:35
|
|
2618
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2619
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2620
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2621
|
-
at new Promise (<anonymous>)
|
|
2622
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2623
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2624
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2625
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2626
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2591
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Error handling > should handle network errors gracefully
|
|
2592
|
+
[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zrEU1KA5K0bplHBAKRogue28PJK4OlJcn","environment":"development","userDidGeneration":"disabled"},"timestamp":1764059245959,"timestampFormatted":"2025-11-25T08:27:25.959Z"}
|
|
2627
2593
|
|
|
2628
|
-
|
|
2629
|
-
[
|
|
2594
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Error handling > should handle malformed DID documents
|
|
2595
|
+
[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zbmI_xOGZKrgiRPg6-wmD7Y3yZ17h4Og5","environment":"development","userDidGeneration":"disabled"},"timestamp":1764059245959,"timestampFormatted":"2025-11-25T08:27:25.959Z"}
|
|
2630
2596
|
|
|
2631
|
-
|
|
2632
|
-
[
|
|
2633
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:198:50
|
|
2634
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2635
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2636
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2637
|
-
at new Promise (<anonymous>)
|
|
2638
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2639
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2640
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2641
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2642
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2597
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Debug endpoint > should provide debug information in development
|
|
2598
|
+
[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zR8woLxcIbRLfEid_acg-miIiZgLXmXft","environment":"development","userDidGeneration":"disabled"},"timestamp":1764059245959,"timestampFormatted":"2025-11-25T08:27:25.959Z"}
|
|
2643
2599
|
|
|
2644
|
-
|
|
2645
|
-
|
|
2646
|
-
|
|
2647
|
-
✓ src/__tests__/
|
|
2648
|
-
✓ src/__tests__/
|
|
2649
|
-
|
|
2600
|
+
stdout | src/__tests__/integration.test.ts > Integration Tests > Debug endpoint > should be disabled in production
|
|
2601
|
+
[AUDIT] {"event":"runtime_initialized","data":{"did":"did:key:zC67fRwtVhuDNzPEEzljW9tavbXXPG2EW","environment":"development","userDidGeneration":"disabled"},"timestamp":1764059245959,"timestampFormatted":"2025-11-25T08:27:25.959Z"}
|
|
2602
|
+
|
|
2603
|
+
✓ src/__tests__/integration.test.ts (9 tests) 6ms
|
|
2604
|
+
✓ src/services/__tests__/access-control.integration.test.ts (9 tests) 134ms
|
|
2605
|
+
✓ src/__tests__/runtime/base-extensions.test.ts (38 tests) 8ms
|
|
2606
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
|
|
2650
2607
|
[ToolProtectionService] Config loaded from API {
|
|
2651
2608
|
source: 'api',
|
|
2652
|
-
toolCount:
|
|
2653
|
-
protectedTools: [
|
|
2609
|
+
toolCount: 0,
|
|
2610
|
+
protectedTools: [],
|
|
2654
2611
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2655
|
-
projectId: '
|
|
2656
|
-
cacheTtlMs:
|
|
2657
|
-
cacheExpiresAt: '2025-11-
|
|
2612
|
+
projectId: 'test-project-123',
|
|
2613
|
+
cacheTtlMs: 1000,
|
|
2614
|
+
cacheExpiresAt: '2025-11-25T08:27:27.248Z'
|
|
2658
2615
|
}
|
|
2659
2616
|
|
|
2660
|
-
stdout | src/__tests__/
|
|
2617
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle typical e-commerce tool protection config
|
|
2661
2618
|
[ToolProtectionService] Config loaded from API {
|
|
2662
2619
|
source: 'api',
|
|
2663
|
-
toolCount:
|
|
2664
|
-
protectedTools: [ '
|
|
2620
|
+
toolCount: 4,
|
|
2621
|
+
protectedTools: [ 'add_to_cart', 'checkout' ],
|
|
2665
2622
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2666
|
-
projectId: '
|
|
2623
|
+
projectId: 'test-project-123',
|
|
2667
2624
|
cacheTtlMs: 300000,
|
|
2668
|
-
cacheExpiresAt: '2025-11-
|
|
2625
|
+
cacheExpiresAt: '2025-11-25T08:32:26.249Z'
|
|
2669
2626
|
}
|
|
2670
2627
|
|
|
2671
|
-
|
|
2628
|
+
stderr | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle API rate limiting gracefully
|
|
2629
|
+
[ToolProtectionService] API fetch failed, using fallback config {
|
|
2630
|
+
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2631
|
+
error: 'Failed to fetch bouncer config: 429 Too Many Requests - Rate limit exceeded'
|
|
2632
|
+
}
|
|
2633
|
+
|
|
2634
|
+
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle concurrent requests
|
|
2672
2635
|
[ToolProtectionService] Config loaded from API {
|
|
2673
2636
|
source: 'api',
|
|
2674
2637
|
toolCount: 1,
|
|
2675
|
-
protectedTools: [ '
|
|
2638
|
+
protectedTools: [ 'tool1' ],
|
|
2676
2639
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2677
|
-
projectId: '
|
|
2640
|
+
projectId: 'test-project-123',
|
|
2678
2641
|
cacheTtlMs: 300000,
|
|
2679
|
-
cacheExpiresAt: '2025-11-
|
|
2642
|
+
cacheExpiresAt: '2025-11-25T08:32:26.250Z'
|
|
2680
2643
|
}
|
|
2681
|
-
|
|
2682
|
-
stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > snake_case field names > should still support snake_case field names
|
|
2683
2644
|
[ToolProtectionService] Config loaded from API {
|
|
2684
2645
|
source: 'api',
|
|
2685
2646
|
toolCount: 1,
|
|
2686
|
-
protectedTools: [ '
|
|
2647
|
+
protectedTools: [ 'tool1' ],
|
|
2687
2648
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2688
2649
|
projectId: 'test-project-123',
|
|
2689
2650
|
cacheTtlMs: 300000,
|
|
2690
|
-
cacheExpiresAt: '2025-11-
|
|
2651
|
+
cacheExpiresAt: '2025-11-25T08:32:26.250Z'
|
|
2691
2652
|
}
|
|
2692
|
-
stderr | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > No Regressions > Phase 1 OAuth flow > should still work with Phase 1 OAuth flow (no oauthProvider)
|
|
2693
|
-
|
|
2694
|
-
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2695
|
-
stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Mixed Phase 1 and Phase 2 tools > should handle mix of Phase 1 and Phase 2 tools in same project
|
|
2696
|
-
|
|
2697
2653
|
[ToolProtectionService] Config loaded from API {
|
|
2698
2654
|
source: 'api',
|
|
2699
|
-
toolCount:
|
|
2700
|
-
protectedTools: [ '
|
|
2655
|
+
toolCount: 1,
|
|
2656
|
+
protectedTools: [ 'tool1' ],
|
|
2701
2657
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2702
2658
|
projectId: 'test-project-123',
|
|
2703
2659
|
cacheTtlMs: 300000,
|
|
2704
|
-
cacheExpiresAt: '2025-11-
|
|
2660
|
+
cacheExpiresAt: '2025-11-25T08:32:26.250Z'
|
|
2705
2661
|
}
|
|
2706
2662
|
|
|
2707
|
-
✓ src/__tests__/
|
|
2708
|
-
|
|
2709
|
-
|
|
2710
|
-
|
|
2711
|
-
|
|
2712
|
-
|
|
2713
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2714
|
-
at new Promise (<anonymous>)
|
|
2715
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2716
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2717
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2718
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2719
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2663
|
+
✓ src/__tests__/services/agentshield-integration.test.ts (30 tests) 1119ms
|
|
2664
|
+
✓ should respect cache TTL 1102ms
|
|
2665
|
+
✓ src/services/__tests__/batch-delegation.service.test.ts (11 tests) 3ms
|
|
2666
|
+
✓ src/__tests__/runtime/delegation-flow.test.ts (4 tests) 3ms
|
|
2667
|
+
stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from github scope prefix
|
|
2668
|
+
[ProviderResolver] Inferred provider "github" from scopes
|
|
2720
2669
|
|
|
2721
|
-
|
|
2722
|
-
[
|
|
2723
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:196:67
|
|
2724
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2725
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2726
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2727
|
-
at new Promise (<anonymous>)
|
|
2728
|
-
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2729
|
-
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2730
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2731
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2732
|
-
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2670
|
+
stdout | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should infer provider from gmail scope prefix (maps to google)
|
|
2671
|
+
[ProviderResolver] Inferred provider "google" from scopes
|
|
2733
2672
|
|
|
2734
|
-
stderr | src/__tests__/
|
|
2735
|
-
[
|
|
2736
|
-
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/__tests__/identity/user-did-manager.test.ts:206:70
|
|
2737
|
-
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2738
|
-
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:20
|
|
2673
|
+
stderr | src/services/__tests__/provider-resolver.test.ts > ProviderResolver > resolveProvider - Priority 2: Scope inference > should fall back to configuredProvider for ambiguous scopes
|
|
2674
|
+
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2739
2675
|
|
|
2676
|
+
✓ src/services/__tests__/provider-resolver.test.ts (8 tests) 4ms
|
|
2740
2677
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should parse oauthProvider from camelCase field
|
|
2741
2678
|
[ToolProtectionService] Config loaded from API {
|
|
2742
2679
|
source: 'api',
|
|
@@ -2745,7 +2682,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2745
2682
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2746
2683
|
projectId: 'test-project-123',
|
|
2747
2684
|
cacheTtlMs: 300000,
|
|
2748
|
-
cacheExpiresAt: '2025-11-
|
|
2685
|
+
cacheExpiresAt: '2025-11-25T08:32:27.353Z'
|
|
2749
2686
|
}
|
|
2750
2687
|
|
|
2751
2688
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should parse oauthProvider from snake_case field
|
|
@@ -2756,7 +2693,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2756
2693
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2757
2694
|
projectId: 'test-project-123',
|
|
2758
2695
|
cacheTtlMs: 300000,
|
|
2759
|
-
cacheExpiresAt: '2025-11-
|
|
2696
|
+
cacheExpiresAt: '2025-11-25T08:32:27.358Z'
|
|
2760
2697
|
}
|
|
2761
2698
|
|
|
2762
2699
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should prefer camelCase over snake_case when both present
|
|
@@ -2767,7 +2704,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2767
2704
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2768
2705
|
projectId: 'test-project-123',
|
|
2769
2706
|
cacheTtlMs: 300000,
|
|
2770
|
-
cacheExpiresAt: '2025-11-
|
|
2707
|
+
cacheExpiresAt: '2025-11-25T08:32:27.359Z'
|
|
2771
2708
|
}
|
|
2772
2709
|
|
|
2773
2710
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > New endpoint format (toolProtections object) > should handle missing oauthProvider field (backward compatible)
|
|
@@ -2778,7 +2715,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2778
2715
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2779
2716
|
projectId: 'test-project-123',
|
|
2780
2717
|
cacheTtlMs: 300000,
|
|
2781
|
-
cacheExpiresAt: '2025-11-
|
|
2718
|
+
cacheExpiresAt: '2025-11-25T08:32:27.359Z'
|
|
2782
2719
|
}
|
|
2783
2720
|
|
|
2784
2721
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should parse oauthProvider from array format with camelCase
|
|
@@ -2789,7 +2726,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2789
2726
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2790
2727
|
projectId: 'none',
|
|
2791
2728
|
cacheTtlMs: 300000,
|
|
2792
|
-
cacheExpiresAt: '2025-11-
|
|
2729
|
+
cacheExpiresAt: '2025-11-25T08:32:27.360Z'
|
|
2793
2730
|
}
|
|
2794
2731
|
|
|
2795
2732
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should parse oauthProvider from array format with snake_case
|
|
@@ -2800,7 +2737,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2800
2737
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2801
2738
|
projectId: 'none',
|
|
2802
2739
|
cacheTtlMs: 300000,
|
|
2803
|
-
cacheExpiresAt: '2025-11-
|
|
2740
|
+
cacheExpiresAt: '2025-11-25T08:32:27.360Z'
|
|
2804
2741
|
}
|
|
2805
2742
|
|
|
2806
2743
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools array) > should prefer camelCase over snake_case in array format
|
|
@@ -2811,7 +2748,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2811
2748
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2812
2749
|
projectId: 'none',
|
|
2813
2750
|
cacheTtlMs: 300000,
|
|
2814
|
-
cacheExpiresAt: '2025-11-
|
|
2751
|
+
cacheExpiresAt: '2025-11-25T08:32:27.360Z'
|
|
2815
2752
|
}
|
|
2816
2753
|
|
|
2817
2754
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should parse oauthProvider from object format with camelCase
|
|
@@ -2822,7 +2759,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2822
2759
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2823
2760
|
projectId: 'none',
|
|
2824
2761
|
cacheTtlMs: 300000,
|
|
2825
|
-
cacheExpiresAt: '2025-11-
|
|
2762
|
+
cacheExpiresAt: '2025-11-25T08:32:27.360Z'
|
|
2826
2763
|
}
|
|
2827
2764
|
|
|
2828
2765
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should parse oauthProvider from object format with snake_case
|
|
@@ -2833,7 +2770,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2833
2770
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2834
2771
|
projectId: 'none',
|
|
2835
2772
|
cacheTtlMs: 300000,
|
|
2836
|
-
cacheExpiresAt: '2025-11-
|
|
2773
|
+
cacheExpiresAt: '2025-11-25T08:32:27.360Z'
|
|
2837
2774
|
}
|
|
2838
2775
|
|
|
2839
2776
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Old endpoint format (tools object) > should prefer camelCase over snake_case in object format
|
|
@@ -2844,7 +2781,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2844
2781
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2845
2782
|
projectId: 'none',
|
|
2846
2783
|
cacheTtlMs: 300000,
|
|
2847
|
-
cacheExpiresAt: '2025-11-
|
|
2784
|
+
cacheExpiresAt: '2025-11-25T08:32:27.360Z'
|
|
2848
2785
|
}
|
|
2849
2786
|
|
|
2850
2787
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > Caching > should cache oauthProvider field correctly
|
|
@@ -2855,7 +2792,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2855
2792
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2856
2793
|
projectId: 'test-project-123',
|
|
2857
2794
|
cacheTtlMs: 300000,
|
|
2858
|
-
cacheExpiresAt: '2025-11-
|
|
2795
|
+
cacheExpiresAt: '2025-11-25T08:32:27.361Z'
|
|
2859
2796
|
}
|
|
2860
2797
|
|
|
2861
2798
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > oauthProvider field inclusion > should include oauthProvider in returned ToolProtection objects when present
|
|
@@ -2866,7 +2803,7 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2866
2803
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2867
2804
|
projectId: 'test-project-123',
|
|
2868
2805
|
cacheTtlMs: 300000,
|
|
2869
|
-
cacheExpiresAt: '2025-11-
|
|
2806
|
+
cacheExpiresAt: '2025-11-25T08:32:27.361Z'
|
|
2870
2807
|
}
|
|
2871
2808
|
|
|
2872
2809
|
stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolProtectionService - oauthProvider Parsing > oauthProvider field inclusion > should handle empty string oauthProvider gracefully
|
|
@@ -2877,103 +2814,166 @@ stdout | src/__tests__/services/tool-protection-oauth-provider.test.ts > ToolPro
|
|
|
2877
2814
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2878
2815
|
projectId: 'test-project-123',
|
|
2879
2816
|
cacheTtlMs: 300000,
|
|
2880
|
-
cacheExpiresAt: '2025-11-
|
|
2817
|
+
cacheExpiresAt: '2025-11-25T08:32:27.361Z'
|
|
2881
2818
|
}
|
|
2882
2819
|
|
|
2883
|
-
✓ src/__tests__/
|
|
2884
|
-
✓ src/__tests__/
|
|
2885
|
-
|
|
2886
|
-
|
|
2887
|
-
|
|
2820
|
+
✓ src/__tests__/services/tool-protection-oauth-provider.test.ts (14 tests) 9ms
|
|
2821
|
+
✓ src/__tests__/providers/base.test.ts (14 tests) 11ms
|
|
2822
|
+
✓ src/__tests__/runtime/audit-logger.test.ts (9 tests) 2ms
|
|
2823
|
+
✓ src/__tests__/providers/memory.test.ts (34 tests) 7ms
|
|
2824
|
+
✓ src/delegation/__tests__/bitstring.test.ts (30 tests) 5ms
|
|
2825
|
+
stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API request fails
|
|
2826
|
+
[RemoteConfig] API returned 404: Not Found
|
|
2827
|
+
|
|
2828
|
+
stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if API throws error
|
|
2829
|
+
[RemoteConfig] Failed to fetch config: Error: Network error
|
|
2830
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:170:35
|
|
2831
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2832
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2833
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2834
|
+
at new Promise (<anonymous>)
|
|
2835
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2836
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2837
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2838
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2839
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2840
|
+
|
|
2841
|
+
stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should return null if neither projectId nor agentDid provided
|
|
2842
|
+
[RemoteConfig] Neither projectId nor agentDid provided
|
|
2843
|
+
|
|
2844
|
+
✓ src/config/__tests__/remote-config.spec.ts (9 tests) 34ms
|
|
2845
|
+
stderr | src/config/__tests__/remote-config.spec.ts > fetchRemoteConfig > Error handling > should handle cache read errors gracefully
|
|
2846
|
+
[RemoteConfig] Cache read failed: Error: Cache error
|
|
2847
|
+
at /Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/mcp-i-core/src/config/__tests__/remote-config.spec.ts:198:50
|
|
2848
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:157:11
|
|
2849
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:753:26
|
|
2850
|
+
at file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1636:20
|
|
2851
|
+
at new Promise (<anonymous>)
|
|
2852
|
+
at runWithTimeout (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1602:10)
|
|
2853
|
+
at runTest (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1309:12)
|
|
2854
|
+
at processTicksAndRejections (node:internal/process/task_queues:103:5)
|
|
2855
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2856
|
+
at runSuite (file:///Users/dylanhobbs/Documents/@kya-os/xmcp-i/node_modules/.pnpm/@vitest+runner@4.0.5/node_modules/@vitest/runner/dist/index.js:1468:8)
|
|
2857
|
+
|
|
2858
|
+
✓ src/delegation/__tests__/delegation-graph.test.ts (28 tests) 6ms
|
|
2859
|
+
✓ src/compliance/__tests__/schema-verifier.test.ts (30 tests) 9ms
|
|
2860
|
+
stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle empty scopes array
|
|
2888
2861
|
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2889
2862
|
|
|
2863
|
+
stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle ambiguous scopes (multiple providers inferred)
|
|
2864
|
+
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2890
2865
|
|
|
2891
|
-
stdout | src/services/
|
|
2866
|
+
stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify gmail → google mapping works
|
|
2892
2867
|
[ProviderResolver] Inferred provider "google" from scopes
|
|
2868
|
+
stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle unknown scope prefixes
|
|
2893
2869
|
|
|
2894
|
-
|
|
2895
|
-
|
|
2896
|
-
|
|
2897
|
-
|
|
2898
|
-
|
|
2870
|
+
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2871
|
+
|
|
2872
|
+
stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify calendar → google mapping works
|
|
2873
|
+
[ProviderResolver] Inferred provider "google" from scopes
|
|
2874
|
+
stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle scopes without colons
|
|
2875
|
+
|
|
2876
|
+
stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should verify outlook → microsoft mapping works
|
|
2877
|
+
[ProviderResolver] Inferred provider "microsoft" from scopes
|
|
2878
|
+
|
|
2879
|
+
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2880
|
+
|
|
2881
|
+
stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Provider name case sensitivity > should handle provider names case-insensitively in inference
|
|
2882
|
+
stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Scope inference edge cases (Priority 2) > should handle inferred provider not in registry
|
|
2883
|
+
[ProviderResolver] Inferred provider "github" from scopes
|
|
2884
|
+
|
|
2885
|
+
stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Multiple scopes with same provider > should handle multiple scopes from same provider
|
|
2886
|
+
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "google" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2887
|
+
[ProviderResolver] Inferred provider "github" from scopes
|
|
2888
|
+
|
|
2889
|
+
stdout | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > configuredProvider behavior (Priority 3) > should prefer scope-inferred provider over configuredProvider
|
|
2890
|
+
|
|
2891
|
+
[ProviderResolver] Inferred provider "google" from scopes
|
|
2892
|
+
stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > Fallback behavior (Priority 3 - configuredProvider) > should use configuredProvider when oauthProvider not specified
|
|
2893
|
+
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "google" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2894
|
+
|
|
2895
|
+
|
|
2896
|
+
stderr | src/__tests__/services/provider-resolver-edge-cases.test.ts > ProviderResolver - Edge Cases > configuredProvider behavior (Priority 3) > should use configuredProvider when tool has no oauthProvider
|
|
2897
|
+
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2898
|
+
|
|
2899
|
+
✓ src/__tests__/services/provider-resolver-edge-cases.test.ts (25 tests | 1 skipped) 9ms
|
|
2899
2900
|
✓ src/delegation/storage/__tests__/memory-graph-storage.test.ts (27 tests) 4ms
|
|
2900
|
-
✓ src/__tests__/providers/base.test.ts (14 tests) 10ms
|
|
2901
2901
|
stderr | src/services/__tests__/provider-resolution.integration.test.ts > Provider Resolution Integration > Backward compatibility > should work with Phase 1 tools (no oauthProvider field)
|
|
2902
2902
|
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2903
2903
|
|
|
2904
2904
|
✓ src/services/__tests__/provider-resolution.integration.test.ts (6 tests) 4ms
|
|
2905
|
-
✓ src/
|
|
2905
|
+
✓ src/delegation/__tests__/cascading-revocation.test.ts (23 tests) 8ms
|
|
2906
|
+
✓ src/__tests__/runtime/proof-client-did.test.ts (17 tests) 10ms
|
|
2906
2907
|
✓ src/services/__tests__/oauth-provider-registry.test.ts (9 tests) 4ms
|
|
2907
|
-
|
|
2908
|
-
✓ src/delegation/__tests__/utils.test.ts (28 tests) 3ms
|
|
2909
|
-
✓ src/__tests__/runtime/audit-logger.test.ts (9 tests) 2ms
|
|
2910
|
-
✓ src/delegation/storage/__tests__/memory-statuslist-storage.test.ts (14 tests) 2ms
|
|
2911
|
-
✓ src/utils/__tests__/did-helpers.test.ts (11 tests) 2ms
|
|
2912
|
-
✓ src/delegation/__tests__/audience-validator.test.ts (5 tests) 1ms
|
|
2913
|
-
↓ src/__tests__/delegation-e2e.test.ts (14 tests | 14 skipped)
|
|
2914
|
-
✓ src/__tests__/index.test.ts (4 tests) 2ms
|
|
2915
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Caching Integration > should respect cache TTL
|
|
2908
|
+
stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Phase 1 tools (no oauthProvider) > should work with Phase 1 tools that don't specify oauthProvider
|
|
2916
2909
|
[ToolProtectionService] Config loaded from API {
|
|
2917
2910
|
source: 'api',
|
|
2918
|
-
toolCount:
|
|
2919
|
-
protectedTools: [],
|
|
2911
|
+
toolCount: 1,
|
|
2912
|
+
protectedTools: [ 'phase1_tool' ],
|
|
2920
2913
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2921
|
-
projectId: '
|
|
2922
|
-
cacheTtlMs:
|
|
2923
|
-
cacheExpiresAt: '2025-11-
|
|
2914
|
+
projectId: 'none',
|
|
2915
|
+
cacheTtlMs: 300000,
|
|
2916
|
+
cacheExpiresAt: '2025-11-25T08:32:28.251Z'
|
|
2924
2917
|
}
|
|
2925
2918
|
|
|
2926
|
-
stdout | src/__tests__/
|
|
2919
|
+
stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Old API endpoint format > should still support old endpoint format (tools array)
|
|
2927
2920
|
[ToolProtectionService] Config loaded from API {
|
|
2928
2921
|
source: 'api',
|
|
2929
|
-
toolCount:
|
|
2930
|
-
protectedTools: [ '
|
|
2922
|
+
toolCount: 1,
|
|
2923
|
+
protectedTools: [ 'old_tool' ],
|
|
2931
2924
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2932
|
-
projectId: '
|
|
2925
|
+
projectId: 'none',
|
|
2933
2926
|
cacheTtlMs: 300000,
|
|
2934
|
-
cacheExpiresAt: '2025-11-
|
|
2927
|
+
cacheExpiresAt: '2025-11-25T08:32:28.255Z'
|
|
2935
2928
|
}
|
|
2936
2929
|
|
|
2937
|
-
|
|
2938
|
-
[ToolProtectionService] API fetch failed, using fallback config {
|
|
2939
|
-
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2940
|
-
error: 'Failed to fetch bouncer config: 429 Too Many Requests - Rate limit exceeded'
|
|
2941
|
-
}
|
|
2942
|
-
|
|
2943
|
-
stdout | src/__tests__/services/agentshield-integration.test.ts > AgentShield Integration > Real-world Scenarios > should handle concurrent requests
|
|
2930
|
+
stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > Old API endpoint format > should still support old endpoint format (tools object)
|
|
2944
2931
|
[ToolProtectionService] Config loaded from API {
|
|
2945
2932
|
source: 'api',
|
|
2946
2933
|
toolCount: 1,
|
|
2947
|
-
protectedTools: [ '
|
|
2934
|
+
protectedTools: [ 'old_tool' ],
|
|
2948
2935
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2949
|
-
projectId: '
|
|
2936
|
+
projectId: 'none',
|
|
2950
2937
|
cacheTtlMs: 300000,
|
|
2951
|
-
cacheExpiresAt: '2025-11-
|
|
2938
|
+
cacheExpiresAt: '2025-11-25T08:32:28.255Z'
|
|
2952
2939
|
}
|
|
2940
|
+
|
|
2941
|
+
stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Backward Compatibility > snake_case field names > should still support snake_case field names
|
|
2953
2942
|
[ToolProtectionService] Config loaded from API {
|
|
2954
2943
|
source: 'api',
|
|
2955
2944
|
toolCount: 1,
|
|
2956
|
-
protectedTools: [ '
|
|
2945
|
+
protectedTools: [ 'tool_with_snake_case' ],
|
|
2957
2946
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2958
2947
|
projectId: 'test-project-123',
|
|
2959
2948
|
cacheTtlMs: 300000,
|
|
2960
|
-
cacheExpiresAt: '2025-11-
|
|
2949
|
+
cacheExpiresAt: '2025-11-25T08:32:28.256Z'
|
|
2961
2950
|
}
|
|
2951
|
+
|
|
2952
|
+
stderr | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > No Regressions > Phase 1 OAuth flow > should still work with Phase 1 OAuth flow (no oauthProvider)
|
|
2953
|
+
[ProviderResolver] Tool does not specify oauthProvider. Using project-configured provider "github" as fallback. Consider explicitly setting oauthProvider in tool protection config.
|
|
2954
|
+
|
|
2955
|
+
stdout | src/__tests__/regression/phase2-regression.test.ts > Phase 2 Regression Tests > Mixed Phase 1 and Phase 2 tools > should handle mix of Phase 1 and Phase 2 tools in same project
|
|
2962
2956
|
[ToolProtectionService] Config loaded from API {
|
|
2963
2957
|
source: 'api',
|
|
2964
|
-
toolCount:
|
|
2965
|
-
protectedTools: [ '
|
|
2958
|
+
toolCount: 2,
|
|
2959
|
+
protectedTools: [ 'phase1_tool', 'phase2_tool' ],
|
|
2966
2960
|
agentDid: 'did:key:z6MkhaXgBZDv...',
|
|
2967
2961
|
projectId: 'test-project-123',
|
|
2968
2962
|
cacheTtlMs: 300000,
|
|
2969
|
-
cacheExpiresAt: '2025-11-
|
|
2963
|
+
cacheExpiresAt: '2025-11-25T08:32:28.256Z'
|
|
2970
2964
|
}
|
|
2971
2965
|
|
|
2972
|
-
✓ src/__tests__/
|
|
2973
|
-
|
|
2966
|
+
✓ src/__tests__/regression/phase2-regression.test.ts (12 tests) 7ms
|
|
2967
|
+
✓ src/delegation/__tests__/utils.test.ts (28 tests) 10ms
|
|
2968
|
+
✓ src/__tests__/config/provider-runtime-config.test.ts (9 tests) 2ms
|
|
2969
|
+
✓ src/delegation/storage/__tests__/memory-statuslist-storage.test.ts (14 tests) 6ms
|
|
2970
|
+
✓ src/utils/__tests__/did-helpers.test.ts (11 tests) 2ms
|
|
2971
|
+
✓ src/delegation/__tests__/audience-validator.test.ts (5 tests) 1ms
|
|
2972
|
+
✓ src/__tests__/index.test.ts (4 tests) 2ms
|
|
2973
|
+
↓ src/__tests__/delegation-e2e.test.ts (14 tests | 14 skipped)
|
|
2974
2974
|
|
|
2975
2975
|
Test Files 43 passed | 1 skipped (44)
|
|
2976
2976
|
Tests 882 passed | 16 skipped (898)
|
|
2977
|
-
Start at
|
|
2978
|
-
Duration
|
|
2977
|
+
Start at 02:27:24
|
|
2978
|
+
Duration 4.25s (transform 4.85s, setup 0ms, collect 10.70s, tests 2.51s, environment 23ms, prepare 857ms)
|
|
2979
2979
|
|